Tag: fraud

There is no shortage of data in the healthcare industry. Unfortunately, more data doesn’t always mean better data – especially when it comes to patient information. A unique patient identifier (UPI) is a method for standardizing patient identification. Individuals are assigned a unique code, and that code, rather than a Social Security Number, name, or address, is what is used by healthcare organizations to identify and manage patient information. A standardized code like this not only protects sensitive health information but supports the exchange of data between healthcare organizations and states as it is a number and format easily read and recognized by all. While a UPI has yet to be nationally recognized and implemented, a foundation has certainly been made and the industry is perfectly poised to move forward. How a unique patient identifier is used in healthcare The UPI helps healthcare organizations link the right records together, preventing duplicate records from being created. There are many ways duplicate accounts or variances can occur: address differences, name variations, maiden names and even user entry error. With UPIs, providers and payers can link records together and have one complete record and view of the patient or member, ultimately leading to a better experience and increased patient safety. Without reliable records, patient safety takes a hit. Misidentification can contribute to incorrect treatments and adverse medication interactions that have had life-altering or fatal consequences. The UPI’s ability to achieve accurate record match rates for every patient and member also improves efficient, patient-centered care coordination, as well as population health management strategies, prescription drug monitoring programs (PDMPs), social determinants of health and more. It is important to note that the UPI is not a patient-facing number and is not known to the patient or provider. It does not collect or share any clinical claims or diagnostic information; its purpose is simply to link records together giving providers and payers a complete view of someone’s identity. The patient experience within a real network A healthcare organization’s ability to manage patient data is apparent from the beginning. An inadequate system can force patients to fill out forms they’ve already filled out multiple times or undergo duplicate tests as they travel between facilities. It can also confuse patients who have similar information, such as first and last names, during the identification process. In an ecosystem built around a strong healthcare network, these discrepancies can be avoided. Patients are given a unique identifier that remains consistent across every healthcare facility they visit, from physicians’ offices to hospitals, pharmacies, specialists, long-term care facilities, and more. All providers that patients visit know exactly who they are. And it isn’t just greater comfort and convenience that patients gain from a well-connected healthcare network. Managing patients and their data is vital for reducing medical errors. One Johns Hopkins study found that medical errors account for more than 250,000 deaths annually in the United States. Healthcare efficiency within a real network The challenge of managing patient data across the entire healthcare ecosystem isn’t new — interoperability has been a hot button issue for years now. While there are several master patient indexes that organizations can use to match patients with appropriate demographic data, these still include gaps, overlaps, and outdated patient information. These indexes can’t keep up with simple things such as name and address changes or data entry errors. Therefore, providers and payers who rely on them have trouble matching their patients and members accurately. A more effective solution involves combining these data sets to create complete identities and profiles, where every piece of new data is instantly updated and verified. For example, if a provider has a patient in their EHR twice under two spellings of the patient’s name in error, a UPI would link those two profiles, creating a singular view of the patient in that provider’s system. Similarly, a UPI can help facilitate interoperability between healthcare providers. For example, if a pharmacy has a patient listed under a maiden name but the doctor has that same patient under a married name, the prescription during the ePrescribing process might not get associated with the right profile. If both organizations have the UPI on record and submit it during the transaction, the systems will match the patient using the UPI. Every authorized care team member can immediately access the updated data related to a patient or member’s identity, which offers benefits far beyond treatment. For providers, this could mean increased collections. For payers, it could look like improved medication adherence. For example, ValleyCare Health System in northern California was struggling with hundreds of bills being returned each month because of wrong patient addresses. When the health system implemented an identity verification program, it decreased the amount of returned mail by 90 percent. The network effect in a nutshell Sorting through clinical data issues takes up a great deal of time. The administrative costs of healthcare account for nearly 8 percent of U.S. healthcare