oversight

Health Care: Fraud Schemes Committed by Career Criminals and Organized Criminal Groups and Impact on Consumers and Legitimate Health Care Providers

Published by the Government Accountability Office on 1999-10-05.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States General Accounting Office                                   Office of Special Investigations
Washington, DC 20548




          B-283695

          October 5, 1999

          The Honorable Susan M. Collins
          Chairman
          Permanent Subcommittee on
            Investigations
          Committee on Governmental Affairs
          United States Senate

          Subject: Health Care: Fraud Schemes Committed by Career Criminals and Organized
                   Criminal Groups and Impact on Consumers and Legitimate Health Care
                   Providers

          Dear Madam Chairman:

          This report responds to your July 27, 1998, request that we provide you with information
          concerning the nature and magnitude of illegal activity by career criminal and organized
          criminal groups posing as health care providers for the purpose of defrauding federal, state,
          and private insurance systems. Both Medicare and Medicaid programs, because of their size
          and complexity, are vulnerable to fraud and abuse. We have reported previously about the
          importance of controlling health care costs, especially in the federal government.1
          Controlling fraud is part of the remedy for controlling health care costs. In fiscal year 1998,
          the latest year for which statistics are available, Medicare paid out more than $193 billion and
          Medicaid spent approximately $177 billion.


          The Coalition Against Insurance Fraud, using private insurance information provided by the
          Health Insurance Association of America and public insurance information supplied by the
          Health Care Financing Administration (HCFA), estimated the dollar amount of nationwide
          health care claim fraud for 19972 to be $53.9 billion. Of this amount, approximately
          $20 billion was attributed to fraudulent private insurance claims; and approximately
          $34 billion was attributed to fraudulent public insurance claims, including Medicare and



          1
            Medicare: HCFA’s Use of Anti-Fraud-and-Abuse Funding and Authorities (GAO/HEHS-98-160, June 1,
          1998); Private Health Insurance: Continued Erosion of Coverage Linked to Cost Pressures
          (GAO/HEHS-97-122, July 24, 1997); Medicaid Fraud and Abuse: Stronger Action Needed to Remove
          Excluded Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997); High Risk
          Series: Medicare (GAO/HR-97-10, Feb. 1997).
          2
            The most current year for which statistics were available was 1997.



          1                                       GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

Medicaid.3 There is a growing trend in health care fraud in which sham providers are
entering the health care system with the sole and explicit purpose of exploiting it. Rather
than first providing services at an inflated cost, these criminals often bill Medicare while
providing no or inferior services. As our review determined, however, this trend is not
limited to the Medicare program. State Medicaid programs and private insurers throughout
the country are being defrauded in the same manner. Within the past several years, state and
federal law enforcement officials in every part of the country have uncovered such fraud.


In order to address the proliferation of health care fraud on the part of criminals and
organized criminal groups, you asked us to report on (1) the makeup and prior activities of
such groups; (2) how organized criminal groups created medical entities or used legitimate
medical entities or individuals to defraud Medicare, Medicaid, and private insurers; (3)
schemes used by such groups to commit health care fraud; and (4) the impact that illegal
activity by such groups has on consumers and legitimate health care providers.


To develop this information, we identified seven criminal health care fraud investigations for
review. In the four cases involving Medicare and Medicaid fraud, the leaders of each criminal
group pled guilty to federal or state criminal charges related to health care fraud. These
charges included conspiracy to defraud the United States, conspiracy to commit money
laundering, mail fraud, racketeering, conspiracy to commit racketeering, and/or organized
fraud. In the three private insurance cases, the leaders of each group were indicted: one is
awaiting trial while the other two are fugitives. Cases against other group members in each
of the seven groups are in various stages of completion, with some members having pled
guilty to criminal charges and other members in fugitive status following indictments.


We interviewed federal and state law enforcement officials associated with the investigations
we reviewed and largely relied upon their investigative findings in preparing our report. Plea
agreements, along with stipulations of fact and/or criminal information contained in court
documents, generally confirmed many of the investigative findings. The investigations
involved criminal groups that were representing themselves as legitimate providers and,
allegedly, billing public and private insurance systems for medical services and equipment
not rendered or not necessary. The cases we reviewed involved a combination of Medicare,
Medicaid, and private insurance fraud or alleged fraud occurring in Florida, North Carolina,
and Illinois between 1992 and 1998, with the period of fraud or alleged fraud in each case
lasting between 3 months and 4 years. In the seven cases we reviewed, the fraudulent claims
ranged from between $795,000 to more than $120 million, of which between $72,000 and over
$32 million were actually paid by either Medicare, Medicaid, private insurers, or a
combination thereof. With respect to the cases involving private insurers, alleged fraudulent
claims were filed with between 18 to over 100 insurance companies and self-insured plans.
(See encl. I for a more detailed scope and methodology.)




