Medical Business Associates, Inc. Patient Hotline: 877-MBA-UWIN (877-622-8946)
Training Institute
We Understand How Information and Money Move In Healthcare

Archive for the ‘Identity Theft’ Category

Attention Employers: Medical Identity Theft Concerns You, Your Bottom Line, and the Health of Your Employees!

Friday, April 6th, 2012

Opportunity for crime comes in many forms, from an open window for a burglar to a victim’s lack of information to avoid a fraudster.  At one point or another, many of us have fallen victim to a theft or have even just lost a wallet, but something that doesn’t often come to the forefront of our minds is protecting our medical identity in such a situation.

A patient in South Carolina, an ex-marine in good health, lost his wallet when he left boot camp back in 2005.  He went back home to California.  Over a year later he received a call from his mother informing him that he was the lead suspect in a string of auto thefts in South Carolina!  The man who found his wallet used his military ID and driver’s license to test-drive cars that he would never return to the dealership – grand-theft auto in our patient’s name.

This in itself is a tough resolution, but what’s even worse is that this man’s problems weren’t over; they also included medical identity theft.

The man who found his wallet and test drove those cars also racked up a $20,000 medical bill treating kidney stones and an injured wrist.  The ex-marine never thought to call and inform his insurance carrier, so he was on the hook for those bills.  He was hounded by collection agencies and the government even withheld his tax return!  These issues were finally resolved, but it took over a year of appeals, phone calls, withheld income, and finally the intervention of the US Secret Service to pinpoint the man who stole his identity – Arthur Watts. Not all of us would be afforded that luxury (the Secret Service was brought in by the US attorney’s office to help in this investigation).

When someone loses a credit card, the process is simple:  call your credit card company and notify them.  Any reputable company will refund your money – they investigate the claim, and within about a week you will have a resolution that will cost no more than $50 by law, and often nothing at all.  When someone loses their healthcare benefits card in that same wallet, there is no course of action that takes place regarding the benefit card, and most people don’t realize something is wrong until they start getting collection calls or run a credit report months or even years later.

This doesn’t just happen one victim at a time when wallets are lost either.  The implementation of Electronic Health Records in hospitals and doctors’ offices increases the scale of these problems.  The wrong person gaining access to the system can mean tens, hundreds, or even thousands of Social Security numbers and benefit profiles at risk.  Lax technological security is another issue with this type of information.  Earlier this month, BlueCross-BlueShield of Tennessee agreed to pay $1.5 million for a 2009 breach in which over 50 hard drives holding over 1 million patient profiles were stolen.[1]

This is a dangerous lapse by BCBS, who is entrusted by its patients to guard their most personal and valuable information, including names, SSN’s, and policy numbers.  It was an inside job that could happen again. This tells us two things: a person’s medical identity is a coveted asset in fraud, and there is significant opportunity due to the lack of detection and prevention.

The reality is that healthcare fraud occurs at a lower instance rate than credit card fraud, but with higher dollar amounts per instance.  This translates into less public awareness and education on the risks, and much more financial risk and discomfort for those afflicted by medical identity theft. The laws protecting medical identity theft are not the same as those protecting victims of credit card theft – it is harder to recover the money, it takes longer, and the money might not be totally recoverable.  Possibly the most devastating implication of medical identity theft, though, is the impact it can have on your medical record.

The changes to a medical record can impact insurance coverage and treatment by providers.  A legitimate healthcare claim for an emergency surgery can turn into a nightmare when it is denied by a carrier because the patient has “reached the maximum on benefits” thanks to this undetected fraud.  Even more difficult to resolve is being denied benefits, or even being dropped from coverage, all due to a medical condition that you don’t have, yet someone else has reported under your name.

Electronic medical records can be amended, but it’s much more work to have things deleted, because of the implications your medical condition has on insurance coverage and pricing.

This begs the attention of employers in protecting their employees.  Carriers need to dutifully encrypt information and protect their customers.  And, most importantly, patients must educate themselves and advocate for their own well-being. The Federal Trade Commission [FTC] agrees (

  • Read your EOB’s and know what you are being charged for
    • Check the name of your provider, date of service, & service provided
    • Discrepancy? – call your healthcare provider
  • Review a copy of each credit report – annually verify the integrity of ALL information listed
  • Patient tracking of personal health and ideally annual comparison to medical records provided by insurance carrier

The next steps to take if fraud is suspected include filing a complaint with the FTC and a report with local police, exercising HIPAA patient rights and correcting any errors on your medical record, and activating a fraud alert and security (credit) freeze with the individual credit agencies (Experian, Equifax, Transunion).

