Overview            Agent Types         Cost of Fraud          Identity Verification         Pricing          Use Cases                  

Overview 

     Protected Health Information (PHI) is defined as personally identifiable health information collected from an individual, and covered under one of the state, federal, or international data breach disclosure laws for the healthcare industry. 

     PHI is not limited to patient family history, demographic data, insurance information, medications, DOB, right down to a patient’s dental x-rays. Starting with that - bad actors can build enough information to completely steal a patient’s identity and commit  

Account Takeover Fraud 

Financial Fraud   

Government Benefits Fraud 

Insurance Fraud 

IRS Tax Refund Fraud 

Medication Fraud 

New Account Fraud 

Senior Citizen Scams 

Utilities Fraud 

And Many Other Scams, Crimes, And Cons 

 

     The 1996 Health Insurance Portability and Accountability Act (HIPAA) grants patients broad privacy rights, as well as the right to examine their own medical records. But patients don't necessarily have the right to correct errors or even prevent errors from being passed along to other providers. That's because health care providers aren't required to amend records that did not originate with them. Victims can spend years expunging bad entries only to discover a mistake that reappears later -- transferred from a record that wasn't noticed earlier.  Medical ID Theft

     Doctors are understandably reluctant to expunge any medical information from a file, because it could expose them to liability. For example, if a physician prescribed OxyContin for severe back pain to an imposter, and the back pain was not in the Ginicoe authenticated member’s patient record, officials could question the reason for the prescription, which would still be on file at the pharmacy. 

     Ginicoe can help!  We expand beyond Knowledge Based Assessment (KBA) questions. We provide autonomous and semi-autonomous agent products to you for                                                      

  1. Patented Identity Verification; and                                              
  2. Risk Assessment by Region 

AGENT TYPES

     Biometric facial recognition (BFR) is deployed for all your digital and non-digital patients to health care agent types - that includes every covered entity, all 5,627 registered U.S. hospitals, Doctor Offices, dentist offices, Nursing and residential care facilities, neighborhood vans, buses, and RVs, mobile phone healthcare, scheduling admins, ambulatory healthcare services, health insurance organizations, claims processors, billing services, social assistance, benefits managers, medical devices, and courier services that handle PHI without acting as medical care providers, VA Hospital, medical technician, health care administrator, and pharmacist.[1]    

                                                                 THE COSTS OF FRAUD

     Healthcare data breach costs leads the United States as the highest type of data breach. It represents 27 percent (27%) of all data breaches. Health Care data breaches costs $408 per capita. U.S. healthcare data breaches cost more than 2.5 times the global average overall cost at $148 per record. Also, within healthcare, the per capita cost has increased by $11 compared to the four-year average of $369.[2] 

     U.S. companies reported paying over $690,000 on average for notification costs related to a breach - which is more than double the amount of any other country. 

     The National HealthCare Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year. 

     Financial losses caused by health care fraud are only part of the story. Health care fraud has a human face.  Individual victims of health care fraud are everywhere.  These are people that Ginicoe cares about who are exploited and subjected to unnecessary or unsafe medical procedures.  Or whose medical records are compromised or whose legitimate insurance information is used to submit falsified claims. 

IDENTITY VERIFICATION 

     If you are just starting out to protect yourself from fraud or if you are researching how you can plug up the holes in your existing layers – Ginicoe’s Identity verification will help you prevent: 

A.     Insider threats against internal channels, is a huge challenge for healthcare providers.   

B.     External channels, partner and collusion channels also represent how wide the threat surface is for stolen PHI.  

Our findings show that healthcare providers that layer solutions by identity verification and agent type experience fewer issues and lower the cost of fraud with improved risk management tolerance levels.

check mark Greencheck mark GreenThey experience fewer false id theft complaints. 

check mark GreenThere are fewer manual reviews required. 

check mark GreenThe cost of fraud is less. 

check mark GreenThere is improved HIPPA, HITECH, HHS, VA, AOD, and related compliance. 

check mark GreenThere is increased focus on treating the correct patient with the correct ailments. 

check mark GreenThere is significant increase in shareholder value. 

check mark GreenThere is significant increase of patient, shareholder, and employee retention. 

check mark GreenThere is reduced internal fraud and churn.  

check mark GreenThere are reduced errors & bureaucracy due to patient’s opt-in with our National sharing dBase of PII across groups, divisions, business units, government ACA single payer, and approved covered entities. 

check mark GreenThere is reduced malpractice exposure due to fraud. 

check mark GreenThere is reduced reputational damage. 

check mark GreenThere are reduced operational costs.   

