Medical Identity Theft: Texas Criminal Defense of Health Care Fraud Charges

Posted on July 31, 2020 by Michael Lowe.

In Texas, both state and federal law enforcement are keenly focused upon the investigation and prosecution of all varieties of health care fraud, which can result in serious prison time upon conviction. From a criminal defense standpoint, this investigatory zeal into the medical industry is of serious concern in part because of its impact long before formal charges or an arraignment. For many people, the mere suspicion or accusation that they have been involved in some type of medical fraud can be life-altering and result in permanent harm to their personal and professional lives. For more, read our earlier discussions in:

Targeting health care fraud in Texas is a major undertaking for both state and federal authorities. It is considered to include a wide-ranging area of criminal enterprise, involving all sorts of activities corresponding to the medical industry. Right now, The Texas Attorney General’s Office describes health care fraud prosecutions as most commonly involving either: (1) Health Insurance and Medical Billing; (2) Medicare and Medicaid Fraud; (3) Home Health Care Fraud; and (4) Drug Fraud and Abuse.

However, in 2020, changing circumstances are shining a light on a specific type of health care fraud due to the Coronavirus Pandemic. Criminal defense attorneys who represent those suspected or accused of health care fraud must accordingly be prepared for an increase in these types of defense representations.

COVID-19 and Rise in Medical Identity Theft

This particular type of health care fraud that is getting more and more local scrutiny during the Coronavirus Epidemic involves a form of identity theft. See, “Security Experts Warn of Elevated Threat of Medical ID Theft during Coronavirus Pandemic,” written by Alanna Autler and published by CBS-DFW on June 22, 2020.

COVID-19 has exposed the vulnerabilities of medical information stored by all sorts of health care professionals, from hospitals to local emergency care clinics and area practitioner’s offices. Medical identity theft involving data breaches of medical information stored online is a growing area of Texas health care fraud investigations.

HIPPA Encryption Issue

What’s happening? For one thing, there is no federal mandate for personal information contained in medical files to be encrypted under the Health Insurance Portability and Accountability Act (“HIPPA”). Encryption is not mandatory. As explained by the Department of Health and Human Services (“HHS”):

“Is the use of encryption mandatory in the Security Rule?

“ Answer: No. The final Security Rule made the use of encryption an addressable implementation specification. See 45 CFR § 164.312(a)(2)(iv) and (e)(2)(ii). The encryption implementation specification is addressable, and must therefore be implemented if, after a risk assessment, the entity has determined that the specification is a reasonable and appropriate safeguard in its risk management of the confidentiality, integrity and availability of e-PHI. If the entity decides that the addressable implementation specification is not reasonable and appropriate, it must document that determination and implement an equivalent alternative measure, presuming that the alternative is reasonable and appropriate. If the standard can otherwise be met, the covered entity may choose to not implement the implementation specification or any equivalent alternative measure and document the rationale for this decision.

However, a careful reading of the fine print in the HHS answer suggests that encryption should happen. Notice within this response the use of the word “addressable” which requires encryption if a “risk assessment” finds that encryption to be “reasonable and appropriate” precaution to protect the confidentiality, integrity and availability (CIA) of medical information. If things are not encrypted, then the doctor, clinic, hospital, etc., must document “the rationale for this decision.”

Given the option, a great many health care providers are not encrypting their medical files. Health insurance companies, likewise, are notorious for storing trillions of bytes of personal medical information without opting for the protection of encryption. Read, “Encryption Not Required of Health Insurance Companies,” written by Jaime White and published by LifeLock.

What is Medical Identity Theft?

HHS defines “medical identity theft” as the theft or use of “a patient’s personal information (like your name, Social Security number, or Medicare number), to submit fraudulent claims to Medicare and other health insurers without your authorization.”

