The Fight Against Fraud: In October 2010, health-care investigators charged dozens of people with billing Medicare for tens of millions of dollars using stolen identities. (Photo: Hiroko Masuike/The New York Times/Redux)
Glitch in the Machine
The government unleashed Big Data to shut down Medicare fraud. Why isn’t it working?
By Joe Eaton | Jan 11 2016 | This article originally appeared in Pacific Standard
Early on an October morning in 2010, Sergeant Steve Opferman of the Los Angeles County Sheriff’s Department wheeled an unmarked police car up to a nondescript suburban tract home in Montebello and waited.
Opferman, an undercover health-care fraud investigator with long black hair and a passing resemblance to the actor Steven Seagal, had been tailing Arthur Manasarian, a suspected member of an Armenian-American crime ring, since Manasarian arrived in town two days before on a flight from Russia. Agents tracked Manasarian as he walked through the gate at Los Angeles International Airport and follow
ed the Mercedes-Benz sedan that dropped him off at the Montebello house, which was owned by a distant relative. If Opferman’s surveillance team was correct, he hadn’t left. When Opferman’s team of agents from the Federal Bureau of Investigation, local police, and sheriff ’s deputies got the signal to go, they knocked on the door, prepared to bash it open with a battering ram if necessary. Instead, a short, balding man in sweatpants—more accountant than gangster—answered. It was Manasarian. He did not resist, and police found no guns. The team radioed the arrest to FBI agents in L.A., who passed the message to New York, where the agency was tallying the results of a nationwide operation.
Across the country, police and FBI agents were waiting outside the homes and hotel rooms of dozens of other suspects in what at the time was the largest known scam by a single criminal enterprise against Medicare, the public health insurance program for the nation’s elderly. Federal indictments charged Manasarian and 72 others in a scheme as brazen as it was simple. According to the indictments, the group set up more than 100 fake medical clinics from New York to L.A. and billed Medicare using the stolen identities of doctors and senior citizens. The take was at least $35 million.
Before the day was through, the operation netted 52 people, including a high-level underworld enforcer named Armen Kazarian. At a press conference in Manhattan, federal prosecutors and law enforcement officials billed the arrests as a triumph in the fight against health-care fraud.
But for cops like Opferman and other health-care fraud experts, the arrests were just another high-profile example of a failure: the failure of the federal government to protect Medicare from criminals. Fighting fraud with law enforcement is like “dipping a net in a river”—you may catch one big fish but thousands of little fish pass through, says Opferman, who retired in March. It’s everywhere. And by the time police catch up with fraudsters, the money—taxpayer money—is gone.
In the case against Manasarian and the other members of the ring, the government seized houses, bank accounts, and a 2007 Maserati Quattroporte (MSRP: $104,950). But most of the money had vanished, laundered through phony companies held under aliases, poker chips from Las Vegas casinos, and bags of cash smuggled by couriers to Armenia.
No one knows exactly how much money criminals steal from Medicare every year. Since that 2010 bust, the record for the largest-ever Medicare fraud has kept on being broken. The most recent record was set in June, when more than 240 doctors, nurses, and other health practitioners were indicted for billing more than $700 million in false claims.
Medicare fraud happens at every point in the health-care system. Scams are run by organized crime rings with foreign connections, trusted small-town physicians with legitimate medical licenses, labs that run diagnostic tests, and crooked office managers. In September 2015 alone, at least 18 people were indicted, found guilty, or sentenced for defrauding Medicare, including Dr. David Pon, an Orlando, Florida, ophthalmologist who billed $7 million for dangerous testing and laser eye treatments he performed on patients he intentionally misdiagnosed, and Sharon Iglehart, a Houston psychologist who was part of a ring that filed $158 million in false claims for mental-health services. It was not an unusual month.
The scope of Medicare’s fraud problem is astounding, even when compared with other federal programs. According to government data, the program in 2014 made more than $60 billion in improper payments, which include fraud and non-criminal payment errors, seven times the tally of Social Security and more than any other federal program. Malcolm Sparrow, a Harvard professor and leading expert on fraud, calls these government numbers a “massive underestimate.” The Medicare fraud rate, he says, could be as high as 20 percent of the program’s $600 billion in spending—that is, $120 billion, twice the official number.
