Show Summary Details

Page of

 PRINTED FROM the OXFORD RESEARCH ENCYCLOPEDIA, CRIMINOLOGY AND CRIMINAL JUSTICE ( (c) Oxford University Press USA, 2016. All Rights Reserved. Personal use only; commercial use is strictly prohibited. Please see applicable Privacy Policy and Legal Notice (for details see Privacy Policy).

date: 18 October 2017

Detecting Healthcare Fraud and Abuse in the United States

Summary and Keywords

Healthcare fraud involves wide-ranging illegal behaviors. It includes such activities as individual physicians who bill insurance companies or the government for services that were never provided, as well as corporate behavior, such as pharmaceutical companies that falsify clinical tests in order to get unsafe drugs approved for use. Thousands die each year in the United States due to these behaviors, including deaths from incorrectly prescribed medications or from tainted drugs that were approved by the U.S. Food and Drug Administration based upon fraudulent testing and reporting. Thousands of additional patients likely are injured and killed by unnecessary surgeries performed by physicians who want to maximize their reimbursements. The illegal activities also add billions of dollars each year to the total healthcare cost in the U.S. Despite these costs, there is relatively little outrage as a result of the behaviors, largely because they remain hidden from public view.

Healthcare fraud, as with almost all white-collar crime, is rarely detected and that prevents the frauds from becoming known to victims, law enforcement, and policy makers, which in turn prevents analysts from compiling a complete picture of the behaviors and prevents policymakers and law enforcement from developing efficient enforcement strategies. Moreover, the lack of detection assures perpetrators that they will get away with their crimes and limits the potential preventative effects of punishment. Lack of detection and reporting has been a particularly strong problem for those trying to control healthcare fraud and abuse in the United States and elsewhere. The enforcement mechanisms that have evolved have been strongly influenced by the difficulties of detecting the illegal behaviors.

Keywords: healthcare fraud, Medicare fraud, healthcare regulation, program integrity, healthcare costs, crime measures, medical profession


Detecting white-collar crime is not an easy task. Average consumers, for example, are not likely to know when a car repair dealer is charging for parts that are not replaced or when bank employees open fraudulent accounts in clients’ names (Cowley, 2016). They may, at best, only have uneasy feelings that they have been swindled. Government agencies, by the same token, have not known that they were paying more for heavy electrical equipment because corporations were fixing prices (Geis, 1967) or that automobile manufacturers were lying about the gas mileage or emissions of their automobiles (BBC News, 2016; Hotten, 2015). The exact percentage of white-collar crimes that are not detected must represent a very substantial portion of the total offenses.

Lack of detection has been a particularly strong problem for those trying to control healthcare fraud and abuse in third-party payment programs in the United States (and elsewhere in the industrialized world). The behaviors involve wide-ranging illegal acts. They include such activities as individual providers and corporations who bill third-parties (e.g., insurance companies or the government) for services that were never provided, as well as hospital staff who knowingly overbill (for general descriptions of healthcare fraud in the United States and elsewhere, see Abelson & Lichtblau, 2014; European Commission, 2013; European Healthcare Fraud & Corruption Network, 2016; NHCAA, n.d.).

Under the U.S. Code of Federal Regulations, fraud is “[a]n intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person” (42 C.F.R. 1002.2). A surgeon paying patients to undergo operations or a dentist pulling all of a child’s teeth merely for the purpose of charging a third party for the procedures or psychiatrists billing third parties for more hours than that there are in a day are likely candidates for criminal prosecution (Jesilow et al., 1993).

Abuse, in contrast to fraud, does not require a finding of specific intent. Rather, it includes “provider practices that are inconsistent with sound fiscal, business[,] or medical practices, and result in unnecessary cost … or reimbursement for services that are not medically necessary or that fail to meet professionally recognized standards for health care” (42 C.F.R. 1001.2). Fraud may be treated as a crime, whereas abuse is normally handled as a civil matter. Abuse lacks the moral outrage that accompanies criminal activities. The behaviors of physicians who occasionally bill for more expensive procedures than the ones actually provided or who sporadically schedule unnecessary office visits, if detected, are likely to be labeled as abuses. It would be nearly impossible for prosecutors to show that in such circumstances the providers intended to defraud the third parties. Rather, such individuals will not be criminally prosecuted, but be allowed to quietly repay any overpayments (Jesilow et al., 1993; Senior Investigators from CMS, 2007–2008).

Our inability to detect healthcare fraud and abuse has a number of negative consequences. For one, it means that offenders avoid exposure and continue to steal money and harm patients. In addition, we have no accurate estimation of the extent of losses and no way of determining whether efforts to diminish the unnecessary costs have any impact. Occasionally, illegal, multimillion-dollar payments are uncovered and suggest that the problem may be large and widespread. Guesstimates of the losses range from a few percentage points to as high as 40% (Sparrow, 2000) but we do not know the accuracy of these guesses. The largest portion of such offenses remains hidden. On this topic, little has changed since 1977, when the director of the Congressional Budget Office (CBO) was asked to comment on the financial implications of a bill creating investigative units to concentrate on fraud against the benefit programs. She replied, “The unknown magnitude of fraud and abuse presently extant in the programs makes it impracticable for the CBO to project the actual cost impact of this measure at this time” (Committee on Finance, 1977). Anyone making an honest assessment of the current situation would reach the same conclusion.

In the remainder of this paper, we present a history of efforts to detect a particular form of healthcare fraud and abuse, offenses committed by medical providers, with particular attention being paid to transgressions against Medicare and Medicaid. We then discuss the current detection mechanisms. Finally, we suggest a method that can be used to improve the detection tools currently used by enforcement agents in their efforts to uncover fraud and abuse.

A History of Efforts (or the Lack Thereof) to Detect Provider Fraud and Abuse in Medicare and Medicaid

It has been a half century since the U.S. Congress passed and President Lyndon Johnson signed Medicare and Medicaid legislation into law. During the early years of the programs, no one seriously considered the potential for fraud and abuse; there were no efforts to detect wrongdoing and no government agency to which to report the behaviors if they were uncovered. There were numerous reasons for this situation. Private insurance companies, such as Blue Cross, did not appear to have a significant problem with illegal payments. Ideology also played a major role. Congress (and the public) supported the idea that physicians and hospitals would act in their patients’ best interests and were above grubby tactics, such as overutilization of hospitals. Doctors, everyone concurred, responded to a higher ethic, and that they would act in the interest of their patients and protect the integrity of the new, government-financed programs (Jesilow et al., 1993).

Fear of physician nonparticipation also was a factor that contributed to the lack of controls to protect the programs. The new laws did not require doctors to accept Medicare and/or Medicaid patients and there were many suggestions that doctors would turn them away. Supporters of the legislation avoided implying that physicians were other than scrupulously honest. To have suggested otherwise would have risked escalating conflict with the medical profession’s leadership, which had opposed the enactment of Medicare. The threat of noncooperation ensured that the final regulations governing the programs reflected the physicians’ views, which placed faith in their integrity rather than relying upon government scrutiny. The programs, as a result of these factors, were established with almost no control mechanisms and no personnel to make sure that the benefit programs were being protected from unscrupulous individuals or that wrongdoing would be spotted (Jesilow et al., 1993).

The first detected incident of healthcare fraud in California to result in a prison sentence came in 1967 and illustrates how ineffective some providers must have perceived government enforcement efforts. A pharmacist in Los Angeles was charged with stealing more than $20,000 from benefit programs, a sizable sum even today. His actions suggest that he believed that no one was watching the store; he submitted bills during a nine-month period that showed him dispensing more of a particular drug than all the pharmacies in the state dispensed for the entire year. “We are well aware that the present machinery for detecting such abuses is inadequate,” declared California’s Chief Deputy Attorney General in a report. “I doubt that unless [the pharmacist] had made obvious mistakes he would have been caught for a long time” (Malnic, 1968). Matters did not improve substantially during the next decade.

Early in 1972, a Manhattan grand jury report detailed numerous inadequacies in New York City’s detection efforts. The city had failed to establish a system to determine whether a current bill from a practitioner had already been paid. Delays in reimbursement from the government resulted in physicians resubmitting unpaid bills; sometimes physicians would resend the bills every month, a normal practice then and now when dealing with private patients who are slow to pay providers. The government, however, did not recognize the repeat billings and eventually paid multiple times for the same services. New York’s records for detecting and prosecuting fraud, the grand jury report noted, were in such a deplorable state that they were useless for the task (Subcommittee on Long-Term Care, 1976).

The next year, 1973, a New York City newspaper reporter had no trouble detecting illegitimate dealings when he went undercover to Medicaid clinics. The reporter’s Pulitzer Prize-winning investigative report, based on his visits posing as a Medicaid beneficiary seeking treatment, identified the location of Medicaid violators and the type of activities that were involved (Subcommittee on Long-Term Care, 1976). Similarly, in 1976, then-U.S. Senator Frank Moss presented himself at two Medicaid clinics on the same day for treatment of a “cold.” Both visits led to blood and urine tests, follow-up appointments, and prescriptions that were to be filled at pharmacies adjacent to the clinics. One of the clinics also gave Moss a chest X-ray and referred him to a chiropractor (Subcommittee on Long-Term Care, 1976).

