John Carroll
Contributing Editor

The ability of the computer to find unexpected — and often unwelcome — patterns of utilization is at the heart of today's fraud detection methods

John Carroll

Contributing Editor

The people who signed up for the yoga classes offered in the basement of one Philadelphia building didn't know that the program included regular bills for sessions with a local psychotherapist.

But their health insurer found out.

New members of the class were asked for an insurance card when they joined. And collectively they represented a gold mine for Ray Newstat, who stole the provider number and identity of a local psychotherapist and generated a steady stream of claims for each student.

Newstat's greed proved his undoing. A new software system set up by Independence Blue Cross flagged the provider for a prodigious workload of 60 hours a day and improbable claims for hundreds of patients a week. After the long arm of the law caught up with the rip-off artist — and after Independence investigators had interviewed a surprised group of yoga practitioners and one very puzzled psychotherapist — Newstat wound up agreeing last year to repay Independence more than a million dollars for those fraudulent claims and was sentenced to 30 months in prison.

For the health plan, it was a tangible return on its investment in a new StarSentinel fraud detection system from ViPS. Sentinel, says Ed Litchko, head of Independence's fraud team, added a new ability to review the billing patterns of various provider groups, flagging outliers whose billing appears suspicious.

$110 million

The bottom line: "Last year, we recovered $37.2 million, the highest of any given year," says Litchko, who, before going to Independence Blue Cross, worked for 28 years in the criminal investigation division at the Internal Revenue Service. He's been able to wrangle a total of $110 million in "hard-dollar" recoveries at Independence over the past five years.

Trying to get an idea of the full scope of fraud in managed care, as Litchko and his colleagues are quick to acknowledge, is a lot harder than totaling up recovery records. In discussions with a variety of fraud experts, estimates on the share that dishonest operators carve out of every health dollar ranges from 3 cents to 10 cents. Do the math for a $1.9 trillion health care system, and you end up with an annual drain of illicit funds that runs tens of billions of dollars.

Some old-fashioned detective work is always needed to make a criminal case, but insurers' special investigations units have increasingly been throwing out new electronic data mining dragnets like Sentinel. The managed care organizations aren't just buying whatever vendors have on the shelves. In Independence's case, the insurer pushed for a new system that would add hospitals to the system and agreed to act as a test site to help make it ready for broader commercial use. Other insurers are either beavering away at improving their own custom-built data mining tools or creating new hybrids with the software systems that are currently available.

They are all looking for faster ways to identify the outliers who raid their coffers every day.

Over the last 10 years, says Mike Stergio, Aetna's head of special investigations, fraud work at the health plans has undergone a dramatic shift in focus. In the early '90s, it was the member that was likely to get attention for submitting a false claim to obtain coverage.

Great myth

"One of the great myths of the mid-'90s — and you still find remnants of it today — is that managed care is free of fraud by its nature," Bill Mahon told Managed Care in October 2002. Mahon was then the executive director of the National Health Care Anti-Fraud Association. He left that position in 2005. "'It's all capitated. It's controlled. There's no more means, no more opportunity for providers to commit fraud.' But when you look at the reality of how the money changes hands, there are still plenty of opportunities for the small fraction who are dishonest to do what they always did." Now the focus is on providers, who account for about 80 percent of his cases. And if you don't have the technology to sniff them out, says Stergio, you're not going to succeed.

"Technology is the key component to a good program," says Stergio. "If you don't have early detection and the technology to assist you, you're down two strikes before you even get into the box."

257 hours billed in one day

Some of these pitchers are throwing some real curve balls.

"We had one guy bill us 257 hours in one day," says Bob Walsh, vice president for special investigations and corporate security at Health Care Service Corp., which operates Blue Cross & Blue Shield divisions in Illinois, Texas, New Mexico, and Oklahoma. Seven members of Walsh's 40-member staff are devoted entirely to data mining and on making the most of new fraud-detection technology

HCSC's approach called for combining IBM's Fraud and Abuse Management System (FAMS) with SAS's statistical probability product. Instead of posing questions within a computer program to find suspect claims, this new operation automatically identifies them.

To make it work, says Walsh, you need to be able to identify aberrant billing practices when they happen. An insurer, for example, may learn that a podiatrist could charge for a particular code on average of once a month. If one of them starts billing for it 10 times a week, the system is adapted to flag it.

"We're very focused on catching this stuff as quickly as we possibly can, denying or reducing claims where appropriate," says Stergio. "Early detection is really the key. The days of pay and chase, where you'd identify an outlying provider, establish a case, and go after the money — that's not the way to go. You have to identify them up front and take appropriate action. If they're not legitimate claims, we don't pay."

Stergio isn't waiting for some vendor to provide that on its own. He's testing a new system for IBM called PFAMS, a "proactive approach" that isn't on the market yet. And the objective is to get as close as possible to real time claims evaluations, where a claim is reviewed for fraud as it's electronically submitted.

