Public budgets are under pressure worldwide. Rapidly rising healthcare costs, partially due to technological progress and an ageing population, require countries to use their scarce health care resources appropriately to reach the people who need them the most. The health care sector is a core part of social security and accounts for a large portion of GDP. Involving large amounts of money with numerous individual transactions, is an attractive target for fraudsters.

The COVID-19 pandemic significantly impacted health care delivery. Urgent changes to practices regarding billing codes, telehealth, and prescriptions enabled health care systems to successfully adapt the delivery of care processes. However, these rapid adaptations created potential vulnerabilities for fraud and waste.

Although the majority of health care providers are honest and well-intentioned, fraudulent behaviour (defined below) has a direct negative impact on health care utilization. It leads to a waste of limited resources and potentially endangers patients by providing them unnecessary care or hindering their access to medical services they need. The money that is defrauded is not available to finance prevention, reimburse innovations or invest in programmes that ensure equal access to quality care. On average, the loss to fraud and error is more than 6 per cent of health expenditure (OECD, 2017).

Health care and medical insurance have also become increasingly vulnerable to fraud which is by nature hidden and difficult to assess. The identified amounts of health care fraud increase each year (EHFCN, 2017). The traditional health care fraud detection methods, often limited to ex-post detection rather than fraud prevention, seem not to be efficient and effective, until now. Health care data is difficult to cross‑reference and investigators cannot manually monitor transactions in real time. A more effective way to prevent fraud and abuse is to identify it before claims are paid. Therefore, the paradigm of improper health care expenditure management is shifting from follow-up management to prevention.

This shift is supported by the use of emerging technologies. Fraud detection and prevention technologies have made enormous strides, reducing detection time and providing the ability to create faster, more advanced and accurate analytics. Efforts have been made to automate the detection of fraud through computational methods involving data mining of health insurance reimbursement claims  and new technology approaches enable better verifiability of health care claims.

A typology of infringements

A good comprehension of the typology of the phenomena of fraud in health care is essential for the development of appropriate strategies for the good governance of health systems. It is important to standardize definitions to improve communication and data exchange, enabling international benchmarking and the design of targeted actions.

Health care fraud and abuse involve all sectors of the health care industry, including drug and device manufacturers, hospitals, pharmacies, physicians, suppliers, distributors, laboratories, patients and payers. The most significantly impacted group might be the payers, including public as well as private ones. Fraudulent health care occurs in different forms, including bribes, false claims and illegal self-referrals.

Definitions of error, evasion and fraud

Error, evasion and fraud (EEF) is not a new topic for social security institutions. The International Social Security Association (ISSA) worked in 2017 with its global membership to identify the most efficient ways of dealing with the issue, whether it is to prevent it starting or to fight its ongoing existence (ISSA, 2019a). Stressing the importance of an integrated and holistic approach to prevent, detect and fight errors and fraudulent behaviour – whether it is from the side of the institutions or the beneficiaries – the ISSA Guidelines on Error, Evasion and Fraud cover  the complex risks of EEF, based on a risk management approach and model. The model is anchored on the following definitions from these guidelines:

The inclusion of branch perspectives was also integrated into cross-cutting ISSA Guidelines, such as on Good Governance, Information and Communication Technology (ICT) or Service Quality. The ICT Guidelines include specific chapters on e-health and business processes taking into consideration the different branches (ISSA, 2019b).

The EHFCN Waste Typology Matrix

In recent years, the European Healthcare Fraud & Corruption Network (EHFCN) has become a pioneer in developing a typology for distinguishing between error, abuse, fraud, and corruption in the health care sector. Fraud has been defined as “the use or presentation of false, incorrect or incomplete statements and/or documents, or the non-disclosure of information in violation of a legally enforceable obligation to disclose, having as its effect the misappropriation or wrongful retention of funds or property of others, or their misuse for purposes other than specified”. (EHFCN, 2017)

In the context of appropriate care (see also the ISSA Webinar Improving appropriate care in the hospital sector), it is often hard to distinguish fraud from waste. While fraud implies an element of deliberate intent, waste often occurs unintentionally. To promote the understanding of the complexity, EHFCN developed the Waste Typology Matrix © in 2014, which classifies waste in a scale with an increasing degree of ‘intention’:

Error: Unjustly obtaining a benefit of any nature by unintentionally breaking a rule or a guideline. Example: Unintentionally billing for a service that has not been rendered. Abuse: Unjustly obtaining a benefit of any nature by knowingly stretching a rule or guideline or by taking advantage of an absence of rule or guideline. Example: Knowingly providing and billing a service without medical indication. Fraud: Illegally obtaining a benefit of any nature by intentionally breaking a rule. Example: Intentionally billing for a service that has not been provided. Corruption: Illegally obtaining a benefit of any nature by abuse of power with third party involvement. Example: Intentionally prescribing an ineffective medication to receive a kickback payment from the pharmaceutical manufacturer.

Without being exhaustive, the following types of fraud can be distinguished:

The use of technologies to prevent and detect fraud in health care

Traditional health care fraud detection methods have not proven efficient and effective. The health care provider submits a claim after rendering services to a patient, which is then verified and reimbursed by the payer. However, this process leaves out a critical stakeholder, namely the patient for whom the services are actually rendered. In addition, efforts to detect health care fraud involve arduous, investigative work, occurring after payments for false claims have been made. It can take years to assemble evidence to prosecute and to recover the money. Undoubtedly, a more effective way to prevent fraud is to identify it before claims are paid.

Fraud detection and prevention technologies have made enormous strides through data-driven innovation, including computing, data mining, analytics, machine learning and other forms of artificial intelligence (AI), developing different mechanisms, for example:

Although datasets in health care can be very large – from diagnostic test prescriptions, doctor’s visits, inpatient hospital care, health products and pharmaceuticals’ prescriptions - they are usually well-structured. Applying machine learning algorithms to those data can create more advanced and accurate analytics in a much faster way than the traditional fraud detection methods, providing access to substantial information in real-time. A range of techniques exist to perform classification, clustering, decision-making or (facial) recognition.

The application of ICT to prevent and/or detect possible irregularities is covered in the ISSA Guidelines on Information and Communication Technology (ISSA, 2019b). Advanced information systems and big data initiatives enable the implementation of effective measures against EEF. Increasing intra-institutional exchanges make common databases ever-more efficient.

Detecting rule-breaking and anomalies

Health care fraud auditing and detection systems aim to provide protection to the payers in the following ways:

Data analysis has been applied to detect breaches of rules and anomalies. A breach of rules may be easy to identify, for instance payments in excess of a maximum amount. Still, it does not constitute proof of fraud. These patterns may be caused by administrative errors, for example some activities may be mapped to the wrong patients. Anomalies characterize providers, patients, insurers or treatment patterns that strongly deviate from the normally expected patterns. As well as for breach detection, further analysis is needed to identify the actual issues when anomalies are detected.

For example, in Greece, the National Organisation for the Provision of Health Services (EOPYY) applies artificial intelligence to detect fraud in prescription data, which was challenged in court based on the argument that “an algorithm cannot provide safe results nor replace in person control of bills” (Council of the State/judicial review, 2022). The chosen method ensured on the one hand the random selection of the sample, on the other hand the application of the mathematical theory of probabilities to evaluate the result of sampling. The court stated that “the scientific methods used in the audit provided a sufficient guarantee for the objectivity, validity, accuracy and reliability of the conclusion drawn” (Decision 580/2021 Council of the State).

While artificial intelligence might be a game-changer when it comes to detecting health care fraud, the purpose of an AI system should be to complement fraud detection processes performed by expert staff, rather than replace them (ISSA, 2019c and 2020). The use of AI also raises many questions about privacy, ethics and cybersecurity, as described in a recent ISSA report on strengthening cyber security in social security.

Investing in ICT

The use of new technologies, such as AI, is expected to gradually increase along with the rapidly increasing health care data (ISSA, 2019b and 2019c). A key aspect of fraud detection is to invest in ICT to increase the effectiveness of fraud management. This includes investing in systems and human resources specialised in fraud detection and fraudulent behaviours, which are rapidly evolving in a digital environment.  

