North American companies have developed sophisticated processesand technology to detect claim fraud. There are a variety ofanalytical techniques to use with claim data, such as automated redflags, predictive modeling, rules-based analysis, data mining, andothers. At the most basic level, companies use decision rules toidentify fraud at the claim level. Some companies process data atthe provider level. They focus on the intermediaries who sitbetween the company and the customer. This is useful in cuttingdown fraud; however the weakness is that it assesses serviceprovider behavior in isolation. A key gap in the arsenal is thecapability to monitor the service provider network as a compositeand assess pair-wise or group-wise culpability in fraud. This isthe type of fraud we term "collusion." Let's discuss tactics tobeat it.

Collusion is a tacit agreement amongst two or more entities inthe value chain between the insurer and the customer. The purposeof the agreement is to misrepresent or to inflate loss events andthus to defraud the insurer. A typical example of collusion fraudwould be a third party adjuster approving fraudulent claims on softtissue injuries as submitted by a complicit clinic. As with othertype of fraud, collusion hurts the industry in two ways: First,there is the direct charge to the insurer for claims that are notlegitimate. Second, the inaccurate or non-existent claims corruptthe data used by underwriters.

How Rampant Is Collusion Fraud?

Organizational inertia is one reason that insurers do not investthe time, resources, or the budget to explore multi-channel fraud.Companies need to take a long view and build a business case aroundthe amount they are actually losing by not actively monitoring theclaim process for this type of fraud. While we are not aware of anindustry survey on the size of the problem, we highlight a coupleof illustrative case studies. In 2008, the Manhattan DistrictAttorney [1] indicted 11 persons who operated a fraudulent "medicalmill" that had bilked more than $6.2 million from insurancecompanies. Those charged included three medical doctors, achiropractor, two acupuncturists, ten corporations, several'runners,' and one mastermind behind the entire operation.

The challenge with diagnosing such fraud is that when all theservice providers are essentially validating each other, it becomesextremely hard to isolate inconsistencies at a single serviceprovider level. In another example of collusion fraud, a singleadjuster approved non-existent claims of net value of $2.4M from arogue tire dealer over a multi-year period [2]. The point to bemade is that if an organization is not performing periodic auditsacross all service providers, then its claim process is at risk ofsubversion and could be hemorrhaging millions of dollars inprofits. We next discuss the operational and the technicalchallenges in mitigating collusion fraud.

Privacy Concerns and Sharing Data

One of the operational challenges in fighting claim fraud liesin gaining access and use of relevant data from multiple serviceentities. If third party service providers are involved, thencontractual obligations should be enforced to ensure service dataare made available. Service partners often hold a perception thatservice data cannot be shared with partners because of privacylegislation. This is fundamentally incorrect. Our point of view onthis is not a legal opinion, but a clarification on the governmentstance about customer data privacy and security.

Government guidelines are clear about an organization's releaseof customer information to a third-party service provider. Customerconfidentiality is enforced through a contractual agreement.Information that would identify customers through their name,address, date of birth, telephone number, social securityidentifier, or credit card number are not relevant and can besuppressed. The remaining service data can be shared and weparticularly point to sub-section (e) in Section 6802 of theGramm-Leach-Bliley Act [3], as being applicable tocompanies operating under U.S. law.

"Subsections (a) and (b) of this section shall not prohibit thedisclosure of non-public personal information ... (3) (A) toprotect the confidentiality or security of the financialinstitution's records pertaining to the consumer, the service orproduct, or the transaction therein; (B) to protect against orprevent actual or potential fraud, unauthorized transactions,claims, or other liability; (C) for required institutional riskcontrol, or for resolving customer disputes or inquiries."

A similar bill passed by the Canadian Parliament set out theprivacy preservation guidelines, explicitly stating that use of therelevant data is permissible for purposes such as statisticalanalysis. Guidelines similar to those listed above have also beenlisted in the seventh principle of the UK Data Protection Actof 1998. Data availability is core to fraud mitigation. It isin the best interests of the industry and the consumer that allparties involved provide transparency into their respectiveprocesses.

