Unless things change quickly (which I doubt will happen) Congress is about to head down the wrong path in tackling Medicare fraud. Under the recently-introduced bipartisan bill “the Medicare Common Access Card Act of 2011,” all Medicare recipients and providers will be issued a smart card. Recipients will also get a PIN to use when they arrive at a provider’s office and providers will have to swipe their card and scan their fingerprint in order to make a claim for payment.
Can anyone guess who is the main lobbying force behind this legislation? The smart card companies of course and the Secure ID Coalition, an industry group comprised of smart card manufacturers and related vendors.
In 2010, OMB Chief Peter Orszag was quoted as saying that Medicare and Medicaid combined had nearly $65 billion in improper payments in 2009, of which $47 billion was for Medicare alone. We have heard higher numbers than Orzag gives, or that more like 12%-15% of claims against Medicare are fraudulent or highly ‘abusive’ to the system.
And Congress thinks smart cards are going to get this kind of savings? Adding insult to injury, at least parts of this law may be adopted by the Congressional Super Committee in its recommended debt-limit spending cuts due to Congress on Nov. 23. No wonder our country’s credit rating was downgraded and no wonder we are in so much financial trouble.
Reasons why the smart card advocates are wrong:
a) The smart card advocates are projecting that smart cards will save over $30 billion a year. That would mean that between 37% and 50% of the providers, physicians, hospitals etc. don’t exist or are fraudulent entities. While things are pretty bad in our medical system, I doubt very much they are that bad.
b) In fact, the most serious and consequential fraud and misuse is committed by legitimate users using regular systems, or by unauthorized persons who take over legitimate users’ accounts. Granted account takeover is harder with biometrics and smart cards, but strong authentication has already been successfully circumvented in many instances by sophisticated criminals. (For example, if a doctor is logging into an online system with a biometric and a smart card, the fraudsters simply wait until the doctor is authenticated and then manipulate the transactions to their favor).
c) Similarly, just because a doctor or healthcare provider has a smart card and is authenticated to the systems, does not mean he or she will not make illegitimate claims on the system. It’s imperative to monitor the actions AFTER the user is authenticated and not stop with authentication, which is all that smart cards imperfectly accomplish.
d) Further, and importantly, each person who is issued a smart card must be thoroughly vetted and I didn’t see any evidence in the congressional documentation of an identity proofing program that would be effective enough to keep out the bad players. Identity proofing is a major issue in financial services, as the bad guys find ways to have new accounts issued to them while they evade the financial services firms’ identity vetting techniques. Once they are issued an account, and in this case a smart card to go with it, they can wreak havoc in the system. Surely, this type of identity-level fraud and abuse will be even more rampant in the public sector healthcare system.
This is not to say that (even with all these problems) strongly authenticating all users and providers to the Medicare systems is a bad idea. It’s a good idea but it is only one lower-priority step in fraud and abuse mitigation that will take much more time and money than it is likely worth. I estimate it will cost the U.S. AT LEAST $4-$5 billion (total cost and probably much much more than that) to adopt smart card technology in healthcare and that at the end of the day it may save up to $5 billion in fraud (if we are lucky).
In contrast, the U.S. can spend around $100 million on scoring and automatically analyzing (using pattern recognition) Medicare and Medicaid claims for fraud and abuse, and likely save $40 billion to $60 billion a year. I have talked with some individuals that have closely analyzed Medicare files and have easily found these kinds of savings using fraud scoring and pattern analysis technology.
It’s time to take these analytical technologies into the fragmented and outdated CMS systems. It doesn’t require re-engineering them – it just requires adding a scoring and analytical process BEFORE a Medicare payment is made. Later on, smart-card based authentication can be layered on top of the fraud prevention systems but this should be a much lower priority. We need to spend the money on the systems that will yield the MOST savings, not on putting a pretty and expensive face (or smart card) on top of an ugly (Medicare IT) system.
I typically am an optimist but in this case, I must say I have lost faith in our legislative body to tackle the issue and set the right priorities. True, they are not fraud prevention and security specialists and true they probably have less bandwidth to focus on these issues than many of us do. But it’s also true that:
a) They need to stop listening to the groups with the best paid lobbyists and
b) They are about to make decisions that I estimate will cost the U.S. economy up to half a trillion dollars over the next decade. And that’s a sign of a very ill legislative process that even the best doctors of America won’t be able to cure.
Category: Uncategorized Tags: