Overview            Agent Types         Cost of Fraud          Identity Verification         Pricing          Use Cases                  


     Protected Health Information (PHI) is defined as personally identifiable health information collected from an individual, and covered under one of the state, federal, or international data breach disclosure laws for the healthcare industry. 

     PHI is not limited to patient family history, demographic data, insurance information, medications, DOB, right down to a patient’s dental x-rays. Starting with that - bad actors can build enough information to completely steal a patient’s identity and commit  

Account Takeover Fraud 

Financial Fraud   

Government Benefits Fraud 

Insurance Fraud 

IRS Tax Refund Fraud 

Medication Fraud 

New Account Fraud 

Senior Citizen Scams 

Utilities Fraud 

And Many Other Scams, Crimes, And Cons 


     The 1996 Health Insurance Portability and Accountability Act (HIPAA) grants patients broad privacy rights, as well as the right to examine their own medical records. But patients don't necessarily have the right to correct errors or even prevent errors from being passed along to other providers. That's because health care providers aren't required to amend records that did not originate with them. Victims can spend years expunging bad entries only to discover a mistake that reappears later -- transferred from a record that wasn't noticed earlier.  Medical ID Theft

     Doctors are understandably reluctant to expunge any medical information from a file, because it could expose them to liability. For example, if a physician prescribed OxyContin for severe back pain to an imposter, and the back pain was not in the Ginicoe authenticated member’s patient record, officials could question the reason for the prescription, which would still be on file at the pharmacy. 

     Ginicoe can help!  We expand beyond Knowledge Based Assessment (KBA) questions. We provide autonomous and semi-autonomous agent products to you for                                                      

  1. Patented Identity Verification; and                                              
  2. Risk Assessment by Region 


     Biometric facial recognition (BFR) is deployed for all your digital and non-digital patients to health care agent types - that includes every covered entity, all 5,627 registered U.S. hospitals, Doctor Offices, dentist offices, Nursing and residential care facilities, neighborhood vans, buses, and RVs, mobile phone healthcare, scheduling admins, ambulatory healthcare services, health insurance organizations, claims processors, billing services, social assistance, benefits managers, medical devices, and courier services that handle PHI without acting as medical care providers, VA Hospital, medical technician, health care administrator, and pharmacist.[1]    

                                                                 THE COSTS OF FRAUD

     Healthcare data breach costs leads the United States as the highest type of data breach. It represents 27 percent (27%) of all data breaches. Health Care data breaches costs $408 per capita. U.S. healthcare data breaches cost more than 2.5 times the global average overall cost at $148 per record. Also, within healthcare, the per capita cost has increased by $11 compared to the four-year average of $369.[2] 

     U.S. companies reported paying over $690,000 on average for notification costs related to a breach - which is more than double the amount of any other country. 

     The National HealthCare Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year. 

     Financial losses caused by health care fraud are only part of the story. Health care fraud has a human face.  Individual victims of health care fraud are everywhere.  These are people that Ginicoe cares about who are exploited and subjected to unnecessary or unsafe medical procedures.  Or whose medical records are compromised or whose legitimate insurance information is used to submit falsified claims. 


     If you are just starting out to protect yourself from fraud or if you are researching how you can plug up the holes in your existing layers – Ginicoe’s Identity verification will help you prevent: 

A.     Insider threats against internal channels, is a huge challenge for healthcare providers.   

B.     External channels, partner and collusion channels also represent how wide the threat surface is for stolen PHI.  

Our findings show that healthcare providers that layer solutions by identity verification and agent type experience fewer issues and lower the cost of fraud with improved risk management tolerance levels.

check mark Greencheck mark GreenThey experience fewer false id theft complaints. 

check mark GreenThere are fewer manual reviews required. 

check mark GreenThe cost of fraud is less. 

check mark GreenThere is improved HIPPA, HITECH, HHS, VA, AOD, and related compliance. 

check mark GreenThere is increased focus on treating the correct patient with the correct ailments. 

check mark GreenThere is significant increase in shareholder value. 

check mark GreenThere is significant increase of patient, shareholder, and employee retention. 

check mark GreenThere is reduced internal fraud and churn.  

check mark GreenThere are reduced errors & bureaucracy due to patient’s opt-in with our National sharing dBase of PII across groups, divisions, business units, government ACA single payer, and approved covered entities. 

check mark GreenThere is reduced malpractice exposure due to fraud. 

check mark GreenThere is reduced reputational damage. 

check mark GreenThere are reduced operational costs.   

