The recent events surrounding the incidences of heparin contamination from China1 that was possibly willful in intent, as well as the dramatic increase in the estimated cases of deaths associated with heparin, point to a very troubling matter of terrorist elements in the medical product chain security.1 Vital records, financial accounts, and personal health records continue to be compromised at the nation's largest data warehouses.2-6 The massive loss of personal data and customers' transaction files that have been aligned for marketing purposes poses not only an identity loss risk, but also raises concerns about the healthcare delivery system's ability to protect personal health information and institute fraud-related prevention activities.
In addition, new projects, such as the Medicare Part D program, may feed the opportunity for unwarranted graft and corruption, because of the novelty of the product and the lack of process controls for claim payments needed to establish adequate loss prevention techniques (ie, "audits"). Programs and tools used to audit services were not adopted early in the program by many health plan sponsors and participants in reimbursement projects, because of the novelty of the program, as well as the frequent changes requested by the Centers for Medicare & Medicaid Services. Society must have a baseline degree of trust in its systems to ensure that the identity of the individual requesting medical services is indeed that of the legitimate person who is receiving the service.
Scope of the Problem
Data contained in electronic warehouses include all aspects of a person's life—age, sex, credit, personal shopping habits, financial worth, legal actions, health status, social security numbers, license numbers, educational status, and many other parameters. These data also contain insurance reports, examination results, past medical payments to various healthcare providers, preexisting medical conditions, and possibly the details of current medical benefit coverage. These are all gleaned from multiple sources and are nicely aligned for use in sales prospecting.
These data may be sorted, filtered, and aligned to target potential customers with razor-edge accuracy for marketing purposes. These data are for sale to telemarketers, mass mailers and catalog providers, insurance companies, and other prospectors with elements needed to focus success in the sales process. These data are also neatly arranged for marketing and sales purposes to provide new companies the tools to target-market their products.
The true scope of the data loss (or theft) is far broader than is being reported.7 This situation could become catastrophic in terms of payment for services and the overall integrity of our healthcare delivery process if the current trends of fraud continue. Significant problems can be expected from wrongful details being inserted into a claim history from fraudulent use of personal health services; this may unknowingly occur by the legitimate person for whom the benefits are intended and may continue until the member seeks renewal of benefits or until that member's policy is being rejected as a result of preexisting stipulations that have entered into the health record from the fraudulent users who have accessed the services.
Today's robust embracement of the electronic world has unwittingly made it easier to perpetrate many of the opportunities for theft, diversion, and fraud. In the years before the widespread electronic medical records (EMRs), automated call centers, and detached services, plans and providers had more live people processing and reviewing claims, but that is rare today.
The "tricks," diversion, and fraud may go unrecognized today because of our sophisticated automated processing methods. Although some may consider this unimportant, or the value of the loss may be seen as unimportant because of the ability to increase premiums to cover the costs of the loss, this is little comfort to the individual whose health records have been compromised. (And yet, individuals who may suffer more than corporations, may at least have legal recourse if the health sponsor failed to protect personal health data.)
With medical costs now the highest in history and the increasing resistance to higher premium costs from payors, it is only sensible to recognize that fraud is taking place routinely in payor plans, supply chains, and, even in manufacturing processes. This adds to the cost burden of the employer as the payor attempts to maintain financial goals.
Abuse of Prescription Drug Benefits
In 1999, fraud specialist D.M. Disney and associates noted that the amount of dishonesty, fraud, loss, and theft in our healthcare system had reached $100 billion.8 With the healthcare portion of the gross domestic product now exceeding 16%, the next few years will become critical years for prevention efforts to reduce fraud, diversion, and theft, which are drivers of higher healthcare costs. The importance of loss reduction is even more critical with the massive change in Medicare Part D. The 2005 Deficit Reduction Act includes goals to reduce and prevent losses from intentional and erroneous wrongful deeds.
