Identity Theft

IG recommends ways to prevent Medicare fraud

Image of Medicare cardThe Centers for Medicare & Medicaid Services (CMS) can reduce the risk of security breaches, and therefore reduce the risk of medical identity theft, by taking five corrective actions, according to an inspector general’s report released earlier this month.

Daniel R. Levinson, IG for the Department of Health and Human Services, issued the report, which had two objectives:  to determine how closely the CMS’s notification to beneficiaries of security breaches matched up with legal standards established by the 2009 Recovery Act, and to assess CMS’s response to medical identity theft involving Medicare identification numbers.

Between September 23, 2009 and December 31, 2011, there were 14 breaches of protected health information requiring notification under the Recovery Act. These breaches affected 13,775 beneficiaries, who were notified, but not to the extent the law requires. While CMS created a compromised-number database for contractors, the report found that the usefulness of the database could be improved.

The IG also found that contractors are inconsistent in developing edits to the database to prevent payments to people using numbers that have been compromised. CMS offers more remedies to providers than to beneficiaries who are affected by medical identity theft,  the IG found.
Among the report’s recommendations for CMS:

  • Ensure that security breach notifications meet the Recovery Act standards;
  • Improve the compromised number database;
  • Provide guidance to contractors using and making edits on the database;
  • Ensure victims of medical identity theft receive any services needed, and;
  • Develop a way to make sure beneficiaries affected by identity theft receive new identification numbers.

If CMS doesn’t follow the recommendations, the IG concludes,  “opportunities increase for medical identity theft and fraudulent billing of the Medicare program,” which will ultimately put providers, beneficiaries and the Medicare Trust Funds at risk.

Federal data breaches and how agencies disclose them has been a recurring topic in recent months. In September, the FBI had to publicly deny reports (ultimately proved false) that it had been breached by the hacker group Anonymous, resulting in the release of a million Apple user IDs.  And in August, the Environmental Protection Agency admitted its servers had been hacked in a breach that affected some 8,000 users – some five months after the incident had occurred. 

 

About the Author

Emily Cole is an editorial intern for FCW.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.