7 Reasons: Why Every MFCU Should Data Mine

Pulselight > Investigation  > 7 Reasons: Why Every MFCU Should Data Mine
Medicaid Fraud

7 Reasons: Why Every MFCU Should Data Mine

Having spent most of my career working with a talented and dedicated group of folks at the Ohio Medicaid Fraud Control Unit, my heart will always lie in the fluorescent-lit halls and cubicles of MFCUs everywhere. It is because of this, and the passion I have for program integrity, that I present the following advice for my former compatriots. But first, to set the stage:


Early Success
Congress created Medicaid Fraud Control Units (MFCU) in 1977 to concentrate solely on criminal and civil Medicaid fraud.  By 1978, there were 17 states with MFCUs. They were apparently so successful that, in 1995, the federal government made the MFCU program mandatory. Soon all states had one (except North Dakota, who used the “we don’t have any fraud” exception). During all these years, the MFCUs have convicted thousands of Medicaid fraudsters. They’ve been responsible for the recovery of billions of dollars of ill-gotten funds through criminal and civil actions. Wow, the government got this one right. Right?


The Referral Problem
One problem. The government officials who created the MFCU program envisioned a perfect system where State Medicaid Agencies (SMA) mined their massive (and growing) body of Medicaid data, collected all the overpayments, and passed along all the fraud-ripe cases to the MFCU. Based on this vision, the MFCUs had no reason to conduct any data mining, at all. In fact, that would be a duplication of effort and the federal government doesn’t like to pay for anything twice.


The reality is, in many states this dynamic of passed-along cases from the SMA doesn’t work, and in ALL states data mining by MFCUs would not constitute a duplication of effort (I’ll justify these points later).

Data Mining Approved, Ignored
In May 2013, thanks in large part to Florida, who kicked off the conversation, the federal government issued a final rule that allowed all MFCUs, who apply for and are granted permission, to mine data for cases with Federal financial participation. Bingo! The world opened up for MFCUs, right? Right?


As of this writing, almost five years later, only thirteen states have been granted permission to data mine. Is the federal government denying applications left and right? Nope. MFCUs aren’t applying.


So, I present to you, my top 7 Reasons Why Every MFCU Should Data Mine:



Ok, here’s a step-by-step guide to applying for data mining with Federal financial participation:

  1. Set up a meeting with the head of your SMA’s program integrity (PI) group or Surveillance Utilization and Review Section (SURS). This may be the most difficult part of the process. Explain to this person that your Unit is going to apply with the federal government to begin data mining and ask them to be your partner in this endeavor. Explain that your future data mining efforts are not going to conflict with or duplicate efforts currently ongoing by them. Explain that your data mining will, in fact, create a synergy of effort between your two groups. Mention that your data Memorandum of Understanding agreement may need to change so that the MFCU has access to all Medicaid claims, eligibility, and enrollment data.  Wait for this person to calm down and stop cursing and then get his or her contact information for your application.
  2. Sit down at your computer and fire up Word. Write a letter to the feds and ask permission to data mine. https://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu/data-mining.asp Estimate the number of staff you’ll need to hire and the approximate cost of hardware/software you’ll need to buy, or the potential cost of contracting this service out (spoiler alert: we’ll address this in Reason 2).  Ok, maybe step 1 in this process should have been to get approval to add some money to your budget for data mining. This may sound like bad news, but remember the federal government will pay for most of it and the positive ROI from data mining should vastly outweigh the cost.
  3. Here’s the important part. You need to explain to the feds how you will coordinate with the SMA and how your data mining will not be a duplication of effort.  Explain in your letter that you will be looking specifically for fraudulent behavior, fraudulent providers and connectivity between multiple fraudulent providers.  Are you getting my point here?  Your SMA is not looking specifically for fraud. Fraud is exactly what you will be looking for. Therefore, there will be no duplication of effort. In fact, you could mention that if your data mining happens to find a simple overpayment, you will refer that back to your SMA. See? Synergy.
  4. Send off your application and wait up to 90 days for a response. If you haven’t heard anything in 90 days, that’s a yes.


