As more consumers opt for the flexibility of serving themselves, it has become essential for businesses to deploy strong systems to authenticate identity. The challenge is how to reduce fraud without frustrating consumers or compromising the customer experience.
Biometric technology has been seen increasingly as a solution in industries such as financial services, but is there a useful place in insurance? As technology becomes more convenient –and more secure — many are saying yes.
What’s What in Biometrics
By identifying individuals through their unique physiological or behavioral patterns, biometrics offers a higher level of security, ensuring that only authorized persons have access to sensitive data. Physiological biometrics include fingerprint, face, iris and hand geometry recognition. Behavioral biometrics identify signature and voice verification, including keystroke kinetics that identify a person’s typing habits.
As consumer-centric channels such as mobile and online applications continue to expand, so will the risk of fraud. And while many industries, including insurance, continue to deploy new technologies to stave off attacks, the reality is that the tools and methods by which professional fraudsters operate are becoming increasingly sophisticated.
“While insurers have applied some preventive measures against fraud, the industry as a whole needs to catch up,” says Steve Cook, director of business development, Facebanx. “They must be forward-thinking and recognize the benefits of biometric technology and how it can help in preventing fraudulent activities.”
Reducing Claim Fraud and Protecting Data
One area where biometrics has begun to take hold is healthcare insurance. A study by the Ponemon Institute found nearly 1.5 million Americans to be victims of medical identity theft. Healthcare fraud is estimated to cost between $70 billion and $255 billion a year, accounting for as much as 10% of total U.S. healthcare costs.
Many insurers are using biometrics to help reduce billing fraud by eliminating the sharing of medical insurance cards between patients, or by making it more difficult for a person to assume another’s identity. For example, as an alternative to paper insurance cards, a biometric iris scan can immediately transport proof of a patient’s physical presence at a healthcare facility.
Biometric technology is also assisting healthcare insurers with compliance and data integrity standards — in particular with those set by the Health Insurance Portability and Accountability Act (HIPAA). For example, in addition to adhering to requirements for automatic logoff and user identification, insurers must implement additional safeguards that include PINs, passwords and some method of biometrics.
Fraud Capabilities in Property and Casualty
According to a report by Aite Group, the war against fraud in property and casualty insurance is also escalating. The group estimates that claim fraud in the U.S. P&C industry alone cost carriers $64 billion in 2012 and will reach $80 billion by 2015. Customer contact centers have been hit particularly hard. While the focus on protecting consumer data has primarily centered on online channels, fraudsters are now targeting the phone channel, as well. Leveraging information obtained through social media networks, thieves are manipulating call center representatives and gathering customer information.
For this reason, biometrics are being deployed. Representatives can cross-reference incoming calls against a watch list of known fraudsters, identifying unique voice prints. Advanced biometric techniques can also identify fraud patterns based on speech analytics, talk patterns and various “red flag” interactions.
The insurance industry is just beginning to scratch the surface when it comes to identifying areas of fraud management to which biometric science can be applied.
“Insurance companies [that] are first to adopt this kind of technology will push the fraudsters over to the competition, because fraudsters don’t want their face or voice on a database that they can’t control,” Cook says.
Making the switch to biometric security measures can mean a substantial investment if done on a large scale. Even so, with the proliferation of online channels, consumer conveniences and ever-shifting tactics of fraudsters, deploying some degree of biometric technology will become a competitive necessity. And, as long as the insurance industry continues to expand consumer services because of e-commerce and m-commerce, no doubt new applications of biometrics will come about.
Many insurers are redesigning their strategies to deliver systems that forestall attempted fraud, adapt to changing fraud techniques, and are applied at all points of interaction between a policyholder and an insurer. This change is driven by the alarming increase in professional fraud networks in the last five years and the realization that an effective fraud strategy can provide a competitive advantage in the currently very difficult market conditions.
A number of technologies have now matured to a level where, when used in combination, they offer insurers highly effective means of detecting and preventing even the most sophisticated fraud schemes. As a result, these technologies—which include predictive analytics, link analysis, text mining, in-memory database, and cloud services—will become significant areas of investment for insurers during the next 12–24 months.
A recent Ovum report, Tackling Insurance Fraud, discusses the reasons behind the increased focus on insurance fraud and explains how a range of technologies can be applied to implement a comprehensive and effective insurance fraud system.
Professional fraudsters use sophisticated schemes—such as staged or induced auto accidents, life insurance owned by strangers, or false hit-and-run claims—to illegally obtain significant sums from insurers. Professional fraud schemes often involve complex networks of criminal players within medical services providers, auto repair centers, hospitals, insurance agents, or even insurance companies. The volume of organized professional fraud is low in comparison with that of opportunist fraud by amateurs, but the sums being claimed illegally by an individual group can amount to many tens of thousands of dollars and, in some cases, millions.