Pharmacy and managed care organizations are acutely aware of the existence of narcotic diversion, perpetrated by skilled professionals who use benefits to obtain medications, then resell them on the gray market to unsavory pharmacy dispensers or on the streets for high profits. The acknowledged problem with diversion of narcotics is also a problem for nonnarcotic prescription drugs, because of the high cost of popular prescription medications.9 It has recently been noted that the greatest number of people in the United States are now consuming pharmaceuticals at the highest level ever,10 and the United States is leading the world in consumption of these products. However, nonaddictive drugs are rarely seen as a potential concern for diversion by health plans. This oversight has resulted in many undiscovered diversion issues of medications and devices being sold at flea markets, on eBay, and in the shadow (gray) markets.
The term "wayward prescription" was coined to raise awareness to the intentional misuse of prescription drug benefits, using techniques for defrauding health plans, supply chains, or manufacturers.
Gaming the system
As the cost of prescription drugs rises, so does the ingenuity of perpetrators to convert these opportunities into fast cash. Complicating the issues of overall healthcare fraud and abuse is the admitted participation of some providers in wrongful, even illegal, acts.11 Health plans have recognized that some providers admit to intentionally misleading health plans to gain approval of benefits for their patients.11
In a 2000 survey published in the Journal of the American Medical Association, 39% of the 720 responding physicians said they sometimes, often, or very often manipulated reports to their patients' health plan to help their patients gain coverage for needed medical care.12,13 These "manipulations" consisted of12:
- Exaggerating the severity of their patients' conditions
- Changing the patients' billing diagnoses
- Reporting signs or symptoms that the patients did not have.
A full 72% of the surveyed physicians admitted to using at least 1 of these 3 tactics in the preceding year. Furthermore, 28.5% of the physicians agreed with the statement, "Today it is necessary to game the system to provide high-quality care."12 And 15.3% agreed that it is ethical to do so.12
Simply stated, if the benefit terms to the members are less than the actual cost of the services or goods, and if the payment process for medical services continues to be surrounded by lack of consumer knowledge, then the opportunity presents itself for profiteering and diversion.9 As prescription drug costs escalate, the chances of reselling the medications, bartering, or diversion of services for financial gain increase.
Shadow (gray) market activities
Today's injectables may be accessed by using prescription drug benefits; with costs of dosing for injectables often amounting to $1000 per treatment, this creates an incentive for profiteering. And with drug prices exceeding the cost of gold per ounce, the shadow markets for Epogen,14,15 Neupogen,14 growth hormone, and other injectable medications have developed with intensity. In addition to loss, these practices are also contributing to the high costs of the healthcare delivery system overall and possibly for errors in the delivery of care. Counterfeit medications are now being promoted unknowingly by the supply chain, with catastrophic results,15 leading to recalls and alerts from the US Food and Drug Administration.
Ironically, with the widespread electronic connectivity, it is not difficult to find willing purchasers of diverted medications or other outlets that participate in shadow market activities. These high-cost medications are easily peddled and are prime targets for profiteering.16 Theft from manufacturing, distribution channels, transportation, prescription drug fraud, or end-users occurs frequently. Because theft from many of these sources is unreported, except for the financial loss, it is difficult to assess the magnitude of the problem.
The penalties for these diversions and thefts range from none-to-moderate jail time, mostly based on the amount of dollars involved. Enforcement resources for prescription diversion are difficult to obtain because of the demands of competing needs. It is well known that clandestine laboratories making substances for illicit sale often take precedence in resources from law enforcement; legal drugs may seem a minor problem compared with the large dollar amounts needed to deal with illegal drug trade.
The resources needed for prosecution of prescription drug crimes are significant as a result of the intertwined police relations, jurisdictional boundaries, and surveillance needs for evidence gathering. Because of the large numbers of participants in illegal behaviors, the combined loss is significant. The variability of the schemes and the diversity of the perpetrators are contributing factors adding to the scope of the problem.