3
  These figures are estimates of claim fraud. They do not include costs related to the detection,
investigation, or prosecution of insurance fraud, nor has there been any attempt to estimate the
amount of fraud committed by insurers or those purported to be in the business of insurance.


Page 2                                     GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

Results in Brief

While the full extent of the problem remains unknown, we did determine that career criminal
and organized criminal groups are involved in Medicare, Medicaid, and private insurance
health care fraud or alleged fraud throughout the country. In the cases we reviewed, criminal
groups varied in size from 2 or 3 participants to more than 20 participants and generally had
one leader. Many group members had prior criminal histories for criminal activity unrelated
to health care fraud, indicating that they moved from one field of criminal activity to another.
The primary subjects in these cases had little or no known medical or health care education,
training, or experience. At least two groups learned or were suspected of having learned how
to commit health care fraud from others already engaged in such fraud. In some of the cases
we reviewed, criminal-group members had relatives or associates in foreign countries who
helped them transfer their ill-gotten health care proceeds.


These groups created as many as 160 sham medical entities—such as medical clinics,
physician groups, diagnostic laboratories, and durable medical equipment (DME)4
companies, often using fictitious names or the names of others on paperwork—or used the
names of uninvolved legitimate providers to bill for services and equipment not provided or
not medically necessary. For the most part, these entities existed only on paper. Once the
structure was in place, subjects used a variety of schemes to submit claims to Medicare,
Medicaid, or private insurance companies.


One scheme used is sometimes referred to as “patient brokering” or “rent-a-patient.” Under
this scheme, which was used in one of the Medicare cases, the subjects used “recruiters”5
(also known as “runners”) to organize and recruit beneficiaries (patients)6 who visited clinics
owned or operated by such subjects for unnecessary diagnostic testing and/or medical
services. Recruiters received a fee for each beneficiary brought in; hence they “rented” or
“brokered” the beneficiary and/or identifying information to the subjects. In turn, recruiters
paid a portion of their fee to each cooperating beneficiary. The beneficiaries’ insurance was
later billed for these and other services or equipment not provided. In addition to the
beneficiaries, some physicians were willing to collaborate with subjects in exchange for
money.


Another successful scheme is commonly referred to as “drop box” or “mail drop.” In this
                                                7
scheme, which was used in six of the seven cases according to investigators, subjects rented
4
  Durable medical equipment, or “DME,” includes such things as iron lungs, oxygen tents, oxygen
concentrators, hospital beds, and wheelchairs used in the patient’s home, whether furnished on a
rental basis or purchased; blood-testing strips and blood glucose monitors for individuals with
diabetes; and seat-lifting mechanisms.
5
  “Recruiters” are individuals who are paid by providers to bring beneficiaries to their clinics or offices
for unnecessary medical services at no charge to the beneficiaries. Recruiters usually share a portion
of their fees with cooperating beneficiaries.
6
  Medicare-covered patients are most often referred to as “beneficiaries”; Medicaid-covered patients
are referred to as “recipients”; and private insurance-covered patients are referred to as “insureds.”
For the purpose of simplification, we will refer to all insured individuals (patients) as “beneficiaries” in
this report.
7
  In the seventh case, the basic elements of the drop box scheme were used without the use of private
mailboxes. In that case, the subject received fraudulent medical payments electronically.


Page 3                                       GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

private mailboxes or drop boxes, set up bogus corporations, and opened phony corporate
bank accounts. Subjects then used stolen, purchased, or otherwise obtained beneficiary and
provider information to bill insurance plans for medical services and equipment not provided.
Members of the criminal groups retrieved insurance checks from the drop boxes and
deposited them into controlled bank accounts. Once deposited, proceeds were quickly
converted to cash or transferred to other accounts and moved out of the reach of authorities.
These activities sometimes continued even after subjects were indicted, arrested, or jailed.


The above-described activities affect consumers, beneficiaries, health care providers, and law
enforcement officials. Consumers pay increased health care costs in the form of taxes,
because taxpayer contributions support Medicare and Medicaid. In the case of private
insurance, insured individuals pay increased premiums. According to investigators and
doctors, false medical histories for some beneficiaries could affect the care prescribed, as the
care could be based on false data. Beneficiaries also unknowingly risk exhaustion of their
insurance benefits, due to false information included in the claims that use their names.
Legitimate providers may find their reputations tarnished and their provider numbers
suspended when investigators look into alleged fraud committed in the names of these
legitimate providers. Such inquiry may also delay payment of their legitimate claims.
Because of the multiplicity of schemes and the ease with which subjects move their
operations from location to location, law enforcement officials find it difficult to keep up
with this growing and widespread form of fraud and are often unable to seize or recoup
fraudulent proceeds that are quickly moved out of their reach.


