There are three key laws that govern health care provider Medicare fraud: the Anti-Kickback Statute (AKS), the Stark Law and the False Claims Act (FCA). According to the U.S. Department of Justice (DOJ), recoveries from health care fraud amounted to $2.3 billion in 2014, marking five straight years that the DOJ has recovered more than $2 billion in cases of fraud against federal health care programs such as Medicare, Medicaid and TRICARE, the health care program for the military. The majority of the fraud claims and their associated recoveries come from recognized, industry-leading pharmaceutical companies, hospitals and pharmacies. In the 2013 fiscal year, the Centers for Medicare and Medicaid Services (CMS) took administrative action against 938 providers and suppliers.

Common Medicare Fraud Scheme Examples

Since 2009, the DOJ has recovered more than $14 billion through the FCA, AKS and Stark. There are multiple schemes perpetrated against the government by individuals and health care-related businesses. Some of these include:

  • Billing for services not rendered: Charging for services, treatments, tests, devices and pharmaceuticals that were never provided to patients or attributed to patients who did not exist.
  • Kickbacks: Receiving fees or remuneration for patient referrals for services payable by a government health care program.
  • Upcoding: Misrepresenting services and treatments performed by using billing codes that represent more expensive services than what was actually done.
  • Unbundling: Certain procedures and tests are typically performed as one and billed as such (e.g., a complete blood count test). Unbundling involves billing each step in a procedure or test individually.
  • Other misrepresentations: Falsifying patient records to justify tests or nonmedical procedures as medically necessary to collect payments qualifies as fraudulent.

How Does the CMS Identify Fraudulent Claims?

The CMS uses an advanced predictive analysis program that was put in place in June 2011. According the CMS Report to Congress focusing on antifraud efforts in 2014, the Fraud Prevention System (FPS) is a state-of-the-art fraud system that runs predictive analytic algorithms against all Medicare claims prior to payment. As of June 2014, the CMS had taken action against over 900 providers based on unusual billing behavior identified via the FPS. The value of the prevention and detection actions from June 2013 to June 2014 was over $210 million, resulting in a return on investment of $5 to $1.

Recent Health Care Fraud Takedowns

In June, the Medicare Fraud Strike Force led the U.S. Department of Health and Human Services (HHS), DOJ and FBI in a far-reaching sweep across 17 districts that resulted in charging 243 individuals in Medicare fraud schemes. Included in that number were 46 physicians, nurses and other licensed medical professionals. Along with many fraud-related charges, the defendants were accused of violations of the AKS. The takedown represents the largest health care fraud action to date.

HHS Secretary Sylvia Mathews Burwell said in a statement that with increased resources and new tools, including “advanced predictive modeling technology, we have managed to better find and fight fraud as well as stop it before it starts.”

The combined public and private health care insurance industries generate trillions of dollars each year. There is no known amount of fraud and abuse, but it is safe to say that it is in the hundreds of billions per year — and that’s likely in improper billings alone. The CMS has shown that advanced analytics and improved processes can provide an excellent return on investment while also fighting these crimes.

Lessons for Private Industry

Government agencies don’t usually lead the way in matters such as fraud prevention. However, in this case, private insurers can potentially learn a great deal from the investments made by the CMS.

Intelligence technology such as predictive analytics, forensic analytics and unstructured data analysis tools can help insurers identify unknown or hidden relationships between claimants and recognize patterns of behavior that may predict or indicate fraudulent activity.

Fraud investigation groups within insurance companies do not typically have intelligence functions. Technology and human capital investments into an intelligence function that can leverage an insurer’s data may be able to provide substantial returns on investment, much like CMS has done.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today