Feb. 2, 2021, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to alert financial institutions to health insurance and health care frauds related to the COVID-19 pandemic. These frauds target Medicare, Medicaid/Children’s Health Insurance Program (CHIP), and TRICARE as well as health care programs provided through the Departments of Labor and Veterans Affairs (collectively, health care benefits programs) and private health insurance companies.

Law enforcement and financial institutions have detected numerous instances of potential frauds related to health care benefits programs, health insurance and COVID-19 health care relief funds. Criminals are adapting known health insurance and health care fraud tactics to take advantage of the pandemic. The following are representative types of this illicit activity:

Unnecessary services: Ordering or submitting claims for expensive tests or services that do not test for COVID-19, oftentimes in conjunction with COVID-19 testing, such as medically unnecessary and expensive respiratory testing, allergy testing, genetic testing, narcotics screening or whole-body health assessments, or providing testing for services not usually rendered by the company.

Billing schemes: Billing for services not provided, or overbilling (e.g., upcoding or unbundling), when administering or processing COVID-19 testing and treatments.

Kickbacks: Paying service providers or purported marketing organizations an illegal kickback or bribe in exchange for ordering, or arranging for the ordering of, services and testing.

Health care technology schemes: False and fraudulent representations about COVID-19 testing, treatments or cures are used to defraud insurance carriers and to perpetrate fraud on the financial markets by defrauding investors.

Telefraud and telehealth schemes: Collecting beneficiaries’ personally identifiable information (PII), including Medicare information. Solicitors will often link their requests for information to COVID-19 treatment and prevention, such as testing or protective equipment. Fraudsters then submit fraudulent claims for payment from health care benefit programs. Fraudsters have also used the stolen PII to submit fraudulent telehealth services claims.

Fraudulently obtaining COVID-19 health care relief funds: Filing false claims and applications for federal relief funds, such as those provided under the Coronavirus Aid, Relief and Economic Security (CARES) Act’s Provider Relief Fund, the Paycheck Protection Program and Health Care Enhancement Act (PPPHCEA), or the Economic Impact Disaster Loan (EIDL) program, and the claim or application has a nexus to health care benefit programs.

Identity theft leading to additional fraud: Targeting beneficiaries for their PII and then using the stolen PII to commit COVID-19-related fraud against health care benefit programs.

To discern whether a health insurance fraud is COVID-19-related, financial institutions should assess whether the activity occurred around or after the Secretary of Health and Human Services’ public health emergency declaration of Jan. 31, 2020, and whether the underlying purported service relates to COVID-19.

FinCEN identified the financial red flag indicators described below to alert financial institutions to fraud related to health insurance and health care, and to assist financial institutions in detecting, preventing, and reporting suspicious transactions related to such COVID-19-related fraud. Such financial red flag indicators may include:

Additional, medically unnecessary services or billing schemes

1. After the COVID-19 public health emergency declaration, a health care service provider’s account receives or continues to receive: (1) health care benefit program or health insurance payments well above the provider’s estimated business transactions; or (2) payments at the same volume despite an expected diminished activity level during the public health emergency (e.g., a nonemergency medical transport company receiving higher than expected payments during stay-at-home orders).
2. A health care service provider’s account receives health care benefit program or health insurance payments beyond the expected type or volume of service, based on staffing and other characteristics of the business (e.g., processing COVID-19 tests when the medical facility does not typically offer diagnostic services, or the facility is processing a high volume of tests despite only employing a few medical personnel).
3. A COVID-19-related health care service provider’s business account has unusual transaction activities, such as payments for personal or medically irrelevant expenses (e.g., payments to automobile dealers, travel agents or retailers of luxury goods).
   