Fighting Collusion Fraud

Gathering information across all service provider entitiesinvolved in the claim process is not only a technical challengebut, as noted above, it can be difficult to engage multiple partiesin the initiative. We emphasize that this is permissible, hasprecedent, and ultimately is in the consumer's interest because ithelps the insurance industry keep costs down. Once the data areavailable, the data have to be linked across all the serviceproviders on the claims they serviced.

To illustrate, once the data are captured and processed into ausable form, then it should be possible for an analyst to generatea profile on a closed claim that includes the date of the claim,the claimant(s) involved in the incident, the incident report, thename of the clinic(s) that appraised the claimant(s), the detailson the treatment plan filed, the date of the filing, the adjusterwho approved the treatment plan, the amount of the approval, thedays of the treatment, the nature of the treatment, and so on. Sucha data structure is known as an analytical data mart and is wellwithin the scope of the technology capabilities of insurers. Thedecision support system that detects collusion patterns has adependency on this data mart. The specific analytical techniqueunderlying the decision support is called Association Analysis[4].

As the name suggests, Associations Analysis is used to detectassociations among the entities that have serviced claims for aninsurer. To run this analysis, the investigator has to firstidentify the targeted outcome. The targeted outcome is a suspiciousevent of interest. For example, it can be defined as the claims onincidents with a high loss amount, or as incidents with more thantwo claimants. Alternately, if the investigator has alreadyidentified a particular set of claims as being suspicious, then heor she would want to identify these as the targeted outcomes forthe algorithm.

The next task for the investigator is to select the attributesof the claim to be mapped against the outcome. These attributes aredefined per the data availability on the service providers. Thesecan be any or all of the following: the broker who sold the claim,the clinic that appraised the claimant, the auto body shop thathandled the repairs, the paralegal engaged by the claimant, theagency from which the vehicle was rented by the primary claimant,and so on.

Once the outcome and the attributes are defined, the analysisoutputs the combination of claim attributes that are the strongestleading indicators for the targeted outcome. In technical terms,the output is an "if/then" rule whose "head" is the combination ofattributes under consideration, and whose "tail" is the targetedoutcome, the suspicious event of interest. Association Analysisoutputs the if/then rules that are most statistically significant.A typical output rule would show that 'Doctor A_ and B_Rehabilitation Clinic' (the head) have a strong correlation withsuspicious claims (the tail).

Since there can be a very large number of if/then rulesgenerated in the system, the algorithm filters these on the basisof two measures known as "support and confidence." Essentiallysupport and confidence are technical definitions on which moredetail is available in standard textbooks on the subject [5]. Inpractical terms, if a rule has low support it occurs soinfrequently that it may just as well be a chance occurrence and isthus not statistically significant. Rules with high confidenceindicate a high reliability -- and a strong correlation between theoutcome and the attributes that comprise the rule "head."

The effectiveness of this technology is in the intuitiveness ofthe results. In the example of the medical mill listed earlier [1],the combination of specific doctors, chiropractors, andacupuncturists linking to the same set of unusual claims would be adead giveaway that a medical mill was at work.

Next Steps

While the analysis is powerful, it must be cautioned that therules that are discovered do not necessarily imply a causalrelationship between the "if" condition and the targeted outcome.The technique helps in formulating a hypothesis that a particulargroup of service providers is engaged in suspicious activity. Thenext step is to flag this provider set to the field investigatorsand have them initiate their evidence collection to prove ordisprove the hypothesis.

Article References

[1] New York County District Attorney's Office news release,March 11, 2008.

[2] Uniroyal Goodrich Tire Company v Mutual Trading Corporation,Nos 94-2915 & 94-3799.

[3] Gramm-Leach-Bliley Act, 15 USC, Subchapter I, Sec. 6801-6809- Disclosure of Non-public Personal Information.

[4] Nearhos, J.; Rothman, M.; and Viveros, M. 1996. "ApplyingData Mining Techniques to a Health Insurance Information System."In Proc. of the 22nd Int'l Conference on Very Large Databases.

[5] P-N Tan, M. Steinbach, V. Kumar. "Introduction to DataMining." ISBN-10: 0321321367, Addison-Wesley, 2006.ss