Policy Forum
Mar 2020

What Should Health Care Organizations Do to Reduce Billing Fraud and Abuse?

Katherine Drabiak, JD and Jay Wolfson, DrPH, JD
AMA J Ethics. 2020;22(3):E221-231. doi: 10.1001/amajethics.2020.221.


Whether physicians are being trained or encouraged to commit fraud within corporatized organizational cultures through contractual incentives (or mandates) to optimize billing and process more patients is unknown. What is known is that upcoding and misrepresentation of clinical information (fraud) costs more than $100 billion annually and can result in unnecessary procedures and prescriptions. This article proposes fraud mitigation strategies that combine organizational cultural enhancements and deployment of transparent compliance and risk management systems that rely on front-end data analytics.

Fraud in Health Care

Growth in corporatization and profitization in medicine,1 insurance company payment rules, and government regulation have fed natural proclivities, even among physicians, to optimize profits and reimbursements (Florida Department of Health, oral communication, September 2019).2 According to the most recent Health Care Fraud and Abuse Control Program Annual Report, in one case a management company “pressured and incentivized” dentists to meet specific production goals through a system that disciplined “unproductive” dentists and awarded cash bonuses tied to the revenue from procedures—including many allegedly medically unnecessary services—they performed.3 This has come at a price: escalating costs, fraud and abuse, medically unnecessary services, adverse effects on patient safety,4 and physician burnout.5

Breaking the cycle of bad behaviors that are induced in part by financial incentives speaks to core ethical issues in the practice of medicine that can be addressed through a combination of organizational and cultural enhancements and more transparent practice-based compliance and risk management systems that rely on front-end data analytics designed to identify, flag, and focus investigations on fraud and abuse at the practice site. Here, we discuss types of health care fraud and their impact on health care costs and patient safety, how this behavior is incentivized and justified within current and evolving medical practice settings, and a 2-pronged strategy for mitigating this behavior.

Costs of Fraud and Abuse

In 2016, the Centers for Medicare and Medicaid Services (CMS) spent $1.1 trillion on health coverage for 145 million Americans, $95 billion of which constituted improper payments connected to abuse or fraud.6 The Federal Bureau of Investigation estimates that fraudulent billing—the most serious of program integrity issues—constitutes 3% to 10% of total health spending, contributing to inefficiency, high health care costs, and waste.7 Fraudulent billing directly impacts both cost and quality as reflected in higher premiums, more expensive services, and patients’ potential exposure to unnecessary and risky interventions, such as being prescribed a medication or undergoing surgery without medical necessity.4,7,8 Public-private costs of fraud and preventive responses by the federal Health Care Fraud and Abuse Control Program are paid directly or indirectly by insurers, hospitals, and individuals through tax dollars and higher costs associated with both fraudulent payments and regulatory enforcement.

CMS categorizes fraud and program integrity issues into 4 categories: (1) mistakes resulting in administrative errors, such as incorrect billing; (2) inefficiencies causing waste, such as ordering excessive diagnostic tests; (3) bending and abuse of rules, such as upcoding claims; and (4) intentional, deceptive fraud, such as billing for services or tests that were not provided or that are undoubtedly medically unnecessary (and sometimes harmful to the patient).9 Fraud reduction requires effective identification of these kinds of activities—or, as we prefer to call them, “behaviors”—and targeted deterrence strategies directed at their root causes, including systems issues. Some of these root causes are practice-site induced: optimizing volume, focusing on reimbursable and profitable services, and restructuring clinical staffing to include expanded use of medical assistants and clerical personnel to perform some patient care-related functions that might be construed as unlicensed practice. Increased corporatization and profitization of medicine can encourage behaviors that fall under the 4 categories.

Incentivized to Process More Patients?