For the more than 50 million Medicare beneficiaries, fraud can mean receiving unnecessary, and in some cases dangerous, tests and procedures that pad a doctor’s paycheck. For the rest of us, it means wasted taxpayer dollars that could be invested in the program, which is funded in part by a trust fund projected to run out of money in 2030.
Government officials have been looking for solutions to Medicare’s fraud problem for decades. In 2010, Peter Roskam, now a fifth-term Republican congressman from Illinois, offered a Big Data solution. Roskam, a former personal injury lawyer who sits on the House Ways and Means Health Subcommittee and chairs the Oversight Subcommittee, believed Medicare should follow the lead of an industry with a strong record of rooting out fraud: credit cards. Visa, for example, processed more than 66 billion transactions in more than 200 countries last year. Its advertised fraud rate is less than six-hundredths of a percent, or six cents on every $100. That’s less than one three-hundredth of Sparrow’s estimate of Medicare’s rate.
Credit card companies achieve such low rates in part through predictive modeling: analyzing large data sets to spot fraud as it’s occurring, rather than turning criminals over to law enforcement after the fact. This is the technology that flags a credit card when, for example, a flurry of charges pop up in a distant state or foreign country. For every Visa charge, the system evaluates up to 500 unique data elements, including location and the buyer’s and the seller’s transaction histories, and compares them to historical trends to spot aberrations. The system then assigns a transaction risk score. High-risk charges are flagged for denial or investigation. The entire process takes less than a millisecond.
Roskam penned a bill that would require Medicare to use the same digital-age tools wielded so effectively by credit card companies. Like Visa, Medicare collects mountains of data from processed claims. Visa’s algorithms know to deny purchases in Zimbabwe when the card’s owner lives in Wyoming; the idea was that a similar system for Medicare should be able to spot and deny bad Medicare claims—like the Florida ophthalmologist who scheduled 100 patients a day; the physician in California whose medical license was suspended due to sexual misconduct and who later began billing with a Missouri license; and claims for clinics that do not exist, which has been a high-profile problem for more than a decade. Big Data, in other words, would fight big fraud.
The Medicare predictive analytics provisions in Roskam’s bill passed later that year as part of the Small Business Jobs Act. Five years later, however, the government’s attempt at data policing has done little to stem the flow of Medicare dollars to criminals. And the main reason is likely not that the federal government doesn’t have the technical skills to add Big Data to its enforcement tool kit. It’s because the government does not want to anger doctors by increasing scrutiny of their billing.
HOW TO SCAM MEDICARE IN FOUR EASY STEPS
Federal indictments say the 2010 Medicare scam was led by two men—Robert Terdjanian in New York and Davit Mirzoyan in L.A.—who also ran a variety of other schemes, including staging automobile accidents to commit insurance fraud. Muscle was provided by Armen Kazarian, known as a vor, a Russian term that refers to a select group of high-level criminals who receive tribute from other criminals in exchange for protection. (His indictment claimed he once threated to sodomize and kill an associate for not showing proper respect.) Much of the financial work of running the job was done by a loose affiliate of white-collar underlings, including Manasarian.
Their plan to rip off Medicare was simple, with four key steps. First, the group set up ghost medical clinics, businesses that existed in name only. Often they used addresses from empty storefronts, or commercial mailboxes rented at Mail Boxes Etc.
Then they registered the sham clinics as shell companies and opened bank accounts, often in the names of Armenians who left the country soon after opening them.
Next they needed to link real doctors and patients to their fake clinics. With much of a doctor’s personal information online, including medical license and Medicare ID numbers, stealing a doctor’s identity is simple, according to investigators. Naushaun Richards, a special agent with the FBI’s Eurasian Organized Crime Task Force, says that a nurse or other internal source at the Orange Regional Medical Center in Orange County, New York, forwarded the personal information and Medicare numbers of thousands of patients to the group.
Finally, the group registered the fake clinics with Medicare and used billing software to send in swarms of claims in the names of patients and doctors who were none the wiser. Manasarian alone set up five virtual clinics, laboratories, and medical equipment stores in Brunswick, Macon, and Savannah, Georgia, according to a federal indictment.
