Assessment of Existing Fraud-Control Systems
When news of scandalous fraud losses comes to the fore, industry executives often deflect criticism from their own agencies through what might be termed "defense by display of functional apparatus." They counter suggestions of wide-open vulnerability to fraud by listing all kinds of apparatus, in operational use, aimed at fraud prevention and detection. Defending the New York State Department of Social Services (which handles the state's Medicaid program) the executive deputy commissioner (in 1991) produced a fine example of defense by display of functional apparatus. He argued that the Department of Social Services used an impressive array of apparatus to control fraud, including identification processes (computer profiling and targeting, undercover investigations, and audits); front-end controls limiting program access (provider enrollment controls, prepayment edits, utilization thresholds); and extensive applications of technology, including Medicaid card-swiping and systems, and various computer matching programs.1
To see if the traditional mix of systems really works to detect or control fraud, we must inspect each one in turn. The traditional types of controls, commonly used throughout the industry, are claims processing (involving human claims examiners as well as automated edits and audits), prepayment medical review, postpayment utilization review, and audits of one kind or another. These systems are supposed either to reject fraudulent claims up front or to detect them after the fact and refer them to specialist fraud units for investigation.
The bulk of today's health care claims are processed within high-volume, highly automated environments. (More than 85 percent of