Leaders of the Medicare program know that identity thieves have stolen the health identification numbers of more than a quarter million people, but they refuse to address the problem, according to a recent government investigation.
The issue is serious enough that it “could delay or prevent beneficiaries from receiving needed services,” according to the report by the Department of Health and Human Services inspector general.
The Centers for Medicare & Medicaid Services (CMS), which run both programs, keep a database of patients’ identification numbers that may have been stolen by identity thieves. The database contained nearly 284,000 names in February 2012, according to the report.
Of those, 214,000 were classified as “medium risk” that their numbers could be misused by others to obtain medical services or to submit false claims. Another 56,000 were classified as “high risk.”
The numbers are reported to CMS by private contractors hired to analyze claims fraud and investigate complaints.
“According to most contractors, new beneficiary numbers would minimize the damage caused by medical identity theft,” according to the report. “One contractor noted that assigning new numbers would greatly assist beneficiaries because resolving issues associated with a compromised number can be time consuming and financially draining for the beneficiaries.”
The contractors are not alone; the Social Security Administration’s inspector general also has urged Medicare to improve its identification system by stopping the use of Social Security numbers as beneficiaries’ default identification number.
So far, however, CMS has refused to make any changes. The agency says that changing beneficiary numbers would cost too much money, involve too many beneficiaries, and would cause too many operational challenges, according to the report.
The stolen information creates serious problems that endangers victims’ health, says Adam Levin, founder of Credit.com and Identity Theft 911.
“The fact that Medicare and Medicaid know about these stolen identities but refuse to act is, unfortunately, all too typical but nevertheless outrageous,” Levin said. “They are quite literally putting peoples’ lives at risk, and they need to pull their heads out of the sand and find an alternative unique identifier quickly.”
Another problem is the contractors themselves, the investigation found. Each company has its own system for tracking stolen ID numbers, although one company does not track stolen numbers at all, according to the report. Others make their best guess, flagging instances when durable medical equipment is purchased using stolen IDs but not flagging services such as emergency room visits.
The inspector general recommended replacing such ad hoc solutions with a new system.
“We recognize that there is no easy solution to this problem, given that beneficiaries’ Medicare numbers currently are linked to their Social Security numbers,” according to the report. “However, CMS should explore different options and then develop a method for reissuing Medicare numbers to beneficiaries affected by medical identity theft.”
Image: Taber Andrew Bain, via Flickr