The vast majority of insurers have already invested, to some degree, in fraud technology. Although this investment has delivered benefits, it has tended to take a piecemeal approach. Investment is usually focused only on the claims phase. Technology used today is generally not sufficient to address the growing problem of professional insurance fraud.
The continued fragility of many developed economies means that insurance markets will remain extremely competitive for at least the next 36 months, with only muted premium growth, limited room for rate increases, and investment returns that will remain volatile. So, insurers are urgently seeking ways to significantly and sustainably reduce both administration and claims costs. As claims payments typically account for 80% of an insurer's costs (excluding administration costs), reducing them by decreasing the level of fraudulent payouts can have a significant impact on a carrier’s cost base and margins.
With the Association of British Insurers (ABI) estimating that fraud currently adds approximately £50 to each auto policy, an effective fraud strategy can drive significant competitive advantage in a tough market by allowing insurers to reduce premium levels. An effective fraud strategy can also bring additional service benefits. In particular, simplifying and expediting the processing of legitimate claims increases the likelihood that a policy-holder will renew a policy.
There is no single “silver bullet” technology that can fully address the issue of complex insurance fraud. However, technology areas such as predictive analytics, text mining, link analysis, in-memory databases, and cloud services, together with fraud technologies commonly used today (such as rules-based systems and anomaly detection) can be combined to create highly effective systems that detect even the most sophisticated and complex fraud schemes. These systems are able to detect and adapt even to previously unknown fraud techniques that may be employed by professional fraudsters.
To date, most insurers have focused their fraud strategies on the claims process. While this is a critical point at which to detect potential fraud, the effectiveness of a fraud strategy, particularly in avoiding organized criminal fraud, can be significantly enhanced by using technology across the entire insurance product lifecycle. It is now possible to apply technology in real time, at multiple points at which insurers and policyholders interact. For example, the use of link analysis can stop fraud by identifying applicants with connections to others that have either committed fraud or are suspected of doing so.
Professional fraudsters can be very sophisticated. Insurers need to keep rearming themselves if they are to win the battle and help themselves thrive in a tough market.
This is Part 2 in a two-part series on automobile insurance fraud. Part 1 in the series appears here.
Who Participates In This Type Of Insurance Fraud?
Just about anyone. You'd be surprised. Even people who consider themselves upstanding citizens will get drawn into the business, because they see it as a victimless crime. One of the first cases I investigated involved a college-educated, former Farmers Insurance adjuster from Ohio. One day, he just decided to go to the dark side of the earth and started staging collisions from Ohio to California. He got away with $11 million before we caught him and put him in prison. He had so much activity going on that he carried a briefcase with him, and in that briefcase were 13 valid licenses from Colorado, Ohio and Texas — all valid — along with lots of crib notes from all of his activity. In an unlucky turn of events for the fraudster, he was stopped for speeding one night. As he opened his briefcase to get out a driver's license, that sheaf of crib notes was visible to the highway patrol officer, who reached right over his head and grabbed it. Lesson learned. Keep your crib notes to yourself.
People don't necessarily set out to go into insurance fraud as a career, but it's easy to see the attraction, said Borloff. “When you're first introduced to the people in this business, they say, 'This guy, he's in the insurance business,' and everybody understands he doesn't have an insurance company, he's in a different side of the business. But he's a well-to-do guy, with a house in Beverly Hills, with a car, with everything. And you ask yourself, 'Why can he do it and I can't?' And then you start to learn.”
It starts easily enough. The newcomer becomes the defendant in one staged accident, and voilà, $1,000 just falls into his lap. “It's a big deal for this guy,” said Borloff. “He just calls the insurance company, and that's it, he's a rich man. He wants to do it again. Trust me, he wants to do it again and again.” However, a savvy criminal enterprise will not use this guy again. They will use another guy, then another. So now our newcomer is intrigued to work it from the other side of the fence, to run his own business.
First he needs to recruit lawyers and doctors — and that's surprisingly easy, said Borloff. Where would you find an attorney willing to take such a risk? “Word of mouth or the Yellow Pages,” Borloff quipped. “Any attorney wants more business.” The business is so attractive that it is relatively easy to find professionals who want to be a part of it.
“Think about it. Who is this lawyer guy? He spent three years in law school, and he spent a lot of money. He is out of school now, and he has a lot of debt. What can he get? He can get a job for about $40,000 to $50,000 a year at the most, if he is lucky. So he opens his own office. He has just one secretary, and he's waiting for clients. But there are no clients, because there are a lot of lawyers around with the big names, big firms and so on. He is desperate.
“If you come to this guy and say, 'You know, I can give some business to you,' what will he say? As a lawyer, he is like an innocent girl — he wants seduction. You should not say to him, 'It's a staged accident.' No, you say, 'I can give you some business, but you will have to follow my instructions and pay me 50 percent.' He says, 'Of course,' and he agrees. If you teach him properly, he will properly do his business for you.”
