HHS Should Help Curb Medicare Identity Theft, Lawmakers Say


On Monday, two House Ways and Means Committee Republicans released a statement calling on HHS to help reduce the risk of identity theft among Medicare beneficiaries by removing Social Security numbers from Medicare ID cards, The Hill's "Healthwatch" reports.

Reps. Wally Herger (R-Calif.) and Sam Johnson (R-Texas) -- chairs of the House Ways and Means Health and Social Security subcommittees, respectively -- cited a recent report by the HHS Office of Inspector General, which highlighted problems with the way HHS responds to Medicare identity theft (Viebeck, "Healthwatch," The Hill, 10/22).

HHS OIG Report Details

According to the report, CMS experienced 14 data breaches affecting 13,775 Medicare beneficiaries between Sept. 23, 2009 -- when a new breach notification rule took effect -- and Dec. 31, 2011. Of those beneficiaries:

  • 13,412 were affected by a single breach involving a Medicare summary notice printing error;
  • 190 were affected by two incidents in which data were posted online;
  • 165 were affected by 10 incidents involving mailing or communication errors; and
  • Eight were affected by an incident in which a contractor stole data.

OIG found that for half of the breaches, CMS did not notify affected beneficiaries within 60 days, as required by the federal breach notification rule.

OIG in its report stated, "If CMS does not follow requirements for handling breaches, opportunities increase for medical identity theft and fraudulent billing of the Medicare program."

OIG also found that contractors are not effectively using a CMS database that contains information on Medicare beneficiaries and providers who have been affected by identity theft. The database currently includes 284,000 Medicare beneficiary identification numbers and 5,000 Medicare provider numbers.

The report found that contractors often:

  • Are unaware of the database's features;
  • Do not use the database in a standard and efficient way;
  • Do not take steps to stop payments for compromised numbers; and
  • Report usability problems with the database (iHealthBeat, 10/12).

Details of Statement

In the statement, Johnson said the report should serve as a "wakeup call" for CMS to "take immediate action to develop a new system for protecting seniors from medical identity theft." He added, "Seniors are urged not to carry their Social Security card to protect their number, but at the same time they need to carry their Medicare card at all times to get health care. This makes no sense."

Herger said, "Though years of CMS indifference and delay make me skeptical, my hope is that this report finally persuades the agency to stop use of the SSN as the Medicare identification number" ("Healthwatch," The Hill, 10/22).

According to CQ HealthBeat, Johnson has introduced legislation (HR 1509) -- which is cosponsored by eight Democrats and 42 Republicans -- that would direct HHS to establish cost-efficient strategies to remove beneficiaries' Social Security numbers from the Medicare ID cards. Other similar bills also have been introduced in the House and Senate, but they have not advanced in either chamber (Norman, CQ HealthBeat, 10/22).

Kevin Klumpyan
The Social Security number is THE driver behind identity fraud and one of the central reasons why Medicare loses billions of dollars each year to fraud. Politicians constantly talk about how Medicare is going bankrupt to bad policy or bad budgeting but no one ever talks about how to stop the billions lost because of identity fraud. Prevention is needed, and getting rid of the SSN is a good start. To replace the SSN, Health ICONN from TASCET is the answer. With Health ICONN, identity fraud simply cannot occur. Identities remain protected and billions will be saved. This is the direction healthcare is going.

to share your thoughts on this article.