Time to Stop Health Care Fraud
CLIVE ADDY
© 2012 FrontLine Security (Vol 7, No 1)

View PDF

WE HAVE LONG BEEN WARNED
While examining the issue of safer ID cards, I happened upon what might best be described as the Invisible Elephant in the Emergency Room. For some years now, I have watched the evolution of identity and screening systems from both counter-terrorism and anti-fraud perspectives, and have monitored the growing debate in which respect for individual privacy faces off with the challenging imperatives of society's security. Add the tremendous help provided by cyber technology in diagnosis and patient identity in a crisis, and we see both the need for clarity and a sense of urgency for reaching solutions.

A search for OHIP Card Fraud brought me to the Ontario Government web site. The 227,840 results show it is indeed a concern, but one that seems focused on caution rather than reassurance. Perhaps with good reason? I resisted the temptation to go to all of these "suggested sites" - suffice it to say, however, that I am captivated by how long this problem has lasted and how ineffectual government measures have been at curtailing identified abuse by unauthorized users.

One of the first and novel finds on my search was a 1995 winning essay by Albert Shu of Willowdale, Ontario. The competition, intended to stimulate interest in medical and health-related writing among journalism students, is named in memory of longtime Canadian Medical Association Journal and Canadian Journal of Surgery contributor Amy Chouinard.

Shu's winning essay, written prior to that year's Ontario provincial election, examined health care fraud in the province and the impact of the photo health card that was introduced by the New Democratic Party government. In it, he commented: "Before the 1995 election, Mike Harris said a report commissioned by the health ministry estimated that approximately 60,000 ineligible people from outside Ontario received health care services through OHIP between November 1992 and March 1993, at a total cost of $85 million." [Health Minister Ruth] Grier was less conclusive. 'I think it's a very real problem, [but] I don't think anybody has an accurate handle [on how big it is] because obviously if we knew the amount of fraud, then we would know how to stop it.'

"Grier said forensic consulting firms estimated the new health card would prevent about $65 million in fraud annually. 'The card is the key to a $17 billion health care system, a system that for too long has been neither secure nor controlled, she argued. Other security measures implemented by the NDP included:

  • legislation that requires health care providers to report suspected fraud and allows them to retain invalid cards;
  • swipe readers and toll-free numbers for hospitals and clinics to check card validity; and
  • a special investigations unit to investigate fraud."

Now skip ahead some ten years to the Ontario Auditor General's audit report of 2006 on OHIP at Chapter 3 which stated:

"We reported our concerns with the reliability of OHIP data in our 1992 Annual Report when we noted that, at that time, there were approximately 300,000 more cards in circulation than the estimated population of Ontario. The Ministry acknowledged at that time that, given the limited controls in place at the time of converting from a family-based to an individual-based registration system, it was almost impossible to detect cases of fraud.

"As of December 2005, the Statistics Canada estimate of the population of Ontario stood at 12,590,000. According to our data analysis, at this time, there were approximately 12,895,000 health cards in circulation, indicating that there were still approximately 305,000 extra health cards in circulation. While we recognize that many of these cards may belong to individuals who have died or no longer reside in Ontario, some of these cards may be in the hands of ineligible individuals.

To analyze this issue further, we reviewed the health-card-address data and found that 263,000 or 86% of these extra cards were in circulation in the Toronto area. Given the Toronto population, this amounts to one extra health card in circulation for every 10 Toronto area residents. We also noted that there appeared to be over 10,000 extra health cards in certain Ontario regions that border the United States. These regions included Algoma District, Essex County, Thunder Bay, and Rainy River."

Then at Page 185 of this report we find the following recommendations:

Recommendation 1
To ensure that publicly funded health services are provided only to eligible individuals, the Ministry of Health and Long-Term Care should expedite the conversion of the pre-1995 red-and-white Ontario Health Insurance Plan (OHIP) cards to the current OHIP photo cards in order to properly verify the eligibility of these health-card holder.