     Our Biometric Facial software suite works as a multi-layered gatekeeper with our patented advanced identity verification, identity authentication, and fraud transaction risk assessment.  

     Identity verification / authentication is important for “letting your customers in” with the least amount of friction and risk. Transaction –related fraud is about keeping the “bad guys out”.  

     Our autonomous and semi-autonomous products empower you to view all customer faces, randomly select customer faces, or view no customer faces at all, dependent upon your local healthcare policy. We are agile and keep you the healthcare professional as our highest priority to satisfy you, dependent upon your specific use case, through early and continuous delivery of our patented suite of identity verification tools.  Ginicoe’s patented layered approach solves this for you.  

     Our patented solution will increase your customer trust and loyalty plus increase your revenue plus grow your market share all while reducing your fraud costs and risk threshold. This is why we are distinguishable.  

 

PRICING FACIAL BIOMETRICS

IN YOUR DIGITAL and NON-DIGITAL CHANNEL

 

ELITE - Internal Fraud  

 One type of internal healthcare fraud are accidents or mistakes that encompass unintentional employee actions, third-party snafus, and stolen computing devices. The second type of internal healthcare fraud are malicious actions whose unilateral intentions are to cause harm to your organization that encompass bored employees, depressed, frustrated or angry due to a circumstance where they believe they were not treated fairly.  

Seniors & Cards or Health Care

     These two types of internal fraud account for the lion’s share of health care related data breaches. In fact, 36 percent of healthcare organizations and 55 percent of all others that handle PHI without acting as medical care provider, named accidental employee actions as a breach cause. 

     If caused by human error, employee misuse, or malicious intent, the healthcare industry is its own worst enemy when it comes to data breaches, and is nearly seven times (7x) more likely to experience a casual error or mishap than any other industry.  

     Ginicoe can help. We will not protect your computers, but we will augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII when that data breach occurs. 

     If you are on this list, or your business model or products are similar, you should contact us 

Acupuncture 

Acute care surgery 

Anesthesiology 

Moda Health Plan 

Anthem 

Barnes-Jewish Hospital (St. Louis) 

Brigham and Women's Hospital (Boston) 

Brooklyn clinic 

Carolinas Healthcare System 

Cedars-Sinai Medical Center (Los Angeles) 

Chiropractor 

Cleveland Clinic 

Critical care 

Defense Health Agency 

Department of Labor 

Diagnostic Sleep Studies 

Duke University Hospital (Durham, N.C.) 

Emergency medicine 

Federal Employees Health Benefits 

Freedom Health   

Genesis Healthcare 

Harlem Hospital   

Health First 

Home Health 

Hospice care 

Hospitals of the University of Pennsylvania   

Hospital Special Surgery 

Humble Surgical Hospital 

Hydrocodone 

Los Angeles Hospital   

Massachusetts General Hospital (Boston)   

Mayo Clinic Hospital (Phoenix) 

Medi Cal 

Medicaid Fraud 

Medicare Part D 

Mercy Clinic 

Mercy Hospital 

Metro Health Center 

Michigan Medicine (Ann Arbor) 

Mount Sinai 

New York Presbyterian Hospital (New York City) 

NYU Langone Hospital (NYC) 

Northwestern Memorial Hospital (Chicago) 

Obstetrics and Gynecology 

Office of Worker's Compensation 
Opioid Diversion and Abuse 

Optimum Health Care 

Orthopedic 

Oxycodone 

Pacific Alliance Medical Center 

Pain Care Clinic 

Presbyterian Hospital 

San Francisco General Hospital 

Sanofi-Aventis 

Skilled Nursing and Rehabilitation Therapy 

Smidt Heart Institute at Cedar Sinai 

Soma 

Stanford (California) Hospital 

TeamHealth 

The John Hopkins Hospital (Baltimore) 

The Mount Sinai Hospital (New York) 

 -Penn Presbyterian (Philadelphia) 

TRICARE 

UCLA Medical Center (Los Angeles) 

UCSF Medical Center (San Francisco) 

UnitedHealth Medicare Advantage 

University Hospital 

UPMC Presbyterian Shadyside (Pittsburgh) 
US Physicians Home Visits 

Vanderbilt University Medical Center (Nashville, Tn) 

Weill Cornell Medical Center (NYC) 

Xanax 

PLUS - External Fraud - 

     The bad guys may use ransom ware, email phishing attacks, user error, social engineering, malware, key loggers, faxes by email, Internet of Things (IoT), shoulder surfing, social media, persuasion/coercion, reverse social engineering, dumpster diving, phone based attacks, sexual solicitation, amber alerts, charity solicitations, false news articles, fake Facebook groups, fake login screens, please send money, open roof doors, rogue access points, or any combination of these and others that our healthcare associates are well versed on – never-the-less they ALL lead to the same objective:  They want your patient’s PHI & PII sensitive information including medical diagnosis, names, date of birth, medical record numbers and social security numbers. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII.  

