Wednesday, April 23, 2014
By M.B. Pell, The Atlanta Journal-Constitution
ATLANTA - Dorsey Med Group is conveniently located for patients near Atlanta's Buckhead district who are looking for a good internist. On paper, the clinic is headed by a respected physician with 39 years of experience.
Dr. Harry Dorsey, an internist in Albany, Ga., had his medical license number stolen in 2010 by someone using a UPS Store mailbox to obtain a National Provider Identifier.
Brant Sanderlin/Atlanta Journal-Constitution/MCT
Patients might be a little put off by its size, though.
The medical office could easily hold a box of sterilized latex gloves, but not much more.
It's located at 2625 Piedmont Road Northeast, Suite 56-331 -- a UPS Store mailbox.
And the doctor who is the clinic's namesake didn't know he was the CEO, as federal records show. He certainly never made the 192-mile drive from his Albany practice to Buckhead to see patients or review medical records.
Federal officials probably should have grown suspicious two years ago when someone using the name Olga Teplukhina incorporated the fictitious medical practice, applied for a National Provider Identification number and claimed a UPS mailbox as the practice location.
Then again, the box is the largest size UPS offers.
"So have they been billing stuff?" Dr. Harry Dorsey asked when the Atlanta Journal-Constitution told him the suspicious provider number was still active. "That's identity fraud, and that really ticks me off."
For years, officials at the agency that administers Medicare have known that fraudsters sign up as health care providers using UPS Store mailboxes and other post office box like addresses as their location. But the Centers for Medicare and Medicaid Services says it lacks the technology to identify these locations because they look like legitimate street addresses, not like the easily identified post office box addresses.
CMS doesn't even stop providers from using post office boxes, though. They know they should and they know it's simple, but the agency still has in its system nearly 300 providers nationwide using post office boxes as their location, according to the newspaper's analysis of the CMS provider registry.
So when will CMS be able to flag the providers using UPS Store addresses and boot any scammers? The agency says it has no timeline.
CMS officials insist they don't need to hurry because anyone trying to rip off a federal health care program would first need to enroll in the Medicare billing system. That process should -- probably, hopefully -- snag anyone using a UPS Store as a practice location because it involves a more stringent review.
Don't tell that to Ryan Stumphauzer, a former federal prosecutor in the Southern District of Florida who specialized in health care fraud.
"They've got a fake NPI, they've got a fake address, but they're not concerned yet?" he asked.
"That's like seeing a man pacing back and forth in front of a bank with a mask on and he has something tucked under his shirt, but you don't do anything because he hasn't gone into the bank yet," Stumphauzer said. "Not addressing these problems up front is what costs the system $60 billion each year."
Even if the phony health care provider doesn't bill Medicare directly, the government is left vulnerable to other fraud schemes, said Malcolm Sparrow, a professor of public management at Harvard's Kennedy School of Government.
Using a sham provider number and a UPS Store address, a scam artist can provide what looks like a real physician's approval for unnecessary or non-existent medical services and equipment for a company that is registered to bill Medicare.
Should CMS ask the doctor if the services or equipment were necessary, the agency's inquiry goes to the UPS Store mailbox. The fraudster then assures the agency of the need.
While CMS officials say they can't find these fake medical providers, identifying them is not hard.
The AJC used an inexpensive software program and a list of UPS Store addresses found on the Internet. That turned up 131 CMS-registered medical providers across metro Atlanta claiming a UPS Store as their practice location.
Most likely filled out their paperwork incorrectly and are not committing fraud. Some were already under investigation, while others have been identified as fronts for fraud schemes and the perpetrators prosecuted and convicted.
But several physicians said they were stunned when the AJC told them a provider number was created using their name.
And two dozen of the 131 identified by the AJC are now under review by a federal contractor after the newspaper brought its findings to the attention of the U.S. Department of Health & Human Services Office of the Inspector General.
"If one company is defrauding the Medicare trust fund, that's one too many," said Kelly McCoy, assistant special agent in charge of the watchdog agency in Atlanta. "This agency will diligently pursue any evidence of fraud."
Accurate estimates of the cost of health care fraud do not exist, Sparrow said. But he told the U.S. Senate in 2009 that fraud could siphon off $100 billion to $500 billion a year.
The cost is borne by federal taxpayers who support Medicare, state taxpayers who support Medicaid and customers of private insurance companies.
Estimating the cost of specific fraud schemes, like a scam using UPS boxes, is even trickier. But the scheme can be lucrative.
More Than Ready Company, located at a UPS store on Peachtree Industrial Boulevard in Atlanta, was among a number of companies that billed Medicare for fraudulent injections of medication. The provider billed Medicare for $1.2 million. Eventually, several people were convicted of health care fraud as a result.
More Than Ready Company still has an active provider number, however. CMS says that's because even companies that commit health care fraud can still render services for private health insurance plans.
These suspicious organizations sprout up across the country. Outside of Atlanta, in spot checks the AJC identified potentially fraudulent providers in Louisiana, Florida, Kentucky, Ohio, Texas and Massachusetts.
Two years ago, a man calling himself Dulat Adilshin created IEDM Services Inc. The supposed obstetrics and gynecology office was located in a UPS Box Store mailbox in Baton Rouge.
According to CMS records, Dr. Edan Moran is the CEO. Moran is an obstetrician, but his practice is in Alexandria, La., more than 100 miles from the UPS Store in Baton Rouge.
Moran said he does not know Adilshin and he does not know IEDM Services.
Iin 2010, Adilshin incorporated Meadows Med Group Inc. in Georgia.
The fictitious family-medical practice is located in a UPS Store mailbox on Hugh Howell Road in Tucker, according to CMS. Agency records list Dr. David Derrer, a family physician at Georgia Highlands Medical Services in Atlanta, as the CEO.
But Derrer said he never heard of Meadows Med Group or Adilshin before receiving a phone call from the AJC.
Obtaining a fake provider number is much less difficult than canceling one. Scam artists can find almost all the information they need from a state medical licensing website. After that, they fill out a short application on the CMS website.
CMS officials wouldn't discuss this issue on the record, but they said they know there are loopholes in the system.
"Over the last several years we have stepped up our efforts to fight Medicare fraud and we are continuing our work to crack down on anyone who tries to steal from seniors and taxpayers," CMS officials said in a prepared statement.