FinCEN warns financial institutions of ‘red flags’ for potential COVID-19 health care- or health insurance-related fraud

An advisory warning financial institutions of a proliferation of fraud schemes tied to health care or health insurance services bought and paid for amid the COVID-19 pandemic was issued Tuesday by the Treasury Financial Crimes Enforcement Network (FinCEN).

“Law enforcement and financial institutions have detected numerous instances of potential frauds related to health care benefit programs , health insurance, and COVID-19 health care relief funds,” the advisory stated. FinCEN said the frauds being uncovered target Medicare, Medicaid/Children’s Health Insurance Program (CHIP), and TRICARE as well as health care programs provided through the Departments of Labor and Veterans Affairs, and private health insurance companies.

The advisory – FIN-2021-A001 – also stated that frauds have also been seen related to COVID-19 relief funds for health care providers, such as those provided under the Paycheck Protection Program (PPP) and Health Care Enhancement Act (HCEA).

The types of illicit activity noted in the advisory include unnecessary services; billing schemes; kickbacks; health care technology schemes; telefraud and telehealth schemes; fraudulently obtaining COVID-19 health care relief funds; identity theft leading to additional fraud.

“To discern whether a health insurance fraud is COVID-19-related, financial institutions should assess whether the activity occurred around or after the Secretary of Health and Human Services’ public health emergency declaration of January 31, 2020, and whether the underlying purported service relates to COVID-19,” the agency wrote.

“As no single financial red flag indicator is necessarily indicative of illicit or suspicious activity, financial institutions should consider all surrounding facts and circumstances before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent activities related to COVID-19,” it said. “In line with a risk-based approach to compliance with the BSA, financial institutions also are encouraged to perform additional inquiries and investigations where appropriate.”

The FinCEN advisory identified 16 red flag indicators to alert financial institutions and help them detect, prevent, and report suspicious transactions related COVID-19 fraud. Some of these included:

  • After the COVID-19 public health emergency declaration, a health care service provider’s account receives or continues to receive: (1) health care benefit program or health insurance payments well above the provider’s estimated business transactions; or (2) payments at the same volume despite an expected diminished activity level during the public health emergency (e.g., a non-emergency medical transport company receiving higher than expected payments during stay-at-home orders).
  • A health care service provider’s account receives health care benefit program or health insurance payments beyond the expected type or volume of service, based on staffing and other characteristics of the business (e.g., processing COVID-19 tests when the medical facility does not typically offer diagnostic services, or the facility is processing a high volume of tests despite only employing a few medical personnel).
  • A COVID-19-related health care service provider’s business account has unusual transaction activities, such as payments for personal or medically irrelevant expenses (e.g., payments to automobile dealers, travel agents, or retailers of luxury goods).
  • After the COVID-19 public health emergency determination, a purported health care provider’s account does not receive small-dollar check deposits, payments from merchant fee servicers, or cash payments from patients that would indicate patient copayments. This may indicate the absence of actual business activity.
  • A newly formed health care business account has a volume or type of payment that seems inconsistent with expected levels of activity for such an account.
  • The physical location of a purported medical facility receiving reimbursements for COVID-19- related health care services or relief funds is non-existent, a residential address, a commercial mail receiving agency address (e.g., a UPS Store address), or another non-office building address (e.g., a purported medical facility is listed as a laboratory, but the physical address is a vacant lot, car dealership, restaurant, or retail store).
  • A health care service provider’s account makes frequent or unusually large payments recorded as advertising or marketing expenses, or makes recurring round-dollar payments to one or multiple individuals in a manner inconsistent with its payroll-related withdrawals. The payments may reference “director fees,” “consulting fees,” “marketing,” or “business process outsourcing.”
  • An account with no previous known association with providing health care services, receives an unexpected or excessive COVID-19-related payment that appears to be the CARES Act’s Provider Relief Fund or the PPP-HCEA payments. Shortly after the account receives the deposit, an individual(s) withdraws the funds via large cash withdrawals, cashier’s checks, wires to an overseas account, transfers to personal accounts, or payments for non-business expenses.

The advisory also highlights two recent fraud cases related to COVID-19 health care or insurance services.