Is it really that easy? Are there attorneys willing to look the other way at the likelihood that their cases are fraudulent? Yes. In a separate case, when I had an attorney in an investigation room and got him to confess, I asked him, “What were you thinking?” This was an aha moment. He said, “It's quite simple — there aren't enough real accidents to go around.” It's that simple.
Besides, real accident cases get complicated and messy, Borloff said. “Attorneys don't like real accidents because there are so many problems. There isn't a cooperative defendant — he says, 'No it didn't happen.' There are too many problems. It's easy for me to work with defendants who say, 'Yes, I hit him, I was not paying attention,' and with attorneys who want money.”
Many of the people involved in these schemes don't quite see it as wrong but rather as a rightful Robin Hood redistribution of monies. “I had one good, white-bread American guy. He was the perfect defendant,” said Borloff. “He did the accident, and then on the way home, he sees somebody not driving the proper way. He gets on the phone, calls the police, and gives them the license plate number. I said, 'You turned him in? You broke the law too.' He said, 'No, that was the insurance company.' Sometimes the insurance company is not seen as the good guys.”
Fraud Ring Leader: “This Is A War That Will Never End”
“If you want to win this war, you can't do it,” said Borloff. “It's like the Cold War between the USA and Soviet Union. There was intelligence and counterintelligence, and it went on for a long, long time.” Insurance companies develop more sophisticated fraud detection and prevention tactics, but the criminal enterprises adapt and become more sophisticated too. An insurance company known to have strong defenses may repel fraudsters, but only for awhile. Pitted against the fraud rings, insurance companies are at a disadvantage, said Borloff.
They lack depth in claims adjusters. “A good, educated adjuster knows how to work — he has some police experience, maybe some counterintelligence experience,” said Borloff. “I ask you, how many adjusters do you have with these credentials? I can tell you 1 percent is a generous calculation.”
Even if you can recognize staged collisions, there's still generally a payout. “You can try to fight it, but it's probably just to reduce the amount you have to pay,” said Borloff. Adjusters can try to bluff — say that the examination of the car indicates there weren't four passengers, or that damages are inconsistent with the accident description — but that doesn't work. The stager knows a lie when he hears it.
The legal system doesn't offer much redress. When a claim looks suspicious, a smart adjuster asks for a deposition and asks smart questions of the plaintiff in front of him. He may do his best, probing for details, hoping to ferret out inconsistencies. “But it's worthless,” said Borloff. “It doesn't matter what the answers are. If the people said back pain the first time, and neck pain the second time, what does it prove? It proves nothing. You can't go to court with this stuff. After the deposition, the adjuster doesn't have a lot of choices. He has to negotiate the price.”
The adjuster can make a lowball offer, but a good defender will push back, knowing the adjuster's supervisor will approve more, and the insurance company doesn't want to go to court. In court, the insurance company can only argue on the facts, but the facts are that the incident did happen, and the plaintiffs do report that they suffered pain and injury from it. Can you prove they didn't? You can't pressure defendants to recant, because they're in bed with the criminal enterprise. They've got the money and face jail time if they confess.
“In small claims court, insurance companies have no chance,” said Borloff. “A claims adjuster can come and represent the company, but if it happened, it happened. If you say you have pain, I have pain, we have a medical bill, and you have to pay toward this. I have a limit of $5,000, and each defendant can ask about this amount of money. And what does this situation get insurance companies? Nothing but a lot of trouble, and more trouble. The adjuster doesn't want this problem. His supervisor doesn't want this problem.” The fraud enterprise wins.
Let's have a reality check here. The insurance industry will never stop this. People are going to try to scheme our insurance system as long as the system we have in place today exists, and ours is one of the best in the world. It takes care of consumers when they get in trouble. But with that, you will always have people thinking of ways to scam the money. Change the system, and they come up with a new scheme. This is just what people do.
How One Investigative Team Won
The fight against insurance fraud may be a never-ending war, but there are still skirmishes to be won. I led a five-year undercover investigation of a large and sophisticated organized crime ring in Southern California — Borloff's, in fact — and won.
We started with 63 suspected fraudulent claims that were on file in the San Diego office of the Department of Insurance. There were quite a few interesting outliers in those claims. For one, everybody was of Russian descent. These were all rear-end collisions, sudden stops. Now, we all know that sudden stop rear-end collision is a quick pay. It's pretty easy to determine at-fault in these collisions — a couple hundred of them happen every day in Southern California. It's not that big a deal.
Then an individual in custody for an unrelated matter came forward and offered information that made these claims look particularly interesting — even named two primary players. A formal task force was established with the equivalent of a joint powers authority between federal, state and municipal law enforcement. An undercover officer was introduced into the San Diego community to try to identify the ring leaders and learn how they were recruiting others into the organization and conducting business.