Diversion of prescription drugs
Diverting legal prescription medications takes various forms. Prescriptions are gained by multiple presentations of forged documents, the use of prescription drug benefit cards for other than the rightful owner of the benefit, the use of the benefit card to supply medications to a relative, a friend, or to buy favors with. Prescription drugs do not need to have a street value or a narcotic value, but a prescription has a price per unit that makes the resale appealing to the perpetrator.
In the prescription drug diversion world, a 100-count bottle of the powerful prescription pain medication OxyContin 80 mg has an average street value of about $8000, or $80 per tablet16; the generic, oxycodone, is valued at 50% of this.16 A 500-count bottle of another pain medication, Vicodin, has a value of about $2500, or $5 per tablet17; the generic form, hydrocodone/acetaminophen 5/500, is again valued at 50% of this price.17 Even in a dishonest process, the brand-name drug has a premium price based on the perception of a higher-quality medication.9
Essential Role for Explanation of Benefits
If an explanation of benefits (EOB) is not sent postservice to the legitimate member, the member will remain unaware of any scam or up-coded bills. If the address is changed, this may not be seen until the member calls the payor or until another event alerts the member to the fraud. Members may not pay attention to an EOB because they do not understand them, or they do not care unless they owe a balance. Only when the real member becomes financially responsible for a loss of benefit or a financial loss is that member motivated to act.
Most Medicaid providers do not send EOBs. In contrast, Medicare has recognized this risk for many years and provides member payment information after each service encounter. Even with an EOB, the time period of mailings and true member response to customer service regarding errors may be a minimum of 30 to 60 days for prescription drugs and even longer for medical services, because of billing processes. This is much longer than in cases involving financial fraud, such as credit cards, where the credit card companies have a wide range of surveillance tools for alerts that health insurance providers lack.
Once a thief has data elements on hand, it remains a simple task to call the health insurance provider and say that the benefit card has been lost. Most insurers have instituted policies to comply with the Health Insurance Portability and Accountability Act (HIPAA); however, HIPAA requirements may offer a false sense of confidence that the person on the phone is indeed the rightful owner of the identity. By answering a few simple questions for authentication, which may also be in the stolen data, a replacement card is easily obtained from the health plan. Often complicating the issue is that the insurer's demographic files may be out of date; even if the customer service agent questions the caller stating that this is a different address, the reply is easily covered by the thief by saying, "I've moved," or by making a preliminary call that may be preceded by a call to change the mailing address. Once the health cards are in hand, the opportunities are boundless.
Taking this example further, the cards can then be used or sold with additional identification to provide a "package deal," supporting a "total identity makeover."
Not only are members being targeted, but providers as well are targets for these fraud rings. Many cases of provider identity thefts resulting in fraudulent service billings and diversion of provider reimbursements have been documented. The following examples are ample evidence:
On February 10, 2005, a Hunterdon County, New Jersey, healthcare worker pleaded guilty to claim fraud after submitting more than 40 fraudulent health insurance claims totaling $13,900.18
In February 2005, 6 people were arrested in connection with a prescription drug and welfare fraud ring in Boone County, West Virginia. State troopers said a ringleader impersonated her coworkers while working at Madison Healthcare so she could call in false prescriptions for the painkiller hydrocodone.19
Two former employees of major New Jersey pharmaceutical companies were sentenced in February 2005 for the illegal sale of nearly $300,000 in prescription drug samples to pharmacies in New Jersey and Florida, and for a separate scheme to defraud Schering-Plough of more than $500,000, according to US Attorney Christopher J. Christie.20
The Office of the Inspector General reported in January 2005 that scammers were getting identity information so they could file false claims with Medicare.21
Nearly $18 million worth of reduced-price HIV drugs intended for patients in Africa were reported in October 2002 to have been intercepted by profiteers and shipped back to Europe to be sold at marked-up prices.22
Nearly 200,000 tablets of Lipitor, the world's bestselling cholesterol-lowering medication, "was found to be counterfeit and recalled by a small Missouri wholesaler in May 2004. Some of the pills had already reached Rite Aid and CVS pharmacies"23 by the time the report was issued.
