People who receive Medicare are among the latest targets of a scam in which criminals illegally obtain personal information and use it to steal millions of dollars from the federal government by filing fraudulent tax returns, authorities say.
Federal agents are receiving reports that employees at medical offices and Medicare claims processing businesses are using or selling private patient information to thieves. The thieves are using the information in a type of fraud that has exploded in the Tampa area in the past year and is believed to be a multi-billion-dollar drain of the federal treasury nationwide.
Authorities say the crooks are looking for new sources of personal information, turning to medical businesses, insurance companies and even government sources such as drivers' license offices and possibly even the Social Security Administration.
Medicare records are now being targeted because Medicare account numbers contain Social Security numbers, said Ryan Lynch, who is in charge of the Tampa office of U.S. Health and Human Services Office of Inspector General, the federal agency tasked with investigating Medicare fraud.
But Medicare is far from the only source of personal information.
"There is not one person in the community that's immune from being caught up in this scam as a victim," said Sal Augeri, the Tampa police detective who is leading the department's investigation into tax refund fraud and who testified Tuesday before a U.S. Senate subcommittee on the subject. "If you've been to a doctor's office, if you have a driver's license, if you've been to any kind of medical facilities, your information is out there."
While most of the personal information appears to be coming from existing employees who have access to such information and are being solicited by street criminals, there are also some reports of crooks trying to get jobs at companies where they will have direct access to that kind of information, investigators say.
Augeri said police recently stopped a suspect who had ledgers and paperwork with instructions on how to submit fraudulent tax returns. That suspect also had "a listing of potential businesses to apply for a job at or businesses that he had already applied at, but the specific intent was to have access to the databases for the personal identifiers."
The potential jobs on the list included openings at both medical and insurance offices, Augeri said.
Local attorney L.T. Lafferty said he represents corporate clients who have asked him to investigate reports of employees stealing client or customer information. He said he's interviewed some employees who have told them they were solicited by people they knew who offered to share the proceeds of tax fraud in exchange for client information.
Lafferty said some of those found to be stealing information had recently been hired.
"Based on internal investigations for corporate clients I have and employees I've spoken to, they have told me they've been solicited for information," said Lafferty, who would not disclose the identities of his clients. "They're targeting companies for employment to steal information…These people are telling me how prolific it is out on the street."
"I wouldn't want to alarm people and have them think that everyone who has access to their information is going to misuse that or sell it or do something inappropriate with it, but they should be aware that there's always a possibility," Lynch said.
Lafferty said criminals tend to seek out the elderly in this type of scam. "They're considered to be easier targets," he said. That can be because they're "more willing to give personal information on the telephone… more trusting or the sheer number of them in the state of Florida or the likelihood they haven't filed tax returns yet."
Some people think they can't be victimized by this kind of crime because they aren't due refunds or don't have to file tax returns. Or they think the thieves need their financial information, such as employer names and income amounts, to file for a refund.
But Augeri said the thieves don't use the victim's financial information. They fabricate income amounts and deductions and can file for "refunds" even in the names of people who don't file tax returns. Some of these people have found themselves the subject of an inquiry by the IRS, which wants them to account for the refunds obtained in their names or the dollar amounts put in tax returns filed in their names.
Sandra Engel, 66, said she didn't understand why the thieves would target her because she and her husband, Ken, 68, weren't expecting a big refund.
But when they tried to file their tax return at the very beginning of this year's tax season, they learned someone had already filed in her name.
"We're low income, we live our Social Security," she said. "Why would someone steal our Social Security numbers?"
Engel, a Medicare beneficiary, has been in four hospitals in Miami and three hospitals and a rehabilitation facility in Manatee County in the last year, and she suspects one of those places is where her information was stolen.
Engel said she was told the fraud could delay their refund for as long as two years. They planned to use the money to fix their computer and get new carpet.
Lynch said people in the healthcare industry have a legitimate need to access patients' personal information.
"We trust those people to do the right thing," he said. "Unfortunately, sometimes people abuse that trust. And what we're seeing are people in the healthcare industry with a legitimate reason to see Medicare beneficiaries' information, who take that information and sell it or unlawfully disclose it."
And it's not just medical facilities.
"You also have to consider there are a whole host of other people who have legitimate access to your Medicare number," Lynch said. "Think of the, for example, contractors, people who pay your claims, people who process the claims, they also see your Medicare identification number…A rogue employee, potentially, could have access to the identities of hundreds of thousands or millions of Medicare beneficiaries. That's why this is such a very critical matter. This is why we're taking it so seriously."
Augeri said information can also be taken by cleaning crews or people who look in trash bins - anyone passing through an office where such information is kept.
Lafferty said companies need to be careful in their hiring and also that they create and enforce strict policies about access to employee information.
Some companies don't permit cell phones near computers where sensitive customer information is kept, he said, but when those polices aren't enforced, employees can use the phones to photograph screens of information. "You have to be vigilant about the policies and procedures," Lafferty said.
"I think employees that are caught tampering with that, there needs to be some serious ramifications," Augeri said. "The bottom line is in the 21st century, fraud is the crime now."
WHERE TO TURN
To report information about any kind of Medicare fraud, call 1-800-HHS-TIPS, or go to stopmedicarefraud.gov.