I didn't want to chase stuffed passengers or street offenders at the lower level. I wanted to go deeper into the organization — to identify the stagers, attorneys and physicians who facilitated those claims. And it worked.
A Collaborative Effort
The undercover operation was a joint effort of the California Department of Insurance's Fraud Division, the FBI, the San Diego Police Department, the Immigration and Naturalization Service (INS), and the National Insurance Crime Bureau (NICB). Undercover agents came from the California Department of Insurance, the San Diego Police Department, the California Department of Health Services, and the Bureau of Narcotics Enforcement.
Seven major insurance companies cooperated by providing pretext policies set up solely for the purposes of the investigation. Only the companies' regional vice presidents of claims and Special Investigations Unit directors knew about the investigation. They agreed to have the claims legitimately paid, so the money could be tracked and there would be no suspicion of law enforcement involvement.
A lot of thought and effort went into this to backstop the identities of the undercover people. If a private investigator or lawyer ran these people, they would show up as true legitimate people with valid Social Security numbers, credit histories, houses, vehicles — it was backstopped to the hilt. You'd have no idea that it was law enforcement.
Working From The Inside
We successfully infiltrated this ring for more than 18 months and were staging collisions in San Diego, Los Angeles and San Francisco. Borloff was identified in the very first staged collision, and then the lead undercover detective partnered with Borloff to stage more collisions and car thefts. Borloff gave instructions to his new business partner about how to get involved in this game. For every car and policy he provided, the undercover officer received $2,500 – a total of $75,000 over the course of the investigation.
Little did Borloff know these cars were coming from the NICB salvage pool, and every move was being recorded. During the five-year period, Borloff was responsible for staging more than 100 automobile collisions, exposing the insurance industry to an estimated $2 million in fraud losses.
Five Years To Success
It was kind of dicey. The [cooperating] insurance companies paid out more than $230,000 in claims into this. However, everybody had the bigger picture in mind — the potential economic loss prevented (PELP), an FBI metric that forecasts the money that would have been lost if the criminals continued their activities unabated.
When it was time to strike, the United States Attorney's office in San Diego handled federal prosecution and the Los Angeles County District Attorney's office handled the state prosecution. This was a seminal case that eliminated the issue of double jeopardy. In the State of California, you can arrest and convict someone in federal court for mail and wire fraud with a scheme of insurance fraud, and then charge them at the state level with insurance fraud, and it's not double jeopardy.
I brought the investigation from cradle to grave. I started as the supervising agent in the San Diego Fraud Division of!ce, and by the time the investigation was over, I was captain of that office. The investigation netted attorneys, physicians and chiropractors along with their office staff, eight cappers and 44 claimants — and effectively shut down one of the largest such rings in Southern California.
The Information Imperative
“The main problem for insurance companies is they don't have enough information,” said Borloff. “When the adjuster discusses the case, he knows nothing. He knows just this is the car, this is the car damage, these are the people. He can check the records — see these people didn't have an accident for two years, three years and think they sound like nice people. But he's still suspicious, he pursues it all the way, and still he gets nothing, because it's still trouble, still problems.”
In order to detect suspicious claim activity, insurance companies need access to transaction information and supporting detail that typically resides in different systems. Transactions viewed in isolation could appear normal, but they might look quite different if you could correlate those transactions across related entities. However, a unified view based on multiple internal data sources is rare. Rarer still is the organization that has augmented that view with external data as well.
As part of an 18-month Command College program of graduate study, I designed a virtual office environment for a law enforcement environment. After graduation, that work led to an assignment to design a fusion center to promote information-sharing among federal, state and local entities. The fusion center I designed was the first in the nation to incorporate law enforcement data and financial data, which led to new discoveries. For example, we threw the system up for a test run, and investigators in the San Francisco Bay Area were playing with it. From working with the data and social networking analysis, we found two chop shops in Dallas that the local police department didn't know about.
Smarter integration and analysis of data will be a strong defense to the growing fraud problem, as well as a way to meet the pressures to achieve more with less. The data being gathered through the claims process is growing bigger and bigger, so you need to start looking at things differently and working smarter, and that means leveraging your data together. A number of statistical approaches can be created to build a solid predictive solution. For instance, when you combine business rules, anomaly detection (finding outliers), and social media analysis, you can identify suspicious claims even if there is no prior claim history.
Getting a handle on the fraud problem is not about processing more cases. It is all about working the right cases to make an impact to reduce fraud. If you do not identify the true cost drivers in fraud — the licensed professionals, administrators, cappers, stagers and other individuals controlling the criminal enterprises — you will never truly reduce the amount of insurance fraud in our communities. But when you apply best practices and analytics together, you create a powerful tool and business model to reduce fraud and provide great ROI for anti-fraud programs.
This series of articles is taken from the SAS white paper of the same name. © 2013, SAS Institute Inc. Used by permission.
