Identity Theft

IG recommends ways to prevent Medicare fraud

Image of Medicare cardThe Centers for Medicare & Medicaid Services (CMS) can reduce the risk of security breaches, and therefore reduce the risk of medical identity theft, by taking five corrective actions, according to an inspector general’s report released earlier this month.

Daniel R. Levinson, IG for the Department of Health and Human Services, issued the report, which had two objectives:  to determine how closely the CMS’s notification to beneficiaries of security breaches matched up with legal standards established by the 2009 Recovery Act, and to assess CMS’s response to medical identity theft involving Medicare identification numbers.

Between September 23, 2009 and December 31, 2011, there were 14 breaches of protected health information requiring notification under the Recovery Act. These breaches affected 13,775 beneficiaries, who were notified, but not to the extent the law requires. While CMS created a compromised-number database for contractors, the report found that the usefulness of the database could be improved.

The IG also found that contractors are inconsistent in developing edits to the database to prevent payments to people using numbers that have been compromised. CMS offers more remedies to providers than to beneficiaries who are affected by medical identity theft,  the IG found.
Among the report’s recommendations for CMS:

  • Ensure that security breach notifications meet the Recovery Act standards;
  • Improve the compromised number database;
  • Provide guidance to contractors using and making edits on the database;
  • Ensure victims of medical identity theft receive any services needed, and;
  • Develop a way to make sure beneficiaries affected by identity theft receive new identification numbers.

If CMS doesn’t follow the recommendations, the IG concludes,  “opportunities increase for medical identity theft and fraudulent billing of the Medicare program,” which will ultimately put providers, beneficiaries and the Medicare Trust Funds at risk.

Federal data breaches and how agencies disclose them has been a recurring topic in recent months. In September, the FBI had to publicly deny reports (ultimately proved false) that it had been breached by the hacker group Anonymous, resulting in the release of a million Apple user IDs.  And in August, the Environmental Protection Agency admitted its servers had been hacked in a breach that affected some 8,000 users – some five months after the incident had occurred. 

 

About the Author

Emily Cole is an editorial intern for FCW.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Tue, Oct 16, 2012 Kevin United States

From my understanding, victims of breaches and/or identity fraud will NOT receive a new Social Security number. Either way, the SSN should never have been used for identification in the first place because once that number is compromised, identity fraud is easy to commit. The Standard Patient Number (SPN) from TASCET is a much more effective approach to preventing identity fraud and the financial crimes that often result.

Tue, Oct 16, 2012 Bill

The government needs to learn to write better contracts. The statement in the article, "The IG also found that contractors are inconsistent in developing edits to the database..." is a dead give away that the government could do a better job. Agencies historically do not do a good job writing contracts. They leave too much to the contractor in the interest of saving money, then are amazed when they get what they pay for.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group