Health Care Fraud Mitigation Offers Lessons for Workers’ Comp
Fraud has always been a challenge across all lines of insurance.
Workers’ compensation is no different.
While most workers’ compensation claims are valid, research shows that 1% to 2% are fraudulent. These fraudulent claims cost the insurance industry — and honest policyholders — $306.8 billion per year across all lines.
This massive scale cannot be ignored.
And while insurance companies have partnered with law enforcement over the years to fight fraud, the battle continues to rage. Technology is tipping the scales in favor of honesty as insurers find innovative ways to discern truthful claims from fraudulent ones.
A compelling panel at National Comp 2022 addressed this timely issue.
Four industry leaders joined a multidisciplinary panel in Las Vegas on the first day of the show to talk about innovations in claims fraud mitigation.
The Current State of Workers’ Comp Fraud
Given its obvious similarities to health care, the workers’ compensation industry can learn claims fraud mitigation techniques from this adjacent industry.
Health care faces its own hurdles when it comes to fighting fraud; some estimates place the cost of health care fraud at $105 billion annually, including costs associated with Medicare and Medicaid fraud.
When the experiences from managing and mitigating health insurance fraud are applied to other disciplines, the overall costs and ramifications of these schemes can be lowered.
Panelists Jefferson Grace, task force officer, FBI-LV Cybercrime Task Force at Las Vegas Metropolitan Police Force; Bill Barbato, general manager & vice president, B2B Payment Solutions at Change Healthcare; Joe Paduda, principal at Health Strategy Associates LLC; and Jennifer Cant, enterprise payments fraud prevention specialist at Change Healthcare, presented the session “What the U.S. Healthcare Industry Can Teach Us About Mitigating Claims Fraud” to a packed audience of claims and risk managers.
Opening the panel, the speakers highlighted fraud statistics to illustrate the scope of the problem. Metrics like the $9 billion in workers’ compensation policy fraud and $25 billion in premium fraud that affect the industry showcased the need for change.
“Payment fraud is a reality. It’s not a matter of if; it’s a matter of when,” Barbato began the session.
“We’ve seen a trend over the last 10 years. It’s organized syndicates perpetuating these [fraud] crimes. And they’re not going after the small dollars. They’re going after multi-million-dollar payments that insurance companies are making to large hospital systems.”
Paduda spoke about the changing nature of fraud, describing it as a dynamic business. Detective Grace described the ease with which criminals can gain access to personal information through the dark web.
One example was the availability of social security numbers for purchase with a going rate of about $20. He went on to describe how crimes can easily proliferate to different parts of the country, describing ransomware-as-a-service and, now, crime-as-a-service.
“The big ransomware groups are selling their ransomware to other criminals as a service to others who can go victimize more people,” Grave said.
“Now we’re seeking crime-as-a-service, which is a forum where criminals can get together and share information. Criminals can sell access to their exploits to various groups across the U.S., so they are able to make large schemes go further.”
Preventing Fraud Is Key
The speakers focused much of their session on prevention, particularly around payments fraud.
Taking a cue from the health care industry, panelists warned of new cyber fraud schemes targeting payments.
Cybercriminals have successfully stolen health care payments through social engineering scams. Once the criminal has access to a patient’s personal identifiable information, they can steal health care payments by rerouting direct deposits or payee information.
In one extreme case, criminals stole $3.1 million by redirecting health care payments to their own bank accounts instead of to the victims’.
Workers’ compensation payments could be the next target.
The speakers discussed several ways insurers can proactively protect themselves against the risk of payment fraud. In addition to basic cyber safety practices like using multifactor authentication to verify user identities, the panelists recommended building vigilance among the team through training and frequent communications, keeping current on trends and knowing red flag indicators specific to your line of business.
More high-tech ways to prevent fraud were also presented. Link analysis, which involves using technology to find relationships across many different data points, can be a helpful tool in the fight against claims fraud.
Many insurers have data locked in various systems — and technology can quickly find connections buried within these data points and systems that humans often struggle to understand.
Also discussed was the best practice of engaging with industry consortiums designed to fight fraud.
Aligning with these consortiums to share information and insights strengthens the group’s ability to act. Consortium data only remains valid and robust when insurers continue to contribute their findings, so the panel recommended joining and engaging with these industry consortiums.
Grace spoke about establishing relationships with law enforcement in addition to these industry consortiums.
“If you deal with any type of financial crime or fraud, you want to meet the investigators in advance. The white-collar crime unit of the FBI has multiple squads. Find your local field office, call them and make that connection before you need to cold call an investigator after something has happened,” he said.
What’s Next in Mitigating Claims Fraud
The final few minutes of the presentation focused on tangible takeaways for the audience to deploy.
Paduda outlined these four steps companies should take to mitigate the effects of claims fraud:
- Report the fraudulent activity and shut down further payments or activity immediately.
- Communicate with the appropriate people both within and external to your organization. Have a communications protocol in place before you need it.
- Ask your regular payees to notify you of any irregularities. If you regularly batch payments, for example, a regular payee may notice an issue before you do.
- Establish relationships with law enforcement and your local FBI office in advance. Have a network and plan ready before you need it.
Barbato discussed having a watertight workflow in place before fraud is detected. And he reminded the audience of the possible (albeit unpleasant) possibility of an employee committing fraud.
“Everyone in the workflow has to take responsibility. We have a tight procedure we walk through when we detect fraud. It encapsulates all the individuals involved in the process. Don’t discount that you could have a rogue employee who has sold credentials online, been a victim of a phishing attempt or just plain committed fraud.”
Grace underscored the importance of proactive intelligence in fraud prevention and mitigation: “Threat intelligence is important. If criminals hit one company with a certain scheme, they will try others looking for the same vulnerability. It’s the same scheme over and over again, but for some reason it keeps working.”
To combat this, he recommended education, threat intelligence and talking with others to learn what active scams are being perpetuated at any given time.
“Talking to others is the most critical thing out there.” &