Rising levels of identity theft have become a major issue for prosecutors and law enforcement officials, and given the quantity of identifying information requested by health plans, hospitals, and the government, physicians have become prime targets for scammers. Stolen physician identities can be used in elaborate schemes, particularly with billing for durable medical equipment (DME) for patients covered by Medicare. That’s what happened to one AAOS member, Richard J. Haynes, MD.

On April 13, 2009, Dr. Haynes received a call from Special Agent Jack J. Geren Jr. of the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG). Mr. Geren asked if Dr. Haynes had prescribed orthotic devices to any Medicare patients in the Dallas area during the previous year.

Dr. Haynes, whose home is in Phoenix and who has been semi-retired since November 2007, assured the government agent that he had not. From that point, a case unfolded against Rafayel Movsesyan, who in December 2009 pled guilty to aggravated identity theft while submitting more than $1,028,000 in false claims to Medicare.

According to documents filed in the case, Mr. Movsesyan used the names and billing information of real physicians and patients to submit claims to Medicare for devices and supplies that were never delivered. The scheme went so far as to set up a false storefront business that resulted in more than $325,000 in Medicare payments as a result of the false claims.

Procuring personal data
“I was extremely offended that someone had used my physician identification number,” says Dr. Haynes. “The fact that somebody had the audacity to use my name…I was pretty much outraged about that. As a member of the orthopaedic community, I was also, quite frankly, embarrassed by the fact that this could happen. The orthopaedic community is involuntarily being used to perpetrate significant fraud that, in the long run, is harmful to orthopaedic care and to our patients.”

Fraudulent billers construct a veneer of legitimacy by using personal information gathered from real physicians and patients. Patient information may be collected through various means, including in-home interviews conducted by “recruiters” hired by fraudulent DME companies, or hospital employees may simply fax personal information directly to “patient brokers” in exchange for kickbacks.

Physician information may be even easier to come by. National Provider Identifier numbers can be found on the Internet. In some cases, staff in a physician’s office may unwittingly supply data to fake “Medicare representatives” who call requesting a copy of a physician’s license or clarification of provider information.

In some of the most egregious examples, a fraudulent company may contact Medicare directly and request a change in a physician’s address and billing information.

Paying the price
In an era in which medical costs are under intense scrutiny, the effect of fraud is considerable, particularly in large government programs such as Medicare.

“Medicare Part B, which includes DME, paid out $180 billion in 2008,” says OIG Special Agent in Charge Mike Fields. “Exact numbers are hard to calculate, but according to the National Health Care Anti-Fraud Association, about 3 percent of Medicare payments are fraudulent, so the amount of suspected false claims to Medicare in 2008 for all Part B services is $5.4 billion. Bottom line: fraud is a huge problem that we fight everyday.”

Such improper billing inflates the overall healthcare budget and wastes valuable resources that could better be spent on legitimate healthcare claims. It also can have a more direct, personal effect on physicians and patients. Until investigators can sort out all the facts in a case, all involved parties may be held under a cloud of suspicion.

“A lot of times we have both the doctors and the companies under investigation,” explains Mr. Fields. “We don’t know who is the guilty party—it could be both; it could be either/or.”

Often, there are no warning signs for physicians who are victimized by identity theft.

“Sometimes we look at the claims data and we see Dr. ‘Smith’ in various cases associated with fraudulent DME companies” says Assistant U.S. Attorney Katherine Miller. “Well, we may focus first on Dr. ‘Smith’ because we know from past history that doctors have been paid kickbacks to sign false prescriptions. In the eyes of the OIG, that doctor may be our first target—not a good position for a doctor to be in.”

Patients can pay a price as well. If Medicare employees fail to properly clean a patient’s record after an identity theft case, that record may incorrectly retain false claims as proper. Later, when the patient genuinely needs a device that Medicare thinks he or she already has, it could become a serious problem.

“In some of these cases that we’ve prosecuted,” says Ms. Miller, “the false billing was for a motorized wheelchair—a $5,000 wheelchair—that the patient didn’t need. They might need the equipment in the future, however, which is why the medical history needs to be corrected. If that’s not done, the patient’s medical history has a false record of the service that was provided, and it makes the patient ineligible for that service for a period of years.”

Cooperation is essential
According to Mr. Fields, a take-home point for physicians is to never give out information without being certain that a request is legitimate. Even that may not be enough to stave off identity theft, however, so officials stress the importance of enlisting the help of physicians to ensure conviction and a strong sentence for those who commit fraud. It’s much easier to detect identity theft when the involved physician has retired, relocated to a different geographic area, or is deceased.

“When [physicians] are victimized, it’s crucial to have their cooperation,” says Ms. Miller. “That means interrupting their busy schedules. We hate to inconvenience anyone to have to come to trial to testify, but it’s essential. We can’t prosecute a case without the victim’s testimony.”

“Sometimes,” she continues, “knowing that the doctors are willing to come testify, the defendants will be pressured to plead guilty and we avoid a trial. And it’s always helpful when doctors show up for the sentencing to demonstrate how seriously they take it when a defendant has improperly used their personal information.”

At the core of many Medicare fraud schemes, individuals place personal greed above providing legitimate medical care. In this case, the defendant not only defrauded the Medicare program, he stole Dr. Haynes’ identity to do it. For this reason, Dr. Haynes came forward to share his case with the orthopaedic community.

“This is probably much more common than we think,” says Dr. Haynes, “and it was clear to me that the U.S. Attorney’s office needs our assistance in their prosecution of these types of events. We’ve all read this is big business, but it wasn’t personal until now.”

“It’s just as if your credit cards or Social Security number were stolen,” Mr. Fields says, emphasizing the need for physicians to remain vigilant against identity thieves. “We all know how that can ruin your credit standing; it can ruin everything. This information is just as vital, but just in a professional way…toward your medical reputation.”

Peter Pollack is a staff writer for AAOS Now. He can be reached at: ppollack@aaos.org

What you can do
Learn how to protect yourself from fraud and spot suspicious signs that may indicate fraud at www.stopmedicarefraud.gov

Report Medicare fraud to the Office of the Inspector General by e-mailing HHSTips@oig.hhs.gov or calling (toll-free) (800)-HHS-TIPS

Keep tabs on your identity by taking the following steps:

• Don’t leave prescription pads in the open. Someone can use that information to order drugs or services in your name.
• Be careful about what information is given out and to whom, especially in calls from anyone claiming to be from a health plan or facility and requesting your license number.
• If the name of a laboratory or other service supplier who calls is unfamiliar, contact the payor to confirm the provider numbers issued in your name.
• Check every 6 months or so to confirm provider numbers issued in your name.
• Avoid giving your billing number to a potential employer.
• Check the background of potential employers before providing any identifying numbers.