Eliminating Healthcare Fraud Through Technology
There are many types of healthcare fraud. It can be driven by healthcare and insurance providers, patients, employers or any combination of the above. Healthcare providers might make claims for services not provided, or overcharge for services they did provide. They might also submit claims for additional or more expensive services than were strictly necessary. This is typically done to substitute a more profitable service for a less profitable one or request reimbursement that does not take account of discounts offered to the patient. Finally, healthcare providers might misrepresent a patient’s condition to move them from an uncovered category into a covered one and then claim for services based on that misrepresentation.
Patients also contribute to fraud. For example, they might lie about their condition to get treatment, such as overreporting pain to get physical therapy. They might also engage in identity fraud by pretending that the patient was someone other than himself or herself, typically to get coverage when they should not. Patients can alter or forge bills to increase their reimbursement and might engage in “doctor shopping” in order to acquire additional supplies or drugs.
Employers, meanwhile, might falsely portray themselves to secure better coverage, enroll ineligible individuals or change hire dates to impact coverage. Sometimes multiple groups are involved in arranging kickbacks, such as recommending one company’s plan over that of another in exchange for money or recommending special treatment from a provider in return for payment. And, of course, any of these things could happen from error rather than fraud.
Solutions to Fraud
If fraud is such a huge and widespread problem, what are the traditional
ways to address it? Providers and payers each have a role
in preventing fraud. All organizations can engage in ethics and
awareness programs, which are designed to make it clear that
fraud is a crime and that it will not be tolerated. Compliance programs
can enforce rules and provide incentives and administrative
efforts to prevent violations before they occur. Deterrence is
also effective, as the detection and penalization of offenders is
likely to reduce the willingness of others to engage in fraud. Once
fraud has occurred, then providers can focus on identifying it as
fraud, investigating it to prove who is engaged and recovering money paid in error. The constant refinement of fraud detection
approaches is necessary to respond to organized fraudsters, while
policies and regulations must be regularly updated to eliminate
loopholes. Once fraud has happened and the money has been
paid, the rate of recovery drops dramatically.
Given the scale of the fraud problem and the increasing automation of the processes in which it occurs, how can information technology help eliminate or reduce fraud? The most obvious area is to apply technology on the payer side – to detect fraud quickly, avoid paying fraudulent claims and maximizing recovery, if fraudulent claims are paid.
Before claims enter the payer system, technologies exist to make sure that claims are complete and pass basic accuracy and legitimacy checks. The use of smart forms and rules-driven completeness and consistency checking can dramatically increase the percentage of claims entering the system that are ready for payment. Both payers and providers can use these technologies to ensure that good data gets into the system in the first place.
Once entered, a claim has a life cycle that divides almost perfectly into two periods: before the claim is paid (shown by the $ sign in Figure 2) and after. Detecting fraud in the “prepayment” phase is greatly preferred as it means the claim is never paid. This is much more efficient than the “pay and chase” process that must be implemented “postpayment.” Such processes typically only return pennies on the dollar, according to The Department of Health and Human Services and The Department of Justice Health Care Fraud and Abuse Control Program Annual Report for FY 2002.
Incoming claims can be processed in real time using a combination
of analytic models, which score the likelihood of fraud for
a given claim, and rules, which check the claim against regulations
and policies for payment. Fraud scores can also be used in
conjunction with other data (such as claim amount) to separate
claims that should be rejected from those that are dubious and
from those that should be paid. This phase relies largely on known
patterns of fraud and abuse and is where billing errors are identified
– and fixed. The use of context – prior claims from the same
providers, or about the same patient – in the analysis of the current
claim is crucial to analytic identification of fraud, as much
fraud is highly coordinated and organized.
Until the claim is paid – a window typically controlled by state or federal prompt payment legislation – continuous analysis of claims can identify more fraudulent cases. Subsequent claims might seem suspicious in the light of earlier ones, new patterns might emerge or be identified that should be applied to all as yet unpaid claims, and so on. This ongoing batch scoring and analysis is applied to all claims in the system not yet paid. Comprehensive data is required to ensure that problems, such as near-duplicates, are caught and to spot more sophisticated fraudsters who will ensure their claims pass the basic error checking. Effectiveness here, which requires sophisticated filtering and analysis, also prevents costly review of legitimate claims that have been incorrectly flagged.