This is Part 1 in a two-part series on automobile insurance fraud. Part 2 in the series can be found here.
Traffic engineers would love to unblock the clogged arteries of Southern California's freeway system, where rush hour is anything but “rush” — more like gridlock.
But in a land where one's car is one's empire, one's freedom and personal statement, carpooling is a tough sell. The high-occupancy vehicle (HOV) lanes have scant occupancy.
In fact, cars carrying multiple passengers are such a rarity that this scenario alone raises red flags for auto insurance claims adjusters.
Operating under the radar is a fast-growing segment of the so-called “underground economy” — organized criminal enterprises that stage automobile collisions with the intent to defraud insurance companies of medical payments. In some cases, the entire incident is created on paper, with fictitious vehicles and false identities. In other cases, the perpetrators take real vehicles with legitimate insurance policies out to vacant lots or remote fields to crash them and then fill out a counter report. The most compelling cases are the ones where participants intentionally ram vehicles together on city streets — often a rear-end collision in a left turn lane — then dial 911 and wait for police and emergency medical services (EMS) to arrive. This approach triggers a police report and EMS records, which lend an air of legitimacy to the event. It really happened.
Based on instructions from a stager, the driver and two or three passengers — who are known as “stuffed passengers” — report neck and back injuries. The passengers later visit a physician or chiropractor who is in collusion with the criminal ring. The patients sign in and leave without receiving any treatment. If the insurance company balks at paying the specious claim, the claimant enlists the help of an attorney who is also party to the scheme. The attorney is tenacious, willing to go to court, generally able to bluff until the insurance company backs down and settles.
In the process, everybody except the insurance company gets easy money. Property damage to the vehicle is paid to the owner of the vehicle, while multiple players split the proceeds of the settlement for medical payments. In a typical case where the insurance company settles for, say, $6,000, each vehicle occupant might get $1,000, the lawyers and doctors collect their fees, and the enterprise leader retains 50 percent of the professional services fees plus the balance of the claimants' settlement, if any. If the enterprise leader successfully stages dozens of such incidents a month, it's a lucrative business.
This practice exploded in Southern California in the mid-1990s. If you are a Special Investigations Unit investigator, you are dealing with this every day. The average caseload for an adjuster or claims representative might be 150 or 200 a day, depending on the size of the company. At least 25 percent of that is some flavor of fraud. It's either a false claim or an embellishment to it. People are doing it. Even people who think of themselves as law-abiding are doing it, because they don't think of insurance companies as victims. This type of activity is so prevalent that our undercover investigators would hear paramedics on the scene saying, “Okay, which one of you is going to the hospital this time?”
Automobile insurance fraud is such easy money that the business is even creating unlikely bedfellows. For example, in South Central Los Angeles, the Bloods and Crips — gangs that have had an intense and bitter rivalry — are now cooperating with one another in organized insurance fraud, because it's more powerful and profitable to join forces.
Six Steps to a Successful Insurance Scam
Constantin Borloff (not his real name), the former leader of a successful and sophisticated fraud enterprise that operated in San Diego, Los Angeles and San Francisco, shares his top tips for making fraud pay. Having paid his debt to society, the ring leader now tells insurance companies how he was able to steal so much money from them, who does it and why it's so easy.
Go For The Med Pay Money
Borloff would insist that vehicle insurance policies have med pay coverage — coverage for reasonable expenses to treat accident-related bodily injury. Since this coverage follows the vehicle, passengers in a vehicle that has med pay coverage will likely be covered as well. Borloff gave vehicle owners a list of insurance companies who would freely provide these policies.
In theory, claimants are supposed to repay med pay money if they receive a settlement, but that doesn't happen according to Borloff. “For all history, maybe two times the insurance company asked for money back. If you say you don't have money and can't pay it back, they say, 'Okay, don't pay back the money.'”
Find the Inattentive Insurance Companies
Borloff also selected insurance companies with a reputation for laxity, the ones whose claims representatives didn't take a stand and ask the hard questions. “Big companies like State Farm or Farmers have millions of policies, good special investigation units and more experienced adjusters, so that's where you would see more problems. It's better to go to the smaller company or where it's not their main business. These companies usually pay more, while the big companies usually pay a little less.”
Insiders in the business share this information, so they know which companies to avoid and which ones would pay off like loose slot machines in Henderson, Nevada.
What would make an insurance company an unattractive target? “I don't know what will stop me,” said Borloff. “All insurance companies are bound by law to pay. So for us, the system is working perfectly. The insurance company can fight, and they have a lot of resources to fight, but eventually they have to pay something. Maybe more, maybe less, but eventually they have to pay something.”
Choose Participants Who Won't Raise Suspicion
In a perfect world, your participants are white American citizens with clean driving records and their own drivers' licenses. Judges and juries look most kindly upon this type of claimant, according to Borloff.
It is equally important that their behavior fits accepted patterns. For instance, policies would be active for four to eight months before the staged collision. Claims would be modest, usually no more than $5,000 or $6,000. Activities were choreographed to avoid triggering red flags. “I know insurance companies have about 25 red flags,” Borloff says. “What the claims adjusters know, the criminal enterprise knows twice. I knew about all these red flags, and I tried to avoid them.”
Distributing the cases is one way to avoid detection, said Borloff. “If the enterprise will do, say, 20 collisions a month, the claims will go to five different insurance companies, each to a different attorney — 10, 15 or 20 different attorneys — and any given adjuster will have at most two cases to a specific attorney. Will the adjuster be suspicious about it? I don't think so. It's very dif!cult for the insurance company to catch these people in this situation.”
Borloff tells of a fringe case where a woman, working against the advice of her stager, staged four accidents in a single week. She submitted claims to four different insurance agencies. All four claims were paid, but this pattern of activity could have exposed everybody in the fraud enterprise to scrutiny and discovery.
Pay More Than Lip Service To The Medical Treatment
When private investigators were first sent to wait outside medical clinics to observe and videotape (the comings and goings of visitors), the first people they caught were the ones who walked in, signed in and left within a minute. People quickly learned to stay longer inside the clinic and have follow-up visits at intervals that would seem appropriate for their injuries and type of care.
Keep Your Stories Straight
Cappers and stagers write notes for people so they can remember their stories when talking to claims representatives, and later on, if they meet with an attorney and go into depositions. Somehow, somewhere, there is a record of all this. If the ring is dealing in volume, there must be good notes, or they won't remember the details of a case, and that's how they get tripped up. Some stagers get tripped up simply by having these notes in their possession — in their offices or briefcases, waiting to be found during a routine traffic stop or search.
Insulate The Players From Each Other
These groups tend to function as classic cell networks. In an effective cell network, the claimant may or may not be exposed to the other people involved, or may be only exposed to the doctor but not to the attorney. That's how these people are protected from one another. Participants may not have a knowledge of what else the group is doing. When we arrested 72 people on a state level and brought them into interrogation rooms for 72 hours, it was pretty clear that they only knew their own activities or those of friends they had brought into the group. They had no knowledge of the bigger scheme. That's how you protect your enterprise.
The parties in these fraud rings learn never to admit to anybody that the accident was staged. Everybody in the enterprise knows it, but if you tell even one person, there's a point of vulnerability. It is especially important to insulate the medical and legal providers, because their professional licenses are critical to facilitate these claims. They take it all the way and never back down.
How often would a criminal enterprise walk away from a case because an insurance company's Special Investigations Unit got involved? “I would not walk away, but I would accept lower settlement, for sure,” said Borloff. “One time one of my colleagues made a terrible mistake, and sent 63 cases to Allstate — one attorney, same office. They came to me and said, 'What should we do now, SIU is after us?' I said, 'Don't give up, try to fight,' but they decided to give up. It was the biggest red flag. They lost money. It upset people.” Giving up is tantamount to an admission of wrongdoing.
This series of articles is taken from the SAS white paper of the same name. © 2013, SAS Institute Inc. Used by permission.
Medical identity theft (MIDT) is a crime that has profound consequences for patients, insurance providers, and health care providers. The definition of medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and/or medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity. Unfortunately, the definition of medical identity theft and the consequences that are associated with the crime are not common knowledge to the general public.
A recent study conducted by Harris Interactive on behalf of Nationwide Insurance found that only one in six (~15%) of insured adults say they are familiar or very familiar with the term “medical identity theft.” Of the 15% that professed familiarity with the term, only 38% could correctly define what a medical identity was (Medical ID Theft Study 4). Unfortunately, this lack of widespread understanding of medical identity theft by consumers is part of the problem and it is costing consumers, insurers, and healthcare providers alike.
According to the most recent Ponemon Institute Research Report, 1.85 million Americans were affected by medical identity theft in 2012. This is a dramatic increase from the 1.49 million affected by medical identity theft in 2011, amounting to an almost 25% increase in just one year (Third Annual Survey 1). This rate of growth has the potential to explode due to several reasons. First, The Affordable Care Act is estimated to reduce the number of uninsured by approximately 30 million (Insurance Coverage Provisions 13), drastically increasing the number of insurers and insured patients that are targets for medical identity theft. Second, HIPAA policies and new rules under HITECH are increasing the use of electronic health records (EHRs) which can be vulnerable to data hackers. And lastly, the data hackers themselves are more sophisticated and cognizant of ways to profit off of personal data than ever before. All these factors combined pose a very serious dilemma in controlling the rate of growth for medical identity theft. Ponemon estimates that the cost of medical identity theft to consumers in 2012 was approximately $41 billion (Third Annual Survey 1). This does not include the untold cost borne by healthcare and insurance providers. We cannot afford the cost of letting this crime grow.