Before you even apply to data mine, you should make one crucial decision. There are only two options:

  1.  “In-house” data mining. This is a perfectly valid option and maybe the first one that comes to mind. But consider this: to effectively perform data mining yourself you will need, at a minimum, two things:(a). Hardware and/or software. Trust me, you can’t use MS Access or Excel to do this, and you do not want to use the same tools and data warehouse as your State Medicaid Agency (those tools were not designed to find fraud). You need to get the right data from claims, eligibility, and enrollment and pull it all over to your side where you can control it. Then you need to supplement that with other data (Secretary of State, licensure, exclusion lists, public record, etc.). To do this, you’ll need hardware (servers) to store the data and software that allows you to query it effectively. (b). Staff who know how to data mine at scale. You might already have data analysts on staff, but keep in mind these folks may have a completely different skill set than what is required to identify suspicious provider behaviors across, say, 300 million rows of data. You’re going to want to take all your investigators’ ideas for finding fraud and look for those complicated schemes across the entire Medicaid program. You will need people who can do that.
  2. Contracted data mining. With this option, you hire all your data mining needs out to a third party, such as an analytics company. Also with this option, you don’t need to change what you already do on a daily basis. There is no need to train current staff, hire any additional staff or buy new stuff; all of that should be taken care of by your contractor. The idea here is that you, the MFCU, are still in charge of the data mining initiative. You decide what you want and when and how much. You collaborate with your contractor to make sure your ideas are heard and needs are met. The contractor’s only job should be to make this easy and give you great results. Ok, if I sound a little biased here, you can’t blame me. But honestly, I suspect part of the reason only thirteen MFCUs have applied to data mine is that the mere idea of setting up the initiative and then being beholden to justify its cost and results, is incredibly daunting. With a third-party contractor, the MFCU can concentrate on doing what it does best. The only concern should be that you sign up with the right contractor that will make the project a success.


Why did the Florida MFCU appeal to the federal government and ask to data mine in the first place?  In short, they weren’t getting the cases they needed from the State Medicaid Agency (SMA). But wait, according to the feds when they mandated MFCUs, fraud cases should flow like an open spigot from the SMA.  What went wrong?

  1. Program Integrity (PI) groups within the SMA and the MFCUs have somewhat competing interests. On one hand, MFCUs by their nature (and by law) are located apart from the SMA. In most states, they are in the state’s Attorney General’s Office. On the other hand, the performance of PI groups like SURS are at least partially based on overpayments identified, audits performed and recoveries made. So, if a SURS unit were to turn over its juiciest cases to the MFCU, not only would it be giving them away to another agency, it would be negatively impacting its own performance. See the problem?
  2. The whole idea that the SMA would be able to “refer cases of fraud” to the MFCU is misguided. It’s nothing against the PI groups, but anyone who knows fraud like MFCUs know fraud, knows this is a flawed concept. First, since it’s technically not the PI groups’ job to find fraud, they don’t know what to look for. In fact, I’ll bet they don’t really know what “fraud” is.  Recognizing when a behavior has crossed the subtle line from abuse to criminal fraud is a nuanced skill developed over years of work. Second, many times a behavior doesn’t reveal itself as fraudulent until a case has been well developed, far beyond the typical life cycle of a PI case. These groups should not (and cannot) be expected to make this distinction. So how do they know what to refer? Well, they either refer too much or nothing at all. Either one of these things is bad.


Some MFCU folks might be thinking: “I’m getting plenty of referrals from my SMA. Why would I consider data mining?” That’s great, but there still may be a big issue. If we were to continue the conversation with these same folks, they might mention how investigator caseloads have skyrocketed, how they need to hire more staff. And if they were being particularly honest, they might talk about how investigators many times look for reasons to close some of their cases so that they might concentrate on their “good” cases. They might admit that the percentage of cases being closed due to “lack of prosecutorial merit” has increased, while prosecutorial stats have leveled off or even gone down. Most importantly, they might say how more and more of their cases are being referred back to the SMA for simple overpayment recovery.

This is a recipe for disaster. If all the statements above are true for your MFCU, I can guarantee five things:

  1. You have a better relationship with your SMA than most states.
  2. The referrals you’re getting from your SMA are of the “let’s refer everything because we don’t know what’s fraud” variety.
  3. Your investigators are wasting a lot time and resources on dead-end cases.
  4. Your investigators are getting burned out and losing passion.
  5. You are conducting criminal investigations on a ton of providers who probably don’t deserve it.


