And Internet-enabled employee relationships help perpetrators hide much of their handiwork.
“The overall numbers have likely increased in recent years as workers in such traditional industries as construction, trucking, and stagecraft have been joined by a growing cadre of ‘on-demand workers,’ who often get their assignments via the Internet,” says the report.
At least 10 to 20 percent of employers misclassify workers and the crime is growing, the report says. Misclassifying workers can illicitly reduce workers compensation premiums, taxes and other expenses. Lying that high-risk roofers are low-risk desk clerks is one dodge. Mislabeling fulltime employees as independent contractors also lowers staff size and payroll, thus reducing premiums.
Misclassified workers are being discovered in almost every economic sector. Schemes are especially common in housecleaning, in-home care, construction and trucking.
New “sharing-economy” businesses also are emerging misclassification threats because it is hard to determine how autonomous their workers are.
About one-third of construction workers in Southern states such as North Carolina and Texas have been misclassified.
Atlanta stagehands for concerts produced by Live Nation, a company listed on the NYSE that has held shows for such artists as Billy Joel, have been misclassified as independent contractors by a staffing firm.
And roughly 20,000 employees allegedly were misclassified by CrowdFlower, a San Francisco startup that breaks down digital jobs such as data entry.
Many employees, however, feel too intimidated to bring complaints. Businesses should consider having third-parties bring the complaint for aggrieved workers.
“[A] worker center, other civil society organization, or union (even when the worker is not part of the bargaining unit) could be empowered to report instances of IC misclassification to state unemployment insurance officials or wage and hour divisions, as well as to workers’ compensation boards,” the report urges.
“The risk is that the definition of employee may be narrowed down and be of little benefit to many of the workers currently affected by misclassification,” the report concludes.
Fake injuries, illnesses put small businesses on alert for fraud
Nearly one of four owners also installed surveillance cameras to monitor employees on the job, and one of five feel unsure how to identify comp scams. More than half of business owners agree these are fraud flags:
• Employee has a history of claims (58 percent);
• No witnesses to the incident (52 percent);
• Employee didn’t report the injury or illness in a timely manner (52 percent); and
• Injury coincides with a change in employment status (51 percent).
Other flags include an employee using a false SSN, having previously undisclosed injuries or medical conditions, or having a permanent total disability claim with total medical costs of less than $500 over a 12-month period.
“There is no silver bullet when it comes to identifying claim-related workers compensation insurance fraud. Instead, you’re looking for a pattern of events or multiple indicators that suggest something may be amiss,” says Ranney Pageler, vice president of fraud investigations at Employers.
Healthcare cyber attacks have spiked, study says
Nine of 10 healthcare businesses have experienced cyber attacks, which have surged to become the leading sources of health data breaches.
Criminal attacks have spiked 125 percent since 2010, and most healthcare organizations are ill-prepared to fend them off.
Cyber thieves are pummeling the information-rich healthcare sector because patients’ personal information, credit information and protected health information are stored in one place. This unlocks their personal identities.
Personal healthcare data thus sells for up to $50 per name on the streets because of the high profits from fake health claims.
Stolen credit cards can be quickly canceled, so the information sells for just a few dollars on the black market.
Caught in the ID gold rush are hospitals, clinics and healthcare providers — plus “business associates” such as patient billing, health plans, claims processing and cloud services.
Most breaches involve web-borne malware attacks. Over the last two years:
• 91 percent had at least one data breach;
• 39 percent experienced two to five data breaches; and
• 40 percent had more than five data breaches.
The fallout can be significant:
• Data breaches cost the healthcare industry $6 billion annually; and
• A breach costs the average victim health entity $2.1 million.
Breaches also catch many healthcare organizations unready and by surprise, Ponemon says.
• Half of all healthcare organizations have little or no confidence they can detect all patient data loss or theft;
• More than half of healthcare organizations believe their incident response process needs better funding and resources;
• One-third lack a process for responding to breaches; and
• Most have yet to perform a risk assessment for security incidents despite a federal requirement to do so.
Medical ID theft nearly doubled in five years, from 1.4 million adult victims to more than 2.3 million in 2014. Yet nearly two-thirds of healthcare organizations offer no protection services for patients whose information was breached, Ponemon says.
“The information accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, including income data,” Anthem said at the time. “We have no reason to believe credit card or banking information was compromised.”
Survey: Fraud is a multi-tasking menace
Scams cross multiple industries, more than four of five anti-fraud professionals have found during investigations.
And more than 75 percent would use data from other industries in cases they’re investigating. Nearly half also use data analytics to combat fraud, with budget as the primary deterrent to greater use.
The study comprises 400 anti-fraud professionals from insurance, financial services, retail, healthcare, government and communications. Organized crime rings increasingly multi-task, the Coalition also has observed. A given ring might bilk Medicare and credit card firms, launder money and deal in drugs.
Some rings also lodge bogus claims across multiple lines of insurance. A ring that fleeces Medicare might also chase auto insurers with phony claims for treating phantom whiplash. The Healthcare Fraud Prevention Partnership is working to uncover rings that scam across lines, and better determine the trend’s extent.
“Fraud occurs along the customer continuum and across many industries. By leveraging cross-industry data and analytics-based solutions, fraud mitigation professionals can be better equipped to detect and combat fraud,” the survey says.
Removing SSN from Medicare cards will bolster ID security
Medicare is removing the notorious Social Security number from member cards to reduce abuse of the cards by medical ID thieves.
President Obama signed the move into law this year, affecting more than 50 million benefit cards. Finishing the project will cost $320 million, which Congress has salted away for the job.
HHS plans to replace the SSN with “a randomly generated Medicare beneficiary identifier,” though the details are being worked out.
Congress was motivated by the spread of electronic health records and a rash of recent cyber attacks, including the Anthem breach.
The threat of medical ID theft will grow rapidly with tens of millions of Baby Boomers reaching Medicare-eligible age 65 over the next several years.
Some of the fraud-fighting benefits:
• Authenticating identities of beneficiaries and medical providers at the point of care;
• Conveying beneficiary identities electronically;
• Electronic sharing of insurance info with medical providers; and
• Electronic exchange of medical info.
Smart cards “could provide substantially more rigorous authentication than cards with magnetic stripes or bar codes, and provide greater security and storage capacity for exchanging medical information,” the report says. Resistance to the expensive and complex project must be overcome for adoption to become a federal and private-sector priority.
“For all the potential uses, Medicare providers could incur costs and face challenges updating their IT systems to use the cards,” the GAO says.
Removing the SSNs comes at a time of growing Medicare pushback against crooked medical providers, many of whom use stolen IDs to lodge false treatment and equipment claims.
Medicare supposedly has kicked out thousands of dishonest medical providers. Yet one in five evictees still are billing and making money from state Medicaid, the public healthcare program for the poor. So says an investigation by the news service Reuters.6
Some 32 states and D.C. paid Medicaid at least $79 million to 269 of the 1,800 providers after they were booted.
But the data is incomplete, and payments to banned providers could easily reach hundreds of millions of dollars. The Affordable Care Act requires states to suspend billing privileges of most providers “terminated” by another state or Medicare.
About the author: Jim Quiggle is communications director of the Coalition Against Insurance Fraud