GoogleGoogle.net

Mafia groups are stealing thousands of identities — not for their cash or credit cards — but for their insurance benefits information.

“They place an operative in an organization who steals hundreds of thousands of people’s information at one clip,” said Gary Auer, a fraud investigator for Blue Cross and Blue Shield who covers California, Nevada and Colorado. “Then they set up dummy corporations for three to six months.”

The corporations bill insurance companies for big-ticket medical equipment items — things like wheelchairs, he said. Since those items have to be paid within 30 days, insurers don’t have time to check the authenticity of every claim.

“It’s only when we send out the explanation of benefits — which not everyone reads — then people alert us and we know about the theft,” he said. “But we don’t always catch every single one of them.”

No one is keeping tabs on how much these large-scale scams are costing the health care industry and contributing to higher costs.

“It’s a growing crime,” said Auer, who formerly investigated identity theft cases for the Federal Bureau of Investigation. “It started in California, but it’s really spread all around the country.”

But many health care organizations are fighting back. For example, at Memorial Health System the amount of information available to a single individual is controlled — and very few people have access to an entire patient record.

“The floor nurses only have access to patients they are seeing, something like 10 to 15 at the most,” said Cindi DeBoer, association administrator of the revenue cycle for the hospital system. “And federal laws, such as HIPPA (Health Insurance Portability Protection Act), keep people from seeing records unless they need to.”

Bob Barrett, director of information technology at Memorial, said the hospital keeps billing information in one system and health records in another. Not even the people at central registration see all a patient’s information at once.

“If anyone tried to download a large number of people’s information, it would be noticeable,” Barrett said. “And we have safeguards in place to keep that from happening. Security of information is a very big — huge — deal.”

Most people steal information from large databases, like the ones at hospitals, for financial gain, he said.

“It’s not for a morphine fix,” Barrett said. “If they steal enough people’s information, they stand to gain financially. And it can harm patients.”

Auer said that many insurance agencies are taking steps to advert medical fraud before it happens. Blue Cross vets new medical equipment companies, using the Internet to verify that they are a company with an established sales record.
Individual theft
But unlike mere financial identity theft crimes, medical theft can kill.

As electronic medical records become more popular, a stolen health insurance card can lead to incorrect information placed on someone else’s record. That information can lead to serious injury or death, according to a report by the World Privacy Forum.

“Victims of medical identity theft may receive the wrong medical treatment, find their health insurance exhausted and could become uninsurable for both life and health insurance coverage,” the report said. “They may fail physical exams for employment due to the presence of diseases in their health record that do not belong to them.”

The forum estimates that there are half a million victims of medical identity theft, and says that plans to create a national health information network could encourage medical identity theft because all information is integrated into a single file.

But the extent — and the cost — of medical identity theft are unknown.

Auer said no one is tracking the costs to health insurance companies, and no one is keeping tabs on how many people have been harmed by incorrect information in their files.

“As the health care system transitions from paper-based to electronic, this crime may become easier to commit,” the forum report said. “Victims may find it more difficult to recover from medical identity theft as medical errors are disseminated and re-disseminated through computer networks.”
More safeguards needed
As a former prosecutor in Denver, Holland and Hart’s Bill Taylor has litigated his share of identity theft cases.

“The short answer is that health care needs to have more safeguards because of the threat, not only to financial security, but to actual life,” he said. “The current safeguards aren’t necessarily more effective for savvy perpetrators.”

Taylor said medical identity theft is a subset of identity theft, which is one of the fastest growing crimes in the United States.

“Health crime is just a different kind of a focus,” he said. “And it could grow — particularly the individual theft — because health care costs continue to rise so high.”

Hospitals and doctors are facing a problem that’s been around for a while in other service industries, he said. They need to take steps — just as their counterparts in retail have — to make sure who the customer is, and who they are claiming to be.

But hospitals will probably delay implementing some safeguards — just as other business have. Some businesses would rather take a tax write off for goods and services provided fraudulently than to institute measures that could affect customer services.

DeBoer agrees. She said hospitals are at risk because they must first treat cases — then find out who the person is.

“It’s the way we operate,” DeBoer said. “And it’s the way we have to continue to operate. We can install measures to keep vast numbers of medical data from being stolen, but we have to treat individuals when they come into the hospital.”