Medical Business Associates, Inc. Patient Hotline: 877-MBA-UWIN (877-622-8946)
Training Institute
We Understand How Information and Money Move In Healthcare

Archive for the ‘Electronic Health Records’ Category

Attention Employers: Medical Identity Theft Concerns You, Your Bottom Line, and the Health of Your Employees!

Friday, April 6th, 2012

Opportunity for crime comes in many forms, from an open window for a burglar to a victim’s lack of information to avoid a fraudster.  At one point or another, many of us have fallen victim to a theft or have even just lost a wallet, but something that doesn’t often come to the forefront of our minds is protecting our medical identity in such a situation.

A patient in South Carolina, an ex-marine in good health, lost his wallet when he left boot camp back in 2005.  He went back home to California.  Over a year later he received a call from his mother informing him that he was the lead suspect in a string of auto thefts in South Carolina!  The man who found his wallet used his military ID and driver’s license to test-drive cars that he would never return to the dealership – grand-theft auto in our patient’s name.

This in itself is a tough resolution, but what’s even worse is that this man’s problems weren’t over; they also included medical identity theft.

The man who found his wallet and test drove those cars also racked up a $20,000 medical bill treating kidney stones and an injured wrist.  The ex-marine never thought to call and inform his insurance carrier, so he was on the hook for those bills.  He was hounded by collection agencies and the government even withheld his tax return!  These issues were finally resolved, but it took over a year of appeals, phone calls, withheld income, and finally the intervention of the US Secret Service to pinpoint the man who stole his identity – Arthur Watts. Not all of us would be afforded that luxury (the Secret Service was brought in by the US attorney’s office to help in this investigation).

When someone loses a credit card, the process is simple:  call your credit card company and notify them.  Any reputable company will refund your money – they investigate the claim, and within about a week you will have a resolution that will cost no more than $50 by law, and often nothing at all.  When someone loses their healthcare benefits card in that same wallet, there is no course of action that takes place regarding the benefit card, and most people don’t realize something is wrong until they start getting collection calls or run a credit report months or even years later.

This doesn’t just happen one victim at a time when wallets are lost either.  The implementation of Electronic Health Records in hospitals and doctors’ offices increases the scale of these problems.  The wrong person gaining access to the system can mean tens, hundreds, or even thousands of Social Security numbers and benefit profiles at risk.  Lax technological security is another issue with this type of information.  Earlier this month, BlueCross-BlueShield of Tennessee agreed to pay $1.5 million for a 2009 breach in which over 50 hard drives holding over 1 million patient profiles were stolen.[1]

This is a dangerous lapse by BCBS, who is entrusted by its patients to guard their most personal and valuable information, including names, SSN’s, and policy numbers.  It was an inside job that could happen again. This tells us two things: a person’s medical identity is a coveted asset in fraud, and there is significant opportunity due to the lack of detection and prevention.

The reality is that healthcare fraud occurs at a lower instance rate than credit card fraud, but with higher dollar amounts per instance.  This translates into less public awareness and education on the risks, and much more financial risk and discomfort for those afflicted by medical identity theft. The laws protecting medical identity theft are not the same as those protecting victims of credit card theft – it is harder to recover the money, it takes longer, and the money might not be totally recoverable.  Possibly the most devastating implication of medical identity theft, though, is the impact it can have on your medical record.

The changes to a medical record can impact insurance coverage and treatment by providers.  A legitimate healthcare claim for an emergency surgery can turn into a nightmare when it is denied by a carrier because the patient has “reached the maximum on benefits” thanks to this undetected fraud.  Even more difficult to resolve is being denied benefits, or even being dropped from coverage, all due to a medical condition that you don’t have, yet someone else has reported under your name.

Electronic medical records can be amended, but it’s much more work to have things deleted, because of the implications your medical condition has on insurance coverage and pricing.

