By the AllClear ID Team
Matt here, AllClear ID Investigator. On October 13, 2010, the FBI unsealed indictments against 44 alleged members and associates of an international crime enterprise for what the FBI described as the “largest single Medicare fraud ever charged.” Reportedly, the organization’s activities spanned 25 states, operated in 118 phantom clinics, and billed over $100 million in fraudulent claims.
The members of the alleged crime ring were charged with using physicians’ unique identifiers to bill Medicare for services that were never performed, in clinics that did not exist. According to the indictment on racketeering charges, “the conspirators would steal the identity of a doctor—in particular, a doctor’s date of birth, Social Security number, medical license number, and other identifying information.”
Physician identity theft is not only devastating for the victim, but can also result in significant financial losses for federal health programs. The scam–believe it or not–is relatively simple. The perpetrator merely uses a physician’s identity to open a phony clinic and begin billing insurance entities–like Medicare or Medicaid–for services that are not actually provided. For example: in one recent case in New Jersey, the “doctor” in question was actually found and charged with health care fraud and aggravated identity theft, and now must pay $40,000 in restitution to Medicare. The perpetrator, having no medical license of any sort, used the identity of a retired doctor and made house calls to elderly patients. He then began billing Medicare under the physician’s NPI, or National Provider Identifier.
The National Provider Identifier was implemented in 1996 with the adoption of the Health Insurance Portability and Accountability Act (“HIPPA”). The NPI is the standard unique identifier for healthcare providers. How easy is it to obtain this type of information? Today, physicians’ personal identifiers are openly available to the public at the Centers for Medicare & Medicaid Services’ (“CMS”) NPI registry website, also called the National Plan and Provider Enumeration System. A simple search of a physician by first and last name on the registry yields his or her NPI number, license number, licensing state, taxonomy, business mailing address, full legal name, and gender.
CMS is currently working on a few different proposed screening rules and risk assignments to combat the problem, while physician advocates continue to urge CMS to remove the public display of the NPI registry. Until physicians’ personal identifiers are kept confidential criminals will continue to devise ways to use them to steal scarce healthcare dollars. Also troubling, until this information is secured, physicians who fall victim to identity theft will continue to find themselves in the nightmarish scenario of trying reclaim their identities. The Federal Government has taken positive steps to aid physician identity theft victims, and could build on that effort in the future by removing physicians’ personal identifiers—including the NPI registry—from unrestrained public access. To arm against identity theft, physicians should make every effort to secure their personal and professional information, and should promptly report any suspicious activity involving their identity.
For more identity theft tips, check out our AllClear ID blog.
Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.