Safe & Sound with Marianne Kolbasuk McGee

Why We Struggle with Healthcare Fraud

Progress Being Made, But Much More Work Needed
Why We Struggle with Healthcare Fraud

Based on some recent Congressional testimony and reports by a couple of government watchdog agencies, the U.S. Department of Health and Human Services has made some progress in fighting healthcare fraud. But HHS still has a long way to go.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

Some background: At a recent hearing by the House Committee on Energy and Commerce's Subcommittee on Oversight and Investigations, legislators heard testimony from the Government Accountability Office, HHS' Office of Inspector General and Center for Medicare and Medicaid Services highlighting what HHS is doing right and wrong in its battle to fight healthcare fraud involving Medicare, which provides health coverage to millions of older individuals.

Eliminating Social Security numbers seems to be a fairly simple move, but it's harder than you think. 

To be fair, some success has come from HHS collaborating with law enforcement and the private sector in activities such as information sharing. In 2013, these efforts resulted in "the record-breaking recovery of $4.3 billion in taxpayer dollars" from individuals trying to defraud federal health programs, according to written testimony of one CMS official.

Certainly healthcare fraud - including Medicare crime - is a complex issue that comes in many different flavors. That includes fraud involving physicians submitting false or padded billing for services that weren't provided to "real" patients, to what OIG calls "criminal network operations." In one case, fraudsters perpetrated a $100 million Medicare scheme that involved stealing the identities of doctors and thousands of Medicare beneficiaries for use in fake clinics across the U.S.

All-in-all, Medicare fraud costs American taxpayers a ton of money annually. In a report released along with its testimony, the GAO says that in 2013, Medicare financed healthcare services for approximately 51 million individuals at a cost of about $604 billion. However almost $50 billion - or about 8 percent of those total disbursements - were "improper payments," including fraud, CMS estimates.

Room for Improvement

So, while HHS is making some strides in its battle against fraud, one of the most frustrating things to me is that some of the fraud-busting recommendations being made by the watchdog agencies to CMS to further fight fraud are the same suggestions that GAO and OIG have been making for years.

For instance, one key recommendation from both GAO and OIG has been for CMS to remove Social Security numbers from beneficiaries' Medicare cards in order to reduce the risk of ID theft. After all, once a patient's Social Security number is stolen from a Medicare card, the individual is not only at risk for healthcare-related identity theft, but also for all kinds of other financial fraud, including thieves opening credit card accounts using those IDs.

Eliminating Social Security numbers seems to be a fairly simple move, and one discussed for years, but it's harder than you think. GAO notes that it has made multiple recommendations to CMS to remove the numbers from beneficiaries' Medicare cards to help prevent identity theft. "HHS agreed with these recommendations, but reported that CMS could not proceed with the changes for a variety of reasons, including funding limitations, and therefore has not taken action."

Meanwhile, OIG makes another common sense recommendation to protect electronic health records from being tools to commit fraud: mandating the use of the audit feature in all EHRs.

Nearly half of hospitals OIG surveyed recently indicated they could delete audit logs, and one-third of hospitals said that they could disable their audit logs. However, audit logs can be used to analyze historical patterns that can identify data inconsistencies that could indicate fraud.

Audit logs should always be operational while the EHR is being used and be stored as long as clinical records, OIG says. Deleting or disabling audit logs makes it harder to prevent and detect fraud, the agency testified.

Additionally, OIG also found that CMS and its contractors had not adjusted their program integrity strategies for EHRs versus paper records.

So, between CMS continuing to feature beneficiaries' Social Security numbers on Medicare cards, to the agency and its contractors not updating their programs to reflect the mass migration to EHRs that's taken place over the last few years, it's clear to me that CMS needs to step up its fraud-fighting campaign in big and small ways.

Perhaps new HHS secretary Sylvia Mathews Burwell will put added emphasis on fraud-busting efforts at CMS. And perhaps Congress will support renewed requests for funding such initiatives. At least that's what I hope.

But in the meantime, I fear that incidents of healthcare fraud, including that involving Medicare ID theft and EHR systems, are problems that aren't going away anytime soon, and could in fact worsen if not given swift and meaningful attention. If these items aren't acted upon soon, then these same government agencies will be back before Congress having the same conversations next year.



About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.