The following case studies are presented to illustrate the value of the iterative approach to data mining used in DETECT and enabled by the HOPS technology. Rather than depend on a “black box” methodology, this approach capitalizes on the experience and common sense of people who are knowledgeable in the subject areas pertinent to health care fraud detection. This approach also means that DETECT is not restricted to a single technology, but is able to identify and utilize the most effective technology for each type of fraud encountered.
The HOPS technology enables us to develop a model based on any idea or algorithm and to execute that model on the entire claims database, all within a time period of a couple of hours at most, and often within a few minutes. This means we can accomplish several such iterations within a single day, while days, weeks or even months would be required with other database technologies. At each iteration, the results are reviewed by people knowledgeable in the areas of medicine, investigative methods, fraud schemes, statistics and data analysis. The model, or the hypothesis upon which the model was based, can then be modified or enhanced and another iteration of testing is initiated.
This iterative approach to data mining also makes it possible to incorporate any technology found to be advantageous in the detection algorithms, rather than being limited to polynomial combinations of variables or a restricted set of pattern-matching methodologies. There is a wealth of problem-solving techniques in the literature of advanced analytical technologies such as operations research, management science and artificial intelligence. With DETECT, we can utilize any of these technologies in our algorithms, while at the same time stressing the approach that is simplest and easiest to understand.
The DETECT system will work with your fraud unit personnel as part of a fraud-fighting team. Although contributions from some of the top people in the area of health care fraud detection are utilized on an ongoing basis within our system, we welcome and value inputs from those on the front line. It often happens that an idea or a chance finding from someone in the fraud unit will become the starting point for a new path of investigation and data mining leading to an effective algorithm. This is even more important considering the dynamic nature of health care fraud, where the perpetrators are constantly looking for ways around our latest detection methods.
How this all works together is best explained by example and the following case studies are presented here for that purpose.
Medicare Fraud Ring in South Florida
This case began when we were reviewing a list of the 100 Medicare patients with the highest payments over an eighteen-month period. While we were browsing a list of their addresses, we noticed that many of the patients seem to live very close to each other. We also noticed that most of these close neighbors were concentrated in the same zip code. This zip code was an area of Miami where there was already some suspicion of fraudulent activities involving patients selling their Medicare HIC numbers. Our suspicions were further aroused when we noticed that there appeared to be more that the usual number of misspellings in the addresses. For example, Euclid Street was spelled five or six different ways starting with three different first letters.
We expanded our selection to the top 1,000 patients and edited the addresses so that neighbors would appear together when sorted by street name and number. We found that 384 of the 1,000 patients resided either at the same address or in close proximity to another patient in the list. We suspected that this list of 384 patients might be used to identify the providers and patients involved in the selling of Medicare HIC numbers.
In another activity we had been investigating the use of provider-patient links, simply defined as the total amount of billings appearing on claims submitted by a provider for a given patient. We identified all such links involving significant billings (top 10% of all links in Florida), and involving one of the 384 patients. We then took all the providers involved in these links and identified all other patients with significant links to these providers. The result was a collection of 1,381 providers and 37,911 patients involving over 188,000 links.
To accomplish our goal we needed to pare down this collection of providers and patients and identify the subset that demonstrated the maximum degree of collusion. We defined this subset as the smallest number of providers and patients with the largest number of links among them. Our “objective function” was to maximize a ratio calculated as the number of links divided by the number of entities (patients and providers). We researched the literature related to advanced analytical technologies such as operations research and artificial intelligence, and found that there was nothing in the literature that could assist us in solving the problem.
After considerable research and experimentation, we arrived at a relatively simple, but compute-intensive, algorithm to solve the problem. This algorithm involves multiple iterations, where the entities with the minimum number of associated links are removed at each iteration, thereby increasing the ratio of the remaining links to the remaining entities. After removing all the entities with a single associated link (which requires several iterations since each removal effects the number of links associated with other entities), the remaining entities will each have at least two associated links. After removing all entities with two links, the remaining entities will each have at least three associated links. This can be continued until a point is reached when another round of removals would cause the entire network of links to disappear. The network remaining at this point will have the highest possible ratio of links to entities.
After hundreds of such iterations, we reached a point where all the remaining entities had at least 47 associated links. The resulting network contained only 122 providers and only 181 patients, but over 10,000 links. For our particular problem, this meant that all the remaining 122 providers had submitted claims for at least 47 of the remaining 181 patients, and all the remaining 181 patients had been treated by at least 47 of the remaining 122 providers. This was considered highly improbable as a normal occurrence.
On the following pages are some exhibits produced as part of this investigation and used as part of the FBI referral that followed. Exhibit 1A summarizes the output of the algorithm as it executes, and includes the following information:
Level – The minimum number of links associated with each entity remaining in the network.
Number Links – The total number of links remaining in the network at the indicated level.
Number Providers – The number of providers remaining in the network at the indicated level.
Number Beneficiaries – The number of beneficiaries remaining in the network at the indicated level.
Total Billed Within Links – The total billings by the remaining providers for the remaining beneficiaries.
Total Billed by Providers – The total billings by the remaining providers for all the providers’ patients.
The left side on the exhibit details the incremental change in the above measures as the algorithm moves from one level to another. The right side (titled “Accumulated”) contains the total value of the above measures at each level in the algorithm. This display is used to determine the level at which the remaining population of entities is likely to contain very few innocent providers or recipients, but as many of the guilty ones as possible. In the Florida study this was determined to be level 46.
Exhibit 1B is part of matrix showing the links between providers on the horizontal axis and patients on the vertical axis. An “X” in a cell of this matrix indicates that the corresponding provider submitted significant claims for the corresponding patient. The density of the encounters is unusual. Exhibit 1C is the top left corner of the same matrix after the rows and columns have been sorted in descending order by the number of occupied cells. Here, the density of the encounters is remarkable.
Exhibit 1D illustrates the pattern of provider encounters for a single patient. The horizontal axis marks time in weeks and the vertical axis contains a list of the providers visited by the patient. When an encounter occurs with a provider, a number (representing the relative amount billings in the resulting claims) is placed in the cell corresponding to the week of the encounter. After the matrix is filled in, the rows are sorted in ascending order based on the earliest week each provider was visited. This produces a boundary from the encounters, which shows the frequency and regularity of the first encounters during the period covered by the matrix. A normal pattern would demonstrate a jagged pattern where the patient might see several new physicians each time a new episode of care begins, with “quiet” periods in between. On the contrary, Exhibit 1D exhibits almost a straight line where new providers are encountered with a regularity and frequency that is unlikely to be explained by natural events.
Using the power of the HOPS database, this algorithm can now be performed on an entire state starting with millions of entities and hundreds of millions of links. This eliminates the need to identify a subset of links where suspicions are based on other characteristics. If this type of fraudulent activity exists anywhere in the state, the algorithm will narrow in on the providers and patients involved.