Existing laws and regulations present few barriers to entry into the wholesale drug market. It can be harder to become licensed as a beautician than as a pharmaceutical distributor. On October 19, 2003, the Washington Post reported that with a $700 permit fee and a $200 bond, a pair of Florida manicurists got a license to sell intravenous drugs.23 An auto body shop owner in Miami got a license to sell drugs in Maryland.23 Nevada awarded a license to a 23-year-old former restaurant hostess to operate an Internet pharmacy that specialized in narcotics.23 "The problem is, just about anybody can get a license: 50 states, 50 sets of rules, 50 places to venue shop," said Joe Riley, an FBI agent in Newark, New Jersey, who has investigated pharmaceuticals stolen in cargo heists.23 "And that's the first thing that's thrown back once they're caught with stolen goods or counterfeit drugs: ‚ÄòHey, the guy I bought from faxed me a copy of his license.'"23
Estimated Cost Burden of Medical Fraud
The current number of prescriptions dispensed annually in the United States is estimated to exceed $240 billion in 2008.24 This cost is staggering, but it has been increasing every year, at an average of about 7%. Previous year's pharmaceutical price increases have raised the ingredient cost of the prescription by a minimum of 5% per year. This makes the present value of nonnarcotic, nonstimulant, and nonhypnotic drugs a significant cost burden. In its 2008 Drug Trend Report, Medco reported that, for the first time ever, more than 50% of Americans are now using prescription drugs.25
This article does not attempt to detail all forms of fraud in our medical services but merely to highlight examples of the exposure of all members—plan participants as well as government agencies—to fraud and theft as a result of EMR, auto-adjudication, and failings of human oversight (Table).
Implementing Preventive Steps To prevent or minimize the theft and abuse of prescription drugs described above, health plans should become aware of certain fraud practices and institute mechanisms to detect and prevent it.
1. Managed care plans, both commercial and Medicaid plans, often suffer from not providing tools to their members to assist the managed care organization in detecting fraud. The simple process of providing an EOB to members for prescription encounters greatly reduces prescription-dispensing fraud. Phantom prescriptions are prescriptions adjudicated using a member's identity at a pharmacy for a member who is unaware that the pharmacy is being paid for the drug as listed on the EOB. Often the driving force in phantom prescriptions presented for plan payment is the belief that the plan is unjust in its reimbursement practices. The issuance of an EOB allows the members to determine if they had an unjustified charge for a prescription they did not pick up; without an EOB, tracking one's drug charges is a cat and mouse game.
2. Plans often use resources while designing benefits but fail to complete the circle to ensure that if a drug is dispensed, the member receives the drug and the pharmacy is appropriately paid for it. One example is the design to track total out-of-pocket cost. Many plans have the provision for prescriptions to be called in to a pharmacy, and adjudication then takes place before the member picks up the prescription, to minimize the wait time for the member. In this scenario, the claim is processed and member accounting is done on the backside. If the member has a policy that accumulates payments to reach a deductible, the practice of calling in prescriptions and not picking them up by the member may add to reaching the deductible. To resolve this problem, if a claim has been voided or reversed, there should be a provision that the claim cost should also be removed from the accumulated totals for that member. The prescription that was not picked up may not be reversed and the dispensed drug returned to stock without a reversal of the paid charges to the dispensing pharmacy, thus allowing it to be placed back into stock. The result is a double gain for the pharmacy, which sells the drug twice. Plans should have auditing systems to look for a percentage of claim reversals and be on the alert for underutilization of a claim reversal feature.
3. Careful oversight should be provided to independent pharmacies that have health contracts with the provider payor. It is much too easy to fill family prescriptions for gain. Because most audits entail looking at the signature log, this can be easily addressed by audits.