     If you are on this list, or you have 3rd party relationships or your products are similar with those listed below, then you should contact us. 
 

AcuteNet 

Advanced Data Systems 

Agfa HealthCare 

Allscripts Healthcare Solution, Inc. 

Ambient Clinical Analytics 

Analyte Health 

Aprima   

Athenahealth, Inc 

Atos 

Avec Health Solutions 

Avelead 

Axial Exchange Inc.   

Bionic Technology 

Cerner Corporation 

Change Healthcare     

Ciox Health 

College Park, Inc.   

CompuGroup Medical 

Compulink 

Computer Programs & Systems, Inc. 

Conifer Health Solutions 

Conifer Health Solutions

CORAnet

Corin Group

Cotiviti

CureMD

Eceptionist

eClinicalWorks

eClinicalWorks

Embleema

eMD

 

Epic Systems Corp

G Medical Innovations

GE Healthcare

GenieMD

Global Supply Chain

Greenway Health

Greenway Health LLC

Hancock Health

HealthEdge

Hip Marketing

i2i Population Health

ImagineSoftware

 

Kalix

Greenway Health 

Greenway Health LLC 

Hancock Health 

HealthEdge 

Hip Marketing 

i2i Population Health 

ImagineSoftware 

Kalix 

McKeeson Corporation 

Medartis AG 

Medical HealthCare Solutions 

Medocity 

Merge HealthCare Inc. 

Newport Credentialing Solutions 

NextShift 

ONLYX Healthcare  U.S.A., Inc. 

Otto Bock HealthCare 

Payspan

Practice Fusion

Practice Fusion, Inc.

Quality Systems, Inc.

Rethink

Scribe Technology Solutions, Inc.

Self Care Catalysts

Seniorlink

Sensogram Technologies, Inc.

 

Simplifeye

TCS Healthcare Technologies

ThedaCare

Time Tap

Tornier N.V.

Touch Bionics

Trulife

Veracity Solutions

Waldemar Link GmbH & Co. KG

 

Zephyr Health

 

 STANDARD – 3rd Party Partners & Health Plan Exposure

      The nature of patient interaction with these 3rd Party partner relationships and the potential impact the relationship has on your healthcare covered entity creates a large threat surface where you are responsible. The 3rd party is not subject to specific laws and regulations regarding HIPPA, HITECH, COPPA, etc., yet independent practices rely on them for much needed resources and expertise.  One such use case is a third party HVAC central station that ties into your network via the IoT, yet may leave your PHI & PII exposed through a backdoor. Unlike you, they may not be publically traded, and thus their low security standards place you on the hook in the event of a data breach exposing patient’s sensitive information. The same may hold true on reliance of subcontractors and countless other 3rd party partners, HMOs, health plans, and similarly situated entities with low to zero security preventive solutions. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII

     If you are on this list, or your business model or products are similar, you should contact us.

Aetna                                                                                          Humana

Blue Cross Blue Shield                                                               Independence Blue Cross

Blue Shield of California                                                             Kaiser Permanente                                      

Care First                                                                                    Medigap

Centene Corporation                                                                  NoMoreClipboard

Cigna                                                                                          Supplement

Health Care Service Corporation (HCSC)                                 United HealthCare

Highmark

 

ESSENTIAL - Collusion Exposure  –

     The difference between collusion and insider threat is where at least two people have knowledge of the bad act and typically one is an insider and the other is an outsider external away from the covered entity. In other words, it is not a unilateral bad act as in the case of internal fraud, nor is it an accidental mishap.

     An insider within a radiology department of a hospital accessed patient records for the purposes of committing credit card fraud. He used a co-worker’s unlocked workstations to look up information whenever they stepped away. He then colluded with a former employee to apply for credit cards in patient names.

     If your HR department has churn and especially high churn or your procurement department outsources at least one service or product to 3rd party partners, you should contact us if your wish to protect your covered entity regarding:

Every employee                                                               Every former 3rd party partner

Every former employee                                                   Every contractor or subcontractor

Every 3rd party partner                                                   Every former contractor or subcontractor

 

Agent Types

Autonomous Agents - Merchant agent networks may be considered to be implementations of machine learning systems, spiders, crawlers, bots, artificial neural networks, perceptions, or Bayesian reasoning networks. Because these agents can exhibit the functional architectures and behaviors of autonomous machine learning mechanisms they are goal based and self-contained. These agents may be backward looking as in the case of neural networks where the machine is trained on customer’s past behaviors, or they may be forward looking as in the case of branch predictions and artificial intelligence (AI).  This typically occurs in a digital channel often supplemented with an external webcam, mobile phone camera, IP camera, kiosk camera, or similar image receiving mechanism. As described below, the distinction between autonomous and semi-autonomous is entirely dependent upon the user’s security policies.

