National Provider Identifier criminals use fake addresses to steal physician IDs

FiercePracticeManagement has previously on the importance of doctors keeping their National Provider Identifiers (NPI) secure, but that's not the only way criminals can use a doctor's identity to commit Medicare fraud. As a recent article from the Atlanta Journal-Constitution points out, physicians also should beware imposters creating new NPIs, using their name.

A common way fake doctors defraud Medicare, according to the article, is to steal a doctor's medical license and use a UPS Store mailbox or other post office box-like address to set up a phony corporation and obtain an NPI.

"So have they been billing stuff?" Harry Dorsey, an Albany internist who'd been victimized, asked when the newspaper told him the provider number of the fictitious Dorsey Med Group was still active. "That's identity fraud, and that really ticks me off."

According to the AJC, CMS knows about this phenomenon, but it doesn't have the technology to identify fake practices with addresses that look like legitimate street locations. Although P.O. boxes are easier to distinguish, CMS still allows, and has in its system, nearly 300 providers nationwide using post office boxes as their location. The agency has no timeline for making changes, the AJC reported, adding that CMS officials insist that Medicare enrollment using a UPS box involves a more stringent review.

Using an inexpensive software program and a list of UPS Store addresses found on the Internet, the AJC uncovered 131 CMS-registered medical providers across metro Atlanta claiming a UPS Store as their practice location. While some were already under investigation or had resulted in prosecutions, "Several physicians said they were stunned when the AJC told them a provider number was created using their name," according to the newspaper.

Under the current system, it is tougher and more time consuming for a doctor to cancel a fraudulent NPI than for a criminal to obtain one. CMS officials told the AJC that they will try to close the loopholes in the system once they have a comprehensive, automated screening process in place.

CMS last year launched the Provider Victim Validation/Remediation Initiative to offer legitimate providers assistance in exonerating themselves. CMS, Program Safeguard Contractors and Zone Program Integrity Contractors established points of contact across the country if providers suffered from identity theft and financial liability. Providers who believe they are victims of Medicare identity theft but not financial liability can reach out to Medicare Administrative Contractors or the Office of Inspector General, CMS explained.

To learn more:
- read the article from the Atlanta Journal-Constitution

Suggested Articles

Payers have made strides digitizing and automating many core processes, yet prior authorization remains a largely manual, cumbersome process.

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.

Virtual care, remote monitoring, telehealth and other technologies have long been on the “nice to have” list for healthcare. But that's changing.