More on Compliance & Legal

Fighting physician identity theft

CMS launches initiative to help providers

About six years ago, Anne Peters, MD, an internist practicing in southern California, started receiving calls from doctors in her area. They told her their patients were reporting that she was billing Medicare for procedures she had done for them – things like brain scans and surgery – procedures she didn’t do.

She contacted the Centers for Medicare & Medicaid Services (CMS), repeatedly reporting the fraudulent claims. In the ensuing months, CMS prosecuted her for grand theft for the $650,000 to $700,000 Medicare had paid out in claims made in her name by other people other. Her Medicare payments were cut off and the agency demanded back payment. The IRS also pursued her to get the taxes owed on the Medicare payments.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

Peters was the victim of physician identity theft, a crime that is not at all uncommon, said Pam Dixon, founder of the World Privacy Forum, a nonprofit public interest research group. “Physician identity theft is a well known problem,” she said. And the type of fraud scheme Peters experienced is one of most common associated with physician identity theft. Thieves used her credentialing numbers, such as her National Provider Identifier (NPI), to perpetrate billing fraud.

Since so many legitimate organizations within the healthcare system need access to physician credentialing numbers, like the NPI, those numbers are readily available to anyone who looks for them, Dixon said, which makes it incredibly easy for thieves to take advantage.

“The information is far too publicly available,” said Dixon. “It really is. It’s really out there.”

Some efforts have been made to try to make physician credentialing numbers harder to obtain, but so far, those efforts haven’t come to fruition, with those in opposition saying the task of securing those numbers would be too costly and cumbersome.

The federal government, though, has been making some strides in cracking down on fraud, and that includes reaching out to physicians who have had their identities stolen.

Through joint efforts of the Department of Health and Human Services and the Department of Justice, the government says its efforts to curtail fraud returned more than $4 billion to taxpayers in 2011.

HHS has also ramped up efforts to inform patients and providers about fraud, and about six months ago, through CMS’ Center for Program Integrity, launched the CMS Provider Victim Validation/Remediation Initiative to aid physicians and other providers who have had billing fraud perpetuated in their names.

“The reason we aimed the process at those physicians (victims of billing fraud) is because they end up, in particular, with liabilities associated with the billing,” said Shantanu Agrawal, MD, the medical director at CMS’ Center for Program Integrity. Liabilities such as those experienced by Peters – Medicare overpayment and taxes owed to the IRS. “They are in a particularly troubling situation, which involves a lot of different agencies, which is why we felt responsible to set up this remediation process specifically for them.”

While physicians and other providers now have a specific process to help them deal with identity theft, Agrawal recommends they still be proactive before a theft occurs, including regularly checking the billing addresses and services associated with identifiers and communicating with office and compliance staff on how to securely handle identifiers.

Such advice and support was not available to Peters when her identity was stolen, she says. After hiring lawyers to represent her, she eventually cleared her name but it was an ordeal emotionally and financially.

“All this time I was a victim, there was nobody I could talk to,” recalled Peters. “First of all, I couldn’t get anybody to believe that I was innocent. And second of all, I would have lunch with colleagues, and they looked at me and said, ‘Oh, you poor thing.’ After a while I realized they didn’t want to hear about it. There was no networking. There was no way I could access somebody that was in a similar situation just for suggestions or advice. I think that was the worse part. It’s like having some kind of orphan disease where you’re the only one you know of that has it and there’s nobody else you can ask about it.”