Recommendation 2
To identify potential ineligible use of publicly funded health services, the Ministry of Health and Long-Term Care should:

  • review the mandate of its Fraud Program Branch, with a view to expanding the range of its activities to include OHIP-usage monitoring and fraud investigations;
  • consider expanding its monitoring activities to identify potentially suspicious individual health-card usage; and
  • resolve the outstanding backlog and follow up on potentially ineligible cases in a consistent, rigorous, and timely manner."

OTHER GOVERNMENTS ALSO CHALLENGED
The need for a smart card to amalgamate a number of health and authorized ID cards is shared by all western countries, to one degree or another. Continentally, it is wise to recognize that differences in health services encourage identity theft and put further stress on our health care dollar.

In 2004, consumer fraud in Ontario's health-care system was estimated to be between $11 million and $22 million annually. An Ontario Contracted Consultant Study recommended the Ministry develop a Fraud Measurement Framework to be used as a benchmark to measure higher risk areas, to measure the effectiveness of preventive and detective methods applied and to guide future work to mitigate consumer fraud in OHIP.

Back in 2007, Premier Dalton McGuinty insisted the government wasn't being complacent about replacing the old cards. With technology available today it's hard to imagine the reasons why phasing them out has taken this long.

"At the beginning of the 21st century - where we've progressed light years in terms of sophisticated identification technologies - we can and must move faster than that", McGuinty was quoted by the Canadian Press. "We're going to have to find a way to move faster."

That was four years ago. Progress since then has not met public and professional expectations to take best advantage of electronic identification and reduce waste.

British Columbia, on the other hand, is moving briskly ahead. In 2010, a substantive program began in that province to replace its CareCard. With a reported 9.1 million CareCards in circulation and only 4.5 million eligible residents, the province placed a high priority on getting the new "Smart Card" up and running. Health Minister Mike de Jong announced the plan in May 2011. Recent news reports state that amendments to the information and privacy law now before the BC legislature could allow secure online access to authorized medical professionals for medical records, prescriptions and lab tests, while keeping other data private. Using today's innovative technology, a host of new options for the smart card include confirming BC residency, student status or age of majority status. It may also double as a driver's licence in time. The government announced it would start issuing the new cards in 2012. These new photo and electronic chip cards will expire every five years.

Nationally, there is recognition by most key agencies, particlarly Human Resources and Skills Development Canada, "the proof-of-identity requirements established in 1976 are no longer sufficient. New technologies have made it relatively easy to forge identity documents such as birth certificates."

In November 2006, The New York Times had identified "acute public concern about security breaches and identity theft" as the toughest challenge the US federal government faces with the increasingly politicized issue of electronic health records. Three months later, the U.S. Government Accountability Office (GAO) published its conclusions from its task of describing the effort of the Department of Health and Human Services (HHS) to ensure privacy as part of its national strategy and to identify challenges associated with protecting electronic personal health information.

AN URGENT CALL TO ACTION
In recent articles, Dr. Atherley has best summarized the key strategic questions for electronic health records systems facing us:

  • Is the public well enough informed to judge claims - implicit or explicit - that healthcare's IT is demonstrably safer than that used in the financial, commercial and government sectors? Does Canada need a comparable system to the U.S. GAO to provide critical overviews of government initiatives for interoperable electronic health records at their early stage?
  • Does 'need to know' criteria provide a practicable and reliable basis for deciding who, among perhaps 160,000 healthcare personnel and others, can or cannot see all or part of a patient's personal interoperable electronic health record?
  • Are consent-based privacy laws adequate against information misuse and ID abuse? Should Canadians have the right to opt out and not be restricted to the limited protection of lock-boxes?
  • Given the significant but unpredictable costs of achieving and maintaining health care IT safety, security and privacy at a level that satisfies public, patient and provider trust, current and future, are the costs are too great to sustain such a healthcare system under mounting financial pressures?

Safety of IT generally is a strategic challenge for governments as part of their fundamental responsibilities to protect. To be convinced of the prevalence and immediacy of these challenges, one need only go online to see the fraudulent products available. Potential losses are enormous.

====
Clive Addy is FrontLine's Executive Editor.
© FrontLine Security 2012

RELATED LINKS

Comments

CLICK HERE TO COMMENT ON THIS ARTICLE