The ability of the computer to find unexpected — and often unwelcome — patterns of utilization is at the heart of today's fraud detection methods
The people who signed up for the yoga classes offered in the basement of one Philadelphia building didn't know that the program included regular bills for sessions with a local psychotherapist.
But their health insurer found out.
New members of the class were asked for an insurance card when they joined. And collectively they represented a gold mine for Ray Newstat, who stole the provider number and identity of a local psychotherapist and generated a steady stream of claims for each student.
Newstat's greed proved his undoing. A new software system set up by Independence Blue Cross flagged the provider for a prodigious workload of 60 hours a day and improbable claims for hundreds of patients a week. After the long arm of the law caught up with the rip-off artist — and after Independence investigators had interviewed a surprised group of yoga practitioners and one very puzzled psychotherapist — Newstat wound up agreeing last year to repay Independence more than a million dollars for those fraudulent claims and was sentenced to 30 months in prison.
For the health plan, it was a tangible return on its investment in a new StarSentinel fraud detection system from ViPS. Sentinel, says Ed Litchko, head of Independence's fraud team, added a new ability to review the billing patterns of various provider groups, flagging outliers whose billing appears suspicious.
The bottom line: "Last year, we recovered $37.2 million, the highest of any given year," says Litchko, who, before going to Independence Blue Cross, worked for 28 years in the criminal investigation division at the Internal Revenue Service. He's been able to wrangle a total of $110 million in "hard-dollar" recoveries at Independence over the past five years.
Trying to get an idea of the full scope of fraud in managed care, as Litchko and his colleagues are quick to acknowledge, is a lot harder than totaling up recovery records. In discussions with a variety of fraud experts, estimates on the share that dishonest operators carve out of every health dollar ranges from 3 cents to 10 cents. Do the math for a $1.9 trillion health care system, and you end up with an annual drain of illicit funds that runs tens of billions of dollars.
Some old-fashioned detective work is always needed to make a criminal case, but insurers' special investigations units have increasingly been throwing out new electronic data mining dragnets like Sentinel. The managed care organizations aren't just buying whatever vendors have on the shelves. In Independence's case, the insurer pushed for a new system that would add hospitals to the system and agreed to act as a test site to help make it ready for broader commercial use. Other insurers are either beavering away at improving their own custom-built data mining tools or creating new hybrids with the software systems that are currently available.
They are all looking for faster ways to identify the outliers who raid their coffers every day.
Over the last 10 years, says Mike Stergio, Aetna's head of special investigations, fraud work at the health plans has undergone a dramatic shift in focus. In the early '90s, it was the member that was likely to get attention for submitting a false claim to obtain coverage.
"One of the great myths of the mid-'90s — and you still find remnants of it today — is that managed care is free of fraud by its nature," Bill Mahon told Managed Care in October 2002. Mahon was then the executive director of the National Health Care Anti-Fraud Association. He left that position in 2005. "'It's all capitated. It's controlled. There's no more means, no more opportunity for providers to commit fraud.' But when you look at the reality of how the money changes hands, there are still plenty of opportunities for the small fraction who are dishonest to do what they always did." Now the focus is on providers, who account for about 80 percent of his cases. And if you don't have the technology to sniff them out, says Stergio, you're not going to succeed.
"Technology is the key component to a good program," says Stergio. "If you don't have early detection and the technology to assist you, you're down two strikes before you even get into the box."
257 hours billed in one day
Some of these pitchers are throwing some real curve balls.
"We had one guy bill us 257 hours in one day," says Bob Walsh, vice president for special investigations and corporate security at Health Care Service Corp., which operates Blue Cross & Blue Shield divisions in Illinois, Texas, New Mexico, and Oklahoma. Seven members of Walsh's 40-member staff are devoted entirely to data mining and on making the most of new fraud-detection technology
HCSC's approach called for combining IBM's Fraud and Abuse Management System (FAMS) with SAS's statistical probability product. Instead of posing questions within a computer program to find suspect claims, this new operation automatically identifies them.
To make it work, says Walsh, you need to be able to identify aberrant billing practices when they happen. An insurer, for example, may learn that a podiatrist could charge for a particular code on average of once a month. If one of them starts billing for it 10 times a week, the system is adapted to flag it.
"We're very focused on catching this stuff as quickly as we possibly can, denying or reducing claims where appropriate," says Stergio. "Early detection is really the key. The days of pay and chase, where you'd identify an outlying provider, establish a case, and go after the money — that's not the way to go. You have to identify them up front and take appropriate action. If they're not legitimate claims, we don't pay."
Stergio isn't waiting for some vendor to provide that on its own. He's testing a new system for IBM called PFAMS, a "proactive approach" that isn't on the market yet. And the objective is to get as close as possible to real time claims evaluations, where a claim is reviewed for fraud as it's electronically submitted.
