Tag Archive for Fraud

Virginia’s Identity Verification to Reduce Fraud and Increase Efficiency in Shared Services

A technology project that started with a focus on Medicaid will soon produce Virginia’s first enterprise shared service for e-government applications. Called the Commonwealth Authentication Service (CAS), the new system will offer a way for any Virginia agency to manage the identities of people who do business with state government online.

Virginia agencies already take advantage of shared services for internal functions like email, employee identity management and data storage, said state CIO Sam Nixon (pictured above). But CAS is breaking new ground. “This will be a shared service, state-of-the-art identity management that will be citizen facing.”

CAS got its start about two and a half years ago, as Virginia’s Department of Motor Vehicles (DMV) started making plans to buy a set of Oracle Corp. identity management tools.

“That’s quite a powerful suite to have for just one agency,” said David Burhop, the DMV’s deputy commissioner and CIO. As fortune would have it, though, another state department also needed those capabilities.

Virginia’s Department of Health and Human Resources (HHR) was gearing up to comply with the new federal health insurance law, which meant implementing new technology to manage its Medicaid programs and determine eligibility. That system required an identity management component — a system to ensure that when John Doe applied online for benefits, the government could trust that he actually was John Doe.

And officials at HHR didn’t just want their new eligibility system to work for Medicaid; they wanted to use it for a broad spectrum of programs dealing with health care, hunger, disabilities, child care and other issues.

Sharing the same back-end technology would let HHR’s agencies also share information, said William Hazel, Virginia’s secretary of health and human resources. “If someone’s applying for benefits in multiple programs, you don’t have to put the same data in multiple times.” Additionally, if they spent less time entering data, employees could operate more efficiently, he said. “That allows us to use our workforce to be more problem-solving for individuals and families and help hook them up with solutions for their particular needs.”

As the department began planning for its new identity management system, the DMV — the state’s identity management expert — became a natural partner.

HHR bought the enterprise service bus, rules engine and data management tools that the DMV had been planning to purchase, Hazel said. “We essentially gave them to our DMV and said, ‘OK, you develop it.’” So a team led by staff at the DMV got to work on CAS.

Money to purchase the tools and create CAS came largely from a pool of federal funds designed to help states develop the Medicaid Information Technology Architecture. In 2011, the U.S. Office of Management and Budget decided that when states used this funding to develop systems for their Medicaid programs, other state organizations could use those systems as well, as long as they paid a share of the operating costs. That opened the door for Virginia to stretch the benefits of CAS — and the costs of its ongoing operation — across multiple state organizations.

“It doesn’t make sense to the commonwealth to say only health agencies can use it,” said Aaron Mathes, Virginia’s deputy secretary of technology. “We want other agencies to be able to authenticate against the database and use the algorithms that we develop.”

Hazel agreed: “The goal is to create a tool for the commonwealth without having to have a separate tool in every agency.”

Although Virginia developed its Commonwealth Authentication Service (CAS) mainly to support citizen applications, state agencies also can use it to manage identities of employees from other jurisdictions who do business with the state.

An example is the Office of Comprehensive Services (OCS), a branch of Virginia’s Department of Social Services that supervises local governments in implementing services to at-risk youth. These services receive combined state and local funding.

Local governments use several online applications to report expenditures to the state for reimbursement. OCS needs assurance that the individual who logs on to submit such a report is authorized to do so, said OCS Executive Director Susan Cumbia Clare.

The current authentication system isn’t very sophisticated, Clare said. ”We’ve had issues with folks sharing logins or passwords. We [can’t] ensure that [those] who are logging in are actually the individuals who are authorized.” Better controls on who can submit and certify financial information will reduce the opportunity for fraud, she said.

The authentication service could also help OCS ensure that client information is only accessed by authorized individuals, Clare added.

Within CAS, authenticating local government employees will be the same as authenticating private citizens, said David Burhop, CIO of the Virginia DMV, which is leading CAS’ development. ”CAS isn’t written specifically for any one application or function. It’s an authentication engine that integrates with any agency application that can consume Web services and securely pass the required data back and forth.”

While CAS will determine whether a local government employee who presents herself online actually is who she says she is, it won’t determine whether that employee can view or use particular data, Burhop said. ”Access will still be the responsibility of the organization using CAS.”

So in the future, for example, if a Virginia resident uses an online portal to register to vote, the State Board of Elections might use the shared service to verify that citizen’s identity, Mathes said. “While the [State Board of Elections] may keep a completely separate database of registered voters, that registered voter is verified based off the Commonwealth Authentication Service.”

