Drones Next for Aetna's SIU?

Not to be outdone by FBI, NSA, and DHS, Aetna's own Special Investigative Unit (SIU) claims to fight health care fraud. BehaveNet has obtained a letter from Aetna’s SIU to a physician requesting (demanding) medical records that illustrates the payer’s tactics [bold mine]:

“Dear Healthcare Provider:

“We are conducting a review of services rendered to the above named patient(s). We are writing to request the medical records for the time period indicated.

“This patient was a member/insured of Aetna during the dates of service above. We are permitted to obtain these records without obtaining an additional authorization from the member/insured, because you and we are “covered entities” as defined by HIPAA. Specifically, 45 CFR 164.502 (a) (1) allows such disclosures for “treatment, payment or health care operations”.

“Please provide any and all treatment records to include:

  • patient’s complete chart including daily notes by attending physicians

  • medical and social histories

  • records of the patient’s chief complaint

  • record of the treating provider’s findings

  • daily treatment or progress notes

  • record of the treating provider’s preliminary and final diagnoses

  • copy of all diagnostic and laboratory test results, including x-rays and x-ray reports”


The treating physician, an out-of-network provider for Aetna, ordered several laboratory tests for a patient, but did not submit a claim for office services. Claims by the laboratory probably triggered the review.


  • Aetna may hope the Special Investigative Unit letterhead will intimidate providers.
  • Privacy rules and laws address authorization to release -- not obtain -- records. The bolded sentence above emphasizing obtaining records may represent an attempt to obtain records through deliberate deception.

  • Aetna apparently claims to determine a provider’s HIPAA covered entity status without factual basis.

  • Aetna shows contempt for the right of the member/insured to determine to whom their provider should release records.

  • Out-of-network providers have no business relationship with payers.

I do not object to payers asking to review records in order to determine whether to reimburse based on contractual considerations, including denial of reimbursement, but I would not want my payer to use intimidation and deception in order to convince my physician to release those records without my authorizationi. I understand that currently only a provider who bills “electronically” using “code sets” qualifies as a HIPAA covered entity. Payers should not presume to identify providers as covered entities without evidence.

If I ever receive a letter like this I will simply ask the patient whether she wants me to release the records to the payer, and I will abide by her wishes. Payers should send such requests directly to their member/insured who can then ask their providers to send records. In fact, I have found support from my state insurance commissioner in demanding that payers stop corresponding with me altogether. Only contracted providers belong in the middle of that relationship.

Shame on Aetna and any other payer that employs such tactics. Will such practices increase or decrease under Obamacare?

(I contacted Aetna for comments several days ago but have received no response.)


Daily Tweets

Notable Person: #BHCPOD
Phobia: #BNphobia

National Conference Tweetchats

2/26-3/2 AGPA
3/6-9 ANPA