[Editor's note: today's post, by reporters at ProPublica, discusses fixes for the security issues discussed in a prior post. It is reprinted with permission.]
In our story about the convicted health care con man David Williams, we detailed how the Texas personal trainer made off with millions by billing some of the nation’s largest health insurers as if he were a doctor providing medical services.
Williams cannily exploited gaping loopholes in the health insurance system that allowed him almost unfettered entry. Taking commonsense steps to close those loopholes, experts say, could block other fraudsters from entry.
1. No one checks to see whether people getting federal ID numbers that allow them to bill insurers have valid licenses. They could.
Anyone billing an insurance company needs a National Provider Identifier, or NPI number. The number is obtained through Medicare, a federal agency that covers people over 65 as well as those with disabilities. But Medicare doesn’t verify that NPI applicants who claim to be licensed are, indeed, licensed by their state’s regulators. The agency could do a license check in less than a minute online or in milliseconds if the process is automated.
Medicare said federal regulations do not allow it to verify NPI applicants’ credentials, so the Department of Health and Human Services might need to revise the regulations. Congress could also order the reform.
2. Insurance companies don’t always verify that the people they are paying are licensed medical providers. They could.
Williams avoided scrutiny from insurers by billing as an out-of-network provider, so he didn’t have a contract with them and didn’t have his credentials verified before receiving payments. At Williams’ trial on federal fraud charges, representatives from the insurance companies testified that it’s not cost effective to review every claim. Almost all are automatically paid.
At a minimum, insurers could ensure that anyone billing them has the proper licensing before a payment is made. Again, this screening would take seconds or less.
Regulators could also require that insurers verify the licenses of those they pay. Some experts say it may take state and federal legislation to mandate it. Officials from America’s Health Insurance Plans, the trade group for the insurers, declined to comment on this suggestion.
3. Insurance companies aren’t reporting most cases of suspected fraud to state and federal regulators. They could.
Many states have a law in place that requires insurers to report suspected cases of fraud to state regulators. This allows regulators to spot serial fraudsters and trends, and it helps officials build criminal and civil cases. But the states have a mishmash of requirements, and many don’t do audits to make sure cases are being reported.
At least three insurance companies caught Williams committing fraud. But the Texas Department of Insurance only received one referral about the case, according to internal documents. If all three insurers that Williams defrauded had referred him, his case could have been prioritized and stopped sooner.
The existing state laws don’t apply to self-funded plans where employers pay for the health benefits. Those are overseen by the federal government. And no federal law requires insurers who administer self-funded plans to report suspected cases of fraud.
State and federal laws would need to be changed to require the consistent reporting of suspected fraud. Experts say audits, and the potential for fines, may also be needed to spur the insurers to file the reports.
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.