Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
I am often asked what motivated me to start Pondera. So… Here goes.
In 2011, after my previous company was acquired, a good friend working at Google asked me to visit their Mountain View campus. He was interested in learning how to embed Google products in large government programs like Medicaid, Unemployment Insurance, and eligibility systems.
Over the course of a couple of days, I was briefed on Google’s products and capabilities and I was struck by the massive computing power that their customers could literally “rent” as needed. Having spent over 20 years in technology, it was becoming clear to me that cloud computing was more than the latest tech buzzword. But it was during a discussion about the Google Prediction API though, that my imagination was really piqued.
With Prediction API, I realized, government organizations could analyze huge amounts of data to predict future events and identify data anomalies. All without ever buying a single piece of hardware or software. Thinking back to my time working on large government systems, I realized that this new technology had the potential to solve one of the problems that had always bothered me: fraud, waste, and abuse.
Over the years, I had worked on over 100 large government projects. And it had always amazed me that despite the fact that improper payments often exceeded 10% of program disbursements, most government bids had only a handful of requirements to address the problem. My government colleagues explained that they were under such pressure to deliver their services with such limited budgets that they simply could not invest appropriately in fraud detection.
Sitting in that room at Google headquarters, it was apparent to me that emerging technologies offered a new way to solve an old problem. One week later, I founded Pondera and set out to change the fraud detection market. Five years later, we’ve helped our clients prevent and collect hundreds of millions of dollars in improper payments. And we’re just getting started...
Fighting fraud is an interesting challenge. When an organization shuts down a fraud scheme, bad actors don’t suddenly become good citizens. Rather, they evolve. They evolve by designing and testing new methods that, when they succeed, are exploited until they too are detected and shut down. In fact, many of the more enterprising fraudsters proactively try out new methods to avoid any “breaks in revenue”. This constant game of “whack-a-mole” is well known to program integrity staffs.
This ever-changing nature of fraud schemes demands an ever-changing detection system. If an organization’s fraud detection methods look more or less the same as they did the year before, I can almost guarantee you that their fraud rates have returned to the levels prior to the introduction of the detection systems. Bad actors will simply find another way to conduct their business.
For these reasons, it is important to be nimble in fighting fraud. Complex technologies and massive data warehouses will lose effectiveness over time. If it takes a year to negotiate a change order, to deploy new technologies, or to integrate new data sources, literally billions of dollars in improper payments can be lost. The trick is to stay even with or just a “step” behind the bad actors, not miles behind.
While all state agencies want to choose the right partner to help them with their fraud detection efforts, I would challenge them to ask themselves the following questions: How easy is the company to work with? How willing will they be to incorporate new technologies (even if not their own)? How important is fighting government fraud to their company versus everything else they do? How passionate are they about the problem? Honest answers to these questions will reveal a lot about the future success of your efforts.
As a company that works with government clients, we spend a tremendous amount of time and money responding to Requests for Proposals (RFPs). We understand that governments use RFPs to ensure competitive bidding processes and to articulate their requirements. However, the process still causes enough angst for prospective bidders that, ironically, it often actually limits competition.
We wrote in a previous blog post about the lengthy RFP procurement cycles and their impacts on the final project. Today I’d like to discuss the formats of the RFPs themselves which often cause confusion, leading to large numbers of vendor questions, which in turn leads to delayed timelines and incorrectly submitted bids. I confess that I have never been on the “other side of the table” writing an RFP and I can only imagine how difficult it must be. But I still have one simple suggestion that I wish government agencies would take prior to releasing an RFP.
Before releasing an RFP to the vendor community, I suggest that government run an internal “mock” procurement: “release” the bid to a few agency employees and ask them to respond to it. They don’t have to provide actual answers, just an outline so they can make sure they understand what the RFP requires, where responses should go, how the format works, and other structural issues. It’s important that these people had nothing to do with the writing of the RFP document itself because then they’d naturally understand what they intended when they wrote it.
Commonly confusing issues we see in RFPs include where to place a Statement of Work (in tables or in text), repeated questions, seemingly mutually exclusive statements or requirements, and “thrown in” requirements that belong in other sections and break up the flow of the response.