Current reimbursement models incentivize physicians to engage in behaviors designed to “game the system” based on expectations for productivity that can compete with physicians’ presumed obligations to provide patients with high-quality care. For example, corporate protocols or reimbursement restrictions can limit or at least affect physicians’ prescribing of certain tests, procedures, or medications. Based on independent medical judgment, a physician might believe a diagnostic test or certain medication is medically necessary for a patient, only to find that the insurance company denies coverage or to be notified, for example, that a clinically preferred suture thread, skin graft, or preoperative prep solution will no longer be made available due to cost. Couple these externally imposed (reimbursement) protocols and internally mandated efficiencies with performance-based compensation models tied to relative value units (RVUs), and quality metric-guided physicians can find themselves pulled in 2 conflicting directions. In response, some physicians argue that overcoding and overbilling are not fraudulent but rather reflections of responsible, quality care.10

Compensation models can also incentivize gaming the system. In the 2016 American Medical Association (AMA) physician salary survey on compensation, on average, 52.5% of physician compensation came from salary, 31.8% from personal productivity, 9.0% from practice financial performance, 4.1% from bonuses, and 2.5% from other sources.11 Only 19% of physicians were paid by a salary-only model.11 However, the AMA noted that part of physicians’ salary determination was tied to productivity in the previous year, leading the AMA to conclude that productivity’s substantial role in physician compensation has been underestimated.11 Thus, even salary is not incentive neutral, particularly when performance level is tied to potential employer sanction or the practical need to sustain the financial viability of the organization.

Although most physicians oppose outright fraud, the marketplace is rife with behaviors that inflate health care system costs, produce inefficiencies, and harm patients. 

Wynia and colleagues report that physicians intentionally bend the rules and game the system for perceived patient benefit.12 When payers deny claims for services, tests, or medications that physicians deem medically necessary,13 some claim that upcoding should be distinguished ethically from fraud because the physician ostensibly acts in furtherance of the patient’s best interest.12,13,14 In a survey of 720 physicians, 39% reported that they manipulated reimbursement rules by exaggerating the severity of the patient’s condition to avoid early discharge and/or changed the diagnosis or reported nonpresent symptoms to secure a needed treatment or service.12 Unless these decisions can pass objective, peer scrutiny for medical necessity and appropriateness of care, physicians among the 39% who manipulated reimbursement rules could be charged with criminal and civil Medicare fraud, face huge fines and imprisonment, and lose their licenses.

These incentives come at a cost to both physicians and patients. Berenson and Rich have shown that primary care physicians have long been frustrated by third-party claim submission deadlines and employment performance expectations.5 Physicians report feeling rushed, prone to burnout, and professionally dissatisfied.5 Importantly, physicians describe enforced patient contact-time limitations as counterproductive.5 Such policies reduce or eliminate counseling and preventive services for patients who present with complex or chronic conditions and preclude offering long-term strategies for effective chronic disease management.5 Cost-driven care strategies, disguised as efficiencies, may result in insufficient care and higher utilization of expensive acute and emergency services. CMS’ 2019 final rule under the Medicare Physician Fee Schedule may reduce these cost-driven care strategies by increasing reimbursement for actual services rendered and by authorizing payment for remote patient monitoring, counseling, and check-ins, including when such care is provided by other health professionals.15

Fraudulent Integrity Measures?

The 4 categories of CMS program integrity violations can result from unintentionally false or mistaken documentation submitted for reimbursement or from negligent or intentionally false documentation. Billing errors and mistakes, misclassification of a diagnosis or procedure, or improper documentation can indicate lack of program integrity education.16,17,18 Inaccurate coding or errors in documentation can result from improper or incomplete interaction with the patient’s electronic health record (EHR) if the physician merely copies and pastes text, if the EHR self-populates from previous encounters, or if the algorithm prompts the physician to offer the patient potentially unnecessary or inappropriate services.16,17 When do these types of behaviors become fraud?

Werner and colleagues indicate that time pressures, administrative burdens, and a sense of decreased autonomy to treat patients according to their best medical judgment drive physicians to game the reimbursement system.13 To contain costs, payers may routinely deny initial claims, forcing physicians to submit appeals to insurers, knowing that most physicians (and the patients who wind up having to pay) lack sufficient resources to engage in the appeals process.13

Robin Hood Defense

Some physicians perceive themselves as operating in an unjust environment, as physicians must weigh the competing demands of compliance with reimbursement rules against their role as physicians to provide optimal patient care.12 Recognizing physicians’ ethical duty to uphold the principle of nonmaleficence stemming from the Hippocratic Oath and their legal duty to avoid malpractice liability, Tavaglione and Hurst assert that physicians have a duty to protect the patient against the system, even at the risk of their own potential self-interest.14 Notably, physicians worried about prosecution for abuse or fraud may not object to reporting their own manipulation of reimbursement rules (in surveys) because these actions are driven by a perception of patient necessity. If so, more efforts by payers to control physician options might simply increase manipulation.12

Although most physicians oppose outright fraud, such as billing for services never rendered or subjecting patients to medically unnecessary tests, procedures, or medications, the marketplace is rife with behaviors that inflate health care system costs, produce inefficiencies, and harm patients. In the 2018 fiscal year, the Department of Justice won or negotiated $2.3 billion in judgments or settlements relating to health care fraud and abuse, including 1139 criminal fraud investigations.3 Modifications to the Affordable Care Act were designed to enhance the Department of Justice’s efforts to investigate and prosecute health care fraud by shifting from a “pay and chase” model to active fraud prevention using front-end data analysis, predictive analytics, and trend evaluation to screen providers and identify suspicious claims and aberrant billing patterns prior to payment.19

When Fraud Poses Risks to Patient Safety

In one of the largest settlements with an individual under the False Claims Act, Steven Wasserman was charged in 2013 with accepting illegal kickbacks and billing Medicare for medically unnecessary services.20,21 In this case, another physician, the relator (whistleblower) provided evidence that Wasserman was financially motivated to perform (and was reimbursed for performing), among other things, unnecessary surgeries—biopsies and tissue excisions on elderly patients. Wasserman settled the case by paying $26.1 million to resolve the allegations without admission of liability.20,21 Such allegedly fraudulent practices not only created unnecessary expense but also, most importantly, exposed vulnerable adults to the risk and discomfort of unneeded procedures.

Another case, which involved both false claims and criminal claims against individuals affiliated with a pain management clinic, further illustrates the direct impact of fraud on patient safety and quality of care. In this case from 2018, an unnamed physician and the owner of a pain management clinic were both sentenced to 35 years in prison following a jury determination of criminal liability related to the illegal distribution of controlled substances.3 A pain management clinic operated as a “pill mill” by distributing controlled substances at a profit in excess of $30 000 per day, with the physician seeing as many as 60 patients per day and writing over 18 000 prescriptions for hydrocodone over approximately 2 years.3 These cases illustrate the more serious program integrity issues in which physician behavior does not arise from inadvertent mistakes or bending the rules to fulfill a duty to the patient but rather from intentional and fraudulent deception designed to increase profit at the expense of patient well-being.

Solutions to Mitigate Fraud and Abuse

We propose a multi-layered strategy to address program integrity issues that emphasizes education and employers’ implementation of front-end analytics to mitigate fraud and abuse at the practice site. Here, we highlight elements of this strategy that are natural expansions of existing quality control and fraud prevention systems and objectives.

Program integrity education. Program integrity and fraud control must start in undergraduate medical education and remain an explicit component of residency mentoring, which is the job of medical school deans, department chairs, and division directors and preceptors. The already traffic-jammed curriculum could be gently massaged—to weave in a bit more about patient safety, malpractice, quality assurance, evidence-based medicine, and appropriate billing practices. A special program could also be implemented during medical school or employment to address program integrity issues arising from mistakes and inadvertent errors in both EHR charting and billing. The literature suggests that comprehensive education in this area is lacking, with only about one-third of medical schools providing any curricular content relating to fraud and abuse.17 In response, some stakeholders recommend resident physician education that would cover issues pertaining to compliance, billing, appropriate documentation, adequate supervision, and potential civil and criminal liability.16,17,18 A variety of training models exist, and several commentators suggest integrating program integrity training as part of the physician onboarding process.16

