Fighting cybercrime after United States v. Jones.

• Author: Gray, David
• Position: III. The Government's Legitimate Interests in Preventing, Detecting, and Prosecuting Healthcare Fraud B. The Value of Big Data in Combating Healthcare Fraud through V. Conclusion, with footnotes, p. 770-801 - Symposium on Cybercrime

2. THE VALUE OF BIG DATA IN COMBATING HEALTHCARE FRAUD

   Any reasonable discussion of healthcare fraud must include Medicare. Medicare is a government health insurance program for the elderly and the disabled. (154) Every day, 4.5 million claims for Medicare services are processed. (155) In 2011, the program covered almost 49 million people, spending over $500 billion. (156) The extent of Medicare fraud is unknown, (157) but it is believed to cost the government somewhere between $60 billion and $90 billion a year. (158) Hospitalization claims are the most common source of civil fraud investigations, while outpatient, medical equipment, and lab work claims are the most common sources of criminal fraud investigations. (159) Home-health agencies and providers of durable medical equipment have particularly high fraud rates. (160)

   Healthcare fraud generally--and Medicare fraud in particular--frequently involves health providers' charging for services never provided, billing for unnecessary equipment, stealing medical identities, paying kickbacks for referrals, or using a Medicare number for fraudulent billing. Complex schemes often incorporate a mix of strategies. (161) To identify fraudulent billing practices, automated systems help investigators flag impossible claims, such as a provider's alleged removal of twenty toenails from three toes or bills for more therapy sessions than Newtonian physics would allow. (162) Phantom billing may involve elaborate schemes in which there are in fact no physical clinics, patients, or health practitioners. For example, a member of an Armenian organized crime group recently admitted to creating a network of clinics and providers that existed only on paper, but nevertheless billed Medicare for nearly $100 million and received over $35 million in payments. (163)

   Similar to phantom billing is billing for services that are not medically necessary. In one case, a doctor with a penchant for Playboy models and Picassos received "$1.2 million from Medicare in 2008 ... a large portion of it from physical therapy," consisting of "heat packs, massage, electrical stimulation and ultrasound." (164) Although government-funded massages are relatively harmless to patients, other unnecessary treatments can be invasive and life threatening. In a recent case, investigators discovered that patients who were disoriented and unable to control their bodily functions were being forced to attend group therapy that served no medical purpose. (165) Providers altered their records so it would appear that patients benefited from therapy that was anything but helpful. (166) In another case, the government alleged that a nursing home required therapists to use the most expensive treatments on residents, even if the interventions were inappropriate or dangerous. (167) For example, it alleged that a ninety-two-year-old cancer patient in Orlando, who was routinely spitting up blood, nonetheless received 48 minutes of physical therapy, 47 minutes of occupational therapy, and 30 minutes of speech therapy, two days before his death. The day he died, the patient received 35 minutes of physical therapy and was scheduled for more therapy later in the day. (168) CMS reported a dermatologist who, in addition to unnecessarily removing "benign skin lesions," reused sutures, thereby exposing patients to HIV, hepatitis C, and other diseases. (169)

   Claims for medical equipment are another common target for fraudsters. Two Los Angeles pastors recently were found guilty of running separate schemes involving power wheelchairs. In the first, the conspirators purchased fraudulent medical documentation and billed Medicare $6,000 for power wheelchairs that actually cost $900. (170) The conspirators also offered wheelchairs and other unnecessary equipment to Medicare beneficiaries in exchange for their Medicare numbers. (171) If Medicare refused to pay for the chairs, the pastor instructed his employees to take the chairs away from the beneficiaries. (172) The funds from the scheme were diverted among sham supply companies run by the pastor's wife and other church members. (173) A second pastor and a doctor who provided fraudulent documentation pleaded guilty to running a similar conspiracy later in the same year. (174)