The U.S. Senator’s foray into detecting Medicaid fraud sparked controversy and revealed that the tactics used with street criminals could not easily be applied to those who were stealing from the benefit programs. It is one thing to use government resources for undercover operations to identify drug dealers and prostitutes, but it became clear that it is another matter when such efforts are aimed at the activities of prestigious individuals, such as medical doctors.

Enforcement agents then and now have learned that undercover operations aimed at medical providers face resistance on ethical grounds, including allegations of entrapment and harassment, and objections to the deflection of scarce medical resources from their proper purpose (Subcommittee on Long-Term Care, 1976). Agents are also aware that it is not always easy to conclude that services are unnecessary. Sometimes such services turn out to be the result of differences in judgments rather than fiscal self-aggrandizement on the part of providers. The legitimate practice of medicine includes lots of gray areas, in which there is disagreement about proper treatments (Jesilow et al., 1993).

Practical limitations are also of continuing concern for government operatives trying to implement undercover stings. If a doctor is to believe that an agent is a legitimate patient, the agent must fit within the doctor’s specialty and clientele. Scrutinizing the activities of a geriatric specialist or a pediatrician, or investigating a doctor whose practice focuses on a single ethnic group, cannot be done by just any undercover agent. To investigate providers, who see patients only through referrals, undercover agents first have to be examined by a referring doctor. In small rural and suburban communities, the sudden appearance of an outsider-patient might provoke suspicion. Cost and time constraints also inhibit undercover activities. Proving criminal intent beyond a reasonable doubt can require multiple transactions by several operatives, with backup personnel on or near the scene. The combination of the above matters has greatly limited the use of undercover operations to detect healthcare fraud, despite their potential for detecting the extent of illegal activities occurring in medical practices.

Government agents assigned to surveillance and utilization review of the programs early on turned to audits as a means for detecting healthcare fraud and abuse and measuring the magnitude of the problem. The first systematic effort by the federal government was conducted in Massachusetts in 1977. Federal auditors reviewed the records of 53 doctors and 50 pharmacists, chosen because they were high-volume providers of Medicaid services. It is unclear whether the authorities targeted these individuals because they thought them more likely to be crooks or because, from a cost/benefit perspective, there was little to be gained by reviewing the records of practitioners who rarely billed the government. From what we know, it was probably the latter. It likely did not make sense to administrators to spend money on an audit that was unlikely to recoup the expense of the investigation. This remains a guiding principle to this day. High volume providers remain prime targets for detection efforts by authorities (Senior Investigators from CMS, 2012).

As for the 1977 Massachusetts audit, 44 of the 53 doctors and 49 of the 50 pharmacists had discrepancies in the 25 claims that were examined for each provider; 20% of the more than 1,300 examined physician bills had irregularities, as did 34% of the more than 1,200 bills from pharmacists. Five of the providers were recommended by the examiners for immediate administrative action, while another 25 were recommended for further investigation. Massachusetts’ State Welfare Commissioner reported that one of the physicians and one of the pharmacists were under criminal investigation (“U.S. Medicaid Audit Finds 90% Errors,” 1977). We do not know the outcome of these two criminal investigations; we were unable to find any later mention of them. But, given the evidence from contemporary cases, it is unlikely that either was criminally charged or convicted.

In some ways, the above-described, initial federal effort to detect fraud and abuse in Massachusetts was a success. It showed that investigators could detect illegal payments and, we must assume, recover some of the ill-gotten funds. But, it also indicated that the programs were being looted and established the recovery of funds as the primary objective of law enforcement. The message was clear to anyone who was listening: billing the government for more than one deserved was unlikely to result in criminal allegations, as long as the total of the thefts was not outrageous. Federal investigators reported $10,000 as a minimum loss for criminal investigation during the 1980s. The threshold has risen to $100,000 (Senior Investigators from CMS, 2012), but most criminal fraud cases involve much larger dollar amounts.

Audits, such as the ones described above, then and now are expensive, and additional resources beyond the initial audit are necessary before any recoupments can be made. Patients may need to be contacted or a physician’s staff may need to be interviewed in order to confirm the results of an audit. Techniques used by the investigating agency must be cost effective. Simply auditing all providers or even only high-volume providers is unlikely to prove worthy of the expense. Moreover, such audits will anger honest providers and may drive them from participation in the benefit programs. These matters limit the use of audits to detect healthcare fraud and abuse, but they remain a valuable tool in detecting the behaviors. More will be said about audits later in this piece.

Government agents and policymakers early on in the programs were hopeful that honest providers would help them detect violations. The medical profession has long claimed that only physicians have the specialized knowledge and wisdom necessary to comprehend and solve any problems in their ranks. Those in charge of protecting the programs wanted to build upon this idea and involve hospital review boards and the wider medical profession in identifying suspect providers (Jesilow et al., 1993). In 1972, the federal government went as far as providing funds for the establishment and upkeep of review boards. The boards, however, proved ineffective. Many boards were unable (or unwilling) to identify any suspect providers. We do not know how successful the boards were at detecting fraud and abuse (since we do not know how widespread the behaviors were), but during the experiment with peer review boards from 1973 to 1984, the government-funded boards formally disciplined a total of 70 hospitals and physicians (Wallis, 1986). The government was far from satisfied with this effort to detect healthcare fraud (Jesilow et al., 1993).

Systematic Efforts to Detect Healthcare Fraud and Abuse: Notifying Beneficiaries of Will of Billed Services

Both government and private officials were hopeful early on that recipients of Medicare and Medicaid services would help detect the illegal activities. Towards this end, patients then and now have normally been informed of the bills that healthcare providers submitted for services they claimed to have rendered (American Association of Retired Persons, 2010;, n.d.(a); OIG, 2000). This procedure has turned up relatively few illegal activities (Senior Investigators from CMS, 2012). Typically, the notifications do reflect the services providers render, and patients usually have no way to judge whether those services were necessary or appropriate. This is particularly true for in-hospital treatments, when beneficiaries may be unconscious, medicated, or otherwise distressed. Such individuals are unlikely to know who delivered the services or whether the services were in fact rendered (Jesilow et al., 1993).

Many patients do not bother to scrutinize the notifications they receive (for example, see Office of Inspector General, 1995) and this is a continuing weakness of the procedure as part of a detection process. Spotting fraud and abuse does not always serve the personal interests of the beneficiaries. It is an insurance program, and not the beneficiaries, who are paying the bills (or at least the largest portion of them).

Beneficiaries who do spend the time to review the notifications, have not always been able to understand the provided information, and this also has limited the notifications’ effectiveness in helping to detect illegal activities. These matters were illustrated by the results of a survey conducted by the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) and published in 1995.

The OIG was interested in learning the level of beneficiaries’ understanding of the notifications (at the time called Explanation of Medical Benefits (EOMB)) and designed a research project to uncover this information. They sent questionnaires to beneficiaries that queried them about their most recent EOMB, which was included in the questionnaire packet. Of concern, when considering the effectiveness of the notifications as a detection device, was the fact that more than half of the respondents noted that someone else usually took care of their paperwork, including the notifications (OIG, 1995).

The questionnaire asked the respondents to answer specific questions about their EOMBs. The respondents did a relatively good job of correctly answering the type of services that were provided and when they were provided; about 82% of the respondents answered these questions correctly. They also did a relatively good job of recognizing to whom Medicare had paid money (86% answered correctly), and how much money Medicare had paid for the services (77% answered correctly). The respondents were also competent at recognizing what they were to do if they wanted to appeal Medicare’s decision about how much money they owed (81% answered correctly). They were far less accurate in their answers with respect to matters associated with fraud and abuse. Slightly more than half of the respondents were able to correctly determine how much money the healthcare provider was entitled to; a similar percentage recognized what to do if they spotted services they had not received. One respondent, who answered correctly what to do if the notification included services that were not received, complained that it had taken 25 minutes to locate the correct procedure on the back of the form (OIG, 1995).

Ironically, Medicare EOMBs at the time of the above study included advice that if followed would reduce the likelihood that fraud and abuse would be detected. Medicare beneficiaries would normally be responsible for paying 20% of their physicians’ bills. The notifications urged beneficiaries, in order to save themselves money, to seek healthcare providers who agreed to not seek additional payment from the recipients, but rather to accept the Medicare reimbursement as full payment. The practice, called assignment, would result in the beneficiary owing nothing. As a result, no EOMBs would be sent to the beneficiaries, since they had no responsibility for the bills (OIG, 1995).1 Healthcare providers who knowingly cheated Medicare could minimize the likelihood that any fraudulent or abusive behaviors would be detected by opting for assignment.

The above OIG study highlighted that beneficiaries’ lack of recognition of fraud and abuse was only part of the problem for investigators attempting to detect the illegal behaviors. Only about half of the beneficiaries knew to whom they were to report suspicions of fraud and abuse (OIG, 1995). A call to the police is sufficient for most street crimes, but an array of agencies exist to handle the offenses of healthcare providers. Most individuals are likely not cognizant of such bodies, and if they are they possess at best only sketchy knowledge of the agencies’ duties. Suspicious patients may also assume that if they report their misgivings, the authorities may not, or cannot, respond to their complaints (for example, see Jesilow et al., 1992). Only half of the respondents to a survey conducted by the American Association of Retired Persons believed that the government or insurance company would do anything if they registered a complaint about suspicious behavior (Sparrow, 2000).