Front-end analytics. In the past decade, addressing egregious fraud has moved away from the pay-and-chase model to using data analytics and big data to assess the legitimacy of claims prior to payment.3,6 CMS currently utilizes the Fraud Prevention System, which applies algorithms to monitor and analyze incoming claims and payments. Flags are automatically placed on outliers, which the Office of the Inspector General of the US Department of Health and Human Services can further investigate, along with provider risk ratings and peer comparisons.3 Using real-time data collection, the Office of the Inspector General can compare patient volume for similar professional claims to identify abnormally high reimbursement submissions, unnatural practice growth patterns, or unusually high numbers of procedures based on specialty and practice size or to flag suspect patient visits patterns (such as an excessive number of patients during a 24-hour window.)22,23 This artificial intelligence-based system for identifying potential program integrity anomalies is relatively new. But CMS is also directed to cases by whistleblowers, who are incentivized to report fraud under the False Claims Act and Stark Law (ie, prohibition on self-referral), which entitle them to receive a percentage of any government recoveries.24,25

In addition to traditional mitigation strategies such as hiring qualified quality assurance and compliance personnel and utilizing CMS provider resources that offer ongoing education, we recommend as part of risk management that providers internally implement predictive analytics programs such as those offered by technology consulting entities26 to identify patterns of aberrant and suspicious billing practices prior to submission of claims. Adopting a program that predicts, classifies, and flags potential events prior to claims submission would empower institutions and physician groups to reduce unintentional error, avoid costly liability, and prioritize patient safety. It is not unreasonable to expect that regulators might one day place the onus on practices and facilities to internally screen claims submissions using “certified” predictive analytics software driven by algorithms that might even be able to detect the Robin Hood physician with the best patient care intentions. Those who use fraud mitigation software might be rewarded with differential payment rates; those who don’t might be taxed. But treating fraud and abuse must really start at home—in medical education, residency, and practice—where physicians are expected to “heal thyself” first.


  1. Konda S, Francis J, Motaparthi K, Grant-Kels JM; Group for Research of Corporatization and Private Equity in Dermatology. Future considerations for clinical dermatology in the setting of 21st century American policy reform: corporatization and the rise of private equity in dermatology. J Am Acad Dermatol. 2019;81(1):287-296.e8.

  2. Feldstein P. Health Associations and the Demand for Legislation: The Political Economy of Health. Cambridge, MA: Ballinger; 1977.

  3. US Department of Health and Human Services; US Department of Justice. Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2018. https://oig.hhs.gov/publications/docs/hcfac/FY2018-hcfac.pdf. Published May 2019. Accessed August 22, 2019.

  4. Wolfson J, Menachemi N. Just dating or soul mates? Patient safety meets fraud and abuse. Fla Health Law J. 2009;1(1):155-170.

  5. Berenson RA, Rich EC. US approaches to physician payment: the deconstruction of primary care. J Gen Intern Med. 2010;25(6):613-618.
  6. US Government Accountability Office. Medicare and Medicaid: CMS needs to fully align its antifraud efforts with the fraud risk framework. https://www.gao.gov/assets/690/688748.pdf. Published December 2017. Accessed August 22, 2019.

  7. Morris L. Combating fraud in health care: an essential component of any cost containment strategy. Health Aff (Millwood). 2009;28(5):1351-1356.
  8. Wolfson J, Smith JL, Proper SA. Avoiding and managing Medicare fraud and abuse investigations of Mohs surgery: Mohs in the crosshairs. JAMA Dermatol. 2018;154(11):1249-1250.
  9. Centers for Medicare and Medicaid Services. Medicare fraud and abuse: prevent, detect, report. https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/Fraud-Abuse-MLN4649244.pdf. Published February 2019. Accessed August 22, 2019.

