TRENDING:

Fraud Management & Cybercrime , Fraud Risk Management , Healthcare

2 Plead Guilty in Nationwide Telemedicine Fraud Scheme

Prosecutors Say Conspiracy Generated $480 Million in Fraudulent Bills Marianne Kolbasuk McGee (HealthInfoSec) • July 15, 2020    
2 Plead Guilty in Nationwide Telemedicine Fraud Scheme

The owner of a telemedicine company and the operator of a durable medical equipment firm have pleaded guilty in connection with a nationwide telemedicine fraud conspiracy that federal prosecutors allege has racked up $480 million in fake Medicare and Medicaid billing. So far, 26 individuals have been charged in connection with the massive case.

See Also: Ponemon Report: The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking

In a Tuesday statement, the Department of Justice says Patrick Wolfe, of Belleair Beach, Florida, has pleaded guilty to one count of conspiracy in a Georgia U.S. District Court. He is the operator of Georgia-based durable medical equipment company, Wilmington Island Medical Inc., which does business as WI Medical Inc.

On July 9, Charlene Frame also pleaded guilty to a conspiracy charge. She’s the operator of Royal Physician Network, LLC, and Envision It Perfect, LLC, Georgia-based telemedicine companies that prosecutors allege were involved with $60 million in fraudulent activities.

The Justice Department, in a July 9 statement, says Frame admitted to conspiring to pay medical providers, such as physicians and nurse practitioners, for diagnostic consultations, in exchange for obtaining thousands of orders for durable medical equipment that would then be sold to DME providers and, ultimately, billed to Medicare.

The conspiracy charges carry a potential sentence of up to five years in prison, plus financial penalties and forfeitures, prosecutors say.

Among the 24 others charged in connection with the nationwide fraud scheme is Scott Hirsch, the operator of JI Medical, Inc., a California company, who was charged in April with conspiring to pay kickbacks in exchange for obtaining fraudulent orders for durable medical equipment that JI Medical Inc. would then bill to Medicare (see: Will Telehealth Fraud Grow Amid COVID-19 Crisis?).

Massive Nationwide Fraud Scheme

Prosecutors say the combined alleged $480 million in fraud crimes charged in the Southern District of Georgia is part of a nationwide scheme that so far has included allegations involving billions of fraudulent claims for genetic testing, orthotic braces, pain creams, and other items.

Others charged in the string of cases include eight physicians, two nurse practitioners, three operators of different telemedicine companies, three brokers of patient data, and several other owners of durable medical equipment companies. The Medicare and Medicaid beneficiaries whose identities were used as part of the scheme are located throughout the country, prosecutors allege.

”As telemedicine becomes an increasing part of our healthcare system, particularly during the COVID-19 pandemic, vigilance in ensuring that fraud and kickbacks do not usurp the legitimate practice of medicine by electronic means is more important than ever,” the justice department says in a statement.

Kickbacks

Prosecutors say Wolfe admitted paying kickbacks in return for “leads,” which were actually signed equipment orders from physicians and nurse practitioners, and then submitting millions of dollars worth of bills to Medicare.

The Frame plea agreement states that from March 2018 until May 2019, Frame and others were part of a telemedicine scheme that involved other individuals who obtained identity and insurance information of Medicare and other patients through a series of call centers.

Prosecutors say the patient information was then sold to durable medical equipment companies or pharmacies that would then use the information to bill Medicare and other payers for items ordered for the beneficiaries.

”Frame used facilities in interstate or foreign commerce [for] … carrying on this telemedicine scheme, including internet-based programs used to sign digitally and transmit medical records that could be sent to companies located across the country,” prosecutors allege.

Digital Signatures

A legitimate telemedicine service might use a digitally signed record, notes regulatory attorney Marti Arvin of the security consulting firm CynergisTek. But based on Frame’s plea agreement, “it would appear the issue is more about the use of the digitally signed record created from the consultative service that was medically unnecessary and its transmission for use to support the ordering and [fraudulent] billing for the devices in question.”

The alleged telemedicine fraud involving Frame, Wolf and others is part of an evolving crime pattern that often targets patients and other unsuspecting individuals, some experts say.

”The abuse of vulnerable individuals, including the elderly, has been with us a long time,” says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C. “What we’re seeing now is a migration from paper and ink fraud to electronic means of taking illegal financial advantage.”

While digital signatures can be used to help protect patients from fraud, “it’s the management – and the human element – involved in the transaction that poses the greatest threat,” he notes. “That threat of fraud is still present where a criminal enterprise can set a scheme using ‘digital signatures,’ whether home grown or acquired through another cybersecurity incident.”

Arvin of CynergisTek says that any program that allows for a document to be electronically signed needs to have certain key security features. “Once such feature is a method to ensure authentication to confirm the signatory is who they really say they are,” she says.

“This plea deal does not specify, but it is completely possible the digital signature of the provider was not fraudulent i.e. it was the actual signature of the provider in question. The fraudulent part appears to be the bogus consultative service that was digitally signed and then used to create the appearance of medical necessity for the device.”

Taking Action

Organizations can take measures to help prevent fraud involving digital signatures, Teppler says.

”If the digital signature process is based on a cryptographic based standard from the National Institute of Standards and Technology, such as publication FIPS PUB 186-4, and traces back to a valid certificate with a trusted root certification authority that has - or its proxy has - properly vetted the identities of the parties signing involved, the likelihood of fraud detection and prevention may be increased,” he notes.

Other Fraud

While the use of telehealth is surging during the coronavirus pandemic, so far, the telemedicine conspiracy case prosecuted in Georgia has not involved COVID-19 fraud, the Justice Department spokesman tells ISMG.

But in a separate case, a Georgia man was charged with attempting to sell 50 million non-existent facemasks to a foreign government.

Prosecutors allege that Paul Penn, through his company, Spectrum Global Holdings, LLC, agreed to act as a middleman in exchange for a cut of the $317 million sales price.

”Based on representations from Penn and others, the buyer, a foreign government, wired the funds to complete the purchase, which was disrupted by the U.S. Secret Service just before the transaction could be completed,” prosecutors allege.

Previous
Microsoft: Patching 'Wormable' Windows Server Flaw Is Urgent
Next
Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.