At the point at which some (most) of the claims are paid, fraud detection switches to statistical analysis. This process can identify providers whose overall patterns indicate fraud, such as those with an unusual number of high-dollar claims or claims missing data. There are two objectives of these fast-cycle checkpoints: Identify fraud that was paid in error as early as possible and effectively manage the investigation and recovery process, and identify new patterns of fraud that can be applied to outstanding, unpaid claims. Analytics and rules can also be used to manage the recovery process by identifying the approaches most likely to be successful and the claims most likely to be recovered. As well, good work flow and case management can speed and improve the process of investigation and recovery.
The final stage is primarily concerned with constant refinement of the regulations, policies and fraud patterns based on historical data to improve early detection capabilities. Some additional identification of fraudsters for law enforcement is also possible. This stage tends to involve the most complex, most time-consuming and most data-hungry analysis – and typically has a payoff in longer-term trend identification. This stage can rely on complete data as all the claims will be finalized by now.
Information technology can also be applied very effectively by
providers (see Figure 3). Ensuring that policies and regulations
are applied to the billing process can avoid errors and delays, as
well as catch unscrupulous employees.When treatment is ordered
through computerized physician order entry (CPOE) systems, a
combination of business rules technology with smart forms technology
yields highly interactive, data- and logic-aware forms that
can ensure that errors and other problems are identified and corrected.
These technologies are also ideal for identifying druginteractions
and inconsistencies between patients and their treatments
(dosages not right for weights, etc.). Guided interactions can
also help physicians correctly describe ailments to ensure that
treatments will be reimbursed. Combined with electronic medical
records that are interoperable across providers, this technology
can also flag potentially troublesome circumstances, such as identity
fraud and doctor shopping.
There are a handful of technologies that add the most value to the elimination of healthcare fraud previously described:
Business rules – The use of a business rules management system to manage claims policy, known fraud rules and prior recovery experience allows for the engagement of business experts directly in the process of defining and managing the rules in the systems, as well as the accurate logging and recording of which rules fired for which transactions.
Analytics – Risk and recovery models, typically scorecards, can predict risk and propensity to pay and focus decision making effectively. More sophisticated neural networks can find patterns in data that is voluminous and potentially incomplete, allowing for the detection of new fraud patterns. These models analyze complex nonlinear relationships between data to recognize characteristic behavior of healthcare providers and peer groups, and then detect aberrations from them, including subtle, hidden and emerging patterns of fraud.
Work flow – The use of integrated work flow and process management for investigation and recovery is essential for tying together the activities of a potentially diverse group of people in the provider, law enforcement, the special investigations unit of a payer and so on.
Smart forms – New technology for highly interactive, dynamic forms that evolve to capture the right data during data entry in much the same way as an expert questioner changes their line of questioning over time, can improve accuracy and completeness at the earliest possible moment.
Profiling – Dynamic profiling brings an enormous quantity of data to bear on each decision by distilling data down to compact mathematical descriptions. These profiles capture the relevant details, such as the sequence and speed of transactions, proven to have predictive value. Profiling like this enables significant amounts of data to be used in analytic models without performance concerns.
Data integration – Pulling data from many sources can help identify fraud and other problems using both rules for inconsistencies and omissions and analytics for pattern matching across data sources.
Although information technology has many advantages in the battle against fraud, there are some risks. Once a fraud detection process has been automated, it may become harder for regulators and policy makers to verify that it is following the law and appropriate policies. It is essential to ensure that the logic implemented is readily accessible to nontechnical people, and that the logic used for each claim can be logged. This typically means the use of a business- rules approach, which are more easily read and managed by businesspeople, and their declarative nature makes them easy to log.Most modern applications for fraud detection use business rules technology of this sort. It also means using analytic software that provides reasons to explain results and maps the recommendations of the analytics to the decisions with which people are familiar, such as denying a duplicate claim or investigating a provider for upcoding. “Black box” analytics will not work.
Fortunately, companies experienced in developing these kinds of models use engineered analytics that detect the fraudulent patterns and give good information as to the whys and wherefores. Integration of the technology into processes and work flows to ensure that people in special investigation units and providers can collaborate and use the automation effectively will help instill trust in the process, as people trust people – not machines. Lastly, automation can reduce agility if the systems used are too hard to change when regulations, fraudsters or policies do. Mitigate this by using technology designed for agility, such as business rules and automated analytics.
Healthcare fraud is a growing and real problem. Fortunately, information technology can reduce the number and value of fraudulent claims paid, help legitimate providers enforce the law and improve the “pay and chase” process for all involved. Reducing healthcare fraud means more money going to care and less to fraudsters, which is good for everyone.