BPJS Kesehatan, Indonesia has invested in big data analysis and in the development of Business Intelligence (BI) to better understand and monitor behavioural trends to tackle fraud, illustrated in the following good practices (2021):  

• Machine learning and big data: Supporting decision making on fraud detection describes how machine learning can detect potential fraud faster and more efficiently, which reduces detection time, predicts more accurately using large datasets, and provides cost-effective solutions. As of 31 December 2020, this good practice found 30,000 cases of potential fraud with a total savings of 41.93 million US dollars (USD).
• DEFRADA (Deteksi Potensi Fraud Dengan Analista Data Klaim): The development of a fraud detection tool in hospital services, a business intelligence-based initiative for a fraud detection tool in hospital services was developed to help the inspection staff to identify claims which require closer analysis. In the future, data analysis and research will act as the main driver for policy making in tackling fraud.
• Developing an online pharmacy system for more efficient billing and drugs delivery, explains the development of a web-based Online Pharmacy System. which allows improvements to the billing process and to develop a compatible interoperability system with partner pharmacies. The system has a significant impact on reducing fraud, improving efficiency and increasing the number of on-time claim submissions.
• Every organization should develop an effective and comprehensive counter fraud strategy based on reliable evidence about the nature and scale of fraud. The good practice on Improvement of risk profile reliability as basis for formulating organisational strategic risks and risk-based budgeting highlights the need to identify techniques that can improve the reliability, quality and efficiency in the risk profile, to ensure the effectiveness of risk management.

In the Republic of Korea, the National Health Insurance Service (NHIS) has developed a fraud detection system based on health care big data, which includes socio-demographic, disease and treatment history variables. The system was introduced to detect and predict fraud by health care facilities; which are not established in accordance with the current regulation, for example by unqualified persons, seeking to maximise their profit with a high probability of fraudulent insurance claims. In Korea, where the private sector accounts for the majority of the health care provision, preventing the establishment of illegal medical for‑profit institutions is one of the pillars of the system, along with the prevention of fraudulent insurance claims. NHIS started to apply AI from 2020 based on a hybrid detection system that finds information with high probability of fraud, mixing traditional rule-based and AI predictive models.

The Viet Nam Social Security (VSS), Vietnam shared in the good practice IT application on health insurance management, medical review and payment how the VSS built the Health Insurance Inspection Information System to connect with over 12,000 hospitals nationwide. This system has been proven to be a vital point in controlling and monitoring the medical services of involved hospitals and health insurance participants, thus contributing to the overall national social security service.

Conclusions

Financially sustainable health care systems must use scarce resources in a more efficient and effective way. As health care provision depends on the interplay of financial, technological and human resources, it requires appropriate behaviour from all involved actors. Today, it is important for social security institutions to engage in appropriate counter fraud activities, as fraud can seriously damage health care finances and consequently lead to lower quality of care.

Essential elements of a counter fraud strategy include risk assessment, measurement of fraud, developing an anti-fraud culture within the organization, prompt detection of fraud, rigorous pursuit of sanctions (criminal and civil) and measures to seek redress of funds.

Investing in emerging technologies is crucial to develop, monitor and assess tailored responses to efficiently tackle fraud in health care. Biometrics and Blockchain contribute to the development of preventive measures by strengthening persons’ identification control and providing the means to implement immutable systems, i.e. in which information cannot be altered. In addition, data mining, predictive analytics, machine learning and other AI techniques enable the implementation of profile-based detection measures, to identify suspicious cases using existing data. These technologies can also be used to implement preventive measures, notably through risk-management mechanisms. Such cases should be further investigated.

It is important to remember, however, that the results of profile-based and predictive techniques are approximate and, therefore, require the intervention of expert staff who can determine actual fraud cases by collecting appropriate evidence.

Generating adequate capacity is an important precondition for the application of emerging technologies by social security and health organizations.  

This involves, firstly, investing in testing and selecting software tools and embedding technologies in key steps of the fraud control processes, but also in developing staff skills.

Secondly, institutions adopting data-driven emerging technologies, such as analytics and AI, should also apply data-management and governance practices to reach the required data-quality level. Finally, institutions using emerging technologies should set up the so-called sandbox environments for safely testing and piloting applications.

Strategies and solutions to support policymakers and social security institutions in preventing and detecting fraud are fundamental to guarantee the right to health for every patient. The application of emerging technologies can provide significant new opportunities and be a source of progress in this regard.

References