Immediate Gains Immediate Vault Immediate Access

Identifying and Preventing Provider Fraud in Workers Comp Cases

Claimant fraud and premium fraud are two of the most well-known types of workers compensation fraud. In these cases, a worker may intentionally fake an injury (claimant fraud) or a business owner may misrepresent their employee headcount or incorrectly classify employees to obtain lower insurance premiums. Now, a lesser-known type is occurring with greater frequency: provider fraud.

Provider fraud occurs when a professional other than the injured worker or employer accepts a bribe or illegal kick-back in exchange for patient or client referrals. The circle of potential culprits includes lawyers, translators, doctors, chiropractors, nurses, and telehealth professionals. Opportunity, incentive and rationalization—the “fraud triangle”—are key factors that go into a person’s decision to commit insurance fraud. These factors have been exacerbated in recent years, due in large part to the pressures presented by the global pandemic and the growing reliance upon remote services.

Most schemes involve knowingly billing for medical goods and medical and legal services that are unnecessary or not provided at all. A chiropractor, for example, conducted illegal medical evaluations and billed these evaluations, claiming that he was approved as a medical legal evaluator. In another example, an attorney named his daughter as the owner of a translation services company, while in reality he maintained ownership of the business. Each time the attorney was hired, the translation business was also engaged and billed its services. Provider fraud is increasingly prevalent in California and Florida due to each state’s workers comp rules. For instance, in California, a provider can file their own lien with the Workers’ Compensation Appeals Board, even if the bill was denied. California is the only state that allows providers to file their own adjudication. At a higher rate than in other states, healthcare providers in California and Florida are sometimes found billing for services that were never rendered, billing for more expensive services than were actually provided, ordering unnecessary tests or procedures, and providing kickbacks to referring physicians.

So, how can we pin down provider fraud?

  • Review Provider Invoices and Reports: Risk professionals can spot potential fraud cases and fraud trends by closely reviewing provider invoices and reports and scrutinizing those invoices that are close to, but not at the top of, typical billing charges. In the workers compensation system, there are typically five levels of a doctor evaluation: Level 1 is the cheapest while Level 5 is the most expensive. Fraud often occurs in Level 4 billings since Level 5 would be too obvious. Providers who consistently bill at Level 4 could be a red flag for fraud.
  • Shine a Spotlight on Supplementary Services: Insurers sometimes overlook that provider fraud can occur with supplementary services such as translation and transportation companies, copy services, medical equipment suppliers and pharmacies. It is not uncommon for insurers to discover that these schemes may involve a criminal enterprise (possibly a referral network) orchestrated by individuals who are not medical or legal professionals. While claimants can be complicit, often they are unwittingly involved and potentially subject to treatment that is unnecessary or even harmful. 
  • Consider Emerging Tech to Pinpoint Provider Fraud: Artificial intelligence and machine learning are game-changers for fraud investigations. Through the analysis of historical claims data and insurance adjuster notes, some technologies can help professionals discover fraudulent claims faster. For instance, AI can be particularly effective at the entity level when a doctor or hospital that is identified as fraudulent can be added to a “bad actors” list for review in future claims. If you do not have a fraud feedback loop, start gathering information now. As risk and insurance professionals, we rely on business rules and claims adjusters to catch all the details of a claim and then form a cohesive narrative to investigate. While business rules work, the fraud feedback loop is necessary to effectively train machine learning models to detect patterns and flag anomalies.

Workers compensation insurance provider fraud has become a multi-billion-dollar industry that is bad for business. It is costly for insurance companies to identify and prosecute, it inflates costs for goods and services that honest business owners rely on, and it stokes consumer apathy and distrust in the insurance system. Risk and insurance professionals need to be aware of the warning signs so they can work diligently to detect and prevent it.

RISKWORLD 2022: Q&A with Opening Keynote Michael C. Bush

RIMS RISKWORLD is just a few days away, kicking off in San Francisco on April 10. This year’s opening keynote will be delivered on Monday by Michael C. Bush, the CEO of Great Place to Work and author of A Great Place to Work for All: Better for Business, Better for People, Better for the World.

Bush recently sat down for an interview on the RIMScast podcast, discussing how the pandemic has redefined satisfaction in the workplace and the critical steps that risk professionals can take to increase equity and happiness in their organization. Download the RIMScast episode for Bush’s full interview and check out a preview of his April 11th keynote below:

What will you discuss in the keynote address at RISKWORLD?
Michael C. Bush: We’re going to talk about making a connection in a way that [makes] people, employees and clients feel they are cared for. Physical and mental health is a top priority now and risk professionals play a role because there is data and policy to consider. But, if you approach it correctly, it can lead to organizational success even during a pandemic or the Great Resignation.

