60 million names, one CLEAR solution
It was a good system.
For more than fifty years, federal healthcare recipients have received an identification card with their Social Security number printed on it, and that number has been used to track and process patient health benefits.
But the world has changed, and Social Security numbers are no longer the most secure way to ensure the privacy of sensitive healthcare information – so the federal government acted. In response to growing concerns that cards containing Social Security numbers could make patients vulnerable to identity theft, Congress passed legislation requiring the agency responsible for managing those benefits to issue more secure cards no later than April 2019. To comply with the law, they developed a new card to replace the beneficiary’s Social Security number with a randomly generated, 11-digit number unique to each person and unrelated to any of their other personal data.
But getting those cards into the hands of patients meant mailing new cards to more than 60 million people. With such a large mailing, even a small percentage of error could result in benefit cards being sent to incorrect people, increasing the possibility of fraud. To ensure that the cards were sent to the correct people, the agency needed to verify the recipients’ addresses. To accomplish this, the agency undertook what’s known as a “data hygiene” project – a systemic data review that compares information in a pre-existing database against external data sources to certify that the information is correct.
Aware that its data was not entirely accurate, the agency knew that if it did not double-verify the addresses, several million new cards could end up being sent to the wrong address – and potentially into criminal hands – creating a whole new cycle of fraud-related problems. Fraudsters might try to abuse the new system as well, by submitting false claims for healthcare services or attempting to obtain illicit drug prescriptions. Even more worrisome, patients who did not receive their card in the mail might be denied healthcare coverage or vital services.
The scale of the project was daunting as well because sending even a small percentage of cards to the wrong recipients could cost the federal government (i.e., taxpayers) several million dollars in postage alone, and potentially billions in fraud.
Passing the test
Verifying 60 million addresses is not a trivial undertaking. The agency itself has extensive resources, processes, and tools to check their data, but they wanted to add additional safeguards, so they looked to the private sector for help. To find a suitable data vendor, the agency set up a pilot test using 5,000 names from the master database. Three competing vendors were then asked to conduct data matches to verify each beneficiary’s identity and address.
To complete the test, Thomson Reuters used a version of its CLEAR investigative software configured to identify the recipient’s name, date of birth, and last known address. The agency verified the matches by sending certified mail to each address and discovered that the Thomson Reuters results were superior to those of its competitors. The agency eventually awarded the government’s contract to Thomson Reuters.
Search, verify, repeat
While winning the contract was undoubtedly good news for Thomson Reuters, it also meant that the team responsible had to immediately get to work scaling up the pilot-project system for the real thing: mailing new cards to 60 million Americans, many of whom rely exclusively on federal assistance to meet their healthcare needs.
For this project, the agency needed a simple, efficient system to verify the identity and address of every individual who would be receiving a new card. They needed to confirm two pieces of information for every name on the list:
- Was the listed person the correct beneficiary?
- Was the most recent address listed for that person correct?
If both the recipient’s identity and address could be confirmed, a card could be mailed. If not, the card would need to be withheld until the recipient’s information could be verified some other way.
To accomplish the agency’s goals, Thomson Reuters decided to use one of its new products, CLEAR ID Confirm, a streamlined version of its award-winning CLEAR investigative software that enabled the agency to do what it wanted right out of the box. Users supply whatever information they have about a person (e.g., name, birth date, Social Security number) and CLEAR ID Confirm compares it against information contained in Thomson Reuters proprietary public-records databases to determine if there is a match.
Since millions of names were involved, and time was of the essence, the initial output had to be as simple as possible. All the system had to do was answer one fundamental question. Mail the card? Yes or no.
Unfortunately, the data was not stored in a format that could be easily imported into CLEAR ID Confirm – a common issue with legacy systems. To solve that problem, the Thomson Reuters team worked with the agency’s IT staff to configure a way for the two systems to communicate. The result was an elegant workaround that made the data exchange more or less automatic, and was capable of verifying up to three million names a week.
Working as partners
Deciding what to do with the positive confirmations was easy: send them a card. The more significant problem resided in the “no” results. One way or another those unverified identities and addresses would need to be confirmed as well, but that would require some additional sleuthing. To help the agency complete its mission, a series of “reason codes” was developed to explain why specific names landed in the “no” results.
This information turned out to be extremely valuable. As the project unfolded, the agency’s data-analytics team began examining the reason codes to determine patterns and trends that might help them solve the second piece of the puzzle – how to turn more of those “no”s into “yes”s.
Analysts at Thomson Reuters also began reviewing the reason-code data, and soon the two teams partnered to devise ways to find or correct the as much of the missing information as possible. Another benefit of this collaboration was the development of several improvements to the automated data-exchange system, which in turn led to a higher verification rate and greater efficiency as the project progressed.
Success, ahead of schedule
The agency began mailing out its new cards in April of 2018, and completed the mailings in January 2019, months ahead of its April 2019 deadline. Mailings were done three to five states at a time, and Thomson Reuters helped the agency stay on schedule by turning batch name verifications around in 24 hours in most cases, rather than the allotted 48. The new cards look like the old ones but do not contain a Social Security number, signature, gender, address, or any other information that an identity thief could use to commit fraud.
The federal government’s intent with these measures is to create a system less susceptible to fraud, waste, and abuse. More than $1.2 trillion in taxpayer dollars is paid out to healthcare beneficiaries every year, but not all that money ends up in the right hands. In 2017, the Government Accountability Office estimated that Medicare alone had recorded $52 billion in so-called “improper payments” (down from $95 billion in 2016), and that same year the Department of Justice prosecuted several large fraud cases, recovering more than $3.7 billion in ill-gotten gains.
Not all improper payments are outright fraud – many are the result of billing errors and other bureaucratic issues – but the size and complexity of the federal healthcare system make it a favorite target for fraud nonetheless. Use of the new, more secure beneficiary cards will be mandatory as of Jan. 1, 2020, after which the federal government will continue to monitor its processes for signs of misconduct. In the end, the agency’s helped ensure that as many of those new cards as possible found their way to the correct recipient and that the government itself is better prepared to combat fraud in the future.
It was a good system. Now it is a better one.
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a "consumer report" as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer's eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.