Fraud Case Offers Important Lessons
The recent sentencing of a Chicago area physician for stealing about $13 million from Medicare and more than 30 other insurers serves as an important reminder of the need for medical record access controls.
Sushil Sheth, M.D., a cardiologist who had privileges at three area hospitals, recently was sentenced to five years in federal prison and ordered to pay $13 million in restitution. He pleaded guilty last year to one count of healthcare fraud.
"The cardiologist used his hospital privileges to access and obtain information about patients without their knowledge or consent," according to a statement from the U.S. Attorney's Office for the Northern District of Illinois. "He then hired individuals to bill Medicare and other insurance providers for medical services that he purportedly rendered to patients whom he knew he never treated."
The hospitals involved apparently gave the physician access to the records without adequately determining whether he had a legitimate reason to view them. Consider this: Prosecutors say he filed more than 14,800 false claims for reimbursement for providing the highest level of cardiac care from January 2002 through July 2007. That's a long, long time to go undetected.
This case should be a wake-up call to hospitals across the country.
Make sure your policies on who can access medical records, whether they're on paper or electronic, are clear-cut and up-to-date. (Check out a recent interview with fraud prevention expert Rebecca Busch for some tips). Then educate everyone, from medical records staff to physicians and nurses, on the policies and the sanctions for violating them. And, of course, make sure those responsible for enforcing the policies are diligent in their efforts.
Otherwise, your hospital's records could be used as a source of major insurance fraud.