SSNs on Medicare Cards: Is End Near?Proposal to Revamp ID Cards Included in Draft of Fraud Bill
While the current Congress is often criticized for accomplishing little, the House Ways and Means Subcommittee on Health is floating draft legislation in an attempt to do something about Medicare and Medicaid fraud, abuse and waste.
See Also: A Toolkit for CISOs
The proposal calls for moving forward with often-discussed plans to eliminate the use of Social Security numbers on Medicare ID cards in the quest to reduce the risk of those numbers being stolen or inappropriately used. It also calls for investigating a shift to smart cards.
Also included in the draft is a plan for enhancing incentives under a provision of HIPAA for individuals to report Medicare fraud and abuse, and extending those incentives to reporting Medicaid fraud.
The Protecting Integrity in Medicare Act of 2014 was released on Aug. 7 by health subcommittee chairman Kevin Brady, R-Texas. The committee collected public comments on the discussion draft through Sept. 1.
In a statement released by the subcommittee, Brady says, "I also look forward to working with my colleagues in the House, on a bipartisan basis, to strengthen this legislation to ensure we can get strong, anti-fraud provision signed into law this year. Our goal is for the legislation to save money but, at a minimum, it needs to be cost neutral."
The proposal to remove Social Security numbers from Medicare cards is an anti-fraud move that's been recommended multiple times since 2002 by two government watch dog agencies.
The Department of Health and Human Services' Centers for Medicare and Medicaid Services has agreed with earlier recommendations from the Government Accountability Office and the HHS Office of Inspector General to remove Social Security numbers from Medicare cards, but has cited "a lack of clear funding" as a hurdle to implementing the changes. The draft proposal calls for shifting $320 million from existing Medicare trust funds to finance the ID card change.
Some organizations that submitted comments to the committee voiced strong opposition to the proposed funding plan.
"While we generally support the efforts of this bill ... we can identify some potential unintended consequences or areas where additional reform can be made," wrote Rick Pollack, executive vice president of the American Hospital Association, in a letter sent to the subcommittee.
The draft legislation's proposed shifting of HHS funds to help cover the costs of reissuing Medicare ID cards is "problematic" because it takes away money that otherwise would be spent on patient care, Pollack asserts in his letter.
The Potential Fraud Impact
Privacy attorney Adam Greene of the law firm Davis Wright Tremaine says the plan for changing Medicare ID cards could, indeed, help fight fraud.
"I believe that HHS replacing the current Medicare beneficiary identifiers with identifiers that do not include Social Security numbers would significantly decrease identity theft risks," he says. "Healthcare providers would be able to move away from being forced to maintain SSNs in their systems, which pose identify theft risks from malicious insiders and outsiders. Healthcare entities would incur significant cost updating the Medicare identifiers in their systems, but this would be partially offset by decreased breach notification risks."
Evaluating Smart Cards
The draft proposes HHS evaluate whether the use of smart cards for Medicare IDs is "cost effective and technologically viable." If HHS determines that smart cards are appropriate, it would be expected to submit a report to Congress outlining its findings.
The measure also proposes enhancing incentives under a HIPAA provision for individuals to report Medicare fraud and abuse, and to extend those incentives for reporting Medicaid fraud. It calls for a public awareness and education campaign to encourage participation in the revised incentive program.
The proposal's chances of advancing beyond the House committee in this election year are slim, Greene acknowledges. "While I consider improving privacy and security, especially with respect to Medicare beneficiaries, a pretty bipartisan issue, I am skeptical about anything passing Congress at this time."