Federal and state governments today do a better job of informing beneficiaries of where to report fraud and abuse by including a bolded toll-free phone number in several places on the current notifications to recipients of services. The value of the notifications as a fraud and abuse detection device, however, has been somewhat limited by the fact that the notifications have been only sent every three months via the U.S. Postal Service. Beneficiaries, however, may now obtain them monthly via electronic mail (, n.d.(b)). The more time that passes, the less likely recipients of the notifications may be to feel the need to review them; things that happened last week likely have more meaning to us than similar things that happened two months previously. Moreover, the delay likely provides crooked providers an extended head start on investigators. Thousands of dollars can easily be stolen in a few days and then perpetrators can simply walk away from their current businesses in order to continue the schemes elsewhere under different names. Agents often find abandoned (or never occupied) offices by the time they become aware of the suspicious activities and investigate. Investigators decry the situation, calling it “pay and chase” (Senior Investigators from CMS, 2007–2008). The notifications would likely be more effective in helping to control healthcare fraud and abuse if they were sent as quickly as possible after the services were provided, but it is likely impossible to decrease the time beyond a certain point. Healthcare fraud is not going to be spotted by beneficiaries as quickly as residential burglaries of their homes. Providers must first submit claims and third parties pay them before notifications are made to beneficiaries.

Unscrupulous healthcare providers have been able to minimize reporting of their illegal activities by colluding with patients to hide the misdeeds. More than 2,800 healthy insured patients, for example, were paid between $300 and $1,000-plus to undergo unnecessary surgery for sweaty palms, hemorrhoids, or cysts. Insurance companies were then billed more than $150 million for the procedures (Perkes, 2009). Healthcare providers have also prescribed opiates and other narcotics to drug addicts in order to gain their acquiescence to illegal schemes (Jackson & Marx, 2016). More generally, a survey revealed some public support for providers deceiving insurance payers, if the patients benefited from the deceptions by having third-party payers cover the costs of their otherwise ineligible services. Surgeries for cosmetic reasons, for example, are usually not covered by either government or private insurance programs. But, if they are framed as medically necessary, insurers will cover the procedures. Twenty-six percent of the survey respondents felt such practices were acceptable (Alexander et al., 2003). It is unlikely that these respondents would report the illegal inaccuracies in the billings for services rendered to them.

Another difficulty with the notifications as a detection tool is that the reports they generate from beneficiaries often are not the result of fraud or abuse. The reports were made because the beneficiaries were shocked at the total costs of the services or because they did not recognize the medical terminology for the services they had received or because they did not recognize the names of the organizations to whom the payments were made (often a billing company) or because the dates on the claims did not match the dates of actual services. Control agents wasted time unfounding these reports. The federal government in 1997, in an effort to improve matters, established the Senior Medicare Patrol (SMP) projects.

Senior Medicare Patrols

SMP projects are funded by the federal government on the belief that if older Americans know how to spot fraud and abuse (as well as errors) they will help prevent the fiscal bleeding from Medicare and concomitantly protect beneficiaries’ physical and financial health (Senior Medicare Patrol (SMP), 2013). Currently, there are 54 SMP programs to educate beneficiaries to recognize and know where to report fraud and abuse—one in each state, the District of Columbia, Guam, the U.S. Virgin Islands, and Puerto Rico. Federal funding for the projects is relatively small; it totaled $17.1 million in 2015 (OIG, 2016).

The lack of funding results in SMP projects relying on mostly retired volunteers, who have been trained to assist Medicare beneficiaries, their families, and caregivers to prevent, detect, and report healthcare fraud, abuse, and errors. The emphasis is on Medicare, but Medicaid is also involved because many retired individuals eventually become dually eligible for Medicare and Medicaid. Patrol volunteers spend most of their time answering questions and educating Medicare beneficiaries. Occasionally, these efforts detect misdeeds.

In 2015 the SMPs generated $2.5 million in expected Medicare recoveries (but no Medicaid recoveries). Actual savings to beneficiaries that could be calculated were very small, only about $35,000, and only $21,533 in cost avoidance were attributable to the SMPs (OIG, 2016). Government agents, including the Inspector General for Health and Human Services (OIG, 2016) and high-ranking members of the Centers for Medicare & Medicaid Services, believe that the SMPs are valuable (Senior Investigators from CMS, 2012), but they lack supporting evidence of the SMPs’ impact on beneficiaries’ avoidance, detection, and prevention of fraud and abuse. In 2016, reporting on the performance of the SMPs, an OIG report noted:

We continue to emphasize that the projects may not be receiving full credit for recoveries, savings, and cost avoidance attributable to their work. It is not always possible to track referrals to Medicare contractors or law enforcement from beneficiaries who have learned to detect fraud, waste, and abuse from the projects. In addition, the projects are unable to track the potentially substantial savings derived from a sentinel effect, whereby Medicare beneficiaries’ scrutiny of their bills reduce fraud and errors.

(OIG, 2016, pp. 1–2)

In the world of healthcare fraud and abuse control, the SMPs, as other control efforts, are often judged on a cost/benefit basis: how much money are we spending on them and how much money do they save. It will be difficult, without reliable measures of healthcare fraud and abuse, to ascertain whether the SMPs are fulfilling their objectives of educating beneficiaries to detect and report fraud, abuse, and errors, and whether the provided education contributes to the goal of prevention. Given such circumstances, it is difficult to show that the SMPs create a net savings to the benefit programs.


It should not be surprising that detection mechanisms that require little to no government funding would be popular among legislators, who are looking to cut costs. In this regard, the federal and state governments have made some efforts to increase reporting by whistleblowers, such as former employees and patients who can provide investigators with names, dates, and specifics of alleged wrongdoing and sometimes supply records to support their allegations. Whistleblower cases, often referred to as qui tam actions, are easier for investigators and prosecutors because the whistleblower regularly knows exactly where to look for evidence of the wrongdoing.

The best-known of the efforts to increase whistleblowing is the False Claims Act. First enacted in 1863 during the Civil War, the False Claims Act was originally used to prosecute profiteers who provided the Union Army with shoddy equipment. In its updated 1986 version, the law has been used to reward whistleblowers in industries that do business with the government (Moses, 2003). In the past, employees who reported company violations could expect corporate retaliation and little reward, but federal laws since the 1970s have provided them with an increasing number of legal protections (United States Department of Labor, 2016).

The whistleblower brings the original suit in a qui tam case, but the government, if it chooses, may take over the civil action. The United States Department of Justice (DOJ) does an initial investigation after the whistleblower’s complaint is filed in federal court. The DOJ may then choose to take the lead role in the case if the evidence is strong and the dollar amount large. It is uncommon for defendants to fight the DOJ under such circumstances; they are much more likely to settle their cases rather than risk greater penalties following trials. There are additional advantages for defendants to negotiate settlements. No one is going to jail; these are civil cases and in most cases corporations, not individuals, are paying the fines. And, most important to some major corporations, the companies usually retain the ability to do business with the federal government.

The whistleblower in a case settled with the DOJ receives 15% to 25% of any recovery. If the government chooses not to become involved in the civil suit, the whistleblower may choose to continue alone and, if successful, receive 25% to 30% of any recovery (Boese, 2011). Recoveries in cases declined by the DOJ usually involve smaller losses to the government (Civil Division, U.S. Department of Justice, 2015; Kesselheim & Studdert, 2008), a matter which likely plays a substantial role in why the DOJ did not become involved in the cases in the first place. The potential recoveries simply were not worth the expenditures of limited DOJ resources.

A detailed study of whistleblower-initiated actions taken against healthcare providers for fraud and abuse in the United States for the years 1996 to 2005 reported that nearly all “major” (large dollar) federal healthcare enforcement cases by 2005 were initiated by whistleblowers. The researchers collected information on 379 cases and determined that settlements and judgments during the decade totaled $9.3 billion (in 2005 U.S. dollars) and that more than $1 billion was earmarked for whistleblowers in the cases. Seventy-five percent of the whistleblowers were employees of the defendant organizations, frequently physicians or executives of hospitals, medical practices, billing companies, medical equipment companies, laboratories and other healthcare related organizations. The remaining whistleblowers were external to the organizations, but did business with them and as a result had knowledge of the illegal behaviors (for example, a physician reporting the questionable activities of a laboratory) (Kesselheim & Studdert, 2008).

It is not surprising that the average case detected under the qui tam legislation involved multimillions of dollars, since the goal of the whistleblower strategy was to recover the greatest amount of money possible, while minimizing government control expenses (Kesselheim & Studdert, 2008). In 2015, the most recent year for which there are statistics, the Department of Justice reported 632 qui tam cases. Settlements and judgments in the cases totaled slightly more than $2.9 billion or more than an average of $4.5 million per case (Civil Division, U.S. Department of Justice, 2015).

