Reducing exposure to medical identity theft has become a priority for insurers as rising numbers of customers fall victim to this crime.
For advice on curbing identity theft and the healthcare fraud that often follows on its heels, FierceHealthPayer brought in two experts to speak on an identity theft webinar earlier this year: Marita Janiga, J.D., executive director of the National Special Investigations Unit and Hotline at Kaiser Permanente, and Rebecca Busch, R.N., president and CEO of Medical Business Associates, Inc.
Below you'll find some highlights from the question and answer portion of the event, which was presented in partnership with the National Health Care Anti-Fraud Association.
FierceHealthPayer: AntiFraud: What identity theft red flags should payers share with providers? How can payers educate providers on this topic?
Rebecca Busch (right): One sign of possible identity theft for providers is when they suddenly start receiving overpayment notices that make no sense. These may be due to the actions of outsourced billing vendors. In some cases, the person who stole the identities and submitted false claims was the billing vendor, but it was the provider who was pursued for the crime.
Marita Janiga: Tell providers not to be afraid to ask tough questions. Be probative. If something doesn't look or seem right, providers should actively question the patient who's giving them information or an explanation that doesn't make sense at the point of service.
FHP:AF: How do payers detect medical identity theft after a claim is paid?
Janiga (left): We have a number of algorithms that we run in the background to detect things like height and weight changes or demographic data changes about customers that don't make sense. Say a baby is born but there was no prenatal care for the mother. That's a red flag for us, that all of a sudden we're providing post-natal care without seeing a baby delivery for the mother.
Busch: There's an initiative underway to develop patient engagement activity protocols where patients validate current and prior healthcare services. Anything that involves patients checking services rendered in their name is an awesome way to mitigate someone's identity being stolen.
FHP:AF: As we see stores like Target get hacked and customers' information in jeopardy, is there any way for customers to protect themselves from identity theft other than staying off the grid?
Busch: Customers should cultivate a sense of self-awareness when it comes to their identities. If someone asks to see their driver's license, for example, customers should ask why. If someone wants to scan their license, customers should question why scanning is necessary.
Similarly, customers shouldn't be afraid to ask questions about why people want to see their insurance cards, and with whom their insurance information will be shared. Another idea I strongly suggest is that customers create a portfolio for their health information, similar to the management portfolios people have for their personal assets. Customers should also bring their bills with them when they visit healthcare providers to validate the billings.
Janiga: I couldn't agree more with what Rebecca said on that. Few people can live completely off the grid. It's important to tell customers to be extra vigilant and read their explanations of benefits forms carefully. Tell customers to keep their eyes open and be ready to take action if they spot possible problems.
FHP: AF: What steps should payers take if they're informed that someone who was not an enrolled member tried to use a member's health plan identification number at a facility?
Janiga: If someone presents for care at a hospital emergency department and we are notified that it wasn't the member, for example, there would be a notification process through member services to let the actual member know to be on alert. Our actions would unfold differently depending on whether the identity thief received healthcare services or not.
Busch: Organizations should have compliance practice standards in place regarding identity theft. Make sure you have someone on your team who is familiar with HIPAA requirements on how to handle breaches or accidental release of protected health information.
In terms of working with members, there are patient advocacy groups developing standards. One hospital system I've seen had a procedure where they would print all the records and invite the patient in to review the records with them. I see the market moving in this direction because of the complexity of the content.
Janiga: And there are companies out there that are developing healthcare technologies that are very similar to the types of monitoring that people are using for financial identity theft.
FHP:AF: What are your thoughts about removing identifiers such as Social Security numbers from medical records?
Janiga: I think that would be fine to do. I don't think it's going to get rid of medical identity fraud or any other type of fraud, but I think it's probably best not to just have it out there. Yes, it'd be nice if they de-linked these numbers from medical ID cards.
Busch: The other concept that applies here that you have to change your practices. I've noticed that when talking on the phone, different entities would validate my identity by asking for the last four digits of my social security number, and now some of them will ask for the last five digits or the first three. The key thing is to be vigilant about your practice standards and not keep them the same.
Editor's note: Excerpts from this webinar have been edited and condensed for length and clarity.
<< Click here to access FierceHealthPayer's webinar, "The Growing Challenge of Medical Identity Theft" on demand. >>
Controlling medical identity theft and fraud
Enough talk: Govt should act to curb identity theft risk
Partners in crime: Medical identity theft and fraudulent billing
To thwart ID theft, keep an eye on employees
Study: Fraud incentives and countermeasures