To investigate this story, reporters analyzed records for 131,000 medical providers in Ohio in a database maintained by the Centers for Medicare and Medicaid Services. Reporters compared that database to the listed addresses of UPS Stores, and found more than 100 matches. They then researched each one to find dozens of medical practices claiming to operate out of a mailbox. In addition to this being against the rules, it also is a red flag for fraud, and reporters found several doctors who said their identities were stolen. Similar research performed by the Atlanta Journal Constitution last month found 131 matches in metro Atlanta, including cases of medical identity theft.
It took a call from the Dayton Daily News for Dr. William Carey to learn that he was CEO of a Columbus medical practice he had no idea even existed.
Clues contained in a database of medical providers maintained by the Centers for Medicare and Medicaid Services pointed toward Carey Care Group Inc. being a sham. One was location: Carey lives in northeastern Ohio and he works for the Cleveland Clinic.
More importantly, it would be a tight squeeze to accommodate patients because the company’s address, 1601 W. 5th Ave., Suite 119, is a mailbox.
A Daily News investigation found that dozens of medical providers in Ohio have registered with CMS by using nothing more than a mailbox as their address, even though government officials know it’s part of a common scheme used to steal from taxpayers and private companies.
Billing Medicare for fake medical services can be lucrative, and it contributes to waste, fraud and abuse in the government-run health care program, costing taxpayers up to $98 billion a year. Last May, the leaders of one fraud ring were sentenced to prison after they used fake storefronts and UPS Store boxes to bill Medicare for $48 million in Ohio and across the country.
“Medicare fraud schemes that involve the use of medical identity theft can have a devastating impact not only on the Medicare program itself, but the lives of the people who depend on the services Medicare provides,” federal agent Lamont Pugh III said at the sentencing in Cleveland.
In some instances, like the Cleveland case, scammers steal the identities of doctors and create fake businesses to bill Medicare for nonexistent services. In response to questions about the company bearing his name, Carey said this had happened to him.
“I am not the CEO of Carey Care Group, Inc., and have no connection to any such company,” Carey wrote in an email. “I am deeply concerned that I have been fraudulently cited as the CEO of a company about which I have absolutely no knowledge.”
Springfield doctor Kenneth Cardlin also told the Daily News his identity was stolen.
Someone named Armen Sarsenbay registered “Gardlin Med. Group Inc.” in September 2010, listing Cardlin as the CEO while misspelling his name. Both state and federal documents list the practice’s location as a UPS Store in Columbus. Sarsenbay registered Carey Care Group the same day.
Cardlin said an investigator working for Medicare informed him of the fake business a couple years ago, but he was surprised to learn that Gardlin Med. Group still has an active provider number in the CMS registry.
“It gives me concern that it still exists. I need to make sure there’s no consequences for me. I need to find out if I need to take any actions,” Cardlin said. “It does surprise me. I’d never thought of identity theft as a physician.”
Drop box scheme
Using UPS stores to defraud Medicare is often part of what federal investigators refer to as a “drop box scheme.” It involves setting up fake offices, often using a mailbox as an address, and stealing doctors’ and patients’ identities to bill the government for fake medical services.
Unlike post office boxes, addresses for UPS stores and other private mailbox companies look like real offices on paper because they list a street address with a suite number.
“The scheme you’re talking about has been a popular scheme for years, not just in Medicare but in private insurance as well,” said Louis Saccoccio, CEO of the National Healthcare Anti-Fraud Association. He calls them “phantom providers.”
While the ruse can be complicated, in some cases it can be rather simple to detect. This newspaper found 29 Ohio medical providers in a database maintained by the Centers for Medicare and Medicaid Services that claimed to provide medical care out of a mailbox. Reporters cross-referenced addresses in the CMS database with UPS Store locations, called the listed phone numbers and researched why companies had listed their locations as a mailbox, something people registering medical companies are not allowed to do.
CMS officials, who declined an interview, issued the following statement:
“In order to bill Medicare, providers must list a physical address. If a provider tries to enroll with a P.O. Box as their physical location, their enrollment will be automatically denied. Over the last several years we have stepped up our efforts to fight Medicare fraud and we are continuing our work to crack down on anyone who tries to steal from seniors and taxpayers.”
CMS officials are aware of the loopholes involving private mailboxes and are taking steps to close them, they said.
While most companies identified by this newspaper appear legitimate, some showed red flags for fraud. For three companies, it appeared that the doctors listed as CEOs had their identities stolen. They were registered to mailbox companies in Columbus.
This list consists of companies connected to Carey, Cardlin, and John Gerace, a Cleveland-area family doctor who did not return messages for this story. According to CMS, Gerace is the CEO of JPG Tech Corp., a Columbus-based doctor’s office. The company was registered by someone named Olga Teplukhina on the same day Carey Care Group and Gardlin Med Group were registered. Teplukhina has been tied to doctor identity fraud in Georgia, according to the Atlanta Journal Constitution.