In order to minimize the effects of medical identity theft we must better understand the nature of medical identity theft. The Identity Theft Resource Center (ITRC) knows it is important to assess how consumers’ identities are stolen, how they find out they have fallen victim to this crime, and how difficult it is to resolve once discovered. The Identity Theft Resource Center believes this information can be used to educate and make aware the general public as to what medical identity theft is and how they can minimize their risk or mitigate the cost once they become a victim.
Looking at how medical identity theft victims discover they have fallen victim to this crime is crucial in determining what can be done to discover medical identity theft sooner to avoid increased expenses and instances of fraud. The 2012 Ponemon report found that the most common way (39%) people discover they have become victims of identity theft is by receiving collection letters for delinquent bills. This is bad news as this means the costs for the fraudulent services worked their way through the providers’ billing systems and languished there until they were forwarded to collection departments or agencies. In the time it took for the bill to make it to the collection department or agency, the imposter could have committed many more instances of fraud in different locations. The second most common method of discovery (32%) was by noticing mistakes in their health records, tipping them off to the medical identity theft. This is also bad news as mistakes in health records can have catastrophic consequences which can be fatal.
Fortunately, the third most common method (26%) of discovering identity theft was by victims noticing suspicious postings to a statement or invoice, such as an Explanation of Benefits statement. This is very good news as this usually means the victim is discovering their medical identity theft as early as possible. The earlier the victim notices the crime, the more likely they may avoid damage to their credit score, stop future abuse of their medical identity, and reduce the amount of time and money spent to rectify the issue. This statistic is even more interesting when compared to the previous two years of the Ponemon study, where only 9% of participants indicated that they discovered their medical identity theft via suspicious statements of invoices. This is a promising example of how educating and making consumers aware of medical identity theft can make a big difference in helping reduce the incidence of medical identity theft and its costs as a whole.
Looking into the mitigation process victims are confronted with after they discover their medical identity theft reveals the costs and trouble they have to go through to clear their names. There are two distinct objectives when mitigating medical identity theft. First, the victim must deal with an individual incident such as a thief receiving medical care under the victim’s name and the associated fiscal impact the crime imposes. Second, the victim must now deal with the task of “curing” themselves of medical identity theft, insuring that their medical identity is not abused again in the future. This second objective is extremely difficult and contributes to the devastating nature of medical identity theft.
Regarding the first objective, the process for rectifying an individual incident of medical identity theft is complicated and drawn out. The victim must immediately contact the medical records and billing departments of the healthcare provider that provided the services to the imposter, request their medical records, and inform the provider that they are not responsible for the fraudulent bills. Upon learning that there may be fraudulent information in the victim’s medical record, the healthcare provider may deny the victim access to their medical record for fear of violating the Health Insurance Portability and Accountability Act (HIPAA). HIPAA protects the privacy of patients’ medical records making healthcare providers worry that they may be violating the imposter’s privacy rights by releasing the medical record to the victim. Oftentimes, the healthcare provider does not know for a fact that the fraudulent information in the medical record was a result of medical identity theft and cannot rule out that it may simply have been an accidental mixing of two patients’ records. Regardless of the situation, the healthcare provider is afraid of incurring liability under HIPAA for releasing confidential medical information even if it is under the victim’s name. The victim may have to appeal the decision in order to be able to view their records.
In one case, a medical identity theft victim was charged for bills related to the alleged amputation of one of her feet. Luckily, this was easily refutable as she would simply show the hospital billing department that she still has her two feet. Unfortunately, the imposter also had diabetes which prompted a physician, during a subsequent hospitalization, to ask the victim what medications she was taking to treat her diabetes. Note, the victim has never had the disease (Menn). This case demonstrates how frustrating correcting medical records can be and reminds us how dangerous medical identity theft is to the victim.
It is also recommended that victims file a police report and submit a copy of the report to healthcare providers as it will usually help streamline the process. It is important for victims to note that medical identity theft, like any other form of identity theft, is a crime police are required to provide a police report for in most states. Once the incorrect information is identified, the victim must request that the healthcare provider either remove the information or at least flag it should the provider be reluctant to permanently remove it. After correcting the records at the location the imposter received medical services, the victim will then have to request an accounting of disclosures listing all the entities to which the healthcare provider sent the victim’s fraudulent records. The victim must repeat this procedure at each location that has their fraudulent medical record. All of this creates mountains of work for healthcare providers, insurers, and the victims themselves which increases costs in the medical industry for everyone involved.
The second and more difficult objective, “curing” oneself of medical identity theft, does not have a set solution. The problem stems from the decentralized structure of the medical data system. Every healthcare provider, pharmacy, and insurer has its own records and records system. In contrast, the financial industry has three major credit reporting agencies through which almost all financial credit information is processed. Therefore, when you have suffered financial identity theft, a great way to mitigate future instances of fraud is to place a credit freeze with all three credit reporting agencies so that identity thieves cannot abuse your credit again. There is no such central medical record agency for medical records. Thus, it is possible for a medical identity thief to commit fraud with the same medical identity over and over again in multiple locations around the country. The victim will have to go through the individual incident mitigation process every time and just hope that the identity thief will stop using their medical identity.
