What CMS can learn from the credit card biz

Karen Cheung

 Karen M. Cheung

My credit card company recently sent me a new card in the mail, notifying me that my number may have been compromised. The simple instructions said to destroy my old card and use the replacement with a new number--all before any suspicious charges had ever been made. It was an invisible process. Short of me having to call in to confirm my new number and sign the card (a process that took all of five minutes), I barely had to do anything for the added protection.

If only Medicare could make it that simple too. The Centers for Medicare & Medicaid Services could certainly learn some lessons from the country's biggest banks in protecting their assets from fraud, waste and abuse. The federal program leaks out $60 billion dollars each year.

Even though we tell Medicare beneficiaries to treat their benefits cards like credit cards and protect the sensitive information, Medicare doesn't exactly treat the federal program the same way.

Millions of people are walking around with their Medicare cards in their wallets and forking them over at their doctors' offices, sharing their Social Security number among multiple people with each encounter. But asking Medicare to send every beneficiary a new card without the sensitive information seems to be too much for the agency to handle. Even though the Department of Defense and the Veteran Affairs already have taken steps to remove the identifying information from benefits cards, CMS has been slow to act, noting that it would cost more than $800 million to change the cards over.

There are a number of barriers. If CMS were to issue new cards, either with an entirely new patient ID number or with a truncated version of the Social Security number, patients might not understand the change. CMS said it's not as simple as issuing a few new cards. It'll be more like 48 million, plus the added expense of educating beneficiaries and updating IT systems.

To its credit, the government has taken some serious steps in anti-fraud measures, with newfound authority under the Patient Protection and Affordable Care Act. The government has boasted how much it's doing to stop criminals in their tracks. In fact, CMS touted record-breaking recoveries. But that hasn't stopped GOP members from publicly lashing CMS for letting the other criminals escape the system or the Office of Inspector General and the Government Accountability Office from criticizing what they say is lax oversight.

CMS, nevertheless, has gotten wise to the efficiency of credit card companies (like mine) that manage to stop payments, in many cases, almost instantaneously at the time of charge--like when I tried to buy a new computer online and the credit card company rejected the expensive purchase right away because it was an unusual item for me.

CMS is borrowing that same credit card technology to detect scam artists, using the Fraud Prevention System--a data analytics system that CMS has kept tight-lipped on. Understandably, CMS isn't showing all its cards. It seems that CMS is dodging questions on performance metrics, how it's targeting claims for review and actual program results. After all, how effective is an anti-fraud program if criminals know the insides of that system?

But also understandably, GOP members aren't satisfied with vague answers that CMS is giving on what the Senate Finance Committee says are a handful of lackluster demonstrations.

CMS' brand new $3.6 million Program Integrity Commend Center in Baltimore is supposed to pull together experts from multiple disciplines--clinicians, data analysts, fraud investigators and policy experts--in hopes that the anti-fraud program will hurry up. But CMS needs to act fast and catch up to other industries like credit card companies. After all, criminals are counting on CMS taking its sweet time. - Karen (@FierceHealth)