Criminals and Other Individuals With No Known Prior Criminal History Have
Migrated to the Health Care Field

Criminals previously involved in other types of crime are now migrating into the health care
fraud arena. In at least four of the seven cases we reviewed, some of the subjects had prior
criminal records for crimes unrelated to health care, including securities fraud, narcotics
violations, tax evasion, weapons violations, forgery, grand theft auto, and criminal boating
violations. In one case, two of the subjects were on probation for non-health-care-related
crimes at the time they committed the health care fraud. In three cases where there were no
known prior criminal records, the individuals had connections to other criminal groups or
individuals reportedly involved in health care fraud.


In the Illinois Medicaid case, an individual in New Jersey sent four individuals to Illinois to
open a laboratory. When the group arrived in Illinois and purchased a lab, the previous lab
owner had to teach them how to operate the lab and how to bill Medicaid and Medicare
because the four had no prior experience operating medical laboratories. The group
purportedly cashed the Medicaid insurance checks it received and forwarded them to the
New Jersey individual. The investigator later found out that the New Jersey individual was
under investigation for health care fraud.


We found other cases in which health care criminal groups were teaching health care fraud to
others and expanding into other geographical areas. In the North Carolina Medicare case,
three subjects residing in North Carolina traveled to Florida where relatives taught them how
to anonymously file false Medicare claims. They then returned to North Carolina and began


Page 4                                  GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

filing such claims. In one of the Florida private insurance cases, the investigator suspected
the subject had learned how to commit health care fraud from two former employers who
had previously been investigated for Medicaid fraud in South Florida.


In the cases we reviewed, according to investigators, the leaders of the groups had little or no
known medical or health care education, training, or experience; and none possessed
medical licenses.


Some of the individuals involved with the criminal groups investigated used relatives and
associates in other countries to help them transfer fraudulently obtained money.


Criminal Groups Created Sham Medical Entities or Used Legitimate Medical
Entities to Defraud Public and Private Health Insurance Systems

In six of the seven cases we reviewed, individuals in the criminal groups incorporated or
otherwise set up as many as 160 medical clinics, physician groups, diagnostic labs, and/or
DME companies to submit fraudulent or allegedly fraudulent public and/or private health
insurance claims. In the seventh case, the subject used the names of four real clinics; but he
changed their addresses on allegedly fraudulent claims so that payments would be mailed to
private mailboxes that he controlled.


Typically, the leader of the group, in conjunction with others, would set up the medical
facility by filing incorporation documents and obtaining state and federal certifications and
provider numbers, where required, and, in some cases, taxpayer identification numbers
(TIN). In two of the cases we reviewed, an actual physical location was set up for at least
one of the companies established. For example, in the Illinois Medicaid case involving a
laboratory, the subject paid 1 month’s lease on office space and state-of-the-art medical
testing equipment to obtain the certification needed to bill Medicaid for complex lab tests.
Afterward, no patients were ever seen in the lab. In the Florida Medicare case, some clinics
were opened to perform unnecessary diagnostic procedures on cooperating beneficiaries.


In most cases, however, the medical entities existed only on paper. To maintain anonymity,
leaders of the groups frequently set up medical entities using fictitious names or the names of
other group members, including relatives or associates. They sometimes fabricated
identification cards by using their own picture but the name and identifying information of an
uninvolved, unsuspecting individual. In one instance, the leader of the group opened
companies in the names of individuals he met while serving time in prison. In the North
Carolina Medicare case, the subjects searched for and found two individuals who wanted to
leave the United States. The subjects paid each of the individuals $100,000 for the use of
their identities to set up corporations, bank accounts, and mail boxes and to obtain TINs,
Medicare supplier numbers, and local licenses. Both individuals later left the country.




Page 5                                  GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

Once the framework was in place, subjects in the cases we reviewed used a variety of
schemes to file claims with Medicare, Medicaid, and/or private insurance plans for medical
services and/or equipment not provided or not medically necessary.


Criminal Groups Collaborated With or Used Beneficiaries, Physicians, and Clinics to
Commit Alleged Health Care Fraud

In a scheme sometimes referred to as “rent-a-patient,” recruiters organized beneficiaries to go
to subjects’ clinics for unnecessary diagnostic testing and/or medical services. The
beneficiaries’ insurance was billed for those services and often for other services or medical
equipment never provided. Licensed physicians sometimes participated in such schemes,
typically exchanging their signatures on medical records for cash, without actually
performing or overseeing any medical services, or providing Certificates of Medical Necessity
(CMN)8 for DME equipment not provided or necessary.


