Healthcare Fraud Detection: Why Paying First and Recovering Later Is a Strategy That Does Not Work

Healthcare fraud detection operates under a structural disadvantage that most other fraud prevention contexts do not face. The obligation to pay claims promptly — CMS requires Medicare Advantage plans to pay clean claims within 30 days — creates a payment window that fraud perpetrators exploit systematically. A fraudulent claim submitted and paid within the required window has been converted to cash before post-payment detection can act on it. Recovery depends on assets that may no longer exist.

The industry estimate of 10 to 15 percent of total healthcare spend consumed by Fraud, Waste, and Abuse translates, at the lower bound, to hundreds of billions of dollars annually across the US healthcare system. Even at a fraction of that total, each individual health plan’s FWA exposure is material relative to the investment required to detect and prevent it. The gap between the industry’s stated recognition of the problem and the operational architecture most health plans have deployed to address it remains substantial.

Why post-payment remains dominant despite its cost disadvantage

Post-payment recovery has persisted as the primary FWA control mechanism for reasons that are understandable even if the economics do not support it. Pre-payment detection requires making a blocking decision on a claim before payment, which introduces the risk of incorrectly withholding payment from a legitimate provider. A wrongful payment delay generates provider relations friction, potential regulatory penalties for late payment, and the administrative cost of reviewing and releasing the held claim. Post-payment detection avoids those risks by delaying the intervention to a point after payment where the cost of a false positive is lower.

The problem with that logic is that the cost calculation is asymmetric in the wrong direction. A fraudulent claim that was paid and not recovered represents a loss of the full payment amount plus the cost of the failed recovery attempt. A legitimate claim that was held for additional review and then paid represents a delay cost — provider relations friction, potential late payment penalty, and review expense. For the vast majority of cases where fraud detection models have sufficient confidence to justify a hold, the cost of the incorrect hold is substantially lower than the cost of the fraudulent payment.

Pre-payment detection becomes viable at scale when the model is accurate enough that the false positive rate — the proportion of held claims that turn out to be legitimate — does not create an unmanageable review burden or an unacceptable provider relations cost. That accuracy threshold is now achievable with behavioral AI models that were not available to health plan operations a decade ago.

The three leakages in FWA management

The first is straightforward fraud that current rules do not catch. Rules-based controls identify patterns that are known to be fraudulent: billing for services not rendered, upcoding specific procedure codes, operating illegal pharmacy dispensing operations. They do not identify novel patterns — providers who have adapted their billing to avoid triggering known rules, new entity fraud where an entity with no history begins billing at high volume immediately after enrollment, or coordinated provider networks operating across multiple specialties to obscure the coordination.

The second is waste and abuse at the boundary of fraud. A provider who consistently bills for the most complex evaluation and management code when the documentation supports a lower code, a facility that admits patients for observation rather than inpatient stays in ways that systematically disadvantage members, or a durable medical equipment supplier whose utilisation rates exceed specialty benchmarks by a significant margin may be engaging in systematic billing abuse that falls short of provable fraud but represents substantial unjustified spend. Peer-comparison models identify these patterns at scale. Rules do not.

The third is recovery prioritisation failure. When FWA cases are worked in arrival order rather than by expected recovery value, investigators spend equal time on a $500 suspected duplicate payment and a $500,000 suspected billing fraud ring. The opportunity cost of misallocated investigator time is significant when the difference in recovery yield between a well-prioritised and a poorly-prioritised caseload can be five to ten times.

What pre-payment AI detection looks like

The architecture for pre-payment AI-assisted fraud detection mirrors the layered approach used in card authorization fraud. A first layer of deterministic rules handles high-confidence known fraud patterns — exact duplicates, claims from excluded providers, billing from inactive members. A second layer of behavioral scoring evaluates each claim against the submitting provider’s own billing history and against the specialty and geography peer group, identifying statistical deviations that indicate potential fraud or abuse. A third layer handles coordinated fraud patterns — entity relationship analysis that identifies connections between providers, facilities, and billing entities that suggest coordinated schemes.

Cases that the model scores above the pre-payment hold threshold are routed for clinical or fraud unit review before payment is issued. The review turnaround time must fit within the prompt payment window — which requires efficient triage and a model precision level that limits the hold volume to what the review capacity can handle. The model output includes an evidence summary — the specific billing patterns that generated the flag, the peer comparison basis, and the prior claim history context — that enables reviewers to make rapid disposition decisions.

Post-payment detection on the residual population provides a second pass on patterns that the pre-payment model missed at lower confidence thresholds and generates recovery referrals for the SIU programme.

What success looks like

The metrics are the pre-payment to post-payment fraud recovery ratio, overall FWA recovery yield as a percentage of claims spend, false positive rate on pre-payment holds, SIU caseload confirmation rate, and recovery per investigator. The most important transition metric is the shift in the pre-payment to post-payment ratio: a programme that begins primarily post-payment and systematically shifts toward pre-payment detection is demonstrating structural improvement in its FWA architecture, not just performance improvement in its existing approach.