Insights on Detecting Healthcare Fraud

Leveraging EHR Audit Logs; Getting Patients Involved
Insights on Detecting Healthcare Fraud

A new government watchdog report says the use of electronic health records makes it easier for some healthcare providers to commit fraud. And healthcare fraud of all kinds costs $75 billion to $250 billion a year, the report notes.

See Also: OnDemand | Spotlight Discussion: Advanced Network Detection & Response

The report highlights the need for hospitals to make broader use of the audit log function within EHRs to help detect fraud. But patients can play a role in detecting fraud as well.

For example, a new service aims to get patients more engaged in helping spot healthcare provider and other medical fraud sooner.

The Medical Identity Alert System, or MIDAS, from ID Experts provides patients with alerts via e-mail or texts, telling them that a medical insurance transaction is available for their review on a secure website. By reviewing the transaction, which is usually about a payment to a provider, consumers can potentially help spot signs of fraud sooner.

Security expert Mac McMillan, CEO of consulting firm CynergisTek, says getting consumers more involved in spotting healthcare fraud makes sense. "No one knows your activities better than you do," he says in explaining that consumers are in a good position to spot irregularities, such as payments to healthcare providers for services they never received.

Engaging Consumers

Using the new MIDAS service, patients who receive an alert of an insurance claim that looks suspicious or unfamiliar can flag it, prompting a MIDAS resolution team to review the claim, says Christine Arevalo, a vice president at ID Experts.

While patients also typically receive "explanation of benefits" statements from insurers that document insurance claims, those documents are confusing for many consumers, who, as a result, fail to carefully review them. By prompting patients to spot suspicious claims sooner, the "lifecycle of fraud" is potentially shortened, Arevalo says.

Among health insurers that have begun using MIDAS is Moda Health, which provides health plans to consumers in three states - Oregon, Washington and Alaska, including plans offered on state health insurance exchanges under the Affordable Care Act.

The insurer has been testing the MIDAS service for more than 18 months with 1,400 of its own employees who are enrolled in the company's health plans, says Katie Paullin, a spokesperson for Moda Health. In 2014, the company plans to begin rolling out the service as an optional free benefit to members of its individual commercial health coverage plans, she says.

To date, none of the MIDAS alerts sent to Moda Health members have resulted in the discovery of fraudulent claims, but members have used the service to flag a number of claims they didn't recognize or understand, she says. "For us, this service is about catching fraud and ID theft earlier when it happens, protecting our members and engaging them," she says.

Electronic Health Record Fraud

One goal of the HITECH Act's EHR financial incentive program is to get patients more engaged in their healthcare by providing individuals with secure access to their records.

Unfortunately one of the by-products of digitizing patient information is that it also makes it easier for some healthcare providers to commit fraud using the "cut and paste" functionality in EHRs.

In cut-and-paste fraud, a healthcare provider "cuts" information from one patient's record and "pastes" it into another patient's electronic document to submit exaggerated or fraudulent claims to insurers

A December report issued by the Department of Health and Human Services' Office of Inspector General, based on an online survey of 864 hospitals between October 2012 and January 2013, found that many hospitals are not using an audit log function available in most EHRs that can help detect cut-and-paste fraud.

The agency recommends that HHS's Office of the National Coordinator for Health IT and the Centers for Medicare and Medicaid Services "strengthen their collaborative efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs." OIG also suggests that CMS develop guidance on the use of the copy-and-paste feature in EHR technology.

The report notes that CMS and ONC concurred with the recommendations. A response letter dated Nov. 1 from CMS administrator Marilyn Tavenner included in the report says CMS is developing EHR cut-and-paste guidelines.

While regulators can develop industry guidance and oversight programs to crack down on healthcare fraud, patients have an important role to play as well, says McMillan, the consultant. That includes reviewing bills and claims more closely and asking questions of their physicians to better understand all tests and procedures ordered.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.