How has the definition of happiness or satisfaction changed against the backdrop of the pandemic?
MB: Prior to the pandemic, we could talk about happiness, satisfaction, engagement and empowerment in one context. COVD has changed that. We were suddenly in a world where people felt like really nobody cared, because they were living a life where there was so much uncertainty. They didn’t know what they needed to do to protect themselves or their family members—physically and financially. This left huge voids because there was economic insecurity on top of it all. People had to watch their communities suffer as small businesses shut down one after another.

Great companies realized this was a time to care. Therefore, they became the one thing that their employees could rely on. In our interviews, we heard stories of companies sending employees necessities like toilet paper during shortages, making deliveries to their parents and other instances that were happening at a personal level. Those lucky employees realized their employers actually cared about them as people and not just as an employee, and that led to happiness. The only silver lining from the pandemic was that humanity has surfaced in a way that has connected us all.

How do you view resilience? 
MB: We all have tough days. When a person is under pressure but knows that they have support or someone or an organization that can relieve that pressure and enable them to bounce back, that’s resilience. It can eliminate burnout, but there’s a difference between burnout and being burnt out. And we’re going to discuss that difference at RISKWORLD.

Fans of language and communication—or those looking to sharpen their skills—will find some really strong takeaways from your take on active listening. Now that so many professionals depend on remote capabilities to work, how has your perception of active listening changed or evolved?
MB: I’ve become a more intense believer in active listening, especially over the last couple of years. It’s not just making eye contact and not just me repeating the last thing you said. Listening is really about caring. When you listen to a person in a deep way, it is the ultimate show of respect—and not doing it is equally disrespectful. If all I’m doing is waiting for someone’s mouth to stop moving to grab tidbits of what they said to make my point, that is not listening, that’s just a spring-loaded response.

When it comes to being remote, try to dial in and focus on the person who’s in front of you on the screen. Put down your mobile phone and stop multitasking—chatting, posting and “liking” things on social media. 

Listening, in the way I’m talking about, takes practice. It involves emptying your mind and being humble enough to do that and not holding on to your own point of view so tightly. When your mind is open, you start asking questions and learning starts. Through that exchange, something unusual and great happens: people feel safe and will start to say more. You might help someone solve their problem, they might help you, or you might identify a new risk altogether.

Combating Fraudulent COVID Unemployment Claims

As federal and state officials scramble to send unemployment and stimulus funds to help people hit hard by COVID-19 business shutdowns, it has become a perfect storm for cyber fraud.

The payments are an easy target for cybercriminals as hackers and cyber gangs around the world have started to file unemployment claims use stolen identities. Some criminals claim benefits in the names of dead or incarcerated people, while others set up shell companies, “hiring and firing” fictitious employees to collect payments.

For example, cyber gangs in Nigeria have stolen millions in benefits from multiple states using hacked names, Social Security numbers and other information sold for as little as two dollars each on the dark web. In New York, a man was charged with filing more than $1.4 million in false COVID-19 unemployment claims, using the stolen identities of over 250 unknowing victims. According to U.S. attorneys, he was caught in part because he used the same IP address and security question and answer—the name of his family dog, Benji—to submit the applications.

The U.S. Department of Labor estimates fraudsters may already have stolen at least $63 billion through phony jobless claims, while other reports say the losses could be as high as $200 billion. In addition, unsuspecting victims are at risk of receiving surprise tax bills because cybercriminals stole their identities and filed fraudulent claims for COVID-19 unemployment payments.

Watch Closely for Signs of Fraud

The Federal Trade Commission warns that unemployment fraud puts workers at additional risk of identity theft crimes including tax fraud. What can you do to help protect your employees?

Unemployment fraud is often uncovered when employers are notified by state officials that employees have applied for benefits. If they are still working, they may be the victim of identity theft.

Be alert to the signs of cybercrimes and unemployment fraud. Contact your human resources department or tax administrator and ask them to look carefully at any notices or requests they receive from state unemployment officials. If you get a report about unemployment benefits that an employee did not request or receive, contact the employment division of your state labor department. Unemployment fraud is so widespread that most states have set up special procedures to deal with these situations.

