How technology and government enforcement of existing security laws/regulations are nabbing healthcare fraudsters
Healthcare fraud in United States costs tax payers nearly $100 billion per year, according to the U.S Department of Justice, and compromises the authentic healthcare needs of millions of citizens. As criminals have developed new methods of falsely profiting from programs such as Medicare and Medicaid, the government has harnessed the power of technology, a nation wide strike force, and existing security laws and regulations to capture criminals abusing our healthcare system.
ePHI as the fuel for fraud
Most people recognize ‘Identity Theft’ as associated with financial information, but what they don’t know is that their electronic protected health information (ePHI) is most valuable to fraudsters. According to the Ponemon Institute, the average cost of a stolen record among 17 industries is $140 dollars. Healthcare incurred the highest cost per stolen record at $380 dollars with financial services trailing at $336 dollars. Why does ePHI fuel fraud so well? ePHI can be used for false billing involving Medicare or Medicaid, generating millions and even billions in false claims. With healthcare being a heavily regulated industry, it often takes months to identify when a breach of information has occurred giving fraudsters time to organize and monetize on the stolen information.
Harnessing the Power of the HIPAA Laws
The Department of Health and Human Services (HHS) under the Office for Civil Rights is helping combat healthcare fraud by heavily enforcing the existing HIPAA Laws. Healthcare organizations who leave ePHI vulnerable to theft and fraud are entering into large settlements, costing them million-of-dollars. They have had no choice but to take security and privacy seriously to keep ePHI out of the hands of fraudsters. Organizations are now implementing user activity monitoring to secure and monitor their electronic health records and applications containing ePHI. Detecting violations allows organizations to contain security incidents and prevent a full-blown breach. Furthermore, user and people training and governance is increasingly being implemented to create a culture of security and to hold employees accountable for violating HIPAA laws.
Technological Advances and The Medical Fraud Strike Force
It often takes a vast network of fraudsters to concoct a successful healthcare fraud scheme. And in the past, the federal government would tackle these fraud rings one perpetrator at a time, causing others to flee and destroy evidence. To effectively capture the entire fraud network, the federal government has created organizations such as the Medicare Fraud Strike Force. The Medicare Strike Force collaborates with the Office of Inspector General, the Department of Justice, the FBI, and others to coordinate widescale arrests. Using investigative intelligence and analyzing data, the strike force can harness the power of technology and agile collaboration to quickly identify fraud and bring prosecutions. Most recently in 2017, the Medicare Strike Force arrested 412 people about $1.3 billion dollars in fraud against public health programs. Among the 412 people were 115 medical professionals including nurses, doctors and pharmacists.
Healthcare fraud may directly and indirectly effect the entirety of the United States population and their ability to receive proper care at reasonable cost. Through existing laws and technologies, government can help take back control of our health system, but they can’t do it alone. Healthcare organizations need to implement their own technologies, training, and sanctioning, to secure the ePHI of their patients and safety centered care