In developing CAS, the DMV is using three levels of identity authentication assurance. Which level the system applies depends on the transaction a citizen needs to conduct.

A person who goes online simply to set up an account (Level 1) just has to provide information about him- or herself, including a name. “It could be Mickey Mouse; it could be anybody,” Burhop said. “They don’t do any verification there.”

But when a transaction requires two-way communication, CAS will verify the individual’s identity. It will obtain this Level 2 assurance by testing the person’s knowledge about information held by the DMV — asking him, for example, dynamic questions such as the make and model of his first car registered in Virginia. “We use that now for DMV, and it works quite well,” Burhop said.

Level 3 comes into play when a person transacts business on behalf of someone else — in a guardianship relationship, for example. At that level, CAS will use some form of two-factor authentication, such as a one-time password or a public key interface certificate.

Of course, not everyone holds a driver’s license: Probably 25 to 30 percent of Virginia residents aren’t in the DMV’s database, Burhop said. Non-drivers can obtain a state ID card from the DMV for $10. Residents who can’t or don’t want to buy that card can still apply for benefits or conduct other business with the state, Burhop said. But they’ll have to do it in person.

CAS is scheduled to start operating in October, when large numbers of Virginia residents become newly eligible to apply for Medicaid benefits under provisions of the Affordable Care Act. At that point, the Virginia Information Technologies Agency (VITA) will take over responsibility for CAS, providing it as a shared service.

In the long run, any Virginia state agency will be able to use CAS, in exchange for a fee. “VITA will develop a cost recovery model of some sort that will help defray the ongoing maintenance and operation cost of that service,” Nixon said. State officials are still working out how the service will be governed and how it will evolve.

Although other agencies have been asking about CAS, VITA isn’t soliciting new participants yet, Nixon said. “We’ve been holding them off somewhat, because we don’t want to distract from the initial and intended use by HHR, particularly since they’re paying for it.” Mechanisms to support other users on CAS will probably be in place by the first quarter of 2014, he said.

One potential mechanism is awaiting approval, though.* It’s an enhanced memorandum of understanding (E-MOU) that allows different agencies within Virginia to share data as needed for the operation of CAS. HHR developed the E-MOU, based on the federal Data Use and Reciprocal Support Agreement, first to allow data sharing among HHR, the DMV and VITA. The state’s attorney general has yet to approve the E-MOU, but once approved, any other agency can use CAS, Burhop said. “All they have to do is agree to it and sign it.”

Although VITA will operate CAS, the DMV will continue to maintain the data used to verify identities. Among other things, that puts new pressure on the department to keep its data current. “We will have to have real-time updates for anyone who comes in and gets an ID card or a driver’s license, especially those people specifically coming in so they can set up an account with the Commonwealth Authentication Service system,” Burhop said.

The advent of CAS could also earn the DMV a reputation as an agency concerned with more than drivers’ licenses and vehicle registrations. “It’s obvious that our mission is shifting to include not only public safety, but also identity management,” Burhop said.

As Virginia prepares to enjoy the benefits that CAS will provide, Nixon points out that these benefits are available in part because of the state’s centralized IT structure, including a single network to support all the executive agencies. “If we didn’t have that, and HHR was paying for that service by themselves and standing it up, it would be your typical siloed agency application that’s very difficult to share with anyone else.”

But with VITA operating the system on Virginia’s enterprise network, CAS can work as a cloudlike service available to all state agencies. “They will be able to avail themselves of that capability without having to make any kind of capital investment,” Nixon said. And HHR — the system’s original user — can enjoy its benefits without bearing the full cost for maintenance and operations, he said. “That will be shared with others. So everybody wins under that arrangement.”

*Editor’s note: the story was corrected to indicate that the E-MOU is still awaiting approval from the attorney general. The quote was corrected to attribute it to David Burhop.

View the original article here

Florida, LexisNexis Partner to Combat Public Assistance Fraud

Florida, the state with the highest per capita identity theft complaints, is experimenting with a new way to weed out potential fraudsters in its public assistance programs. If the federal government concludes that the program meets a civil rights review, then the model could spread to other states soon.

Florida is working with LexisNexis, a private company known for its digital archives of newspaper articles and legal documents, to pilot an automatic online identity authentication system for three types of public assistance: Medicaid, Temporary Assistance for Needy Families (TANF) and the Supplemental Nutrition Assistance Program (SNAP).

The Florida Department of Children and Families (DCF) currently receives 90 percent of public assistance applications online, which entails a manual review of applicants’ self-reported information across multiple databases and a follow-up phone call. The LexisNexis model functions more like online financial services in the private sector, where software verifies a person’s identity based on a few items of personal information.

