PREVENTING, DETECTING AND DETERRING FRAUD IN SOCIAL HEALTH INSURANCE PROGRAMS: LESSONS FROM SELECTED COUNTRIES DISCUSSION PAPER November 2018 Sheena Chhabra Rekha Menon Iryna Postolovska Owen Smith Ajay Tandon Val Ulep PREVENTING, DETECTING, AND DETERRING FRAUD IN SOCIAL HEALTH INSURANCE PROGRAMS: LESSONS FROM SELECTED COUNTRIES Sheena Chhabra, Rekha Menon, Iryna Postolovska, Owen Smith, Ajay Tandon, and Val Ulep November 2018 Health, Nutrition, and Population (HNP) Discussion Paper This series is produced by the Health, Nutrition, and Population Global Practice of the World Bank. The papers in this series aim to provide a vehicle for publishing preliminary results on HNP topics to encourage discussion and debate. The findings, interpretations, and conclusions expressed in this paper are entirely those of the author(s) and should not be attributed in any manner to the World Bank, to its affiliated organizations, or to members of its Board of Executive Directors or the countries they represent. Citation and the use of material presented in this series should consider this provisional character. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of the World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. For information regarding the HNP Discussion Paper Series, please contact the Editor, Martin Lutalo, at mlutalo@worldbank.org, or Erika Yannick, at eyanick@worldbank.org. RIGHTS AND PERMISSIONS The material in this work is subject to copyright. Because the World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to World Bank Publications, The World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2625; e-mail: pubrights@worldbank.org. © 2018 The International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 All rights reserved. ii Health, Nutrition, and Population (HNP) Discussion Paper PREVENTING, DETECTING, AND DETERRING FRAUD IN SOCIAL HEALTH INSURANCE PROGRAMS: LESSONS FROM SELECTED COUNTRIES Sheena Chhabra,a Rekha Menon,b Iryna Postolovska,c Owen Smith,d Ajay Tandon,e and Val Ulepf a Senior Health Specialist, Health, Nutrition, and Population Global Practice, World Bank, New Delhi, India. b Practice Manager, Health, Nutrition, and Population Global Practice, World Bank, Washington, DC, United States. c Young Professional, Health, Nutrition, and Population Global Practice, World Bank, Washington, DC, United States. d Senior Economist, Health, Nutrition, and Population Global Practice, World Bank, New Delhi, India. e Lead Economist Health, Nutrition, and Population Global Practice, World Bank, Washington, DC, United States. f Consultant, Health, Nutrition, and Population Global Practice, World Bank, Washington, DC, United States. Abstract: This paper draws lessons from anti-fraud experiences in social health insurance programs of six selected countries across the income spectrum: Indonesia, the Philippines, Republic of Korea, Croatia, Turkey, and the United States. A standardized questionnaire was used to collect information on how the programs prevent, detect, and deter fraud. The questionnaire was supplemented by a literature review and conversations with key informants. The analysis summarizes similarities and differences in the legal framework, institutional mechanisms, and capacity to manage fraud. Across all countries, the primary responsibility for managing fraud lies with the public entity that administers the program. In terms of capacity, all program-administering agencies have dedicated anti-fraud units and staff. In addition, all countries have specific anti-fraud policies and guidelines that address fraud and have a clear operational and legal definition of fraud. In terms of preventing fraud, the use of pre-authorization screening for high- end procedures is common. For detecting fraud, most countries use anti-fraud “hotlines” and encourage other forms of reporting of suspected fraudulent behavior; the use of “red flags”—triggers that identify suspicious claims based on deviations from norms—is also common. The level of sophistication in using data analytics to detect potential fraud, however, varies across countries. Social health insurance programs in higher-income countries are more likely to use advanced statistical and data-mining techniques compared to those in lower-income countries. All programs across all countries undertake post- reimbursement medical claims and beneficiary audits. In terms of deterring fraud, sanctions often include the use of financial penalties, cancellation of contracts, and criminal prosecutions; however, in most countries, public providers are not penalized and prosecuted to the same degree as private providers. Keywords: fraud, social health insurance Disclaimer: The findings, interpretations, and conclusions expressed in the paper are entirely those of the authors, and do not represent the views of the World Bank, its Executive Directors, or the countries they represent. Correspondence Details: Sheena Chhabra (schhabra1@worldbank.org), New Delhi, India. iii Table of Contents ACRONYMS ................................................................................................................................................................................. ii ACKNOWLEDGMENT ............................................................................................................................................................ iii I. INTRODUCTION ............................................................................................................................................................. 1 II. SOME COMMON ANTI-FRAUD ELEMENTS ACROSS COUNTRIES ............................................................. 3 III. SOME ADDITIONAL CONSIDERATIONS ............................................................................................................... 9 IV. CASE STUDIES ............................................................................................................................................................... 10 INDONESIA .......................................................................................................................................................................... 10 THE PHILIPPINES ............................................................................................................................................................. 11 REPUBLIC OF KOREA ...................................................................................................................................................... 13 CROATIA ............................................................................................................................................................................... 15 TURKEY................................................................................................................................................................................. 17 THE UNITED STATES ...................................................................................................................................................... 18 V. REFERENCES ................................................................................................................................................................. 20 ANNEX I: ANTI-FRAUD QUESTIONNAIRE................................................................................................................... 22 i ACRONYMS AI Artificial Intelligence BJPS Badan Penyelenggara Jaminan Sosial CHIF Croatian Health Insurance Fund CMS Centers for Medicare and Medicaid Services CPI Center for Program Integrity DRG Diagnosis-Related Groups EHFCN European Health Care Fraud and Corruption Network FFIED Fact-Finding Investigation and Enforcement Department FFS Fee-For-Service GDP Gross Domestic Product GNI Gross National Income HIRA Health Insurance Review and Assessment HNP Health, Nutrition, and Population HTA Health Technology Assessment IRR Implementing Rules and Regulations IT Information Technology JKN Jaminan Kesehatan Nasional KRW Korean Won LOC Letter of Commitment MAC Medicare Administrator Contractor MMHR Mandatory Monthly Hospital Report MoHW Ministry of Health and Welfare (Republic of Korea) NCCI National Correct Coding Initiative NHA National Health Agency NHI National Health Insurance NHIS National Health Insurance Service NITI Aayog National Institute for Transforming India OECD Organization for Economic Co-operation and Development OOP Out-of-Pocket PHIC Philippine Health Insurance Corporation PM-JAY Pradhan Mantri Jan Arogya Yojana TOR Terms of Reference SGK Sosyal Güvenlik Kurumu ZPIC Zone Program Integrity Contractor ii ACKNOWLEDGMENT This report was prepared by Sheena Chhabra (Senior Health Specialist), Rekha Menon (Practice Manager), Iryna Postolovska (Young Professional), Owen Smith (Senior Economist), Ajay Tandon (Lead Economist), and Val Ulep (Consultant) at the request of the National Institution for Transforming India (NITI Aayog) to help inform anti-fraud efforts for the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana (PM-JAY). Our gratitude to Dr. Vinod Paul, Member (Health), NITI Aayog; Mr. Alok Kumar, Advisor, Health, NITI Aayog; Dr. Indu Bhushan, CEO, National Health Agency (NHA); Dr. Dinesh Arora, Deputy CEO, NHA; and Dr. K. Madan Gopal, Senior Consultant (Health), NITI Aayog, for the rich inputs and engaging discussions that contributed to finalizing the draft. We would like to thank Karima Saleh, Somil Nagpal, and Marvin Plotz for their excellent peer review comments. Dr. Soonman Kwon drafted the Korea case study. In addition, the team is grateful for additional inputs from Adrien Dozol, Eko Pambudi, Christina Sukmawati, Beverly Ho, Volkan Centikaya, Ozren Pezo, Ahmet Levent Yener, Agnes Couffinhal, Reem Hafez, Iene Muliati, lsa Meidina, Pandu Harimurti, George Schieber, Christoph Kurowski, Alec Alexander, George Mills, Ray Wedgeworth, Kathy Wolf, Mel Combs-Dyer, and Jennifer Lindstrom. The World Bank technical support has been provided under the Programmatic Advisory Services and Analytics for Universal Health Coverage in India (P158755) with financial support by the Bill & Melinda Gates Foundation Trust Fund. The authors are grateful to the World Bank for publishing this report as an HNP Discussion Paper. iii I. INTRODUCTION This paper is a summary of anti-fraud efforts in social health insurance programs in six countries. Information was collected from six countries with different levels of economic development and maturity of social health insurance programs: Indonesia, the Philippines, Republic of Korea, Croatia, Turkey, and the United States. The Philippines and Indonesia are lower-middle-income countries, on the verge of becoming upper-middle-income countries. Turkey is classified as an upper-middle-income country; Croatia, Korea and the United States are high-income countries. There are differences in the levels and composition of health spending: Indonesia and the Philippines spent US$115 and US$127 per capita on health, respectively, with less than 20 percent being social health insurance. Per capita health spending in Turkey and Croatia was much higher at US$455 and US$852, respectively. Relative to Indonesia and the Philippines, social health insurance programs in Turkey and Croatia are more mature and constitute more than half of the health spending. Korea spends over US$2000 per capita on health, almost half on social health insurance. The United States spent almost US$10,000 per capita on health, one of the highest in the world; however, social health insurance accounted for 23 percent of total health spending in the country (Table 1). Table 1. Key Financing Indicators, 2015 Total health Social Voluntary Government GNI per expenditure Health Health Budgetary OOP Country capita per capita Insurance Insurance Expenditure (%) (US$) (US$) (%) (%) (%) Indonesia 3,540 115 14 4 18 50 Philippines 3,660 127 14 13 17 54 Korea 27,250 2,013 45 6 10 37 Croatia 12,430 852 74 8 2 3 Turkey 10,930 455 56 0 21 17 United States 58,270 9,536 23 35 26 11 Source: Global Health Expenditure Database 2015. GNI = Gross National Income; OOP = Out-of-Pocket. A standardized questionnaire was used to gather information on the legal framework, institutional structures, and capacity to prevent, detect, and deter fraud. In addition, information was compiled from a review of the literature, with a focus on the Organization for Economic Co-operation and Development (OECD) countries, as well as conversations with key informants. Although the sample included in this paper is not necessarily representative of global anti-fraud efforts, we believe that the information compiled from these six countries typifies anti-fraud efforts that are often implemented across social health insurance programs. This paper is organized as follows: Section I begins with a discussion of conceptual and theoretical issues on health insurance fraud; Section II provides a broad overview of the social insurance programs of the six country case studies and summarizes common anti-fraud elements; Section III outlines some additional considerations to augment anti-fraud efforts; and Section IV contains a detailed summary of the six country case studies. There are different