Managing provider vulnerabilities in government healthcare programs

Melissa D. Berry
February 20, 2019

Government-funded programs by the numbers

An increasing number of Americans rely on government-funded healthcare programs such as Medicare and Medicaid for their health insurance.  The Centers for Medicare and Medicaid Services (CMS) reports tens of millions of beneficiaries were enrolled in each program in fiscal year 2018: 

  • 38.1 million in original Medicare;
  • 21 million in Medicare Advantage or other health plans; and
  • 75.1 million in Medicaid.

With more beneficiaries, federal health expenditures also continue to increase: 

  • Medicare spending grew 4.2% to $705.9 billion in 2017, and
  • Medicaid spending grew 2.9% to $581.9 billion in 2017, or 17 percent of total NHE.

Where does all this money go?  

Federal and state payments go to the Medicare and Medicaid providers who claim reimbursement for services they provide to beneficiaries.  There are thousands of providers.  For example, just some of the providers in the Medicare program include: 

  • 6,123 hospitals,
  • 11,593 home health agencies,
  • 15,268 skilled nursing facilities,
  • 258,473 labs,
  • 4,650 hospices,
  • 226,310 primary care providers,
  • 10,334 ambulance service suppliers, and
  • 85,297 durable medical equipment, prosthetics, orthotics and supplies (DMEPOS) providers.

Unfortunately, some healthcare providers see Medicare and Medicaid as easy targets for fraudulent activity with healthcare fraud, waste and abuse costing U.S. taxpayers billions of dollars every year

Historically, healthcare fraud enforcement has been a “pay and chase” model.  Providers submitted claims, the government paid the claim and then months or years later the government would try to recover overpayments through criminal or civil actions.

Often the healthcare provider and the money were long gone. 

Hiding behind straw owners

Healthcare providers exploit these program vulnerabilities by operating through straw owners and straw entities that mask the identity of the real owners, owners who are often already excluded from working in government-funded healthcare programs.

Providers who use a straw owner create a false medical office, clinic or supply company.  This allows the provider -- who may have a criminal record or be excluded from federally-funded healthcare programs -- to continue billing the programs.  These providers might pay individuals to serve as the straw owner or recruit friends or family members.  In order to detect these straw arrangements, it is important to trace the web of information related to each owner and operator of enrolled provider.  This can include verifying all the following information and more:

  • National Provider Identifier (NPI);
  • The Legal name on file with the Social Security Administration for individuals or the legal business name on file with the Internal Revenue Service (IRS);
  • Date of birth and Social Security number for individuals;
  • Tax Identification Number or Employer Identification Number for corporations;
  • Schooling and professional license information for individuals;
  • Certification information;
  • Drug Enforcement Agency (DEA) numbers;
  • Information about any final adverse actions, including criminal, civil or administrative actions;
  • Practice location information;
  • Business structure and organization; and
  • Electronic Funds Transfer documentation.

Some examples of these straw arrangements include:

  • Following a four-day trial, a federal jury found a South Florida pharmacist guilty of healthcare fraud on January 10, 2019, for his role in a $100 million compounding pharmacy fraud scheme. According to evidence presented in the trial, the pharmacist and his co-conspirators defrauded private insurance companies, Medicare and TRICARE by submitting false and fraudulent claims for compounded drugs that were not medically necessary, never provided or both.  The evidence established that in his role as the pharmacist at A to Z Pharmacy, a now-defunct pharmacy, the pharmacist conspired to submit or cause the submission of claims that often amounted to several thousands of dollars for a single tube of pain or scar cream.  In 2014, when insurance companies discovered the fraud at A to Z Pharmacy and terminated their contracts with the pharmacy, the pharmacist agreed to become the straw owner of Havana Pharmacy & Discount in Miami, which the evidence showed he and his co-conspirators used to continue the fraud.
  • A physician pleaded guilty on October 3, 2017, to conspiracy to commit health care fraud for his role in an approximately $19 million Medicare fraud scheme involving three Detroit area providers. In furtherance of the conspiracy, the physician admitted that he and others referred Medicare beneficiaries to specific third party home health agencies, laboratories and diagnostic providers even though those referrals were medically unnecessary. The physician also served as the straw owner of various pain clinics owned and/or controlled by a non-physician, and submitted false and fraudulent enrollment materials to Medicare that failed to disclose the ownership interest of the non-physician because it was illegal for the non-physician to own medical clinics under Michigan law.  In total, the physician admitted that he submitted or caused the submission of approximately $19,322,846.60 in false and fraudulent claims to Medicare.
  • A Detroit-area doctor was sentenced to 180 months in prison on November 17, 2017, for his role in $26 million health care fraud scheme that involved billing Medicare for nerve block injections that were never provided and efforts to circumvent Medicare’s investigation of the fraudulent scheme. According to the evidence presented at trial, from May 2008 until May 2014, the doctor and his co-defendant knowingly submitted fraudulent bills for services that they knew had not been provided, mainly nerve block injections.  Additionally, evidence showed that after Medicare imposed a requirement in 2009 that required the doctor's claims to undergo a medical review prior to payment, the doctor and his co-defendant conspired to circumvent Medicare’s fraud investigation by creating sham medical practices.  To continue receiving payment for services that were not provided, the doctor and his co-defendant concealed their involvement with these practices from Medicare by recruiting their family members and employees to serve as straw owners of the companies.

These are just a few of the many available examples of healthcare providers hiding behind straw owners in order to continue defrauding government-funded healthcare programs.

Shifting the paradigm to unmask the true owners

Part of the challenge of preventing fraud and abuse in healthcare is incomplete or inaccurate name and ownership information for providers.  With hundreds of thousands of providers, any variation in this information can allow healthcare bad actors to hide in plain sight to continue billing Medicare and Medicaid even after they have been excluded from the federal healthcare programs by the OIG. 

To minimize the Medicare provider enrollment vulnerabilities and reduce the occurrence of fraud from the outset, CMS now examines providers seeking enrollment much more closely in order to prevent these straw arrangements for allowing providers to continue participating and profiting from their fraud.  Some of the ways CMS is working to prevent providers from exploiting these vulnerabilities in the Medicare and Medicaid programs include:

1)      Reviewing Medicare providers that submit nonmatching owner names and take appropriate action;

2)      Educating Medicare providers on reporting requirements for change of ownership;

3)      increasing coordination with state Medicaid programs on the collection and verification of provider ownership information;

4)      Ensuring that CMS contractors check exclusion databases as required;

5)      Working with state Medicaid programs to identify and correct gaps in their collection of all required Medicaid provider ownership information;

6)      Providing guidance to state Medicaid programs on how to verify the completeness and accuracy of Medicaid provider ownership information;

7)      Requiring state Medicaid programs verify the completeness and accuracy of Medicaid provider ownership information;

8)      Ensuring state Medicaid programs check exclusions databases as required;

9)      Working with state Medicaid programs to educate Medicaid providers on the requirement to report changes of ownership;

10)   Working with state Medicaid programs to review Medicaid providers that submitted nonmatching owner names and take appropriate actions; and

11)   Increasing coordination with state Medicaid programs on collecting and verifying provider ownership information in Medicaid and Medicare.

These efforts should minimize the number of providers with a history of healthcare fraud who are able to continue billing Medicare and Medicaid for new fraudulent claims.

With so many providers billing Medicare and Medicaid and so much money at risk, ensuring accurate name and ownership information is imperative.  Verifying provider information across state Medicaid, CMS and OIG records will shine a light on potential fraudulent providers and could save taxpayers millions of dollars.

Use CLEAR to combat fraud in your programs

See how CLEAR can identify fraud, waste, and abuse other investigative tools may not see