"It could be as close to the silver bullet as we're going to find," says Stergio. "You're telling that system: Look at all claims by cardiologists over 24 hours. Here are the outliers. Real time. You can't measure and you can't stop what you can't see. You have to find it quickly and effectively." In Aetna's case, you have to do it without violating quick-pay agreements with providers.

Moving to real time?

But there are limits to what some insurers are capable of doing. The country's top insurers, says Rick Ingraham, SAS's senior health care industry strategist, can assign informatics staffers to do advanced analytics, but once you break out of the top tier of MCOs and reach into the ranks of smaller regional plans, the older hardware and software they rely on can't really handle advanced, real-time data mining.

"Unfortunately, most organizations are still in a post-pay mode, a batch mode," says Ingraham, "pulling together past claims that are abnormal and initiating investigations."

But that may change as systems are upgraded.

"I'd say that within the next five years, the industry will move to real time," says Andrea Allmon, director of product management for Fair Isaac, which has been busily marketing its own fraud detection system to the industry over the last three years. Fair Isaac built its health care program to operate much like its credit card operation, scoring transactions based on historical context. If someone is billing for a member's second flu shot inside of 10 days, that would attract attention.

"We just queue up the top 0.5 percent to 1 percent of nightly claims that are the most risky and give insurers a chance to look over those claims," says Allmon. Insurers also have a chance to use the system to find and eliminate waste. If the provider is billing for vaccines at the wrong time of the year, for example, that could be flagged.

Some insurers, though, say that at least for now, denying claims on suspicion of fraud raises potential trouble for the health plan.

Insurers will routinely kick back a claim that isn't filled out properly, says Litchko. Any "soft edit" problem will automatically return a claim for more information.

"If you build in hard edits — the number of hours billed in a day, the number of patients billed a day," it would take a lot of time to review, and some claims would be rejected for the wrong reason, putting the insurer in violation of a Pennsylvania statute, which is written like a host of other state laws, that requires insurers to pay their clean claims in 45 days.

"You really have to have a good reason to deny the claim," agrees Walsh. "You can't just deny it for suspicion of fraud. You have to find the fraud. You may deny some claims, but you're not going to solve the problem. If you're a provider and you're committing fraud, do you think the worst thing is a denial?"

Sometime in the not so distant future, says Ingraham, members of consumer-directed health plans may find themselves clicking on their plan's Web portal to find a series of questions. Say your daughter had been to the cardiologist's office recently. You might be asked:

  • Did you see the cardiologist or a nurse practitioner?
  • Did you spend 30 minutes with the doctor?
  • What kind of medical advice was provided?

An honest doctor with a clean claim is likely to get a clean bill of health. A fraudulent claim is likely to trigger the wrong answers and an investigative follow-up.

Little awareness

Right now, says Ingraham, the average consumer isn't aware of fraud when it happens and isn't likely to raise a fuss if he sees something that doesn't look right. Employers aren't much different. Still, a consumer spending his own money is likely to be considerably more vigilant. In addition, online technologies will be able to look for constant feedback.

Says Ingraham: "If they're successful controlling costs and getting the employee more engaged, the byproduct of that is the individual becoming a lot more aware and a lot more concerned with health care fraud."

Following banks' lead

Other changes are also in the works that could have a big effect on fraud.

Health care has a long way to catch up with the financial services industry when it comes to creating a fully digitized system. The technology leaders are acutely aware of the hold-up.

"With credit cards, seven cents on every dollar is related to fraud," says Ingraham. "Health care fraud is a hundred times more costly in terms of total impact, and yet we have a long way to go in terms of electronic medical records. Until the electronic network comes to full fruition, quantifying the true return of fraud prevention is difficult." Getting to that interconnected stage won't be easy and won't be quick, but once that day arrives, he adds, you'll be able to create a fully integrated investigative system (SIU) with cooperating SIUs across the field all scanning a daily torrent of claims data for fraud.

The investigators are also quick to acknowledge that whatever advances they've made, there's also a long way to go before they can put a major dent in health insurance fraud. By Litchko's reckoning, he's able to find maybe 10 percent of the fraud that is happening. When investigators detect fraud, it's not easy to make a criminal case stick.

"It's really hard to demonstrate probable cause," says Walsh. If someone is repeatedly billing an insurer for unnecessary MRIs, he may claim that he is afraid of lawsuits and just practicing defensive medicine. Upcoding? Could be a clerical mistake.

Feedback

Not everyone caught up in these data dragnets is as angry with investigators as you might expect.

"I had one not too long ago, it was a $30,000 recovery, and I got a letter thanking me for doing it in a professional manner," says Litchko.

Of course, that doesn't mean the provider earned the trust of the insurer. Says Litchko: "I make sure he's continuing to bill properly." He has the software system in place to back that up.

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.