     Our Biometric Facial software suite works as a multi-layered gatekeeper with our patented advanced identity verification, identity authentication, and fraud transaction risk assessment.  

     Identity verification / authentication is important for “letting your customers in” with the least amount of friction and risk. Transaction –related fraud is about keeping the “bad guys out”.  

     Our autonomous and semi-autonomous products empower you to view all customer faces, randomly select customer faces, or view no customer faces at all, dependent upon your local healthcare policy. We are agile and keep you the healthcare professional as our highest priority to satisfy you, dependent upon your specific use case, through early and continuous delivery of our patented suite of identity verification tools.  Ginicoe’s patented layered approach solves this for you.  

     Our patented solution will increase your customer trust and loyalty plus increase your revenue plus grow your market share all while reducing your fraud costs and risk threshold. This is why we are distinguishable.  





ELITE - Internal Fraud  

 One type of internal healthcare fraud are accidents or mistakes that encompass unintentional employee actions, third-party snafus, and stolen computing devices. The second type of internal healthcare fraud are malicious actions whose unilateral intentions are to cause harm to your organization that encompass bored employees, depressed, frustrated or angry due to a circumstance where they believe they were not treated fairly.  

Seniors & Cards or Health Care

     These two types of internal fraud account for the lion’s share of health care related data breaches. In fact, 36 percent of healthcare organizations and 55 percent of all others that handle PHI without acting as medical care provider, named accidental employee actions as a breach cause. 

     If caused by human error, employee misuse, or malicious intent, the healthcare industry is its own worst enemy when it comes to data breaches, and is nearly seven times (7x) more likely to experience a casual error or mishap than any other industry.  

     Ginicoe can help. We will not protect your computers, but we will augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII when that data breach occurs. 

     If you are on this list, or your business model or products are similar, you should contact us 


Acute care surgery 


Moda Health Plan 


Barnes-Jewish Hospital (St. Louis) 

Brigham and Women's Hospital (Boston) 

Brooklyn clinic 

Carolinas Healthcare System 

Cedars-Sinai Medical Center (Los Angeles) 


Cleveland Clinic 

Critical care 

Defense Health Agency 

Department of Labor 

Diagnostic Sleep Studies 

Duke University Hospital (Durham, N.C.) 

Emergency medicine 

Federal Employees Health Benefits 

Freedom Health   

Genesis Healthcare 

Harlem Hospital   

Health First 

Home Health 

Hospice care 

Hospitals of the University of Pennsylvania   

Hospital Special Surgery 

Humble Surgical Hospital 


Los Angeles Hospital   

Massachusetts General Hospital (Boston)   

Mayo Clinic Hospital (Phoenix) 

Medi Cal 

Medicaid Fraud 

Medicare Part D 

Mercy Clinic 

Mercy Hospital 

Metro Health Center 

Michigan Medicine (Ann Arbor) 

Mount Sinai 

New York Presbyterian Hospital (New York City) 

NYU Langone Hospital (NYC) 

Northwestern Memorial Hospital (Chicago) 

Obstetrics and Gynecology 

Office of Worker's Compensation 
Opioid Diversion and Abuse 

Optimum Health Care 



Pacific Alliance Medical Center 

Pain Care Clinic 

Presbyterian Hospital 

San Francisco General Hospital 


Skilled Nursing and Rehabilitation Therapy 

Smidt Heart Institute at Cedar Sinai 


Stanford (California) Hospital 


The John Hopkins Hospital (Baltimore) 

The Mount Sinai Hospital (New York) 

 -Penn Presbyterian (Philadelphia) 


UCLA Medical Center (Los Angeles) 

UCSF Medical Center (San Francisco) 

UnitedHealth Medicare Advantage 

University Hospital 

UPMC Presbyterian Shadyside (Pittsburgh) 
US Physicians Home Visits 

Vanderbilt University Medical Center (Nashville, Tn) 

Weill Cornell Medical Center (NYC) 


PLUS - External Fraud - 

     The bad guys may use ransom ware, email phishing attacks, user error, social engineering, malware, key loggers, faxes by email, Internet of Things (IoT), shoulder surfing, social media, persuasion/coercion, reverse social engineering, dumpster diving, phone based attacks, sexual solicitation, amber alerts, charity solicitations, false news articles, fake Facebook groups, fake login screens, please send money, open roof doors, rogue access points, or any combination of these and others that our healthcare associates are well versed on – never-the-less they ALL lead to the same objective:  They want your patient’s PHI & PII sensitive information including medical diagnosis, names, date of birth, medical record numbers and social security numbers. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII.  