Medical Identity Theft: What is it? How does it happen? How can it affect you or your loved ones?

Friday, May 13th, 2011

Some stats for thought:

  • As many as 500,000 Americans have been victims of medical identify theft, according to the World Privacy Forum.
  • At one medical clinic in Weston, Florida, a front desk clerk downloaded information of more than 1,100 Medicare patients and gave it to a cousin who made $2.8 million in false Medicare claims.
  • Thieves use your identity to buy prescription drugs. They then sell these prescriptions or use them to feed their own addictions.

What does this mean to the average person?

If you find yourself being a victim of medical identity theft, you might receive hospital bills in the mail for services you never received. You might visit an area hospital only to find your records include false or wrong information, like blood type or previous surgeries you’ve never received. You could even have your kids taken away like this unassuming woman almost did during her ordeal with medical identity theft.

Anndorie Sachs, a mother of four from Salt Lake City, has always considered herself a loving, caring mom.  So one can imagine her surprise when a state social worker called Sachs and accused her of having given birth to a baby girl with methamphetamines in her system and abandoning her in the hospital.

Even more unthinkable, according to Sachs, the state told her over the phone she was an unfit mother, and planned to take custody of all her kids.  “I definitely went into shock,” she says.  But, Sachs hadn’t given birth to a baby with meth in its system. In fact, she hadn’t given birth in two years.  Anndorie Sachs was a victim of medical identity theft.”

How can you avoid becoming a victim?

If you don’t monitor your EOBs fraudsters have a better chance of stealing your Medical Identity. This can cause both financial and physical harm – if someone else’s information is included in your medical record you could receive false diagnoses. Take ownership of your healthcare finances and request your medical records and bills once a year.

If your wallet is stolen, notify your insurance company — not just credit-card companies — because your benefit card is like a credit card without a limit.

Be an empowered patient and take charge of your health and healthcare finances.

Thanks for reading!

Your healthcare resource – Rebecca Busch

Recent Healthcare Fraud Scams

Tuesday, April 20th, 2010

We have discussed types of healthcare fraud (i.e. Rent-a-Patient Schemes, Pill Mill Schemes, Drop Box Schemes & Third-Party Billing Schemes) in a previous post. However we didn’t highlight some new ways scammers and fraudsters are stealing your healthcare dollars, mainly through the online world.

A recent ABC News article, “Health Care Fraud: Two Ways Scammers Are Trying to Take Your Money” describes two “ingenious” ways fraudsters are stealing your money. The article explains that because of all the healthcare hoopla occurring, people do not understand and are unaware of current policies – leaving what they call “anxious Americans.” This is how the scammers get you.

Health Insurance Scams

The first scam that was highlighted was “Door-to-door salesman selling bogus policies.” What does that entail? Scammers are going door-to-door selling fake health insurance policies by stating that current legislation is accounting for the low “limited enrollment” period fees. They are confusing people by essentially telling them that if they don’t buy the insurance now, the price will increase excrementally and they will not be able to afford it in time.

The next scam “1-800 advertisements promoting scams” is very similar to the door-to-door scam; however, this time the fraudster are taking it to the airwaves and asking people to call and 1-800 number for “limited enrollment specials made possible by new legislation.”

As always, don’t forget about Medical Identity Theft – this practice is increasing by 375%. The key to any insurance deal is if it is too good to be true than it probably is.

2010 Healthcare Audit Forecast

Friday, April 2nd, 2010

Medical Business Associates President & CEO Rebecca Busch was featured in the March issue of the Journal of AHIMA in an article titled, “The Year of the Audit.”

The article highlights coding audits and the reasons for them – Rebecca asserts that in order for the Centers for Medicare and Medicaid Services (CMS) to lower its costs, it devised several financial recovery divisions to catch overpayments and fraudulent claims. Some audits include RAC (Recovery Audit Contractor), which evaluates a provider’s claims data, and medical records for possible over/under payments and ZPIC (Zone Program Integrity Contractor), which, according to the article, are the “aggressive cousins of RACs formed by CMS to detect fraudulent claims activity.”

Rebecca goes on to discuss payer fraud and how it will affect health information technology (HIM). HIM departments need to audit yearly to ensure they are not releasing personal health information (PHI) into the hands of fraudsters. As Rebecca states, “For HIM, the ‘year of the audit’ is about ‘releasers beware.’”

