Practice Management Alert

Beneficiaries, practice employees are potential targets.

A Medicare beneficiary can quickly become the victim of identity theft. For example, if she forgets her Medicare card at the drug store for an hour, that could be all it takes to have her identity stolen, leading to scores of problems.

Did you know: These same thieves are also itching to get their hands on your billing numbers as well?

That’s the word from CMS’s training course, “Safeguarding Your Medical Identity,” which the agency recently updated with new information on how to prevent becoming victims of this growing trend. Read on to get the scoop on staying a step ahead of identity thieves. 

Know What’s At Risk

“Medical identity theft is the inappropriate or misuse of a patient’s or physician’s unique medical identifying information to obtain or bill public or private payers for fraudulent medical goods or services,” said Shantanu Agrawal, MD, a medical director with CMS, during the presentation.

In 2009 alone, over 3,600 physician and patient cases of medical identity theft were reported. Unfortunately, that number is continually creeping higher, he added. Currently, the government is tracking about 5,000 compromised provider identifiers (such as NPIs) and about 280,000 compromised beneficiary identifiers (such as patient ID numbers).

To make sure you aren’t next in line for medical thieves, follow these eight steps that will help keep your information safeguarded.

1. IRS Notices Reveal More Than You Think. If your identity is stolen, that income is reported to the IRS — and the feds will eventually wonder why you aren’t paying taxes on it. Therefore, pay attention to any notifications that the IRS sends — they could alert you to fraudulent activity that’s taking place with your Medicare number. One physician had to pay an attorney $600 per hour over a four to five month period to clear her name after her Medicare billing numbers were stolen — by the time the operation was shut down, the company that stole her identity was found to have tried to launder up to $4.7 million under 19 doctors’ names. This can happen to doctors, nurses, nurse practitioners (NPs), physician assistants (PAs), and other medical professionals, Agrawal said.

2. Keep Track of Prescription Pads. “Anyone can walk away with them if they are left in the open,” Agrawal noted. You should also use tamper-resistant prescription pads, which Medicaid has required since 2008. These must include a watermark or thermal ink, which show attempts to alter prescriptions. Even so, however, these methods are not foolproof, he adds, so always take every precaution by locking up prescription pads when not in use.

3. Activate Computer Log-ons. “Disabling log-ons is a dangerous practice, and sometimes people do it

to make life a little easier and access quicker for employees,” Agrawal said. However, these steps are essential to keeping the information on the computer safe. Each staff member should have a unique log-on code, and if an employee leaves the practice, remove his log-on access immediately so he can’t get into the system.

4. Actively Manage Enrollment Information With Your Payers: “Physicians can actively manage enrollment information with payers by updating them about material enrollment changes, especially when opening, closing, or moving practice locations, or when separating from an organization,” Agrawal said. This way, if a payer receives claims or reimbursement requests to an old or non-existent office location, they can contact you and ask about it.

5. Monitor Billing And Compliance Processes: “By strengthening compliance activities, physicians can minimize risk and improve their overall program integrity,” Agrawal said. “Physicians must be aware of billings in their names, paying close attention to the organizations and mid-level providers to whom they have assigned privileges.” In addition, compare remittance notices with medical record documentation and ensure that mid-level practitioners’ documentation supports billed services. Read all items before signing them, keep copies, and document conversations about billing issues. “Remember, whether staff or a third-party biller provides the organization’s claims processing services, the physician of record is responsible for the claims submitted,” he said. “Once a physician has signed off and claims are submitted, the physician is certifying to the truth and accuracy of them.”

6. Pay Attention to Patient Complaints. Listen when a patient tells you he started receiving medical items that he never ordered, says Julie Taitsman, MD, chief medical officer at the OIG, during the course. It’s possible that someone is ordering the items in the patient’s name or maybe even with your provider number to collect reimbursement they don’t deserve.

7. Avoid Sharing When Possible. Even doctors doing things correctly are still at risk for medical identity theft, Taitsman said. One big risk factor is when doctors have given their identifying numbers to high numbers of other entities, such as giving your TINs and NPIs to various clinics, hospitals, doctors, and mid-level providers.

8. Report Potential Issues to the Police. One doctor reported that her medical identity was stolen and was later used to submit fraudulent claims to government payers. She initially waited for the Medicare system to correct it, but later found out that any type of theft — including medical — should actually be reported to the police department.