Fraud stealthily eats away at a health care system beset by spiraling costs and high insurance premiums. The National Health Care Anti-Fraud Association (NHCAA), a private/public partnership, estimates that at least 3 percent of the nation's health care outlay is lost to fraud each year.
Apply that 3 percent to the Centers for Medicare and Medicaid Services' (CMS) $2 trillion-plus in U.S. health care spending projection, and this year's loss is on track to reach $60 billion.
Private health insurance plans and tax-funded programs such as Medicare and Medicaid battle fraud, but in some cases have limited human resources for doing so.
A CMS report released in June found that New York State's Medicaid program integrity staff dwindled to 584 employees in 2005 compared with 950 employees in 2004, a 63 percent decline. During the same period, the state's Medicaid spending grew 55 percent.
One illustration of billing irregularities: In 2003, a Brooklyn, N.Y., dentist billed Medicaid for 991 procedures performed in one day. A New York Times inquiry uncovered the irregularity, not a state auditor.
To supplement human investigation, federal and state authorities have begun to deploy information technology to detect potentially fraudulent insurance claims.
The IT systems break down into two camps: those that detect anomalies before claims are paid and those that sift through batches of claims after they are paid.
Developers who are building systems to fight health care fraud grapple with challenges similar to those IT security vendors face. As viruses and hacker attacks evolve to evade detection, so do the schemes of health care fraudsters. Anti-fraud technology vendors must work feverishly to keep up with the changing techniques used to bilk insurance plans.
Government agencies depend on contractors to stay abreast of these technological trends and develop appropriate fixes. CMS, for one, uses program safeguard contractors whose job description includes surveying the anti-fraud tools landscape.
"We look to those private companies under contract to explore the technologies currently available and what products are out there," said Lisa Zone, deputy director of CMS' Program Integrity Group.
Medicare and Medicaid programs typically use two main lines of defense to detect fraud. The first line consists of "edits" built into the claims-processing system. The edits are designed to catch irregularities and errors in claims before the payer cuts a check.
The edits, for instance, check whether the procedure code for a given service matches the diagnostic code, said Bill Haffey, technical director of the public sector at SPSS, a predictive analytics software vendor. The edits also determine whether the benefit recipient and provider IDs are legitimate.
States build these edits into their Medicaid Management Information Systems, which handle the claims processing workload. Those systems are generally outsourced to vendors such as Affiliated Computer Services and EDS. At the federal level, CMS also builds edits into its claims-processing system. Zone said the edits focus on areas such as duplicated payments and correct coding. The system can deny a claim on a prepayment basis if, for example, the edits detect a code pair that can't be filed together, she added.
"Pre-screenings and edits catch a lot of errors," Zone said.
But industry executives say edits mostly capture the low-hanging fruit of fraud and abuse. Stolen ID numbers used on false claims may pass through the edits as legitimate, Haffey said.
Thus a second line of defense aims to thwart more determined perpetrators. This layer consists of fraud-detection systems that sort through claims data on a post-payment basis. Those systems are used in conjunction with data warehouses that store information from claims-processing systems.
CMS uses Computer Sciences Corp. and EDS as its program safeguard contractors. Those companies evaluate claims records housed in CMS' national claims history file, Zone said. The file contains individual claims records for all Medicare beneficiaries.
Most states contract for a claims data warehouse and an associated fraud-detection system, Haffey said.
Fraud-detection systems come in a couple of varieties. Rules-based systems are designed to look for patterns in claims data that reflect previously encountered types of fraud. New rules are created as new health care scams are uncovered. State, federal and private-sector fraud investigators regularly share information on fraud, facilitating the rule-making process.
"They talk to each other about the fraud schemes that are being uncovered," said Rick Ingraham, senior health care strategist at SAS Institute, a business intelligence software vendor.
Discussions among payers take place via groups such as NHCAA, the National Association of Insurance Commissioners and the Blue Cross Blue Shield Association. Ad hoc collaboration provides another channel to compare notes on fraud schemes and detection methods.
"Because many health plan [Special Investigation Units] are staffed by former FBI and [Justice Department] officials, it is common for them to just pick up the phone and discuss informally," Ingraham said.
But rules-based systems, such as edits, can only defend against known fraud types. Other fraud-detection systems use techniques that flag behavior that might indicate fraud. One method - data mining with knowledge discovery - scours large datasets for telling bits of information.
Haffey said SPSS' data-mining tools for fraud use a market basket algorithm as one aid.
Other industries such as food retailing use market basket analysis to determine what foodstuffs are typically purchased together - the information helps stores decide how to co-locate items. Online retailers use the approach to suggest books a buyer may find interesting based on the titles other people buy.
In health care fraud, the market basket method determines common combinations of medical procedures and uses that as a baseline for identifying unorthodox combinations of procedures billed to a particular recipient ID. One example would be claims for open-heart surgery and brain surgery billed to the same recipient ID on the same day. Such a finding could indicate the use of shared or stolen Medicaid IDs.
The idea is to identify providers whose claims activities are on the fringe, Haffey said.
The use of data mining/discovery in health care fraud detection is fairly new - only five states currently use SPSS' technology, he said.
Data mining provides the foundation for another anti-fraud technique: predictive modeling. As data mining turns up anomalous claims, those cases are investigated in greater detail. Some prove fraudulent, while others are merely false alarms.
But as fraud-detection efforts mature, "we're positioned to model the fraudulent behavior - predictive modeling - to detect future occurrences of the same behavior," Haffey said.
In predictive modeling, historical data is used to build profiles of fraudulent behavior. The approach then scores provider activity based on similarity to the profiles.
Another method involves creating models of valid claim profiles and scoring new claims against them. With this approach, claims data is used to develop a set of historical profiles. A claim is then scored on how far out of the profile it falls, said Andrea All