In addition to recruiting willing beneficiaries and providers, members of these criminal
groups purchased, stole, or otherwise obtained beneficiary, physician, and clinic information
to bill insurance plans for medical services or equipment never provided in another scheme,
referred to as “drop box,” because the groups used private mailboxes to effectuate the
scheme. In some cases, subjects attached fictitious doctor names to claims.


Use of Recruiters and Cooperating Beneficiaries

In two of the South Florida cases we analyzed involving Medicare and Medicaid fraud,
recruiters organized and recruited thousands of beneficiaries from, among other places, low-
income housing projects and retirement communities and drove them to area clinics for rote
examinations and unnecessary testing, treatment, or DME referrals. Recruiters,
predominantly elderly women in one case, generally received a fee of $100 to $135 for each
beneficiary they brought in. In turn, recruiters paid a portion of their fee to each cooperating
beneficiary. Cooperating beneficiaries participated to “make a few bucks” and understood
that if they needed “a real doctor,” they were to go elsewhere.


In some cases, according to law enforcement officials, cooperating beneficiaries were known
to have been solicited to go to a private apartment to have x-rays taken via portable x-ray
units or to have blood drawn. The beneficiaries received cash or unneeded prescriptions,
which they later filled and sold on the street. Their insurance plans were billed for x-rays,
blood tests, or other unnecessary services or equipment.


In some cases, beneficiaries have been known to provide only their insurance (i.e., Medicaid)
number in exchange for cash. A laboratory would later bill their insurance for blood tests it
conducted using someone else’s blood. Also, clinic owners would send blood samples to labs

8
  A valid CMN is required for the payment of Medicare claims for DME. A valid CMN is one that the
treating physician has attested to and signed, supporting the medical need for the DME item, and on
which appropriate individuals have completed the medical portion.


Page 6                                    GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

to conduct tests and bill Medicare or Medicaid, and the labs would “kick back” some of the
money to the clinic owners. An official from the New Jersey State Attorney General’s Office,
Medicaid Fraud Section, stated, “Most [beneficiaries] know that their Medicaid card is better
than a VISA card for getting money.” In essence, under this scheme, beneficiary and/or
identifying information is “rented” or “brokered” to subjects. (See fig. 1.)


Figure 1: “Rent-a-Patient” Scheme




Source: Florida Department of Insurance, Division of Insurance Fraud


Use of Cooperating Physicians and Physician Assistants

In two South Florida cases involving Medicare and Medicaid, some licensed medical doctors
and several foreign medical school graduates, some of whom were certified physician
assistants, cooperated in the schemes. In the Florida Medicare case, which involved clinics
and DME companies, the medical school graduates and/or physician assistants performed the
actual procedures, including administering noninvasive medical tests and filling out medical
charts. Licensed physicians were then paid $50 to $100 per medical chart to periodically sign
medical records for services they neither performed nor supervised or to provide referrals or
CMNs for DME that was not needed. (See also fig. 1.) Although they signed for services




Page 7                                       GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

purportedly performed by them or under their direction or observation, they were, in fact,
                                             9
not present when the services were performed.


In the Florida Medicaid case involving DME companies, two clinic doctors were
compensated for providing CMNs, which allowed the subjects to bill for unneeded oxygen
concentrators through their DME companies.


Identities of Beneficiaries, Physicians, and Legitimate Clinics Used on Claims Without Their
Authorization or Knowledge

         Victim Beneficiaries

In all cases we reviewed, subjects used at least some “victim”10 beneficiary information that
was purchased, stolen, or otherwise obtained to file false Medicare, Medicaid, and/or private
insurance claims. These victim beneficiaries received no medical services or supplies, were
not involved in the fraudulent and alleged fraudulent activity, were not aware their names
had been used on the claims, and did not authorize the use of their identities on such claims.
According to law enforcement authorities, the identities of an estimated 35 to 2,500 victim
beneficiaries were compromised in each of the seven cases. Some beneficiaries learned of
the fraudulent and alleged fraudulent claims when they received Explanation of Benefits
(EOB), Explanation of Medical Benefits (EOMB), or Medical Summary Notice (MSN)11 forms
in the mail from the relevant insurer showing services or equipment they did not receive.
Others learned of the fraud and alleged fraud when their insurer notified them about
questionable claims filed or investigators contacted them looking into such claims. In the
Illinois Medicaid case and one of the Florida private insurance cases, claims were filed for
more than 17 beneficiaries who had died prior to the purported dates of medical service as
shown on such claims. The claims were not paid.


•   In some of the cases we reviewed, investigators told us they were able to tie several
    victim beneficiaries to a common hospital where all the beneficiaries had previously been
    treated, suggesting that someone in the hospital released beneficiary information to
    criminals.