expenditures. By identifying patients through unique socioeconomic factors, healthcare organizations can more efficiently and accurately manage data and put it to good use. A healthcare network tied together by streamlined data management provides an environment where duplicate or inaccurate information is detected and corrected almost immediately. Both patients and members are accurately identified, and their data retains its quality at every stage of care. When combined with other patient engagement solutions, such as patient portals, data and identity management tools create the infrastructure needed for healthcare to truly become one cohesive, patient- and member-centric network. Unique patient identifiers in the news Until recently, the use of federal funds for the adoption of a national patient identifier (NPI) was prohibited. The ban has limited the Department of Health and Human Services (HHS) from interacting with healthcare organizations to develop and implement an NPI strategy. In the years since the funding ban put the brakes on a universal approach, many disparate software solutions have been created which don’t talk or share information with each other. Integrating these systems in an industry of this scale will take a concerted effort. The ban was lifted in July of 2020, giving HHS the ability to evaluate a full range of patient matching solutions and enable it to work with the private sector to identify a solution that is cost-effective, scalable, secure and one that protects patient privacy. Karly Rowe, Vice President, Patient Access, Identity, and Care Management Products at Experian Health believes that “private-sector entities have already developed the technological foundation for data interoperability through the creation of UPIs that are maintained in a master person index.” These solutions are vendor neutral, meaning data can flow freely between disparate electronic health systems, regardless of size or location. With federal funding back on the table, “UPIs could be adopted with government oversight of private sector offerings and the creation of national standards to ensure quality patient matching and identification.” At the end of 2019, Experian Health announced that every person in the United States (about 328 million Americans) had successfully been assigned a unique UPI, powered by Experian Health Universal Identity Manager (UIM) and NCPDP Standards™ (the “UPI”). Combining Experian’s expansive data assets and innovative UIM technology along with the unique ability NCPDP brings to share the UPI throughout the healthcare ecosystem using the NCPDP Telecommunication Standard and its SCRIPT Standard, each individual in the U.S. that has received medical care or utilized a pharmacy has been processed through the solution and assigned a UPI. As new patients enter the healthcare ecosystem, this number will continue to grow. Learn more about unique patient identifiers Having a single, unified and accurate view of patients and members is a challenge that plagues the healthcare system. Now, there is promise of a comprehensive solution that reduces the barriers to make healthcare safer. Interested in learning more about unique patient identifiers and how Experian Health can help?  

  When a doctor pulls up a patient’s record, it should be a safe assumption that the information on the screen relates to the patient sitting in front of them. It should contain every detail of the patient’s medical history, along with their current address and accurate personal information. It certainly shouldn’t contain anyone else’s data! Yet all too often, patient records are plagued with inaccuracies. Around 30% of patient data in electronic health records is incomplete or inaccurate, and up to half of records are not linked to the correct patient. The ONC estimates that around a fifth of patients may not be matched to their entire medical record within an organization, while more than a half of records shared between organizations contain errors. Despite all of modern medicine’s ground-breaking achievements and our increasingly digitized world, the ability to share information between different payers and providers in a reliable and secure way remains frustratingly out of reach. Could a universal patient identifier unlock interoperability? Imagine a healthcare ecosystem where administrators and clinicians can safely exchange information without worrying about whether it’s inaccurate, incomplete, or incompatible with each other’s systems. Interoperability could make life easier for healthcare staff and patients alike. While regulations such as the Affordable Care Act introduced many carrots and sticks to drive up adoption of electronic medical records to support interoperability, they also revealed a critical gap in healthcare: the need for a universal patient identifier (UPI). This is an identifier that would help manage patient identification across the whole healthcare ecosystem. A UPI would allow providers and payers to follow patients throughout all their major medical and life events and be sure that the information they hold for their member or patient is 100% accurate, current and complete. Instead, the absence of a UPI, compounded by the sheer volume and fluidity of patient data, has created significant issues downstream. Billing errors, unnecessary treatment and testing, HIPAA breaches, prescriptions filled for the wrong patients and many other issues all play a role in the growing number of preventable medical errors (estimated to be the third leading cause of death in the US). Striving for truly interoperable patient information should be a priority across the entire healthcare industry. Still, while federal funding for a UPI is currently being considered by Congress, we’re seeing more and more industry-led responses to help improve patient identity management. 