Healthcare fraud is a lucrative field for illicit profit. Nearly €110 billion was lost to errors and abuses in Europe in 2010. In the United States, some estimates for 2003 are as high as $170 billion. In recent years, three disturbing trends have emerged—organized fraud schemes, intentional endangerment of life for financial gain, and an increase in identity theft.
The answer to combating this growing and costly problem lies in a comprehensive approach emphasizing the optimized use of information technologies (IT). These technologies are indispensable to improving healthcare information technology (HIT). They are especially effective in preventing intentional misrepresentation, erroneous information capture and the payment of unauthorized benefits. Comprehensive fraud management encompasses all legal, technical and administrative aspects of running a healthcare organization.
Paperless procedures like electronic claim forms and digital recordkeeping dramatically improve the quality of medical data to protect confidentiality and claimant entitlements. When paired with the reliable authentication capabilities of microchip card ID, these robust technologies can strike at the heart of fraud mechanisms—often with minimal investment in infrastructure and without major changes for patients and healthcare professionals.
Because the healthcare sector is in constant flux, the fight against fraud must be waged on an ongoing basis. The legal framework does not have to be fully in place before paperless procedures can be implemented, however. Although overhauling practices takes time and significant investment, it yields a considerable return on investment.
Many lessons can be learned from the success of other countries. France has a robust long-term database structure due to implementation of chip card ID. This is evidenced by the funds recovered by authorities since 2007. Considered by many to be at the forefront of best practices in Europe, the Slovenian healthcare system features centralized administration and chip card-based authentication. And in Algeria, authorities put a stop to organized fraud involving patients and healthcare professionals by implementing a spending counter that checks against spending limits.
Healthcare organizations successful in deploying an HIT system quickly and efficiently typically set up a central body to manage administration and recordkeeping. This central body coordinates all legal, technical and procedural matters, as well as the HIT system implementation, results and budget. Slovenia and Algeria both have dedicated project teams responsible for implementing solutions from end to end.
In Slovenia, an operational network has been set up to ensure the highest possible level of accessibility of services for the insured. The network relies on 10 regional units and 45 branch offices to run operations. Each regional unit handles operations within a defined geographical boundary, while the dependent branch offices serve individual communities. An autonomous functional unit oversees all HIT nationwide.
The most powerful weapon in the fight against errors and fraud is consistent administrative and medical data entry—which should be automated wherever possible. In order to be useful and relevant, data stored in electronic healthcare records must be structured using consistent medical terminology and semantics. It must also be readily accessible to users.
France’s exhaustive database of medical procedures has contributed greatly to efficient administrative data management and effective retrospective fraud management. This is in large part due to the prevalence of electronic forms—over 85% of all claims in 2011 were electronic. The French system also classifies healthcare procedures and illnesses. This has enabled claims processing based not only on administrative invoicing data, but also on the treatment and procedures prescribed.
Chip card technology offers a particularly effective means of monitoring processes. In HIT systems, the power of chip card technology can be harnessed to monitor claims by verifying the type of treatment in question, as well as the validity of entitlements, cardholder authentication, maximum amounts charged and the total number of claims for a given period.
In patient-centric care, this monitoring can also serve to notify claimants through SMS or e-mail alerts. Such an alert could inform claimants that their card has been used—a common practice in the banking sector, used to monitor international payments. Innovation in this area will likely be achieved by focusing on customer relations to redefine the relationship between healthcare organizations and claimants.
In addition to posing an ethical dilemma, an unwarranted breach of confidentiality carries many risks of legal action. In the view of French physicians, combating fraud is the responsibility of law enforcement or Sécurité Sociale authorities, not healthcare providers. For their part, pharmacists cannot report fraud because they are bound by a legal and moral obligation of confidentiality.
Delegating this task to chip card technology solves the dilemma for healthcare professionals. When electronic parameters flag a risk of fraud, the transaction can be canceled. In Algeria, the transaction counter suspends the card after the fourth appointment in a week’s time. To proceed with treatment, the healthcare provider can either ask the patient to have the card checked or use a back-up procedure, such as secure paper forms.
Consistent, automated administrative and medical data entry offers the best protection against errors and fraud. In instances where the network is down or the patient has forgotten his chip card ID, secure back-up procedures ensure that prescriptions can still be filled and medical care provided as long as entitlement benefits are valid.
Proven practices in document security can be used to ensure the security of back-up procedures, such as the use of counterfeit-proof paper forms. The banking sector has set a fine example in secure documents, with paper produced by certified organizations and incorporating anti-counterfeiting features such as incremental numbering, holograms and watermarks.
As in any IT system, the security of an HIT system is only as strong as its weakest link. It is therefore imperative to set up a comprehensive system impervious to security breaches, especially in the areas of process management and data exchange. At a technical level, only equipment and software meeting international certification standards—using independent evaluation against agreed criteria—should be implemented.
Slovenia’s investment in eHealthcare 20 years ago has resulted in one of the most advanced healthcare systems in the world. The country is currently in the process of rolling out next-generation solutions to, among other things, improve fraud management using integrated mechanisms and improved identification and analysis tools.
An individual’s healthcare coverage entitlements are predicated on his or her identity. Positive identification of the claimant’s identity is therefore indispensable to confirm benefits entitlement. To ensure that the right person receives the eHealthcare card, enrollment must be conducted face to face. The procedure must require presentation of approved proof of identity, such as a secure travel document.
A secure means of identification is also essential to streamlining healthcare spending, through the detection and prevention of fraud. This ensures that the healthcare system itself can be funded over the long term. The healthcare sector forms an important part of society worldwide and is even considered to be a foundation for sustainable development.
To reach the challenging but achievable goal of reducing fraud, government agencies and health insurance organizations should build relationships with global technology partners well positioned to help them capitalize on the power of IT—especially smart card technologies. It is important they engage partners and vendors with long-standing experience and a global footprint in digital security, strong identification and authentication.
Previous experience in these areas and the sharing of best practices ensure a higher rate of success fighting fraud. Vendors involved in eHealthcare and national eID programs can better anticipate enrollment, issuance, post-issuance and electronic verification issues, as well as opportunities to optimize resources. Throughout preliminary stages deciding specifications and security proofs for multi-application platforms and card life management, they can facilitate strict standards compliance enabling global interoperability with other national eGovernment programs. Vendors with experience in eGovernment programs can also help clients integrate seamlessly with other national initiatives and online services.
Gemalto has provided technical services and products in the implementation of 11 national eHealthcare systems currently in operation worldwide. Our dedicated market specialist will be available for you for .