     If you are on this list, or you have 3rd party relationships or your products are similar with those listed below, then you should contact us. 


Advanced Data Systems 

Agfa HealthCare 

Allscripts Healthcare Solution, Inc. 

Ambient Clinical Analytics 

Analyte Health 


Athenahealth, Inc 


Avec Health Solutions 


Axial Exchange Inc.   

Bionic Technology 

Cerner Corporation 

Change Healthcare     

Ciox Health 

College Park, Inc.   

CompuGroup Medical 


Computer Programs & Systems, Inc. 

Conifer Health Solutions 

Conifer Health Solutions


Corin Group









Epic Systems Corp

G Medical Innovations

GE Healthcare


Global Supply Chain

Greenway Health

Greenway Health LLC

Hancock Health


Hip Marketing

i2i Population Health




Greenway Health 

Greenway Health LLC 

Hancock Health 


Hip Marketing 

i2i Population Health 



McKeeson Corporation 

Medartis AG 

Medical HealthCare Solutions 


Merge HealthCare Inc. 

Newport Credentialing Solutions 


ONLYX Healthcare  U.S.A., Inc. 

Otto Bock HealthCare 


Practice Fusion

Practice Fusion, Inc.

Quality Systems, Inc.


Scribe Technology Solutions, Inc.

Self Care Catalysts


Sensogram Technologies, Inc.



TCS Healthcare Technologies


Time Tap

Tornier N.V.

Touch Bionics


Veracity Solutions

Waldemar Link GmbH & Co. KG


Zephyr Health


 STANDARD – 3rd Party Partners & Health Plan Exposure

      The nature of patient interaction with these 3rd Party partner relationships and the potential impact the relationship has on your healthcare covered entity creates a large threat surface where you are responsible. The 3rd party is not subject to specific laws and regulations regarding HIPPA, HITECH, COPPA, etc., yet independent practices rely on them for much needed resources and expertise.  One such use case is a third party HVAC central station that ties into your network via the IoT, yet may leave your PHI & PII exposed through a backdoor. Unlike you, they may not be publically traded, and thus their low security standards place you on the hook in the event of a data breach exposing patient’s sensitive information. The same may hold true on reliance of subcontractors and countless other 3rd party partners, HMOs, health plans, and similarly situated entities with low to zero security preventive solutions. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII

     If you are on this list, or your business model or products are similar, you should contact us.

Aetna                                                                                          Humana

Blue Cross Blue Shield                                                               Independence Blue Cross

Blue Shield of California                                                             Kaiser Permanente                                      

Care First                                                                                    Medigap

Centene Corporation                                                                  NoMoreClipboard

Cigna                                                                                          Supplement

Health Care Service Corporation (HCSC)                                 United HealthCare



ESSENTIAL - Collusion Exposure  –

     The difference between collusion and insider threat is where at least two people have knowledge of the bad act and typically one is an insider and the other is an outsider external away from the covered entity. In other words, it is not a unilateral bad act as in the case of internal fraud, nor is it an accidental mishap.

     An insider within a radiology department of a hospital accessed patient records for the purposes of committing credit card fraud. He used a co-worker’s unlocked workstations to look up information whenever they stepped away. He then colluded with a former employee to apply for credit cards in patient names.

     If your HR department has churn and especially high churn or your procurement department outsources at least one service or product to 3rd party partners, you should contact us if your wish to protect your covered entity regarding:

Every employee                                                               Every former 3rd party partner

Every former employee                                                   Every contractor or subcontractor

Every 3rd party partner                                                   Every former contractor or subcontractor


Agent Types

Autonomous Agents - Merchant agent networks may be considered to be implementations of machine learning systems, spiders, crawlers, bots, artificial neural networks, perceptions, or Bayesian reasoning networks. Because these agents can exhibit the functional architectures and behaviors of autonomous machine learning mechanisms they are goal based and self-contained. These agents may be backward looking as in the case of neural networks where the machine is trained on customer’s past behaviors, or they may be forward looking as in the case of branch predictions and artificial intelligence (AI).  This typically occurs in a digital channel often supplemented with an external webcam, mobile phone camera, IP camera, kiosk camera, or similar image receiving mechanism. As described below, the distinction between autonomous and semi-autonomous is entirely dependent upon the user’s security policies.