•   Providers in Charlotte, North Carolina, submitted Medicare claims for supplies and
    equipment purportedly provided to beneficiaries residing in South Florida upon orders of
    Charlotte-area physicians. In that case, the group leader had paid a relative—a physician


9
  The Medicare Carrier’s Manual, Title B3, Section 2050 requires that the physician be physically
present on the premises during the time of medical service for the service to be covered by Medicare.
10
   In this letter, the terms “victim” beneficiaries, “victim” physicians, and “victim” clinics refer to
uninvolved individuals or entities whose identities were used on fraudulent health care claims or other
documents without their knowledge or authorization.
11
   The relevant payer sends EOBs, EOMBs, and MSNs to beneficiaries after a claim has been
processed. Such statements list charges that have been billed to the insurer on the insured’s behalf.
Beneficiaries are encouraged to check such statements to be sure they were not billed for services,
medical supplies, or equipment they did not receive.


Page 8                                     GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

    at a Miami hospital—to obtain beneficiary lists from the Miami hospital. The relative was
    paid $5 to $7 per patient name.


•   In the Illinois Medicaid case, the subjects fraudulently billed Medicaid using patient
    billing information they had legitimately obtained when they purchased a clinical
    laboratory from another individual.


•   In the Florida Medicare case, an informant purchased copies of Medicare identification
    cards from a records clerk employed by legitimate doctors. The records clerk had first
    approached the informant about selling the identification cards when they became
    acquainted at a local bingo hall.


•   During our review, a doctor in Miami, Florida, told us that his billing discs were stolen in
    an office burglary, while cash was left behind. The doctor told us that after the burglary,
    he received phone calls from patients about suspicious EOBs with his name attached to
    them for services he had not rendered. He further stated that other doctors in the same
    building and in another nearby professional building were burglarized in the same
    manner.


•   In the Florida Medicaid case, the group leader’s sister-in-law, who worked for a company
    that transported Medicaid patients, provided him with lists of beneficiary information.


In addition to the above examples, an investigator with a private insurance company told us
that lists of beneficiary names and identifying information are known to have been sold
illegally for $50,000. We were also told that beneficiary information is sometimes stolen from
hospitals or providers, taken from trash bins, or obtained by computer hackers.


         Victim Physicians and Clinics

In the same way that victim beneficiary information was used, victim provider information
was also used in fraudulent health care claims. Victim physicians and clinics were not aware
of the false claims; had not treated or referred the beneficiaries in question for the services or
equipment shown; had not authorized the use of their identities; and, in many cases, did not
even know the beneficiaries shown on the claims. Victim providers often became aware of
such claims filed in their names when they received telephone calls from beneficiaries
inquiring or complaining about EOBs they received showing medical services or equipment
they had not received. In other cases, they learned about such claims only after being
contacted by criminal investigators. In each of the 7 cases we reviewed, subjects used the
names and identifying information of between 2 and more than 120 victim physicians as
either the providing physician or the referring physician on the claims they submitted and on
CMNs.




Page 9                                   GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

•    In one of the Florida private insurance cases, the leader of the group allegedly used the
     names of four legitimate clinics as the providers of service on insurance claims. He
     simply changed the addresses of the clinics on the claim forms to a private mailbox he
     controlled.


•    In a Florida private insurance case, the leader of the group allegedly used a victim
     doctor’s name to file claims and to open a bank account the group leader controlled. To
     open the account, he presented the bank with a resident alien identification card bearing
     his photograph and the victim doctor’s name; he also had a social security card bearing
     the victim doctor’s name. Checks from this bank account were made payable to the
     leader of the group.


•    In addition, in the case of one of the Florida private insurance investigations, victim
     doctors listed on claims as the “treating” physicians told investigators that they were not
     affiliated with the clinic or the physician group listed on such claims.


•    Subjects sometimes obtained physician names and unique physician identification
     numbers (UPIN)12 from unscrupulous hospital employees. In the North Carolina
     Medicare case, for example, a coconspirator who worked as an accounts receivable
     manager at a local hospital provided physician names and UPINs to the leader of the
     group. While executing a search warrant relative to the same investigation, investigating
     agents found a nationwide provider directory, which listed physician names and UPINs.


An investigator from the Florida Division of Insurance Fraud told us that physician names
and UPINs are readily available and showed us a physician telephone directory known as
“The Little Blue Book,” which lists physician names, addresses, specialties, and UPINs by
county. The back of the directory includes an order form and a listing of all counties for
which the directory is available, including metropolitan areas in most states. The
investigating agents in the North Carolina Medicare case learned that nationwide provider
names and UPINs can also be found on the Internet.