When banks checked up on the clinics, Manasarian played along, chatting on the phone as if the businesses were real. Later, after the FBI caught wind of the scam, agents tapped members’ cell phones, and interpreters listened in as they discussed business. “By the time they get to the investigation, you know it will be two months too late,” Mirzoyan told an associate as they discussed a fraudulent bank account. “Let them check. So what?”
As the money rolled in, the group laundered it through a series of bank accounts and businesses. Cash was withdrawn. Checks were cashed. And money was sent to Armenia by couriers carrying tens of thousands of dollars in cash.
The fraud worked, according to investigators and fraud experts, because it took advantage of Medicare’s key vulnerability: the government’s trust of doctors who submit bills to the program. When doctors and others file claims to Medicare, the program most often pays the bill without asking questions. Later, if the program uncovers an overpayment or possible fraud, it requests the money back, a system known as pay-and-chase. For legitimate medical providers, Medicare requests for overpayments can be a financial hit. For crooks, they signify a good time to close shop and re-open elsewhere.
Demonstrating that expected trust, Manasarian and the others sometimes did little to make their bills look legitimate. For example, they used the stolen identities of a dermatologist to bill for heart tests and that of a forensic pathologist, who would generally perform autopsies, for office visits. Medicare sometimes detected the group’s fraudulent bills, although often only after paying them. The success of any one clinic didn’t matter. The crooks knew that each ghost clinic had a shelf life before Medicare shut it down. When that happened, they moved on and opened new fake clinics.
By the time Steve Opferman rolled up to the house in Montebello to arrest Arthur Manasarian, the government had discovered 118 sham clinics in 25 states. The group had billed more than $100 million in fraudulent claims, at least $35 million of which Medicare paid. In this environment, the FBI’s Richards says, organized criminals are increasingly moving to Medicare fraud as a safer alternative to more traditional thefts.
WASHINGTON FUMBLES ITS BIG DATA PROGRAM
It was this sort of obvious scam that Congress hoped Visa-style predictive analytics would prevent. Nine months after the Small Business Jobs Act passed Congress, the Centers for Medicare and Medicaid Services, which administers the program and is known in Washington, D.C. as CMS, announced progress on setting up the new fraud prevention system.
Like all large federal programs, Medicare, a public health-care program that serves people 65 and over and the disabled, is operated primarily by private contractors. Although the fraud detection plan was inspired by the credit industry, the contract to build and run the Medicare fraud prevention system did not go to a fraud-detection contractor in that industry. Instead, CMS tapped Northrop Grumman, the aerospace and defense company, which, like other federal contractors better known for producing airplanes and missile defense systems, is increasingly branching out into other sectors, including health and information technology.
As Northrop Grumman worked with subcontractors to develop the system, CMS set up a command center with rows of computers and a digital presentation board a few miles from Baltimore. Here, agency investigators, contractors, and law enforcement could meet to analyze real-time claims data for fraud patterns.
All evidence suggested a new dawn in the battle to shut down Medicare fraud. Donald Berwick, then the head of CMS, called the claims data policing “bad news for criminals looking to take advantage of our seniors.” There was reason to believe that was true. A 2012 study by Stephen Parente, a professor and health information technology expert at the University of Minnesota, found that credit card-style predictive analytics could stop $18 billion in fraudulent Medicare Part B claims each year.
But four years after the agency flipped the switch on the $100 million program, it’s hard to find anyone not affiliated with the fraud-prevention system willing to call it a success. In fiscal year 2014, the third year of the program, Northrop Grumman’s fraud system saved Medicare around $130 million, an almost one-to-three return on investment, according to a June report by the Department of Health and Human Services Office of the Inspector General. The numbers sound impressive, but they’re a drop in the bucket considering the tens of billions of dollars criminals take from the program each year. Broken down further, the numbers are even less inspiring. Among the savings, more than a third came from investigations underway before the medical providers were flagged by the system. In other words, predictive analytics first tipped off the agency to only a portion of the fraud included in the report.
And shutting down claims before they are paid, like Visa, rarely happens. Only $19.4 million was stopped through software instructions that deny or suspend all or part of a claim, according to the report. By contrast, almost $30 million of the system’s savings came from “pay-and-chase” recoveries and law enforcement referrals. The data also shows the inefficiency of those methods. According to the report, that $30 million is what the authors determined can be reasonably expected to be recovered or avoided among almost $277 million in claims flagged after that year by law enforcement and fraud contractors.