Semi-Autonomous Agents – simply put this merchant agent performs with all of the attributes of an autonomous agent yet with the exception of persistent notification to a user. In other words, it is not self-contained. It may be appreciated, that a semi-autonomous agent may behave on each and every customer at one extreme or some random number of customers or other attributes, such as geographic, demographic, etc. at the other extreme. This is dependent upon the user’s security policies, labor intensity, peak traffic times, regulatory compliance factors, budgeting constraints, customer acceptance, and any number of countless other factors. For example, ATMs were mainstreamed in the 1980s as a replacement for tellers, yet 30 years later, tellers are still with us because customer’s still prefer some degree of human interaction. Semi-autonomous agents typically occur in a non-digital channel such as a patient walk-in, yet may perform also in a digital channel such as a patient walk-in that interacts with their remote primary physician via a webcam, iPad camera, etc. or the inverse where the physician is at work and the patient is remote and bedridden at home. In either use case, machine and humans are interacting to secure patient data to render a result.


     In taking a multi-layered security defense in depth approach, we augment your existing security approach with multi-factor authentication (MFA) and two factor authentication (2FA). We meet then exceed basic regulatory compliance found in HIPPA, HITECH, COPPA, enforced by Centers for Medicare & Medicaid Services (CMS), Office of the National Coordinator for Health Information Technology (ONC), US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and the Health Care Fraud Unit and Strike Force (HCF). Furthermore, we make ourselves available to indirect partners such as the FDA, HICPAC, CDC, and others. Our patented products protect you from lawsuits on so many different levels e.g. breach notification requirements, class actions, patent inducement claims, privacy protections, reputational damage control, increased market share, increased shareholder value, and so much more.



     Joe Ryan got a collection notice from a billing agency for Littleton Adventist Hospital near Denver, Colorado. The hospital wanted payment for surgery totaling $41,188. Ryan, a Vail pilot, had never set foot in that hospital. Obviously there was some mistake. "I thought it was a joke," says Ryan. But when he called the billing agency, nobody laughed. Someone named Joe Ryan, using Ryan's Social Security number, had indeed been admitted for surgery. A busy man, Ryan was trying to get his new sightseeing business, Rocky Mountain Biplane Adventures, off the ground. He figured clearing this up would take just a few phone calls. Two years later, Ryan continues to suffer from the damage to his credit rating and still doesn't know if his medical record has been cleared of erroneous information. "I'm desperately trying not to go bankrupt," he says.

This is an example of medical identity theft


     Aspire Health, a Nashville-based in-home healthcare provider, founded in 2013 by former Sen. Bill Frist and current CEO Brad Smith. was hacked Sept. 3 as a result of a phishing attack and “lost” some protected health information (PHI), according to a report by the Tennessean.com. Aspire Health learned one of its employees was the victim of an international phishing attack. Aspire is now working through the legal process to determine if any Aspire information was ultimately accessed by a third-party. In the court records filed, Aspire has said it has tried to identify the hacker but so far has been unable to do so. The phishing attack originated from a website with an IP address in Eastern Europe for which Google is the registrar.

This is an example of External Threat


     Vanessa works as a registration clerk in a hospital’s emergency room. She is committed to helping patients and the hospital but often feels overwhelmed at the volume of work and information she deals with daily.  One day, Vanessa receives a call from a lawyer she knows has volunteered his services at the hospital previously. He explains that if she can supply him a list of patients with specific injuries on specific dates, that he can assist these patients and the hospital with his legal services. Vanessa thinks she is doing nothing wrong, especially since she’s giving the information to a lawyer who has volunteered at the hospital before and who knows many of the executives there. She gives him the data on a weekly basis via copies of printed patient data.

This is an example of social engineering


     A front desk coordinator at a medical clinic stole PII of more than 1000 patients which contributed to over $2.8 million in fraudulent Medicare claims.  She colluded with an outsider who operated a medical claims service.  She printed out over a 1000 records.  Controls to limit number of records that could be viewed were in place, however checks and balances or the absence of multi-layered security failed to notice the limit was exceeded regularly.

                                                            This is an example of Collusion