I think government officials would be amazed at how much confusion and time they could take out of their procurements by performing this simple quality assurance exercise. This would also reduce the number of questions the state would have to respond to and provide more focus on issues of substance rather than administrative or formatting issues. Finally, it would lead to more uniformity of responses allowing governments to evaluate responses for their merit rather than having to search for answers to their requirements.
One of my colleagues recently returned from a conference on government program integrity with an interesting anecdote. He recounted a vendor presentation where the speaker was touting a 52% accuracy rate in their fraud lead generation system. So… nearly half of the system’s leads generated false positives. Not so sure I’d brag about that.
High false positive rates lead to wasted investigative time and money and unwarranted intrusions into the lives of legitimate program beneficiaries and service providers. Ultimately, they lead to a lack of confidence in the system itself and investigators revert back to more manual detection methods. When one considers all the important services governments deliver and the immense political pressure they endure, this is obviously not acceptable.
Shortly after hearing this story, we were asked to respond to a question about false positive rates and any existing industry standards or even benchmarks. While every vendor, including Pondera, makes claims about our system efficacy, very few standards actually exist. Conversely, our clients (the government program administrators) generally are subject to improper payment standards placed on them by the federal government.
I think there is a great opportunity, even responsibility, for governments to create these standards. Fraud detection standards would challenge the vendor community to “put up or shut up”, leading to more innovation. They could also be adjusted as the standards are met and surpassed leading to constant improvement. And they would provide governments with a uniform method for measuring vendor performance.
It is true that fraud detection systems still rely on quality program data and can suffer from the old adage "garbage in, garbage out”. So government would still share in the responsibility of meeting any new standards. But clearly, there is more we can do. And this would benefit all parties involved… except, of course, the fraudsters.
I believe that simple things can make a big difference. This week, for example, I went through self-checkout at a local grocery store and the keypad gave me the options of “debit card” or “all other tenders” to complete my transaction. “All other tenders”—who talks like that? No doubt there was a group of people that decided that, technically, “tenders” was the best word to cover all the other options. It doesn’t really matter that it makes the system more confusing. That’s my problem.
Software systems suffer from this problem perhaps more than any other consumer product. I remember the old joke about having to go to the “start” button to stop the computer. This still happens, despite the fact that experience has shown us that the single most important feature contributing to the success of software is usability.
Put simply, even the most powerful system is completely worthless if people can’t figure out how to use it. My own brother discovered this when he recently decided to switch from the iPhone to an Android phone for the additional capabilities. Not a very technical person, he quickly switched back complaining that he was utterly confused by the “full fledged computer” he was carrying around in his pocket.
At Pondera, we make the claim that our system is “built by investigators, for investigators.” And it’s true. Our most important design principle is to “mask” the underlying complexity of the system and provide analysts and investigators with an intuitive system that works the way they do. Technical people can’t do this. Data scientists can’t do this. Only investigators can do this. That’s why we hire them and task them with our most important work.
A few weeks ago, I published a blog post titled “Money Obtained Fraudulently is Rarely Used for Good Purposes”. In it, I made the argument that government fraud is a serious, and at times very ugly problem. Now I no longer have to make that argument because the United States Justice Department is making the argument for me.
Last week, the Justice Department announced the largest health care fraud case it’s ever prosecuted; one that defrauded over $1 billion over the past 14 years. The alleged perpetrators of the fraud are said to have leased private jets and chauffeured limousines. One even bought a $600,000 watch! Remember, this is your tax money we’re talking about. The system ran on a complex network of bribes and kickbacks.
And if that’s not enough, here is one of the schemes they allegedly ran. They “treated” seemingly healthy, elderly people with medications they did not need in order to create addictions which would lead to further treatments. Pure evil. Unfortunately, fraudsters are most active where large amounts of money meet vulnerable populations. This is yet another example of that and more reason for us to do what we do.
Last year, 60 Minutes did a segment on the impact of errors in the Social Security Administration’s Master Death File—a database that stores dates of death for Americans. The system stores 86 million records, and despite all best efforts, it still has some issues.
