Medical Identity Theft: A Case Study

Identify theft, in general, can affect a person for a lifetime. Federal law defines medical identity theft as “A fraud committed or attempted using the identifying information of another person without authority to obtain medical services or goods, or when someone uses the person’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims.” (“Red Flag Rule - Identity Theft Prevention Policy”, 2009). However, medical identity theft is not as easily traced compared to something such as, credit card theft. With the crime being less traceable and the ever-expanding health care system, it is not surprising that medical identity theft is continually rising. Medical identity theft accounts

In the health care business, there are certain standards and laws that have been put in place to protect our patients and their personal health information. When a health care facility fails to protect their patient’s confidential information, the US Government may get involved and facilities may be forced to pay huge sums of money in fines, and risk damaging their reputation.

When providers or patients submit false or misleading information intentionally to a health plan, this is fraud. Some examples of healthcare fraud and abuse include filing claims for services or medications not actually performed or obtained, billing for services for non-covered items using codes for billable services or items, altering medical records, waiving co-pays and deductibles, up coding and unbundling, using someone’s insurance card, billing Medicare patients at a higher fee than non-Medicare patients, and accepting kickbacks for referring patients, to name just a few. Fraud can be committed by hospitals, medical providers, laboratories, pharmacists, billing services, medical equipment suppliers, and even patients. Patients can protect themselves from healthcare fraud and abuse by knowing their healthcare benefits, reviewing the explanation of benefits, asking the doctor to explain the service that was given, report discrepancies, protect insurance cards and member identification numbers, beware of free services, report copayment and deductibles being waived, and never sign blank insurance forms.

     On September 24, 2010, a laptop was stolen from an unlocked Urology office at the Henry Ford Health Systems hospital. The laptop did contain password protection software; however, it may not have been enough to permit access if the thief had advanced knowledge in computers. Additionally, the information stored on the laptop did not include social security or health insurance information, but instead held “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). It is unknown how many records were contained on the laptop, but all records were related to prostate services that were provided during an eleven year span.

Fraud and abuse encompasses the actions of fraud, abuse, and waste in the health care system (McWay, 2014). It is a nationwide problem that affects all of us and can be committed by anyone. Schemes can be committed by a single person or a by an institution or group. The National Health Care Anti-Fraud Association (NHCAA) estimates that

Healthcare fraud and abuse are different terms that describe different types of deceitful acts done by healthcare professionals or by solo individuals. Fraudulent medical billing is defined as knowingly submitting false statements or making misrepresentations of facts or false documentation to obtain a health care payment. These payments for which no entitlement would otherwise exist, knowingly soliciting, paying, and/or accepting compensation to encourage or reward referrals for items or services reimbursed by federal health care programs and making prohibited referrals for certain designated health services. Fraud healthcare schemes include

Hospital and health facility administrators face hardened criminals who hack medical records with ever-increasing sophistication. Hackers gain access to critical information, such as medical claims, financial data, Social Security numbers and credit card data that enable identity theft, credit card fraud and other privacy breaches. One of the major security failures in the news was the CareFirst BlueCross BlueShield attack that exposed 1.1 million of its members to thefts of their personal information.[1] Combined with high-profile breaches at Anthem and Premera Blue Cross, the breach illustrates the changing role of medical administrators

Health insurance fraud is what drives up health insurance premium costs, wastes taxpayer’s money, but can also endanger beneficiaries or leave them uninsurable. In 2015, Medicare Strike Force reported over $700 million in false billing by doctors, nurses, other licenses medical professionals, laboratories, and individuals (FBI.gov). This is a staggering figure that is only getting worse. In this fictitious federal case I will be describing the criminal offender, the crime that was committed, the charge handed down by law enforcement, and the judicial process from the beginning of the criminal case to the sentencing of Dr. Richard Heartman, an internal medicine physician.

Research identity-theft cases from medical offices.Explain the case and prepare a one-page paper on prevention strategies based on the case found.

With that kind of information, fraudsters falsely bill Medicare and private insurers for drugs, equipment or treatment that were never prescribed. For example the people who commit fraud may order a wheelchair for someone who does not need it and bill Medicare for two or three times the cost and then pocketing the money. Criminals also sell medical information in some communities to uninsured people who desperate to get medical care. In order to collect the money they set up fake billing companies that disappear as soon as there is knowledge of an

Of the ten most common reasons medical claims are denied I think that the #1 reason is incorrect patient identifier information. This is a mistake made I imagine more than anything else. If we get one number wrong it will throw everything else off. Like if we have the incorrect social security number or wrong id number.

I currently work in a nursing and Rehab Facility for Elderly People. Whether it is short term or long term I see a lot of patients file daily. I oversee all their chart filing of insurance claims, SSI, Verification Forms, ID Cards, and Any medical codes that need to match the patients Files. Reading through National Health Care Anti-Fraud Association. (2016) I was shocked to see the amount of fraud that has occurred between 2000 and 2014. When you are going to see your doctor for a physical and you get a physical Exam and this occurs, " medical identity theft victim may unexpectedly fail a physical exam for employment because a disease or condition for which he's never been diagnosed or received treatment has been unknowingly documented in his health record." That is appalling, this patient just now had his job jeopardized,

Security breaches of EMRs vary from someone without consent viewing the patient’s information, to a hacker using the information to steal one’s identity. According to Privacy Rights Clearing House, more than 260 million data breaches have occurred in the United States, including those of health related records. Approximately 12 percent of data breaches involve medical organizations (Gellman, 2012). According to Redspin, a provider of Health Insurance Portability and Accountability Act risk analysis and IT security assessment services, more than 6 million individual’s health records were compromised during a period from August 2009 and December 2010 (Author Unknown, 2010). A provision of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires all breaches affecting 500 or more people to be reported to the Department of Health and Human Services. This reporting is to be accomplished within 60 days of discovery. The Redspin report covering the period above involved 225 breaches of protected health information. The amount of people with access to an individual’s health record creates concern with confidentiality. According to the Los Angeles

The department of Health and Human Services protects and guides the health and well being of individuals here in America (Thacker, 2014). They fulfill these duties providing Americans with adequate and efficient health and human services and monitoring services designed to increase the efficiency of care in the health system (Thacker, 2014). One of the services being monitored by the department of Health and Human Services is the electronic health record system, which carries private and vital information of patient’s health record enabling all eligible participating health workers access to these records (Thacker, 2014). A breach of the protective health information of patients in a health organization creates chaos as these are against the health insurance portability and accountability (HIPAA) law (Thacker, 2014). Hence, measure will have to be put in place to determine what caused the breach and how to rectify it to ensure the breach never happens again (Thacker, 2014).

Some incidents with regards to patient records being used for extortion by offshore companies have arisen. Heartland Information Services, a medical transcription service based in Toledo, Ohio, was the victim of one such instance when employees from the company’s Bangalore, India office “threatened to release confidential patient information to the public if certain demands weren’t met in a specified time frame.”[5] Heartland