When health insurance information is involved in a breach, patients need to be vigilant to protect themselves from medical identity theft. But even if you have not been notified of a breach, you should always be on the lookout for medical ID theft, as there are other breaches that generally don’t get a lot of media attention that pose a risk of harm to patients via contamination of the patient’s records.
Here’s a recent case out of Florida, as described the U.S. Attorney’s Office for the Southern District of Florida:
According to allegations in an indictment, Isaac Kojo Anakwah Thompson, M.D., 55, operated Isaac K. A. Thompson, M.D., P.A. in Delray Beach, and IM Medical P.A. in Boynton Beach, Florida. These clinics were Primary Care Physicians (PCP) in Humana’s HMO network. Therefore, a beneficiary enrolled in a Humana health maintenance organization (HMO) Medicare Advantage plan could choose Thompson’s clinics as the beneficiary’s PCP. Humana paid each clinic approximately 80% of the capitated fee associated with each beneficiary who had selected the clinic as his or her PCP.
Thompson defrauded Medicare by submitting fraudulent diagnoses to Humana for Medicare Advantage beneficiaries. Humana reported the diagnoses to Medicare, and Medicare in turn increased the capitation payments associated with many of the beneficiaries.
An indictment is only an accusation and a defendant is presumed innocent unless and until proven guilty, of course. Here’s another case of fraud reported this week by the U.S. Attorney’s Office for the District of New Jersey:
A licensed pediatrician practicing in Jersey City, New Jersey, today admitted fraudulently billing Medicaid for more than 1,000 wound repair procedures that were never performed.
Badawy M. Badawy, 52, of Bayonne, New Jersey, pleaded guilty to Count One of an indictment charging him with health care fraud.
According to documents filed in the case and statements made in court:
Badawy owned and operated Sinai Medical Center of Jersey City LLC, a medical practice focusing on pediatric and family medicine. From January 2004 through December 2008, Badawy submitted thousands of claims to Medicaid for wound repair procedures related to the repair of superficial wounds over 30 centimeters in length on a patient’s face, ears, eyelids, nose or lips as well as the repair of previously closed wounds. Badawy claimed to have performed these treatments on his patients, most of whom were children.
In both those cases, the physicians used their patients’ information to perpetrate fraud. In other Medicare/Medicaid fraud schemes, the fraudsters may use the identity and insurance information of individuals who were never even patients.
So what happens to patients who have had false diagnoses or false treatments inserted into their Medicare or Medicaid records? Can the false diagnoses or treatment codes come back to harm them in any way? According to the Centers for Medicare & Medicaid Services (CMS), who provided PHIprivacy.net with a statement:
All kinds of over-utilization, including fraud, can potentially inflict real harm to patients. When providers over diagnose or falsely diagnose conditions, the beneficiary may later have difficulty accessing needed and legitimate care.
There are at least two take-home messages here, I think:
1. You should always check your Explanation of Benefits statements and bills carefully so that if there’s erroneous or fraudulent information attached to your records, you can report it and get it corrected.
2. Researchers on data breaches need to pay much more attention to Medicaid and Medicare fraud investigations, as each investigation may involve the compromise or misuse of numerous individuals’ information. I have tried to post a number of these cases on this site, but there are many more that don’t get posted (and probably should, except that I am only one person and this site is a volunteer effort). Some fraud cases involve the voluntary cooperation of the patients, but many don’t, and those cases should be included in our compilations and analyses of breaches involving personal information.