Fast-rising medical ID theft hits employers hard
Originally posted May 22, 2014 by Alan Goforth on www.benefitspro.com.
About the last thing companies dealing with the complexities of implementing Obamacare need right now is to have the security of their employees’ medical information compromised. However, statistics show that is exactly what is happening.
“Medical identity theft is a rapidly spreading malady, often by organized-crime rings,” said James Quiggle, spokesman for the Coalition Against Insurance Fraud, a nonprofit alliance of carriers, consumer groups and government agencies in Washington, D.C. ”Data breaches in this era of digital record-keeping can drain businesses and make employee records as vulnerable as patients.”
More than 1.8 million Americans were victims of medical identity theft in 2013, a crime that is increasing at an annual rate of 32 percent. This makes it the fastest-growing type of identity theft, according to the Identity Theft Resource Center in San Diego.
Medical ID theft is already a multibillion-dollar industry. For the fiscal year ending Sept. 30, 2013, the federal government alone recovered a record $4.3 billion from people and companies that attempted to defraud health-care programs, according to the U.S. Department of Justice and the U.S. Department of Health and Human Services.
Stealing enough personal information to purchase services or devices is not difficult for a sophisticated identity thief, said Drew Smith, founder and CEO of Scottsdale, Ariz.-based InfoArmor (pictured at left). His company has provided B-to-B clients with protection against various types of ID theft since 2007.
“You can go online and readily purchase someone’s basic identity information for about $50,” he said. “You usually don’t need a lot of identification to receive medical care. Most identity thieves are not using it for primary care. It’s going for things such as medical devices, prescription drugs or other areas where there is less likely to be a personal relationship with the provider.”
Hidden employer costs
Statistics rarely account for the hidden cost of lost productivity when an employee has been victimized. Dealing with the fallout can be a painstaking, time-consuming process. The average medical identity theft loss is $22,346 – six times higher than financial identity theft. Also, on average, it takes victims more than a year to clear up medical records and repair any damage to their credit.
“Employees have to deal with identity theft issues immediately, which requires time off work and lost productivity, because some banks and agencies may be open only on work days,” Smith said. “Most medical ID thefts go undetected for a year. It’s not like credit card fraud, where you usually are notified quickly if someone tries to use a stolen card. Because of the way medical records are stored, they are extremely fragmented and hard to fix when you find out. That’s why reducing the risk of medical identification theft can help a business’s bottom line.”
Employers may be surprised to learn that medical identity theft may be as likely to occur from within their organization as from outside.
“Fifty percent of medical ID claims are considered `friendly fraud’,” Smith said. “For example, an employee’s brother may be out of work and they allow him to use their insurance card, or a family member borrows it without permission.”
Best defenses
Although eliminating medical ID theft may be impossible, businesses do have effective options to significantly reduce risks and quickly detect breaches. “Managers must implant internal controls and train employees to harden their protection of personal data,” Quiggle said. “Protocols to protect against insider theft are especially important.”
One of the most successful defenses costs nothing to implement.
“The No. 1 thing to emphasize with employees is to be smart about their user names and passwords,” Smith said. “Many people use the same ones for multiple sites, such as health care, banking and payroll information. Identity thieves are pretty adept at stealing credentials and often use them to steal from more than one account.”
Early notification of security breaches also is critical. “Timeliness is key,” he said. “Most explanations of insurance benefits don’t come for 30 to 90 days, but we can provide real-time alerts.”
Companies such as InfoArmor can provide several levels of protection. “The entry level (service) is monitoring personal and insurance carrier information,” Smith said. “We can alert employees daily to a potential compromise of their information online.”
The next level is to search the Internet and other networks for employees’ potentially exposed medical information that may be bought or sold. InfoArmor’s service providers also evaluate medical professionals who submit claims.
“We are able to do scoring behind the scenes to identify doctors with a record of fraudulent claims who may present a high risk,” Smith said. “Finding these fraudulent doctors often is like looking for a needle in a haystack, but we can help make the haystack much smaller.”
InfoArmor is testing a new service that it calls ID Verification, which uses information from dozens of public record databases to enable providers to confirm a patient’s identity before services are administered.
“The newest services are the most employee-focused,” Smith said. “We can determine which employees have a greater inherent risk and monitor their claims data daily. We look for certain flags, such as care being received farther from home, durable medical equipment being purchased in their name or a high volume of paperwork over a short period of time. We then can issue an alert. And we are careful to do everything in a HIPPA-compliant manner.”
Smith said it is still too early to judge the potential impact of the Patient Protection and Affordable Care Act (PPACA) on the incidence of medical identity theft. But for employers seeking ways to reduce medical identity theft and its repercussions on employees, the best offense is a good defense.
“Don’t believe people who try to tell you they can prevent identity theft, because they probably are lying,” he said. “Because theft is not going away, the solution is to detect digital crimes faster.”
Understanding FMLA Basics
Originally posted May 21, 2014 on https://hrdailyadvisor.blr.com.
Is your organization subject to the requirements of the Family and Medical Leave Act (FMLA)? Do all of your employees qualify? What would it take for both your organization and your employees to qualify? And what does all of this mean in terms of employer obligations?
Let’s start with the basics: What employers are subject to the FMLA regulations?
Here are the basics of what employers are covered:
- For private companies, the employer must have at least 50 employees to be subject to the FMLA, and these employees must have worked at least 20 or more workweeks in the current or prior calendar year.
- Additionally, there must be at least 50 employees within a 75-mile radius for that location to be covered.
- Public (government) agencies and schools are subject to the FMLA regardless of the number of employees.