LexisNexis, which won the three-year, $2.9 million contract from Florida, uses a database it’s compiled of 500 million unique American identities to vet applicants. The company cross references a range of biographical information, including social security numbers, residential addresses, incarceration records and death certificates. The screening is automatic and based on four multiple choice questions (randomly selected from a pool of 35 possible questions). If a person fails the test, he or she can apply again through the manual online process, by mail or in person.

“What we’re trying to determine is that the person does exist, that it’s not a made-up identity and that they’re who they say they are,” said Susan Vitale, deputy secretary for DCF.

Last year, Florida recorded 69,795 identity theft complaints, equal to 361.3 complaints per 100,000 state residents, according to a February report from the Federal Trade Commission. About 1.6 percent of nationwide identity theft complaints, the report said, involved government benefits applications.

So far, the Florida pilot program is on pace to save the state of Florida close to $80 million, which is $50 million more than originally projected. If successful, the pilot would mark an important turning point for the detection of waste, fraud and abuse within public assistance. Rather than recouping money from someone already exploiting the system, this would stop it “upfront, at the door and not [let] them in,” Vitale said. “That is a very big paradigm shift.”

The pilot started in seven counties in Central Florida in March, and will go statewide in June. Florida had to request a waiver from the U.S. Department of Agriculture (USDA) to use the automatic online software to screen for identity theft in federal food stamp applications. Federal evaluators are monitoring the pilot to make sure that protected groups under civil rights law, such as minorities, the disabled and people with limited English skills, are not intimidated or discouraged by the automatic online screening. Florida is required to report back to the USDA on the pilot’s impact on protected groups through customer surveys, the tracking of complaints, community feedback and changes to the total number of SNAP participation.

Identity fraud in public assistance is “certainly something that you would want to prevent [and] to the extent that you can make online applications more secure, it’s a good thing,” said Elizabeth Lower-Basch, a policy coordinator and senior analyst with the Center for Law and Social Policy. “You just need to make sure that it doesn’t create burdens for people.”

Because the LexisNexis identity screening technology is so new in the world of public assistance, policymakers aren’t sure how it will impact participation rates just yet. Many of the factors that determine whether someone participates in public assistance are related to state economic conditions and the profile of the applicant, such as a person’s age, gender, level of income and education.

But governments can also affect someone’s likelihood of seeking public assistance. Past studies of SNAP by Mathematica Policy Research have demonstrated that people enter SNAP at higher rates if state governments perform outreach, expand their eligibility definitions or ease income reporting requirements. Last year, Gov. Andrew Cuomo singled out fingerprinting in his State of the State address as a screening method that he believes discourages participation in New York City’s food stamps program. (Mayor Michael Bloomberg defended the program, arguing it’s the best way to cut down on fraud.) Whatever the reason, analysis from the Food Research and Action Center suggests that many families living in poverty in urban areas qualify for food stamps, but don’t take advantage of the benefits.

Vitale insists that Florida’s program won’t hamper people trying to access benefits. “The idea here is to detect the fraud upfront,” she said, “but it is not to prevent people from applying.” For her part, Vitale suggested the convenience of applying online and the prospect of shorter processing times might increase participation.

If Florida’s experiment appears to reduce fraud without turning away people who are actually eligible, then other states might copy the program. Vitale said she’s heard from state officials in Wisconsin, Michigan, Texas and Pennsylvania that are all interested getting the same waiver to try out identity authentication. “We’re happy to lead the way,” she said, “and hope that other states will follow.”

You may use or reference this story with attribution and a link to
http://www.govtech.com/health/Florida-LexisNexis-Partner-to-Combat-Public-Assistance-Fraud.html

View the original article here

Medicaid Fraud: Is it Worth States’ Time to Fight it?

Medicaid fraud has been a big problem for years, and as states ramp up for the Affordable Care Act’s Medicaid expansion deadline in 2014, it could become an even bigger one. More enrollees plus more providers equals more fraud potential. When estimates place the amount of Medicaid waste in 2012 at $19 billion for the feds and $11 billion in 2010 for the states, we’re talking real money. Can states really put a lid on fraud? And, more important, is it worth the cost to do so?


The first question can be answered by the Centers for Medicare & Medicaid Services, which recently compiled a list of “noteworthy picks,” or on-the-ground state policies that had succeeded at eliminating fraud. The answer to the second is a bit trickier. But the numbers from three states — California, Florida and New Jersey — suggest fraud prevention pays.