        Fictitious Doctor Names Used on Claims

In two of the Florida private insurance cases, the investigators told us that the subjects also
used the names of fictitious doctors on the claims they submitted. According to the
investigator in one of the cases, the designation “M.D.” followed fabricated names shown as
the providers of services/billing entities on claims. The investigator determined there was no
record of medical licensure under those names in the state of Florida.




12
  Physicians and nonphysician providers who order or refer services, including lab work, for
beneficiaries must submit their names and their UPINs on HCFA-1500 (Health Insurance Claim Form).


Page 10                                  GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

Criminal Groups Used Third-Party Billing Companies, Private Mailboxes, and Bank
Accounts to Defraud Medicare, Medicaid, and Private Insurance

In at least three of the investigations we reviewed, subjects used third-party billing
                                                                                            13
companies to file fraudulent claims and receive payment. In one case, a factoring company
was also used. Subjects sometimes defrauded more than one system. In six of the seven
cases we reviewed, subjects used a “drop box” scheme, that is, they set up phony
corporations, private mailboxes, and corporate accounts. Members of the criminal group
would retrieve the insurance checks from the private mailboxes and deposit them into the
bank accounts that they controlled. Once deposited, proceeds would quickly be converted to
cash or moved to other accounts and moved out of the reach of authorities. Some of the
subjects had associates or relatives who helped them transfer the ill-gotten proceeds. In the
seventh case, subjects used the basic elements of the drop box scheme but received medical
payments electronically rather than through the use of private mailboxes.


Submission of Claims

In the Florida Medicare case involving the use of clinics and recruited beneficiaries, the
suspect’s employees generated computerized Medicare claims using biographical data and
the names of recruited beneficiaries. They then downloaded the information to tapes and
delivered the tapes to a third-party billing company that entered the information into its own
computer and sent it electronically to Medicare. Medicare generated a confirmation receipt
that was forwarded to a factoring company, and the factoring company electronically
advanced a predetermined percentage of the anticipated Medicare payment to the subject’s
bank account. The investigator on this case stated that although he believes the third-party
billing company started out as a legitimate company, the owner began to understand that it
was more profitable to bill nonlegitimate claims. He ignored questionable claims from the
subject even when the third-party billing company’s employees raised concerns about the
same beneficiary names repeatedly showing up on claims.


The Florida Medicaid case involved the use of two third-party billing companies to submit
fraudulent claims for DME, namely oxygen concentrators. Individuals known to the subject
operated both third-party billing companies and were aware that the claims were fraudulent.
One of the third-party billing companies filed claims for DME for the subject based solely on
beneficiary names and Medicaid numbers without required CMNs. When investigators asked
the owner of the third-party billing company to produce the CMNs, she contacted the primary
subject who, along with his associates, created the required CMNs. These fabricated CMNs
were turned over to investigators the following day. (Subjects in one of the Florida private
insurance cases used the same third-party billing company to file claims.)


Other subjects prepared fraudulent paper claims without the use of third-party billing
companies. In the North Carolina Medicare case, the leader of the group prepared Medicare
claims and related documents. After investigators questioned him about his retrieval of
Medicare payments from a private mailbox, he disassembled the typewriter he had used to
prepare the claims and instructed his daughter to dispose of the pieces. Later, when he

13
  Factoring companies purchase the accounts receivable of a firm at a discount price, thereby
providing the firm with immediate working capital.


Page 11                                   GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

thought he was no longer being closely scrutinized, he had his daughters and other
neighborhood girls generate paper claims to private insurance plans from a home computer.


Billing of More Than One Insurance System

In at least three of the seven cases we reviewed, career and organized criminal groups
defrauded more than one system (i.e., Medicare, Medicaid, or private insurance systems)
simultaneously or moved from one system to another after they were caught in one area. For
example, in the Florida Medicare case, subjects had filed in excess of $120 million in
fraudulent Medicare claims and $1.5 million in fraudulent Medicaid claims. Because the
investigator in the Medicare case had made a referral to Medicaid, Medicaid was able to stop
the payment of the $1.5 million in fraudulent Medicaid claims filed by the group.


In the North Carolina Medicare case, the leader of the group fled the country after being
questioned by investigators about fraudulent Medicare claim payments. He returned to the
United States a few weeks later and began submitting fraudulent health care claims to private
insurance systems. This subject later told investigators that it was easy to get money from
Medicare. However, according to the same individual, getting money from private insurers
was so easy, it was “like stealing candy.”


