Proposed federal legislation calls for creating three pilot projects to test using smart cards, similar to the chip cards being rolled out by the credit card brands in the U.S., for Medicare patient identification in hopes of helping to reduce fraud.
But unlike the credit cards, which use a signature to further authenticate the user, the new generation of Medicare ID cards under the proposed pilot projects would require users to enter a PIN as an additional security step, explains Kelli Emerick, executive director of the Secure ID Coalition, an alliance of smart card manufacturers and other technology companies.
Versions of the Medicare Common Access Card Act of 2015 have been introduced in the House and the Senate. Among other things, the legislation aims to reduce the potential for identity theft and other unlawful use of Medicare beneficiary identifying information, Emerick says in an interview with Information Security Media Group.
The legislation comes in response to President Obama in April signing a bill that provides $320 million in funding to remove Social Security numbers from Medicare beneficiary ID cards within the next four years (see SSN to Disappear From Medicare Cards).
Federal watchdog agencies, including the Government Accountability Office, have for years been recommending that the Department of Health and Human Services remove Social Security numbers from Medicare cards in an effort to fight fraud (see GAO Weighs Benefits of Smart Cards). While HHS had concurred with those recommendations, the agency had stated that it lacked funding to update the cards.
A recent GAO report notes that as of May 2014, HHS was aware of 284,000 Medicare beneficiary numbers that had been compromised and potentially used to submit fraudulent claims.
The GAO also estimates that $187 billion in improper payments governmentwide will be made this year, Emerick notes. Of that waste, 48 percent is attributed to Medicare.
"We really need to be doing something to shore up Medicare systems to make sure payments are going to legitimate [healthcare] providers for legitimate services that are being provided," she says. The proposed Medicare pilot program "would test that how we can start doing that by creating better accountability with the provider and beneficiary."
The chips in Medicare smart cards would store identification information about the beneficiary. The cards would replaced the current paper Medicare cards that display Social Security numbers.
Chain of Trust
"What this would allow Medicare to do is electronically verify that the beneficiary actually saw their provider, their doctor," Emerick says. In the current system, she notes, "there is no authentication process that happens between the beneficiary and the provider office that's giving them the [healthcare] service, or in some cases medical equipment or prescriptions."
The proposed Medicare chip cards would help "create the chain of trust, that 'yes, we definitively know that this Medicare beneficiary saw this provider, and these transactions were performed,'" she says. "So, we can pay the provider more quickly and we definitely know that this is a legitimate transaction."
In the interview (see audio link below photo), Emerick also describes:
- How the proposed pilot program might work, and the technology needed by healthcare providers to process transactions using the new chip cards;
- How the proposed legislation, if signed into law, could eventually fuel more secure payment systems also being deployed in the private health insurance sector;
- How the new cards could help reduce the threat of identity theft for senior citizens.
Emerick is the executive director of the Secure ID Coalition, an industry group devoted to protecting identity through secure solutions that enhance user privacy. She has more than 20 years of public policy experience, and is a member of the Identity Ecosystem Steering Group, a public-private partnership established by the National Institute of Standards and Technology to promote more secure and privacy-enhancing identity credentials as guided by the National Strategy for Trusted Identities in Cyberspace.