Congress attempted to build on the success of the False Claims Act by establishing the Beneficiary Incentive Program in 1996, as part of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA, among other things, enlisted private citizens into fraud detection; the law provides a share of recovered monies to be paid to beneficiaries who provide information which leads to criminal or civil sanctions. We were unable to find any statistics about the program, but there is reason to believe that it is not cost-effective. Beneficiaries are unlikely to have specific knowledge of illegal activities unless they are personally involved and it seems unlikely that co-conspirators would voluntarily put themselves at risk for criminal prosecution. More likely are reports from beneficiaries that create unnecessary work for investigators, who spend time, energy, and resources collecting information on situations that turn out to have nothing to do with illegal activities and are the result of misunderstandings between the beneficiaries and their providers (Senior Investigators from CMS, 2012; see also Sparrow, 2000).

Malpractice Suits

The government has piggybacked on malpractice suits by injured patients against providers as a cost-effective means for detecting physical harm to beneficiaries by providers. Payments made to patients, either as settlements or judgments resulting from civil suits, are required to be reported to the National Practitioner Data Bank (NPDB). State licensing boards, insurance companies, professional societies, and healthcare institutions are mandated to report a variety of information to the Data Bank, including malpractice judgments and settlements, sanctions imposed by medical boards, losses of membership in professional societies, and actions taken by hospitals and other healthcare units against physicians and dentists. The NPDB fulfills its clearinghouse responsibility by making this information available to authorized entities, including the OIG (Jesilow & Ohlander, 2010a).

The Office of Inspector General, based upon the information provided by the NPDB, may open its own investigation into the activities of suspect providers. These cases are relatively easy for the OIG. Often the physicians have already had their medical licenses suspended or revoked by their state medical boards as a result of their behaviors and this information is made available to the OIG via the NPDB. The OIG then automatically excludes the provider from participation in government funded programs. This process is the most common path that leads to doctors being excluded from receiving government payments for healthcare provided to beneficiaries (Dow & Harris, 2002; Jesilow & Burton, in press).

The joint private/public process, in which government investigators piggyback on the civil suits of private citizens, is likely being impacted by state tort reforms. Changes in state laws (for example, legal changes making it more difficult for plaintiffs to secure attorney representation) play a role in the likelihood that negligent physicians will be sued and eventually have their behaviors detected and sanctioned by both state and federal governments (Jesilow & Ohlander, 2010b). It will become increasingly difficult to detect negligent physicians who are practicing medicine and billing both private and government insurance programs, if legal changes undermine injured patients’ ability to sue.

Computer-Assisted Screens of Claims Data

Computer-assisted screens have remained a targeting tool for investigations of fraud and abuse for more than three decades. We know the most about their use with respect to Medicare and Medicaid and we limit our discussion of these techniques to the government programs, but the same types of screens are used by private insurance companies.

Technological advances in computers during the 1980s made the statistical screens possible. Early on, providers submitted hard copies of billings (also known as claims) to the programs. The information, however, was then coded and entered into an electronic database that included information about providers, patients, and the services they are purported to have received. Initially these data were used to process claims, but as concern arose among policymakers regarding the potential extent of fraud and abuse in the programs, the databases began to be used to detect irregularities that often passed unnoticed when bills were reviewed by hand (for example, the double billing noted earlier).

Private companies, since the beginning of Medicare and Medicaid, have been hired by governments to process and pay claims. The companies, jointly known as intermediaries, received no additional compensation for detecting irregularities, such as double billing and other suspect behaviors. In fact, the private contractors had a fiscal incentive to ignore many irregularities. Since they were paid for each claim they processed, to detect illegalities would be to diminish the monies they earned, while increasing their labor expenses. The introduction of computer-based screens, however, allowed programmers to build in edits to detect double billing and similar easily spotted discrepancies (for example, billing for a hysterectomy performed on a male). These screens greatly decreased potential labor costs for the cost-conscious private companies.

During the first decades of the government programs, most investigative targets identified by the computer screens were targeted because their billings (or what they billed for) were unlikely or impossible or aberrant compared to similarly-situated providers. Psychiatrists, who billed for more than 24 hours in a day, provide a good example of the types of impossible behaviors that the computer screens (then and now) remain particularly adept at identifying. Of course, many such impossible events that were identified by the computer screens turned out to be errors. Billing clerks may have simply entered the wrong date on a claim or identified a woman as a man (Jesilow et al., 1993). Some of the investigations, however, resulted in criminal convictions when the evidence showed extended patterns of behavior that could not be explained by human error.

Through the decades, crooked providers have become very sophisticated at fitting their claims to the criteria that will escape detection. Malcolm Sparrow (2000) noted one technique that violators use to avoid detection. A great number of claims are submitted; the conspirators record the criteria of those that are accepted and those that are rejected. Over time, they fine tune their claims until all are accepted (Sparrow, 2000). Ironically, CMS today provides guidance, published on the Internet, on how to avoid government scrutiny. The purpose of the guidance is to prevent “improper payments.” The information identifies for honest providers how they might conform their billing practices to avoid non-payments and delays. One website advises providers that they should generally inform themselves about where improper payments have been found and provides links to the information. The author urges providers to do an internal assessment to identify if they have any improper claims and to correct any that are not in compliance. Finally, it informs the providers to learn from past experiences and to look for patterns (Turner, 2009). Today, large organizations hire “claims analysts” to ensure that their claims are complying with the rules. The guidance, however, can also be used by dishonest individuals and criminal organizations to avoid detection.

Both crooked and honest providers who follow CMS’s above recommended process will have fewer claims rejected. The difference is that dishonest providers will have illegitimate claims paid. Crooked providers, in order to justify an array of treatments, need only set forth a diagnosis that is not wildly discordant with the symptoms presented by the patient. The diagnosis will never be questioned unless a doctor’s diagnosis profile appears strikingly dissimilar to those of colleagues who seemingly treat a similar clientele.

The computer screens do not necessarily detect fraudulent or abusive behaviors. Rather, they are looking for billing patterns that are associated with fraudulent and abusive behaviors. Various statistics are calculated for provider billings to the government, such as the number of patients seen during a working day and the number of services provided per patient, as well as the type and number of procedures. “Notable” deviations from the norm are flagged for further investigation. The high-volume providers, physicians with a large percentage of government claims, are more likely to be targeted for further investigation, while physicians with few claims are not likely to agitate the computer screens unless their relatively few bills are consistently far out of line from other similarly situated Medicare or Medicaid providers. Once again, however, CMS (via its contractors) provides information on the Internet that would help crooked providers avoid detection. Comparative Billing Reports, for example, provide information on billing trends that can be used by cheats to make sure that their claims are similar to others in their region. The CMS contractor also provides teleconferences following the release of each Comparative Billing Report and a helpdesk to help clarify the material (eGlobalTech, n.d.). Another CMS contractor (PEPPER, n.d.) provides Medicare data statistics that can be used by hospitals and other facilities, according to the contractor’s website, to identify where the organization is vulnerable to scrutiny because its claims are outliers (PEPPER, n.d.).

The computer screens can provide potential targets and can be useful at detecting patently impossible activities, but these are usually the result of coding errors, not fraud or abuse. One major difficulty with the computer screens is that they often target providers who have legitimate reasons for why their practices are statistically aberrant. The screens often identify individuals whose practices are not average and there are numerous reasons why a medical practice might be different. A physician, for example, might be the only one in the area who performs specific procedures and this results in statistically significant differences between the identified physician’s billings and those of other doctors in the same area. Such providers are rightly upset at being targeted for investigation.

Claims data have been more effectively used when they are in the hands of skilled investigators, who have developed their own methods for identifying suspicious patterns. Investigators may look for common surnames who were seen by a provider on a single day or they may target physicians who have patients who are traveling long distances to see them to obtain prescriptions for controlled substances. The first instance suggests “family ganging” (filing claims for all members of a family who were present, even though only one family member was ill and examined). The second suggests collusion between patients and providers (addicts traveling long distances to obtain prescriptions from willing physicians who then bill the government for the unnecessary visits). At some point, however, more expensive, in-depth investigations are necessary to detect if wrongdoing was present.

Medicare’s Multi-Tiered Process for Detecting Fraud and Abuse

In an effort to control investigative costs and to minimize upsetting honest providers, the federal government has established a multi-tiered method to process and pay providers and to detect practitioners who may be engaging in fraud and abuse. The multilayered process primarily involves private contractors that the government has hired to do specific tasks. At the federal level, these primarily involve Medicare Administrative Contractors (MACs), Recovery Audit Contractors (RACs), and Zone Program Integrity Contractors (ZPICs).

Medicare Administrative Contractors

Medicare Administrative Contractors are private healthcare insurers that have contracted with the federal government to process the bills submitted by providers within geographic jurisdictions (CMS, 2016). The MACs’ primary purpose is to expediently pay providers. They use computer screens prior to a payment being made to determine whether the claim is accurate. The screens check matters, such as whether the beneficiary was eligible for the billed service, whether the service was appropriate for where the claim says it was delivered, whether the provided service was medically necessary, and whether the frequency of the service was appropriate (for example, two visits on the same day to the same provider would agitate the computer screen).

