Hefty Prison Sentence in ID Theft CasePhysician Imposter Used Paper Records for Fraud
A substantial prison sentence issued April 10 in a case involving medical ID theft and Medicare fraud calls attention to the need to protect paper, as well as electronic, records.
See Also: A Toolkit for CISOs
The owner of a medical supply company who posed as a clinician when visiting nursing homes and committed $10.7 million in Medicare fraud was sentenced to 12 years in prison.
In addition to the prison time, U.S. District Judge Joseph Bianco ordered Helene Michel, 45, of Old Brookville, N.Y. to forfeit $1.3 million that was seized by the government.
Michel was convicted in August 2012 after a three-week jury trial on charges of conspiracy to commit Medicare fraud, medical ID theft and wrongful disclosure of HIPAA-protected patient information.
The Long Island woman used information collected from paper records at nursing homes to file fraudulent Medicare bills.
"The case is a good example that, as we face privacy and security concerns of electronic health records, there are still significant vulnerabilities surrounding paper records that can be exploited," says Adam Greene, a healthcare privacy attorney at Davis Wright Tremaine. "I think the prison sentence will have a slight deterrent effect, but sophisticated criminals likely will continue to see Medicare billing as a high-reward, low-risk target."
20 Nursing Homes Affected
Evidence during the trial established that from April 2003 to March 2007, Michel stole patient information from 20 nursing homes on Long Island and then submitted thousands of fraudulent Medicare claims worth millions of dollars, says a U.S. Department of Justice statement. The claims sought payment for services and equipment that were never provided by the defendant's company, Medical Solutions Management, of Hicksville, N.Y.
Prosecutors say Michel entered nursing homes pretending to be a doctor, nurse practitioner, wound care specialist or other healthcare professional, using various aliases, including "Dr. Elene Allonce." She examined patient paper charts stored at nursing stations to steal patient information, prosecutors say.
In some incidents, Michel used her false personas to accompany doctors on patient evaluations. Michel's co-defendant, Etienne Allonce, co-owner of Medical Solutions Management, was also charged in the indictment and is believed to have fled from the U.S., according to the Justice Department. He remains a fugitive, listed on the Department of Health and Human Services' Office of Inspector General's Most Wanted List.
In addition to submitting fake bills to the Centers for Medicare and Medicaid Services, Michel sometimes appealed those claims by submitting additional stolen and altered patient information in the event that CMS denied payment, authorities say.
"She was very bold," says Burton Ryan, assistant U.S. attorney in the eastern district of New York, one of the prosecutors for the case. Ryan says that before the trial, Michel claimed she suffered from multiple personalities. That defense was not used during the trial, but prosecutors had a psychiatrist "on stand-by just in case," he adds.
Michel stole information from face-sheets, the first pages of a patient chart that contains personal identity and billing information, Ryan says. She stole doctor order forms that were three of four weeks old, which nursing home staff would be unlikely to notice had been removed, he explains.
The stolen records were altered to include services that were never provided but for which Michel billed Medicare, says Charles Kelly, lead federal prosecutor in the case.
The scheme was ultimately discovered after a nursing home staff member and a family member of a patient became suspicious after reviewing explanation of benefits statements from Medicare for services never received, Ryan says.
Ryan says the government had sought a 15-year sentence for Michel. Nonetheless, "Twelve years for a white collar crime is pretty tough," he says.
"The events happened before many healthcare facilities began using electronic health record systems," Ryan says. While EHRs can help make this kind of fraud more difficult to commit, automated records can also be subject to insider ID fraud.
Earlier this month, Florida law enforcement arrested two individuals, including a healthcare worker and trainee at care facilities affiliated with the University of Florida, for allegedly committing ID theft (see: Insiders Arrested In 2 ID Theft Cases).
In one of those cases, computer generated records with patient ID information were found by police when one suspect was arrested. In the other case, the suspect allegedly used her cell phone to take photos of computer screens containing patient information.
Kelly warns electronic systems that are not properly secured can make massive ID fraud even easier.
"Instead of stealing a few paper records at a time, [a criminal] with access to computerized records can print out hundreds of face-sheets, worth tens of thousands of dollars," he says.
Kelly recommends that Medicare send copies of patient explanation of benefits documents to nursing homes and hospital administrators so that they can also help spot suspicious billing.