Critics note that the system has not even picked low-hanging fruit. A recent report by the Government Accountability Office, a congressional watchdog agency, found Medicare is still paying bills from medical providers who register their business addresses as commercial mailboxes, like the Mail Boxes Etc. boxes used to create sham clinics in the 2010 fraud. In one case, a Five Guys hamburger chain in Dallas was the home of a “clinic.”
In March, Roskam called Shantanu Agrawal, head of program integrity at CMS, to testify in Congress about the failures of the fraud prevention system. Dressed in a dark suit, Agrawal, a former emergency medicine physician with a trim goatee, deflected criticism of the system. Agrawal said Medicare uses advanced analytics to inspect every claim and generates automatic fraud leads that are forwarded to government fraud contractors. The contractors then launch investigations to build cases to deny the claims or refer the billers to law enforcement.
Agrawal suggested that comparisons to Visa are unfair because detecting Medicare fraud is more difficult than catching credit card fraud. While those 66 billion Visa transactions involve little more than a customer buying a product from a business, Agrawal said Medicare systems must monitor 1.6 million health-care providers who use more than 11,000 codes to bill for more than 50 million patients. And because doctors do not send medical records along with claims, it’s difficult to determine whether a service actually took place or was appropriate, he said.
Roskam, and other committee members, were unimpressed. “As I was reading your testimony and then listening to you this morning, I felt like I was the sales manager listening to a salesman who’d been out working hard, making a bunch of sales calls, and was coming in and saying, ‘Look, I called on this customer, and I’ve done this, and I took this person to lunch.’ And I feel kind of like the sales manager that’s saying, ‘Hey, where are the orders? Where is the final product?’”
Roskam called the CMS process of handing out fraud leads to contractors slow, ridiculous, and hamstrung. On an electronic screen, he displayed a graph comparing Visa’s 0.06 percent fraud rate with the acknowledged 12.7 percent payment error rate of Medicare Parts A and B (a 211-fold difference), which includes most physician and hospital claims. “You made the argument, ‘Look, this is different than a Visa bill.’ I accept that it’s kind of different than a Visa bill. But I don’t think it’s this different,” Roskam said. “This has to improve. This is not like a-hope-and-a-dream sort of improvement. This has to improve. Because this amount of money going out … it’s simply unsustainable.”
Agrawal’s testimony pointed to what critics say is the greatest flaw in Medicare’s approach to fraud prevention: its reluctance to anger real doctors who innocently file inaccurate claims. Agrawal told the committee that aggressively denying Medicare claims could cause sloppy but otherwise honest doctors to flee the program, leaving elderly patients without physicians to treat them. “We do have to meet a bar for taking action,” Agrawal said. “We do need to be fair to providers, even the bad actors, to make sure we are doing this the right way. We want to do it in a way that does not victimize the innocent legitimate providers who are just doing their work.”
Peter Budetti, who preceded Agrawal at CMS and was in charge of program integrity during implementation of the fraud prevention system, says the system was designed to minimize the potential for unnecessary hassles for legitimate physicians. He views the system as a success, but said it took time for CMS to integrate predictive analytics into Medicare’s traditional fraud-fighting methods, which included contractors focused on generating leads for law enforcement, not preventing fraud. “It was not enough to identify fraud with the fraud prevention system. CMS needed to use that information effectively,” Budetti says.
But whether CMS has the will to increase scrutiny of claims is an open question. The American Medical Association, the trade association that represents doctors, has called for a fraud prevention system that has a “zero false positive rate,” thereby never flagging as fraudulent claims that are in fact legitimate, and pushed for an ongoing independent review of the system. In a 2012 policy paper, it argued that data analysis of physician claims cannot be done without complex clinical knowledge gained through medical education and training.
Malcolm Sparrow, the Harvard fraud expert, said the government is under intense pressure from the medical industry not to increase its scrutiny of bills. When investigating claims, the agency generally starts with the idea that billers are real health-care providers who made billing mistakes, not fraudsters, Sparrow says. “Traditionally they use aggressive enforcement methods against doctors only in rare and egregious cases. Their default assumption when there is a billing problem is that education will fix it.”
