Fraud Made Easier with Stolen Doctor IDs

If fraud wasn’t prevalent enough these days already, stealing the identities of doctors and then using those identities to commit fraud is apparently becoming easier.

According to MedPage Today and an article from two doctors from the Centers for Medicare and Medicaid Services (CMS), the widespread use and distribution of physician identifier numbers is making it easy for fraudsters to steal their identities and bill insurers for services using the doctor’s name.

Shantanu Agrawal, MD, and Peter Budetti, MD, JD, explained that theft of a physician’s identity involves stealing the doctor’s National Provider Identifier (NPI), Tax Identification Number (TIN) and medical licensure information, and submitting false claims to either a public payer or a private insurer.

In 2009, over 3,600 cases of physician and patient medical identity theft were reported to the Federal Trade Commission, and from 2007 to 2009 that number was over 12,000. It’s also likely that a large amount of those cases go unreported, Budetti and Agrawal reported in the February 1 issue of the Journal of the American Medical Association.

They state that there are two main approaches when using a doctor’s ID to commit fraud. The first is when the ID is used to make it seem that a physician referred patients for services –such as lab analyses, diagnostic testing, or prescribed durable medical equipment. The second way happens when the fraudster uses the physician’s ID to bill directly for services in the physician’s name, as if the services were actually performed by that particular doctor.

Agrawal and Budetti also noted that no medical specialty stands out as being the most weighed down by identity theft, and none are immune.

One contributing factor to this kind of fraud is the physicians that allow their information to be used for financial gain, but they only make up a small portion.

Agrawal and Budetti state that what contributes most to fraud is the widespread availability of the NPI –a number that is publicly available because many healthcare entities rely on it to confirm the identity of a doctor.

They wrote, “Given the widespread reliance on the NPI, absolutely securing it would be difficult even if removed from the public domain.”

There are times when physicians have to disclose their NPI and other identifiers to a number of organizations –including practices and hospitals, such as when they are applying for jobs. In one case that was discussed in the article, a retired doctor was seeking part-time work, and two years after the fact he learned that a practice he applied with had stolen his identity. He only became aware of the issue when Medicare asked him to return over $350,000 in overpayments to the practice, which he had only ever interviewed with.

Agrawal and Budetti suggest several ways that a physician can reduce their chances of being victims of identity theft. Those include:

Updating payers when opening, closing, or moving practice locations, or separating from organizations

Monitoring billing and being aware of billings in their names by actively reviewing medical documentation and remittance notices

Avoiding giving medical identifiers to potential employers or other organizations before conducting appropriate due diligence, and training staff on appropriate use and distribution of identifiers

Encouraging patients to review their “explanation of benefits” notices from payers to spot patient and physician identity theft, and directing patients to anti-fraud resources when appropriate

Reporting suspected identity theft to CMS and the Federal Trade Commission, filing a police report when appropriate, and considering placing a fraud alert on credit reports

CMS has a new program, which has a little over 5,000 ID numbers in it, that can track which numbers are flagged for fraud investigations, reports of security breaches, and doctor or patient complaints. CMS investigators can also identify “hot spots,” which currently include cities such as Los Angeles, Miami, and New York.

Also under the program, CMS has a process to relieve doctors who are victimized of financial obligations of paying back the services.

The doctors concluded that work is still needed however. They wrote, “As risk factors and fraud schemes continue to expand and evolve, improved vigilance by individuals and health care organizations is required to secure patient and physician medical identities.”

If you are a doctors and you need to report suspected identify theft, call either 1-800-MEDICARE or 1-800-HHS-TIPS.