TRIP

Wide Use of Doc ID Numbers Makes Fraud Easy

MedPageToday, 2012

In the other approach, the fraudster uses the physician's ID to bill directly for services in the physician's name, as if the services actually were rendered by that particular doctor.
No medical speciality particularly stands out as being fraught with identity theft, and none are immune from fraud, Agrawal and Budetti wrote.
Complicit physicians are one contributor to fraud, but doctors who allow their information to be used for financial gain account for only a small portion of fraud cases, they said.
What contributes most to fraud, they said, is the widespread availability of the NPI -- a number that is publicly available because many healthcare entities, including insurers, labs, and suppliers, rely on the NPI to confirm the identity of a doctor.
"Given the widespread reliance on the NPI, absolutely securing it would be difficult even if removed from the public domain," the authors wrote.
Physicians often have to disclose their NPI and other identifiers to a number of organizations, including practices and hospitals when applying for jobs.
In one case outlined in the article, a retired doctor was seeking part-time work, and two years later he learned that a practice at which he had applied had stolen his identity.
He became aware of the breach when Medicare asked him to return more than $350,000 in overpayments to the practice, at which he had interviewed but never joined.
Agrawal and Budetti recommended a number of ways that a physician can reduce their chances of being victims of identity theft, including: Updating payers when opening, closing, or moving practice locations, or separating from organizations Monitoring billing and being aware of billings in their names by actively reviewing medical documentation and remittance notices Avoiding giving medical identifiers to potential employers or other organizations before conducting appropriate due diligence, and training staff on appropriate use and distribution of identifiers Encouraging patients to review their "explanation of benefits" notices from payers to spot patient and physician identity theft, and directing patients to anti-fraud resources when appropriate Reporting suspected identity theft to CMS and the Federal Trade Commission, filing a police report when appropriate, and considering placing a fraud alert on credit reports
CMS has a new program that tracks Medicare physician and beneficiary ID numbers that are flagged for fraud investigations, reports of security breaches, and doctor or patient complaints, Agrawal and Budetti wrote.
There are a little more than 5,000 ID numbers in the database currently, so CMS investigators can identify "hot spots," which currently include Los Angeles, Miami, and New York.