This begs the attention of employers in protecting their employees.  Carriers need to dutifully encrypt information and protect their customers.  And, most importantly, patients must educate themselves and advocate for their own well-being. The Federal Trade Commission [FTC] agrees (

  • Read your EOB’s and know what you are being charged for
    • Check the name of your provider, date of service, & service provided
    • Discrepancy? – call your healthcare provider
  • Review a copy of each credit report – annually verify the integrity of ALL information listed
  • Patient tracking of personal health and ideally annual comparison to medical records provided by insurance carrier

The next steps to take if fraud is suspected include filing a complaint with the FTC and a report with local police, exercising HIPAA patient rights and correcting any errors on your medical record, and activating a fraud alert and security (credit) freeze with the individual credit agencies (Experian, Equifax, Transunion).

Are Digital Computers the Doctors of the Future? Elementary My Dear (Dr.) Watson

Saturday, February 19th, 2011

IBM made a splash this week introducing the first computer competitor in the hit game show Jeopardy. Watson, as “he” is so affectionately called, won the battle Man vs. Machine besting champions Ken Jennings (highest Jeopardy earner) and Brad Rutten (highest amount for a single game). While Watson certainly provided much entertainment value (answering the same wrong as Jennings in one round and other slight glitches) there are higher implications for this robot.

How can IBM harness this power and intelligence to benefit the health community?  A collaboration is under way between Watson’s creators at IBM and experts at the University of Maryland’s School of Medicine.

According to Dr. Siegel, director of the Maryland Imaging Research Technologies Lab at the University of Maryland School of Medicine in Baltimore, Watson, “has incredible potential to revolutionize how we interact with medical records; to be a really valuable assistant to me; to read all the literature pertinent to my practice … to always be at my side and help suggest problems, things in the medical records I need to know about; to suggest diagnoses and treatment options I may not have considered.”

Are you ready for a Dr. Watson in your next operating room? I wonder what his bedside manner will be like.

Click here to read the full article.

Top 10 Hospital Stories of 2010

Tuesday, September 14th, 2010

Becker’s Hospital Review recently posted their collection of the top 10 hospital stories of 2010. Many of the topics reflect the major hospital stories of 2010 – a few really delve into the growing problems and concerns for hospitals that are not necessarily on the forefront of discussion.

Here are the top 10 terms/stories for 2010:

1. Healthcare reform
The term “Healthcare reform” was everywhere this year. People are still scratching their heads wondering exactly what that means. 2011 will be a big year along with the next 4 years to see whether healthcare reform will hold up to its hype.

2. Integrating healthcare delivery

3. RACS get rolling

With RACs in full swing, hospitals are developing ways to ensure they meet standards. In the first quarter of 2010, RACs denied a total of $2.47 million in Medicare claims, according to the AHA’s RACTrac Survey of 653 hospitals. In 2011, it will be increasingly important for hospitals to be aware of these audits.

4. For-profits buy up hospitals

5. Ban on physician-owned hospitals

6. Physician fee cuts
With Medicare fees cut by over 20%, some physicians are losing faith in the system. What will this mean for the future of Medicare and physicians and hospitals accepting Medicare? The next 2 years will be key for this.

7. Hospital quality reporting

8. The war against healthcare fraud
One of our favorite topics, the war on healthcare fraud, waste and abuse is continually growing and ever-present. While Congress realizes that there is a need to combat this abuse, we haven’t successfully implemented initiatives to thwart it substantially. The healthcare reform law provides $300 million in funding for fraud investigation and enforcement by over the next 10 years. It will be up to Congress to ensure this money is spent wisely, efficiently and effectively.

9. Big boost for healthcare IT
EHRs, EMRs, Personal Health Records – what does all this mean for Health-IT and e-health? Lots – especially with government investing, beginning in 2011 and lasting for the next six years, $34 billion in incentives for healthcare IT to hospitals and practices.

10. Don Berwick arrives at CMS

Healthcare 101: Explanation of Benefits (EOB)

Wednesday, September 1st, 2010

An Explanation of Benefits (EOB) is a document sent by an insurance provider to an enrollee and the enrollee’s healthcare provider.  An EOB is produced in response to a claim for healthcare service.  It contains important information regarding the payment responsibilities of both the insurance company and the patient.  Unless they cover the entire cost, an insurance company is required to send an EOB to both the patient and the provider.

