Medicare doles out more than $600 billion a year to health care organizations. Specific fraud statistics range but estimates suggest $20 billion is going toward fraudulent claims.

The Medicare ID card is paper, has the owner’s Social Security number printed on it and bears no real security features. Congress requested that the Government Accountability Office look at how the U.S. Office of Health and Human Services and the Centers for Medicare & Medicaid Services (CMS) might use electronically-readable cards to reduce fraud as well as open up use of the credential for other purposes.

The report considered mag stripe and bar codes but spent the most time on smart cards.

During the past five years, there have been other efforts to get CMS to consider issuing smart cards to beneficiaries. Before the GAO report there was language in a House of Representatives bill that asked the secretary of Health and Human Services to consider a smart card implementation. “It’s not a mandate but it put it on the secretary’s radar,” says Kelli Emerick, executive director at the Secure ID Coalition. There are also rumors that a bill might be submitted that would mandate the use of smart cards for Medicare recipients.

The GAO report examined which electronically-readable cards could be used in Medicare and evaluated functions, features, benefits and limitations of each. It also reviewed steps CMS and Medicare providers would need to take to implement and use electronically-readable cards and explored lessons learned in other countries.

The GAO analyzed the capabilities of the cards for three key proposed use cases:

• authenticating beneficiary and provider presence at the point of care
• electronically exchanging beneficiary medical information
• electronically sharing beneficiary identity and insurance information with providers and even populating electronic forms and systems.

Using electronically-readable cards for patients and providers at the point of care would seemingly eliminate a significant portion of Medicare fraud. Surprisingly however, that fraud might not be mitigated due to policy issues within CMS. In response to the GAO report, CMS stated that they would continue to pay claims regardless of whether a card was presented by the beneficiary.

The GAO also looked at bar codes, mag-stripe and smart cards as options for electronic media. The report found that all of the cards could be used for authentication, storing and exchanging medical information and conveying beneficiary information. The crucial difference with smart cards, however, is their ability to process data. This enables them to provide higher levels of authentication, and to better safeguard information than cards with magnetic stripes and bar codes.

Germany and France have both implemented smart cards for health care services and the GAO looked at their programs as examples.

In 2013 in France, 50 million citizens used a beneficiary card and more than 300,000 health care providers used a health care provider card as part of a national health care service. Transactions involving both a beneficiary and a health care provider smart card accounted for 90% of France’s health care claims.

In 2014, 70 million German citizens used a smart card provided to beneficiaries as their health insurance card.

---

Related articles:

Smart cards could curb some Medicare fraud Smart Health Cards: HIPAA and Beyond Card technology in healthcare: HIPAA and beyond