Federal action helps physician-victims of ID theft


A victim of identity theft? Yes, that phrase could describe you.

All physicians are vulnerable, according to the Centers for Medicare & Medicaid Services (CMS). Its Center for Program Integrity has identified approximately 5,300 compromised Medicare provider numbers in its database.


About 33 percent of medical identity thefts are not even discovered until more than a year after they occur, Federal Trade Commission data shows.

Physicians whose identities have been compromised can face overpayment demands from public and private payers, tax evasion charges for earnings never received and a hit on their credit score.

If other providers and patients learn that physicians are under investigation, their reputations may suffer as well. Even misuse of identifiers, such as signing a blank referral or a referral for a patient a physician doesn’t know, can leave the physician at risk.

There are two major ways criminals bilk the system using stolen National Provider Identifiers (NPIs), tax identification numbers, medical licensure information and beneficiary numbers:

1. An unscrupulous provider bills for health services, tests or equipment, making it appear as if a physician ordered them for a patient.

2. A fraud ring sets up shop using stolen physician identities and bills public and private payers for services never performed.

One of the largest fraud rings ever busted operated 118 phantom clinics that spanned 25 states and billed Medicare for more than $100 million.

Help is available

Historically, physicians and other providers who have been victims of identity theft have had difficulty clearing their names and getting relief from resulting financial liabilities. But help is available through the Center for Program Integrity’s Provider Victim Validation/Remediation Initiative. The program was launched in October 2011 to assist physicians who have been victimized and to speed the process of exoneration.

Physicians who have suffered financial liability as a result of medical identity theft can contact the appropriate program integrity contractor in their state. The contractors conduct extensive investigations and report their findings to CMS, which bases its final decision on the evidence presented.

For the program integrity contractor in your state, go to the CMS website at

Physicians who believe they are the victims of Medicare identity theft – but have not yet suffered any financial liability – should contact their jurisdictional Medicare administrative contractor or call the Office of Inspector General hotline at 1-800-HHS-TIPS.

In addition, Medicare physicians should contact all payers and consider placing a fraud alert on credit reports and a credit freeze on all business and personal accounts.

An ounce of prevention

The best advice, however, is to protect yourself and your practice. As the old adage goes, “An ounce of prevention is worth a pound of cure.”

Deputy Administrator for Program Integrity Peter Budetti, M.D., J.D., posted some strategies on the CMS website. They include:

Keep your medical information up-to-date. Report changes, such as opening and closing of offices and moving between group practices, to Medicare, Medicaid and insurance companies.

Review billing notices. Make sure there are no items or services listed that you didn’t provide.

Protect your medical information. Before giving out your medical identifiers to potential employers or other organizations, check them out to be sure they’re legitimate. Give your information only to trusted sources.

Train your staff. Make sure employees know the proper way to use and distribute your medical information, such as on prescription pads, electronic health records and other important documentation.

Educate your patients. Tell patients to be on the lookout for fraudulent activity on their explanation of benefits statements. Provide them with information about how to report fraud when they see it.

Report any suspected medical identity theft. Call the CMS program integrity investigative contractor in your region or report any suspected cases to the Office of the Inspector General.

Protect your prescription pads. Keep your prescription pads in a safe and secure environment. AdvanceMed, designated as a program safeguard contractor, offers more common-sense tips. Go to

CMS offers a medical identity theft Web-based training course titled “Safeguarding Your Medical Identity.” Participants learn how to recognize the risks of medical identity theft and what resources are available to protect their medical identity.

The course covers consequences for victims, mitigation strategies and appropriate actions for victims of medical identity theft to take. Continuing education credits are available for those who successfully complete the course. To access the free course, go to the Medicare Learning Network website at Under “Related Links,” click “Web-based Training Courses” and then the “Safeguarding Your Medical Identity” link.