4. High-cost injectables are prime targets for fraud, diversion, and theft because of the high drug ingredient cost and the low copayment often in proportion to the drug cost. Medicaid copayment is often less than $5, which buys a month's supply of growth hormone that costs $1500; a month's supply of injectable arthritis medication (Enbrel) that costs $1400; and other injectables that cost more than $1000 per month. Organized groups around the country are trying to get as many medications as possible. Medications are often requested for a patient's disease states but are not being taken by the person for whom they were intended. Instituting prior authorization can prevent this practice.
5. Good accounting practices used by the pharmacy can limit thefts by employees. Purchasing accountability as well as integrated systems for accounting of amounts purchased versus those dispensed in the clinic reduce loss from theft by alerting for misaligned accounting. The awareness of all forms of surveillance is also a significant deterrent to impulsive theft.
6. In almost all these cases, however, unless the medical provider personally knows the member, identity fraud is easy to perpetrate. Without photo identification, clinicians have little to go by to validate the member's identity. Implementing radio frequency identification, smart cards, or, at the very least, photo enrollment cards, is recommended.
7. Your plan should partner with a claim administrator that can combine medical and pharmacy claims, using analytic tools and programs to statistically review claim encounters:
- Evaluate the reversal rate for prescriptions based on regional or state rates; if your plan rate is excessively low, further investigation should be done on individual pharmacies
- Use an internal algorithm that looks for prescription claim reversals after 5 days
- If the brand or injectable drug cost exceeds the local average, or if the brand or injectable utilization percent is high, this is another clue for fraud
- Use appropriate age edits for drug suspensions and liquids for patients younger than 6 years or older than 65 years (especially for antibiotics); look for out-of-the-ordinary refill transactions
- Review dental/medical records for duplicate claims; the first alert often comes from dental extractions and procedures (it is unique to have the same tooth pulled more than once)
- Evaluate usual distribution of prescriptions from multiple prescribers or provider stores
- Require National Drug Code codes for J-coding for billing; the use of "junk" codes allows hiding duplicate medications
- Check your crossover claim billings with Medicare and review the process; if the plan is getting many secondary claims with a denial, it may be a case where the provider is driving the denial so that the secondary insurer will pay
- Evaluate the matching of the diagnosis and the prescribed drugs; analysis requires blending the medical and pharmacy data.
The current evidence of crime using current processes and systems is staggering, with no end in sight. Payors, distributors, end-users, and members all have a part to play in limiting this growth, as well as proactively attempting to reduce the incidence of fraud, diversion, and theft of medical services. Such diversion was often thought of as occurring exclusively with narcotics, but with the current high cost of medications in all drug classes, this is a tantalizing chance for high profits by the profiteer at the expense of our healthcare delivery system and patient safety and wellness. Appropriate restrictions, edits, and authorization must be put in place to deter such risks and prevent continued waste of healthcare dollars. Awareness of the complex nature of these issues can identify and control this waste of healthcare funds.
- Mundy A. FDA triples heparin death count to 62. Wall Street Journal. April 9, 2008:A2.
- Cullen T. A cottage industry blooms to help victims of ID theft. Wall Street Journal. April 21, 2005. http://online.wsj.com/public/article/SB111399912456311865WX4DmUirv_YRq9HkP7ro4t4dJEA_20050521.html?mod=tff_main_tff_top. Accessed June 26, 2008.
- Pringle D, Zimmerman R. Lexis-Nexis uncovers more consumer data breaches. TBRNews.org. April 12, 2005. http://www.tbrnews.org/Archives/a1528.htm. Accessed June 26, 2008.
- Tehan R for members and committees of Congress. Data Security Breaches: Context and Incident Summaries. Congressional Research Service Report for Congress. Updated May 7, 2007. http://www.fas.org/sgp/crs/misc/RL33199.pdf. Accessed June 26, 2008.
- Hines M. Lap top theft places 98,000 graduate admissions information at risk. CNet News. March 29, 2005. http://news.cnet.com/Laptop-theftputs-data-of-98%2C000-at-risk/2100-1029_3-5645362.html. Accessed June 30, 2008.
