In 2017, 16.7 million people in the U.S. experienced some type of identity theft with $17 billion in losses to organizations, according to a recent Harris Poll. Medical identity theft is fraud and recognizing and controlling it is a growing and serious compliance concern for medical office managers.

Recognizing Patient Identity Theft

Start by reviewing the compliance plan to see what protocols are already in place to thwart medical identity theft. There are four areas where medical office managers can tighten the ship. These tips can help prevent it from occurring in your office.

At patient check in. Train your medical office team to thoroughly inspect identification and documentation at check in. When accepting a patient’s identification card, make sure it has not been altered or forged, and that the patient information matches the face on the picture ID. If the patient is filling out intake forms, ensure their contact information matches their license. If not, you will have to ask about the discrepancy.

During insurance verification. When contacting the insurer, verify the contact information they have on file matches your records. If there is a discrepancy, ask the patient for an explanation and document the response in their file. Never make any assumptions. And if the patient is not the primary insurer on the account, get confirmation from the insurance carrier that they are listed on the insurance.

Patient communication. When your medical team has attempted to contact the patient via phone or mail and have not been successful, it’s a red flag, especially if the attempts have been made after services have been rendered. It’s also important to note that if mail is undeliverable and the patient doesn’t confirm appointment reminders, but still arrives for appointments, there’s a reason to be suspicious.

Billing. When a patient receives a bill for a service that wasn’t administered, it could be numerous reasons why. You, of course, must conduct a thorough investigation to ensure the services were coded correctly, that the services in fact were performed on the appointment date, and that the patient record shows that the service was indeed performed on the patient. If all of these variables check out, but the patient still remains confident they did now have the service, this is a red flag and should be handled as a fraudulent case.

Insights on practice, personnel, and financial management:
Download the ebook
Best Practices For Medical Administration

Controlling Identity Fraud in Your Medical Practice

To help combat fraud in your organization it is imperative to develop an Identity Theft Prevention Program as part of your practice compliance plan. The medical office manager or compliance officer is most often responsible for the implementation and administration of the program. Depending on where your office falls in your organization’s hierarchy, you may need to have your program reviewed and approved by either the practice’s Board of Directors or an appropriate senior-level employee.

When writing the program, include the four basic elements listed below:

1. Write reasonable policies and procedures on how to detect the red flags of identity theft.
2. List the appropriate actions to take when identity theft is detected in your organization.
3. Schedule employee training to review your identity theft prevention program.
4. Address when and how you will re-evaluate the program in the future to safeguard your practice from new risks.

Protect Your Organization from Medical Identity Theft

Medical Identity Theft is addressed in the compliance module of the CMOM certification program. It includes information on how to develop an Identity Theft Prevention Program tailored specifically to your practice. Learn more and enroll now.