Since there is no way to get ahead of the thief and prevent the medical fraud from occurring, the best way to mitigate the costs and effects of medical identity theft is for the victim to be vigilant and confront each instance of fraud as soon as possible in order to reduce the amount of wasted time and costs. This repetitive cycle is exhausting and costly for the victim as well as healthcare providers and insurers. In all three years Ponemon has conducted this survey, the number of victims who said they had completely resolved their medical identity theft never exceeded 11% (Third Annual Survey 11). This is an ongoing problem that does not yet have a solution, but it is imperative for all stakeholders to be involved.
All of this information points us to the realization that medical identity theft is a costly and potentially dangerous crime that is incredibly difficult to resolve. To make matters worse, medical identity theft often goes undiscovered for long periods of time and only becomes more detrimental and difficult to resolve the longer it goes undetected.
The Identity Theft Resource Center proposes that one of the best methods of reducing medical identity theft and the costs associated with it is an educated and aware consumer population. To make this point, it is useful to separate out the causes of identity theft listed in the Ponemon report into two groups. The first group includes causes of identity theft that victims have no control over: healthcare provider used identification to conduct fraudulent billing (22%), malicious employee in the health provider’s office stole health information (7%), and the healthcare provider, insurer or other related organization had a data breach (6%). In total, 35% of the causes of identity theft cannot be affected by actions of the consumer. The second group consists of causes of identity theft that a consumer does have a degree of control over: family member took personal identification credentials without my knowledge (35%), mailed statement or invoice was intercepted by the criminal (6%), lost a wallet containing personal identification credentials (5%), and a phishing attack by criminal who obtained personal identification credentials (4%). Thus, the total of causes of medical identity theft that can be affected by actions of the consumer is 50%. It should be noted that 15% of the participants still did not know how they had their medical identity stolen.
Looking at the numbers above, it is clear that the consumers themselves can have the largest impact in reducing the number of medical identity theft cases and the severity of the cases that still occur. Not only do the consumers themselves have the best ability to reduce the risk of medical identity theft happening to them, they are the only people that can reduce the severity of the crime when it does happen. The Identity Theft Resource Center has long understood the ramifications of medical identity theft on the consumer population as well as the medical industry itself. We know that educating the consumer population can be cost-effective and powerful.
The Identity Theft Resource Center is a founding organization of the Medical Identity Fraud Alliance, the first public/private sector-coordinated effort with a focused agenda that unites all the stakeholders to jointly develop solutions and best practices for medical identity fraud. We encourage all industry stakeholders to join so that we can work together in galvanizing the consumer population into becoming the most effective weapon yet against medical identity theft.
How Consumers Can Minimize Their Risk Of Medical Identity Theft
- Review Explanation of Benefit statements as soon as you receive them as they may detail medical services that you never received.
- Review your credit reports multiple times a year to see if any fraudulent accounts have been opened in your name, or if any medical bills have been reported as unpaid.
- Be aware of phishing emails. These emails are designed to look like they are official communications from either a healthcare provider or insurer and ask for personal information such as a Social Security number, insurance policy number, or other information used to commit medical fraud in your name.
- Do not open attachments in emails from people you are not familiar with as it may have a virus or program to steal information from your computer.
- Use a Virtual Private Network when using the Internet outside of your home as this will encrypt your signal from your mobile device or laptop.
- Do not carry your Medicare card, Social Security card, or certain military identification as these have your Social Security number on them. Should you lose your wallet or purse or have it stolen, this information would be extremely valuable to a medical identity thief.
- Shred or safeguard any documents with personally identifiable information by either locking them in a safe hidden in the home or by storing them on an encrypted thumb drive and deleting them off your computer. Sensitive documents with PII include:
- Tax preparation papers
- Explanation of Benefits statements
- Medical Bills or Records
- Bank Statements
- Medicare, Social Security, or military identification card
Nationwide Mutual Insurance Company. “Medical ID Theft Study Results.” March 2012. Print.
Ponemon Institute. “Third Annual Survey on Medical Identity Theft.” June 2012. Print.
Congressional Budget Office. Estimates for the Insurance Coverage Provisions of the Affordable Care Act Updated for the Recent Supreme Court Decision. U.S. Government Printing Office. July 2012. 13 December 2012. http://www.cbo.gov/sites/default/files/cbofiles/attachments/43472-07-24-2012-CoverageEstimates.pdf
Menn, Joseph. “ID Theft Infects Medical Records.” Los Angeles Times. 25 Sept. 2006. N.pag. Web. 20 Dec. 2012