Use of Private Mailbox Facilities

To gain possession of insurance checks in payment of fraudulent health care claims, subjects
in 6 of the 7 cases we reviewed had the checks sent to as many as 80 private mailboxes, or
drop boxes. These mailboxes were opened at privately owned commercial mail receiving
agencies (CMRA), including, among others, Mail Boxes Etc, A Mailbox for Less, and Pakmail
Centers of America.14 Fraudulent and allegedly fraudulent claims listed the addresses for
providers/billing entities as the CMRA addresses, with the actual mailbox numbers generally
appearing on claims as suite numbers, building numbers, or office numbers.15 The group
leader or other group members retrieved mail from these boxes. While some mail drop boxes
were set up using the names of the group leader or cooperating coconspirators, others were
set up using phony identification cards containing fictitious names or assumed identities
along with photographs of the subjects. (See fig. 2.)




14
   There is no indication that these CMRAs were involved in the fraud, except for the North Carolina
Medicare case. In that case, the subject purchased his own Mail Boxes Etc franchise and began using
its mailboxes to further his fraudulent activity while also retaining mailboxes at other uninvolved
franchises.
15
   A new CMRA regulation adopted by the U.S. Postal Service on Apr. 26, 1999, requires that all mail
delivered to CMRAs be identified on its face as a private mailbox, or “PMB” (39 C.F.R. part 111 and
Domestic Mail Manual D042.2.6). This regulation is meant to keep criminals from using CMRA
addresses for credit card fraud and other scams. All CMRA customers must be in compliance by
Apr. 26, 2000.


Page 12                                   GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

Figure 2: “Drop Box” Scheme




Source: Florida Department of Insurance, Division of Insurance Fraud


In one of the Florida private insurance cases where subjects operated within the Miami/Dade
County area, 7 of 10 mail drop boxes were set up in other counties. The leader of the group
paid the owners of the CMRAs in those locations to forward incoming mail, including checks
representing payment of alleged fraudulent claims, to Miami/Dade County area mail drop
boxes. The investigator explained that insurance companies know Miami is a “hot spot” for
health care fraud activity and are less suspicious of claim payments going to addresses
outside the Miami area. Mail drop boxes in other states were also tied to this group.


Use of Corporate Bank Accounts and Individuals to Transfer Money

In the cases we reviewed, fraudulently obtained funds were transferred in a variety of ways.
Checks received at mail drop box locations and funds received electronically through billing
companies were deposited into bank accounts that had been set up in
(1) the names of the corporations, the subjects, the associates, or coconspirators or
(2) fictitious or assumed names. Subjects then moved the money by cashing the insurance
checks, writing checks to cash or individuals from bank accounts where insurance checks
were deposited, and transferring funds between various corporate and individual bank
accounts. Subjects sometimes used family members, friends, or associates in other countries
to help them transfer their proceeds. In one case, a factoring company deposited claim
payments electronically into bank accounts controlled by the subjects. According to an
official of the New Jersey State Attorney General’s Office, Medicaid Fraud Section, money
laundering is the end result of most health care scams. Law enforcement officials find that



Page 13                                      GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

assets are placed out of the government’s reach before the fraud is discovered and
documented and that money is sometimes moved out of the country.


In the North Carolina Medicare case, for example, the leader of the group opened corporate
bank accounts in the names of two individuals to whom he had paid $100,000 apiece for the
use of their identities. He then transferred funds between bank accounts, with the majority
of funds ultimately negotiated in the form of business checks to fictitious individuals. He had
the checks shipped in blocks to family members and friends in Mexico via Federal Express
and cashed by accomplices at banks in Mexico, including a Casa de Cambia (money
exchange) where bank representatives converted the checks to U.S. and Mexican traveler’s
checks for a 5- to 8-percent fee. After deducting 10 percent for themselves, the accomplices
shipped the remainder of the traveler’s checks to the subject in the United States via Federal
Express. The traveler’s checks were subsequently spent or deposited to business or personal
bank accounts. According to investigators, one of the subject’s relatives in Mexico had a
friend who worked in a Mexican bank. The friend would cash checks regardless of whose
name was on them. In the same case, some of the funds sent to Mexico were converted to
jewelry that was brought to the United States and resold by the group leader from his home.


In the Florida Medicaid case, the leader of the group paid family members and friends,
including some he met while serving time in prison, to cash checks for him. In two of the
Florida private insurance fraud cases, the leaders of the groups opened bank accounts in the
names of legitimate, uninvolved providers, including a physician and four medical clinics
whose names were used on allegedly fraudulent claims.


In another Florida private insurance fraud case, subjects deposited insurance checks to
approximately 40 corporate bank accounts and then wired the money to European locations,
through investment accounts. In the same case, an insurance official stated that her
insurance company received cancelled insurance checks that had been cashed at a bank in
Europe.