If a claim does not fit the rules, a MAC will usually deny it. There are situations, however, in which the MACs will request records to do medical reviews. In those instances, the MAC will suspend the payment until the records are reviewed and a decision reached. If they suspect fraud, based upon their review of medical records, the MACs are supposed to stop work on the case and refer it to the appropriate contractor (a Zone Program Integrity Contractor, hereafter ZPIC), with which the government has contracted to investigate such matters (Representative of a Medicare Contractor, 2016). The MACs are contractually prohibited from investigating fraud. An official with a private contractor explains the MAC process:

If while doing a medical review of records, they find that the doctor has billed the same thing for 10 beneficiaries or they bill it every month and it just doesn’t seem right, they are going to hold the claim and get the ZPIC involved or just deny it outright and at the same time notify the ZPIC, “we denied the claim outright, but based upon our review of the medical records there may be something going on that is suspect.”

(Representative of a Medicare Contractor, 2016)

MACs are paid on a cost-plus basis. They are paid for each claim that they process and extra for medical review of records. They recover their costs plus a bit more for fulfilling specific objectives. This payment mechanism has resulted in some wrongdoing on the part of MACs. There have been instances of MAC employees splitting a single claim into multiple claims so that the organization could receive multiple payments. There have also been instances of arrests of MAC investigators for helping providers with illegal schemes. Such illegal activities can come to light during official reviews of contractors by CMS personnel (Representative of a Medicare Contractor, 2016).

There likely are blatant cases of fraud that are detected and referred by the MACs to the ZPICs, even though the MACs do not have a direct fiscal incentive to refer such cases. They, however, cannot simply ignore suspect cases. Their contracts with the government requires them to make referrals, and a MAC that made none would be suspect; referrals are part of the criteria by which MACs are evaluated when the government considers renewing their contracts. Such referrals, however, are likely not promiscuously done. MACs are also judged on the accuracy of their referrals. Promiscuous referrals by a MAC to the ZPICs would result in the government spending taxpayer money on dead-end investigations, while concomitantly upsetting the practitioners, who provide needed medical services and, at the same time, likely decreasing the chances that the referring MAC’s contract would be renewed. These all seem to be matters that the management of a MAC would likely want to avoid (Representative of a Medicare Contractor, 2016).

Recovery Audit Contractors

The federal government (and the states) have contracted with Recovery Audit Contractors (RACs) to engage in post-payment review. The claims the RACs review have already been processed by the MACs and payments have been made to the providers. The Medicare RAC program was established following a three-year demonstration project in six states from 2005 to 2008. RACs were to identify claims that resulted in improper payments. These included claims for services that were not reasonable or necessary (non-covered services), services that were incorrectly coded that resulted in over or underpayments, as well as payments for duplicate services (American College of Emergency Physicians, 2016). During the demonstration project, the RACs were able to identify $992.7 million in overpayments and $37.8 million in underpayments. Based on these numbers, the RAC program was expanded to cover all Medicare fee-for-service payments as well as individual state Medicaid fee-for-service programs (American College of Emergency Physicians, 2016; OIG, 2013). Fraud and abuse that escapes discovery (and referral) by the MACs, it was hoped, might be uncovered at this level in the review process.

The RACs are compensated for detecting improper payments that do not involve fraud. They are contracted on a contingency basis; they receive between 9.5% and 12% of the claims overpayments and underpayments that are identified by them and repaid (providers compensated for underpayments and the government recompensed for overpayments). In fiscal year 2013, the RACs received compensation of more than $200 million. But, their activities led to the collection of more than $2 billion during the year (Taylor, 2014).

The Medicare RACs, as the MACs, are directed to refer potential criminal cases to the ZPICs; state Medicaid RACs are to refer such cases to their state’s Medicaid Fraud Control Unit or other appropriate law enforcement agency (CMS, 2011). The RACs, however, do not have a financial incentive to refer cases to the ZPICs. They may in fact have a fiscal disincentive to make referrals. They do not receive a cut of overpayments resulting from fraud investigated by the ZPICs. But, they can be compensated if they treat such cases as involving improper payments that lack fraudulent intent. They may be somewhat restrained from doing this because making accurate referrals, as with the MACs, is part of their performance review.

The primary methods used by RACs to identify improper payments are automated reviews and complex reviews. Automated reviews involve computer screens in which a RAC utilizes proprietary software designed to detect: pricing mistakes; non-covered services (for example, claims for services that were not reasonable and/or necessary given the diagnosis); incorrectly coded services; and duplicate billings for the same services. The RACs are prohibited from randomly selecting claims for review or targeting claims solely because they are expensive. Incorrect payments can only be identified when supporting evidence exists. Once a RAC has information that leads its personnel to believe that there were overpayments, then the RAC is free to factor in the value of the claims in selecting which claims should receive a complex review (American Hospital Association, 2008).

Complex reviews involve an examination by RAC personnel of medical records associated with the suspect claims. Most complex reviews have focused on medical necessity issues. Determinations in such reviews, according to CMS rules, must be made by registered nurses or therapists and any coding decisions must be made by certified coders. The RAC must believe that there is a high probability that the billed service is not covered before they request the medical records from a provider. For one matter, the RAC must pay for the records, and if the investigation reveals no improper payments then the RAC receives no compensation (American Hospital Association, 2008; Representative of a Medicare Contractor, 2016).

RACs are only allowed to review claims for improper payments that involve issues that have been given approval by CMS. A RAC may identify a specific issue within its jurisdiction, for which there is no CMS policy; the matter with documentation is sent to CMS for consideration. CMS reviews the issue and if it agrees with the RAC that “yes, this is an issue that appears to be problematic” then CMS and the RAC notify providers of the issue. An official explained that the RACs:

use data analysis, policy review, and industry standards to determine if there is an issue that is not currently being audited by the MACs or any other CMS contractor and it is not fraud; it is a documentation issue, a medical necessity issue, a coding issue; it is something that claims are being paid that either violate Medicare policy or they violate medical necessity or both.”

(Representative of a Medicare Contractor, 2016)

The RAC may begin reviewing claims that were submitted after the providers were notified of the changes. Each RAC may identify different issues. What might be an issue in one jurisdiction may not be problematic in another. There may be overlap, but not necessarily (Representative of a Medicare Contractor, 2016).

Providers who are behaving most egregiously are the providers the RACs select for audit. CMS limits the extent of medical records that a RAC may review from a single provider (American College of Emergency Physicians, 2016; American Hospital Association, 2008). In the recent past, RACs were allowed to review a small percentage of a provider’s medical records; about 2% of the medical records associated with a provider’s annual claims, according to a RAC official (Representative of a Medicare Contractor, 2016). Following complaints from providers that this was overly burdensome, CMS lowered the percentage to 0.5%. A RAC, as a result, is only going to select claims for audit that initial analyses indicate have a strong potential for large recoveries. In general, a RAC is going to pursue cases that have the greatest potential value for the RAC. A RAC official explained that CMS wants the RACs to be sensitive to the provider’s burden:

I know that sounds funny. If claims are being paid wrong, I would want to audit 100% of the claims. But CMS wants the providers to spend their time in patient care and not be driven out of business because a RAC has created an unnecessary burden on them. CMS keeps a tight rein on the burden the RACs create on providers.

(Representative of a Medicare Contractor, 2016)

The CMS rules are designed to educate honest providers on their billing mistakes and to not overly burden them. Crooked providers, however, benefit from the same rules. As long as they do not regularly cheat, any pattern of criminal behavior is unlikely to be detected in the small number of claims that may be audited. Rather, the behaviors are labeled as mistakes or as abuses at the worst.

Zone Program Integrity Contractors

The Zone Program Integrity Contractors (ZPICs) first came into existence in 2008. Generally, each of the seven ZPICs are tasked in its geographic zone for detecting and developing in a timely fashion cases of suspected fraud. Their contracts with the federal government require that they identify and investigate fraud in Medicare fee-for-service, including durable medical equipment and home health and hospice care, as well as other duties. They are, for example, required to initiate actions against suspect providers and to support law enforcement agencies with Medicare fraud investigations by providing data analyses, provider enrollment records, and reviews of medical records (Fletcher, 2011; GAO, 2013; U.S. Department of Health and Human Services, Administration for Community Living, 2012).

ZPIC personnel identify potential fraud in a few different ways. As already noted, the Medicare Administrative Contractors and Recovery Audit Contractors may forward suspected cases to the ZPICs. Phone calls to the OIG’s fraud hotline, following an initial screening by MAC personnel, may be forwarded to a ZPIC, or a ZPIC may receive a potential case directly from CMS. Computer screens are also used by ZPIC statisticians and other data analysts to identify aberrant billing patterns, which might indicate fraudulent behavior. ZPIC investigators may then audit suspected fraudsters, make site visits to their offices, and interview their patients (Fletcher, 2011; GAO, 2013; U.S. Department of Health and Human Services, Administration for Community Living, 2012).

In 2012, most of the work of the ZPICs’ nearly 5,000 new investigations were in reaction to complaints they received from other entities. The MACs generated 45% of the complaints the ZPICs received that year, with most of the remaining complaints coming from the HHS OIG hotline. About 12% of their investigations in 2012 were the result of proactive activities of the ZPICs, including analyses of claims data to identify statistically aberrant providers. Perhaps evidence of the fiscal disincentive for RACs to refer cases to the ZPICs can be found in a GAO report on ZPIC activities for 2012; the report did not note a single complaint being referred from the RACs during the year (GAO, 2013).

