A pharmacist takes a 30-day prescription and inputs it as four weekly prescriptions - quadrupling the Medicaid dispensing fee; a fraud ring obtains a list of Medicare patients who recently underwent hospital outpatient procedures and starts submitting phony claims, threatening the lives of parties who expose the scheme; the local news reports that five teachers who find a pharmacy to dispense large prescriptions for narcotics covered under the school health plan subsequently sell the drugs. What do these three stories have in common? They are all real fraud incidents.
The health care industry estimates that somewhere between $70 billion and $230 billion of medical care spending is fraudulent. And while electronic medical records are being hailed as a way to save money, they are actually making it easier to commit fraud. Much as the digitization of health records has eased information exchange between legitimate parties, it also has given fraudsters an easier path to patient data. The rate of fraud based on exposure to health data was 7 percent in 2009, up from 3 percent in 2008.
It's increasingly important for insurers and government agencies to get savvy about using analytics to thwart fraud. Too often medical fraud is caught by happenstance, unless the fraudster gets very greedy. A daughter reviewing her aged father's Medicare statements might notice equipment he never received and report the situation. Or, the pharmacist - trying to ratchet up dispensing fees - does so with such reckless abandon that the reimbursing agency, or someone on the pharmacist's staff, can't help but notice.
By using text analytics and sophisticated data mining software (which includes predictive modeling, outlier detection and social network analysis), organizations don't need to rely on tips and extreme outliers. Instead, they can quickly home in on fraudsters and stop the fraud - often before the reimbursement check is cut.
We know that medical office administrators are sometimes coached to make sure office visits are coded properly for maximum reimbursement. And no one wants a doctor who spends 45 minutes with a patient to get reimbursed as a Level 1 visit. But electronic medical records make it easy to preset all visits at the highest reimbursement level, with the onus on the harried provider to select a lower, more appropriate level.
Pre-filled templates can lead to "checking all the boxes" on the exam sheet to "upcode" the visit further, generating the highest charge. And it is very easy for offices to cut and paste information from one record into another.
When coupled with demographic errors (putting in a higher age than the patient is), EMRs don't just make it easy to commit fraud; they can lead to medical errors that threaten the patient's lives and cost more precious medical dollars. It can also cost individual patients money if they later apply for life insurance and their medical records are littered with mistakes that make them seem older or sicker.
Advanced analytics are necessary to find and effectively root out fraud, waste and abuse. But the type of analytics that spits out a crude list of possible investigation targets isn't much use. Payers, both government and private, need:
* Text analytics. Very critical to finding problems in the "notes" section of EMRs. When every diabetic patient over the age of 65 has the exact same wording on their records from one practice, it's a tip-off that fraud or errors might be occurring.
* Intelligent outlier detection and predictive modeling. A high-volume, 24-hour pharmacy is likely to have more weekly prescriptions than a less busy pharmacy. Analytics that take into account volume and population demographics will do a better job of avoiding false positives.
* Social-network analysis. This helps claim payers, for example, find patterns of ownership in different billing entities. If one entity is under investigation, others with related ownership can face additional scrutiny. Social-network analysis also helps unearth the kind of multiparty fraud schemes that involve the theft of patient records, abuse of prescription coverage and collusion among doctors, patients and pharmacists.
EMRs have tremendous potential to lower health bills and improve care, but they also provide new options for fraudsters. Advanced analytics are the key to spotting billers who are submitting medical records that are fabricated or overstated to support erroneous or fraudulent claims billing.
Julie Malida is the principal for health care fraud in the fraud and financial crimes practice at SAS. This article originally appeared in Insurance Networking News, a SourceMedia publication.
Tips for detecting medical identity theft Medical ID theft stats
1. Closely read the explanation of benefits statements that your health plan sends you after treatment. Make sure the claims paid match the care you received. Look for the name of the provider, the date of service and the service provided. If there's a discrepancy, contact your health plan to report the problem.
2. Order a copy of your credit reports, and review them carefully. The law requires each of three major nationwide credit reporting companies - Equifax, Experian and TransUnion - to give consumers a free copy of their credit report each year if they request it. Visit www.AnnualCreditReport.com or call 1-877-322-8228 to order free credit reports each year, or complete the Annual Credit Report Request Form and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. Download the form at www.ftc.gov/freereports.Consumers should look for inquiries from companies they didn't contact, accounts they didn't open and debts on accounts that they can't explain. Check that Social Security number, address(es), name or initials and employers are listed correctly.
3. Ask for a copy of your medical records. Review medical and health insurance records regularly. Thieves may use your name to see a doctor, get prescription drugs with your health ID number, file claims with your insurance provider, or do other things that leave a trail in your medical records. Health care providers and health plans generally are required to provide files within 30 days following a request. Contact each provider - including doctors, clinics, hospitals, pharmacies, laboratories and health plans. In most instances, a provider who denies access to records must offer a reason in writing. If a request is denied, contact the person identified in the provider's Notice of Privacy Practices or the patient representative or ombudsman to appeal.
For more information about HIPAA rights, visit the Department of Health and Human Services, Office for Civil Rights website, www.hhs.gov/ocr.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access