ways in which the term “fraud” is generally defined. The literature differentiates activities that constitute “fraud” and “abuse” versus those that represent “waste” and “errors” (CMS 2017a; OECD 2017). In all cases, these represent resources expended for activities and objectives without health benefits. The key distinction between fraud/abuse versus waste/errors is one of intent. Fraud in health insurance programs typically represents rule-breaking behavior (for example, billing for care for phantom patients or charging for seeing a doctor when the patient saw a nurse) that is illegal. Abuse usually represents rule-bending behavior that is not necessarily illegal but is considered inconsistent with acceptable business practices and norms (for example, ordering unnecessary tests for the purpose of increasing reimbursements or provision of substandard care) (Rashidian, Joudaki, and Vian 2012). The distinction between fraud and abuse is not always clear-cut. Conversely, waste refers to the inadvertent use of excessive resources (for example, prescribing high-cost medicines where cheaper equally 1 efficacious generics are available). Errors are mistakes made in the process of delivery (for example, inadvertently prescribing wrong medications to a patient) and usually come under the realm of quality care. The study of fraud in social health insurance is gaining prominence, in part because of a growing recognition that effective anti-fraud efforts have the potential to improve efficiency and financial sustainability of such programs. Global estimates suggest that anywhere between 0.6 percent and 15 percent of health spending is lost due to fraud (Gee and Button 2015; WHO 2011). Not only can fraud result in financial losses, but it can also have adverse effects on individual and population health outcomes. In addition, fraud poses a reputational risk to the perceived integrity of health programs. The health sector is particularly prone to fraud. This is due to several reasons. First, the presence of information asymmetry between the patient and provider on the one hand and the provider and the payer on the other results in a principal-agent problem (for example, providers have a better understanding of diseases and treatment option relative to patients and payers). Second, the demand for inpatient and emergency care is generally inelastic (that is, patients typically use hospital services regardless of the price). These factors may create perverse incentives for providers (OECD 2017). Fraud can be committed by different players. Patients/beneficiaries, payers, and providers may collude or act independently to cheat the system and gain financial benefits. Anti-fraud efforts are usually directed toward managing provider fraud, the most common type of fraud. Provider fraud can be committed by individuals or a group of individuals or by an entire organization. Illegal referrals, up-coding, overprovision, and overbilling are examples of the long list of provider fraud identified in the literature. Patient/beneficiary fraud may be committed by an eligible beneficiary or an individual impersonating as a beneficiary. Examples of patient/beneficiary fraud include making false statements of eligibility to access health services and conspiring with providers to submit false claims. Payer fraud, for example, includes colluding with hospitals to falsify information to gain illegitimate empanelment. The focus of this paper is largely on efforts to address provider fraud while recognizing that other actors may also commit fraud. The overall framework for assessing anti-fraud efforts can be summarized in terms of how fraud is prevented, detected, and deterred (Van Stolk and Tesliuc 2010). The success of anti-fraud efforts also depends critically on the extent to which countries have a conducive legal framework for dealing with fraud (for example, whether fraud in health insurance constitutes a criminal, civil, or administrative offence); clarity of institutional mechanisms, roles, and responsibilities (for example, in terms of who has responsibility for dealing with fraud, who bears the financial risk of fraud, and who has the mandate to prosecute/sanction perpetrators of fraud); and the capacity of these institutions in terms of staffing, information technology (IT), and other resources to successfully implement anti-fraud efforts. Figure 1. Framework for Assessing Anti-Fraud Efforts 2 II. SOME COMMON ANTI-FRAUD ELEMENTS ACROSS COUNTRIES The six programs included in this review vary widely across different dimensions of coverage (Table 2). Yet there are several commonalities: (a) all programs are administered by a public entity, that is, there is generally little or no contracting out of management of the programs to third-party administrators (for example, to other public or private insurance companies); 1 (b) the programs include coverage for both primary care and hospitalization; and (c) the programs include coverage for both contributory and noncontributory beneficiaries. In all countries, both public and private providers are part of the program. In Korea, they are all non-profit. In Indonesia, the Philippines, Turkey, Croatia, and the United States, contracted private providers included both for-profit and nonprofit providers. In Indonesia, some high-end private providers opted out as they did not consider reimbursements from the program adequate to be financially viable. All providers undergo an empanelment procedure that determined their participation in the program and their eligibility to perform specific procedures. Provider payments included country-specific case-based payments; in some countries, these were combined with global budgets (for example, Croatia, Turkey). In Turkey, private and government providers were paid differently; university and private hospitals were paid based on fee-for-service and case-based payment, while government hospitals were paid using global budgets. In Korea, fee-for-service is the main payment mode. In addition, some countries implemented volume controls and closely monitored provider activity. In the Philippines, volume control was implemented for certain benefit packages such as dialysis and cataract surgeries. The use of co-payments varies across countries. Croatia, Korea and the United States explicitly implement formal co-payments to control overutilization. In the Philippines and Indonesia, no policy on formal co-payment exists. However, OOP spending remains relatively high potentially due to the low depth of benefit coverage. Table 2. Key Indicators for Selected Government-sponsored Health Insurance Programs, 2017 Average Claims Claim Country Population Program Coverage Processed 2 Amount (US$) Jaminan Kesehatan Indonesia 264 million 187 million 8 million 375 Nasional National Health Philippines 105 million 97 million 8 million 200 Insurance Program National Health Korea 51 million 51 million 15.7 million 1,450 Insurance Mandatory Health Croatia 4.1 million 4.1 million <1 million 2,000 Insurance Program General Health Turkey 81 million 81 million 13 million 750 Insurance Program United States 326 million Medicare 58 million 8 million 24,026 Source: Badan Penyelanggara Jaminan Sosial (BPJS) 2017; Besfin 2017; CHIF 2017; CMS 2017b; PHIC 2017; Turkey Ministry of Health 2017; World Bank 2017. In all six countries, the institutional responsibility for managing fraud lies with the public agency that administers the program [for example, with Badan Penyelenggara Jaminan Sosial (BPJS) in Indonesia, Centers for Medicare and Medicaid Services (CMS) in the United States, Philippine Health Insurance Corporation (PHIC) in the Philippines, National Health Insurance Service (NHIS) in Korea, Croatian Health Insurance Fund (CHIF) in Croatia, and Sosyal Güvenlik Kurumu (SGK) in Turkey]. In Korea, both NHIS and the government institution responsible for claim review and assessment, the Health Insurance Review and Assessment service (HIRA), are engaged in fraud management activities. In some cases, the program-administrating agency also coordinates anti-fraud efforts with broader anti-corruption 1 The exception is in the United States where the Centers for Medicare and Medicaid Services (CMS) does contract out some activities to third-party administrators. 2 These are mostly inpatient claims. 3 public agencies and with cross-sectoral public financial management and audit agencies. In some countries, there are frequent and regular meetings between representatives of different organizations—for example, between providers, line ministries, program-administrating agencies—to discuss and address fraud. All program-administering agencies have dedicated anti-fraud units and staff. Capacity, however, varies considerably across countries. Anti-fraud units range from 50 full-time staff in Croatia and the Philippines to over 300 full-time staff in Indonesia, Korea and the United States (Table 3). Anti-fraud efforts in Indonesia, the Philippines, Croatia, and Turkey are conducted in-house. However, anti-fraud units work closely and in conjunction with representatives of different stakeholders, for example, medical associations, providers, and line ministries. Most countries have plans to improve the capacity of anti-fraud units, including in-house staff training and skills development. The United States is the only country that outsources anti-fraud function of CMS to private contractors called Zone Program Integrity Contractors (ZPICs). The Centre for Program Integrity (CPI) of CMS, however, is the overall agency responsible for the anti-fraud program of Medicare and Medicaid. Table 3. Anti-Fraud Responsibility and Staffing Dedicated Administering Full-Time Staff Dedicated Country Anti-Fraud Staff Agency (approximate) Anti-Fraud Unit (approximate) Indonesia BPJS 7,000 Yes 300 Philippines PHIC 5,000 Yes 50 Korea NHIS and HIRA 17,000 Yes 362 Croatia CHIF 2,000 Yes 50 Turkey SGK 26,000a Yes 16 United States CMS 4,000 Yes 400 Source: Based on the responses from the questionnaire and conversation with key informants. Note: a. Includes employees of SGK handling other social insurance programs (not only universal health care program) (SGK 2016). All countries have specific policies and guidelines to address fraud in the context of health insurance. In all programs, a regulatory framework exists within which health insurance fraud is defined as an administrative, civil, or criminal offense. For example, in Indonesia, the anti-fraud policy of BPJS is well stipulated in a ministerial decree. In the Philippines, the Philippine National Health Insurance Act contains overarching anti-fraud provisions supplemented with specific departmental (ministerial) orders. In Korea, it is included in the national health insurance law. In the United States, CMS has issued numerous guidelines and training materials on anti-fraud, and fraud is clearly defined in five federal anti-fraud laws (for example, False Claims Act, Anti-Kickback Statute, Physician Self-Referral Law, Criminal Healthcare Fraud, and Social Security Act). Box 1 provides examples of the operational definitions of fraud in Indonesia, the Philippines, and the United States. 4 Box 1. Definition of Fraud Indonesia Indonesia’s ministerial decree (Permenkes No. 36 Tahun 2015) defines fraud as “intentional act committed by participants, health BPJS Staff, health service providers and medicine and medical device suppliers to take financial advantage of health security programs under the National Social Security System through illicit fraudulent activities.” The decree recognizes several types of fraud: • Beneficiaries: (a) making a false statement of eligibility (falsifying membership status) to access health services; (b) using their rights to unnecessary services by falsifying their health conditions; (c) giving gratifications to service providers to provide excluded/uncovered services; (d) manipulating income to reduce contribution payments; (e) engaging in a conspiracy with service providers to submit false claims; (f) receiving prescribed medicines and/or medical devices for resale • BPJS staff: (a) engaging in a conspiracy with participants and/or health facilities to submit false claims; (b) manipulating uncovered benefits into covered benefits; (c) suspending payments to health facilities/partners to take personal advantage; (d) paying capitation amounts different from the stipulation • Fraud by service providers: (a) using capitation funds in ways inconsistent with laws and regulations; (b) manipulating claims for services paid through a non-capitation mechanism; (c) receiving a commission for referral to higher-level facilities; (d) collecting fees from participants already covered by capitation and/or non- capitation fees according to the standard rates specified; (e) giving patients an inappropriate referral to gain a particular advantage; (f) diagnosis upcoding; (g) cloning of claims from other patients; (h) phantom billing; (i) inflated bills for medicines and medical devices; (j) services unbundling or fragmentation; (k) self-referral; (l) repeated billing; (m) prolonged length of stay; (n) manipulating types of room charge; (o) cancelled services; (p) measures of no medical value; (q) deviation