One man, 6 companies, 5 mailboxes
One man using the name Jose Carlos Rios Betancourt has three different medical supply businesses licensed to three different UPS stores in the Toledo area. This is more than anyone in Ohio.
Rios Betancourt is also listed with CMS as CEO of two medical companies in Michigan and one in Georgia. The Michigan businesses are licensed to two different UPS Store boxes. The Georgia location’s address is a suburban Atlanta strip mall. An internet search of that business name, Norcross MC Inc., turns up nothing but the CMS data. That company is a family medical practice, according to state filings.
Locating Rios Betancourt or his medical offices proved to be difficult. Calls to the listed phone numbers for the businesses yielded disconnected numbers, no answer or someone claiming it was a wrong number. A man with that exact name reached at Chicago number listed in public records as connected to Rios Betancourt told reporters he believed his identity had been stolen.
Rios Betancourt did leave a paper trail of business records across the country.
An Internet search could not find a physical location for any of these businesses. Business filings in other states included someone by the same name with medical businesses in Florida and New York.
State records show Rios Betancourt incorporated his Ohio businesses in September 2008, altering his signature each time. For instance, when registering J.R. Medical Center Corp., Rios Betancourt signed his name as “Jose C. Rios Betancourt.” The business is registered at 5700 Monroe St., Suite 120-379 — a range entirely assigned to a UPS Store in Sylvania, Ohio.
Around the same time, Rios Betancourt registered another business called Rios Medical Supply, located at a UPS Store in Toledo, using the name “Jose Carlos Rios B,” state records show.
Two months later, Rios Betancourt registered two more medical businesses to UPS mailboxes in the Monroe, Mich., area, about 20 miles north of Toledo.
Ryan Stumphauzer, a former federal prosecutor in Florida who tried numerous Medicare fraud cases, called the companies connected to Rios Betancourt suspicious.
“All those facts in conjunction would clearly arouse the suspicious or at least interest of any reasonable prosecutor or regulator,” he said.
Feds pay, then chase
There is a second, more stringent screening process medical providers must go through to enroll in the system used to bill Medicare. CMS said that just because a fraudulent company gets on the medical provider list, it doesn’t mean it is billing Medicare.
Stumphauzer, the former federal prosecutor, said that doesn’t mean they won’t.
“I guess Medicare’s approach to that is they’re not stealing money yet,” Stumphauzer said. “That’s like (seeing) a bank robber pacing outside the bank, and saying, ‘I guess we can wait until he goes inside and pulls a gun, or I guess we can do something now.’ ”
None of the companies identified by the newspaper were as of September 2012 enrolled in that second-level billing system, according to oandp.com, a medical services industry website.
But it’s not clear if they have been paid in the past — that information is private.
Even without billing, fake companies could still commit Medicare fraud by using their registration number to approve bogus medical services for another company that is enrolled in Medicare’s billing system, experts said.
CMS officials say the primary purpose of the provider database reviewed for this story is to help facilitate electronic transmissions, but they’ve taken efforts to strengthen fraud prevention.
CMS is enhancing its screening process by validating all 1.5 million Medicare suppliers and providers. It says it has deactivated or revoked close to 50,000 enrollments nationwide.
But fraud experts say more up-front screening of medical providers is needed. They refer to the system, which emphasizes paying doctors quickly so they are willing to take on Medicare patients, as “pay and chase” — pay now, then chase fraudulent providers later.
Criminals have taken advantage of that.
“Medicare typically pays claims prior to scrutinizing their validity,” federal prosecutors wrote in a 2010 court document filed in California as part of a Medicare fraud case. “In many cases, Medicare ultimately detected the fraudulent nature of the phantom clinics, though in some cases only after paying out hundreds of thousands of dollars worth of claims.”
Bogus Medicare claims billed to taxpayers in that case included an ear, nose and throat doctor billing for a pregnancy ultrasound; a dermatologist billing for a heart test; an opthamologist billing for a bladder test; and a psychiatrist billing for an MRI, prosecutors wrote.
Saccoccio said CMS has made strides in using data analysis to screen out fraud and stepping up site visits to make sure medical practices are not empty storefronts or UPS stores, especially in “high risk” companies such as home health agencies or medical equipment suppliers.
But these efforts are just getting started, he said, and it’s too early to see if they’ll be effective.
“It’s really important that CMS really screens folks coming in the program,” Saccoccio said. “They’re doing a better job of that, but I think it’s going to take a little time before the effects of that are as apparent as they should be. The extent you can get to this stuff earlier rather than later is better.”
Staff writers M.B. Pell and Ken McCall contributed to this story