The ZPICs prioritize investigations based on CMS criteria. Cases involving patient harm are given the highest priority (GAO, 2013). Such cases likely originated with civil suits filed by patients or their families (Jesilow & Burton, in press) or were reported via the OIG hotline. Widespread frauds involving more than one state and/or high dollar amounts are next in priority. Based upon their investigations, ZPICs may also identify weaknesses in the Medicare program that make it susceptible to criminal activities and suggest to CMS possible prepayment edits to stem the flow of money to fraudsters (GAO, 2013).

ZPICs review the medical records of prioritized providers who have been identified by complaints and computer screens to determine if fraud or abuse exists. The investigators are looking for evidence that the billed services were provided and medically necessary. Matters that might indicate fraud or abuse include medical records that have nearly identical documentation or alterations (for example, extensive erasures or deleted or added pages). The investigators may also telephone beneficiaries or attempt to determine if the provider had similar past violations (for example, by uncovering past warning letters by another Medicare contractor) (Fletcher, 2011).

If a ZPIC investigation reveals instances of fraud, the ZPIC is contractually obligated to forward the information to the HHS OIG for further investigation. If the OIG declines the case, the ZPIC may refer it to the FBI or the U.S. Attorney’s Office, or any other law enforcement organization, for potential prosecution. Thirty-three cases of suspected fraud that were identified by the ZPICs were declined by law enforcement in 2012 because the agencies simply lacked the resources to effectively prosecute them, and not because the cases were weak. The law enforcement agencies accepted 139 cases in 2012 (GAO, 2013). We do not have details on the 139 prosecutions, but not surprisingly, the cases for which we do have information seemed to have involved widespread, blatant behavior. For example, one investigation by a ZPIC resulted in charges against a provider who was operating 17 pain management clinics that were billing Medicare for services that were not being rendered (GAO, 2013).

The ZPICs reported that their work in 2012 resulted in convicted providers being ordered by courts to pay nearly $80 million in fines, settlements, and restitutions. Convicted providers, however, eventually paid less than the $80 million because of appeals and difficulties collecting fines, particularly when crooked providers fled or declared bankruptcy. Some of the 2012 cases may have resulted in jail or prison time for convicted offenders, but CMS does not regularly collect this information (GAO, 2013).

The ZPICs generally received good ratings in their annual reviews, at least through 2012. Most of the measures that CMS uses to evaluate the ZPICs’ performances relate to the quality of their work and not outcome measures. This creates some difficulty in evaluating the worth of the ZPICs. For example, objectives of CMS include increasing the percentage of actions taken against specific high-risk providers, as well as decreasing the percentage of improper payments made to providers. But, CMS does not evaluate the ZPICs on their contributions to achieving these aims (GAO, 2013).

Conclusion and Discussion

The legislative architects of Medicare and Medicaid refrained from establishing coherent policies or systems for fraud control in the medical benefit programs. There was no integrated system specifically designed to uncover, investigate, prosecute, and sanction errant providers. Rather, the “system” grew “topsy-turvy” (Gardiner & Lyman, 1984, p. 4).

The earliest efforts to detect illegal behaviors relied on tools that had been developed by law enforcement for uncovering the misdeeds of offenses associated with more traditional, hidden offenses, such as prostitution and illegal drug sales. These early efforts were manned by former police officers, criminal investigators, and prosecutors, who were looking to catch the bad guys and put them behind bars. Such efforts, including undercover operations, drew little public criticism when they snared vulnerable, low-level perpetrators of traditional crimes. But their use with medical professionals was met with coordinated outrage from medical providers, who were able to influence Congress and other policymakers to alter the law enforcement strategy to one that relied more heavily on education, regulation, and the recovery of improper payments.

The above change in strategy likely benefited legislators and other policymakers. Efforts to detect crooked providers often upset medical professionals, who took their complaints to legislators. And when the rare offender was incarcerated, legislators could take little credit for catching, convicting, and imprisoning the crooked provider, particularly when such events seemed to have little impact on the rapidly increasing costs of the benefit programs (Jesilow et al., 1993). In contrast, the policymakers could point to recoveries of ill-gotten healthcare dollars as a successful result of their efforts.

The current program integrity system has been largely shaped by the above matters. The detection of excessive improper payments and resultant million-dollar recoveries from corporations have become almost common. But, criminal prosecutions of individuals have remained rare (Liederbach, Cullen, Sundt, & Geis, 2001; GAO, 2013; Senior Investigators from CMS, 2012) and, when they are used, they seem more likely to be used against those who are easy targets, such as home health workers (for example, see Payne & Gray, 2001).

Despite the recent changes to the program integrity system, few of the important actors seem to be pleased. Physicians and other providers continue to complain about regulations and the compensation they receive from third-party payers, which they feel is inadequate for the job that they are doing. At the same time, both private and government entities struggle with expanding costs and limited budgets. This situation has changed little during the past decades and it likely will not much improve under the current, entrenched U.S. system. It seems best for now to root suggested changes in the current control system, as they might have some chance of being implemented.

One important change that has eluded control agents is the establishment of an effective targeting mechanism. The existing computer screens too often result in “wild goose chases” by authorities. Honest providers, particularly those in small practices, are often upset by such program integrity efforts, which they legitimately see as burdensome and unnecessary. This is particularly true when the situation has arisen as a result of honest differences over the practice of medicine.

The uncertainty of so many medical situations stems from the fact that the practice of medicine is an inexact science, in which there are legitimate differences of opinion about the same set of symptoms. Eliminating these gray areas would improve matters. Providers would know what is acceptable and program integrity personnel could act with the knowledge that their actions will be validated. To draw a comparison, it is much easier for the police to detect speeding if there is a posted speed limit. It is a much more difficult task to determine that a driver is speeding in the absence of a stated speed limit.

Medicare rules and regulations have made some progress in defining acceptable practices from those that are unacceptable. One of the more well-known CMS positions deals with “never events.” The term refers to serious events, such as amputation of the incorrect limb or surgery on the wrong patient. Computer screening edits are now in place to protect CMS from paying providers for such obviously avoidable missteps (OIG, 2009; OIG, 2010). There are other areas of healthcare where this concept has also been applied (for example, see, n.d.(c) for rules regarding compensation for hospital readmissions).

The advantage of defining “never events” as a policy are many. Hopefully, the policy will decrease morbidity and save money, but it also provides for easy detection. It draws a line in the sand and eliminates gray areas in which deviance is hypothesized to grow. Best known in this regard are the ideas of Émile Durkheim (1982), a preeminent sociologist, who argued that enforcement of society’s rules and laws established parameters of acceptable behaviors. Without clear parameters of behaviors, there are substantial gray areas where individuals may drift in and out of illegal activities (for more information on this concept with respect to healthcare fraud, see Jesilow & Burton, 2014).

In medicine, some diagnoses and procedures are relatively clear-cut, and there is general agreement on when the diagnoses should be applied and how the patients should be treated (for example, a broken arm is likely to be set in a cast). Other areas of medical concern, however, have vast gray areas and practitioners seeing patients with similar symptoms might reach different diagnoses and order different treatments. One healthcare provider may consider as abuse, for example, ingestion of a specific amount of liquor each day, while another provider may find the same situation acceptable.

Such disagreements likely impact the diagnosis and treatment of the patients, as well as the claims that are submitted. The disagreement allows providers to engage in self-serving behavior (for example, by choosing a more financially favorable diagnosis when submitting the claim), while believing that they are acting in their patients’ best interests. Evidence to support the diagnosis, however, is unlikely to appear in the medical record in such situations. The rate of agreement between claims data and medical records—the likelihood of the diagnosis being recorded in the claims data and supported in the medical record—is poor for conditions that may result in conflicting diagnoses (Burton & Jesilow, 2011), such as alcohol or drug abuse. The probability in one study of the diagnosis “alcohol/drug abuse” being recorded in claims data and also being supported in the associated medical records, for example, was only 20% (Fowles et al., 1998).

Health conditions that may often result in conflicting diagnoses should be of concern to CMS and its Recovery Audit Contractors. The low levels of agreement between what is billed and support for the diagnosis in the medical record of such diagnoses suggest that the providers may be engaging in behavior that at a minimum could be defined as abuse, and numerous studies suggest that there are plenty of such conditions. Comorbidities, for example, increase reimbursements, but their billing is often not supported in medical records (for example, see Klabunde et al., 2006). Such diagnoses should be prime targets for the RACs who are looking for claims for medically unnecessary treatments.

Targeting areas in which the billing code is not supported in medical records is likely to have a number of positive outcomes. The efforts may have an educative effect (Andenaes, 1971). Providers may learn that their behavior is unacceptable and take corrective actions. They may begin to record more information in medical records, which will improve continuity of care (one of the main reasons for the existence of medical records). Or, the providers may learn that their diagnoses and treatments are idiosyncratic and not supported by mainstream medical professionals. At a minimum, such targeting is likely to somewhat decrease the flow of improper payments.

