Medicare web scare triggers crackdown call
A security scare has triggered an official call for stronger checks on millions of Medicare cards in a clear warning to the Turnbull government about the threats to a vast system that pays $35 billion in benefits each year.
A high-powered government review is warning that access to personal card information has become too easy at a time of growing fears about payment fraud, identity theft and other “illicit activities” that leave taxpayers carrying the bill.
The report singles out the lax controls on government phone services that answer 588,000 requests every year for personal Medicare numbers, raising ques- tions about the checks on those who gain access to the information.
Human Services Minister Alan Tudge and Health Minister Greg Hunt will release the findings today with a promise to respond by the end of the year on the proposals to protect 14 million Medicare cards and the way they are used to prove — and sometimes steal — an identity.
The government sought the review after reports in July that traders on the “dark web” were selling personal Medicare names and numbers, allowing buyers to create false identities for general use as well as making false claims on the public healthcare system.
The review, led by Peter Shergold, a former secretary of the Department of Prime Minister and Cabinet, does not put an estimate on the cost of Medicare fraud but notes the $2.2bn estimated cost of identity crime and calls for stricter controls on the cards.
The findings appear likely to lead to significant changes to the government system that allows healthcare providers to gain relatively easy access to card numbers, for instance by calling an information line and providing a patient’s name and date of birth.
The review says it has not seen any evidence of fraudulent requests for Medicare numbers through the phone service but is “concerned about the potential risks” and urges stricter controls.
In another key finding, it says there has been “no risk to patients’ health records” but that it is “imperative to maintain the privacy of personal information” and retain confidence in the system.
As well as the 588,000 requests to the phone services every year, healthcare providers put in 10.2 million searches to the Health Professional Online Service over the web, allowing them to ask for 500 card details every day.
The Shergold report warns that there are no requirements for the providers to obtain consent from their patients before seeking the details. It recommends changes to the rules so all health professionals must obtain this consent before seeking the card numbers.
The report also calls for the phone line to be phased out over the next two years to halt the easiest access to the card numbers, although it says some phone services should be allowed for “exceptional circumstances”.
The online access to 500 records in a single day is a crucial service for hospitals, given the need to treat patients who might not have their Medicare cards with them. Even so, the review suggests this access is limited to 50 records a day.