   Prescription medicines provide another rich territory for healthcare fraud. A well-known dialysis provider was accused in 2012 of intentionally wasting medication by giving multiple partial doses, instead of smaller numbers of full doses, in order to inflate charges. (175) Later that same year, a Miami pharmacy owner pleaded guilty to fraud charges for instructing his employees to retrieve from assisted-living facilities unused medication already billed to Medicare and Medicaid so that it could be repackaged and reused. (176) The repackaged medicine was distributed to other assisted-living facilities or the general public and resubmitted to insurance. (177) The pharmacist also paid assisted-living facilities to refer residents. (178) In Baltimore, a pharmacist admitted to purchasing drums of drugs from an unlicensed provider, mislabeling them, and dispensing them to customers. (179) The same pharmacist submitted claims to Medicare for prescription refills that were not dispensed to beneficiaries. (180) Still another pharmacist admitted to paying Medicare and Medicaid beneficiaries for their prescriptions and then submitting reimbursement claims to insurance companies without dispensing the medication. (181) Among his targets were patients with HIV or mental illness, whose medications are particularly expensive.

   Patients are not always innocent victims, of course. Beneficiaries often participate in healthcare fraud schemes in exchange for services or kickbacks. (183) Kickbacks range from cash (184) and cigarettes (183) to spa services and lunches. (186) In a massive operation in New York, conspirators paid $500,000 to beneficiaries in a special "kickback room." (187) Some of these schemes are far more Dickensian, providing subsistence benefits, such as housing, to vulnerable beneficiaries and then threatening them with homelessness if they refuse to comply with the fraud. (188) Whether through coercion, persuasion, or deception, individuals engaged in fraud expose Medicare beneficiaries, who are often ill or limited in capacity, to substantial risks.

   Medical identity theft is a significant problem as well. CMS reports that, in 2011, a man was convicted of stealing his brother's medical information and using it for surgery covered under his brother's insurance. The victim's medical records in turn incorrectly included his brother's HIV-positive status, which put the true beneficiary at risk of receiving medically unnecessary drugs and procedures. (189)

   Perpetrators also steal the identities of unsuspecting providers who have already been approved by Medicare in order to file fraudulent claims. (190) In one case, a home-health agency owner stopped paying his licensed personnel and, when they quit, billed hundreds of claims under his former employees' licenses. (191) Organized crime is also involved, creating networks of nonexistent clinics based on stolen provider information, often leading to suspicious claims, such as "[a] pregnant woman who gets an ultrasound exam--from an ear, nose and throat doctor[, a] forensic pathologist whose patients walked into his office, rather than being rolled in with toe tags[, a] dermatologist who conducted heart tests[, or a] psychiatrist who performed M.R.I.'s." (192)

   Although some providers' identities are stolen, others lend, rent, or sell their identities to facilitate fraud schemes. (193) Take, for example, a case in New Jersey where a licensed provider was "frequently either not in the office at all, or was in his personal office watching television." (194) He provided "pre-signed, blank prescription forms" to the unlicensed employees who were diagnosing patients. (195) In another case, unlicensed physicians paid a licensed physician "$2,000 a month to review and sign medical records prepared by physician assistants." (196)

   Healthcare fraud is increasingly accomplished and facilitated by electronic means. (197) Rather than steal patient information on an individual basis, hackers target medical information databases. In May 2012, a group of hackers based in Eastern Europe breached Utah's healthcare database, gaining access to over 780,000 records, including Social Security numbers and medical diagnosis codes. (198) These records are essential for fraudulent billing. According to one report, "an individual healthcare record is worth more on the black market ($50, on average) than a U.S.-based credit card and personal identity with social security number combined." (199) As healthcare fraud moves into the digital arena, traditional methods of detection and prosecution are simply inadequate. A cybercrime requires a cybersolution, which, in the case of healthcare fraud, will almost certainly include Big Data.

3. HOW BIG DATA SERVES GOVERNMENTAL INTERESTS IN PREVENTING, DETECTING, AND PROSECUTING HEALTHCARE FRAUD

   The overwhelming majority of data that CMS and its contractors use to detect fraud comes from claims, payment, and referral records. (200) Now that CMS is partnering with private insurance organizations, it will have access to private claims and other health data. (201) Additionally, the Medicare Integrity Manual lists a dozen types of data that contract agencies should use when investigating suspicious activity, including: (1) the nature of the providers and staff; (2) the structure of the business, overhead costs, and its relationship to other businesses; (3) the amount of business generally and the amount of business from Medicare/Medicaid reimbursements specifically; (4) the types of services rendered; (5) location; (6) history of claims and any previous investigations; and (7) "[o]ther information needed to explain and/or clarify the issue(s) in question."...