Let’s start with California. Lauded for its prevention measures, the state conducts a “Medi-Cal Payment Error Study” once a year to find patterns that would suggest fraud or waste. Bruce Lim, deputy director of audits and investigations for the Department of Health Care Services, calls the study “our road map.” It focuses on fee-for-service providers, and in 2009, the error study “showed about $1 billion in potential overpayments, which could include administrative and other errors,” Lim says. “Of that $1 billion, there is about $228 million in potential fraud.


“[We are] trying to stop the bleeding instead of the usual pay-and-chase model,” he says. The numbers suggest the state’s strategy is working. In fiscal 2011-2012, fraud prevention had a $445 million “positive impact” in areas such as overpayment prevention ($106 million), cost avoidance ($28 million), cost savings ($47 million) and recovery ($102 million). With a department budget of $75 million, that computes to a return on investment of about 6:1. Lim thinks he can do even better: “I know that with newer technologies and data mining we can do more.”


Florida’s approach is less high tech and more gumshoe. State officials conduct random, unannounced site visits for all kinds of providers, both before contracting with them and after. In one six-month period, officials visited 244 active providers and administered 175 sanctions. Overall, in fiscal 2010-2011 audit recoveries and cost avoidance amounts totaled $90.1 million, yielding an ROI of 6.8:1. “The value [of fraud prevention] is extraordinary,” says Kelly Bennett, Florida’s Medicaid fraud and abuse liaison. “Because we are out there visiting providers, we believe we increase compliance, which equates to cost savings.”


New Jersey has an initiative with the cool, spy-like moniker “Operation X.” The program tries to prevent individuals who have previously engaged in unethical or fraudulent practices from collecting Medicaid in the first place. The office matches information from a federal exclusion database against state wage and labor roles, says Mark Anderson, director of the Medicaid Fraud Division. “The feds give us access to their database, and we see if any of their folks have gotten any money whatsoever in New Jersey. Once matched, we assign an investigator to determine if that person worked at any place with Medicaid funding or services. If so, we seek to recover money from that individual and the places he or she worked, and if he or she was a provider, we try to recover the money.”


This one practice nets anywhere from 50 to 200 leads per month, Anderson says, and about 10 to 12 percent of those get investigated. Most cases settle; in total, Operation X sought or collected $970,000 between June 2009 and June 2011. That goes toward New Jersey’s fraud prevention bottom line, which in fiscal year 2011 totaled about $502 million in recovered and avoided payments on office costs of about $8 million, an ROI of about 6.3:1.


So does fraud prevention pay? As these three states show, it certainly can. The takeaway, however, may be in how its done.


This story was originally written and published by Governing magazine.

Identity Management: A New Way to Fight Health Care Fraud, Waste and Abuse

December 26, 2012 By Clint Fuhrman, National Director of Government Health Care Programs, LexisNexis Risk Solutions

Government health-care fraud, waste and abuse has been a major news story for the past year — and with good reason.

In 2010, the U.S. federal government issued $125 billion in “improper payments,” defined as overpayments, underpayments, inadequately documented payments and fraud. While there are many contributing factors, government agencies don’t always know who they’re dealing with, which can result in the wrong individuals receiving and/or providing benefits. Identity theft is the fastest growing crime in the U.S., and with 30 billion connected devices in use, it can be very difficult to ensure that personal information is kept private. 

When it comes to moving services online to streamline processes, reduce costs and increase convenience and efficiency, government has seized the moment. Unfortunately, the functionality that yields these benefits is what creates challenges for maintaining the integrity of the system.

That said, it is possible to leverage the Internet to its fullest potential, while mitigating negative outcomes. Take the Florida Department of Children and Families, which implemented online self-service portals to augment traditional channels. This move enabled the agency to improve its error rate to -0.5 percent, the best in the nation, while achieving a 250 percent boost in productivity. In fact, 95 percent of clients utilize the online system. Certainly these numbers are impressive, but how are they achieved?

The answer is a robust identity proofing management. Government agencies must invest in identity verification and authentication at the front-end of benefit administration. The right identity-proofing strategy must be anchored by robust master data management and rules-based solutions, as well as comprehensive identity management. This type of rigorous identity management involves two processes:

Verifying, through electronic or manual means, that an individual is who they say they are; andAuthenticating that identity through knowledge-based mechanisms, i.e. questions that only they can answer.

Employing this type of system enables government agencies to mitigate fraud, reduce improper payments, increase service delivery and efficiency, and address privacy concerns.  