4 Scenarios for Medical Identity Theft

However, fraudulent medical identity theft is much more complicated than this definition. Researchers have found four main scenarios for medical identity theft:

An uninsured individual uses someone else’s personal health information (“medical identity”) in order to get medical care;
An individual wants to keep his personal health information private for personal or professional reasons, so he or she uses someone else’s personal health information (“medical identity”) to get medical care;
An individual uses someone else’s medical information to get prescription drugs for his or her own recreational use or for distribution to others; and
An individual poses as a health care provider and uses someone else’s medical information (“medical identity”) to submit fraudulent health insurance reimbursement claims.

See, Lindgren, Stephanie (2019) “Identities in Critical Condition: The Urgent Need to Reevaluate the Investigation and Resolution of Claims of Medical Identity Theft,” Mitchell Hamline Law Review: Vol. 45 : Iss. 1 , Article 11, page 50.

What is taken in Medical Identity Theft?

All sorts of personal and private information may be found and allegedly used for illegal purposes in a medical identity theft case.

1. PII – Patient Information

Essentially, medical identity theft can involve any type of Personally Identifiable Information (“PII”), which has been defined by the U.S. General Services Administration (OMB Memorandum M-07-1616) as:

“…. information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available – in any medium and from any source – that, when combined with other available information, could be used to identify an individual.”

A. Health Care Data

Of course, individual health care and medical insurance files can have all sorts of private facts and figures. Medical identity theft can include things directly related to physical or mental health such as details of:

Past and present health conditions and diagnoses;
Height, weight, blood type, allergies, age, etc.;
Drug prescriptions and medication histories; and
surgery, anesthesia, and rehab records.

B. Financial Information

Files kept by hospitals, doctors, clinics, insurance carriers, human resource offices, etc., will also have all kinds of information that pertains more to the financial circumstances of the patient, policyholder, or employee than to their health condition. Medical identity theft can also involve the following personal data:

Insurance coverage details;
Birth date;
Bank account identification numbers;
Credit card identification numbers; and
Social Security Administration identification numbers.

For more, read “Healthcare Data Hacking Could Lead to Identity Thefts,” written by Linda Carroll and pubished by Reuters on September 23, 2019.

2. Health Care Providers

Hackers are also known to access and sell information related not to patients but to health care providers. Buyers are able to use this data to impersonate a doctor, for example, including DEA licenses, medical diplomas, and more, enabling them to sell either prescription drugs or to market prescriptions for others to take to the pharmacy for filling.

For more, read: “This Is How Hackers Make Money From Your Stolen Medical Data,” written by Charlie Osborne for Zero Day and published by ZDNet on June 5, 2019.

Illegal Use of Personal Medical Information: Profitable Fraud

Accessing the personal health data and medical file information of one or more individuals is the first step in medical identity theft. The crux of criminal charges involves how this personal information is used.

While the researchers have recognized the four above types of medical identity theft, law enforcement will likely focus efforts on those who are accessing the private information for a large numbers of individuals in order to make a profit. This usually involves collecting payments from health insurance companies or from prescription drug sales.

Health care providers may be targeted in investigations where they are suspected of filing fraudulent insurance claims for profit. Here, the hospital (doctor, dentist, pain clinic, etc.) may be accused of filing bogus claims or filing inflated claims, where reimbursement is requested from the health insurance carrier for procedures that were never performed.
Suspected drug dealers may be targeted by law enforcement for lucrative, voluminous medical identity thefts as well. This is because medical identity thefts are a known vehicle used to purchase a variety of prescription drugs using stolen insurance information or other PII which are then sold alongside illegal drugs at a tremendous profit.

According to the Federal Bureau of Investigation (FBI), one of the most common health care fraud scams using medical identity theft involves the following (quoting from the FBI’s site):

Providing an inducement, such as money or a gift, to beneficiaries to visit a location (normally medical clinics) where identities are obtained when the patient signs in;
Obtaining patient information when patients obtain a free screening, a method frequently seen at health fairs;
Inducing medical personnel with access to patient insurance information to copy the material and provide it to those involved in fraud schemes; or
Purchasing the information from others involved in fraud, including owners of fraudulent companies and marketers of stolen patient and physician billing information.