Semi-Autonomous Agents – simply put this merchant agent performs with all of the attributes of an autonomous agent yet with the exception of persistent notification to a user. In other words, it is not self-contained. It may be appreciated, that a semi-autonomous agent may behave on each and every customer at one extreme or some random number of customers or other attributes, such as geographic, demographic, etc. at the other extreme. This is dependent upon the user’s security policies, labor intensity, peak traffic times, regulatory compliance factors, budgeting constraints, customer acceptance, and any number of countless other factors. For example, ATMs were mainstreamed in the 1980s as a replacement for tellers, yet 30 years later, tellers are still with us because customer’s still prefer some degree of human interaction. Semi-autonomous agents typically occur in a non-digital channel such as a patient walk-in, yet may perform also in a digital channel such as a patient walk-in that interacts with their remote primary physician via a webcam, iPad camera, etc. or the inverse where the physician is at work and the patient is remote and bedridden at home. In either use case, machine and humans are interacting to secure patient data to render a result.

WHY GINICOE IS BETTER

     In taking a multi-layered security defense in depth approach, we augment your existing security approach with multi-factor authentication (MFA) and two factor authentication (2FA). We meet then exceed basic regulatory compliance found in HIPPA, HITECH, COPPA, enforced by Centers for Medicare & Medicaid Services (CMS), Office of the National Coordinator for Health Information Technology (ONC), US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and the Health Care Fraud Unit and Strike Force (HCF). Furthermore, we make ourselves available to indirect partners such as the FDA, HICPAC, CDC, and others. Our patented products protect you from lawsuits on so many different levels e.g. breach notification requirements, class actions, patent inducement claims, privacy protections, reputational damage control, increased market share, increased shareholder value, and so much more.

 

USE CASES

     Joe Ryan got a collection notice from a billing agency for Littleton Adventist Hospital near Denver, Colorado. The hospital wanted payment for surgery totaling $41,188. Ryan, a Vail pilot, had never set foot in that hospital. Obviously there was some mistake. "I thought it was a joke," says Ryan. But when he called the billing agency, nobody laughed. Someone named Joe Ryan, using Ryan's Social Security number, had indeed been admitted for surgery. A busy man, Ryan was trying to get his new sightseeing business, Rocky Mountain Biplane Adventures, off the ground. He figured clearing this up would take just a few phone calls. Two years later, Ryan continues to suffer from the damage to his credit rating and still doesn't know if his medical record has been cleared of erroneous information. "I'm desperately trying not to go bankrupt," he says.

This is an example of medical identity theft

           ________________________________________

     Aspire Health, a Nashville-based in-home healthcare provider, founded in 2013 by former Sen. Bill Frist and current CEO Brad Smith. was hacked Sept. 3 as a result of a phishing attack and “lost” some protected health information (PHI), according to a report by the Tennessean.com. Aspire Health learned one of its employees was the victim of an international phishing attack. Aspire is now working through the legal process to determine if any Aspire information was ultimately accessed by a third-party. In the court records filed, Aspire has said it has tried to identify the hacker but so far has been unable to do so. The phishing attack originated from a website with an IP address in Eastern Europe for which Google is the registrar.

This is an example of External Threat

                                                   ________________________________________

     Vanessa works as a registration clerk in a hospital’s emergency room. She is committed to helping patients and the hospital but often feels overwhelmed at the volume of work and information she deals with daily.  One day, Vanessa receives a call from a lawyer she knows has volunteered his services at the hospital previously. He explains that if she can supply him a list of patients with specific injuries on specific dates, that he can assist these patients and the hospital with his legal services. Vanessa thinks she is doing nothing wrong, especially since she’s giving the information to a lawyer who has volunteered at the hospital before and who knows many of the executives there. She gives him the data on a weekly basis via copies of printed patient data.

This is an example of social engineering

                                                     __________________________________________

     A front desk coordinator at a medical clinic stole PII of more than 1000 patients which contributed to over $2.8 million in fraudulent Medicare claims.  She colluded with an outsider who operated a medical claims service.  She printed out over a 1000 records.  Controls to limit number of records that could be viewed were in place, however checks and balances or the absence of multi-layered security failed to notice the limit was exceeded regularly.

                                                            This is an example of Collusion