from the standard of care; (r) unnecessary treatment; (s) extended time for use of ventilators; (t) phantom visits; (u) phantom procedures; (v) readmissions; and (w) seeking cost- sharing inconsistent with laws and regulations The Philippines The Implementing Rules and Regulations (IRR) of the National Health Insurance Act of 2013 distinguishes fraudulent and non-fraudulent acts that health care facilities, health care providers and members can commit. Both non- fraudulent and fraudulent acts have corresponding penalties, with the latter having stricter penalties. The IRR also enumerates the following as fraudulent acts: padding of claims, extending the period of confinement, post-dating of claims, misrepresentations, fabrication, or possession of fabricated forms. The United States CMS has issued numerous technical reports that defines fraud and its differences from abuse, waste, and error. Any of the following broadly constitute fraud: • Knowingly submitting, or causing to be submitted, false claims or making misrepresentations of fact to obtain a federal health care payment for which no entitlement would otherwise exist • Knowingly soliciting, receiving, offering, and/or paying remuneration to induce or reward referrals for items or services reimbursed by federal health care programs • Making prohibited referrals for certain designated health services These operational definitions of fraud are clearly described in the following federal laws: • Anti-Kickback Statute • Criminal Healthcare Fraud Statute • Physician Self-Referral Law (or Stark Law) • False Claims Act • Social Security Act Sources: Ministry of Health (Indonesia), PHIC, and CMS. In most countries, legally binding contracts between the program-administering agency and providers include a section that addresses fraud, including stipulations as to which activities constitute fraud and the legal/financial consequences if fraud is detected. Box 2 shows excerpts of pertinent provisions in insurer-provider contracts in Indonesia, the United States, and Turkey. In the Philippines, PHIC does not have a legally binding contract, but providers need to issue a Letter of Commitment (LOC) to PHIC as one of the accreditation requirements. The LOC reinforces their duties and responsibilities, which include 5 upholding the anti-fraud policies of the Corporation. Noncompliance with these anti-fraud provision results in administrative and criminal prosecution, as stipulated in the Philippine National Health Insurance Act. The LOC does not stipulate any liability of PHIC toward providers. Box 2. Fraud Stipulations in Insurer-Provider Contracts The following are some excerpts related to fraud in insurer-provider contracts. Indonesia BPJS (FIRST PARTY) and health care providers (SECOND PARTY) enter into a legal contract agreement, which clearly specifies the scope of function, and the rights and obligations of each party. The following are some of the provisions of the contract agreement relevant to fraud: “if the claim bills of the SECOND PARTY are problematic, then the FIRST PARTY is entitled to suspend claims in question” “in the case of SECOND PARTY is proven to actually do things as follows: (1) does not serve the Participant in accordance to obligations; (2) does not provide facilities and health services to Participants in accordance with the rights of Participants; collect additional fees to Participants outside the provisions, the FIRST PARTY shall be entitled to write a reprimand to the SECOND PARTY as many as 3 times with respective grace period of each letter…” “In the event that one party is found to be abusing authority by conducting moral hazard or fraud (e.g., fictitious claims) as evidenced by the result of examination of the internal audit team, the injured party can cancel this agreement unilaterally” The United States CMS enters into a legal contract with a health care provider. The first section of the contract contains the definition of fraud and abuse: “Fraud - An intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. It includes any act that constitutes Fraud under applicable federal or state law.” In the Responsibilities section, the contract also includes an explicit provision against fraud: “ is subject to all state and federal laws and regulations relating to Fraud, Waste, and Abuse in health care and the Medicaid and Medicare programs. must cooperate and assist CMS, the HHSC Office of Inspector General (OIG), and any state or federal agency charged with the duty of identifying, investigating, sanctioning or prosecuting suspected Fraud, Waste, or Abuse” “Articulate the “s commitment to comply with all applicable federal and state standards, including: (i) Fraud detection and investigation; (ii) Procedures to guard against Fraud, Waste, and Abuse; (iii) Prohibitions on certain relationships as required by 42 C.F.R. § 438.610; (iii) Obligation to suspend payments to Providers; (iv) Disclosure of ownership and control of; (v) Disclosure of business transactions” Turkey SGK enters into a legal contract with a health care provider. The following are relevant excerpts from the contract: “The parties to this contract: SGK and . The basis of this contract is Article 73 of the Law 5510 and the Hizmet Regulation on the Preparation and Implementation of Health Service Procurement Agreements / Protocols of the Social Security Institution 55 published in the Official Gazette dated 26/03/2016 and numbered 29665.” The contract stipulates the responsibilities that the providers need to abide such as documentary requirement during submission of claims and an agreement to allow SGK to conduct audit. Sources: Ministry of Health (Indonesia), CMS, and SGK. 6 Pre-authorization reviews for selected procedures are used for preventing and deterring fraud. Some countries—for example, Croatia, the Philippines, Korea and the United States—make pre- authorization mandatory for selected procedures. For example, in Croatia, non-vital expensive procedures, and procedures referred abroad are subject to pre-authorization. In the Philippines, high-end procedures, such as kidney transplantation and specific cancer treatment, are subjected to pre-authorization. In the United States, CMS also implements pre-authorization for repetitive and scheduled nonemergency transport. Referral mechanisms are used to contain costs and reduce unnecessary treatment. Most countries (for example, Indonesia, Croatia, the United States) have explicit gatekeeping or referral systems to control costs and prevent unnecessary treatment. Patients require referrals from primary care facilities to seek care in secondary- and tertiary-level facilities without incurring additional expenditures. In the United States, stricter referral laws are also in place to prevent and deter fraud. The Stark Law (Physician Self-Referral Law), for example, prohibits providers from referring designated health services payable by Medicare to an entity in which the physician has an ownership or investment interest. Self-referral is also identified as a fraudulent act in Indonesia. In Indonesia, at least on paper, BPJS patients require a referral letter from primary care clinics. Without a referral letter, they will not be allowed to seek treatment directly at a hospital or specialist clinic, except in an emergency. All programs conduct post-reimbursement medical claims and beneficiary audits. Generally, audits are conducted on a random sample of claims and beneficiaries by independent teams under the overall responsibility of the administering agency. This usually also includes representatives from external agencies and those with medical expertise. In most countries, these audits are conducted post payment of claims, that is, after providers have been reimbursed. In Croatia, Korea, Turkey, and the United States, however, such claims are also subject to prepayment audits. 3 Beneficiary audits are conducted primarily for detecting phantom billing and include all types of providers, both public and private. Use of anti-fraud “hotlines” is common for detecting fraud. In all countries, beneficiary feedback mechanisms play an important role not only in detecting fraud but also in terms of using social accountability modalities to prevent and deter fraud. Making it easy to report suspected fraud underpins anti-fraud strategies in several of the countries. In Indonesia, the program uses different platforms to elicit patient feedback, such as call centers and social media accounts. In Turkey and Croatia, the programs conduct patient surveys to determine the prevalence and size of informal payments. In the United States, CMS maintains a sophisticated complaint database and triangulates it with claims databases to predict fraud. In Korea, there is a medical fee verification procedure to determine whether fees paid by patients comply with rules and regulations. Patients may instigate this verification process. “Red flags” are incorporated in claims processing systems. In most countries, “red flags”—built-in alerting algorithms—are used in the claims processing system to detect potential fraud. Some of these “red flags” are based on rules-based deviation (for example, gender-, age-, service-, provider-specific flags) and outlier analyses. In Turkey, for example, “red flags” are incorporated in the claims processing IT system, which is regularly updated and monitored. In the United States, CMS identifies a set of conditions that, if satisfied, tag a claim as fraudulent. Examples of cases detected by rules-based model include “impossible day of admission” or anomalous deviation of a claim from the average. Also, CMS has developed the National Correct Coding Initiative (NCCI), a system that automatically detects when two procedures could not be performed during the same patient encounter because they are mutually exclusive based on anatomic, temporal, or gender considerations. Advanced data analytics are proactively used to detect new and emerging fraud in most countries. The United States, Korea, Turkey, Croatia, and Indonesia use more advanced predictive/regression-based or machine-learning models and/or social network analysis to detect suspected fraud. Croatia, for example, has recently piloted a project for cloud-based machine learning that uses rules-based and outlier analysis. In the United States, CMS uses predictive models to establish the characteristics of a fraudulent provider, 3Pre-authorization means requiring approval from the program before intervention is undertaken. Prepayment requiring approval from the program after intervention is undertaken but before payment is made. 7 and social network analysis to identify their links with other entities. CMS regularly convenes a multidisciplinary team composed of economists, statisticians, programmers, and clinicians to identify new and emerging fraud, which then allows CMS to refine and update the system on a regular basis. Sanctions for fraud include financial penalties, cancellation of contracts, and criminal prosecutions. Many countries impose financial penalties over and above the payment deemed fraudulent. Depending on the nature and scale of fraud, additional penalties including temporary or permanent cancellation of contracts and legal prosecution are also utilized. In Indonesia, for example, if a case is confirmed to be fraudulent, according to the ministerial decree, BPJS has the authority to pursue administrative sanctions, including verbal reprimands, written warnings, orders of return of loss to injured parties, and, in the case of providers, an additional fine equivalent to a maximum of 50 percent of the total loss due to fraud. These administrative sanctions are in addition to any additional criminal sanctions imposed according to laws and regulations. Where pre-authorization of claims is implemented, these claims are rejected, and, in some cases, providers are allowed to re-submit the correct claim. With regard to public providers, most program- administering agencies are limited in terms of their ability to implement harsher penalties such as de- empanelment. In Croatia, because all hospitals are public, CHIF does not strictly enforce penalties and sanctions. Instead, they only reject the claim payments. In the Philippines, private providers have been subjected to criminal investigation, but public providers are usually not prosecuted or sanctioned because of possible repercussions on access. In Korea, on-site investigation helps to identify a significant volume of fraudulent claims annually, and led to legal proceedings against hundreds of facilities each year. Some country differences in anti-fraud efforts are notable. Croatia uses preannounced on-site verifications that are usually structured based on historical claims submitted by the hospital (this is also part of the capacity-building process for hospitals). In Indonesia, providers meet with the program-administering agency at least once per quarter to discuss and clarify claims processing challenges including those related to fraud. In Korea, a list of providers with fraudulent or illegal claims is published. Many elements of the anti-fraud management in six countries are also observed in other settings. Box 3 summarizes