60 Minutes pointed out that errors in the system contribute to millions of dollars in improper payments each year. After all, the system would seem to indicate over 6.5 million Americans over the age of 111 when, in fact, there are probably fewer than 100. On the other hand, false positives where people find themselves mistakenly placed on the list, lead to nightmarish scenarios for obtaining loans, opening bank accounts, and other everyday tasks.
This story demonstrates one of the largest challenges for government agencies: how to use imperfect data sources to minimize fraud, waste, and abuse while also not “harassing” legitimate people and businesses. And unlike a private business that may view a false positive as an inconvenience (who hasn’t had to call their credit card company to say that “yes, that large ice cream purchase was legitimate”), government officials are severely criticized when they act on false positives. In effect, they are criticized for not acting and they are criticized for acting.
Pondera suggests that governments mitigate the effects of false positives by using composite indicators that draw information from multiple sources—both simple data matches like the Master Death File and more complex behavioral sources. For example, a Medicaid investigator would feel much more confident looking into a person who not only shows up on the Master Death File, but also appears to be traveling 100 miles for 20-minute doctor appointments, receives highly unusual (and expensive) procedures for their apparent diagnosis, and often sees two doctors in distant cities on the same day.
Anyone who has worked for or with government program integrity units understands the unique pressures they face. Combining available data sources with intelligent analytics can go a long way toward helping them investigate the right cases while not interfering with program delivery.
Established in 1636, Harvard University is the United States' oldest institution of higher learning and one of the world's most prestigious universities. A couple of weeks ago, I had the remarkable opportunity to participate in the Harvard Business School Executive Education Program for High Potential Leaders. To step foot on this amazing campus filled with brick buildings plush with deep green climbing ivy, you almost immediately feel like you are part of something special (or perhaps inside some Matt Damon/Ben Affleck movie). Stepping foot in the state-of-the-art classroom with the instructor "pit" in the center, surrounded by 100 of the world's most talented and up-and-coming leaders, I wondered if I fit in this group or would have any common ground.
My learning group, a smaller team designed to facilitate debate and discussion on assigned topics, included eight talented young professionals; only two originally from the United States. They represented a variety of industries, none of which had anything to do with mine.
What I learned by working with this group, is that despite my initial hesitation, we were far more alike than I could have imagined. No matter their business, job title, or Country of operation, we faced so many of the same challenges and experiences in our professional lives. During one group activity, I began to think about how this applied to the clientele I serve at Pondera. Whether it's a small State unemployment program or the Nation's largest Medicaid program, these teams of dedicated professionals face so many of the same challenges and share similar experiences. Perhaps, I could bring them together through the Pondera client network and facilitate cross-state, cross-program sharing and learning. My brain was really starting to kick into high gear now.
Reflecting back on my time at Harvard, I decided to focus on the key ways I could translate my experience into benefit for my company and clients. I decided upon three themes:
- Bold, passionate, inspiring leaders can change everything. No matter if you are managing financial accounts worth billions or a Government employee overseeing a Federal entitlement program, the culture created from these kinds of leaders brings success to the whole organization. Skills can be taught, management can be improved, but make no mistake, there is no substitute for extraordinary leadership. We must find these leaders, and then cultivate and cherish them.
- Networks are critical to continued learning and success; make time to grow and nurture yours. Your network could be persons within or outside of your organization, family, friends, peers, professional mentors, etc. Networks serve as a vibrant source of creative energy, partnership, and may just offer the solution to whatever challenge you or your organization is facing. Make time in your daily grind to have a coffee, make a quick call, or even share a meal with key persons in your network.
- Always be willing to adapt and evolve or be prepared for extinction. This is especially true in leading innovation, particularly in the data analytics arena. Fraud schemes change, data sources emerge, programs transform. At Pondera, we can never get comfortable or diminish our aggressive pursuit to lead the way. Governments must embrace the "information age" and transform their processes, modernize their programs, and challenge the status quo.