   
   Potential fraudulent businesses
   
   
4. Following the COVID-19 public health emergency declaration, personal or business accounts, especially ones that did not previously receive health care-related payments, begin receiving steep increases in health care benefit program or health insurance payments.
5. A purported health care service provider’s account receives health care benefits program or health insurance payments related to COVID-19 services, and then individuals immediately withdraw the funds in a manner that is not typical for health care businesses (e.g., cashier’s checks, cash withdrawals, certain types of Automated Clearing House (ACH) transfers, or domestic and international wire transfers).
6. After the COVID-19 public health emergency determination, a purported health care provider’s account does not receive small-dollar check deposits, payments from merchant fee servicers, or cash payments from patients who would indicate patient copayments. This may indicate the absence of actual business activity.
7. A newly formed health care business account has a volume or type of payment that seems inconsistent with expected levels of activity for such an account.
8. The physical location of a purported medical facility receiving reimbursements for COVID-19-related health care services or relief funds is nonexistent, a residential address, a commercial mail receiving agency address (e.g., a UPS Store address), or another nonoffice building address (e.g., A purported medical facility is listed as a laboratory, but the physical address is a vacant lot, car dealership, restaurant or retail store).
9. The purported laboratory, health care service provider, or medical service personnel or their counterparties appear to have a minimal web presence, or one that begins around the time of the COVID-19 public health emergency declaration.
10. Following the public health emergency declaration, the physical location of a purported medical facility receiving payments for health care services or relief funds is far from the physical location of the majority of its patients or the providers purported to be practicing there, unless the facility is providing appropriate telehealth services (e.g., a purported medical facility located in a western state receives payments related to patients residing on the East Coast).
    
    
    
    Kickbacks and money laundering
    
    
11. After the COVID-19 public health emergency declaration, a health care service provider’s or other business account begins having overly complex, medical-related transactions involving multiple counterparties indicative of possible structuring, layering, kickbacks or fraudulent medical claims.
12. A health care service provider’s account makes frequent or unusually large payments recorded as advertising or marketing expenses, or makes recurring round-dollar payments to one or multiple individuals in a manner inconsistent with its payroll-related withdrawals. The payments may reference “director fees,” “consulting fees,” “marketing,” or “business process outsourcing.”
13. A health care service provider starts receiving payments from laboratories and health care services companies, but there is no financial documentation (e.g., operating expense payments) that the provider rendered legitimate services. When questioned, the provider indicates that he or she invested in the company, and the payments are dividends or payments for services (e.g., a laboratory pays a physician for services related to a COVID-19 laboratory test). The tests, however, are not related to the physician’s specialization or do not normally require a physician’s involvement.
    
    
    
    Fraudulently obtaining COVID-19-relief funds
    
    
14. An account with no previous known association with providing health care services, receives an unexpected or excessive COVID-19-related payment that appears to be the CARES Act’s Provider Relief Fund or the PPPHCEA payments. Shortly after the account receives the deposit, an individual(s) withdraws the funds via large cash withdrawals, cashier’s checks, wires to an overseas account, transfers to personal accounts, or payments for nonbusiness expenses.
15. An account previously associated with providing health care services but has not been recently active or appears to be defunct, receives an unexpected or excessive COVID-19-related payment that appears to be from the CARES Act’s Provider Relief Fund or a PPPHCEA payment.
16. An account holder receives a substantial amount of reimbursements from health care benefit programs or health insurance companies for services rendered at the same time that the account holder receives COVID-19-related unemployment insurance payments.

Key takeaways

• Know and understand your customers and the transactions conducted in their accounts.
• Suspicious activity reporting, in conjunction with effective implementation of BSA compliance requirements by financial institutions, is crucial to identifying and stopping health insurance and health care frauds, including those related to the COVID-19 pandemic.
• Source of funds knowledge and provenance is vitally important in determining whether fraud may be occurring.
• Monitoring of inactive accounts which receive an influx of COVID-19-related activity should be scrutinized.
• System generated alerts related to COVID-19 transactions need to be taken seriously, and monitored for possible suspicious or fraudulent activity.