At $3.5 trillion, 18% of GDP, health care spending represents one of the largest segments of the US economy. It’s not surprising that such a large amount of money attracts fraudsters, and the complexity of the processing and payment systems create opportunities they can exploit.
The majority of health care fraud is committed by a small minority of dishonest health care providers and patients. Even so, the National Health Care Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year.
Here’s the Bad News
In June of 2018, the Office of the Inspector General in the Department of Health and Human Services announced a “takedown” initiative of Medicare and Medicaid fraud that resulted in 600 arrests and losses of $2 billion. While large enforcement actions grab headlines, studies suggest that low-value fraud is far more common and costly.
Small-scale fraud is often harder to detect. It’s the very definition of looking for a needle in a haystack, as the volume of transactions provides ample opportunity for it to hide. Attempts to implement controls are hampered by an ROI that’s hard to make work with small numbers – unless you can find a single solution that can be applied broadly enough to capture a large number of instances that are enormous in the aggregate.
Insurers and other payers are on the front lines of this fight. Fraud-related losses drop directly to the bottom line, leaching money that could be put to far better use.
Types of Fraud
Let's look at some of the more common types of medical insurance fraud:
· Billing for services not rendered. This occurs when a provider or facility submits claims to insurance companies for services and care that were never provided. This often uses information on file and happens without the knowledge of the patient.
· Billing for a non-covered service as a covered service or upcoding. A doctor may provide services that are not approved by the insurer. The doctor can submit claims and still get paid by calling it (and coding it) something that is covered by an insurance plans. In “upcoding” a more expensive treatment is billed than was actually provided.
· Misrepresenting dates of service. Providers might make more money by reporting they visited with or treated the same patient on two separate days rather than one day. Each "office visit" is usually considered a separate billable service. The services listed on claim forms were actually provided, but the dates are falsified because it's more profitable for the providers.
· Distributing false billings. The ability to spread false billings among many insurers simultaneously, including public programs such as Medicare and Medicaid, increasing fraud proceeds while lessening their chances of being detected by any a single insurer.
· Patient impersonation. A patient may claim to be the insured party who is not covered by the plan. The provider, often at a clinic or emergency room, provides the service and unknowingly files a claim with the wrong insurer.
There are many more types of fraud, some very sophisticated, often taking advantage of the Byzantine nature of the administrative side of health care insurance industry itself.
The Solution: Patient Control
We’ve long known that the missing element to fight this fraud is to involve the patient – the legitimate patient. Making sure the real patient is involved eliminates impersonation. Making sure the patient agrees with the services rendered should reduce or eliminate provider fraud.
The current way that insurers involve the patient is to send an Explanation of Benefits (“EOB”) to the patient’s address on file. This works, but only if the patient actually reads the EOB, and only if he or she understands it despite the complex coding that even medical professionals struggle with. If both of those are true, and if the patient sees a discrepancy, we hope they take the time to report it. At best, this is a detective control whose timing lags far behind the actual claim. In practice, a lot of fraud still gets through.
Now the Good News
A new technology leverages Permission Codes™ to provide proof of the patient’s identity along with consensus regarding which services were rendered. This frictionless approach limits fraud by getting patient authorization before a claim is submitted.
Initially developed to address fraud in financial services, it brings together advances in digital wallets, mobile apps, and public key encryption to let patients generate one-time PINs that authorize payment. Permission Codes are generated by patients (not providers), are digitally signed to ensure patient identity, and are easy to integrate with existing processing systems.
The single use feature of a Permission Code ensures that the same visit will not be re-billed for on a subsequent date where no visit actually occurred. This feature also ensures that a request for payment for the same visit cannot be submitted to multiple insurers. Constraints embedded in the Permission Code itself restricts provider billing to the class of service actually provided and approved by the patient. This helps to ensure that only covered services will have claims submitted for them.
A Permission Code based transaction might look like this:
During a visit to the doctor, the patient would be asked to authorize payment for a class of service, such as a check-up or illness/injury. Unlike an EOB, the categories are pre-defined to ensure patient understandability and aligned with payment tiers. The patient generates a Permission Code for that visit, which encodes the type(s) of care received, date, and provider, and gives the PIN to the provider to authorize a claim. Then, and only then, can the provider submit a claim to the insurer.
The Permission Code's ability to contain constraints ensures that it can only be used by that patient for that visit, on that day, with that provider, for the care received. Explicit authorization to invoice provides confidence that services were rendered as described.