5 benefits of using a universal patient identifier for interoperability Improve patient safety How can physicians be sure they’re recommending the right treatment for a patient, when there could be a vital piece of information missing from their medical history or allergy list? How can a pharmacist feel confident handing over a prescription, when there’s a chance the patient in front of them isn’t the same patient named on the script? A UPI can help avoid ‘wrong patient’ events and allow providers to share information to spot trends in recurring errors so that action can be taken to prevent them in future. Lower healthcare costs The West Health Institute found that that medical device interoperability could save the U.S. healthcare system more than $30 billion per year. For individual providers, UPIs could improve productivity by reducing the amount of time clinicians and hospital staff spend trying to sort out inaccurate records. And with nearly a third of claims denied as a result of patient misidentification, this could mean savings in the region of $17.4 million for the average hospital. A better patient experience Patients are right to be frustrated when their physician doesn’t have up-to-date records about them, or their provider sends appointment reminders to an old address. Expecting patients to fill out multiple forms (often multiple times) is inefficient and hardly contributes to a positive patient experience. A tool such as Universal Identity Manager can help providers exchange timely data, eliminate duplicate records and coordinate care, so the patient is supported throughout their healthcare journey. Stronger privacy Electronic records linked with a UPI allow healthcare organizations to phase out manual processes—which is not only more efficient, but also helps minimize the risk of patient data falling into the wrong hands. It’s much easier to keep the data secure when it’s contained in a single record, compared to multiple versions of a record filled with scribbled notes and random updates that could easily end up attached to the wrong record. Experian Health’s Precise ID gives healthcare organizations a HIPAA-compliant way to authenticate patients and reduce the risk of a data breach during enrollment. Better data to tackle the social determinants of health As consumer data opens up new opportunities to improve population health, a network of shared data will be essential for identifying trends in the social and economic factors that affect medical outcomes. Interoperable data sets and technologies can enhance the way public health data is collected and used, for better patient outcomes and population health. Interoperability currently remains a challenge, but the tools exist to improve the way information is shared and used across the healthcare ecosystem. By integrating clinical data into the patient access workflow, you can increase productivity, reduce costs, and ultimately improve the patient experience. Contact our team to find out how this could help your organization achieve more efficient, accurate and actionable data sharing.  

  Medical identity theft is a growing problem for the healthcare industry: nearly 15.1 million patient records were compromised in 2018, an increase of nearly 270% on the previous year. While providers are busy rolling out patient portals and electronic medical records to better serve consumers, criminals are sneaking through the cracks to steal patient data and profit from vulnerable health systems. The rapid rise in medical identity theft is partly explained by the fact that it goes undetected for much longer than other types of identity theft, giving criminals more time to use stolen personal information for financial gain. It’s also a lot more lucrative. Medical identities can be used to access treatment and drugs, make fraudulent benefits claims and even create fake IDs to buy and sell medical equipment. This can be devastating for victims, both emotionally and financially. Unlike credit card theft, where victims aren’t considered financially liable, 65% of people who fall prey to medical identity fraudsters are left with hospital bills running into the tens of thousands. The compromised medical record is tough to reconcile, jeopardizing future medical treatment. For providers, a data breach can mean significant reputational damage and loss of trust, and huge financial consequences – each breach costs an average of $2.2 million. But what’s most alarming for providers is that more than half of data breaches originate within the organization. Unfortunately, many providers lack sufficient security protocols and detection tools to safeguard the data they’re holding. The good news is that the tools exist to help you protect your patient data. What can healthcare providers learn from other industries about identity protection? Banking and financial services have pioneered identity protection over the last twenty years, and healthcare can learn a lot by looking at what’s worked in those industries. For consumers, using digital technology to pay your bills, book flights and buy pretty much anything is the norm, all with reassuringly quick fraud detection and resolution. Healthcare has been a little slower to embrace digitization in this way. Despite the opportunities, fears around security, privacy and inconveniencing patients have stalled efforts to transform outmoded processes. Drawing on two decades of innovations in other fields, fast-paced technological developments mean many of the early challenges around implementing safe and secure patient portals have been overcome. 