HHS draws Senate attention for OCR, CMS security and medical identity theft measures
HIM-HIPAA Insider, November 30, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Members of the Senate Committee on Health, Education, Labor, and Pensions (HELP) and the Senate Committee on Finance co-signed a letter to the Department of Health and Human Services (HHS) voicing serious concerns about the protection of PHI following a series of massive health data breaches. The letter, addressed to Andy Slavitt, acting administrator of Centers for Medicare and Medicaid Services (CMS) and Jocelyn Samuels, director of the Office for Civil Rights (OCR), cites the cyberattacks against Anthem, Premera, CareFirst, Excellus, and UCLA as a call to action. The letter is signed by Lamar Alexander (R-Tenn.), Orrin Hatch (R-Utah), Patty Murray (D-Wash.), and Ron Wyden (D-Ore.).
The senators express growing concern over the number of Americans whose PHI has been breached and are at risk for medical identity theft and other forms of fraud. The letter goes on to ask specific questions about the type and adequacy of measures HHS, OCR, and CMS take to protect patient data. The senators ask for information on the effects of large breaches on fraud cases and the resources each agency makes available to victims. They are also requesting data on the effects large breaches have on non-covered entities. Some of their questions are:
- What support does HHS provide to federal, state, and local law enforcement officials to aid their response to medical identity theft?
- What services does CMS offer to Medicare and Medicaid beneficiaries who suspect they are victims of medical identity theft? How long do individuals who report identity theft to CMS have to wait for a response?
- In addition to OCR's publicly available list of breaches affecting 500 or more individuals, do OCR and CMS track reported cases of medical identity theft? If so, please provide summary of this information and a description of how this information is collected. Please include an assessment of whether this number captures the full number of cases, or if HHS believes this is an underreported crime? If HHS does not track this information, does any other federal agency?
The letter raises concerns over CMS’ willingness to assist victims of medical identity theft, stating that “in recent years, CMS has demonstrated reluctance to correct Medicare billing records for victims of medical identity theft due to fears such corrections would negatively impact beneficiaries deductible and coinsurance status, CMS internal accounting systems, and civil and criminal prosecutions.”
Medical identity fraud also represents significant losses for the Medicare Trust Funds and taxpayers, the letter says. In one incident cited from the testimony of Gary Cantrell, deputy inspector general for the Office of Inspector General, a transnational group set up a fake medical clinic and billed Medicare for over $1 million. A 2014 report from The Economist that estimated fraud added almost 10% to total annual Medicare and Medicaid spending is also brought to bear on the senators’ point.
The senators request that HHS respond to their questions by November 25.
Due in large part to the massive insurance provider breaches, as many as 154 million individuals were put at risk for medical identity theft this year, according to The Fiscal Times.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Five ways to safeguard your patients' valuables
- The consequences of an incomplete medical record
- Q&A: Primary, principal, and secondary diagnoses
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Plan of Care Supports Documentation of Homebound Status
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Neurological checks for head injuries
- Modifiers and medical necessity
- Follow these tips to properly report bladder catheter codes
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched