Having heard so many complaints over the years about insurance fraud and the need to combat it, I was stunned and horrified to read this piece by ProPublica on a health insurance fraud. The fraud was remarkably easy to set up and—the biggest surprise to me—insurers were in no hurry to stop it even though it involved tens of millions of dollars in fake billings, even though the fraud was simple to spot and even though whistle blowers were practically jumping up and down screaming as they tried to report the fraud.
Are we serious about attacking fraud, or are we just going to treat it as a minor cost of doing business and do nothing?
The short version of the article—which is worth reading for all its sordid detail but which will take you several minutes—is that a two-time felon set up a network of physical trainers and put out word that sessions were free because they were covered by insurance. What he didn't tell those who signed up for his workouts and gave him their insurance information is that he was going to bill the insurers for complex—and expensive—medical treatments.
The mechanism was remarkably simple. To hang out a shingle as a sports medicine doctor, the fraudster merely applied to Medicare for what's known as a National Provider Identifier, in a process that only takes minutes. Medicare acknowledges that it does nothing to verify the information of applicants, yet having the NPI number let the fraudster bill some of the most sophisticated health insurers—Aetna, Cigna and UnitedHealthCare—for more than $25 million for 1,000 "patients" over four years. The fraudster collected more than $4 million from the insurers and from Southwest Airlines, which is self-insured but which has its benefits administered by United.
The fraudster's ex-wife and her father had stumbled across evidence of the fraud and raised the alarm as much as they could but got basically no response from the insurers or from the Texas Department of Insurance.
When some of the "patients" saw paperwork indicating they'd received lots of treatment they didn't recognize--often for sessions they didn't even attend—they, too, pushed back against the health insurers. Eventually, the insurers acted—but tepidly.
They complained to the fraudster that they'd been overbilled, but simply said they'd recover the overpayments by deducting from future bills, somehow ignoring their knowledge that those future bills would also be for fraudulent services. Finally, the insurers blocked the use of the NPI number that had been used fraudulently. However, the fraudster had dozens, so he just began billing from a different NPI number. He wasn't sophisticated: He used his actual name and the same physical address, email address and phone number for all of his NPI numbers, so a simple cross-check could have found all of the fraudulent billing numbers. But the insurers never did a simple cross-check.
It wasn't until four years after the fraud began that it was reported to the FBI. The fraudster was finally arrested in October 2017, quickly convicted and sentenced to nine years in federal prison.
ProPublica says health insurers don't really care about fraud, even as they brag to clients about their diligence in guarding the clients' money. ProPublica says that prosecuting fraud is messy and that insurers can simply pass along the costs of fraud to clients through higher premiums or, in cases like Southwest, through claims that the self-insured company pays.
I hope ProPublica is wrong. Is it?