• No results found

Prevention is Better than Cure: Protect Your Medical Identity

N/A
N/A
Protected

Academic year: 2021

Share "Prevention is Better than Cure: Protect Your Medical Identity"

Copied!
32
0
0

Loading.... (view fulltext now)

Full text

(1)

Prevention is Better than Cure: Protect Your Medical Identity

Center for Program Integrity

Centers for Medicare & Medicaid Services

Shantanu Agrawal, MD, MPhil

Medical Director

(2)

Center for Program Integrity Mission and Vision

The central purpose and role of the Center for Program Integrity is to ensure that correct payments are made to legitimate

providers for covered appropriate and reasonable services for eligible beneficiaries of the Medicare and Medicaid programs.

Mission

Over its first three years, the Center for Program Integrity has become an organization within CMS that uses state-of-the-art methods to prevent and detect fraud and to reduce waste, abuse, and other improper payments under the Medicare and

Vision

(3)

Billing for services or supplies that were not provided

Program Integrity encompasses a range of activities to target the causes of improper and fraudulent payments:

Intentional Deception Bending the

rules Inefficiencies

Mistakes

Range of Program Integrity activities

Examples: incorrect coding

Medically unnecessary service

Improper billing practice (e.g., up-coding)

Error Waste Abuse Fraud

(4)

Definition of medical identity theft

Medical identity theft is the appropriation or misuse of a patient’s or physician’s unique medical identifying

information to obtain or bill public or private payers for fraudulent medical goods or services

• Physicians/providers: National Provider Identifier (NPI), Tax Identification Number (TIN), medical licensure

• Patients: Health Insurance Claim Number (HICN),

insurance ID card

(5)

Scope of the issue

• Both FTC and HHS/CMS track cases of medical identity theft of providers and patients

• Latest FTC data shows that over 3,600 physician and patient cases were reported in 2009 – with over 12,000 cases between 2007-2009

• Much medical identity theft may go un- or under-

reported: 32% of thefts were discovered over 1 year

after they occurred

(6)

CMS/CPI Compromised Numbers Database

Currently, CMS is aware of:

• 5,000 compromised Medicare provider

numbers (Parts A/B/D)

• 284,000 compromised beneficiary numbers

We are working to improve risk stratification and

categorization of numbers as victim or perpetrator

• Proactive data analysis by CPI and contractors

• Beneficiaries complaints of suspect billing on Medicare Summary Notices

• Physician complaints, such as from utilization reports

• Interviews of physicians, suppliers, and beneficiaries

• Law enforcement investigations

• Reporting from other CMS programs

(7)

Geographic distribution of compromised

physician identifiers

(8)

How stolen physician identities are used

• Fraudster bills directly for

services in the physician’s name

• As if the services are being

rendered/performed by the victim, including oversight of MLPs

• Examples: billings include professional services or E&M

• Results in financial harm to the physician and potentially

generates overpayments

• Physician’s information used to order or refer for services

• Examples: laboratory analyses, diagnostic testing, durable

medical equipment

• Fraudster bills for services by

appropriating the stolen identity to authorize payment of a claim

• This approach is difficult to

detect; does not generally lead to financial harm to the physician

Performing Ordering/Referring

(9)

Consequences beyond healthcare dollars

Physicians

• Impacts all utilization reviews such as comparative billing reports, quality measurement and reporting

• Financial or tax liabilities from fraudulent billing

• Accountability for care or services they did not provide

Patients

• Increases in co-pays or insurance costs

• Inability to get coverage or services which duplicate fraudulent billing

• Safety may be placed at risk through alteration of the

medical record

(10)

Major categories of risk for physician medical identity theft

• Based on cases and fraud investigations, the

leading risk factor is complicity in fraud schemes, especially when the scheme expands or the

physician attempts to leave it

• ―Structural factors‖ impacting all physicians

• Individual choices about the use and dispersion of

medical identifiers

(11)

Risks: examples of structural factors

Culture of transparency

Public

availability

Convenience items

Standard processes

(12)

Risks: purposeful dispersion

• Number and complexity of individuals and

organizations to whom physicians make their unique identifiers available

• Examples: physicians working with multiple

organizations, reassignment of medical identities to a larger group for billing purposes, divulging identifiers to staff, having mid-level providers bill in their names

• Purposeful distribution of information is often the

biggest determinant of an identity being compromised

(13)

Physicians too frequently allow identity misuse by others

• Physicians are often asked to certify the medical necessity of services or supplies billed by another supplier or provider

• Physicians too often fail to assess medical necessity and simply certify documents – allowing fraudulent or abusive billing

• This can even be done retrospectively

• Contributing factors: poor compliance strategies, paperwork burden, desire to please patients, conflict avoidance, perceived lack of harm

• Physicians can be held liable for these actions even without

evidence of other fraud (e.g., kickbacks)

(14)

Examples of common issues

• Signing referrals without knowledge of who the beneficiary is

• Signing certifications for known beneficiaries but without medical necessity for services or supplies

• Signing certifications despite the physician’s own documentation disputing medical necessity

• Signing certifications for services or supplies beyond what is medically necessary or what will benefit the patient

• Signing blank referral forms

• Signing requests for the same services or supplies sent to

numerous physicians

(15)

Beneficiary Risk Factors

Card sharing is a common beneficiary medical identity theft risk factor

• 26% of surveyed respondents admitted sharing their medical identifiers

• Respondents were most likely to share with family members

• Cards were shared because family members had

no insurance or could not afford needed treatment

(16)

Risk mitigation education: control of medical identifiers

• Greater control through cultural change around the dispersion of medical identifiers and awareness of personal choice

• Avoid giving medical identifiers to potential employers or organizations before appropriate due diligence

• Train staff on appropriate use and distribution of identifiers including when not to distribute

• Control prescription pads and other documents

• IT security

(17)

Risk mitigation education: collaboration with payers and patients

• Work with payers and patients, who have interests aligned with you

• Update payers on any material enrollment change including changes in practice locations, especially when opening, closing, or moving practice locations

• For Medicare, periodically the Provider Enrollment, Chain, and Ownership System (PECOS) record

• Educate patients, leverage Explanation of Benefits

statements (Medicare Summary Notice), gain input

(18)

Risk mitigation education: compliance

• Strengthen compliance activities to minimize risk and improve overall program integrity

• Be aware of billings and revenues, particularly by organizations to which your have reassigned your billing privileges

• Monitor mid-level provider activities and charting

• Report fraud: inform public/private payers and the FTC, file a police report, place a fraud alert on credit reports

• Hotlines: 1-800-Medicare, 1-800-HHS-TIPS

(19)

Identity theft legislative responses

• Legislation has provided legal mechanisms for ensuring the privacy and security of medical identity and protected health information

• Health Insurance Portability and Accountability Act of 1996 (HIPAA): created transactional security requirements for the exchange of certain health information and regulated its

disclosure

• Health Information Technology for Economic and Clinical Health Act (HITECH): expanded HIPAA by requiring

notification of victims of data breaches of unsecured

protected health information held by HIPAA-covered entities

and vendors of personal health records

(20)

National Fraud Prevention Program facilitates identity theft prevention and detection

Provider Screening (Enrollment) Predictive

Analytics

(Claims)

(21)

Provider screening

Provider Screening (Enrollment) Predictive

Analytics (Claims)

Two major components of provider screening

• Automated Provider Screening

• PECOS enhancements

Overall goals

• Facilitate entry of good actors

• Prevent entry and removal of

bad actors

(22)

Historical Enrollment Screening Issues

Fraudulent Providers and Suppliers have exploited the Medicare enrollment system

• Able to register with stolen medical identities

• Able to register phony addresses

• Able to re-enter after being revoked

• Able to stay in the local systems without being in the

national system

(23)

Automated Provider Screening

CPI launched the Automated Provider Screening (APS) system on December 31, 2011

APS functions:

• Validate data received from providers on enrollment applications against referential data

• Continuously monitor enrollment data for changes in status

• Identify applications of providers that pose an elevated risk based on specific indicators

• Assign a risk score to each provider that integrates with the

Fraud Prevention System

(24)

Examples of APS Data Checks

• Identity verification conducted on Health Care Organization and Commercial data for both individuals and organizations

• Licensure/Accreditation checks for individual providers

• Criminal history for both individuals and organizations

• Sanction status and history for both individuals and organizations

• NPI deactivation status

• Death

• Address verification and Geospatial markers

(25)

We Are Focused On Making Improvements to Enrollment

Legitimate providers and suppliers are seeing major improvements in the Medicare Enrollment System

• Process faster: anticipate 2/3 reduction in time

• Process user-friendly: on-line enrollment

• Process reliable: all enrollees in same system, all

information up to date

(26)

Enhanced enrollment will provide information for use far beyond CPI

• Verify provider and supplier identity

• Verify specialty, expertise, and credentialing

• Verify specific location(s) of practice

• Verify relationships between providers, beneficiaries, and related entities

• Improved security for CMS systems (Medicare and Medicaid)

• Measurement of micro- and macro- patterns of beneficiary care and healthcare utilization

• Applications: quality reporting and measurement,

accountable care,

understanding episodes of

care, telemedicine

(27)

Process changes to prevent ID theft and protect provider enrollments

• MACs have been instructed to contact the provider in the original enrollment record prior to adding a new PTAN to the enrollment

• Greater care is being taken to revoke only illegitimate PTANs, allowing providers to continue billing through legitimate PTANs

• Provider revalidation will close vulnerable or misused PTANS (e.g., locum tenens billing)

• Remote identity proofing for online PECOS access and

provider notification about changes

(28)

Proactive detection of ID theft

Provider Screening (Enrollment) Predictive

Analytics (Claims)

• Identity theft analytics have been incorporated into our predictive modeling system (FPS)

• Beneficiary complaints are being leveraged regularly for analytics and risk assessment

• Working on other models which can identify potential ID theft cases for investigation and

possible incorporation into FPS

(29)

Remediation process for victims

CPI has developed a new process to determine and validate whether a provider has been the victim of identity theft and to absolve related debts

1. Each Zone Program Integrity Contractor (ZPIC) has named a point of contact to work with provider victims

2. The ZPIC will investigate and develop a case on the provider

3. The ZPIC will forward the case to CMS/CPI for a decision on whether the overpayment should be waived

4. If CPI is able to determine that ID theft occurred, associated debt will be recalled from the MAC

5. If CPI is unable to determine that ID theft

occurred, the ZPIC shall advise the provider that the appeals process may be used as an

(30)

Report It!

Victims of medical identity theft should report it to:

• Local law enforcement service

• State Medicaid agency (SMA) where you practice

• FTC

• HHS-OIG

• Health and Human Services regional office

(31)

Contacts

• SMA—Visit

https://www.cms.gov/FraudAbuseforConsumers/Downloads/smafraudcontacts.pdf on the CMS website. Click on the state where you practice for the appropriate contact information, and then notify the agency.

• FTC—Contact the FTC’s Identity Theft Hotline to report misuse of your personal information

Phone: 1-877-438-4338 (1-877-ID-THEFT) TTY #: 1-866-653-4261

Website: http://www.ftc.gov/bcp/edu/microsites/idtheft/

• HHS-OIG Hotline and report suspected fraud:

Phone: 1-800-447-8477 (1-800-HHS-TIPS) TTY #: 1-800-377-4950

Fax #: 1-800-223-8164

E-mail: HHSTips@oig.hhs.gov

Website: http://oig.hhs.gov/fraud/report-fraud/index.asp

(32)

Shantanu Agrawal, MD, MPhil Medical Director

Center for Program Integrity

Centers for Medicare and Medicaid Services

shantanu.agrawal@cms.hhs.gov

Questions and discussion

References

Related documents

The Centers for Medicare & Medicaid Services (CMS) denied the request of Kearney Regional Medical Center, LLC (Petitioner) to participate in the Medicare program as a

“Nietzsche on Cruelty, Asceticism, and the Future of Hedonism.” In Nietzsche, Genealogy, Morality: Essays on Nietzsche’s On the Genealogy of Morals, ed. Berkeley, CA: University

As in web cascading style sheets, whose goal is to separate the concern of layout, OSS encapsulate and separate the parallelization concern from the core program: sequential

From “EHR Incentive Program Final Rule: Medicaid Provisions Presented” by Jessica Kahn and Michelle Mills Centers for Medicare & Medicaid Services Center for Medicaid, CHIP,

None provided Savings of $2.9 billion bundled into score of Enhanced Medicare and Medicaid Program Integrity Provisions in § 6402.. Increases funding of Medicare Integrity

Objective: The aim of the study was to estimate the prevalence of squint, types and treatment characteristics in the studied adults in Hail city, Saudi

The CMS review team also observed that although the hospital, pharmacy and out-of-state provider enrollment applications capture criminal conviction information for providers,

These practices include the use of a Special Projects Unit to screen high-risk providers, effective controls on one-time and inactive providers, and frequent and regular