The accounting procedure for healthcare providers has been more effective and simplified in the decade since CMS implemented National Provider Identifiers (NPIs). All healthcare programs, notably Medicare and Medicaid, adopt and recognize NPIs.
Consequently, NPIs, like Social Security numbers, is an essential aspect of healthcare practitioners’ medical identity. Unfortunately, this also implies that, like a Social Security number, an NPI may be used to commit identity theft. This is primarily due to the fact that NPIs are not private. The National Plan and Provider Enumeration System make your NPI public. Furthermore, your NPI is stored in EHRs, which are accessible to rogue workers and potential cyberattackers.
Fraudulent Use of NPI
Year after year, countless NPIs are stolen from medical practitioners and utilized in additional fraudulent schemes, mostly Medicare and Social security fraud. The theft or abuse of a healthcare provider’s NPI is, in fact, one of the characteristics of medicare fraud. Since NPIs are not secret and are public information on the National Plan and Provider Enumeration System, they are susceptible to cyberattacks and theft. Furthermore, NPIs in electronic health records are vulnerable to rogue personnel and potential hackers.
How to Prevent NPI Theft?
If your NPI is taken, millions of dollars in illegal payments or hundreds of fake prescriptions may be credited to you before somebody is aware of what has occurred. Furthermore, if this happens, you may be subjected to a government inquiry to check you out as a culprit in a criminal investigation and/or ascertain if you are responsible for compensating the state for the crime.
During the inquiry, CMS is also likely to stop paying you. This can have a significant influence on your money, reputation, and, as a result, your profession. There are things you can do before that transpires to avert NPI theft and perhaps prevent massive pharmaceutical fraud.
There are actions providers may take to avoid NPI theft and subsequent health care fraud. These include distributing NPIs wisely and understanding who and why is utilizing the NPI. In addition, organizations can track invoices and refunds to ensure that invoiced services correspond to actual income and that payments are not misdirected afield. They can also keep track of enrollment data and notify any adjustments, such as clinic location. Finally, if a provider detects NPI theft, he or she should alert the Center for Program Integrity at the Centers for Medicare & Medicaid Services as soon as possible.
Three Steps to Prevent NPI Theft
Only give out your NPI to people who need it and whom you know and trust. If you are asked for your NPI, be sure you understand why and who will use it.
Examine the way your NPI can be used. Check bills and repayments, for example, to ensure that invoiced activities match your revenue. If it doesn’t match, it’s a sign that someone is directing your refunds to a false address. Review your credit record as well for any strange activity under your account. This is another sign to check whether your NPI has been tampered with or not. If you don’t have the time to monitor, delegate the task to someone you know.
Review and Update
Examine your enrollment data with providers regularly to ensure that it is valid and that nothing has been shifted. Take a moment to revise all enrollment information when your clinic location or company changes. To that purpose, CMS requires you to notify CMS of any modifications to any information provided to get your NPI within 30 days of the changes.
If your NPI is hacked, it isn’t easy to clear your identity and gain relief from any financial responsibility. Nevertheless, in 2011, CMS established the Center for Program Integrity (CPI) to help the victims of NPI fraud and to expedite the wrongful conviction process. Contact CPI as soon as you detect NPI theft.
What to do if You Suspect Theft?
Investigate after contacting CPI. Begin by checking records for irregularities, paying particular attention to billing and patient files pertinent to the illegally invoiced services. If you discover fraudulent behavior, alert everyone who accessed the patient’s data, advise them of the false information in the patient’s files, and urge them to rectify their records. Then, if the incident happened under the HIPAA Breach Reporting Rule or any relevant state breach notification legislation, make any appropriate reports of the security breach. Take the opportunity to reassess your data protection and HIPAA compliance as well.
Ultimately, there are times when initiating a lawsuit is necessary and warranted. Healthcare providers, for instance, have brought monetary damages suits against organizations or persons who have exploited their NPIs without permission. In those situations, the basis of culpability is that a plaintiff firm and/or person misappropriated the healthcare provider’s credentials and breached a fiduciary obligation. In addition, when a contract exists between the physician and the defendant(s), the complaint charges contract breach.
These cases are often made after the government has completed its inquiry and received a plea or resolved any civil liabilities with the accused. In certain circumstances, filing action after the government’s investigation has ended provides the plaintiff with a strategic value. This is because proof has already been gathered, and admissions have been made.
There are easy precautions you may take to protect your NPI number from being stolen. However, you must secure your NPI in the same way that you protect your Social Security number, and at the very least, check the usage of your NPI in the same way that you monitor your credit score on a regular basis.
Preventative actions are not always practical. If your NPI is stolen, make the necessary reports and warnings; analyze and determine the source of the theft; and, if necessary, launch a lawsuit. The quicker you respond, the better. Stop fraudulent healthcare practices before they become widespread, saving government funds and keeping healthcare from becoming more expensive.