"It could be as close to the silver bullet as we're going to find," says Stergio. "You're telling that system: Look at all claims by cardiologists over 24 hours. Here are the outliers. Real time. You can't measure and you can't stop what you can't see. You have to find it quickly and effectively." In Aetna's case, you have to do it without violating quick-pay agreements with providers.
Moving to real time?
But there are limits to what some insurers are capable of doing. The country's top insurers, says Rick Ingraham, SAS's senior health care industry strategist, can assign informatics staffers to do advanced analytics, but once you break out of the top tier of MCOs and reach into the ranks of smaller regional plans, the older hardware and software they rely on can't really handle advanced, real-time data mining.
"Unfortunately, most organizations are still in a post-pay mode, a batch mode," says Ingraham, "pulling together past claims that are abnormal and initiating investigations."
But that may change as systems are upgraded.
"I'd say that within the next five years, the industry will move to real time," says Andrea Allmon, director of product management for Fair Isaac, which has been busily marketing its own fraud detection system to the industry over the last three years. Fair Isaac built its health care program to operate much like its credit card operation, scoring transactions based on historical context. If someone is billing for a member's second flu shot inside of 10 days, that would attract attention.
"We just queue up the top 0.5 percent to 1 percent of nightly claims that are the most risky and give insurers a chance to look over those claims," says Allmon. Insurers also have a chance to use the system to find and eliminate waste. If the provider is billing for vaccines at the wrong time of the year, for example, that could be flagged.
Some insurers, though, say that at least for now, denying claims on suspicion of fraud raises potential trouble for the health plan.
Insurers will routinely kick back a claim that isn't filled out properly, says Litchko. Any "soft edit" problem will automatically return a claim for more information.
"If you build in hard edits — the number of hours billed in a day, the number of patients billed a day," it would take a lot of time to review, and some claims would be rejected for the wrong reason, putting the insurer in violation of a Pennsylvania statute, which is written like a host of other state laws, that requires insurers to pay their clean claims in 45 days.
"You really have to have a good reason to deny the claim," agrees Walsh. "You can't just deny it for suspicion of fraud. You have to find the fraud. You may deny some claims, but you're not going to solve the problem. If you're a provider and you're committing fraud, do you think the worst thing is a denial?"
Sometime in the not so distant future, says Ingraham, members of consumer-directed health plans may find themselves clicking on their plan's Web portal to find a series of questions. Say your daughter had been to the cardiologist's office recently. You might be asked:
- Did you see the cardiologist or a nurse practitioner?
- Did you spend 30 minutes with the doctor?
- What kind of medical advice was provided?
An honest doctor with a clean claim is likely to get a clean bill of health. A fraudulent claim is likely to trigger the wrong answers and an investigative follow-up.
Right now, says Ingraham, the average consumer isn't aware of fraud when it happens and isn't likely to raise a fuss if he sees something that doesn't look right. Employers aren't much different. Still, a consumer spending his own money is likely to be considerably more vigilant. In addition, online technologies will be able to look for constant feedback.
Says Ingraham: "If they're successful controlling costs and getting the employee more engaged, the byproduct of that is the individual becoming a lot more aware and a lot more concerned with health care fraud."
Following banks' lead
Other changes are also in the works that could have a big effect on fraud.
Health care has a long way to catch up with the financial services industry when it comes to creating a fully digitized system. The technology leaders are acutely aware of the hold-up.
"With credit cards, seven cents on every dollar is related to fraud," says Ingraham. "Health care fraud is a hundred times more costly in terms of total impact, and yet we have a long way to go in terms of electronic medical records. Until the electronic network comes to full fruition, quantifying the true return of fraud prevention is difficult." Getting to that interconnected stage won't be easy and won't be quick, but once that day arrives, he adds, you'll be able to create a fully integrated investigative system (SIU) with cooperating SIUs across the field all scanning a daily torrent of claims data for fraud.
The investigators are also quick to acknowledge that whatever advances they've made, there's also a long way to go before they can put a major dent in health insurance fraud. By Litchko's reckoning, he's able to find maybe 10 percent of the fraud that is happening. When investigators detect fraud, it's not easy to make a criminal case stick.
"It's really hard to demonstrate probable cause," says Walsh. If someone is repeatedly billing an insurer for unnecessary MRIs, he may claim that he is afraid of lawsuits and just practicing defensive medicine. Upcoding? Could be a clerical mistake.
Not everyone caught up in these data dragnets is as angry with investigators as you might expect.
"I had one not too long ago, it was a $30,000 recovery, and I got a letter thanking me for doing it in a professional manner," says Litchko.
Of course, that doesn't mean the provider earned the trust of the insurer. Says Litchko: "I make sure he's continuing to bill properly." He has the software system in place to back that up.