Warn Your Employees

Let employees know that unemployment scams are a serious problem. Identity theft can also lead to tax fraud, credit card theft and loans taken out in their names. Notify a working employee immediately if the state informs you they have filed for unemployment benefits. They may be the victim of identity theft and should file a police report. Officials say workers scammed by cybercriminals do not have to pay unemployment taxes, but they must report the crime to the state labor department. And they should file their federal and state taxes on time for the correct amount of their income. The U.S. Labor Department has created a special website for victims of unemployment fraud.

Review Your Cybersecurity

Much of the personally identifiable information used by cyber thieves comes from data breaches, phishing schemes and other cyberattacks. Remind employees, particularly in human resources and tax departments, to be alert for suspicious emails, telephone calls and text messages about payroll information or W-2 forms.

The threat will continue beyond the pandemic. Business email compromise, in which employees are tricked into paying company funds into fraudulent accounts, is at an all-time high, so make sure employees have regular cybersecurity training. If you haven’t conducted a data inventory, do so now. Once you know what data you keep, you can determine what controls you require to protect that data. Store employee records securely and dispose of personally identifiable information carefully. It is also advisable to use a secure email gateway, which protects from spam, viruses, malware and denial-of-service attacks, and make sure employees working remotely are using secure company devices. Install patches and software updates, setting up automatic software updates whenever possible.

Unemployment or tax fraud targeting multiple employees may indicate a data breach. If you have a theft or cyberattack, contact your insurance carrier and, if necessary, seek expert help to identify the source, the extent of the problem and how best to respond.

PAID Act Becomes Law, Fixing Medicare Secondary Payer Flaw

On December 11, the Provide Accurate Information Directly (PAID) Act was signed into law as a part of the funding bill to keep the government running. A top priority of RIMS Advocacy since it was introduced in 2019, the PAID Act will fix a current flaw in Medicare Secondary Payer (MSP) compliance. Specifically, the PAID Act amends 42 U.S.C. § 1395y(b)(8)(G) to require that the Centers for Medicare and Medicaid Services (CMS) expand its Section 111 Query Process to identify whether a claimant is currently entitled to, or during the preceding 3-year period has been entitled to, Medicare Part C (Medicare Advantage) and/or Medicare Part D (prescription drug) benefits. If so, CMS is then required to provide the names and addresses of any such Medicare plans through the Section 111 Query Process. Included in the bill is a one-year implementation provision that requires the fix to go live by December 11, 2021.

The bipartisan bill was introduced in 2019 by Republican Senator Tim Scott of South Carolina and Democratic Congressman Ron Kind of Missouri in the House of Representatives. “Today, the PAID Act has taken a pivotal step closer to becoming law, filling in Medicare-related potholes that have cost seniors, Main Street job creators, and the American taxpayer millions of dollars over the years,” Sen. Scott said when the bill passed. “Decades-old regulations and bureaucratic red tape have caused confusion and avoidable litigation in the MSP for far too long, and by eliminating those problems we can help seniors and families across the country.”

The fix in the PAID Act will essentially settle the increased number of lawsuits that have been filed by Medicare Advantage Plans asserting recovery rights against insurers, including claims for “double damages” under Medicare’s private cause of action provision. If CMS provides settling parties with the name and identity of the plan and the dates of coverage, they can better resolve and repay MSP liabilities associated with settlements, judgments or awards. With these changes, there will be a more efficient solution for beneficiaries, taxpayers and employers.

Proponents of the PAID Act assert, in part, that this legislation will now help insurers better identify and address potential Part C and/or Part D recovery claims by allowing them to obtain entitlement and plan information in a more programmatic manner using Section 111’s Query Process.

Currently, there is no such centralized process or system for insurers to obtain this information. When an applicable plan submits the required query process data elements to CMS, if the queried individual is identified as a Medicare beneficiary, the query response only confirms that they are enrolled in Medicare. It does not provide any information as to the “type” of Medicare program in which the individual is enrolled. The PAID Act will change this to better identify whether a claimant is enrolled in Medicare Advantage and/or Part D.

The text of the PAID Act states that CMS must provide the following information to the applicable plan through the Section 111 Query Process:

    (I) whether a claimant subject to the query is, or during the preceding 3-year period has been, entitled to benefits under the program under this title on any basis; and (II) to the extent applicable, the plan name and address of any Medicare Advantage plan under part C and any prescription drug plan under part D in which the claimant is enrolled or has been enrolled during such period.

With the PAID Act now law, RIMS will monitor the CMS implementation process and provide feedback as needed. RIMS worked closely with the Medicare Advocacy Recovery Coalition (MARC) to support their efforts to get this bill passed. Check out their infographic on the Medicare issue the PAID Act should fix: