Fraud Analytics Help Investigators Find the Needle in a Farm Full of Haystacks

Health insurance claims generate a huge volume of data. Spotting fraud is a strategic endeavour.

Posted by Dawn Lomer in Government, Healthcare, Insurance on April 5th, 2016

Health care fraud is an epidemic in the US, affecting the nation’s wellness as well as its health care costs. The National Heath Care Anti-Fraud Association estimates conservatively that health care fraud costs the nation about $68 billion annually. And the repercussions from misdiagnosed illnesses, inadequate treatment, unnecessary procedures and dangerous practices that result from this fraud can’t be quantified.

While fraud investigators and the law enforcement community work towards finding and prosecuting health care fraud, the volume of data produced by the health industry keeps multiplying. It’s impossible to pick through that much information to find suspicious transactions, or even look for anomalous data the way you could in, for example, a company’s accounts payable records.

Enhance your fraud investigation skills with our free cheat sheet on the PEACE Model of Investigation Interviews.

The key is to stop telling the data what to look at, and let the data tell you what to look at.
Identifying suspect behaviour is a strategic endeavour. “Many analysts are focused on specific, known providers, or codes… well there are roughly 900,000 active physicians, 8,000 CPT, and 68,000 ICD-10 codes” says Jim McCall, Director of Fraud Analytics at Change Healthcare. The key is to stop telling the data what to look at, and let the data tell you what to look at, he says. “Effective forensic analytics will interrogate the data to present you with questions that require answers, and help you see the behaviours that you otherwise wouldn’t see.”

4 Components of Fraud Analytics

It’s easy to say you need to look at the data, but given the huge volume of claims data, it can be overwhelming to figure out where to start. “It’s not like looking for a needle in a haystack, it’s like looking for a needle in a farm full of haystacks,” says McCall. Therefore, he suggests most healthcare fraud schemes will manifest in one or more of the following behaviours.

Services that have varied levels of complexity, and, in turn, reimbursement, lend themselves to “upcoding”.
These are:

  • Frequency: Is there a behaviour that is occurring at an atypical rate of occurrence? Such behaviour may be the result of billing for services not rendered, or rendered unnecessarily. In the health care context, looking at the frequency of procedures, diagnoses, modifiers, patients, are good starting points.
  • Density: Examining concentration within a visit or specific time frame. Common examples include an unusual volume of services within a specific visit, an abnormally “thick” percentage of patients with a specific diagnosis code, or the classic “impossible day”, with too many patients seen on a particular date of service.
  • Intensity: Relates to the “weight” of a service. Services that have varied levels of complexity, and, in turn, reimbursement, lend themselves to “upcoding”, which is billing for a higher level of service than was provided in order to achieve an unentitled reimbursement.
  • Velocity: Temporal analysis of spikes, or surges. Spikes are sudden and sharp increase or decrease, and surges, where a surge is a longer sustained trends. Think of it like a big wave versus a rising tide. In healthcare fraud, this can been seen in metrics such as patient visits, procedures, amounts paid.

McCall has devised the Healthcare Fraud Suspect Behaviour Classification Model as a system of analytics that looks at these four elements to identify the highest risk.

“The four components have an inherent nexus. Many schemes include more than one of four classifications. Examining them together adds precession to your suspicion index” he says. “Once you find an anomaly in one, or more of those four classifications, it will guide you to efficiently focus on the specific details you need to dive into.” It’s a targeted method for examining “big data”, to uncover suspicious behaviour without being overwhelmed. In order to extend its portability, the model was designed to be powerful, yet simple to understand. In fact, although enhanced with powerful analytic tools, with some limitation and modification, any user with access to Excel can benefit from the model’s application.

But Don’t Stop There

Just like those ratings and comments help inform your decision to look more closely at a specific hotel, the external, non-claim data, may include information that’s valuable to investigators.
“In terms of health care fraud analytics, we often focus on one specific data source and, of course, it is a vital part of the overall approach, the claims data. However, there are many other internal and external data sources that can materially enhance the effectiveness of your models,” says McCall.

“For example, there is a treasure trove of public information to be mined to provide additional context and insight to help sharpen the point on analytics. These additional data sources may help explain away what appeared to be ‘bad’ billing or, conversely, deepen the level of concern.

“As a simple analogy, this is not unlike how travellers make informed decisions before selecting new hotels. They look at sites like Trip Advisor, for aggregation of multiple inputs. Just like those ratings and comments help inform your decision to look more closely at a specific hotel, the external, non-claim data, may include information that’s valuable to investigators.

“There are number of analytic techniques you can perform on those data points to identify areas of concern,” says McCall. “Surely the content may not specifically scream ‘fraud’, although sometimes it does, such as prior convictions. More often, it may provide evidence of financial stress, relationships to known offenders, and/or high risk billing locations. If you can combine that context with the anomalies from a claims perspective, you just impacted the level of suspicion, either though addition or subtraction.”

Document your findings using our free Investigation Report Template.

There is no shortage of external data that can be helpful. An additional example includes information on the specific location where the services are purportedly being rendered. “Is the address a legitimate business? Who owns the location?,” he says, noting that there is always another dimension to the complexity of potential fraud such as organized criminal enterprises that have been known to rent space in legitimate medical office parks to mask the suspicious behaviour of their activities.

So you might have data anomalies flagged in your claim analytics and data from other sources that you’ve gathered, but to find that right haystack, in the farm of haystacks, and then find the needle in that specific haystack, says McCall: “You have to put all those pieces together.”


Dawn Lomer
Dawn Lomer

Managing Editor

Dawn Lomer is the managing editor at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.