CHICAGO (Reuters) - What's in seniors' wallets? Most likely, a Medicare card that leaves them vulnerable to scams and fraud.
It's a peculiar anachronism in this era of digital insecurity: Social Security numbers are printed on every Medicare card, and the back of the card instructs seniors to carry it with them at all times. (Medicare's identification number is called the Health Insurance Claim Number, but your HICN is your Social Security number.)
If a card falls into the wrong hands, the result could be identity theft and fraudulent benefit claims submitted to the Medicare system on your behalf. While the federal government has recognized the risk for years, and bills have been introduced in Congress to compel removal of the numbers, nothing much has happened.
The problem extends beyond Medicare cards. For example, the Medicare Summary Notice that is mailed to beneficiaries quarterly also displays the full HICN. In 2010 and 2011, more than 13,000 notices - which list the services you've received - were mailed to the wrong addresses because of a printing error by a government contractor, according to the Office of Inspector General at the Department of Health and Human Services.
No federal or law enforcement agency tracks data on Social Security number theft from Medicare cards, but the problem is widely acknowledged. On Wednesday, the Department of Health and Human Services announced that it recovered a record-high $4.3 billion in fiscal 2013 from attempted fraud schemes directed at Medicare and other federal health insurance programs.
"What I hear from law enforcement is that it's rampant," says Sally Hurme, project adviser in health education and outreach at AARP, which has been urging Congress to pass legislation mandating removal of Social Security numbers from Medicare cards.
The Centers for Medicare & Medicaid Services (CMS), which administers Medicare, acknowledges that Social Security numbers should be removed from Medicare cards. But in a statement, CMS said it would be an expensive fix. The agency also says it can't move unilaterally, but would need to cooperate with the Social Security Administration and other agencies.
CMS depends on more than 200 IT systems, according to the U.S. Government Accountability Office. CMS estimates it would cost $255 million to $317 million to fix the problem, according to a GAO report. That's just the direct cost to the federal government, and doesn't include the expense for physicians and other healthcare providers to adjust their systems, or the cost to the states. (CMS uses HICN numbers to share data with state Medicaid programs.)
The George W. Bush administration ordered all federal agencies to eliminate unnecessary use of Social Security numbers in 2007. The Department of Veterans Affairs and Department of Defense have removed the numbers from ID cards they issue, and other federal employees' health ID cards no longer display the number.
States were required to remove Social Security numbers from driver's licenses as part of broader federal anti-terrorism legislation passed in 2004 (the Intelligence Reform and Terrorism Prevention Act), although many had already done it by then.
PROTECTING YOUR NUMBER
Unfortunately, the problem isn't likely to be solved anytime soon. Consumer advocates offer these tips for keeping your Medicare card out of the hands of fraudsters.
-- Don't carry the card. AARP suggests that beneficiaries ignore, for now, Medicare's guidance to carry their cards at all times. It's unnecessary in most cases, it says.
"Most healthcare providers have their patients in their electronic systems and know how to bill them," says Hurme. "But if you really don't feel comfortable not having it with you, then make a photocopy and scratch out all but the last four digits, and carry that instead. That should be enough to meet their billing protocols."
Hurme adds that many seniors worry that they'll need their cards in an emergency. "We often get the questions about what happens in the event of a heart attack, or a fall on the sidewalk or a car accident," she says.
"But emergency personnel can't refuse to provide care until you show an insurance card. It's true that you'd need to come up with billing information before leaving a hospital, but that doesn't mean you won't receive care."
Despite Medicare's insistence that seniors keep their cards with them at all times, the Social Security Administration cautions beneficiaries not to routinely carry their cards "or other documents that display your number," in a guide to identity theft prevention (1.usa.gov/1ccg0sa).
-- Give the number in advance. If you make an appointment with a new healthcare provider, provide your HICN over the phone, suggests Leslie Fried, director of the National Center for Benefits Outreach and Enrollment at the National Council on Aging. "It really shouldn't be necessary to carry your card into the doctor's office in this day and age," she says.
-- Review your Medicare summary. Your quarterly summary notice lists all procedures and services you have received under Part A (hospitalization) and outpatient services (Part B). If you see something that isn't familiar, it could be a sign your identity has been breached. AARP offers an online guide to decoding summary notices (bit.ly/1hskiuv).
CMS has identified two possible fixes, according to the GAO report - replacing the HICN with a new identifying number or masking the first five digits of the SSN for display on Medicare cards. Either would suffice, but there's no sign of action.
"At a time when 10,000 baby boomers are becoming eligible every day for Medicare, it's time to begin the process of fixing this," says Fried.
For more from Mark Miller, see link.reuters.com/qyk97s
(The opinions expressed here are those of the author, a columnist for Reuters.)
(Follow us @ReutersMoney or here. Editing by Douglas Royalty)