Category Archives: Federal Bureau of Investigations (FBI)

DOJ breaks up alleged genetic testing fraud scheme estimated at $2.1 billion

Posted on by Posted in Center for Medicare and Medicaid Services (CMS), Compliance Issues, Dept of Health and Human Services (HHS), Dept of Justice (DOJ), Federal Bureau of Investigations (FBI), Fraud, Genetic Testing, Kickbacks, Medicare, Medicare Fraud, Physician, Rev Cycle Management, Telemedicine Leave a comment

https://www.healthcarefinancenews.com/news/doj-breaks-alleged-genetic-testing-fraud-scheme-estimated-21-billion?mkt_tok=eyJpIjoiWkdNMU56WmxabVl3TWpRMSIsInQiOiI0dlhaYUJpT2xBU0FqeDNmWkRlZHVZYnRsZ2xBK3pxMmN6RG5kS3Q1UWgrWFYyNllIK2lLZEYzclRDWUYyTFwvOGdhUzRVSnlscG5MQjBtY0NwT2d1TjZHdXJYRUlYRGszVEhrQmY5b0xhRDlFTWNTNUEwWnVvWGUwZXE3ME9kdGgifQ%3D%3D

The defendants ordered unnecessary tests that were reimbursed by Medicare, with laboratories sharing the profit, DOJ says.

The U.S. Department of Justice has charged 35 people with unlawfully charging Medicare $2.1 billion in what it said is one of the largest healthcare fraud schemes in history.

The 35 alleged offenders were charged in five separate federal districts, and were linked to dozens of telemedicine firms and laboratories focused on genetic testing for cancer. The people charged, including nine doctors and one other medical professional, cumulatively billed Medicare billions for cancer genetic tests, the DOJ said in a press release.

The charges were a culmination of coordinated law enforcement activities over the past month that were led by the Criminal Division’s Health Care Fraud Unit, resulting in charges against more than 380 individuals who allegedly billed federal healthcare programs for more than $3 billion, and allegedly prescribed and dispensed approximately 50 million controlled substance pills in Houston, across Texas, the West Coast, the Gulf Coast, the Northeast, Florida and Georgia, and the Midwest.

These include charges against 105 defendants for opioid-related offenses, and charges against 178 medical professionals.

The investigation targeted an alleged scheme involving the payment of illegal kickbacks and bribes by CGx laboratories in exchange for the referral of Medicare beneficiaries by medical professionals working with fraudulent telemedicine companies for expensive, and medically unnecessary, cancer genetic tests.

According to the DOJ, the targets of the scheme were primarily seniors, who were approached at health fairs, at their homes during door-to-door visits, or through telemarketing calls. The “recruiters,” as they were called, would approach seniors about supposedly free cancer screenings or generic cheek swab tests, and the recruiters would then obtain the seniors’ Medicare information for the purposes of fraudulent billing or identify theft.

The recruiter would then get a doctor to sign off on a genetic so a lab would process it, and then pay a kickback in exchange for ordering the test. The lab would process the test and bill Medicare, and once it was reimbursed, would share the proceeds with the recruiter, according to the charges.

Often, the test results were not provided to the beneficiaries, or were worthless to their actual doctors. Some of the defendants allegedly controlled a telemarketing network that lured hundreds of thousands of elderly and/or disabled patients into a criminal scheme that affected victims across the U.S.

The defendants allegedly paid doctors to prescribe CGx testing, either without any patient interaction or with only a brief phone conversation with patients they had never met or seen.

WHAT’S THE IMPACT

In addition to the DOJ charges, the Centers for Medicare and Medicaid Services, Center for Program Integrity said it took adverse administrative action against cancer genetic testing companies and medical professionals who submitted more than $1.7 billion in claims to the Medicare program.

The DOJ Criminal Division, along with the U.S. Department of Health and Human Services Office of Inspector General and the FBI, spearheaded the investigation.

The DOJ calls the scheme one of the largest it has ever handled.

THE LARGER TREND

Since its inception in March 2007, the Medicare Fraud Strike Force, which maintains 15 strike forces operating in 24 districts, has charged nearly 4,000 defendants who have collectively billed the Medicare program for more than $16 billion.

In addition, CMS, working in conjunction with the Health and Human Services Office of the Inspector General, are taking steps to increase accountability and decrease the presence of fraudulent providers.

The newest Medicare fraud scheme is the second to be uncovered in the last month. Earlier in September, a telemedicine CEO pleaded guilty to one count of conspiracy to defraud the United States and pay and receive healthcare kickbacks and one count of conspiracy to commit money laundering in a scheme estimated at $424 million.

ON THE RECORD

“Unfortunately, audacious schemes such as those alleged in the indictments are pervasive and exploit the promise of new medical technologies such as genetic testing and telemedicine for financial gain, not patient care,” said Deputy Inspector General for Investigations Gary L. Cantrell of HHS-OIG. “Instead of receiving quality care, Medicare beneficiaries may be victimized in the form of scare tactics, identity theft, and in some cases, left to pay out of pocket.  We will continue working with our law enforcement partners to investigate those who steal from federal healthcare programs and protect the millions of Americans who rely on them.”