the anti-fraud management of selected OECD countries. Box 3. Anti-Fraud Efforts in OECD Countries Several OECD countries—many of which are classified as high income—provide coverage to their populations using some form of demand-side/insurance financing. Among these, prominent single-payer or largely single-payer examples include France, Poland, Slovenia, Republic of Korea, Turkey, and Estonia. Other countries with multiple social health insurance funds include Belgium, Germany, and Chile. Average per capita total health expenditures across OECD countries is over US$3,500, almost 9 percent of gross domestic product (GDP); 60–85 percent of total health spending is public. Of all public spending, on average, 40–60 percent tends to be for hospitalization. The benefits package for hospitalization is generally explicitly and positively defined in most OECD countries with social health insurance. In some countries, there is also a negative list comprising procedures that are specifically not covered. Premiums are generally regulated and usually based on costing studies and actuarial analysis with adjustments made for historical expenditure and allocation trends. Most countries have a mix of public, private nonprofit, and private for-profit providers that are empaneled. Hospitals are often paid using case-based bundled payments, in addition to global budgets. Most countries implement some form of beneficiary co-payments. In addition, several countries have overall ceilings for public spending. Most OECD countries have clinical pathways and/or standard treatment guidelines for hospitalization. Many also monitor overall provider activity and implement volume controls. Processing of claims is either done in-house or contracted out to third-party administrators by social health insurance agencies. Countries vary significantly on the degree to which the agencies that administer the funds are centralized. Some countries have significant regional autonomy, while in other countries, with multiple social health insurance funds—geographic, employment based, and so on—there is often a central agency that takes overall responsibility for coordination across the different funds. Almost all countries have clearly specified what constitutes fraud, although how this is defined varies. Common elements of what constitutes fraud across OECD countries include (a) charging for excessively expensive care (upcoding) where providers charge for services that have higher reimbursements than for the care that is actually provided; (b) charges for services not provided (phantom billing), generally when reimbursements are sought for 8 care that was never provided; (c) provision of medically unnecessary services including over-provision of C-sections and unnecessary hospitalizations; and (d) others, including charging for services that should be publicly covered according to benefits package, informal payments to get better positions on waiting lists, procurement-related irregularities, and so on. Almost all countries have counter-fraud units or organizations that are associated with the social health insurance agencies that administer public funds. In some cases, a counter-fraud unit is embedded within social health insurance agencies (including at regional offices). In others, it is a separate independent organization that works in parallel with social health insurance agencies. Dedicated staffing for counter-fraud activities is clear in most OECD countries: for example, 859 employees in Slovenia, including 15 medical doctors; 1,572 professionally trained Assurance Maladie agents that are engaged in fraud investigations in France; 486 staff employed within Poland’s social health insurance fund that are responsible for fraud; and 261 staff employed specifically to combat medical fraud within Belgium’s anti-corruption agency. Methods for preventing and detecting fraud take the form of technical audits, on-site medical inspection visits, provision of education to providers on reimbursement procedures, use of tip-off “hotlines”, and so on. Some countries also routinely issue reports on what sorts of activities and results have resulted from anti-fraud efforts. Data mining of claims data is increasingly being utilized as a way to detect fraud and takes several forms including (a) rules- based approaches such as ensuring that all fields are correctly filled out and there are no inconsistencies in use of codes, sex- and age-appropriate interventions, and benefits over and above what is stipulated; (b) outlier/anomaly detection methods, for example, clinical or geospatial deviations from typical treatment and volume patterns; (c) predictive analysis, based on past detection of fraud; and (d) social network analysis, to identify connections between different parties that could inform possible collusion. Punitive measures for fraud include financial penalties, termination of provider contracts, and—in cases of fraud that are more serious—escalation to appropriate public authorities. Sources: OECD and EHFCN. III. SOME ADDITIONAL CONSIDERATIONS In addition to the points made earlier, some considerations are summarized in this section. Define fraud to address it. Clear definitions are important for preventing, detecting, and deterring fraud. A clear and explicit operational definition of fraud informs the development of parameters and algorithms in detecting deviations and outliers in the analysis of existing data (Bauhoff 2018). It also informs the legal framework and anti-fraud policies, justifies whether an act is considered legal, and determines the level of corresponding penalty. Prioritize fraud that is systemic and detrimental to patients’ health. The effects of fraud on health may vary. However, fraud that is detrimental to patients’ health should be given utmost priority even if financially it is small amount. Explicit benefits and clinical protocols make it easier to address fraud. Lack of explicit benefits and standard treatment guidelines undermine anti-fraud efforts. Some countries, for example, Indonesia and Croatia, do not have an explicit and positive benefits package and almost all medically necessary conditions are deemed to be covered. This open-ended nature of the benefits package makes it difficult to implement anti-fraud activities. In some cases, even where standard treatment guidelines exist, these are not widely used among providers. Maximize data quality. It is almost impossible to detect fraud in the absence of high-quality data (Bauhoff 2018). During the establishment of a new program, there is a unique opportunity to ensure data quality during the design phase of computer systems and user interfaces. In many cases, data errors and coding inconsistencies can be alleviated with simple software tweaks, clear guidelines, and provider training. Clarify and simplify administrative procedures. It is important for program-administering agencies to establish clear procedures for dealing with fraud. Reducing unnecessary complexity in administrative procedures can make it easier to prevent, detect, and deter fraud. For example, having simple and robust identification requirements at the point of seeking care and reducing administrative loopholes for enrollment 9 can reduce bureaucratic requirements and free up resources that could be used to address higher-risk systemic fraud. Undertake robust costing exercises to inform tariffs and settle compliant claims on time. It is not just “how” providers are paid that matters for fraud but also “how much”. Inadequate reimbursements—even after controlling for potential volume gains—will deter some providers from empanelment; among those empaneled, this increases the motivation for undertaking fraud given that there is the perception that reimbursements are not reflecting a fair exchange. In the same vein, delays in timely settlement of claims also create the environment and motivation for providers to undertake fraud. Follow up and hold perpetuators accountable. Investigating possible cases of fraud on a regular basis is critical. Not only does it increase the chances of detecting fraud, but it also sends a strong signal to perpetuators. A serious threat can be a key in deterring fraud. While not all suspected cases are truly fraudulent, it is important to seriously investigate and prosecute violators (Bauhoff 2018). Regularly monitor and evaluate program performance. Combating fraud is a dynamic process. It is important to implement a culture of monitoring and evaluation and to introduce feedback mechanisms, including those related to provider compliance metrics, claims data analysis, error rates, quality metrics, patient satisfaction indicators, and so on. This can help reduce the incidence of fraud and bolster confidence in the program. In this regard, a combination of approaches—from audits to different types of data-mining algorithms—are likely to be most effective. Implementing and comparing different anti-fraud efforts, for example, across states, can help inform the design, refinement, and implementation of future anti-fraud efforts. The next section summarizes the information obtained from Indonesia, the Philippines, Croatia, Turkey, and the United States. To maintain comparability across programs, we attempted to standardize the information highlighted in the case studies. IV. CASE STUDIES INDONESIA Indonesia, with a population of 264 million and GNI per capita of US$3,540, is a lower-middle-income country in the East Asia and Pacific region. Per capita total health expenditures were US$115, or 3.3 percent of GDP, in 2015. JKN is Indonesia’s flagship social health insurance program, one of the largest single-payer programs in the world. In 2017, 187 million—about 71 percent of the country’s population— had coverage under JKN. About 112 million individuals—roughly 60 percent of those with JKN—are deemed poor/near-poor and have noncontributory coverage. Their premiums are paid by the central government or by local governments. Recent JKN annual expenditures amounted to about US$4 billion (14 percent of total health spending), of which US$3 billion were spent on inpatient services. With 8 million hospitalizations in 2017, the average expenditure per inpatient case was approximately US$375. The benefits package for hospitalization is not explicitly defined. All medically necessary procedures are covered. There is a negative list comprising procedures such as elective plastic surgery and fertility treatments that are not covered under JKN. JKN premiums have been set based, in part, on initial analysis of claims and utilization for the pre-2014 civil servants program (Askes). Subsequent adjustments have been made based on historical expenditure and allocation trends. Tariffs are set based on reimbursements of operating costs at public providers and do not cover the full cost of providing care. All public hospital providers are automatically empaneled by the program. In addition, some private (both for-profit and nonprofit) hospital providers are also empaneled. Hospitals are paid using case-based bundled payments, using an Indonesia-specific version of diagnostic- related group payment mechanism. Both public and private providers are paid the same reimbursement rates under the program, although tariffs vary by hospital level and degree of specialization. There are no beneficiary co-payments or expenditure ceilings. 10 There are national-level standard treatment guidelines for hospitalization. Compliance is compulsory, although this is not effectively monitored and provider socialization is weak. There are no controls on overall provider activity: there is no global budget nor are there any explicit volume controls. There is a referral system in Indonesia. Before seeking care in hospitals for further treatment, JKN patients need a referral letter from primary care clinics. Without a referral letter, a JKN patient is not allowed to seek treatment directly at a hospital or specialist clinic, except in an emergency (Mahendradhata et al. 2017). Processing of claims is done in-house by BPJS—the agency that administers the JKN program. BPJS is a public agency that is independent from the Ministry of Health, reporting directly to the agency governing all social security programs in the country which, in turn, reports to the President. BPJS employs more than 7,000 full-time staff. About 400 of them are based at the head office in Jakarta, with the remainder spread out over 13 regional offices as well as district-based operational offices throughout the country. Overall governance for BPJS is centralized. A ministerial decree—Permenkes No. 36 Tahun 2015—lays the foundation for what activities constitute fraud under JKN. The decree defines fraud as an “…intentional act committed by participants, Health BPJS staff, health service providers and medicine and medical device suppliers to take financial advantage of health security programs under the National Social Security System through illicit fraudulent activities.” The decree recognizes several types of fraud, including by beneficiaries, BPJS staff, and providers. The ministerial decree also stipulates prevention of fraud activities to be conducted by BPJS. This entails the development of additional policy and guidance, including establishment of an “anti-fraud organization/governance culture” as well as setting up of a team dedicated to anti-fraud activities within BPJS Health. The anti-fraud team will be tasked with detecting fraud using regular analysis of JKN claims data, including by means of (a) identifying data anomalies, (b) predictive modeling, and (c) finding cases. Claims data analysis for high-level referral centers is conducted manually and/or by a clinical application integrated with the case-based payment application. Once fraud is suspected, the decree stipulates that BPJS Health needs to have an investigation team to assess the evidence further. If the case is confirmed to be fraudulent, the decree outlines administrative sanctions, including verbal reprimands, written warnings, orders of return of loss to injured parties, and, in the case of providers, an additional fine equivalent to a maximum of 50 percent of the total loss due to JKN fraud. These administrative sanctions would be in addition to any additional criminal sanctions imposed according to laws and regulations. BPJS uses three primary avenues for mitigation of fraud: (a) use of verifiers: these are staff—some embedded within large hospitals, others in branch offices—of about 300 that look at the validity of claims with the overall objective of prevention at the time the claim is made; (b) use of actuaries/risk managers who oversee general risk management, evaluate risk management policies, and supervise analysis of claims data; and (c) use of internal auditors who undertake standard audit functions post-payment of claims. Recent assessments indicate that the largest sources of fraud found by verifiers have been related to the areas of upcoding and unbundling. Verifiers can cancel claims but cannot take any other action against providers. Any further action must be taken by BPJS in conjunction with the Ministry of Health and the doctors’ association. These actions, however, are limited to private providers, as no sanctions can be taken against public providers. Issues with the latter are typically resolved through mediation sessions that are held four times a year. In addition, there is a lot of focus on educating providers to improver compliance with the rules of the program THE PHILIPPINES The Philippines, with a population of 105 million and GNI per capita of US$3,660, is a lower-middle-income country in the East Asia and Pacific region. In 2015, per capita total health expenditures were US$127, or 4.6 percent of the country’s GDP. In 1995, the Philippine Government established PHIC to provide financial protection to all Filipinos regardless of their socioeconomic status. There are four types of PHIC memberships: (a) mandatory formal employees, (b) voluntary informal employees, (c) nonpaying senior citizens, and (d) indigents. The national government identifies the indigent population using means testing, and the national government subsidizes their premiums. In 2017, around 93 percent of the 104 million Filipinos were covered by PHIC, of which 30 percent were indigents. In 2016, PHIC inpatient hospitalization 11 expenditures amounted to over US$2 billion, with 8 million hospitalizations having an average expenditure of US$200 per inpatient case (PHIC 2017). The Philippine National Health Insurance Act guarantees that all needed health care services should be covered by the program. There is a negative list: only a few elective cosmetic procedures are not covered by the program. Premiums are set by PHIC based on political realities and actuarial analysis. Currently, the premium rate is 2.75 percent of monthly salary shared equally by the employee and employer (for non-indigents). All public and private hospitals licensed by the Department of Health are automatically accredited/empaneled by the program. In 2017, there were 1,241 contracted hospitals for inpatient care services, 60 percent of which were private. Currently, PHIC reimburses health care providers using case rate bundled payments, using a country-specific disease-related group payment mechanism. The cost associated per case was calculated using historical claims data and not from a detailed costing exercise. A detailed costing exercise was conducted only for a group of special cases (called Z benefit) of high-cost procedures or treatment, for which the costs were based on clinical practice guidelines. Policies on special case rates are also explicit in regulating co-payments. A patient admitted to a non-private ward should not incur any OOP payment, and a patient admitted to a private ward could pay an indicated maximum amount of co-payment (the co- payment should not exceed the case rate amount). For the regular case rates, co-payments are not regulated. Patients may be asked to pay different and unpredictable levels of OOP payments (on top of the case rate). A no-balance billing policy for indigents admitted in government facilities was introduced in 2014. PHIC conducts pre-authorization of certain cases (for example, for the Z benefit package). For the special case rates, PHIC only contracts selected public facilities. Although clinical practice guidelines were used in the costing for the special case rates (the Z benefit), in practice, there are no standard treatment guidelines for hospitalization. There is no global budget nor explicit volume controls except for some benefit packages such as dialysis treatment. The Philippines does not have a strict referral system, and PHIC patients can go directly to high-level facilities without going through primary care clinics. Processing of claims is done in-house by the agency that administers the program—PHIC. PHIC is a government-controlled corporation, which is separate from the Department of Health. However, the secretary of the Department of Health is the chairman of the board of PHIC. Claims processing is highly decentralized. The local health insurance offices (around 100 in the country) manually encode the claims submitted by providers in hard copies. Although PHIC has been planning to shift to electronic claims, as of now, claims processing remains largely manual. The regional offices (17 in the country) then adjudicate the claims and process the payments to providers. During the claims management process, only a superficial audit is performed, such as checking for possible entry errors. No other processes exist to detect fraud apart from the random post-payment medical audit. PHIC has 5,000 employees all over the country, around half of whom are contractual employees. Recently, the government increased the number of plantilla positions (that is, government employees approved by the Department of Budget and Management) in PHIC, but regional offices have leeway in hiring new staff. Most regional offices hired rank-and-file employees to augment manpower to deal with day-to-day transactions, few of whom have technical expertise to conduct state-of-the-art claims auditing. The Philippine Health Insurance Act of 2013 provides the legal framework for fraudulent acts of health care providers. The implementing rules and regulations of the law define the following as fraudulent acts: (a) padding of claims; (b) claims for non-admitted patients; (c) extending period of confinement; (d) post-dating of claims; and (e) misrepresentation by false or incorrect information (for example, upcoding, code substitution). Each of these fraudulent acts has a corresponding penalty including revocation of accreditation (PHIC 2013). Given the current decentralized structure of PHIC, the regional offices are at the forefront in detecting fraudulent claims, and the central office provides policy guidance to regional offices. In 2014, PHIC established a system through a circular order that monitors the performance of its health care providers. The system monitors four critical areas: quality of care, patient satisfaction, financial protection, and fraud detection. PHIC employs multiple tools and monitors these critical areas at the regional level. For fraud detection, PHIC performs claims and service profiling every quarter and requests hospitals to submit the 12 Mandatory Monthly Hospital Report (MMHR) to determine the profile of health care providers in terms of patient load, bed occupancy, and health service delivery patterns. Regional offices do not routinely employ sophisticated modelling techniques to analyze claims patterns to detect potentially fraudulent claims. Instead, they detect fraud using random medical audits conducted by physicians after the payment is made. Usually, 2–3 doctors per region serve as medical audit doctors (approximately 50 in all regions). Sometimes, they pre-select based on experience the claims with certain diagnoses or those submitted by a certain health care provider. Medical audits are used for assessing quality of care. For financial protection, PHIC conducts exit interviews with indigent patients to determine whether health facilities followed the no- billing policy. Given the series of fraudulent claims discovered in recent years (for example, upcoding of pneumonia cases and overbilling of cataract surgery), PHIC set up an anti-fraud task force. The task force is supposed to review, improve, or create processes, systems, and policies to prevent fraudulent activities from recurring. It will also assess the composition and current functions of the Fact-Finding Investigation and Enforcement Department (FFIED) and identify areas prone to fraudulent activities, considered “red flags”. REPUBLIC OF KOREA The Republic of Korea is a high-income country with a population of 51 million and GNI per capita of US$27,250 in 2015. Total health expenditure per capita was US$2,013 USD, amounting to 7.4 percent of GDP. National Health Insurance (NHI) was first introduced in 1979 for employees in large corporations, and universal coverage of the population was achieved in 1989. All insurance funds were merged into a single payer in 2000. Total health insurance claims for inpatient care amounted to KRW 25.1 trillion in 2017, in association with over 15 million hospitalizations. This amounted to an average claim of over US$1,400 per hospitalization in 2017. The contribution rate for workers is 6.24% of the wage income as of 2017, equally shared by the employer and employee. The contribution rate for the self-employed is based on their reported or assessed income. The National Health Insurance Service (NHIS) is the primary agency responsible for both national health insurance and long-term care insurance. It addresses eligibility of the insured, sets and collects insurance contributions, and manages health insurance benefits, including health checkups. It is supervised by and accountable to the Ministry of Health and Welfare (MoHW), which has indirect control over the operation of the NHIS through budget approvals and the formulation and implementation of health insurance-related policies (Kwon 2018). The Health Insurance Review and Assessment service (HIRA) is responsible for reviewing claims submitted by providers, assessing the appropriateness of health care based on clinical guidelines and clinical decisions of peer providers, and developing standards for benefits. Although NHIS is responsible for reimbursing providers, HIRA also plays an important role in purchasing services. It is responsible for claim review and quality monitoring, guidelines for quality, setting criteria for reimbursement, payment system design, listing and classification of procedures, pharmaceuticals and materials for provider payment and claims, and resource management through the profiling of providers and high-cost technology (Kwon, Lee et al. 2015). NHIS and HIRA provide technical inputs and evidence to the Health Insurance Policy Deliberation Committee, which makes final decisions on the benefit package and contribution rates. The Committee consists of 25 members, with the Vice-Minister of Health and Welfare as the chair. It is a tripartite committee of payers, providers, and experts/public agencies, with eight members drawn from payers (labor unions, employer associations, civic groups, patient groups, and others), eight from providers (physician associations, hospitals, dentists, pharmacists, nurses, and traditional physicians), and eight representing public interests (MoHW, Ministry of Finance, NHIS, HIRA, and four independent experts). The benefit package is explicitly defined and mostly focuses on curative services such as diagnosis, treatment, traditional medical care, emergency care, pharmaceuticals, dental care, biannual health check- ups, and others. Private health care providers have played a key role in health care service provision in Korea, and they are mandatorily contracted as providers under the insurance system. More than 90% of health care providers are private (Kwon, Lee et al. 2015). 