In today’s Coronavirus Pandemic, the federal government also warns of medical identity theft tactics tied to concerns over exposure to COVID-19. The HHS has issued a public warning that “scammers are offering COVID-19 tests to Medicare beneficiaries in exchange for personal details, including Medicare information.”

Here, medical identity theft involves “fraudulent telemarketing calls, text messages, social media platforms, and door-to-door visits,” with the stolen PII used to fraudulently bill Medicare or Medicaid.

Texas Penal Code §32.51 and Medical Identity Theft

Texas Penal Code §32.51 (“TPC”) prohibits the “Fraudulent Use or Possession of Identifying Information,” which encompasses allegations of Medical Identity Theft under Texas law. Anyone arrested by state authorities for identity theft involving personal medical information will face charges based upon this statute, as well as any others that the prosecutors decides to include (or stack) against him or her.

What types of information can form the basis of Medical Identity Theft charges?

Under TPC §32.51, “identifying information” means information that alone or in conjunction with other information identifies a person, including a person’s:

(A) name and date of birth;

(B) unique biometric data, including the person’s fingerprint, voice print, or retina or iris image;

(D) telecommunication identifying information or access device; and

(E) social security number or other government-issued identification number.

When is it against the law to use this personal medical information?

As for the actions undertaken with this medical information, TPC §32.51 defines it to be a criminal act when “the person, with the intent to harm or defraud another, obtains, possesses, transfers, or uses an item of:

(1) identifying information of another person without the other person’s consent or effective consent;

(2) information concerning a deceased natural person, including a stillborn infant or fetus, that would be identifying information of that person were that person alive, if the item of information is obtained, possessed, transferred, or used without legal authorization; or

(3) identifying information of a child younger than 18 years of age.”

Help for State Proving their Case: Fraud is presumed under TPC 32.51

What about motive? The legislature has helped the prosecution with its burden of proving the motivation of the accused in TPC §32.51. Here, the statute provides that “… the actor is presumed to have the intent to harm or defraud another if the actor possesses:

(1) the identifying information of three or more other persons;

(2) information described by Subsection (b)(2) concerning three or more deceased persons; or

(3) information described by Subdivision (1) or (2) concerning three or more persons or deceased persons.

However, this presumption does not apply to “a business or other commercial entity or a government agency that is engaged in a business activity or governmental function that does not violate a penal law of this state.”

Sentencing for Medical Identity Theft under TPC §32.51

Conviction for violation of TPC §32.51 constitutes a state jail felony if the conviction is based upon less than five (5) pieces of identifying information. This means a sentence of up to two (2) years in a Texas state jail along with a maximum fine of $10,000.

The punishment escalates to a felony of the third degree if the number of items obtained, possessed, transferred, or used is five or more but less than 10; a felony of the second degree if the number of items obtained, possessed, transferred, or used is 10 or more but less than 50; and a felony of the first degree if the number of items obtained, possessed, transferred, or used is 50 or more.

For more on the severity of punishments under Texas law for various levels of felony convictions, read our earlier discussion in “Will You Go to State Jail or Texas Prison? The Importance of Plea Negotiations.”

Restitution to the victim, including lost income, can be ordered as well. Also, the punishment will be enhanced to the next higher category if it is proven at trial that (1) the offense was committed against an elderly individual (as defined by TPC §22.04); or that (2) the actor fraudulently used identifying information with the intent to facilitate an offense under Texas Code of Criminal Procedure Art. 62.102.

Criminal Defense of Medical Identity Theft Health Care Fraud Charges

Medical Identity Theft may be prosecuted by either federal or state prosecutors. In Texas, any individual arrested and charged for Medical Identity Theft can face potential felony charges with the possibility of several years’ imprisonment in a Texas facility along with orders to pay restitution and fines.

For anyone who suspects that they are being investigated for medical identity theft, it is imperative to aggressively defend against these suspicions as soon as possible. Personal reputations and professional livelihoods can be irreversibly harmed by the mere gossip or innuendo of a medical identity theft charge and the earlier there is experienced criminal defense advocacy involved, the better.