“Healthcare fraud and related illegal kickbacks and bribes impact the entire nation,” said Assistant Director Terry Wade of the FBI’s Criminal Investigative Division. “Fraudulently using genetic testing laboratories for unnecessary tests erodes the confidence of patients and costs taxpayers millions of dollars. These investigations revealed some medical professionals placing their greed before the needs of the patients and communities they serve. Today’s law enforcement actions reinforce that the FBI, along with its partners, will continue to pursue and stop this type of illegal activity.”

 

Healthcare’s number one financial issue is cybersecurity

Posted on by Posted in Cybersecurity, Dark Web, Data Breaches, Data Ownership, Data Sharing, Dept of Health and Human Services (HHS), Federal Bureau of Investigations (FBI), Health Insurance Industry, Health System, HIPAA, Hospital, Hospital Industry, Information Technology, Population Health, Privacy, Risk Assessment, Risk Management Leave a comment

https://www.healthcarefinancenews.com/node/139027?mkt_tok=eyJpIjoiTURRMk1tVTFaVE15TkRjMiIsInQiOiJPNUYydDU5cFVodjB4bnlnb2M0eVhDNjg2YU53NDl6MWFRQlVpUEpmTzV5cEcrVVZMWldhd1AzbHNlckIwUWJHczlhOVRMZUxxSngyWk02VVhXTktXRjN1OE9mbkQ2V2FhQlBqVFIzOWpMS0pNUEdCYWh0SUQyZWZHRmpBQjRFWiJ9

Image result for hospital cybersecurity

The cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity and reputation.

Cyber attacks affect the finances of every hospital and insurer like no other.

“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually,” said Lisa Rivera, a partner at Bass, Berry and Sims who focuses on healthcare security. “That’s enormous and is not going away.”

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totalled $28 million.

The HHS Office of Civil Rights is stepping up breach enforcement of private health information, according to Rivera, who is a former assistant U.S. Attorney and federal prosecutor handling civil and criminal investigations for the Department of Justice.

What officials want to see is that the hospital or insurer has taken reasonable efforts to avoid a breach.

“There is no perfect cybersecurity,” Rivera said. “They say it’s not perfection, it’s reasonable efforts. That’s going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents.”

Also, hospital finance professionals who are relying more on contractors for revenue cycle management and analytics should take note on the security issues involved in sharing this information.

“Every sector of business has attacks, but healthcare is experiencing the largest growth of cyber attacks because of the nature of its information,” Rivera said. “It’s more valuable on the dark web.”

It’s also not easily fixed.

If an individual’s credit card is stolen, the consumer can cancel his or her credit card. But in health records, the damage is permanent.

THE IMPACT

Despite the number of breaches, healthcare has been behind other sectors in taking security measures. Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry, according to Rivera.

Hospitals are behind because first, it’s a challenge to keep up with the move to more information being in electronic form.

“There’s no hospital that doesn’t have mobile EHR information,” Rivera said. “Then there was this transition with incentives from the government to go to electronic medical records. There were vast routes to doing that without a lot of experience involved in doing it. The push to become electronic began happening with this enormous uptick in cyber attacks.”

Also, the focus of healthcare has always been patient care. The population health explosion also involves the sharing of information.

And consolidation across the healthcare industry can potentially make covered entities more vulnerable to lapses in security during the transition and integration phases.

RECOMMENDATIONS

The number one way to cut costs is to prevent a breach. Once one has happened, hospitals must be able to identify it as soon as possible and then be able to respond to it.

Hospitals should be able to determine where certain data goes off the rail, Rivera said. For instance, large systems doing research have outcome information that may not be within the system of protection.

“You don’t want to learn about a data breach because the FBI saw it on the dark web,” Rivera said. And some hospitals have.

It’s a constant battle of software updates and checks. Criminals are pinging systems thousands of times a day. It’s like locking down doors and windows.

The first thing that’s needed for systems large and small is a risk assessment. This is the first thing the OCR wants to see, she said. Many hospitals use an outside vendor to do the job.

Prices for other cybersecurity measures vary from a software purchase that could be in the millions, to having vendor monitoring.

But the cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity, reputation and the service disruption.

Hospitals can also purchase cyber insurance, which varies in cost and coverage. Some obtain it for purposes of class action lawsuits.

THE LARGER TREND

OCR enforcement activity during 2018 demonstrates the agency’s continued emphasis on enforcing violations of the security risk assessment and risk management requirements, Rivera said.

Covered entities and business associates are required to: conduct a thorough assessment of the threats and vulnerabilities across the enterprise;    implement measures to reduce known threats and vulnerabilities to a reasonable and appropriate level; and ensure that any vendor or other organization accessing or storing private health information is security compliant.
The OCR concluded 2018 with an all-time record year for HIPAA enforcement  activity. The OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This surpassed the previous record of $23.5 million from 2016.

In addition, OCR also achieved the single largest individual HIPAA settlement  of $16 million with Anthem, representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.