Initiative aimed at organized crime rings that rely heavily on physician identity theft

Last week, the U.S. Department of Justice (DOJ) and U.S. Department of Health and Human Services (HHS) announced that they will partner with private insurers to share information and best practices to deter fraudulent billings that implicate both government and private insurance programs, such as Medicare Advantage Plans that are subsidized by Medicare and administered by private insurers. While an initial work plan will not be finalized until September, a press release issued by the DOJ and HHS states that the partnership generally will focus around sharing claims data and information about specific schemes, utilized billing codes and geographical hotspots. Importantly, statements by officials indicate that the initiative is, in part, a response to international organized crime rings that have defrauded Medicare Advantage plans of hundreds of millions of dollars and which rely heavily on the misappropriation of physician identifiers, including names and National Provider Identifiers (NPI), to carry out the schemes.

For example, in United States v. Michel De Jesus Huarta, et al. (09-20523, S.D. Fla., Jan. 27, 2010), eight Cuban nationals living in Miami were charged with conspiracy, healthcare fraud and aggravated identity theft in relation to a $55 million scheme to defraud several Medicare Advantage Plans, including plans administered by WellPoint, Inc. and Humana, Inc., two of the eight insurance companies participating in the anti-fraud partnership. To execute the scheme, the defendants set up twenty-nine medical clinics in five states that purportedly offered infusion therapy injections for Medicare beneficiaries with terminal illnesses. Many of the clinics were simply post office boxes or abandoned storefronts.

Because claims for infusion therapy injections require a referral by a physician, the defendants in Huarta misappropriated the names, NPIs and other identifying information of "numerous" physicians to be listed on the claims submitted to the private insurers. The defendants would obtain these identifiers from a variety of public sources, including CMS's NPI registry website. In some cases, the defendants also would post advertisements in local newspapers seeking "medical directors" for the various clinics. The defendants would stage "interviews" with unsuspecting physicians, leading them to believe that they were being hired for the medical director positions. However, these interviews were merely a ruse for the defendants to obtain the physicians' personal identifying information, including copies of their driver's licenses, medical degrees and other personal information. With the physicians' information, and hundreds of beneficiary identifiers which also were misappropriated, the defendants submitted thousands of false infusion therapy injection claims to the private insurers offering the Medicare Advantage Plans. The explanation of benefits received by each of the victim beneficiaries would list the victim physicians as the "referring physician," causing further harm to the physicians' professional reputations.

In sum, it remains to be seen whether the anti-fraud partnership's work plan will set forth best practices or recommendations to specifically prevent the misappropriation of physician identifiers, including the NPI. Such misappropriation could result in an array of adverse business and reputational consequences for an affected physician or other provider. However, any federal effort to prevent such misappropriation would have to be balanced with the legitimate need of many healthcare entities (private payers, laboratories and suppliers) that regularly access and use the NPI to confirm a physician's identity.