13 There are clinical pathways and standard treatment guidelines for hospitalization, although these are typically not enforced. FFS is the main provider payment method and is used for all outpatient care and the majority of inpatient care. HIRA categorizes services and procedures for the fee schedule under FFS, and this is based on the resource-based relative value system. Relative values are periodically adjusted with the participation of provider associations. The conversion factor (monetary value per relative value) is negotiated between NHIS and provider associations each year. If the negotiation fails, the committee makes a final decision on the fee increase (conversion factor). DRG-based case payment is used only for seven minor disease groups since July 2012. Per-diem payment for 15 different patient types (based on severity) is applied to long-term care hospitals. HIRA is responsible for the classification, pricing, and evaluation related to DRG-based payment. Claims processing is conducted by HIRA. Over 99 percent of claims are submitted electronically by providers. In addition to its headquarters, HIRA has 10 local branch offices across the country with 2,771 full-time staff in 2017. Drawing on its highly technical expertise, HIRA plays a key role in the review and assessment of NHI. About 70 percent of workers in HIRA are comprised of health care professionals (physicians, nurses and pharmacists), 10 percent are IT specialists, and 20 percent work in administration. The research institutes of NHIS and HIRA have a large number of health economists and health service researchers. Moreover, HIRA is in charge of developing various tools of quality improvement such as public disclosure of performance and pay-for-performance programs (Kwon 2018). HIRA conducts medical claims review to ensure that claims are submitted according to the standards under the NHI Law. The medical claims review includes electronic checkup, Artificial Intelligence (AI)-based electronic review, close review, and post-management. All claims undergo electronic checkup to ensure the accuracy of basic information, such as disease code, claim code, and the service price. The AI-based electronic review deploys IT technology and staff expertise to conduct a seven-step analysis. In close review, claims with a high probability of error or requiring professional medical judgment are referred to review staff for manual scrutiny. More complex cases are once again referred to committee review. HIRA also conducts a post-management review in certain cases. If providers or the insurer do not accept HIRA’s decision, they can file an appeal with supporting documents (Park, Yoon et al. 2012). The National Health Insurance Law outlines the responsibilities of each party (beneficiaries, the insurer, and providers). The law defines fraudulent activities, such as padding of claims or submission of false or incorrect information. Examples include up-coding, code substitution, duplicated claims, claims for the deceased, billing services or supplies that are not approved by MoHW, and others. The law also outlines the administrative and criminal consequences of fraud, including suspending payments to providers, revocation of accreditation, financial penalties, and public announcement. In NHIS, the Department of Medical Institution Support is comprised of 75 full-time staff dedicated to addressing fraudulent activities of providers. There are several fraud policies and guidelines. Since 2007, NHIS has operated the National Health Insurance Benefits Management System, using data mining techniques to address fraud. This system is based on rule-based techniques, outlier analysis, and predictive/regression-based models. Since 2004, NHIS has also participated in on-site investigation with HIRA (Kyong-Youl Gong 2014). In HIRA, the Review and Post Management Department consists of 105 full-time staff and the On-Site Investigation Department employs 182 full-time staff dedicated to dealing with fraudulent activities of providers. There are several fraud-related policies and procedures in HIRA. Firstly, there is “the self- regulated claim management system”. Health care providers are informed of the results of the trend analysis, comparing their claims with those of peer groups. They are encouraged to change their outlier behaviors on their own initiative. Secondly, there is on-site investigation. During the review and assessment procedure, HIRA may request an investigation of providers with a high probability of claiming fraudulent charges. HIRA also announces the list of providers with fraudulent or illegal claims based on pre-specified criteria. Table 4 shows the status of on-site investigation. HIRA performed on-site investigation of about 950 health care providers in 2017, or about 1.3 percent of all providers, and identified fraudulent activities for about 90 percent of those providers investigated. The total amount of fraudulent funds was about KRW 38 billion, or about 4.8 percent of total claim values of NHIS. Thirdly, there is the medical fee verification procedure which examines whether the medical fee paid by patients for non-covered services (i.e., those not included in the benefits package) is in accordance with statutes. When patients request medical verification, HIRA may request related documentation from the provider and proceed with analysis and 14 review. The patient and provider will be informed of the results, and the provider refunds any extra charges to the patient. (Kyong-Youl Gong 2014). Figure 2. Process of on-site investigation in Korea’s National Health Insurance Fraud detection Post management On-site investigation - MoHW -Notify violation of laws - Selection of target providers -Reporting and public - HIRA - Conduct investigation announcement - NHIS - Recalculation process -Penalty implementation - Other institutions - Provider statement -History management (Prosecution or Police) - Administrative measure -Administrative dispute - Public complaints Source: Adapted from http://www.hira.or.kr/eng/about/08/02/index.html. Table 4. On-site investigation status in Korea’s National Health Insurance, 2013-2017 Fraudulent No. of Total funds per No. of fraudulent Fraudulent No. of facilities facing legal proceedings fraudulent facilities facilities funds Year facility being (% of total investigated (billions (thousands Suspension Financial providers Type Confiscation KRW) KRW) of service penalties investigated) 793 NHI 307 174 290 2013 931 18.6 23,443 Medical (85.2%) 64 40 413 Aid 769 NHI 253 213 287 2014 842 23.7 30,874 Medical (91.3%) 69 45 313 Aid 813 NHI 248 177 213 2015 875 32.6 40,115 Medical (92.9%) 65 38 186 Aid 893 NHI 163 157 268 2016 974 46.4 52,001 Medical (91.7%) 57 54 133 Aid 848 NHI 43 72 207 2017 946 38 44,777 Medical (89.6%) 14 8 49 Aid Source: HIRA 2018. Note: US$1 equals approximately KRW 1,100. Note: Medical Aid is a fully tax-funded program for the poor, accounting for about 4 percent of the population. As there is no copayment and the poor have higher health needs, it has more cases of fraud than NHI. CROATIA Croatia, with a population of 4.1 million and a GNI per capita of US$12,430, is a high-income country in the Europe and Central Asia region. In 2015, per capita total health expenditures were US$852, or 7.4 percent 15 of the country’s GDP. A mandatory health insurance program was introduced in 1993 with the establishment of the CHIF, the only insurer that provides universal health coverage to the whole population (100 percent coverage). CHIF health care expenditures amounted to US$3.1 billion, of which US$1.3 billion was spent on hospital care. With 658,000 hospitalizations in 2017, this represents an average claim of US$2,000. There are no explicit positive lists of services and goods covered under the program, but most services are covered except for unnecessary health care services (for example, cosmetic procedures). The premium rate is 15 percent of the payroll, paid entirely by the employer on behalf of employees. The contribution rate for the self-employed is calculated on a sliding scale based on their reported income. The government subsidizes the contributions of the vulnerable population (unemployed, elderly, children, and military personnel). CHIF contracts both public and private providers, but the majority of health providers in the country are publicly owned. CHIF funds health care providers using bundled payment for inpatient care (case-based payments, using a modified version of the Australian system). In addition to bundled payments, CHIF also uses a global budget. Hospitals are given hard budgets every year and receive additional payments for certain expensive procedures (such as transplantations, interventional cardiology, and interventional neurology). CHIF also uses pay-for-performance. Hospitals can receive additional payments if selected key performance and quality indicators are achieved. Individuals enrolled in the mandatory health insurance program are required to make co-payments (some groups are exempt) to access publicly provided health services or have the option of purchasing complementary health insurance to cover these expenses. Co-payments are 20 percent of the hospital bill but cannot exceed US$315 per case. Patients with a supplementary insurance package usually incur no OOP payments. Around 85–90 percent of the population is covered with some type of supplementary insurance. There are standard treatment guidelines for hospitalization, and compliance is compulsory. There are controls on overall provider activity. Volume of provider activity is monitored, and volume or budget targets are clearly defined. As noted earlier, hospitals have hard budgets. If a hospital exceeds its annual budget, it will not receive additional funding for any bills levied for further services provided. As part of CHIF’s cost- containment program, Croatia also has a gatekeeping system (Džakula et al. 2014). CHIF processes claims in-house. CHIF is a separate body from the Ministry of Health. While the Ministry of Health oversees the entire health care system and performs a wide range of policy-related activities (for example, managing health care legislation, proposing budgetary expenditures, monitoring health condition and health needs of the population, and overseeing education of health care workers), CHIF is responsible for day-to-day health insurance operations. As the major purchaser of health services, CHIF also plays a role in the definition of basic health services, the establishment of performance standards, and price setting. CHIF is overseen by a governing council, consisting of representatives of the insured population, the Ministry of Health, Ministry of Finance, and health care providers (Voncina et al. 2018). The main office of the CHIF is in the capital city, Zagreb, and is responsible for contracting with health care providers. In addition, there are four regional offices that oversee the execution of contracts. CHIF has 2,120 full-time employees, and around 50 employees are responsible for managing fraud. CHIF has internal regulations and guidelines that guard the fund against fraudulent activities. Within CHIF, the Department of Hospital Claims Management handles this responsibility. CHIF uses an IT management system that routinely detects potentially fraudulent claims. The system has triggers and alerts designed for expensive procedures and treatments such as transplantations, interventions, neuroradiology, and artificial ventilation. If the system flags potentially fraudulent claims, the Medical Control Department will audit the claims manually. CHIF has also recently piloted a project for cloud-based machine learning that uses rules-based and outlier analysis. In addition, CHIF also conducts random claims and beneficiary audits either before or after the provider is reimbursed. In the process, if CHIF finds incorrect claims or detects fraud, claims are rejected and sent back to the hospitals for correction. According to the contract with providers, CHIF can retain up to 3 percent of the monthly hospital budget in the case of fraud. Because most of the hospitals are public, however, the government does not enforce penalties or sanctions. Rather, CHIF rejects the claims payment to hospitals, informs about findings, and asks for corrections. False claims and upcoding are the most common type of provider fraud. 