CLAIM ORIGINATION

Controlling access to Medicare's computer systems by identifying and verifying persons who try to gain access reduces risk and potential adverse impact that unauthorized or malicious acts could have on the Medicare program.

Since 1990, Medicare has required physicians and other providers of medical services to submit claims directly to Medicare on behalf of beneficiaries. The increased workload and increasing complexity of procedure and diagnostic coding has encouraged physicians to turn to computer automation to improve efficiency.

Physicians and other medical service suppliers must be authorized to bill Medicare electronically. Each is given a unique number (submitter number) to use when submitting claims electronically. We were unable to determine how many electronic claims Medicare receives directly from physicians and other medical providers or from third parties billing on their behalf. We found that Medicare can identify providers who have requested and obtained a submitter number; however, this does not mean that the submitter number shown on a claim is actually the party that actually submitted claims to the Medicare system. An unknown number of providers allow billing companies to use their submitter number. Medicare assumes the provider is sending in claims when, in fact, anyone with a computer, modem and access to a provider's submitter number and patient's health insurance number could be sending claims to Medicare. The potential for misuse of submitter numbers is a vulnerability not adequately addressed by Medicare. 

Clearinghouses and Other Third-Party Billers   

Audit trails are necessary to trace the flow of data. They identify the source of the claim, and all persons or parties through whom the claim passed before it was received by Medicare.

Claims entering the Medicare program via a clearinghouse or billing agency do so using the provider’s submitter number. Consequently, Medicare is unable to identify most of the clearinghouses and billing agencies actually submitting claims to Medicare. 

We tried to determine how many claims enter the Medicare system from a third party only to discover that many carriers and intermediaries have no way of knowing who actually submitted the claim to Medicare. Inability to assess whether a claim came directly from a provider or passed through the hands of a third party represents a vulnerability in Medicare program safeguards. Medicare cannot determine whether claims enter their system from an authorized biller's site and computer or from unauthorized sites and computers. Billing companies, their employees and employees of providers have access to patient and provider information needed to access the Medicare system. This information can be used (without a providers knowledge) to generate false claims.

Locating information about clearinghouses, third-party billers or billing services is not easily done. A manual review of provider applications for a Medicare billing number will, in some cases, indicate that claims will be submitted to Medicare via a third party. Our experience, during other studies, is that the information in the carrier’s provider files is often obsolete or inaccurate.

Many clearinghouses and billing agencies use the same commercial billing software packages available to hospitals, physicians and other medical suppliers. Some have developed their own proprietary software. The vulnerabilities discussed in this report apply to all parties involved in Medicare claims preparation or submission. 

In an unrelated study, we were told by State Medicaid Agencies that third party billers and clearinghouses were an area of concern. Clearinghouses and third-party billers charge by the claim and States feel that this may serve as an incentive to split claims. At least one State was concerned that they did not know who actually submitted the claim or from where the claim was submitted. They felt that anyone with access to a physician’s electronic billing number and access to a telephone could submit false claims for payment. 

More than 30 billing individuals/entities have been excluded from participation in Medicare and State Medicaid programs. There are also a number of open criminal cases involving billing agency fraud. In most cases, these companies used the information they obtained from legitimate providers to prepare and submit false claims. In some cases, the billing companies totally fabricated claim information and billed for services not rendered. Other problems with billing companies include unbundling of services, upcoding, adding services and diagnostic information and billing more than one carrier for the same services provided to a patient.