  10. Loria K. Why is there a problem with upcoding and overbilling? Medical Economics. January 29, 2019. https://www.medicaleconomics.com/health-law-and-policy/why-there-problem-upcoding-and-overbilling. Accessed August 22, 2019.

  11. Rama A; American Medical Association. Policy research perspective: how are physicians paid? A detailed look at the methods used to compensate physicians in different practice types and specialties. https://www.ama-assn.org/sites/ama-assn.org/files/corp/media-browser/member/health-policy/prp-how-physicians-paid.pdf. Published January 1, 2018. Accessed August 22, 2019.

  12. Wynia MK, Cummins DS, VanGeest JB, Wilson IB. Physician manipulation of reimbursement rules for patients: between a rock and a hard place. JAMA. 2000;283(14):1858-1865.
  13. Werner RM, Alexander GC, Fagerlin A, Ubel PA. Lying to insurance companies: the desire to deceive among physicians and the public. Am J Bioeth. 2004;4(4):53-59.
  14. Tavaglione N, Hurst SA. Why physicians ought to lie for their patients. Am J Bioeth. 2012;12(3):4-12.
  15. Centers for Medicare and Medicaid Services. Final policy, payment, and quality provisions changes to the Medicare Physician Fee Schedule for calendar year 2019. https://www.cms.gov/newsroom/fact-sheets/final-policy-payment-and-quality-provisions-changes-medicare-physician-fee-schedule-calendar-year. Published November 1, 2018. Accessed on August 22, 2019.

  16. Lyles MA. Teaching physicians about fraud and program integrity. Acad Med. 2013;88(8):1061-1063.
  17. Agrawal S, Tarzy B, Hunt L, Taitsman J, Budetti P. Expanding physician education in health care fraud and program integrity. Acad Med. 2013;88(8):1081-1087.
  18. Kraus EM, Bakanas E, Gursahani K, DuBois JM. Establishing the need and identifying goals for a curriculum in medical business ethics: a survey of students and residents at two medical centers in Missouri. BMC Res Notes. 2014;7(708):1-7.
  19. Fact sheet: the Health Care Fraud and Abuse Control Program protects consumers and taxpayers by combatting health care fraud [press release]. Washington, DC: Office of Public Affairs, US Department of Justice; February 26, 2016. https://www.justice.gov/opa/pr/fact-sheet-health-care-fraud-and-abuse-control-program-protects-conusmers-and-taxpayers. Accessed November 8, 2018.

  20. Florida physician to pay $26.1 million to resolve false claims allegations [press release]. Washington, DC: Office of Public Affairs, US Department of Justice; February 11, 2013. https://www.justice.gov/opa/pr/florida-physician-pay-261-million-resolve-false-claims-allegations. Accessed on August 22, 2019.

  21. Gentry C. Patients paid price for prosecution delay. Health News Florida. https://health.wusf.usf.edu/post/patients-paid-price-prosecution-delay#stream/0. March 7, 2013. Accessed January 9, 2020.

  22. Thornton D, Mueller RM, Schoutsen P, van Hillegersberg J. Predicting healthcare fraud in Medicaid: a multi-dimensional data model and analysis technique for fraud detection. Procedia Technol. 2013;9(9):1252-1264.
  23. Bauder RA, Khoshgoftaar TM. The effects of varying class distribution on learner behavior for Medicare fraud detection with imbalanced big data. Health Inf Sci Syst. 2018;6(1):9.

  24. 31 USC §§3729-3733 (2019).

  25. 42 USC §1395nn (2019).

  26. Deloitte Center for Health Solutions. Health care fraud and abuse enforcement: relationship scrutiny. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/life-sciences-health-care/us-lshc-health-care-fraud-abuse.pdf. Published 2015. Accessed December 5, 2019.


AMA J Ethics. 2020;22(3):E221-231.



Conflict of Interest Disclosure

The author(s) had no conflicts of interest to disclose.

The viewpoints expressed in this article are those of the author(s) and do not necessarily reflect the views and policies of the AMA.