Victimized Provider Project

Image Depicting Identity Theft

Victimized Provider Project

Providers, don’t be held liable for overpayments for claims paid that are a result of identity theft.

Here’s how to spot signs of identity theft and protect yourself.

Image Depicting Identity Theft

Victimized Provider Project

Providers, don’t be held liable for overpayments for claims paid that are a result of identity theft.

Here’s how to spot signs of identity theft and protect yourself.

Each year, Medicare providers have their identities stolen and used to bill Medicare for services, diagnostic tests, or medical equipment that was never provided or not medically necessary. When persons or entities inappropriately bill Medicare and receive payment using a provider’s stolen identity, the legitimate physician or provider may be held liable for any overpayments.

In essence, legitimate providers whose Medicare numbers have been stolen may be victimized twice:

  • When their identity is actually stolen and used to bill Medicare.
  • When they face the financial repercussions of the theft.

A legitimate provider in this situation might receive demand letters for recovery of overpayments, have debt referrals made to the Department of Treasury, or be issued a tax form 1099 for funds that they never received.

Image Depicting Identity Theft Alert

Victimized Provider Project

CMS’ Center for Program Integrity (CPI) works with providers who claim to be victims of identity theft, and who have suffered financial liabilities in the form of Medicare overpayments or debts, through the Victimized Provider Project (VPP). This program attempts to validate and remediate a provider’s claims as an identity theft victim. We want to ensure that no provider is re-victimized through the wrongful assignment of debts.

Image Depicting Identity Theft Alert

Do you think your identity has been stolen?

1. Contact your Unified Program Integrity Contractor (UPIC). The UPIC is the CMS fraud contractor that handles investigations on behalf of Medicare.

  • Find your UPIC.
  • Inform them about any suspicious activity you’ve noticed, such as beneficiaries indicating that your information is on their Medicare Summary Notice (MSN) without receiving treatment, or if you’ve received a demand letter from the MAC stating you are responsible for overpayments you never received.
  • Find your MAC.
  • Inquire about any recent changes to your Medicare enrollment, if any, and verify if you made those changes.

2. Respond to any inquiry from the UPIC. Part of their investigation is to interview the provider. Once you’ve verified their credentials, complete the interview as requested.

3. Report any suspected ID theft to the police.

Common Scenarios That Indicate Your Identity May Have Been Stolen:

Image of People Making Phonecalls

Your office receives calls from beneficiaries asking why their MSN shows that you billed Medicare for services when they have not been to your clinic and have not been treated by you.

Make sure you take down the beneficiaries’ names if this happens. Providing this information to your MAC will help them investigate.

Image of a Letter

You receive a demand letter from the MAC stating that you are responsible to pay back Medicare overpayments for services which you neither billed nor received any Medicare payments.

Be sure to inform your MAC when you contact it that you did not provide these services and that you think your ID was stolen.

Image of Checks

As a retired provider, you see a deduction on your Social Security checks. The Treasury Department informs you that the deduction was for Medicare debts that were referred to them by the MAC related to overpayments registered under your Medicare enrollment, but you are not aware of any overpayments while practicing medicine.

Image Depicting Fraud Investigation

A fraud investigator from the UPIC representing CMS calls you and wants to interview you regarding an identity theft matter.

If this happens, ask for their name and contact information and verify their credentials, by contacting the UPIC Point of Contact (PDF). Once you’ve verified their credentials, complete the interview as requested.

Image Depicting Physician

Attention Retired Physicians

If you are a retired physician not planning to submit any more claims to Medicare, there are several steps you should take to prevent your identity from being used for fraudulent purposes by other people. Call your respective MAC and inquire about procedures for terminating your enrollment to protect it from any misuse by unauthorized persons. Find your MAC.

Interested in Learning More?

Please be aware that provider identity theft is different than beneficiary identity theft. You can learn more about how people involved with Medicare can protect themselves on Medicare.gov.

Stay Up to Date with CPI

Connect with CPI as we host or attend various events throughout the year, join our mailing list to stay informed on Program Integrity news, or find the most appropriate vehicle to report suspected fraud, waste, or abuse.

Page Last Modified:
09/06/2023 04:51 PM