Governance & Risk Management

A Prescription for Fighting Fraud

Expert Offers Insights on Prevention
A Prescription for Fighting Fraud
News that two Seattle residents were sentenced last week in a prescription fraud case offers yet another eye-opening reminder of the need to guard against fraudulent activity by staff members at hospitals and clinics.

Federal prosecutors said Alyse Burrell, who worked as a billing technician at a clinic, stole about 60 patients' names, dates of birth, Social Security numbers and health insurance plan numbers. Burrell, along with Horace Mitchell III, then used the stolen information, along with stolen prescription pads, to forge prescriptions for narcotic pain killers.

The pair forged the names of three doctors on the prescription forms and charged the drugs to the health insurance associated with the stolen patient identities. They were able to get 100 forged prescriptions filled, obtaining thousands of pills that they then sold, prosecutors said.

Even after their arrest and release on bond, the pair continued to get fraudulent prescriptions filled, prosecutors said. After pleading guilty to three charges, Burrell was sentenced to five years in prison, and Mitchell received a four-and-a-half-year sentence.

A Growing Problem

"This type of fraud is a long-time, persistent problem," says security consultant Rebecca Herold of Rebecca Herold & Associates. "And it is growing as folks get more desperate for healthcare, more desperate to make money, and as healthcare environments become much more complex, with all the mobile computing devices now being used for care.

"I've been working with many healthcare providers, and their information security and privacy staffs are always stretched beyond their available time and resources with fighting fires and trying to address the risks that new and emerging technologies bring with them. Often the older, traditional types of risks (e.g., prescription forms being stolen) get exposed as attention is put elsewhere."

Herold says fraud-prevention training is more important than ever. "More awareness by all personnel will help to dissuade insiders who would otherwise do such fraud if they thought no one would notice and that they would then get away with it."

Policies and procedures also need to be regularly reviewed and updated to help mitigate any new risks within the facilities, Herold stresses. And audit logs need to be reviewed regularly by staff outside the department to ensure objectivity and consistent response to suspicious activities, she adds.

Herold offers the following tips for helping to prevent insider fraud:

  • Have procedures in place to check for inconsistencies between insurance claim submissions and patient visits.
  • Let patients know what they can do to spot such fraud, such as checking their insurance claims statements closely and reviewing their patient records.
  • Do regular inventory checks for such items as prescription forms and items that are used for narcotics storage.
  • Look at the login and logout times to the network for staff members who have access to patient billing information to check whether they are accessing the system at times outside their normal work hours.
  • Similarly, look at logs for applications used in conjunction with narcotics prescriptions.
  • Check phone logs of billing technicians, and others with access to billing information, to catch suspicious calling patterns.
  • Emphasize to physicians that they should not pre-sign prescription forms.
  • Establish communications with pharmacies to report elevated numbers of narcotic painkiller prescriptions or to simply provide ongoing reports of all narcotics that are prescribed.
  • Provide regular training and ongoing awareness communications to personnel about how to spot the signs of fraud.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.