Medicaid expenditures have nearly doubled over the last decade  and states have increasingly looked to a capitated reimbursement model utilizing managed care organizations (MCO) to ensure continued access to quality health care services. The Centers for Medicare and Medicaid Services (CMS) estimate that roughly 80% of all Medicaid recipients currently receive healthcare services via managed care . While the managed care model differs from the fee-for-service (FFS) system in the manner that state Medicaid agencies reimburse for services, the two systems share many of the same risks from a program integrity perspective. One of the shared vulnerabilities that persists is the substantial hurdle states and Medicaid MCOs encounter when determining the eligibility of prospective providers.
Eligibility screening of providers, both upon application and periodically thereafter, is the cornerstone of any successful Medicaid integrity program. This process identifies those prospective and current providers who are statutorily prohibited from participation due to disqualifying events. However, according to a recent report by the U.S. Government Accountability Office (GAO), the screening process is complicated by the reality that the information needed to ensure the eligibility of providers is scattered across numerous databases maintained by different federal agencies . Additionally, many of the state agencies and MCOs assessed by the GAO reported difficulty accessing some sources and cross-referencing potentially disqualified applicants across databases.
This issue became even more pressing recently when CMS issued a long-anticipated rule (CMS 2390-F) that, for the first time, places the responsibility to appropriately screen and enroll all managed care providers squarely on the shoulders of the states .
Pondera's core detection tool, FDaaS, provides a ready solution to these challenges by merging these disparate data sources with proprietary fraud algorithms to assist users in identifying those bad actors who present a risk to the Medicaid program.
You can read the GAO report in its entirety at this link.
 U.S. Department of Health and Human Services. (2011). Medicaid manged care: Fraud and abuse concerns despite safeguards. Washington, D.C.: U.S. Government Printing Office.
Centers for Medicare & Medicaid Services. (2015). Managed Care. Retrieved June 6, 2016, from Medicaid.gov: https://www.medicaid.gov/medicaid-chip-program-information/by-topics/delivery-systems/managed-care/managed-care-site.html
 U.S. Government Accountability Office. (2016). MEDICAID PROGRAM INTEGRITY: Improved Guidance Needed to Better Support Efforts to Screen Managed Care Providers. Retrieved from http://www.gao.gov/products/GAO-16-402
 Centers for Medicare & Medicaid Services. (2016). Medicaid and Children's Health Insurance Program (CHIP) Programs; Medicaid Managed Care, CHIP Delivered in Managed Care, and Revisions Related to Third Party Liability. Retrieved from https://www.gpo.gov/fdsys/pkg/FR-2016-05-06/pdf/2016-09581.pdf
Almost everyone is familiar with antivirus software. Not everyone is familiar with how it works though. Even fewer have examined how we can apply the way antivirus software works to combat fraud. I believe that there are important lessons here which can improve our approach to fraud detection and prevention.
At a high level, antivirus software performs two important functions prior to opening a file on your computer: 1) It compares the file to known viruses and other forms of malware, and 2) It checks the file for suspicious code which may indicate a new, previously unknown virus.
The first function depends on a network of users willing to share known viruses and a system that is able to collect the virus data, design a fix, and disseminate the fix to other users prior to them being infected. The second function depends on heuristic programmers that can design systems to learn and even anticipate potential problems. Working together, this is one of the most effective ways to address the constantly changing nature of Internet malware.
Government fraud prevention, when done properly, works in a very similar manner. By examining known bad actors, bad transactions, and bad behaviors, systems can quickly compare ongoing program data to identify suspect transactions. Modern fraud detection systems also include predictive algorithms that can detect anomalies, trends, patterns, and clusters that may indicate fraud.
Unfortunately, many governments are unable, or unwilling, to share data. This limits the “network” effect that antivirus software uses so effectively. If more states and programs shared fraud schemes and findings, the library of known bad actors and methods could detect fraud and prevent it from moving from state to state and program to program.
The good news is a number of states are moving toward state-wide fraud prevention efforts and a number of government subsidy programs are moving toward cross-state fraud prevention efforts. I am confident that the future success of these efforts will promote additional sharing, leading to a larger network, and more efficient governments.