Extensive use of Physician ID Numbers Facilitates Fraud

Widespread use and distribution of physician identifier numbers (IDs) makes it easy to steal the identity of doctors and bill insurers for claiming for fraudulent services in the doctor's name, according to a new report.

Researchers at the Centers for Medicare and Medicaid Services (CMS; Baltimore, MD, USA) claim that more than 3,600 cases of physician and patient medical identity theft were reported to the US Federal Trade Commission (FTC; Washington DC, USA) in 2009, and more than 12,000 cases were reported from 2007 to 2009. Theft of a physician's identity involves stealing the doctor's National Provider Identifier (NPI), Tax Identification Number (TIN), and medical licensure information, and submitting false claims to either a public payer or a private insurer.

There are two main approaches to using a doctor's ID to commit fraud: in the first, the ID is used to make it appear that the physician referred patients for services such as lab analyses, diagnostic testing, or prescribed durable medical equipment (an area of medicine that been subject to widespread fraud). In the other approach, the fraudster sets up a false front store and uses the physician's ID to bill directly for services in the physician's name, as if the services actually were rendered by that particular doctor. In 2010 in Los Angeles (CA, USA) 49 false storefronts were identified that billed USD 52 million through compromised identifiers.

Divulging identifiers to staff members puts a physician at high risk of identity theft, so controlling that information is one way to lessen the chance of identity theft. Other ways include monitoring billing and compliance processes, and actively managing enrollment information with payers, especially if working with multiple organizations. Physicians who permit misuse of their identities can find themselves a number of penalties, such as facing criminal prosecution, monetary penalties, or incarceration. Even physicians who find themselves victims can initially find themselves with financial liabilities until the records can be cleared. The report was published in the February 1, 2012, issue of the Journal of the American Medical Association (JAMA).

“Physicians can face liabilities such as financial or tax obligations for earnings they never received or by being the physician of record for services they did not order or render,” concluded study authors Shantanu Agrawal, MD, and Peter Budetti, MD, JD. “More work is needed in this area, starting with improved education and awareness. As risk factors and fraud schemes continue to expand and evolve, improved vigilance by individuals and health care organizations is required to secure patient and physician medical identities.”

There are a number of ways that a physician can reduce their chances of being victims of identity theft, including updating payers when opening, closing, or moving practice locations, or separating from organizations; monitoring billing; avoiding giving medical identifiers to potential employers or other organizations before conducting appropriate due diligence; training staff on appropriate use and distribution of identifiers; and reporting suspected identity theft to the CMS, the FTC, and local police.

Related Links:
Centers for Medicare and Medicaid Services
US Federal Trade Commission