Using Fingerprints to Fight FraudWhy Medicare Is Ramping Up Background Checks for Contractors
Federal authorities are continuing to ramp up a new program of requiring fingerprint-based criminal background checks for the owners of durable medical equipment, home care and hospice care provider organizations who want to serve Medicare patients. The Centers for Medicare and Medicaid Services and the FBI are collaborating on the effort, aimed at cracking down on fraudulent Medicare claims, which historically have been more common in these two sectors.
See Also: DevSecOps Community Survey 2019
The criminal background checks, which began last year, are part of enhanced Medicare provider enrollment screening provisions contained in the Affordable Care Act, according to outreach material from CMS.
"As part of our efforts to curtail fraud, CMS has implemented guidance for fingerprint-based background checks as a requirement for all individuals with a 5 percent or greater ownership interest in a provider or supplier that is represented in defined high-risk categories," a CMS spokesman tells Information Security Media Group.
"These identified healthcare providers are currently enrolled in Medicare or have submitted an initial enrollment application and received written notice of this requirement and have 30 days from the date of the letter to be fingerprinted," he says. "Failure to comply with the fingerprint requirements could result in denial of a pending Medicare enrollment application or revocation of current Medicare billing privileges."
The spokesman declined to provide further details on how many background checks have been conducted so far, or their impact on fraud. But Medicare fraud is huge problem that's been getting more attention from the Department of Health and Human Services and the Department of Justice in recent years.
Since its inception in March 2007, the Medicare Fraud Strike Force, now operating in nine cities across the country, has charged nearly 2,000 defendants who allegedly submitted more than $6 billion worth of fraudulent claims, HHS says.
Earlier this month, the FBI announced that the owner of a Miami home health care company pleaded guilty in connection with a $32 million Medicare fraud scheme.
In the new background check program, the fingerprints are being collected by "fingerprint-based background check contractors," or FBBCs, according to CMS materials. The agency "strongly encourages all required applicants to provide electronic fingerprints." However, fingerprints collected via ink prints on special paper cards are also being converted for electronic submission to the FBI, CMS notes.
"Once the fingerprint process is complete, the fingerprints will be forwarded to the FBI for processing. Within 24 hours of receipt, the FBI will compile the background history based on the fingerprints and will share the results with the FBBC. CMS, through the FBBC, will assess the law enforcement data provided for the fingerprinted individuals. The FBBC will review each record and provide a fitness recommendation to CMS. CMS will assess the recommendation and make a final determination," according to CMS.
CMS says all fingerprint data is being stored according to federal security and privacy requirements, FBI Security and Management Control Outsourcing Standards for Channelers and Non-Channelers, and the FBI Criminal Justice Information Services Security Policy.
Privacy expert Kate Borten, president of consulting firm The Marblehead Group, says the biometrics-based background checks could, indeed, help in preventing Medicare fraud. "Medical fraud is a serious problem that drains budgets and resources," she says. "If this significantly helps weed out bad actors, then it's a good thing. I see this working to prevent known individuals, once caught [for committing fraud], from simply starting up again in a new location. But I'm not sure how effective it will be in identifying the bad actors proactively."
Independent healthcare attorney Susan A. Miller also says the fraud-fighting effort that takes advantage of biometrics is "a good start" in trying to prevent individuals with criminal pasts from participating in the Medicare program and to confirm the identities of applicants. But even if a business owner passes those background and identity checks, another person, such as an office manager, working for the organization could still launch a scheme to commit Medicare or other fraud. "There needs to be consideration of the environment the individual is part of," she says.
The use of biometrics, such as fingerprint scans, especially in combination with other forms of authentication, "increases the likelihood that the person you are dealing with is indeed the person they say they are," says security expert Mac McMillan, CEO of the consulting firm CynergisTek. "Biometrics are a very useful tool for this purpose and easy to use. ... However, one of the cons is that occasionally, for different reasons, finger readers don't work and that can be problematic."
In addition to the ongoing federal anti-fraud effort, some healthcare organizations are also beginning to deploy biometrics to fight fraud, McMillan says. "We've seen a few healthcare entities who have, or are considering, implementing fingerprints readers in patient registration processes to avoid medical identity theft and fraud," he says.
Privacy issues are another important consideration when it comes to using fingerprints or other biometrics for authentication or screening purposes, Borten notes. "There are privacy concerns about lifetime capture and storage of an individual's biometric identity that society and laws have not yet addressed," she says.