Identity management requirements will vary from agency to agency depending on the mission. There is no one-size-fits-all strategy. The mission of a federal agency that provides disaster relief services is to ensure efficiency delivery of benefit payments to residents who have been displaced. This must be done while meeting strict regulatory requirements for timely payments, and maintaining processes that prevent fraud and improper payments. An agency has specific identity proofing requirements – functionality that is speedy and the ability to answer questions related to property ownership. In addition, in this scenario, the information needed at the beginning of the relationship, a simple “Who are you?” is different than the information required downstream, “Were benefits received?”

We can contrast the above scenario to the case of an agency providing retirement benefits. In this scenario, identity proofing is designed to improve customer service over repeat visits. Instead of requiring a user to repeat the same steps very time they log on, a “data minimization” process will be utilized so that the system only asks what it needs to know to facilitate the transaction. The first time an individual registers with an online retirement system, he/she will be asked to provide his/her name and ID number, and upon registering, will answer several knowledge-based authentication questions. During subsequent visits, interactions will be “fast-tracked” since the individual’s identity has already been proven. The system will perform an invisible check to confirm his/her identity using two-factor authentication, thus requiring less effort from the user while increasing efficiencies.

Regardless of the scenario, there are four technology fundamentals that should be encompassed by any comprehensive identity management solution: 

In the identity management process, data that is broad and deep is key to maximum results. The accuracy with which you can verify that individuals are who they say they are, and the percentage of the population that can be accurately verified, depends in part on the amount and variety of data your identity management system can access. Consider what you could do with data far beyond standard demographic information and what can be gleaned from a credit bureau check. Best-in-class solutions tap billions of public records that allow them to verify hundreds of millions of individuals and provide more interesting data better suited to knowledge-based authentication, such as the model of a car the consumer owned during a certain year. 

While data is necessary to create a robust identity management system, it is only meaningful if it can be leveraged to provide insights. It is essential to have the ability to link familial relationships to the identity of an individual that they have verified. In general, an identity proofing solution should be able to:

Locate data relevant to the identity being presented by your constituent;Match it with current constituent inputs, such as answers to knowledge-based questions, a voice or fingerprint, or a one-time pattern-based PIN;Normalize and fuse data to eliminate redundancies and improve consistency and efficiency for better real-time performance; andFilter and organization information into a multifaceted view that provides what you need to know for a particular transaction with confidence.

Analytics can provide further insight into data by detecting patterns of behavior, such as suspicious patterns of identity verification failure indicative of fraud or data integrity problems. Analytics can also be used to quantify identity risk by scoring the level of identity fraud risk associated with a particular transaction. The score will be given when your system’s rules and thresholds trigger an action; for benefits claims, these decisions would include things like accept, needs review, refuse, etc. This type of scoring provides an objective, consistent and reputable way of making complex decisions in a high volume scenario. By configuring rules within your identity management solutions, you enable it to make intelligent, dynamic decisions based on the information present and the level of risk you are willing to undertake.

Today’s business environment demands that organizations that engage in identity-reliant transactions ensure the security of the critical information that they collect. In addition to a high level of security, organizations also need an equal degree of flexibility to support a wide variety of organizational platforms and end-user devices. To accomplish this goal, it is best to choose an identity management solution that can provide services across various operational systems, channels and devices. They will also support many different ways for identities to be asserted, verified and authenticated, and can apply the appropriate degree of security based on the type of transaction. 

Due to the number of constituents they deal with on a daily basis, government agencies need to ensure that they are following best practices for identity proofing and using the most advanced solutions available to them. In addition, identities are often viewed at one point in time, but it is critical that agencies stay apprised of any changes to an individual’s status that may change his or her eligibility for benefits. Individuals will continue to try to perpetrate fraud and a robust identity proofing system is the best line of defense.

Clint Fuhrman is the National Director of Government Health Care Programs for LexisNexis Risk Solutions. Fuhrman joined LexisNexis in 2009 after serving as Deputy Secretary of the Florida Agency for Health Care Administration, where he helped direct agency strategy and operations in the areas of legislative affairs, communications, Medicaid policy, and health information technology.

Image courtesy of Shutterstock

You may use or reference this story with attribution and a link to
http://www.govtech.com/health/Identity-Management-A-New-Way-to-Fight-Health-Care-Fraud-Waste-and-Abuse.html

View the original article here

Cheap Jerseys Cheap Jerseys/ Cheap Jerseys Cheap Jerseys Cheap Jerseys Cheap Jerseys Cheap Jerseys Cheap Jerseys Cheap Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys Wholesale Jerseys