Mining Medicare and Medicaid Data to Detect Fraud

by Kathy Giannangelo, MA, RHIA, CCS

Detecting fraud is an ongoing challenge. Every organization must confront this issue, and various programs are under way to do exactly that.

On the national level, the Centers for Medicare and Medicaid Services (CMS) created the Medicare-Medicaid Data Match Program, or Medi-Medi project, in 2001. This integrity program initially began in California to detect and prevent Medicaid fraud and abuse. The program expanded to other states, and with the passage of the Deficient Reduction Act of 2005, funding increased to $480 million over a 10-year period to roll out the program nationwide.

Detecting Improper Billing and Utilization Patterns

Federal regulations require that each state Medicaid agency maintain a claims processing and information retrieval system (the Medicaid Management Information System). The Surveillance and Utilization Review Subsystem, a mandatory component of the Medicaid Management Information System, exists to safeguard against inappropriate payments for Medicaid services. Patterns of fraudulent, abusive, unnecessary, or inappropriate utilization can be detected by analyzing and evaluating provider service utilization.

According to section 6034 of the Deficit Reduction Act, the Medi-Medi programs are to use computer algorithms to search for payment anomalies. The abnormalities being sought include billing or billing patterns identified with respect to service, time, or patient that appear to be suspect or otherwise implausible. This data-oriented approach to mining combined Medicare and Medicaid claims to detect improper billings and utilization patterns has created the ability to find vulnerabilities in both programs.

Although analyzing claims data to tailor program integrity efforts is not new, matching Medicare and Medicaid claims data is improving the outcome of these efforts. Sharing and comparing billings from both programs has proven successful in identifying patterns of fraud, previously undetectable, to the individual programs. What is often found in one state is likely occurring in others, thereby leveraging the findings and increasing the potential monetary return.

For example, the Department of Health and Human Services and the Department of Justice noted in their annual report that the Pennsylvania Medi-Medi project found vulnerability in how pharmaceutical drug claims were billed and processed. The cause of this liability was traced to the use of different procedure coding systems by Medicare and Medicaid. While significant dollars in potential overpayments were identified, the report noted a larger issue-that the same vulnerability might be present across all Medi-Medi projects.

Results Speak for Themselves

In testimony on the Medicare Program Integrity Group, which closely coordinates with the Medi-Medi project, Timothy B. Hill, chief financial officer of CMS, indicated that not only is the Medi-Medi project contributing to overall reductions in payment errors, but $15 million in overpayments have been referred for collection and $25 million in improper payments have been denied before payment was made.

In addition, states are reporting noteworthy results. The use of data-mining software to jointly mine Medicare and Medicaid claims has proved fruitful in New Jersey, Ohio, and California. For example, approximately $332,000 has been found to be at risk as a result of problematic billings for beneficiaries receiving just one drug, Neulasta, over the course of one year in the state of New Jersey. Similar to the Pennsylvania finding, data analysis implies this same issue may be present in Ohio and California. Because of this trend all Medi-Medi projects are looking at the data to determine if the same vulnerability is occurring in their state as well.

The Medicare Program Integrity initiative also found an interesting error related to the same billing issue. In fiscal year 2006, Medicare’s Recovery Audit Contractors (RACs) found $500,000 in overpayments due to providers incorrectly billing for Neulasta. RACs found when a beneficiary received 6 mg of Neulasta, the provider billed for 6 units of J2505. The definition of code J2505 is injection, pegfilgrastim 6 mg (Neulasta), so one unit-not six-should have been billed.

Increased Data Scrutiny Requires HIM Action

With increased funding and stronger collaboration between federal and state agencies to detect, analyze, and investigate possible fraud and abuse, HIM professionals need to ensure they have procedures in place to find and correct areas of potential risk. Similar to the efforts of the Medi-Medi project, healthcare providers must dig deeper into the data. By doing so, providers may uncover billing patterns indicative of potential fraud or abuse that otherwise are not evident when data are viewed in a vacuum.

For example, compliance audits usually involve simple data analysis. They uncover some fraud and abuse risks such as coding errors performed by a specific coding professional. However, they may not go far enough to identify patterns. Internal data analytics or data mining should be performed to identify significant patterns, establish relationships, and find informative trends in the data. Data mining is very powerful in that it “can reveal patterns the user has not considered in his or her search, producing answers to questions that were never asked.”1

With increased pressure for accurate code assignment in all settings, HIM professionals need to take action. In this environment of expanded claims data analysis, HIM professionals should mine their organization’s data and identify any vulnerability. They can take the knowledge discovered and be proactive rather than reactive, enabling more activities to be focused on actually preventing fraud rather than simply mitigating it.

HIM professionals should also maintain a close relationship with their compliance offices or programs and remind them  that increased requests for records are to be expected as the interest builds for recovery of improper billing.


  1. Shams, K. and M. Farishta. “Knowledge Management,” in Health Information Management: Concepts, Principles, and Practice, edited by Kathleen M. LaTour and Shirley Eichenwald. Chicago, IL: AHIMA, 2006.


Agency for Health Care Administration and Medicaid Fraud Control Unit, Department of Legal Affairs. “Annual Report on the State’s Efforts to Control Medicaid Fraud and Abuse, FY 2005–2006.” December 2006. Available online at

Centers for Medicare and Medicaid Services. “Bolstering the Safety Net: Eliminating Medicaid Fraud.” Available online at

Centers for Medicare and Medicaid Services, Center for Medicaid and State Operations, Medicaid Integrity Group. “Comprehensive Medicaid Integrity Plan of the Medicaid Integrity Program, FY 2006–2010.” July 2006. Available online at

Centers for Medicare and Medicaid Services. “CMS RAC Status Document, FY 2006: Status on the Use of Recovery Audit Contractors (RACs) in the Medicare Program.” November 22, 2006. Available online at

Deficit Reduction Act of 2005. Public Law No. 109-171 Available online at

Department of Health and Human Services. Testimony by Timothy B. Hill, Chief Financial Officer, on Medicare Program Integrity. March 8, 2007. Available online at

Department of Justice. “Department of Health and Human Services and the Department of Justice Health Care Fraud and Abuse Control Program Annual Report for FY 2005.” August 2006. Available online at

Kathy Giannangelo ( is director of the practice leadership department at AHIMA.

Article citation:
Giannangelo, Kathy. "Mining Medicare and Medicaid Data to Detect Fraud" Journal of AHIMA 78, no.7 (July 2007): 66-67.