American Journal of Law & Medicine

Following the money in health care fraud: reflections on a modern-day yellow brick road. (Follow the Money: The Impact of Economic on the Delivery of Health Care)

    Who cheats? Well, just about anyone if the stakes are right. (1)     Stealing a million dollars or more is remarkably easy, and carries    with it little chance of getting caught. You don't even need to    know much about health care. (2) 


Health care fraud is all about the money. A small group of offenders may believe the rules simply do not apply to them; a few may be motivated by the thrill of outsmarting a complex regulatory system; and occasionally someone may view fraud as a political act of protest against unwarranted governmental intrusion into health care. (3) But in the vast majority of eases, health care fraud occurs simply because, as Professor Pamela Bucy long-ago noted, "[t]hat's where the money is." (4) And quite a lot of money it is, indeed: the United States is estimated to have spent $2.5 trillion on health care in 2009, with over $918 billion of that coming from the federal government. (5) Under some estimates, up to 10 percent of that amount - no one quite knows for sure might be lost to fraud. (6)

But the relationship between health care fraud and the U.S. health care system is far more complex than might first appear. Would-be thieves and hucksters--or "fraudsters," to use the common lingo--are not the only ones who respond to the financial incentives and disincentives in the system. Due to the unique nature of the laws used to pursue health care fraud, both public and private prosecutors also follow the money in choosing their targets and both may share in the spoils of a successful prosecution. Moreover, perceptions about the money lost to health care fraud have enormous influence on policymakers, as exemplified by the recent health care reform debate. In short, money may drive health care fraud, but not all roads lead in the same direction.

This essay will explore three different perspectives on the ways in which health care fraud "follows the money": the would-be perpetrators of fraudulent schemes, the public and private prosecutors who pursue fraudulent activities, and the policymakers who attempt to prevent fraud and recapture lost funds for legitimate program purposes. Part II of this essay identifies key attributes that make the health care system an attractive target for fraud. Part III discusses the financial incentives affecting the behavior of each of these groups. Part IV concludes by offering some thoughts on the future of the antifraud agenda in the shadow of health care reform.


Several attributes of the U.S. health care system are relevant to health care fraud. Some invite fraud; others, albeit far fewer, make it easier to identify fraudulent activities. Two have particular salience to this essay: the reliance on documentary proof of services rendered and the persistence of a decentralized operative model.


The first attribute of the U.S. health care system is our heavy reliance on documentation to establish the amount and propriety of services provided. Documentation not only provides a record of the information necessary to assure continuity of care, it also is needed to get paid for that care and forms the basis for post-payment review. The mantra has long been "If it's not documented, it wasn't done"--and according to audits of the Medicare program, quite a lot of claims aren't up to snuff. In November 2007, the Centers for Medicare and Medicaid Services (CMS) deemed "improper" 3.9 percent of the Medicare payments made during the 2006-07 audit period, a total of $10.8 billion dollars. (7) Roughly 1 percent of payments were deemed improper based on lack of documentation alone, 0.6 percent due to no documentation and 0.4 percent due to insufficient documentation. Another 1.3 percent were found to have been medically unnecessary and 1.5 percent to have involved incorrect coding--categories that also implicate documentation, as the reviewed records lacked the information that would justify the chosen procedure or billing code. (8) The error rate, in fact, is almost wholly a measure of documentation problems.

Given their importance, there is a surprising amount of controversy over how these error rates are calculated and what they mean. As one commentator has warned, "In]early every available statistic in a fraud control environment is ... [a]t best, ambiguous; at worst, perverse and misleading." (9) CMS proved this point nicely by revising the audit methodology for FY 2009 to impose tighter review criteria designed to identify all deviations from Medicare documentation requirements, rather than permitting reviewers to use their own professional judgment in determining whether the available information, taken as a whole, supported the accuracy of the claim. (10) The result was a staggering increase in the number of improper claims identified: 7.8 percent of claims paid, a total of 24.1 billion dollars. (11) Under the new methodology, 2 percent of claims were deemed improper due to either lack of or insufficient documentation, 4 percent due to lack of medical necessity, and 1.6 percent due to incorrect coding. (12) CMS was quick to reassure the public, however, that the numbers did not reflect an increase in fraud in the Medicare program, yet warned that the methodology change was significant enough that no useful comparisons could be made with prior years. (13)

Several aspects of these estimates are worth noting--beyond the obvious conclusion that if a change in methodology leads to such drastically differing results, it is nearly impossible to determine whether the situation has improved over the last twenty-five years. For one thing, not all of these errors involve Medicare paying out too much: although rarely mentioned, these total errors include roughly $1 billion in underpayments, a number of paramount concern to health care providers (although it pales in comparison to the $9.8 billion in overpayments in 2007 and the $23 billion in 2009). (14) More importantly, while these figures certainly indicate a serious problem with the accuracy of Medicare payments, they tell us very little about the extent of fraud in the federal health care programs. CMS explicitly states that "the error rate is not a measure of fraud[,]" although it may indicate what is euphemistically described as a "program weakness." (15) It may not be apparent whether a claim that is supported by inadequate documentation is the result of an honest mistake, a reckless attitude toward billing accuracy, an abusive attempt to game the reimbursement system, a good faith disagreement over the proper way to interpret ambiguous rules, or the claimant's truly fraudulent intent to deceive the government into paying a falsified claim. (16)

At one level the distinctions may not matter: any improper claim, by definition, should not be paid in its current form. Thus, many of the powerful criminal and civil statutes applicable to health care fraud are satisfied by proof of mental states that fall short of traditional notions of intent. (17) But a more nuanced approach recognizes that these different behaviors may require different responses: while stricter deterrence measures may be needed to prevent true fraud, other behaviors are better addressed by clarifying ambiguous payment provisions and closing the loopholes utilized by creative providers. (18) Deeming all such behaviors "fraudulent" may be effective political rhetoric, but of little prescriptive value.

