The following is an opinion piece written by Jeff Leston, president, Castlestone Advisers LLC. The views expressed within the article are not necessarily reflective of those of Insurance Business.
Recently, Insurance Business has reported on several massive health insurance frauds. These pose a threat to the financial and clinical well-being of employees, and place corporate executives in legal jeopardy. Under ERISA, plan sponsors are to exercise the same standard of fiduciary oversight of health plans as they do for retirement plans.
The trap
Self-insured plans fail to realize the risk they have assumed includes the risk of fraud. They may have a false sense of security assuming their administrator will fight fraud - a dangerous and costly assumption. Administrators say they are not paid to reduce fraud, particularly since the funds belong to the plan. Sponsors also assume they have no affordable tools to address it. This is another inaccurate and costly belief.
Fraud is enabled by many factors, including:
The healthcare claim process
‘Auto adjudication,’ by which most claims are paid after claims through a series of edits, is a core enabler of fraud. There is no verification that the beneficiary or the provider were in the provider location where and when the claim stipulates. This makes frauds relatively easy to perpetrate. The frauds in recent articles and billions of dollars of other frauds are due to this flaw.
Health information everywhere
Health identities are stored on computer systems of every provider an insured visits - physicians, chiropractors, imaging facilities and drug stores. They are all susceptible to hacking and misuse. There are 50% more Electronic Health Records in provider offices than in 2009, and hacks are frequent. Insurance identification numbers are on these systems.
Hackers steal identities and sell them to allow people to get services. And as the Insurance Business articles demonstrate, providers easily commit fraud with the insurance numbers on file. A crooked provider can submit claims, not collect a co-payment, submit the claim for auto-adjudication and be paid. When the patient receives their Explanation of Benefits and sees their payment requirement is zero, they will toss the EOB in the trash. Delays in claim processing mean this this may not be discovered for weeks or months after the identity has been misused.
Carriers and administrators with minimal incentive to protect plans
The growth of consumer-directed and self-insured plans and insurance exchanges also creates a disincentive for carriers or administrators to vigorously pursue fraud. The primary attraction of an insurer to an individual choosing a plan is whether their doctor is part of the plan’s network.
Administrators of self-insured plans aren’t due the proceeds of fraud recovery. Either they will keep fraud recoveries, or not make a bona fide effort to reduce fraud.
Medical identity theft
Over 100 million Americans have had their health identities stolen, and there is no cap on liability for health insurance identity theft. “Identity protection” is merely credit monitoring and has no ability to prevent a health insurance number from being used to file a false claim. While there is a limit on the liability for credit card fraud, there is no such limit for health identity fraud, and the telling item is the $13,500 cost per incident.
Health plan claims processing systems cannot prevent claims from stolen identities from being paid.
What a sponsor can do:
First, get your data from your administrator. It’s yours and you have a right to it under ERISA. Second, stop the most common type of fraud - a bill for a visit that the employee or patient never received, either from a stolen identity or a provider fraud. The Return on Investment in these tools is in the triple digits, and they are far less expensive than products that cannot address health insurance identity theft. With health insurance fraud estimated at 3%-20% of expenses and $13,000 to address a single case, plan sponsors should add this protection to the tools they employ to manage risk. The cost of attempting to recover fraudulent payment far outweighs the cost of prevention. The tools are now available for the self-insured to self-protect.