What this means in practice is that any private employer with fewer than 50 employees does not have to provide FMLA leave. And even employers with more than 50 employees do not have to provide FMLA leave to employees who work in locations where there are fewer than 50 employees within a 75-mile radius, even if all other employees are covered. Bear in mind, an employer with fewer employees than this threshold could still choose to allow unpaid leaves that are in alignment with the FMLA standards, but they would not be required to do so by law.
Now let’s look at employees: Which employees qualify to take FMLA leave?
What must an employee do to qualify under the FMLA?
- First, the employee must have been employed by the employer (the same employer who is subject to the FMLA leave based on the criteria above) for at least 1 year. This requirement does not have to be the preceding year calendar year and need not be consecutive. For example, if an employee worked for the employer in the past, that time could count toward this requirement as long as it was fewer than 7 years ago (or if the absence of more than 7 years was due to military obligations).
- The employee must have worked at least 1,250 hours for the employer in the preceding 12 months. Vacation or PTO time does not count toward this requirement.
- The employee must work at a location that has 50 or more employees within a 75-mile radius, as we noted above.
- Finally, the employee must have a qualifying condition. This includes:
- The employee’s own serious health condition.
- The need to care for an immediate family member with a serious health condition. “Immediate family member” refers to a spouse, child, or parent.
- Placement or birth of a child. (The right to leave in this instance extends for up to one year after the birth or placement of the child.)
- Any qualifying exigency related to an immediate family member being in the military on “covered active duty.”
And if both the employer and the employee qualify, what does that mean the employee is entitled to?
If the employer is subject to the FMLA leave and the employee qualifies for it, then the employee has the right to up to 12 workweeks of unpaid leave in a 12-month period, which can be taken in one or more blocks of time. For some conditions, when medically necessary, the leave could also be taken intermittently or on a reduced schedule. The FMLA also entitles the employee to:
- Job reinstatement upon return from leave, in the same or equivalent role.
- Continuation of group health benefits during the leave period. The employee is still obligated to pay his or her insurance premium contributions during that time.
- Up to 26 total weeks of leave (instead of 12) in the case of caring for a covered service- member with a serious injury or illness.
Beyond employee entitlements, covered employers also have an obligation to:
- Post an FMLA notice explaining employee rights under the FMLA program.
- Give all new employees information about the FMLA, either in the employee handbook or separately upon hire.
- Tell an employee when he or she may have an FMLA-qualifying leave, as soon as the employer reasonably should know that an absence or leave request may qualify.
- Give employees an official eligibility notice for FMLA leaves.
- Explain the employee’s rights and responsibilities under the FMLA.
- For all FMLA leaves, note the FMLA designation and how much of the total leave allotment will be deducted from the employee’s leave bank.
These basic components of the FMLA can help employers to understand their obligations under the FMLA. Of course, this is just the tip of the iceberg; proper FMLA administration will require a more in-depth understanding of how to ensure employees are qualified, how to curb FMLA abuse, and how to ensure employees are treated fairly and consistently under the program.
Subsidies May Be Too High Or Low For Some Who Got Coverage
Originally posted May 19, 2014 on www.kaiserhealthnews.org.
More than a million Americans listed incomes on their health insurance applications that differ significantly from those on file with the Internal Revenue Service and therefore may be getting subsidies that are too high or low, The Washington Post says. Other media outlets report that states can decide whether to carry out a key part of the health law's small business exchanges for 2015 and that civil fines of up to $250,000 may be imposed on those who knowingly provide false information to get a subsidy.
The Washington Post: Federal Health-Care Subsidies May Be Too High Or Too Low For More Than 1 Million Americans
The government may be paying incorrect subsidies to more than 1 million Americans for their health plans in the new federal insurance marketplace and has been unable so far to fix the errors, according to internal documents and three people familiar with the situation. The problem means that potentially hundreds of thousands of people are receiving bigger subsidies than they deserve. They are part of a large group of Americans who listed incomes on their insurance applications that differ significantly — either too low or too high — from those on file with the Internal Revenue Service, documents show (Goldstein and Somashekhar, 5/16).
The Wall Street Journal: States To Decide On Key Part Of Small-Business Health Exchanges
The Obama administration said Friday it would let states decide whether to implement a key part of the health law's small-business exchanges next year, extending an earlier delay. The Department of Health and Human Services said in rules released Friday that it would be up to state insurance commissioners to decide whether employees at small businesses using the health-insurance exchanges could choose from a range of plans or be limited to just one selected by their employer (Radnofsky, 5/16).
The Associated Press: $250K Fine For Lying On Health Insurance Forms
Lying to the federal health insurance man could cost you dearly. The Obama administration Friday spelled out civil fines of up to $250,000 for knowingly and willfully providing false information to get taxpayer-subsidized coverage under the new health care law (5/16).
The Hill: HHS Opens Door To Extra Funds For Insurers
Health insurance companies can count on funds from the government if ObamaCare's risk corridor program does not sufficiently cover losses that are higher than expected this year. This news was published in regulations Friday outlining how the law's health insurance exchanges will operate in 2015 (Viebeck, 5/16).
The Fiscal Times: Senators on Botched Obamacare Websites: You Break It, You Bought It
Republican senators are demanding answers from the Obama administration on the handful of failed state exchange websites that have cost taxpayers literally billions of dollars. Some even say that the states should reimburse the government for the cost of these exchange failures. So far, at least four largely inoperable state websites – in Massachusetts, Maryland, Nevada and Oregon – have cost the federal government $4 billion. That number is expected to rise as the states spend more money to replace or rebuild the bad sites (Ehley, 5/16).