An EOB usually includes:

  1. Identification of service rendered*
  2. Date of service (DOS)
  3. Name and address of subscriber
  4. Name of patient
  5. Name of healthcare provider who rendered service
  6. Provider’s tax identification number
  7. Provider’s charge/ total billed services
  8. Allowed amount
  9. Total patient responsibility amount
  10. Total payment made and to whom
  11. The amount payable (in dollars or percentage of total) after deductibles, co-payment, and any other reduction have been made
  12. An explanation of for any reason for not providing full reimbursement for the amount claimed
  13. Point of contact (telephone number or address) by which an enrollee may inquire regarding payment
  14. Information on the appeal process of a denial of benefits and timeline of the process

The first item, identification of service provided (marked with *) is the most important item on an EOB.  It is the reason for receiving healthcare and should be communicated via ICD (diagnosis) or CPT (procedure) codes. If you receive an EOB that is missing this, call your insurance company and ask for this information.  Keep track of the code – it represents what you received and why you received it.  Imagine that your EOB is a receipt from a store and that the ICD and CPT codes are the items you purchased.  Wouldn’t you want to know what you bought?

Unfortunately, EOBs are not standardized and can be difficult to read, especially after switching insurance providers.  In addition, an EOB is sent to both the provider and the patient, and it attempts to convey different information to each recipient.  This often produces a very confusing document.

When reading an EOB, don’t be hesitant to look for guidance.  Your insurance company may have an example EOB and accompanying information on their website.  And, of course, be sure to look at our Healthcare How To: Read an Explanation of Benefits (EOB).

Other Resources:

Digital medical records (EHRs)… New wave of healthcare?

Wednesday, April 14th, 2010

In a previous post, legal implications surrounding privacy standards with EHRs was discussed. The questions asked were: Are there enough safeguards surrounding the technology? Is it easier to steal patient information when records are in an electronic format? And the list goes on. The post did not address the advantages and shortcomings of the EHR technology. Adaptation is slow. Why is that?

A recent article from the Wall Street Journal “Can Technology Cure Health Care” stated that “digital medical records come with some big promises – they’ll improve patient care, eliminate errors, stem costs and make health care more efficient.” On the other hand a 2009 study indicated that “hospitals with more-advanced electronic systems fared NO better than other hospitals on measures of admin costs, on average, even if the systems might ‘modestly improve’ performance on care.”

What does that mean? Healthcare professionals are frustrated with the electronic systems. Could it be because healthcare – notoriously slow to change – isn’t ready for the switch? Unlikely – the article surmises that it might not have to do with how the digital records are implemented, but with how they are designed.

The article discusses how hospitals can customize digital systems to fit their own unique needs. Digital technology has a chance to revolutionize healthcare. We just need to come up with a system that is uniform enough so all systems can communicate, but unique enough to satisfy each health facilities’ needs and wants.

2010 Healthcare Audit Forecast

Friday, April 2nd, 2010

Medical Business Associates President & CEO Rebecca Busch was featured in the March issue of the Journal of AHIMA in an article titled, “The Year of the Audit.”

The article highlights coding audits and the reasons for them – Rebecca asserts that in order for the Centers for Medicare and Medicaid Services (CMS) to lower its costs, it devised several financial recovery divisions to catch overpayments and fraudulent claims. Some audits include RAC (Recovery Audit Contractor), which evaluates a provider’s claims data, and medical records for possible over/under payments and ZPIC (Zone Program Integrity Contractor), which, according to the article, are the “aggressive cousins of RACs formed by CMS to detect fraudulent claims activity.”

Rebecca goes on to discuss payer fraud and how it will affect health information technology (HIM). HIM departments need to audit yearly to ensure they are not releasing personal health information (PHI) into the hands of fraudsters. As Rebecca states, “For HIM, the ‘year of the audit’ is about ‘releasers beware.’”

Criminals pose as insurers to obtain medical records and other sensitive information more times then one would think. Rebecca says, “This is what makes HIM vulnerable – people who really understand how the department works and how correspondence works. They are writing letters in a typical format that is routine. So it is going to really easy to miss letters that don’t have altruistic intent.”