Further Reading

General Overviews

Braithwaite, J. (1984). Corporate crime in the pharmaceutical industry. London: Routledge & Kegan Paul.Find this resource:

This book is a classic in criminology. It details worldwide corporate crime in the pharmaceutical industry. This book is suggested for advanced researchers.

Brooks, G., Button, M., & Gee, J. (2012). The scale of health-care fraud: A global evaluation. Security Journal, 25, 76–87.Find this resource:

This article provides estimates for the costs of healthcare fraud in six countries: the United Kingdom, the United States, France, Belgium, the Netherlands, and New Zealand. There is also a useful discussion on measuring the extent of healthcare fraud.

Jesilow, P., Pontell, H., & Geis, G. (1993). Prescription for profit: How doctors defraud Medicaid. Berkeley: University of California Press.Find this resource:

This book is based upon interviews with healthcare fraud investigators, high-ranking government officials, and offenders. The authors discuss early patterns of fraud and abuse in Medicaid, and early attempts by the government to stop fraud in the program.

Leap, T. L. (2011). Phantom billing, fake prescriptions, and the high cost of medicine: Health care fraud and what to do about it. Ithaca, NY: Cornell University Press.Find this resource:

This book provides an in-depth discussion on the causes of healthcare fraud, major healthcare fraud laws, and the common fraud schemes that occur.

Mackey, T., & Liang, B. (2012). Combating healthcare corruption and fraud with improved global health governance. BMC International Health and Human Rights, 12, 1–7.Find this resource:

The article demonstrates that healthcare fraud in one nation can impact the health outcomes of other nations.

Rosoff, S., Pontell, H., & Tillman, R. (2010). Medical crime. In Profit without honor: White-collar crime and the looting of America (pp. 495–532). Boston: Prentice Hall.Find this resource:

An accessible textbook chapter that examines some of the major forms of medical crimes, provides illustrative case studies of healthcare fraud, discusses law enforcement difficulties, and highlights developing areas for future concern.

Savedoff, W., & Hussmann, K. (2006). Why are health systems prone to corruption? In Global corruption report 2006 (pp. 4–13). London: Pluto Press.Find this resource:

This book chapter informs readers of the unique features of healthcare systems that make them vulnerable to fraud and corruption.

Sparrow, M. K. (2000). License to steal: How fraud bleeds America’s healthcare system. Boulder, CO: Westview Press.Find this resource:

This book is a classic contribution to the study of healthcare fraud. It describes the complexities of healthcare fraud regulation in the United States. It is an excellent starting place for researchers and others interested in understanding the fraud control challenge.

World Health Organization. (2011). Prevention not cure in tackling health-care fraud. Bull World Health Organ, 89, 858–859.Find this resource:

This brief publication provides an overview of the various healthcare fraud schemes around the world, and the numerous strategies nations are employing in their attempts to reduce and stop fraud.

Measurement and Methodological Issues

Aldrich, N. (2011). Medicare fraud estimates: A moving target? The Sentinel. Retrieved from this resource:

An introduction that explains why there are no firm data on the cost and extent of healthcare fraud in the United States.

Brooks, G., Button, M., & Gee, J. (2012). The scale of health-care fraud: A global evaluation. Security Journal, 25, 76–87.Find this resource:

The authors present healthcare fraud case studies from around the world, and then discuss the various problems that researchers face when trying to determine the extent of fraud in healthcare.

Farber, N., Berger, M., Davis, E., Weiner, J., Boyer, G., & Ubel, P. (1997). Confidentiality and health insurance fraud. Archives of Internal Medicine, 157, 501–504.Find this resource:

The authors surveyed 300 physicians to determine their attitudes toward reporting patients who have committed health insurance fraud. They conclude that physicians’ decisions to report health insurance fraud are impacted by their personal attitudes, demographic features, and by patient factors.

Mashaw, J., & Marmor, T. (1994). Conceptualizing, estimating, and reforming fraud, waste, and abuse in healthcare spending. The Yale Journal on Regulation, 11, 455–494.Find this resource:

This article notes that distinguishing fraud from abuse and from waste is no easy matter. The differences between fraud and abuse are often hazy, which makes it challenging to quantify the amount of healthcare fraud.


Abelson, R., & Lichtblau, E. (2014, August 15). Pervasive Medicare fraud proves hard to stop. The New York Times. Retrieved from this resource:

Aldrich, N. (2011). Medicare fraud estimates: A moving target? The Sentinel. Retrieved from this resource:

Alexander, G. C., Werner, R. M., Fagerlin, A., & Ubel, P. A. (2003). Support for physician deception of insurance companies among a sample of Philadelphia residents. Annals of Internal Medicine, 138(6), 472–475.Find this resource:

American Association of Retired Persons. (2010). What you can learn from your explanation of benefits statement. Retrieved from

American College of Emergency Physicians. (2016). Recovery Audit Contractor (RAC) FAQ. Retrieved from

American Hospital Association. (2008). Frequently asked questions. Retrieved from

Andenaes, J. (1971). The moral or educative influences of criminal law. Journal of Social Issues, 27(2), 17–31.Find this resource:

BBC News. (2016, April 20). Mitsubishi Motors admits falsifying fuel economy test. Retrieved from

Biderman, A. D., & Reiss, A. J. (1967). On exploring the “dark figure” of crime. The Annals of the American Academy of Political and Social Science, 374(1), 1–15.Find this resource:

Block, M. K., Nold, F. C., & Gregory, J. (1981). The deterrent effect of antitrust enforcement. Journal of Political Economy, 89(3), 429–445.Find this resource:

Boese, J. T. (2011). Civil false claims and qui tam actions (4th ed.). Austin, TX: Wolters Kluwer Law & Business, Aspen Publishers.Find this resource:

Braithwaite, J. (1984). Corporate crime in the pharmaceutical industry. London: Routledge & Kegan Paul.Find this resource:

Brooks, G., Button, M., & Gee, J. (2012). The scale of healthcare fraud: A global evaluation, Security Journal, 25, 76–87.Find this resource:

Burton, B., & Jesilow, P. (2011). How healthcare studies use claims data. The Open Health Services and Policy Journal, 4, 26–29.Find this resource:

Centers for Medicare and Medicaid Services (CMS). (2009). Recovery Audit Contractors (RACs) and Medicare: The who, what, when, where, how and why? Retrieved from this resource:

Centers for Medicare and Medicaid Services (CMS). (2011). Frequently asked questions sections 6411(a) of the Affordable Care Act December 2011. Retrieved from this resource:

Centers for Medicare and Medicaid Services (CMS). (2016). What is a MAC? Retrieved from this resource:

Civil Division, U.S. Department of Justice. (2015). Fraud statistics. Retrieved from August 14, 2016.Find this resource:

Code of Federal Regulations, 42 C. F.R. 1002.2.

Committee on Finance, U.S. Senate. (1977). Medicare-Medicaid fraud and abase amendments of 1977. Washington, DC: U.S. Government Printing Office.Find this resource:

Cowley, S. (2016, October 11). At Wells Fargo, complaints about fraudulent accounts since 2005. The New York Times. Retrieved from this resource:

Dow, W. H., & Harris, D. M. (2002). Exclusion of international medical graduates from federal health-care programs. Medical Care, 40(1), 68–72.Find this resource:

Durkheim, E. (1982). The rules of the sociological method. New York: Free Press.Find this resource:

eGlobalTech. (n.d.). Comparative billing reports. Retrieved from

European Commission. (2013). Study on corruption in the healthcare sector. Retrieved from

European Healthcare Fraud & Corruption Network (EHFCN). (2016). Main homepage. Retrieved from

Farber, N., Berger, M., Davis, E., Weiner, J., Boyer, C., & Ubel, P. (1997). Confidentiality and health insurance fraud. Archives of Internal Medicine, 157, 501–504.Find this resource:

Fletcher, D. M. (2011). ZPICS: The most dangers weapon in Medicare’s arsenal. Retrieved from

Fowles, J. B., Fowler, E. J., & Craft, C. (1998). Validation of claims diagnoses and self-reported conditions compared with medical records for selected chronic diseases. The Journal of Ambulatory Care Management, 21(1), 24–34.Find this resource:

Friedrichs, D. O. (1996). Studying white collar crime and assessing its costs. In Trusted Criminals: White-Collar Crime in Contemporary Society (pp. 35–64). Belmont, CA: Wadsworth.Find this resource:

Gardiner, J. A., & Lyman, T. R. (1984). The fraud control game: State responses to fraud and abuse. Bloomington: Indiana University Press.Find this resource:

Geis, G. (1967). The heavy electrical equipment antitrust cases of 1961. In M. B. Clinard & R. Quinney (Eds.), Criminal behavior systems (pp. 139–150). New York: Holt, Rinehart & Winston.Find this resource:

Hotten, R. (2015, December 10). Volkswagen: The scandal explained. Retrieved from

Jackson, D., & Marx, G. (2016, October 4). Nursing home operator from Chicago jailed as feds allege $1 billion scheme. Chicago Tribune. Retrieved from this resource:

Jesilow, P. (2012). Is Sweden doomed to repeat U.S. errors? Fraud in Sweden’s health care system. International Criminal Justice Review, 22(1), 22–42.Find this resource:

Jesilow, P., & Burton, B. (in press). Constructing a demographic portrait of deviant doctors. To appear in O. Sefiha & S. Brown (Eds.), Handbook of deviance studies. New York: Anderson/Routledge Press.Find this resource:

Jesilow, P., & Burton, B. (2014). Healthcare fraud. In Oxford Bibliographies in Criminology, Ed. Richard Wright. New York: Oxford University Press. Online at this resource:

Jesilow, P., Klempner, E., & Chiao, V. (1992). Reporting consumer and major fraud: A survey of complainants. In K. Schlegel & D. Weisburd (Eds.), White collar crime: Issues and research (pp. 149–168). Northeastern University Press.Find this resource:

Jesilow, P., & Ohlander, J. (2010a). The impact of the National Practitioner Data Bank on licensing actions by state medical licensing boards. Journal of Health and Human Services Administration, 33(1), 94–126.Find this resource:

Jesilow, P., & Ohlander, J. (2010b). The impact of tort reforms on the sanctioning of physicians by state licensing boards. Journal of Empirical Legal Studies, 7(1), 117–140.Find this resource:

Jesilow, P., Pontell, H., & Geis, G. (1993). Prescription for profit: How doctors defraud Medicaid. Berkeley: University of California Press.Find this resource:

Kesselheim, A. S., & Studdert, D. M. (2008). Whistleblower-initiated enforcement actions against health care fraud and abuse in the United States, 1996 to 2005. Annals of Internal Medicine, 149(5), 342–349.Find this resource:

Klabunde, C. N., Harlan, L. C., & Warren, J. L. (2006). Data sources for measuring comorbidity: A comparison of hospital records and Medicare claims for cancer patients. Medical Care, 44(10), 921–928.Find this resource:

Leap, T. L. (2011). Phantom billing, fake prescriptions, and the high cost of medicine: Health care fraud and what to do about it. Ithaca, NY: Cornell University Press.Find this resource:

Liederbach, J., Cullen, F. T., Sundt, J., & Geis, G. (2001). Criminalization of physician violence: Social control in transformation. Justice Quarterly, 18(1), 141–170.Find this resource:

Malnic, E. (1968, March 9). Pharmacist given prison term for Medical claims. Los Angeles Times.Find this resource:

Mackey, T., & Liang, B. (2012). Combating healthcare corruption and fraud with improved global health governance. BMC International Health and Human Rights, 12, 1–7.Find this resource:

National Health Care Anti-Fraud Association (NHCAA). (n.d.). The challenge of health care fraud. Retrieved from

NHS Counter Fraud and Security Management Service. (2008). NHS fraud risk measurement exercises: Identifying the nature and scale of the problem. Retrieved from

Mashaw, J., & Marmor, T. (1994). Conceptualizing, estimating, and reforming fraud, waste, and abuse in healthcare spending. Yale Journal on Regulation, 11, 455–494.Find this resource:

Medicare Contractor Representative. (2016). Personal Interview.Find this resource: (n.d.(a)). Medicare Summary Notice (MSN). Retrieved from (n.d.(b)). Go paperless. Retrieved from (n.d.(c)). Hospital readmission reduction program. Retrieved from

Moses, J. (2003). False claims. American Criminal Review, 40, 495–510.Find this resource:

Office of Inspector General (OIG), U.S. Department of Health & Human Services. (1995). Understanding medical benefits: The explanation of Medicare Part B benefits. Retrieved from

Office of Inspector General (OIG), U.S. Department of Health & Human Services. (2000). Post payment safeguards. Retrieved from

Office of Inspector General (OIG), U.S. Department of Health & Human Services. (2009). Memorandum report: Adverse events in hospitals: Public disclosure of information about events. Retrieved from

Office of Inspector General (OIG), U.S. Department of Health & Human Services. (2010). Adverse event in hospitals: Methods for identifying events. Retrieved from

Office of Inspector General (OIG), U.S. Department of Health & Human Services. (2013). Medicare recovery audit contractors and CMS’s actions to address improper payments, referrals of potential fraud, and performance. Retrieved from

Office of Inspector General (OIG), Department of Health and Human Services. (2016). Memorandum report: Performance data for the Senior Medicare Patrol projects. Retrieved from

Payne, B. K., & Gray, C. (2001). Fraud by home health care workers and the criminal justice response. Criminal Justice Review, 26(2), 209–232.Find this resource:

Payne, B., & Berg, B. (1997). Looking for fraud in all the wrong places: Investigative structures used in healthcare fraud. Police Journal, 70, 220–230.Find this resource:

Perkes, C. (2009, April 21). O. C. doctor loses license in sweaty-palm surgery case. Orange County Register. Retrieved from this resource:

Pepinsky, H. E. (1980). Criminal control strategies: An introduction to the study of Crime. New York: Oxford University Press.Find this resource:

PEPPER (n.d.). Welcome to PEPPER resources. Retrieved from

Rashidian, A., Joudaki, H., & Vian, T. (2012). No evidence of the effect of the intervention to combat health care fraud and abuse: A systematic review of literature. PLoS One, 7(8), 1–8.Find this resource:

Roche, W. F. (1985). Irregularities mark PA fight against Medicaid fraud. Philadelphia Inquirer, p. A01.Find this resource:

Rosoff, S., Pontell, H., & Tillman, R. (2010). Medical crime. In S. Rosoff, H. Pontell, & R. Tillman (Eds.), Profit without honor: White-collar crime and the looting of America (pp. 495–532). Boston: Pearson.Find this resource:

Savedoff, W., & Hussmann, K. (2006). Why are health systems prone to corruption? In Transparency International (Ed.), Global Corruption Report 2006 (pp. 4–13). London: Pluto Press.Find this resource:

Sellin, T. (1953). The measurement of criminality in geographic areas. Proceedings of the American Philosophical Society, 97(2), 163–167. Retrieved from this resource:

Senior Investigators from the Centers for Medicare and Medicaid Services (CMS). (2007–2008). Personal interviews.Find this resource:

Senior Investigators from the Centers for Medicare and Medicaid Services (CMS). (2012). Personal interviews.Find this resource:

Senior Medicare Patrol. (2013). Operations logic model: Appendix A. Retrieved from

Senior Medicare Patrol (SMP) personnel. (2012). Personal interview.Find this resource:

Skogan, W. G. (1977). Dimensions of the dark figure of unreported crime. Crime & Delinquency, 23(1), 41–50. Retrieved from this resource:

Sparrow, M. K. (1998). Fraud control in the health care industry: Assessing the state of the art. Research Brief. Washington, DC: National Institute of Justice. Retrieved from this resource:

Sparrow, M. K. (2000). License to steal: How fraud bleeds America’s healthcare system. Boulder, CO: Westview Press.Find this resource:

Subcommittee on Long-Term Care, Special Committee on Aging, U.S. Senate. (1976). Fraud and abuse among practitioners participating in the Medicaid program. Washington, DC: U.S. Government Printing Office. Retrieved from this resource:

Taylor, M. (2014). Whacked by RAC: Medicare audit program imposes crushing burden on hospitals, even though most claims denials are overturned. Hospitals & Health Networks. Retrieved from this resource:

Tillman, R., & Pontell, H. (1992). Is justice “collar-blind”?: Punishing Medicaid provider-fraud. Criminology, 25(3), 547–574.Find this resource:

Turner, E. (2009). Recovery Audit Contractors (RACS): The who, what, when, where, why and how? Retrieved from

U.S. Department of Health and Human Services, Administration for Community Living. (2016). Senior Medicare Patrol (SMP). Retrieved from

U.S. Department of Health and Human Services, Administration for Community Living. (2012). Senior Medicare Patrol programs in 53 states and territories awarded funding. Retrieved from

U.S. Department of Health and Human Services, Centers for Medicare and Medicaid Services. (2014). Medicare fraud & abuse: Prevention, detection, and reporting. Retrieved from

U.S. Department of Health and Human Services, Centers for Medicare and Medicaid Services. (2012). The role of the Zone Program Integrity Contractors (ZPICs), formerly the Program Safeguard Contractors (PSCs). Retrieved from

U.S. Department of Health and Human Services, Office of Inspector General. (2013). Medicare recovery audit contractors and CMS’s actions to address improper payments, referrals of potential fraud, and performance. Retrieved from

U.S. Department of Labor, Occupational Safety and Health Administration. (2016). Whistleblower Protection Program. Retrieved from

U.S. Government Accountability Office. (2013). Medicare program integrity: Contractors reported generating savings, but CMS could improve its oversight. Retrieved from

U.S. Medicaid audit finds 90% errors. (1977, February 11). Los Angeles Times, p. B27.Find this resource:

Wallis, C. (1986, May 26). Weeding out the incompetents. Time, 57–58.Find this resource:

Wilson, P., Geis, G., Pontell, H. N., Jesilow, P., & Chappell, D. (1985). Medical fraud and abuse: Australia, Canada and the United States. International Journal of Comparative and Applied Criminal Justice, 9(1–2), 25–34.Find this resource:

World Health Organization (WHO). (2011). Prevention not cure in tackling health-care fraud. Bull World Health Organ, 89, 858–859.Find this resource:


(1.) An estimated 20% of Medicare claims did not result in a beneficiary notification during the early 1990s (OIG, 1995).