After an arrest for Medical Identity Theft, it is important to implement individualized criminal defense strategies to minimize punishment through plea negotiation as well as challenging the veracity of the case as a whole as compiled by either the local District Attorney or U.S. Attorney General’s Office. See, e.g.:

_____________________________________

For more information, check out our web resources, read Michael Lowe’s Case Results, and read his in-depth article,” Pre-Arrest Criminal Investigations.”

Posted on July 31, 2020 by Michael Lowe , on Arrest and Indictment, Fraud Charges, Health Care Fraud, InDepth Articles

View More Case Results

Comments are welcomed here and I will respond to you -- but please, no requests for personal legal advice here and nothing that's promoting your business or product. Comments are moderated and these will not be published.

About Michael Lowe

Find Him On:

With more than 150 jury trials under his belt, Michael Lowe has strong and varied courtroom experience.

View His Biography

R R 2 months ago

My special needs families, listen up! If you find yourself in the shocking and surreal world where your adult child's behaviors related to IDD and mental health trauma are treated as criminal, Michael Lowe is who you call. When I was calling around initially, I found so few lawyers who understood or even cared to try to understand my son's disability and I felt so uneasy talking to them. I can not put into words the level of panic and fear racing through me during this time of utter shock and bewilderment as to the fact it was even happening! But then I spoke to Michael, and I immediately felt peace and knew by his kindness that he understood and I finally felt heard, and I felt hope. Our first meeting with Michael, he put my son with Down syndrome at ease and assured him everything would work out. As a single mom, his empathy and compassion towards my finances were also appreciated as he charged me a flat fee only, and our case took 2.5 years to complete. The goal was always to have the case dismissed and Michael accomplished that goal. My son has now been treated for his mental health, is healing from his trauma and is leading the life he was meant to have. We could not be be more grateful to Michael for his genuine compassion, generosity, gifted strategy and brilliant efforts in insuring this outcome. I never in a million years thought my family would go through something like this, and I had zero awareness until now that our special needs community needed an advocate for our adult kids who suddenly land in the criminal justice system. Since this experience, I have met other families in similar situations with less favorable outcomes and realized even more so how not only valuable, but imperative Michael Lowe and his services are to our community. I hope by writing this review, other families are able to get the help and successful outcome that we did from having Michael Lowe in our corner.

...

Cesar Ruiz 3 months ago

This guy went above and beyond my expectations. I was burnt out from 2 previous lawyers before him who only sweet talked me and didn’t do a single thing for me. Michael did the opposite, he under promised and over delivered!!! He helped me on a case that very few lawyers had hope for! Words can’t explain the level of gratitude I have for this man. He truly is one of the best in his field. I have so much respect and love for this man now! Thank you Michael!

...

Rogue Print 5 months ago

I had a complex legal question crossing two State's and Federal jurisdictions.

I contacted 11 Lawyers in two states for help. Some of the Lawyers specifically said they dealt with these situations on their website. 10 of those Lawyers would not even consider the case.

Michael Lowe took up the issue and PROMPTLY provided real legal advise for my circumstance. He researched and personally advised me with the applicable law and appropriate course of action. Even though he could not be retained and get paid, because he does not practice where I have to file, This Man helped out of the goodness of his heart, He did not have to. He got nothing out of it. But he did it anyway. There are so few people out there that are willing to help someone else.
I am so very grateful for him!

...

Liosvel Vazquez 6 months ago

Mr Lowe is the best on what he is doing.. he resolved my case really fast. Super thankful.

...

Sales M7 7 months ago

Michael represented me on a federal case. I came to Michael at the lowest point in life after removing my previous counsel. Michael & I met for an hour and it kind of felt as a good fit from the beginning hence I retained his services. He was empathetic and listened.

During representation we spent countless hours talking about my case to fine tune our strategy and were able to find a solution. He spent all this extra time without asking for any extra fees. I will always be thankful and grateful for what he has done for me. He really went above and beyond to help me.

Thank you, Michael!

...