- Gosselin KR. Visa USA: security may have been breached. Hartford Courant. March 4, 2005: A1.
- Ngan K, Te J. Misuse of data has broad implications for organizations. Computerworld. March 9, 2007. http://computerworld.co.nz/news.nsf/printer/E68D1B1E89DF2442CC25729200169514. Accessed June 26, 2008.
- Disney DM and associates. Insurance fraud is more widespread, and more costly, than many people think. DMdisney.com. 1999. http://www.dmdisney.com/fraud_stats.htm. Accessed June 26, 2008.
- Muha J. Drug diversion: preventing retail pharmacy theft. Loss Prevention. September 1, 2006. http://www.losspreventionmagazine.com/archives_view.html?id=1591. Accessed June 26, 2008.
- Hitti M. 5-year report shows sharpest increase in type 2 diabetes drugs. May 17, 2007. MedcineNet.com. http://www.medcinenet.com/script/main/art.asp?articlekey=81184. Accessed June 26, 2008.
- Hilzenrath DS. For doctors, managed care's cost controls post moral dilemma. Washington Post. March 15, 1998:H01. http://www.washingtonpost.com/wp-srv/politics/special/healthcare/stories/h031598.htm. Accessed June 26, 2008.
- Wynia MK, Cummins SD, VanGeest JB, Wilson IB. Physician manipulation of reimbursement rules for patients: between a rock and a hard place. JAMA. 2000;283:1858-1865.
- Bloeche MG. Fidelity and deceit at the bedside. JAMA. 2000; 283:1881-1884.
- MedWatch. The FDA Safety Information and Adverse Event Reporting Program. February 13, 2001. http://www.fda.gov/medwatch/Safety/2002/safety02.htm. Accessed June 26, 2008.
- Amgen. Important drug warning–counterfeiting of Epogen. May 24, 2002. http://www.amgen.com/patients/counterfeits_epogen.html. Access ed June 26, 2008.
- Coalition Against Insurance Fraud. Prescription drug scams feast on insurance money. Fraud Focus. Spring 2007. http://www.insurance fraud.org/downloads/FF-Spring2007.pdf. Accessed June 26, 2008.
- Sajan A, Corneil T, Grzybowski S. The street value of prescription drugs. CMAJ. 1998;159:139-142.
- NJ Attorney General's Office. Office of Insurance Fraud Prosecutor. Hunterdon county woman pleads guilty to submitting more than $13,900 in fraudulent health insurance claims. NJ Fraud News. February 10, 2005. . Accessed June 26, 2008.
- West Virginia Media. Prescription drug ring broken up. WVNSTV59. February 9, 2005. http://www.wvnstv.com/story.cfm?func=viewstory&storyid=670. Accessed June 26, 2008.
- Press Release. NJ pharmaceutical company employees sentenced to prison for selling drug samples, defrauding Schering-Plough. February 2, 2005. www.usdoj.gov/usao/nj/press/files/best0202_r.htm. Accessed June 26, 2008.
- Vogt K. Physicians being targeted in identity theft scheme. American Medical News/AMA. January 31, 2005. http://www.ama-assn.org/amednews/2005/01/31/bisd0131.htm. Accessed June 26, 2008.
- HIV drugs for Africa diverted to Europe; probe targets wholesalers. Washington Post. October 3, 2002: A10.
- Gaul GM, Flaherty MP. US prescription drug system under attack; multibillion-dollar shadow market is growing stronger. Washington Post. October 19, 2003: A1. http://www.washingtonpost.com/ac2/wp-dyn/A44908-2003Oct18?language=printer. Accessed June 26, 2008.
- National Conference of State Legislature. 2008 Prescription Drug State Legislations. Updated July 1, 2008. http://www.ncsl.org/programs/health/drugbill08.htm. Accessed July 7, 2008.
- Medco Health Solutions. Drug Trend Report 2008. 2008. http://medco.mediaroom.com/file.php/162/2008+DRUG+TREND+REPORT.pdf. Accessed July 5, 2008.