Indeed, a far more cynical interpretation of the data suggests that these documentation audits are incapable even of identifying, let alone measuring, true fraud. Professor Malcolm Sparrow has argued that a person truly intent on committing fraud will be careful enough to avoid the types of documentation errors that raise red flags on an audit: "The rule, for the thieves in the system, is simple: Bill your lies correctly. Provided they do that, they can rely on the payment systems to process their lies correctly, and pay them." (19) Under this approach, the errors uncovered by documentation audits may be the result of mistakes or carelessness by legitimate providers, or perhaps the work of incompetent criminals, but they exist wholly apart from the most extensive and successful fraud schemes. As Professor Sparrow notes, "What you see is not the problem. It's what we don't see that really does the damage." (20) This is one of the key reasons we have no way of estimating the true extent of fraud (rather than documentation errors) in the system. Unless some independent reason exists to question its premise, a well-documented but utterly false claim may escape detection. The task for investigators, then, is not only to review documentation but also to consider other factors (such as claims history, population demographics, or provision of high-risk items and services) that raise questions about the underlying integrity of the claims submitted--a task that historically has lagged behind more traditional law enforcement mechanisms.

The confusion over (not to mention the fraud opportunities created by) documentation requirements is magnified by the sheer quantity of rules that apply to the federal health care programs. Documentation means not just proof that the service was rendered, but also that it was done in accordance with the myriad rules that govern program reimbursement. The requirements are staggering: a decade ago, it was estimated that the rules governing Medicare alone exceeded 130,000 pages. (21) That number is likely even larger now given the new and complex Medicare drug benefit program; furthermore, the proliferation of easily updated internet guidance materials makes it nearly impossible to calculate a static total. And case law is clear that the burden of complying with these requirements falls squarely on the health care providers who seek payment for their services. (22)

Reliance on documentation is not limited to health care fraud, but rather is a common characteristic of white collar crime. Even so, the problems may be exacerbated in the health care context:

    [T]he fact that the crime may be hidden in voluminous documentary    materials [ ] makes white collar crime difficult to investigate and    prove. It often is necessary to follow a lengthy paper trail simply    to discover what occurred. This paper trail is especially arduous    in the health care field because of the complexity and density of    medical record-keeping and the extraordinarily convoluted billing    and reimbursement mechanisms in place. (23) 

The ability to hide wrongdoing within a complex set of documents or electronic communications is one of the key reasons investigating health care fraud is such a resource-intensive endeavor.

Of course, there is a flip side to this complexity: the fact that health care reimbursement is ruled by documentation means that there is, in fact, a trail to follow. With the right resources--personnel, data analysis capacity, and time--it is possible to identify not only blatant instances of fraud, but also repeated instances of questionable conduct that coalesce into a pattern of abusive behavior. This opportunity has not been lost on those in the private sector: successful Civil False Claims Act (FCA) qui tam suits have been brought not only by individuals and entities with personal knowledge of wrongdoing, but also by those with the ability and inclination to sift through mounds of publicly available data to identify suspicious claims. One prominent example was a series of FCA suits filed in 1996 alleging that a number of hospitals had engaged in a pattern of upcoding to more lucrative billing categories by using the diagnosis-related group (DRG) for serious bacterial pneumonia when patients actually had a less serious viral form of the illness--a trick the Department of Health and Human Services (HHS) Office of Inspector General (OIG) estimated could net a hospital an extra $2,500 per claim. (24) The whistleblower, Health Outcomes Technologies, was a software company that developed computer-based health outcomes measurement and disease management systems. Using this technology, the company was able to identify hospitals that had billed for bacterial pneumonia at rates far in excess of the national average (in some cases up to thirty times more). (25) The suits spurred a larger-scale OIG and Department of Justice (DOJ) investigation of 100 hospitals, resulting in settlements of over $35 million. (26)


A second related attribute is the decentralized nature of the U.S. health care system. In the United States, we have steadfastly been opposed to adopting a so-called "single-payer" health care model, such as the British or Canadian systems. Instead, we have a market-based system that allows a host of insurers and providers to compete for health care business from patients and, in most cases, from the employers who purchase health insurance for their employees. With the exception of the Veteran's Administration, the major federal health care programs operate under a broad federal framework that is carried out by regional agents or authorities, some public and some private. In Medicaid, that power is shared between the federal and state governments, which jointly fund health care benefits for the medically and financially needy. While the federal framework imposes limits on state discretion, each state's Medicaid plan differs in significant ways, including not only the details of what but also who is covered. (27) Even in the federally-run Medicare program, the private insurance companies who act as carriers and fiscal intermediaries process claims and, to a certain extent, set local policies that vary by region. (28) In addition, roughly ten million Medicare beneficiaries have opted for Medicare Advantage plans--and an additional twenty-six million purchase additional prescription drug coverage--sold by private insurers, managed care organizations, and other entities that compete by offering beneficiaries a range of pricing and benefits. (29) Clearly, characterizing something as a "government" health care program tells us more about the source of the payment than about the day-to-day practicalities of how medical care is provided.

These problems are only magnified in the private sector. Medicare carriers and intermediaries may adopt slightly different local coverage policies, but they all interpret the same federal laws and regulations and use the approved federal claims forms. …

Log in to your account to read this article – and millions more.