EDITOR’S NOTE: Edward Roche, in association with RACmonitor, is writing a series on the need for U.S. healthcare facilities to protect themselves from cybercriminals demanding ransoms for patient records. This is the seventh installment in the series.
Cybercrime is on everyone’s minds these days, even when there is a Medicare fraud takedown like the one we just saw in response to the opioid epidemic. We would be hard-pressed to identify a contemporary case without cyber evidence. There always are things left behind – electronic footprints – that become an integral part of a case.
In order for our government to search a computer system as part of a criminal investigation, a court order or warrant must be obtained. It is a question of privacy. The protections afforded by the Fourth Amendment apply to computer disk drives in the same way they applied to the homes of the Hessians during the Revolutionary War.
But is that the case for Medicare fraud? Are healthcare claims records private? Generally, the answer is “no.” Why?
The standard that protects the citizenry from improper government surveillance and data searches is “the expectation of privacy.”
This is a loosely defined term, applicable in a number of situations. But when a provider submits its claims to get paid and these claims find their way into the information systems of Medicare, the data becomes government property. So, there is no expectation of privacy for Medicare claims data. That means that anything a provider does automatically is open for inspection.
Not only does all Medicare claims data become available for snooping once it leaves your information system, but when you recheck your contract with the government, you will see that you have already signed away your rights. Absolutely nothing you do can be confidential, as far as the government is concerned.
Sophisticated algorithms and big-data techniques are used to find outliers to be targeted. For example, the recent U.S. Department of Justice (DOJ) takedown started when the government analyzed all prescriptions written for opioids. It then is a minor matter to identify those providers associated with the highest number of opioid claims.
Hacking Changes the Balance of Power
Today’s hacking epidemic is changing the healthcare environment and twisting inside-out the world of cyber prosecution. We know, for example, that malware viruses can be altered so that they look like they are coming from somewhere else. U.S. malware can be dressed up as Russian malware, or Chinese malware can be made to look like it originated in the United States.
What are the practical implications of this? For one thing, it makes it more difficult to definitively pin the blame on any particular party. This called the attribution problem. Much of the fraud also takes place behind the computer security systems designed to protect. Instead, they shelter.
In Medicare, we have a similar situation. Hackers can steal information, but they also can alter it.
We likely will see the day when the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) goes after a provider, claiming massive amounts of computer fraud, and the defense will be not that the accused didn’t do it, but that someone else did by hijacking their information system.
If this begins to happen, then there is risk that prosecutions will be thrown into chaos.
Here is the guiding question: Even if the filed claims in question originated from your system, can you be 100 percent sure they all are yours? The answer is “no.”
The reality is this: There is no healthcare provider than can be completely sure every claim they submit truly originated in their system. And no prosecutor can be sure either.
In the last seven months, UnitedHealth Group (UHG) has been racked by devastating events, from the massive cyberattack on Change Healthcare in October to the
In its Contract Year 2026 Medicare Advantage and Part D Final Rule (CMS-4208-F), the Centers for Medicare & Medicaid Services (CMS) addressed ongoing confusion about
Please log in to your account to comment on this article.
Stop revenue leakage and boost hospital performance by mastering risk adjustment and HCCs. This essential webcast with expert Cheryl Ericson, RN, MS, CCDS, CDIP, will reveal how inaccurate patient acuity documentation leads to lost reimbursements through penalties from poor quality scores. Learn the critical differences between HCCs and traditional CCs/MCCs, adapt your CDI workflows, and ensure accurate payments in Medicare Advantage and value-based care models. Perfect for HIM leaders, coders, and CDI professionals. Don’t miss this chance to protect your hospital’s revenue and reputation!
Struggling with ICD-10-CM coding for diabetes and complications? This expert-led webcast clarifies complex combination codes, documentation gaps, and sequencing rules to reduce denials and ensure compliance. Dr. Angela Comfort will provide actionable strategies to accurately link diabetes to complications, improve provider documentation, and optimize reimbursement—helping coders, CDI specialists, and HIM leaders minimize audit risks and strengthen revenue integrity. Don’t miss this chance to master diabetes coding with real-world case studies, key takeaways, and live Q&A!
Uncover critical guidance. HIM coding expert, Kay Piper, RHIA, CDIP, CCS, provides an interactive review on important information in each of the AHA’s 2025 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.
Uncover critical guidance. Kay Piper provides an interactive review on coding guidelines and more in the AHA’s fourth quarter 2025 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 ICD10monitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
This Memorial Day, we honor those who gave all for our freedom. Take 20% off sitewide through May 31 with code MEMORIAL25 at checkout
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