With 2010 being the year of the audit everyone in the healthcare industry needs to be alert and in top form. The government is looking for overpayments. Insurance companies are looking for overpayments. Hospitals need money to continue to provide services and can’t afford to miscode, bill incorrectly or anything in between. It is a buyer’s beware market out there and patients most likely the ones to be most affected by these audit initiatives.

Prescription fraud and misuse rising

Saturday, January 30th, 2010

This post is in response to a recent article highlighting the rise of prescription fraud. I wanted to highlight some important aspects of the article.

Frequent incidences of prescription drug abuse:
1. Doctor shopping – hopping from doctor to doctor in order to receive medication and deceive the doctor. Patients also go doctor shopping to find a doctor that will “address” all their prescription needs i.e. over prescribing.
2. Manually changing the dose of the prescription. Example: If the prescription is written for 25 pills, they might add a 1 in front of it to make it 125 or a 0 at the end to make it 250.
3. Medical identity theft – stealing a victim’s insurance card and obtaining prescriptions under the victim’s name.
4. Inside cooperation – stealing a doctor’s prescription pad and writing prescriptions.

This list is by no means exhaustive. It just gives you a clue to the types of abuse occurring.

What are Pharmaceutical companies doing?
1. Making pills tamperproof – meaning that if they’re crushed for a stronger, more rapid high they become ineffective.
2. Patient medication guides explaining the exact purpose of the drugs and the consequences of misuse.
3. Letters to doctors and additional physician training to end the misuse and inappropriate prescribing of painkillers.

Those last 2 strategies are debatable, but they are necessary steps that need to be taken to combat prescription drug addiction.

How can providers combat the misuse?
1. Electronic health records can help combat this problem. The physician would be able to see that the patient has seen an abnormal amount of doctors and see what the patient was prescribed – eliminating the ability for a patient to be over prescribed.
2. Stop over prescribing – simple as that.
3. Understand the warning signs of users.

Read the full article here.

Will EHR adoption increase medical identity theft?

Saturday, July 25th, 2009

It would seem that having all your medical/health information in one place would be a good thing. You wouldn’t have to go from doctor to doctor requesting medical charts and cutting through red tape to access your “private” files. However, we all know from experience that the Internet is not always the safest place to store information – identity theft is running rampant throughout the country with thieves stealing your information right off of your personal computer.

President Obama, following former President Bush’s initiatives, is pushing for everyone to have an EHR or EMR by 2014 (EHR = Electronic Health Record, EMR = Electronic Medical Record). However the problem with this implementation is that currently, most hospitals do not have adequate safeguards to protect highly private and highly valuable medical information (medical identity information averages $50 per identity; a SSN will net thieves only $1).

In many cases, medical identity theft is committed by individuals with inside access to medical information – doctors, nurses, pharmacists, hospital workers etc. By allowing information to essentially “flow freely” throughout the healthcare marketplace we are opening ourselves up to fraudsters and thieves and making medical identity theft even easier than it was before.

According to the World Privacy Forum, 3% of all identity theft victims in the U.S. or 250,000 Americans reported that their identity had been used fraudulently to obtain medical treatment, services or supplies. The World Privacy Forum asserts that this number will only increase in the future.

While EHR adoption will push our country in the right direction in terms of quality of healthcare, what steps are we taking to prevent our most private information from being stolen and used against us?

Hacker gains control Virginia’s medical data

Friday, June 5th, 2009

The Virginia Prescription Monitoring Program website was breached in late April by a hacker demanding $10 million in return for the confidential medical information of 8.3 million patients.

The hacker posted on the site’s homepage an expletive filled rant claiming that he was in possession of very confidential data. He continued by writing that if Virginia didn’t follow his ransom demands, he would sell all the information to the highest bidder.

Virginia didn’t succumb to the hacker’s demands; however, their website was not functional for a period of time.

Read full article here.

How Secure are EHR’s?

This alleged breach calls into question the effectiveness and security of EHRs (Electronic Health Records). While EHRs will save an estimated $11 billion annually, skeptics say that patient information will be more vulnerable than ever.

Medical Business Associates, Inc. can consult companies and hospitals on the right way to secure online medical records. Our experts are trained to find holes and teach you the proper way to fill them. Our pre and post EHR implementation audits have saved many organizations from experiencing the headaches associated with EHR implementation.