6 strategies to keep patient data safe Here are six smart ways to ensure your organization has done everything possible to safeguard patient data.     Tell your patients how you’re keeping their data safe Patient trust is at the heart of a successful patient-provider relationship. Share the steps your organization is taking to secure patient information, so patients feel reassured and confident in using their portal. Data security should be a key strand in your patient engagement messaging.     Verify patient identities to protect access to medical records To avoid HIPAA violations, it’s critical to ensure you’re giving access to the right patient. Secure log-in monitoring and device intelligence can help you confirm that the person trying to log in is who they say they are. When something doesn’t add up, identity proofing questions can be triggered to provide an extra check. In an exciting new development, the healthcare industry is also starting to see the use of biometrics to supplement existing identity-proofing solutions. Just as you might use facial recognition to unlock your smartphone, there are now ways to authenticate your healthcare consumers’ identity using the same technology.     Automate patient portal enrollment You want your portal to be as secure as possible, but not at the expense of your patients’ time and effort. An automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.       Arm your organization with a multi-layered security strategy There is no silver bullet for protecting patient information—it will require various tools. A robust data security strategy will be multi-layered, including device recognition, identity proofing and fraud management.     Educate staff on security threats and warning signs Data breaches aren't all malicious – human error is a massive component, from mailing personal data to the wrong patients, to accidentally publishing data on public websites or leaving a laptop behind after getting off the subway. Training staff on the potential pitfalls will help them help you in protecting confidential patient information.     Develop a robust device strategy ‘Bring Your Own Device’ arrangements (BYOD) are convenient for staff and patients, but personal devices need to be secured when accessing patient information across the network. Make sure your teams, patients and visitors are aware of how to log-on securely to WiFi and follow best practice to keep data safe. In a climate of ‘doing more with less’, healthcare leaders are turning to other industries to find ways to boost quality of care and streamline operational efficiency. Automation, digitization and consumer-centric approaches make good business sense across the board, but they’re sensible investments for your data security strategy too. Investing in secure patient identities is a way to prevent painful and unnecessary losses down the line – and it’s what patients have come to expect. ⁠— Find out what more you could do to shore up your data security and prevent medical identity theft.

In a recent healthcare information technology survey, more than 40 percent of chief information officers identified patient matching as healthcare’s top IT concern. And though a quarter of the respondents admitted it wasn’t a current priority for their organizations, they did say that it very much should be. There’s no shortage of reasons why, but the most pressing is the need to reduce medical errors, which account for over 250,000 deaths in the United States every single year. Case in point: Seventeen percent of CIOs acknowledged that errors in matching data with the right medical identities have led directly to adverse outcomes for patients. The numbers speak for themselves: Healthcare organizations must find more effective ways to manage the data within their networks. That begins with building a robust medical database that not only hoses data, but also knows how to match it with the proper patients. How robust EMPIs streamline workflows An enterprise master patient index (EMPI) is a database that can help you clean up your data and eliminate duplicate and inaccurate records. It uses algorithms to match exact data elements among disparate records, as well as elements that fall within an acceptable range of possible compatibility. Using technology that can apply an algorithm of probabilistic and referential matching methodologies will allow healthcare organizations to expand beyond the limitations of conventional single methodology matching, as both probabilistic and referential matching techniques provide a higher degree of likeliness. The system assigns these data points to unique identities that follow patients