In 2015, 21st Century Oncology, the largest global provider of integrated cancer care services, experienced a data breach that affected more than 2.2 million patients and employees. In December 2017, the company agreed to pay a $2.3 million fine to the Department of Health and Human Services (HHS) for the data breach. (Keep in mind, this does not begin to include the costs for forensics, data restoration, notification, possible business interruption, etc.)
Taking this a step further, 21st Century Oncology has recently settled misbilling and illegal self-referral allegations. There have been numerous whistleblowers within 21st Century Oncology that have come forward on this matter speaking out against the bonuses being paid to physicians for bringing in patients. The practice of incentivizing physicians for self-referrals is illegal and in violation of Stark Law. Long story short, it’s been determined that over $8 million was spent on incentives to physicians for self-referrals. When it’s all said and done, 21st Century Oncology is expected to pay over $50 million to settle combined breach and billing fraud investigations.
We encourage all healthcare entities to consider coverage that will pay out in the event they have to endure a RAC audit, violate the Stark Law, or are found to have committed medical billing errors.
Medicaid and Medicare billing errors in particular have become a focus for federal regulators. In 2016, investigations by the U.S. Accountability Office and Office of Inspector General revealed Private Medicare payment errors totaling $16 billion and Standard Medicare payment errors totaling $41 billion. This was really the start of a larger focus on medical billing fraud and errors, forcing entities like HHS to begin taking them more seriously and take punitive action.
It’s important to note that healthcare entities can be audited and fined not only because of intentional fraud, but also as a result of innocent billing system errors. Unintentional billing errors are common and can result in large fines if discovered by regulators.
The misbilling portion of this should further support companies presenting RAC audit coverage, which is a coverable loss via insurance. INSUREtrust represents several products designed to cover things like Stark Law violations and regulatory proceedings for this exact reason.
The product can be offered standalone, as well as combined with the cyber, and we can place higher limits as well. If you’re interested getting a quote for cyber insurance or learning more, call us today at 1-888-WEBRISK.