You don’t need more referrals. You need the right number of good cases.

Back in the day, I had a case on a home health aide. We’ll call her Susan Jones. Susan was doing all the typical home health bad stuff: billing for more hours than she actually worked, patient recruiting, kickbacks to doctors and patients – except she was doing it on super-high, nightmare mode. I had a great case on her and was preparing to wrap it up.


One day, I was walking by a conference room and overheard two other investigators talking about “home health” and “Jones.” I thought we were somehow all working the same case.  Turns out one investigator had a case on Bob Jones and the other was investigating Julie Jones, both home health aides. It was only through passing conversation that they both realized their targets had the same last name, and only after some note comparison that they learned both of them lived at the same address. Guess where my Susan Jones lived? Same address.  I asked the simple question: “I wonder if any other home health aides live at that address?” The answer was yes, but it took us days to get it. Why? Because we weren’t allowed to data mine and had to go to the SMA and request a “project” to get the info we needed.


Long story short, the case ballooned to about 15 providers – all sisters, brothers, aunts, uncles, children, and acquaintances of the Jones family matriarch and head of a million-dollar organized crime ring: Susan Jones. All of this happened because of a couple coincidentally overheard conversations and a long-term project with our State Medicaid Agency.


The moral of the story? If we had been data mining back then and had the right tools (or the right contractor) we would have known all this instantly, before we even thought to ask the question.

Back in the day, I had a case on a dentist who I’ll call Dr. Guppy. He had a fraud scheme that involved x-rays. In Ohio, Medicaid doesn’t pay for both bitewing and panoramic x-rays on the same date of service.  The logic behind this is that the bitewings are unnecessary if a panoramic was performed on the same day, so there is a claims processing edit in place that automatically denies the bitewings. Dr. Guppy liked to get paid for both, so he billed the panoramic on the following date of service, even though he did both x-rays on the same day. He knew what he was doing was wrong because he instructed his office staff to note the panoramic on the next day in the medical record as if the patient had returned to his office a day later just to get an x-ray. Yea, right.


A few months after Dr. Guppy pleaded guilty (and at our explicit request), the State Medicaid Agency sent over a report of about 50 other dentists who billed x-rays on the day after a patient visit. We went after most of them.


What you have just witnessed is Behavioral Analytics in its most basic form. A behavior was identified and then applied back to the universe of data to find other instances of that behavior. It took our SMA months to mine for this simple behavior. Imagine if you could do this instantly, today, with much more complex behaviors. This is the true heart and soul of why MFCUs should (must!) do their own data mining. MFCUs identify fraudulent behaviors all the time. Every time a case is made or a target is indicted, a fraudulent behavior has been brought to light. Don’t walk away from it and move on to the next referral, the next hotline complaint. Ask yourself: I wonder who else is doing this very thing? And then go find out.

I’ve saved patient abuse and neglect for last, but it is absolutely not the least of the reasons why MFCUs should be data mining. MFCUs rely almost solely on their hotline to clue them into potential abuse and neglect in a facility setting. Much of the time it is a family member calling because Mom or Grandpa has bruises or bed sores or broken bones. Or has died. What if there is no family member to make the call?  What if no one notices until it’s too late?


The only other referral source for abuse and neglect is the State Survey and Certification Agency, the government watchdog over long-term-care facilities and homes. The problem here is that these agencies rely wholly on self-reports of incidents from the facilities. You think a Medicaid-funded facility, housing our most vulnerable populations, might have the incentive to downplay or even forget to file a report about something horrible happening to one of its residents? You bet.


What if you could look for these critical incidents yourself, using the claims data at your disposal? You know what the warning signs are, just ask your investigators – spiral fractures, ulcers, multiple visits to the ER, the list goes on and on. Patterns of abusive and neglectful behavior can be identified and then applied to billions of rows of data. Go get permission to data mine and then go save a life.

As you might have guessed, everything I’ve described in this post is something we are currently doing, or are capable of doing, here at Pulselight. These are all things any MFCU could be doing in a matter of months. We’re excited about the possibilities, and I’m especially excited since I’ll always consider myself a “MFCU guy.”


I hope if you read this and work at one of the great MFCUs around the country, my words have sparked a little curiosity about the possibilities. If so, I’d love to continue the conversation.