I had several readers comment about my Oct. 4 column concerning the latest Medicare scam. The caller asks if the older person on Medicare has received the latest Medicare chip-enabled green Medicare card. Of course, the scammer needs to verify the information to get the new secure card to the person.

My advice was – and is – if you get a call like this one, hang up. Do not even enter a conversation with this blatant liar and fraud.

One reader raised two key issues that deserve scrutiny

“1. How do scammers (or even a legitimate provider doing robocalls) have access to Medicare’s database to be able to enter and verify a person's Medicare number?

“2. Why would Medicare even consider paying for services that are not prescribed for a documented medical need by a legitimate medical provider – and on what basis could the victimized individual be made to pay if Medicare doesn’t?”

The first question is especially puzzling in light of Medicare’s policies. According to the Medicare website, “The law requires Medicare to protect the privacy of your personal medical information. It also requires us to give you this notice so you know how we may use and share (‘disclose’) the personal medical information we have about you.”  

This same web page gives a list under “We may use or share your information under these limited circumstances.” The list includes:

To State and other Federal agencies that have the legal right to get Medicare data (like to make sure Medicare is making proper payments and to help Federal/State Medicaid programs)

For public health activities (like reporting disease outbreaks)

For government health care oversight activities (like investigating fraud and abuse)

For judicial and administrative proceedings (like responding to a court order)

For law enforcement purposes (like providing limited information to find a missing person)

For research studies that meet all privacy law requirements (like research to prevent a disease or disability)

To avoid a serious and imminent threat to health or safety

To contact you about new or changed Medicare benefits

To create a collection of information that no one can trace to you

To health care providers and their business associates for care coordination and quality improvement purposes, like Accountable Care Organizations (ACOs)

The same heading provides: “We must have your written permission (an ‘authorization’) to use or share your information for any purpose that isn’t set out in this notice. We don’t sell or use and share your information to tell you about health products or services (‘marketing’). You may take back (‘revoke’) your written permission at any time, unless we’ve already shared information because you gave us permission.”

After reading these privacy provisions, we can only wonder how scammers get our information so readily. One of the problems, I believe, lies in the fact that our personal information is in a database. No matter how meticulously the operator of a database tries to prevent breaches, hackers can still penetrate the database and steal information.

Paul Bischoff of Comparitech wrote an article published on June 27, 2019, about a data breach involving 5 million MedicareSupplement.com users. This breach included personal information and even some medical information.

NBC29 News in Harrisonburg, VA, published a press release on Nov. 25, 2019, that the information of 220,000 Medicare beneficiaries had been affected by a breach. The release said:

“The Centers for Medicare and Medicaid (CMS) have announced that about 220,000 Medicare beneficiaries’ card numbers have been compromised by an unknown person or organization. It is unknown how this data breach occurred, but CMS is taking steps to remedy the situation and prevent its reoccurrence in the future.”

Most of us labor under the delusion we still enjoy a modicum of privacy, even when online. However, hackers and scammers are constantly working to frustrate the safeguards of those who operate databases.

Frankly, I do not see a legislative or governmental solution to these problems. We need tech companies to step up and develop methods for safeguarding the privacy of information.

We also need to save the reader's second question for another column.

Mike Parker is a columnist for Neuse News. You can reach him at mparker16@gmail.com.