Tue, Oct 8, 2013

The Rising Risk of Healthcare Fraud in South Florida

Miami has long been a hotbed of health care fraud due to its aging and affluent population. The problem, which experts estimate to cost the United States $100 billion – $300 billion a year1, is a complex one as fraudsters have numerous variables at their disposal from which to conceive wrongdoing. A full range of medical conditions and treatments can be used to file for false claims, and the entire population of medical patients is vulnerable to exploitation. The severity and scope of health care fraud in South Florida is likely to increase in the near future, as the Centers for Medicare & Medicaid Services expect that expenditures for both programs will double.

In 2007, the Departments of Justice and Health & Human Services created the Medicare Fraud Strike Force to combat health care fraud in South Florida. Since its creation, strike force operations have resulted in more than 1,250 defendants being charged; the defendants collectively presented more than $3 billion in false claims to the Medicare program. The FBI has over 30 special agents in Miami exclusively dedicated to addressing the issue. Just in the past six months, federal and state authorities have prosecuted, shut down, seized bank accounts or executed search and arrest warrants of over a dozen different South Florida organizations that submitted falsified claims of over $500 million to the U.S. government.

Since its creation, strike force operations have resulted in more than 1,250 defendants being charged; the defendants collectively presented more than $3 billion in false claims to the Medicare program.

Fraud is most rife within the durable medical equipment (“DME”) segment, which includes wheelchairs, back braces, canes, walkers, etc. In order to perpetrate frauds, many sham DME companies recruit “nominee owners,” whose names are placed on corporate documents, lease agreements and corporate bank accounts to shield the true owners behind several layers of ownership. Stolen patient information and Unique Physician Identification Numbers (UPIN) are then used to file false Medicare claims for reimbursement. After the Centers for Medicare & Medicaid Services transfer money into the DME’s corporate bank account, the funds are entirely withdrawn using multiple check cashers. This action complicates the money trail should Medicare recognize a fraudulent claim. In 2007, the problem escalated to the point that federal authorities revoked Medicare approval from every single DME medical supplier operating in South Florida and told them to reapply for billing privileges.

Over the past several years, authorities have noted a rise in the involvement of criminal organizations in health care frauds. Groups that formerly engaged in narcotics trafficking, prostitution, gambling, racketeering and extortion have flocked to Medicare and Medicaid schemes, attracted by the high returns and relatively low risk of serving jail time. The problem has grown to the point that most prosecutors will not even bother going after perpetrators unless they have stolen $500,000 or more. Omar Perez, Special Agent in Charge of the strike force, described the extent of the issue in 2011 congressional testimony:

In South Florida, Medicare fraud is not only perpetrated by independent, scattered groups, but also by competitive, organized businesses complete with hierarchies and opportunities for advancement.2

As a percentage, health care fraud now dwarfs other forms of criminal activities such as narcotics trafficking and prostitution.3
Evolving Strategy: Reactive to Preventive

Since identifying health care fraud as a major problem, the U.S. government’s response has been reactive, prosecuting fraud only after it has occurred. However, a clear shift is emerging toward a preventive strategy. Under the Affordable Care Act, which took effect on Oct. 1, 2013, the Centers for Medicare & Medicaid Services have greater discretion in halting payments and vetting providers prior to registering them as designated payees. In addition, penalties and prison time have also been increased for perpetrators of health care fraud. The federal government has allocated $100 million to create a computer system, similar to what credit card companies use, that employs predictive analytic technology to identify questionable claims as soon as they have been processed and before a reimbursement has been paid out.

n July 2012, an innovative public-private partnership of federal government, state officials and private health insurance organizations voluntarily joined forces in an effort to better combat health care fraud. The group, which includes health care giants Blue Cross & Blue Shield, Humana, UnitedHealth Group and WellPoint, is designed to facilitate the sharing of information and best practices to improve detection and prevention efforts. One major initiative of the partnership is to identify and stop payments billed to different insurers for care delivered to the same patient on the same day in two different cities. The scheme is common throughout all major U.S. health care fraud hotspots and often involves Miami as one of the two locations.

Increased surveillance and investigation of health care fraud is aimed at thwarting organized criminal organizations by increasing the scrutiny of providers that are seeking reimbursements from Medicare or Medicaid. Initial efforts have yielded promising signs of success. In the past three years, efforts by the federal government have resulted in a record-breaking $10.7 billion in health care fraud recoveries. However, significant problems remain, especially in South Florida. Per capita, Miami has more people in community mental health centers than New York and Los Angeles combined. When the ratio of providers to patients is hundreds of times greater than what is seen in comparable cities, it is a clear red flag for fraud. Such issues continue to be addressed at the federal, state and municipal levels.

Nearly every health care fraud involves an element of identity theft as well as stolen patient data. Any organization in possession of sensitive employee, customer or patient information should have robust internal security measures to ensure patient and electronic health record data is protected. Federal breach notification laws, regulatory oversight and HIPAA compliance all place a premium on preventive actions. A formal risk assessment can be used to determine the effectiveness of an organization’s risk management process and controls to ensure that such measures are meeting federal privacy and security regulations. All health care organizations, inpatient and outpatient facilities and Medicaid/Medicare providers should also be cognizant of how to discover irregularities that imply health care fraud. Failure to do so can result in major financial damage, as well as pose serious reputational and regulatory risks to the business.

1 National Healthcare Anti-Fraud Association (NHCAA), citing FBI information
Omar Perez, Testimony to United States Congress, Mar 11, 2011: http://oig.hhs.gov/testimony/docs/2011/perez_testimony_03022011.pdf
Health care fraud figure: Thomson Reuters; rel="noopener noreferrer" Prostitution figure: www.businesspundit.com; Illegal drugs figure: Office of National Drug Control Policy.


Enterprise Security Risk Management

Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.