That, paired with poor funding for fraud control, is a major reason the government is losing to fraudsters, Sparrow says. The problem lies not with the computer algorithms used to detect fraud, but with the inability of CMS to cope with the sheer volume of false claims and turn off the spigot of cash. In fact, Sparrow says, the fraud prevention system simply adds more tips to the flood of tips that are already flowing to the small number of fraud investigators. “All you are doing is adding more to the obvious fraud that they do not have the resources to investigate,” he says. “It’s the limited resources available for follow-up that makes better detection only a marginal benefit.”
COULD SMARTER DATA MEAN BIGGER IMPACT?
In 2010, when Roskam was preparing his bill to force Medicare to use advanced data analytics for fraud prevention, pundits were hailing the potential of Big Data to solve many of the world’s most difficult problems. In the half-decade since, however, data experts have warned of the potential for hard facts to get lost in swarms of ambiguous information. The future, some say, is working with smaller sets of valuable or “smart” data.
The small dent Medicare’s fraud prevention system has made in stopping criminals has led some to question whether the agency is investing too much in whiz-bang technology while overlooking quick fixes. Finding fraud in the system, after all, is not that difficult. Law-enforcement critics of Medicare’s big-bite data approach say the agency should target and shut down known fraud schemes. Criminals, they say, are not re-inventing the wheel—they are hammering away at proven scams.
That is the approach taken by what many consider the federal government’s most effective push against Medicare fraud. Launched in 2006 at the Department of Justice by a former federal prosecutor named Kirk Ogrosky, the Medicare Fraud Strike Force identified 20 cities with high Medicare billing rates and began sifting through claims data to find out why.
In Miami, it was astronomical charges for orthotic braces, wheelchairs, and other so-called durable medical devices, and HIV infusion. In Houston, it was orthotic braces and billing for ambulance transport. The team focused on those claims and targeted the top billers, going through their charges with a fine-toothed comb.
More often than not the charges were crooked, says Peggy Sposato, a former nurse practitioner based in Miami. Sposato, who recently retired from the Justice Department, used her nursing experience to spot claims that did not make sense, like medical device suppliers who billed for braces for patients with arthritic joints, which is not the correct treatment. “I could tell right away that this guy is dirty as the day is long,” she says.
A year after the program launched, durable medical equipment claims from services the team targeted in Miami-Dade and Broward counties dropped by 63 percent, or $1.7 billion, as criminals got the word. And the amount Medicare actually paid out fell from $687 million to $334 million, a 49 percent drop. The team launched federal prosecutions, but Sposato says it also worked closely with Medicare contractors to stop payments for obvious fraud schemes before the money was lost. “We would call the contractor and ask, ‘What’s on the floor?’” Sposato says, referring to bills that had not yet been paid. “We had an unusual network. Everyone knew everybody and they knew how hard we were working.”
Ogrosky says the Medicare Fraud Strike Force, which has filed 1,977 indictments since 2006, started with only a few members, who worked with small slices of targeted data on desktop computers. “Nothing we were doing was what you could call Big Data or complicated algorithms,” Ogrosky says. “It was peeling the onion, step by step,” and shutting down “schemes someone learned Medicare would pay that spread through the community.”
Former members of the team say a similar approach, with Medicare simply turning off payments to likely fraudsters, could save as much as $10 billion a year. The approach would probably be met by lawsuits, they say, but most often the crooks just vanish. Others suggest Medicare take a more shoe-leather approach. “This Visa thing would work if Medicare had its shit together,” says Albert MacKenzie—a former deputy district attorney with the Los Angeles County District Attorney’s Office who pioneered a program to try health-care fraudsters for tax evasion in the manner that finally took down Al Capone—“but it doesn’t.”
MacKenzie, who now works as an attorney at the California Franchise Tax Board, suggests Medicare start with easy tasks, like making site visits to every medical office to ensure they are real (which does not happen) and sending patients letters after prescriptions are filled or a wheelchair is ordered in their name (to make sure they actually received what the biller says they received). “If I’m a pharmacist and I’m doing a Medicare prescription, I can say I gave you three pills when I only gave you one. I bill for three, sell two on the street, and nobody is the wiser. That’s how stupid the system is,” he says.
