$200 MIllion? How is that possible?

One person- $200 Million – how is that possible?

?

David Young sent me a message about a nurse practitioner in Florida (Elizabeth Hernandez) who masterminded a $200 Million fraud for unneeded, and undelivered genetic tests and back braces, which are part of the sinkhole known as Durable Medical Equipment.? How could one person steal $200 Million?? Here are some thoughts.

First, the pool of miscreants is likely much larger than this press release allows.? The telemarketers get a bounty for every identity they steal, and some of the individuals who handed over their identities may have done so for cash.? The money for DME claims and genetic test claims would go directly to the suppliers and the testing labs, so they are part of the heist, and likely kicked back a portion of the payments back to Ms. Hernandez.? Also, there may be a few doctors involved, although Ms. Hernandez apparently could do bad all by herself, having prescribing authority.? The grand total stolen was likely divided up among these players.

Still, the question persists, how could this massive fraud slip through the cracks?? The first part of the answer is that they are not cracks but sinkholes (this is Florida, after all) political and structural, that enable this to happen.

The political sinkhole has multiple dimensions.? Congress, since Senator Tom Coburn passed away, has demonstrated no leadership in protecting against these scams.? Due to pressure from the AMA, AHIP, the Blue Cross Association and others, a number of bills in Congress that would address these problems were never passed, voted on, or even brought out of committee.? Ron Wyden, Senator from Oregon, is a good example.? Senator Wyden wrote an article on how smart cards could reduce fraud.? When the Democrats gained majority party status in the Senate, and Senator Wyden became head of the Senate Finance Committee, who grants HHS their money.? He killed a bill which would have used smart cards for the purpose he wrote about only 3 years earlier.? Aside from Oregon companies like Nike & Intel, his largest campaign contributor is the Blue Cross Association.?

The political sinkhole extends to HHS and CMS, the overseers of Medicare.? They also have structural issues that inhibit prevention of frauds such as this, and I will discuss them below.? When the PPACA (Obamacare) was passed in 2010 for 2012 implementation, Section 6407 mandated that a face-to-face visit take place in order to authorize DME and homecare.? These services were specifically named because of the high fraud rates (again, more on that later) in those lines of business.?

Again, CMS and industry fought that, and this requirement was never implemented, although Castlestone showed CMS and Congress in 2012 how to offer that protection,? In fact, Castlestone delivered a pilot project that was operational under 60 days, even with the foot dragging of Shantanu Agrawal, who was the head of CMS program integrity at the time.? This allowed many massive frauds, the most well-known tagged as Operation Brace Yourself.? With Ms. Hernandez’ frauds, apparently no changes were made and this this was allowed to continue.

Fast forward to 2022.? CMS held a webinar hosted by a section leader Connie Nelson which announced that 46 DME codes would now require that face-to-face visit to be authorized.? Having successfully demonstrated that our Company can verify that a face-to-face visit took place, where and when it took place and that the physician office ordered the DME, I joined the webinar.?

I asked the CMS employees on the call how they intended to verify the face-to-face visit, and one ‘advisor’ told me that they would look at the medical record.? This, of course, is ludicrous, and not necessary.? Every day there are stories of how the medical record is altered to fit diagnoses and billing preferences.? And seeing CMS or a contractor querying millions of EMRs daily was a technical and security nightmare.? Eighteen months later, I doubt whether any solution has been implemented to verify face-to-face visits.? The MACs, who process claims for CMS, told me that CMS doesn’t want to burden offices.? Aside from being nonsensical, it is counter to what we have been told.? Physicians are not informed when their NPI (National Provider Identifier) is used to validate a claim.? That is until the CMS auditors come and ask the doctor why he or she ordered so many power wheelchairs.? The response is usually “I don’t even know those people.”

This is a good segue into the structural issues that make DME fraud easy to commit, and which we showed how to address.? Any service or product that requires physician authorization is ‘ordered and referred’ in CMS parlance.? DME, labs, prescriptions, imaging, physical therapy, and homecare are among the billable entities that require physician authorization.? NPIs are easily found on the Internet (See a website call NPPES) and suppliers of these goods and services already have the physician NPI on file.? All a supplier has to do is slip in a claim for a $6000 power wheelchair using an NPI on file, and the odds are pretty good the claim will get paid.? And since the physician isn’t informed that their identity has been used, it’s an easy crime to commit.?

What makes matters worse, the face-to-face visit authorizing the service or good, and the DME are processed by two different sets of contractors.? Historically it took 4 months for the data from these different systems to match up, but the DME order and proof of it is still not available.? All that is ‘proven’ (but easily spoofed) is that a beneficiary went to a provider on a certain date.? This again is easily defeated and not probative.? Castlestone proved that the visit could be confirmed, and the physician informed of the use of their identity- in real time.? CMS and contractors buried this.?

The arithmetic and basic governmental incentives will further explain this lack of action.? I know of no government agency who willingly looks to have their budgets slashed, and therefore will derail efforts to show that a percentage of that budget is circling the drain.?

Why $200 Million? ??

When they will speak with me, I tell people on the Hill that they should not be awed by the size of these crimes but angered instead.? Our leaders in legislatures and operating agencies should be asking the question “how the hell did this get to this level before anything was done?”? The answer lies in how anti-fraud activities are organized and incentivized.

In the last decade four bills in Congress contemplating the use of smart card technology were evaluated by the ‘non-partisan’ Congressional Budget Office.? All were scored zero, as explained to by the CBO, that they could not ascribe value to prevention, only to recoveries of fraud.? Aside from the outrageous nature of that statement, it is an endorsement of pay-and-chase.? Anti-fraud staffers have been historically sourced from investigation and prosecution backgrounds, and they are rewarded and evaluated on dollar amounts and cases closed.? Prevention does not get headlines.? Only more recently have agencies looked at operational and risk factors.?

Nobody asks the question of what percentage of headline numbers actually are recovered.? According to a friend who was a high ranking official in Federal anti-fraud efforts, the number is 10%-15%, with no accounting for the cost of this effort, only in Medicaid in the annual MFCU report.? And much of that ‘recovery’ are global settlements with pharmaceutical companies who bill improperly.

Another reason prevention is downplayed is that it will have negative impact on future budget appropriations requests.? I have never seen a budget request discounted for a fraud that occurred years ago.? That would compound into major cuts in budgets.? Instead, fraud is rolled into subsequent years’ appropriations.?

?

?