throughout the organization. Any new data generated within the network is also attached to this identity, meaning physicians, specialists, pharmacists, and other members of the patient’s care team can access and update it as needed. EMPI support tools and unique patient identities are building blocks toward creating a healthcare ecosystem that’s truly interoperable. According to an April 2018 survey by Black Book, hospitals with an EMPI report “consistently correct patient identification at an overall average 93 percent of registrations and 85 percent of externally shared records among non-networked providers.” Unfortunately, not all healthcare systems possess the IT infrastructure to support these programs. And as long as some organizations fail to integrate similar platforms, providers won’t reap the benefits of industry-wide interoperability — and patients will continue to suffer. Whether it’s a frustrating billing mix-up, privacy breach, or a detrimental (or even fatal) misdiagnosis, many errors can be successfully prevented with an EMPI. Filling in the holes The goal of such a system should be to standardize data entry and access within each healthcare organization, as well as across the entire industry. Such a network could protect, govern, and match unique patient identities across every discipline and every aspect of their care continuum. But in order for the system to achieve these goals, you need to be sure you’re feeding it relevant, recent patient information. To ensure you have enough patient data to build an EMPI that accurately matches profiles, ask yourself these questions: 1. What kind of medical care have my patients received before this visit? When patients enter a new hospital, they’re given a brand-new identity, or patient number, that’s only relevant to that healthcare system. The identity you assign them within your own organization doesn’t provide any insight about what they’ve experienced before their current visit — and that’s the crux of the matter. When patient information is siloed within a specific system, you have no view of the patient’s medical history. But when it’s shared across systems and fed into a more dynamic and interoperable data management system, patients will ultimately receive better care. 2. Who are my patients when they’re not “patients”? It’s important to understand who patients are when they’re not in the hospital. Yes, they’re husbands and wives, mothers and fathers, brothers and sisters. But some could be physically fit, while others haven’t seen the inside of a gym in years. Some might get regular checkups, but others cannot afford to see a physician regularly. All of these traits factor into your patients’ identities. With a comprehensive EMPI, you can tie them together to understand the environmental and socioeconomic factors that influence your patients’ health. You can then identify what social determinants of health need to be addressed or could potentially influence the efficacy of certain treatments. 3. Can we identify patients without a picture ID? Biometrics such as fingerprints and iris scans are more secure forms of identification than a photo ID. They’ll not only make it easier to identify patients, but will also offer heightened security against fraud. That being said, even biometric identification isn’t 100 percent secure unless it’s part of a database, such as the EMPI, that accurately matches patient identities with relevant medical data. Accepting that the healthcare industry needs better data management and patient-matching strategies is the first step to realizing those goals. EMPIs have shown organizations the value in universal patient identities. Now, they simply need comprehensive databases that are robust enough to keep patient identities consistent across the entire healthcare ecosystem.

Healthcare has always been driven by data, and today, providers have access to an unprecedented amount from a wide variety of sources. While this influx could be a blessing to the healthcare industry as a whole, it also poses a number of challenges, particularly when it comes to patient identity management. With a soaring volume of patient information coming in from numerous sources, identity errors become increasingly more likely, as well as the potential consequence of fatal mistakes. Keeping this in mind, the importance of effective identity management cannot be overstated. Every year, an estimated 195,000 people die due to medical mistakes. More than half of those deaths – 10 out of every 17 – are the result of identity management errors, such as duplicate records and mistaken patient identities. While current healthcare IT solutions attempt to tackle these discrepancies, they only succeed in identifying about 10 percent of all duplicate records. Consequently, patients often undergo repeated tests or receive incorrect treatment or medication that can result in adverse effects to their health. Also, there is limited coordination of patient data throughout the healthcare ecosystem. The main culprit of this is the lack of secure data transfers that compromise patient records and identity. This raises the question: How can healthcare organizations better manage the massive amounts of data related to each patient’s medical identity? Luckily, such issues can be improved with Experian Health’s Universal Identity Manager (UIM), which creates