Enough talk: Govt should act to curb identity theft risk

"There is one solution to fighting Medicare fraud that most lawmakers can agree on," the National Journal reported last week. "Remove seniors' Social Security numbers from their Medicare cards to stop identity theft."

I'm not too impressed by this bipartisanship since the problem that provoked it is so old. In August 2012, the Government Accountability Office released a report (.pdf) saying nearly six years had passed since the Centers for Medicare & Medicaid Services briefed Congress on options for removing SSNs from Medicare cards, and five years had passed since the Office of Management and Budget directed federal agencies to reduce needless use of SSNs.

Congress has likewise failed to act: U.S. Rep. Sam Johnson (R-Texas) introduced legislation in 2011 to prohibit the use of Social Security numbers on Medicare ID cards, but the bill died in the Senate.

So nearly 50 million Medicare beneficiaries risk having their identity filched while the government keeps talking a good game on this issue but ignoring deliverables. And the number of people affected may rise with 10,000 baby boomers aging in to Medicare daily.

Moreover, the problem has compounded. Besides the ID cards, Social Security numbers also appear on quarterly summaries mailed to beneficiaries, raising the chances of identity theft and fraudulent billing.

Congress heard about two solutions at a hearing last week: A requirement that CMS remove numbers from membership cards (replacing them with a new identifier) or implementation of a smart card alternative that contains data securely, the National Journal noted. The GAO is analyzing costs of the smart card solution, with a report due at year end.   

Meanwhile, lawmakers and federal agencies disagree on how to fund the fix, which carries an estimated pricetag of nearly $317 million. So the fraud risk goes unmitigated as Medicare and its beneficiaries continue facing what Reuters called "a peculiar anachronism in this era of digital insecurity."

That anachronism led to healthcare data breaches in 2010 and 2011, when a printing error sent more than 13,000 Medicare summary notices listing Social Security numbers and healthcare services to the wrong addresses, Reuters noted.

Experts say it's nearly impossible to correct a medical record once medical identity theft happens, FierceHealthIT reported. And healthcare-related identity theft is growing, comprising 43 percent of all identity thefts reported nationwide last year.

Certainly removing SSNs from Medicare materials presents huge challenges for IT systems, budgets and member and provider education; but just because a problem is complex doesn't absolve us of responsibility to roll up our sleeves and tackle it. As psychiatrist and author M. Scott Peck wrote, "We cannot solve life's problems except by solving them."

Cases in point: The Departments of Defense and Veterans Affairs managed to remove SSNs from their materials.   

"While [CMS] agrees that removing the Social Security numbers from the Medicare card is an appropriate step to reducing the risk of identity theft," an agency official told National Journal in an email, "CMS cannot make a decision to proceed unilaterally. CMS, the Social Security Administration and the Railroad Retirement Board must all agree to proceed with the initiative, and to consider all existing workloads and priorities in light of the funding that is available for such a major project."     

That's an excuse for jogging in place. It's also ironic: Can you imagine how CMS would sanction a contractor or joint enterprise that failed for years to solve a known problem with the potential to harm so many?        

The government has strayed far off the path of public service here. There's been enough talking and report writing. Costs, interagency disagreements and the complexity of the problem are all red herrings. Job No. 1 should be protecting beneficiaries, for whom Medicare exists. - Jane (@HealthPayer)

Suggested Articles

The HHS OIG is asking for an additional $23.7 million to support fraud oversight that has benefited from an emphasis on data analytics.

A New York surgeon was sentenced to 13 years in prison for fraud and more physician practice news from around the web.

A federal judge has ruled that the U.S. government’s remaining fraud case against UnitedHealth can move forward.