10/22/2018

Are your patients who they say they are? Preventing medical identity theft


A dental professional can treat dozens of patients each day. Patients present, provide their information, get checked in and proceed with treatment. Do you ever stop to wonder whether your patients are who they say they are?

In a case reported to The Dentist Insurance Company’s Risk Management Advice Line, a patient presented for a root canal treatment. The patient provided a name, date of birth, phone number, insurance information and Social Security number. The dentist completed the treatment without incident and the office submitted a claim to the insurance company to receive payment for services rendered.

The office staff realized they had been given false information when they received a call from the individual whose Social Security number and insurance information were used to obtain treatment. The caller questioned why his insurance was billed when he was not even a patient at that practice. The office tried calling the individual who was treated, but the woman who answered stated that there was no one there by that name.

Once the office realized that they did not know the true identity of the individual they treated, they contacted the Advice Line for guidance. The Risk Management analyst advised the dentist not to release any information about the mystery patient to the individual whose identity was stolen. The analyst also recommended that the dentist file a police report and report the incident to the dental benefits plan provider.

This case illustrates the unfortunate reality that medical identity theft has made its way into the dental office. And just as dental offices have an obligation to prevent financial identity theft by protecting patients’ personal data, so too do they have an obligation to prevent medical identity theft.

According to the Ponemon Institute, a private cybersecurity research firm, more than 2.3 million people became victims of medical identity theft between 2014 and 2015, representing uninsured individuals seeking care under a stolen identity or, more commonly, obtaining prescription medications fraudulently. On average, patients spent $13,500 to resolve a case of stolen medical identity. But the nonmonetary costs are even greater. Patients report a lack of trust in their medical providers for failing to protect their private data.

According to the Federal Trade Commission, medical identity theft stems from several scenarios. The most common are data breaches within medical care providers, where thieves gain access to medical data systems, and “friendly fraud,” where someone known to the victim assumes his or her identity. Another type of scenario is one wherein thieves target unsuspecting individuals by posing as an employee of an insurance company, pharmacy or medical or dental office and asking for personal information, including plan numbers or Social Security numbers. Commonly, these thieves will make false offers of free or discounted care.

Another common source of medical identity theft is a dishonest employee who either steals patients’ private data to sell on the black market or allows uninsured friends or family members to use stolen identity to obtain free dental care.

It’s crucial that dentists know and trust their staff, says Taiba Solaiman, senior risk management analyst at The Dentists Insurance Company. Conducting comprehensive background screenings and random audits of charts and billing activity for any friends or family members who have been seen in the office can go a long way in catching and thwarting illegal activity.

Preventing fraud begins at the front desk. Therefore, it is imperative to instruct employees to ask for photo identification as patients present. It is not a violation of HIPAA and, while it is not required, it is highly recommended. Most dental patients are already familiar and comfortable with providing photo identification when visiting their medical care providers.

Some offices take photos of their patients, making it easier to identify patients when they arrive. Many dental software programs have built-in features to capture photos. If patients are hesitant to have their pictures taken, reassure them that it is only for internal use and will not be posted on social media or used for any marketing purposes. Let them know of your commitment to protect their personal information and prevent fraud.

When training your staff on spotting possible fraudulent patient activities, some red flags to look for are:

  • Questionable or altered documents or signatures.
  • Information not matching with information previously collected.
  • Suspicious behavior, such as an inability to quickly answer basic questions.
  • Refusing to present identification or provide identifying information when requested.
  • Forms of identification that don’t match the description of the patient producing them.
  • An accompanying individual addressing the presenting individual with a different name.

Should your practice team spot a red flag, it’s advisable to alert the authorities. It is not advisable to refuse treatment; instead, inform the patient that there are discrepancies that need to be looked into further and then make other arrangements for payment until the issue is resolved.

In addition, ensure that your staff is trained to educate patients on best practices for keeping their private data private. For example, patients should be informed that your staff will never ask for Social Security numbers or dental benefit plan numbers over the phone, so if they receive unsolicited calls from people requesting this information, they should hang up immediately. Remind patients to carefully review statements from insurance companies to look for suspicious or unauthorized treatments or payments.  

Medical identity theft is a multifaceted, complex crime and it takes the diligence of all players — medical and dental professionals, patients, insurance providers and law enforcement — to halt its progress. And while dentists certainly aren’t expected to take on the role of crime fighter, there are simple steps they can take to ensure their patients and their practice remain free from fraud.

To schedule a confidential consultation with an experienced risk management analyst, visit tdicinsurance.com/RMconsult or call 800.733.0633. TDIC’s Risk Management Advice Line is a benefit of CDA membership.



Related Items

From electrical fires to leaky roofs to failed equipment — suffering property damage can be an unfortunate part of dental practice ownership. As any dentist who has experienced a loss can attest, the goal is to minimize downtime and get back to work as soon as possible. After all, patients depend on dentists to keep their oral health in good order and a disruption in practice operations can prevent them from receiving the care they need.

If practice owners fail to educate their team members on their roles, responsibilities and limitations, that positive experience can quickly turn negative. And that negative experience can potentially create a professional liability claim. The following is a case reported by The Dentists Insurance Company along with advice for reducing risk.

The Dentists Insurance Company’s Risk Management Advice Line recently received a call from a practice that was dealing with a case of mistaken identity for same-name patients. The caller actually represented two practices: a pediatric dentistry office and an orthodontic office, which were managed separately but shared a common patient waiting area. Two patients named Haley were scheduled for treatment at the same time — one in each office.

Topics
Top