a single identity for individual patients across multiple disparate healthcare databases. Upgrade your identity management system The ability to share patient information across multiple healthcare organizations with different care management programs is at the core of optimizing overall patient care. Properly utilizing patient and population health data can dramatically improve an organization’s efficiency, raise its quality of care, and lower its readmissions rate. For patient data to be useful, however, providers require a robust infrastructure that allows for secure, precise, and accurate storage of patient data. The same framework should be able to assign patients unique identities across the entire network. In turn, a single, universal patient identity system allows for better analytical insights and more effective care personalization. This kind of management system also allows an organization to add relevant data to a patient’s medical profile faster and more accurately, creating an improved dynamic database that can develop personalized patient engagement and care plans. How Experian Health’s universal identity management software helps Administrative slip-ups in healthcare can have drastic consequences for a patient’s health and wellbeing. Eliminating these inaccuracies is the main goal of Experian Health’s UIM solution. Experian Health has the benefit of leveraging data assets available to us from being part of broader Experian. As a result, the identity management software generates and assigns a unique identifier to each patient that remains consistent across various healthcare systems, such as hospitals, therapeutic facilities, pharmacies, and healthcare payers. Drawing on decades of experience in identity management, Experian Health's multi-matching methodology approach eliminates duplicate and erroneous data through comprehensive search and alert processes. It provides a high degree of likeliness because it expands beyond the limitations of the conventional single-matching methodology that most health systems use today. Even records created on disparate healthcare systems can be automatically analyzed and assigned to the appropriate patient identity. In addition to eliminating discrepancies that could affect the quality of patient care, universal identity management also reduces medical and billing errors, ultimately minimizing an organization's risk of fraud. The solution also works in tandem with Experian Health’s suite of patient engagement and transparency tools, including its Patient Self-Service portal, to further optimize an organization’s ability to deliver personalized, high-quality care. Unique patient identifiers are critical for healthcare organizations to reduce the risks of inaccurate and duplicate records that lead to errors and low-quality care. Combined with Experian Health's suite of patient engagement and price transparency tools, its identity management software is a leap toward making efficient and reliable interoperability more possible across the healthcare ecosystem.

Experian Health was honored to host Frank Abagnale, one of the world’s foremost experts on identity theft, forgery, and embezzlement, during our #JointheConversation radio show at HIMSS17. You’ll know Frank from the great movie and book, Catch Me if You Can.  Frank has been a consultant to the FBI for over 41 years. He also developed a fraud detection technology called the 41st Parameter that Experian purchased in 2013 and it now operates in 80 countries around the world. Frank was honored to be selected by HIMSS this year to lead a presentation called “Stealing Your Life” where he focused on identity theft in healthcare and represented Experian Health to discuss this topic. His presentation focused on the significance of fraud in today's healthcare world; illustrating the enormity of identity theft crimes and how they affect an individual's life in many areas including health insurance, credit, income taxes including refunds, banking, just to name a few. Hear Frank’s assessment of healthcare’s susceptibility to breaches, the current state of cybersecurity, privacy and identity theft, as well as helpful strategies to personally avoid becoming a victim of identity theft. Listen to the complete podcast Learn about our Identity Management solutions

Frank Abagnale will present “Stealing Your Life” at HIMSS17 on Monday, Feb. 20, 2017 from 3pm – 4pm.   Session #58.  Location:  Room 320  at the Orange County Convention Center Frank Abagnale is one of the world’s most respected authorities on forgery, fraud, embezzlement, and secure documents. For over 40 years he has worked with, advised, and consulted with hundreds of financial institutions, corporations and government agencies around the world. Mr. Abagnale’s rare blend of knowledge and expertise began more than 50 years ago when he was known as one of the world’s most famous con men. Mr. Abagnale will bring his audience up-to-date with all aspects of identity theft, data breaches, medical identity theft and the means used to obtain peoples identities. He will discuss the importance of identity management healthcare organizations. After the presentation, Mr. Abagnale will be in the Experian Health booth #3503 to meet and greet HIMSS attendees.  We invite you come by our booth to meet Mr. Abagnale!  Click here for more information on the presentation.

Most Defendants Charged and Largest Alleged Loss Amount in Strike Force History 6/22/16 Attorney General Loretta E. Lynch and Department of Health and Human Services (HHS) Secretary Sylvia Mathews Burwell announced today an unprecedented nationwide sweep led by the Medicare Fraud Strike Force in 36 federal districts, resulting in criminal and civil charges against 301 individuals, including 61 doctors, nurses and other licensed medical professionals, for their alleged participation in health care fraud schemes involving approximately $900 million in false billings. Twenty-three state Medicaid Fraud Control Units also participated in today’s arrests. In addition, the HHS Centers for Medicare & Medicaid Services (CMS) is suspending payment to a number of providers using its suspension authority provided in the Affordable Care Act. This coordinated takedown is the largest in history, both in terms of the number of defendants charged and loss amount. Attorney General Lynch and Secretary Burwell were joined in the announcement by Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, FBI Associate Deputy Director David Bowdich, Inspector General Daniel Levinson of the HHS Office of Inspector General (OIG), Acting Director Dermot O’Reilly of the Defense Criminal Investigative Service (DCIS), and Deputy Administrator and Director of CMS Center for Program Integrity Shantanu Agrawal M.D. The defendants announced today are charged with various health care fraud-related crimes, including conspiracy to commit health care fraud, violations of the anti-kickback statutes, money laundering and aggravated identity theft. The charges are based on a variety of alleged fraud schemes involving various medical treatments and services, including home health care, psychotherapy, physical and occupational therapy, durable medical equipment (DME) and prescription drugs. More than 60 of the defendants arrested are charged with fraud related to the Medicare prescription drug benefit program known as Part D, which is the fastest-growing component of the Medicare program overall. “As this takedown should make clear, health care fraud is not an abstract violation or benign offense – It is a serious crime,” said Attorney General Lynch. “The wrongdoers that we pursue in these operations seek to use public funds for private enrichment. They target real people – many of them in need of significant medical care. They promise effective cures and therapies, but they provide none. Above all, they abuse basic bonds of trust – between doctor and patient; between pharmacist and doctor; between taxpayer and government – and pervert them to their own ends. The Department of Justice is determined to continue working to ensure that the American people know that their health care system works for them – and them alone.” “Millions of seniors depend on Medicare for essential health coverage, and our action shows that this administration remains committed to cracking down on individuals who try to defraud the program,” said Secretary Burwell. “We are continuing to put new tools and additional resources to work, including $350 million from the Affordable Care Act, for health care fraud prevention and enforcement efforts. Thanks to the hard work of the Medicare Fraud Strike Force, we are making progress in addressing and deterring fraud and delivering results to help ensure Medicare remains strong for years to come.” According to court documents, the defendants allegedly participated in schemes to submit claims to Medicare and Medicaid for treatments that were medically unnecessary and often never provided. In many cases, patient recruiters, Medicare beneficiaries and other co-conspirators were allegedly paid cash kickbacks in return for supplying beneficiary information to providers, so that the providers could then submit fraudulent bills to Medicare for services that were medically unnecessary or never performed. Collectively, the doctors, nurses, licensed medical professionals, health care company owners and others charged are accused of submitting a total of approximately $900 million in fraudulent billing. “The Medicare Fraud Strike Force is a model of 21st-Century data-driven law enforcement, and it has had a remarkable impact on health care fraud across the country,” said Assistant Attorney General Caldwell. “As the cases announced today demonstrate, the Strike Force’s strategic approach keeps us a step ahead of emerging fraud trends, including drug diversion, and fraud involving compounded medications and hospice care.” “These criminals target the most vulnerable in our society by taking money away from the care of the elderly, children and disabled,” said Associate Deputy Director Bowdich. “The FBI is committed to working with our partners and the public to stop fraud and ensure that healthcare dollars are used to help the sick, and not line the pockets of criminals.” “While it is impossible to accurately pinpoint the true cost of fraud in federal health care programs, fraud is a significant threat to the programs’ stability and endangers access to health care services for millions of Americans,” said Inspector General Levinson. “As members of the joint Strike Force, OIG will continue to play a vital role in tracking down these criminals and seeing that justice is done.” “DCIS, in partnership with our fellow federal investigative agencies, will continue to uncompromisingly investigate and bring to justice the people who perpetrate these criminal acts,” said Acting Director O’Reilly. “Their actions threaten to cripple our vital national health care industry, and place our citizenry at risk. We will remain vigilant.” “Taxpayers and Congress provided CMS with resources to adopt powerful monitoring systems that fight fraud, safeguard program dollars, and protect Medicare and Medicaid,” said Deputy Administrator and Center for Program Integrity Director Agrawal. “The diligent use of innovative data analytic systems has contributed or led directly to many of the law enforcement cases presented here today. CMS is committed to its collaboration with these agencies to keep federally-funded health care programs safe and strong for all Americans.” The Medicare Fraud Strike Force operations are part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The Medicare Fraud Strike Force operates in nine locations and since its inception in March 2007 has charged over 2,900 defendants who collectively have falsely billed the Medicare program for over $8.9 billion. Including today’s enforcement actions, nearly 1,200 individuals have been charged in national takedown operations, which have involved more than $3.4 billion in fraudulent billings. Today’s announcement marks the second time that districts outside of Strike Force locations participated in a national takedown, and they accounted for 82 defendants charged in this takedown. Source: www.justice.gov

The evolution from paper to online medical records is an opportunity to engage patients more fully in their care while making healthcare organizations more efficient. However, while patients enjoy the convenience of self-service access to all of their medical information, the portals offer cybercriminals a one-stop-shop for identity theft as well. According to Identity Theft Resource Center in San Diego, medical identity theft is the fastest growing type of identity theft, increasing at 32% annually. In fact, healthcare-related data breaches are already 10 times more frequent than data breaches in the financial services sector. And unlike stolen credit card information, which is often detected within a few transactions, medical identity theft often goes undetected for over a year. The comprehensive data contained in patient portals is especially lucrative to fraudsters, demanding a premium price in the underground market. While a stolen credit card number may sell for a dollar, a full set of medical records can command hundreds of dollars. The breadth of data within a patient portal offers fraudsters multiple opportunities to “cash in.” Compounding the problem is the level of detail presented on patient portals, often including unmasked insurance IDs, full images of patients’ insurance cards, problem lists, prescription histories. Stolen medical identities are used by criminals in two ways: obtaining medical care under the victim’s identity and using the identities to fraudulently bill for services or durable goods, which were never delivered. Problem lists, which are a mandated component of patient portals, are particularly useful to criminals, because they allow classification of each victim by the type of fraud which their identity could support. The problem lists typically use standard terminology, which makes them particularly useful for classification purposes. Using malicious software, criminals can search the lists for “key words” describing conditions that demand specific types of services or durable goods. This targeted approach would make fraud more personalized to the victim’s profile and harder to detect. Most patient portals use simple password protection, which can be easily captured by key-logging malware. This type of malware lays dormant on the victim’s machine, waiting for the victim to log into a patient portal site. When the patient logs in, the malware wakes up and captures the victim’s username and password. Using the stolen credentials, the criminals can get into the site, and once in can collect extensive information about the victim. Medical identity theft has severe consequences for both patients and providers. Patients are faced with the financial costs of covering fraudulent bills and medical costs stemming from treatment of other individuals. Comingling of the victim’s and the criminal’s medical records can also put the patient in life-threatening situations if treated or diagnosed incorrectly. Providers face steep financial costs from retribution payments and HIPAA violation fees up to $1.5M per violation, however arguably the most significant consequence they face is damage to reputation. Complicating matters is the fact that security measures cannot be so onerous that they dampen consumer adoption. Towards that end, use of covert technologies to analyze the identities and devices enrolling into a patient portal or logging in to it can increase security without impacting user experience. Precise ID® with FraudNet for healthcare portals provides healthcare organizations with a way to confidently authenticate patients and reduce risk during enrollment and ongoing access to healthcare portals. It does so in a streamlined manner without burdening patients with increased wait times and complexities. Together, these solutions identify fraud, authenticate patients and validate devices – all in a single platform. To learn more, view Experian Health’s complimentary on-demand webinar, “The Hidden Risks of Healthcare Portals,” or download the new white paper, “The Pitfalls of Healthcare Portals,” where we outline why your portal may be more vulnerable than you think.