16 CHIF also conducts activities to prevent potential fraud. It requires pre-authorization for expensive procedures and for procedures that cannot be performed in the country. For example, CHIF needs to grant approval before a patient can seek treatment abroad. TURKEY Turkey, with a population of 81 million and a GNI per capita of US$10,930, is an upper-middle-income country in the Europe and Central Asia region. In 2015, per capita total health expenditures were US$455, or 4.1 percent of the country’s GDP. Turkey has a long history of providing health care to its citizens. Before 2008, sources of financing were fragmented, with multiple insurance programs covering specific population groups. In 2008, all insurance programs were amalgamated. The unified general health insurance program is administered by the SGK. In 2017, about 99 percent of the population was covered by the program. SGK expenditures to hospitals amounted to over US$9.7 billion with 13 million hospitalizations (average expenditure per inpatient case: US$750). The benefits package for hospitalization is positively defined. SGK, however, does have a broad list of exclusions that are not covered by the program, such as orthodontic procedures for aesthetic purposes, health care services that are not licensed or not accepted as a medical health care service by the Ministry of Health, and, in some instances, chronic conditions of foreigners. SGK collects premiums from individuals who are formally employed and from those who can pay. The premium rate is 12.5 percent of the mean gross salary, and for those who are formally employed, the premium is shared by the employee and the employer: 5 percent is paid by the employee and 7.5 percent by the employer. The government subsidizes the premiums of poor households. SGK contracts both private (for-profit and nonprofit hospitals) and public providers (including university hospitals). Around 60 percent of hospitals are government owned, and the rest are private hospitals. The prices of health care services are determined by a commission composed of representatives from government agencies (for example, the Ministry of Labor and Social Security, Ministry of Finance, Ministry of Health, Ministry of Development, Treasury, and SGK) and the private hospitals. SGK and the Ministry of Health fund health care providers using different mechanisms. Government hospitals receive a fixed global budget and performance bonuses from the Ministry of Health, which are eventually pooled into a revolving fund and used to pay for salaries and investment costs. SGK uses case-based payment (diagnosis-related groups) to pay health care providers for inpatient care services rendered to its beneficiaries. There is a negotiated and explicit extra billing in private hospitals, and the level of co-payment is dependent on the classification of the hospital. There are established standard treatment or clinical practice protocols, but it is not compulsory for providers to follow them. There is an incentive to provide better quality of care because of the introduction of pay-for- performance and outcome-based financing. The country has recently established a health technology assessment (HTA) unit to determine cost-effective interventions, but it is not yet fully operational and currently does not have independence from health care providers. Turkey is one of the few OECD countries without strong obligations or incentives for patients to visit primary care before going to higher-level facilities. Although there are programs to encourage gatekeeping, they are not strictly enforced (OECD 2014). SGK processes claims in-house. It is a separate agency from the Ministry of Health. The Ministry of Health is the “steward” of the health system and is responsible for policy making, regulation, and monitoring and evaluation. On the other hand, SGK is the single purchaser of services and is responsible for day-to-day operations of the health insurance program. Currently, SGK has 26,000 of employees, and about 16 people audit the health insurance operations. There are existing legal and regulatory frameworks that guard the system against fraud, and these are enshrined in the social insurance and general insurance laws, and health implementation communique. Also, SGK and private providers have a legally-binding contract that outlines penal and administrative provisions against fraudulent acts. Possible sanctions of fraudulent acts include denial of claims, financial penalties, blacklisting, and legal proceedings. 17 Within SGK, the Departments of Internal Audit, Department of Guidance and Investigation, MEDULA and Information Applications, and Court of Accounts are the responsible units/offices that handle prevention and detection of fraud. SGK uses an integrated information system called MEDULA for the electronic collection of billing information from health care providers and payments to health services by SGK. Under the health budget law, all public and private health care providers under contract with SGK are required to submit claims through the system. MEDULA has the capacity to detect potential fraud. It has a list of “red flags” which alert SGK for potentially fraudulent or erroneous claims; the list is regularly updated. SGK uses sophisticated analytical techniques to detect potential fraud such as rules-based, predictive modelling, and outlier analysis. A specific ddepartment handles these fraud detection functions. SGK also conducts well- established audit mechanisms, such as on-site visits, random pre-authorization, claims (post-payment and prepayment audits), death, and beneficiary audits. THE UNITED STATES The United States, with a population of 326 million and a GNI per capita of US$58,270, is a high-income country. In 2015, per capita total health expenditures were US$9,536, or 17 percent of the country’s GDP. Americans obtain health coverage from public and private sources. Medicare and Medicaid are the major public sources, covering senior citizens and the poor (respectively). The remainder of the population is covered through private health insurance plans. About 91 percent of the U.S. population has some form of health insurance coverage. Around 67 percent is covered by private health insurance and 37 percent by public health insurance (17 percent with Medicare and 19 percent with Medicaid) (Barnett and Berchick 2017). CMS administers Medicare, a federal government health insurance program for senior citizens (65+ years) and persons with disabilities. CMS also coordinates with state governments in implementing Medicaid, a government insurance program targeting the low-income population. Medicare has four parts: Part A, Part B, Part C, and Part D. Part A covers hospital and hospice care. Part B covers outpatient care services. Parts C and D are administered and run by private insurers and are simply a different way of receiving Medicare Part A and Part B coverage. In 2017, Medicare Part A inpatient expenditure was US$181 billion. With 8 million hospitalizations, this amounted to an average expenditure of US$22,625 per hospitalization (CMS 2017b). The benefits package for Medicare Part A (hospital insurance) includes inpatient care, skilled nursing care, and long-term care (in hospital). The benefits package is positive and explicit. There is also a negative list, which excludes services such as private duty nurse, add-ons to the basic accommodation, and personal care. The premiums for Medicare Part A (2.75 percent of GNI) are collected from payroll tax, equally shared by employers and employees. CMS reimburses public (state, local, and federal); private nonprofit; and private for-profit providers. Medicare pays hospitals using a prospective payment system. The base rate corresponds to over 700 different categories of diagnosis (that is, using diagnosis-related groups). Medicare’s payments to hospitals only account for a portion of hospitals’ capital and operating expenses. Some hospitals, such as teaching hospitals and those with higher shares of low-income beneficiaries, receive additional payments. Recently, Medicare began to penalize hospitals with low quality by reducing the rate. Medicare Part A has an inpatient deductible (a formal co-payment). CMS has clinical pathways and/or standard treatment guidelines for hospitalization. Medicare introduced incentive programs (for example, value-based programs) that reward providers that adhere to clinical practice guidelines. Processing of claims is contracted out to third-party administrators. CMS employs around 4,000 staff and heavily relies on contractors to perform a wide range of functions. Currently, CMS has 16 Medicare Administrator Contractors (MACs) to process 4.6 million claims daily. CMS defines and categorizes activities that lead to improper payment: (a) error, includes mistakes in coding, not necessarily deliberate; (b) abuse (improper billing practices such as upcoding); (b) waste (for 18 example, ordering of excessive test or health care); and (d) fraud (billing services or supplies that are not provided). There are many existing laws against fraud and abuse in the United States (for example, False Claims Act, Anti-Kickback Statute, Physician Self-Referral Law, Social Security Act). CMS has a focal agency that manages fraud—the CPI. CPI was created in 2010 to strengthen and better coordinate existing and future activities to prevent and detect fraud, waste, and abuse in Medicare and Medicaid programs. The deputy administrator of CMS, who is appointed by the President, also serves as the overall director of CPI. There are approximately 400 employees in CPI. CPI is composed of several groups including (a) Medicare Integrity Group, which develops policies, regulations, and guidance in collaboration with the private sector and contractors; (b) Medicaid Integrity Group, which provides technical assistance to state governments to prevent fraud and abuse in the Medicaid program; (c) Data Analytics Group, which serves as the focal point for data analytics and designs and implements sophisticated analytical models to identify fraud and abuse; (d) Provider Enrollment Operations, which works closely with providers and contractors to resolve any provider enrollment issues; and (e) Program Integrity Group, which closely coordinates with government enforcement agencies to collect penalties against providers that submit fraudulent claims. Over the last 20 years, CMS has introduced numerous systems and technologies to detect fraud. The latest innovation to detect fraudulent claims in Parts A and B Medicare claims was introduced in 2010–2011. CMS uses the following methods for fraud prevention: (a) rules based, (b) anomaly analysis, (c) predictive analysis, and (d) social network analysis. The rules-based model is a collection of rules used to identify potentially fraudulent claims. CMS identifies a set of conditions that, if satisfied, tag a claim as fraudulent. Examples of cases detected by rules-based model include “impossible day of admission” or a claim for a previously stolen Medicare number. Anomaly detection analysis examines the deviation of a claim from the average or from its peer group. For example, CMS identifies a provider that submits a significantly higher number of claims in a single day compared to 99 percent of other providers. The predictive model uses a set of characteristics of a fraudulent provider or claim. CMS uses regression models to establish these characteristics. Social network analysis identifies the links of health providers. If a health provider is linked to an address of a provider who committed fraud in the past, this will alert the system. For the Fraud Prevention System to be effective, CMS regularly gathers a multidisciplinary team composed of economists, statisticians, programmers, and clinicians to identify new and emerging fraud, which then allows CMS to refine and update the system on a regular basis. The new systems screen all Medicare Parts A and B claims before payment, subjecting all claims to the four analytical methods. In addition to historical claims data, CMS also uses other complementary databases (for example, data from complaints). Alerts are then created as each model identifies claims that may be fraudulent. The system also ranks suspected fraudulent claims based on risk. After the report is produced, another set of contractors called ZPICs investigate providers with the highest risk for fraud and perform “boots-on-the-ground” activities, including site visits and medical chart review. Based on the findings of the ZPICs, CMS implements appropriate actions, such as pre-payment review, revocation, payment suspension, or law enforcement. 19 V. REFERENCES Besfin. 2017. Healthcare Sector in Turkey. Istanbul. Barnett, J., and E. Berchick. 2017. Current Population Reports, P60-260, Health Insurance Coverage in the United States: 2016. Washington, DC: U.S. Government Printing Office. Bauhoff, S. 2018. Preventing and Detecting Fraud in Health Insurance Administrative Data. Washington, DC: World Bank. CHIF (Croatia Health Insurance Fund). 2017. Business Report: Croatian Health Insurance for the Year 2017. Zagreb. CMS (Centers for Medicare and Medicaid Services). 2017a. Medicare Fraud and Abuse: Prevention, Detection and Reporting. Baltimore. _____. 2017b. CMS Fast Facts. Džakula, A., A. Sagan, N. Pavić, K. Lončarek, and K. Sekelj-Kauzlarić. 2014. “Croatia: Health System Review.” Health Systems in Transition 16 (3): 1–162. Gee, J., and M. Button. 2015. The Financial Cost of Healthcare Fraud 2015. What Data from Around the World Shows? University of Portsmouth. Health Insurance Review and Assessment. (2018). "On-site investigation status." Retrieved November, 2018, from https://www.hira.or.kr/dummy.do?pgmid=HIRAA040037020000. Kwon, S. (2018). Advancing Universal Health Coverage: What Can Developing Countries Learn from the Korean Experience?. Universal Health Coverage Study Series 33. Washington DC, World Bank. Kwon, S., T.-J. Lee, et al. (2015). Republic of Korea Health System Review. Manila, World Health Organization Regional Office for the Western Pacific. Kyong-Youl Gong, J.-J. P., Han-Yul Lee (2014). The empirical review of national health insurance in Korea. Sejong, KDI School of Public Policy and Management. Mahendradhata, Y., L. Trisnantoro, S. Listyadewi, P. Soewondo, T. Marthias, P. Harimurti, and J. Prawi. 