One subject in the Florida Medicare case directed his wife to send $4.5 million overseas. The
money was then transferred back into the United States through an alleged mortgage fraud
scam involving politicians in Florida. Subjects in this case would not cooperate with
government officials who were trying to determine the disposition and location of the ill-
gotten proceeds.


Legal Actions Often Ineffective in Halting Fraud

Legal actions against suspects do not guarantee that the criminal activity will stop. An
official of the New Jersey State Attorney General’s Office, Medicaid Fraud Section, stated
that organized criminal groups tend to be quite transient. He provided examples, unrelated to
the seven cases we reviewed, that demonstrate this point. In one case, suspects fled to
California and started new operations before they could be arrested for violations that had
occurred in New Jersey. In other cases, his office closed down New Jersey clinics only to
find out that the New York Medicaid Fraud Control Unit was investigating the same
individuals for different schemes.


Page 14                                GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

In the Florida Medicare case we reviewed, the subject conducted business from the federal
detention center while awaiting sentencing by using the detention center’s telephone system
and personal identification numbers assigned to other inmates. From the phone, he directed
his wife on how to run the health care fraud business in his absence.


In one of the Florida private insurance fraud cases, three indicted subjects are believed to
have fled the country and are considered fugitives. Investigators received information,
however, that indicates that this group continued to submit allegedly fraudulent medical
insurance claims from Panama through a freight-forwarding company in Miami, Florida,
which acts as a private mail facility and intermediary.


Impacts of Health Care Fraud Perpetrated by Career Criminal and Organized
Criminal Groups

Consumers pay increased health care costs as a result of health care fraud. Taxpayer
contributions support the Medicare and Medicaid programs, so all taxpayers are paying for
fraudulent claims paid by these programs. Also, additional health care costs to private
insurers are passed on to insured individuals through increased premiums. Finally, self-
insured companies risk going out of business when their health care costs become
overwhelming due to fraudulent claims filed.


Beneficiaries, whose names are used on fraudulent claims, acquire false medical histories
and risk exhaustion of their insurance benefits. Legitimate providers, whose identities are
used on fraudulent claims without their authorization, may experience a variety of problems,
such as delays in the payment of their legitimate claims, the receipt of IRS Forms 1099 for
income never received, suspension of their provider numbers, or unearned tarnished
reputations. Law enforcement officials find it difficult to keep up with this growing and
widespread form of fraud and are often unable to seize or recoup fraudulent proceeds that
are quickly moved out of their reach.


                                             -----




Page 15                                 GAO/OSI-00-1R Criminal Groups in Health Care Fraud
B-283695

As agreed with your office, unless you release its contents earlier, we plan no further
distribution of this letter until 30 days after the letter’s date. At that time, we will send copies
of this letter to interested congressional committees and will make copies available to others
on request. If you have questions concerning the report, please contact Assistant Director
Stephen V. Iannucci at (202) 512-6722. Special Agent Mary Balberchak was a key contributor
on this assignment.


Sincerely yours,




Robert H. Hast
Acting Assistant Comptroller General
  for Special Investigations


Enclosure




Page 16                                  GAO/OSI-00-1R Criminal Groups in Health Care Fraud
Enclosure I
                                  Scope and Methodology


During this review, we examined the details of seven investigations wherein criminal groups
representing themselves as legitimate providers fraudulently billed public and private
insurance systems for medical services and equipment not rendered or not medically
necessary. The investigations concerned fraud or alleged fraud committed in Florida, North
Carolina, and Illinois with, in some cases, ties to other states and included two cases
primarily involving Medicare, two cases primarily involving Medicaid, and three cases
primarily involving private insurance systems, with some of these cases involving both public
and private insurance systems. We selected these cases because they involved fraud and
alleged fraud encompassing public and private insurance, different parts of the country, and
significant dollar amounts in terms of fraudulent and allegedly fraudulent claims filed and
paid and the significant number of victim beneficiaries.


We also interviewed federal and state law enforcement officials from the Federal Bureau of
Investigation; Internal Revenue Service; U.S. Postal Inspection Service; Florida Division of
Insurance Fraud; Office of the Florida State Attorney General/Medicaid Fraud Control Unit;
Office of the New Jersey Attorney General/Medicaid Fraud Section; and State of
Illinois/Medicaid Fraud Control Unit.


In addition, we interviewed officials of a private insurance company, including a health care
fraud investigator, as well as two beneficiaries and two doctors whose identities were used
on fraudulent claims without their authorization or knowledge. Further, we reviewed case-
related and public-record documents and reports, as well as reports and statistical
information relating to this type of health care fraud.


We conducted our review from August 1998 through September 1999, in accordance with
quality standards for investigations set forth by the President’s Council on Integrity and
Efficiency.




(600487)


17                                     GAO/OSI-00-1R Criminal Groups in Health Care Fraud