And it would make his job much easier, MacKenzie says, if Medicare reported to the Internal Revenue Service payments to pharmacies, as it does payments to doctors. That way, prosecutors could make tax fraud cases and shut down the fraudsters that Medicare can’t catch. “I’ve been on this Don Quixote donkey for years,” MacKenzie says. “I cannot get it up there to somebody who really wants to make a change, somebody who says, ‘This is horseshit, and it needs to change.’”
In Congress, the senator most focused on changing Medicare’s fraud rates is Tom Carper, an unassuming Democratic and former Delaware governor first elected to Congress in 1982. Together with Tom Coburn, the Oklahoma Republican and physician who retired from the Senate in 2015 due to health problems, Carper has long publicized CMS’s worst failures and wrote bills to fix them. It was Carper’s request to the GAO that launched the report that showed Medicare is paying claims for businesses with addresses at a Five Guys and UPS stores. He requested a 2011 GAO report that showed about 170,000 Medicare beneficiaries received prescriptions for frequently abused prescription drugs from five or more doctors during one year, and that one person received prescriptions from 87 doctors. He was also behind a 2011 Office of Inspector General report that showed Medicare was not checking whether the prescription drugs it paid for were prescribed by real doctors with valid prescriber ID numbers.
In 2011, Carper and Coburn penned the FAST Act, which would have required Medicare to perform pre-payment claims verifications and better protect the federal database of physician IDs to prevent theft. Carper and Coburn’s 2013 PRIME Act, which Carper re-introduced this session and is in the Senate Finance Committee, would provide accuracy incentives to Medicare payment contractors, who are judged primarily on their ability to pay claims on time. The 2015 bill, which has 16 co-sponsors, eight of whom are Republicans, would increase sentences for using or selling stolen Medicare beneficiary IDs to up to 10 years in prison, and require increased data sharing between Medicare and state Medicaid programs.
Carper, who served as a Navy flight officer during the Vietnam War, says changing the culture of a huge program like Medicare is like trying to turn an aircraft carrier. But the dim financial outlook of the program demands action. “Joe Biden has a saying: ‘There is nothing so much as a hanging that causes a man to focus his attention,’” Carper says. “What we are looking at in about 10 years is the Medicare equivalent of a hanging.”
MEDICARE DOUBLES DOWN ON DATA
In the end, it was a lucky law enforcement break, rather than red flags from Medicare, that brought down Manasarian and the national network of sham clinics. It started with cigarettes. In around 2003, Richards and the FBI’s Eurasian Organized Crime Task Force took down a group of California cigarette smugglers. After the bust, they watched the group’s New York connections. In 2009, the task force caught wind that the group was running an automobile leasing scam.
A wiretap in that case revealed the massive Medicare fraud, and the nationwide network of players. Soon after, the feds contacted Opferman at the L.A. County Sheriff ’s Department about Manasarian, who was under investigation by that office for peddling Oxycontin. That’s how Opferman found himself trailing Manasarian from LAX to the house in Montebello.
The takedown sent many of the men to prison, including the leaders Mirzoyan and Terdjanian. In 2012, Manasarian pleaded guilty to racketeering in New York and conspiracy to commit health-care fraud and immigration fraud in Georgia. He is serving a 12-year sentence at Terminal Island, a low-security federal prison in San Pedro, California. During the proceedings, Manasarian’s lawyer presented him as a struggling businessman with debilitating arthritis who fell into crime but saw little financial gain. Armen Kazarian, the enforcer, was sentenced to 37 months after pleading guilty to racketeering. He was released in 2013.
But much like the sham clinics that Medicare shuts down, which are replaced with other sham clinics, Opferman and others familiar with organized health-care fraud say the crime rings themselves prevail, with new recruits. “The big-time guys, the ones who control the money, they don’t get caught. A lot of them are not even in the country,” he says.
To fight them, Medicare, despite critics, is doubling down on Big Data analytics. In December 2014, CMS advertised an upcoming search for contractors to build a second-generation fraud prevention system. Dubbed FPS 2.0, the new system’s goals include using social network analysis and machine-learning techniques, including neural network analysis, to root out fraud.
But some health-policy and fraud experts question whether the second-generation system will do better at rooting out fraud, despite the high-tech data science language. Sparrow, for one, has doubts. Predictive analytics is not as cutting-edge as it sounds, he says, “and even if it were, it might not help them that much given the limited capacity and will for dealing with what they are finding already. I think that’s the heart of the matter, as depressing as it may seem.”