How to Avoid Physician Identity Theft

May 24, 2012

Here are some of the key ways to ensure physician identity theft doesn’t happen to you.

Are you doing all you can to protect your physician identity? If not, you could suffer serious consequences. 

If a fraudster somehow finagles your unique medical identifying information - such as your NPI, TIN, and/or medical licensing information - he could potentially use that information to bill payers for services you never provided.

As a result, you could experience financial loss due to taxes on earnings you never received, and obligations to return overpayments to payers for items or services you never provided.

“Medical identity theft is really significant, really important,” emergency physician Shantanu Agrawal, medical director at CMS’ Center for Program Integrity, which focuses on fraud and abuse issues, told Physicians Practice. “I think it’s an often overlooked area for physicians and the ramifications can be significant for both physicians and patients.”

Here are some of the key ways to ensure identity theft doesn’t happen to you:

Protect Information

• When applying to new jobs, proceed with caution. An article appearing in the Journal of the American Medical Association, co-written by Agrawal, advises physicians to conduct due diligence on potential employers before providing them with their medical identifiers.

Nurse and private investigator Linda Vincent, an identity theft prevention expert, told Physicians Practice that if possible, physicians should not provide such information until a job offer has been made.

• Ensure your staff knows when it is appropriate to release your unique medical identifiers, said Vincent, who is also founder of The Identity Advocate, which provides education, consulting, and resources to help prevent identity theft.

For instance, fake “Medicare representatives,” have been known to call on physician offices with information requests. If your staff is not properly trained, they may inadvertently release your unique medical identifiers to fraudsters.

Make sure that staff confirms that any individual requesting such information is legitimate, said Vincent. Ask what company the individual is with and request that he provide proof that he is with that company. If the individual is calling on the phone, instruct staff members to confirm his credentials, and then call him back.

• Shred any documents that are no longer needed that contain sensitive information, said Vincent. Also, make sure all mail leaving the office with such information is securely handled. Don’t just leave it on the counter, ask a staff member to hand it directly to the mailman, she said.

• Conducting thorough background checks of all employees is essential, said Vincent. Individuals that are members of fraud rings can be very convincing. “You’ll hire the person that you think is innocent enough, and it’s that person that may walk off with that physician’s information because he or she may be working with an identity theft ring.” Background checks should include past employment verification, current licenses held, credit score (bankruptcies), and any type of criminal history/convictions.

Update Payers

Notify payers when your enrollment information changes, such as when you are closing a practice or changing practice locations, said Agrawal. That way, if a fraudster attempts to bill for false services from that location address, it will be a red flag to payers. “Keep us up to date so you don’t leave an enrollment record open that you no longer use,” he said.

Don’t Turn a Blind Eye

Don’t make it easy for fraudsters. Make sure you monitor any organizations or individuals to whom you provide billing privileges, said Agrawal. Also, review remittance notices from payers and confirm that the information corresponds with what you know you billed.

It’s also important to know what’s being done in your name by nonphysician providers. “They’re very valuable members of the provider community … however, there are some schemes which utilize midlevel providers to bill fraudulently in a physician’s name, and that amounts to identity theft,” said Agrawal.

This is the second part of a weekly series on medical identity theft. The first posting in the series covered how technology can help prevent medical identity theft.