Criminals pose as insurers to obtain medical records and other sensitive information more times then one would think. Rebecca says, “This is what makes HIM vulnerable – people who really understand how the department works and how correspondence works. They are writing letters in a typical format that is routine. So it is going to really easy to miss letters that don’t have altruistic intent.”

With 2010 being the year of the audit everyone in the healthcare industry needs to be alert and in top form. The government is looking for overpayments. Insurance companies are looking for overpayments. Hospitals need money to continue to provide services and can’t afford to miscode, bill incorrectly or anything in between. It is a buyer’s beware market out there and patients most likely the ones to be most affected by these audit initiatives.

Prescription fraud and misuse rising

Saturday, January 30th, 2010

This post is in response to a recent article highlighting the rise of prescription fraud. I wanted to highlight some important aspects of the article.

Frequent incidences of prescription drug abuse:
1. Doctor shopping – hopping from doctor to doctor in order to receive medication and deceive the doctor. Patients also go doctor shopping to find a doctor that will “address” all their prescription needs i.e. over prescribing.
2. Manually changing the dose of the prescription. Example: If the prescription is written for 25 pills, they might add a 1 in front of it to make it 125 or a 0 at the end to make it 250.
3. Medical identity theft – stealing a victim’s insurance card and obtaining prescriptions under the victim’s name.
4. Inside cooperation – stealing a doctor’s prescription pad and writing prescriptions.

This list is by no means exhaustive. It just gives you a clue to the types of abuse occurring.

What are Pharmaceutical companies doing?
1. Making pills tamperproof – meaning that if they’re crushed for a stronger, more rapid high they become ineffective.
2. Patient medication guides explaining the exact purpose of the drugs and the consequences of misuse.
3. Letters to doctors and additional physician training to end the misuse and inappropriate prescribing of painkillers.

Those last 2 strategies are debatable, but they are necessary steps that need to be taken to combat prescription drug addiction.

How can providers combat the misuse?
1. Electronic health records can help combat this problem. The physician would be able to see that the patient has seen an abnormal amount of doctors and see what the patient was prescribed – eliminating the ability for a patient to be over prescribed.
2. Stop over prescribing – simple as that.
3. Understand the warning signs of users.

Read the full article here.

Will EHR adoption increase medical identity theft?

Saturday, July 25th, 2009

It would seem that having all your medical/health information in one place would be a good thing. You wouldn’t have to go from doctor to doctor requesting medical charts and cutting through red tape to access your “private” files. However, we all know from experience that the Internet is not always the safest place to store information – identity theft is running rampant throughout the country with thieves stealing your information right off of your personal computer.

President Obama, following former President Bush’s initiatives, is pushing for everyone to have an EHR or EMR by 2014 (EHR = Electronic Health Record, EMR = Electronic Medical Record). However the problem with this implementation is that currently, most hospitals do not have adequate safeguards to protect highly private and highly valuable medical information (medical identity information averages $50 per identity; a SSN will net thieves only $1).

In many cases, medical identity theft is committed by individuals with inside access to medical information – doctors, nurses, pharmacists, hospital workers etc. By allowing information to essentially “flow freely” throughout the healthcare marketplace we are opening ourselves up to fraudsters and thieves and making medical identity theft even easier than it was before.

According to the World Privacy Forum, 3% of all identity theft victims in the U.S. or 250,000 Americans reported that their identity had been used fraudulently to obtain medical treatment, services or supplies. The World Privacy Forum asserts that this number will only increase in the future.

While EHR adoption will push our country in the right direction in terms of quality of healthcare, what steps are we taking to prevent our most private information from being stolen and used against us?

Hacker gains control Virginia’s medical data

Friday, June 5th, 2009

The Virginia Prescription Monitoring Program website was breached in late April by a hacker demanding $10 million in return for the confidential medical information of 8.3 million patients.

The hacker posted on the site’s homepage an expletive filled rant claiming that he was in possession of very confidential data. He continued by writing that if Virginia didn’t follow his ransom demands, he would sell all the information to the highest bidder.

Virginia didn’t succumb to the hacker’s demands; however, their website was not functional for a period of time.

Read full article here.

How Secure are EHR’s?

This alleged breach calls into question the effectiveness and security of EHRs (Electronic Health Records). While EHRs will save an estimated $11 billion annually, skeptics say that patient information will be more vulnerable than ever.

Medical Business Associates, Inc. can consult companies and hospitals on the right way to secure online medical records. Our experts are trained to find holes and teach you the proper way to fill them. Our pre and post EHR implementation audits have saved many organizations from experiencing the headaches associated with EHR implementation.