2017. “Indonesia: Health System Review.” Health Systems in Transition 7 (1): 1–180. Mikkers, M., Sauter, W., Vincke, P., and J. Boertjens. 2017. Health Care Fraud, Corruption and Waste in Europe. The Hague: Eleven International Publishing. Ministry of Health (Turkey). 2016. Health Statistics Yearbook. Ankara. Ministry of Health (Indonesia). 2015. Ministerial Decree No: 36-2015: Fraud Prevention in the Implementation of Health Security Programs Under the National Social Security System. OECD (Organization for Economic Co-operation and Development). 2014. OECD Reviews of Health Care Quality: Turkey 2014: Raising Standards. OECD Publishing. _____. 2017. Tackling Wasteful Spending on Health. Paris: OECD. Park, Y.-T., J.-S. Yoon, et al. (2012). "Health insurance claim review using information technologies." Healthcare Informatics Research 18(3): 215-224. 20 PHIC (Philippine Health Insurance Corporation). 2013. The Revised Implementing Rules and Regulations of the National Health Insurance Act of 2013. _____. 2017. Stats and Charts 2017. Rashidian, A., H. Joudaki, and T. Vian. 2012. “No Evidence of the Effect of the Interventions to Combat Health Care Fraud and Abuse: A Systematic Review of Literature.” PLOS One 7(8): 1–8. SGK (Sosyal Güvenlik Kurumu, Social Security Institution). 2016. Republic of Turkey Social Security Institution: Introductory Booklet. Ankara. Van Stolk, C., and Tesliuc. 2010. Toolkit on Tackling Error, Fraud and Corruption in Social Protection Programs. Washington, DC: World Bank. Voncina, L., A. Arur, F. Dorčić, and D. Pezelj-Duliba. 2018. “Universal Health Coverage in Croatia: Reforms to Revitalize Primary Health Care.” Universal Health Care Coverage Series 29, World Bank Group, Washington, DC. WHO (World Health Organization). 2011. “Prevention Not Cure in Tackling Health-care Fraud.” Bulletin of WHO, 89: 858–859. ———. 2012. Philippine Health Service Delivery Profile. 21 ANNEX I: ANTI-FRAUD QUESTIONNAIRE Mapping Institutional Structures and Approaches for Addressing Fraud in Government Sponsored Health Insurance Programs: International and Indian State Case Studies Purpose: The objective of this questionnaire is to systematically compile information on how different national and subnational programs address fraud/integrity violations/improper payments in processing hospital claims. The information collected will provide valuable comparative evidence on how health insurance programs are addressing fraud. I. Program Background Name of country/region/state Name of program/program(s) Year of creation Population coverage in 2017 Insurance or assurance mode Name of agency that administers the program Number of hospital claims processed in 2017 Total amount of hospital claims (in local currency) in 2017 N.B. – Choose largest program if there is more than one and they are managed separately. 1. What is the nature of the benefits package for hospitalization? Check all that apply  Positive list  Negative list (of non-covered procedures)  Benefits package not explicitly defined; all medically necessary procedures deemed covered  Other, please specify 2. Describe the scope/design of the costing exercise done to inform the pricing/package rates of the benefit package, if any. Please elaborate. 3. For hospitalization, what types of providers are included/empanelled under the program? Check all that apply  Public providers  Private, for-profit providers  Private, not-for-profit providers (including non-governmental/philanthropic providers)  Other, please specify Please elaborate, including approximate share of public vs. private providers if applicable 22 4. Are there differential empanelment processes depending on the type of service? Check all that apply.  There are empanelment processes that determine which services a hospital may provide based on staff/equipment/etc. (provide examples below)  Some benefits can only be availed at public hospitals (provide examples below).  Other, please specify 5. What is the nature of provider payments for hospitalization under the program? Check all that apply.  Fee-for-service  Line-item budget  Global budget  Case-based bundled payment (including Diagnosis-Related Groups)  Per diem payments  Other, please specify Please elaborate, including differences in payment modalities across public/private, if applicable 6. Are patient co-payments required for hospitalizations under the program?  Yes, for public facilities  No, for public facilities  Yes, for private facilities  No, for private facilities  It depends (provide details below if notable difference of formal vs. informal co-payments). 7. Does the program have standard treatment guidelines or clinical practice protocols?  Yes, standard treatment guidelines  Yes, clinical practice protocols  Yes, appropriate usage criteria  Yes, other  No 8. Are there any incentives or obligations to comply with standard treatment guidelines or clinical practice protocols (for example, defining first-line treatment)?  There are established standard treatment guidelines or clinical practice protocols, but there is no incentive or obligation to comply  There are financial incentives (rewards) or disincentives (penalties) to encourage compliance  Compliance is compulsory, but without effective monitoring and/or sanctions  Compliance is compulsory, with effective monitoring or sanctions  None  Other, please specify 23 9. Is there any regulation/control on provider activity? Check all that apply.  Volume of provider activity is regularly monitored  Providers usually receive feedback about their activities  Volume and/or budget targets are defined  Compliance with guidelines is monitored  None  Other, please specify 10. Who has the primary responsibility for claims processing under the program?  Processing is done in-house, administered by the program agency (for example, state trust in India)  Processing is contracted out to a third-party administrator, with oversight by the program agency  Processing is done by public insurance company(s) that administers the program  Processing is done by private insurance company(s) that administers the program Other, additional information/comments 11. How are claims submitted by providers?  Manual  Electronic  Both Other, additional information/comments 12. What is the process of submitting claims?  Directly to health insurance office  Through an intermediary Other, additional information/comments 13. How does the program process the submitted claims?  Manual claims processing  Electronic claims processing  Encoding Other, additional information/comments 14. Briefly describe the overall governance structure of the program/program (for example, relationship to Ministry of Health/Department of Health; separate entity/trust/unit within a department; governing bodies and/or steering committees that oversee the program/program, including their mandate/role). 24 15. Briefly describe the organogram including the local/district structures related to the program and reporting relationships to the main unit (Alternatively, provide supporting documents). 16. What is the staff strength of the program/program? (Probe for staff structure at the central (state) level, local (provincial / district) level and at empanelled provider level). # Full-time # on deputation/with additional charge # Contractual # qualifying as “senior management” 17. Briefly comment on background/expertise/skills/ToRs of staff (including central/local/facility levels). II. Institutional/regulatory mechanisms for addressing fraud 1. Which government agency/department has the primary responsibility for preventing/detecting/managing fraud under the program? Is there a dedicated division/unit/ department responsible for fraud? Please elaborate 2. Approximately how many full-time and part-time staff at this government agency/department are employed whose primary responsibility is preventing/detecting/managing fraud under the program? Please elaborate 3. Are any of the activities related to prevention/detection/management of fraud contracted to outside agencies, including insurance companies and third-party administrators? Do they typically have dedicated divisions/units/departments responsible for fraud? Please elaborate 4. Approximately how many full-time staff at these contracted partners (insurance companies/third-party administrators/etc.) whose primary responsibility is preventing/detecting/managing fraud under the program? Please elaborate. 25 5. What supporting systems/tools exist to help address fraud? (Does a fraud policy exist? If so, is it Govt/insurer/TPA policy? Guidelines for addressing fraud? Dedicated IT system tools?) Please elaborate and provide relevant documents (if available). 6. Does the program have an explicit risk assessment/fraud management plan? Are there dedicated resources to support such a plan? Are the resources adequate? Has a capacity needs assessment been done to address fraud? Is there a capacity-building plan? Please elaborate and provide relevant documents (if available). 7. What is the relationship between the government agency/program/department and insurers/third-party administrators in terms of addressing fraud? Does the government provide any “public goods” to help address the problem? Do insurers/third-party administrators share data related to fraud? Are they mandated to do so? Are there regular meetings to exchange information? Please elaborate. 8. Briefly describe internal control mechanisms within the government agency/department (State Nodal Agency or Trust) to prevent/detect fraud within the organization? (Internal and/or external audits, data transparency, mechanisms for preventing collusion). Please elaborate. 9. What legal provisions exist to act against fraud? (for example, in staff contracts, vendor/supplier contracts, etc.) Are provisions adequate? Are they actionable? Please elaborate. 10. What general Government regulatory framework (laws, enforcement mechanisms, etc.) exists to deal with fraud? Who are the key stakeholders/institutions? Please elaborate and provide relevant documents (if available) 11. What is the regulatory framework (laws, enforcement mechanisms, etc.) specific to health insurance (or general insurance) to deal with fraud? What are the key institutions/stakeholders? Please elaborate and provide relevant documents (if available) 26 III. Fraud Prevention 1. Describe how the program/program addresses potential beneficiary fraud (for example, forged cards, black market in ID cards, etc.). Has this been a prominent challenge for the program/program? Please elaborate below. 2. What criteria are applied for empanelment? Is the pre-empanelment assessment process adequate? (for example, background checks, cross-referencing with other programs, on-site verification, etc.) Please elaborate below. Public providers: Private providers: 3. Do provider contracts clearly stipulate what types of activities constitute fraud?  Yes  No If yes, provide example(s) below 4. Do provider contracts clearly stipulate legal and/or financial consequences of fraud?  Yes, for all contracted providers  Yes, only for private providers  No If yes, provide example(s) below 5. Are any claims subject to pre-authorization (for example, requiring approval from “payor” before the intervention is undertaken) or pre-payment (requiring approval from “payor” after the intervention is undertaken but before payment is made)?  Yes, for all contracted providers  Yes, only for private providers  No If yes, provide example(s) below 27 6. Is there a requirement for hospitals to provide photo (or video) documentation of patients and/or services rendered)?  Yes, for all services  Yes, only for certain services  No If yes, provide example(s) below 7. Does the payor undertake on-site verification of providers to help prevent fraudulent activity? How is this done (randomly, structured, pre-announced, etc.)?  Yes  No If yes, provide example(s) below 8. Do payors have existing in-house training courses aimed at staff skills development to prevent and detect fraud?  Yes,  No If yes, provide example(s) below IV. Fraud Detection and Follow-Up 1. What audit mechanisms are utilized to detect fraud? Do these audits include medical management review (for example, with reference to standard treatment guidelines/clinical practice protocols/etc.)? Check all that apply.  Sample pre-authorization audits  Sample claim audits  Beneficiary audits (during or post-hospitalization)  Death audits Please elaborate. 2. When is post-audit conducted?  Before provider is reimbursed  After provider is reimbursed Other, additional information/comments 28 3. Who conducts the audit? Check all that apply.  Government agency  Insurance company  Third-Party Administrator (TPA)  Other Please elaborate. 4. Which providers are subject to claims audits? Check all that apply.  All contracted providers  Only for private providers  Other Other, additional information/comments 5. Is there any link between patient feedback mechanisms and fraud detection efforts? How?  Yes  No Other, additional information/comments 6. Does the program have an established list of “red flags”/triggers/alerts used to detect fraud? If yes, describe applicable processes (including whether updated and frequency of doing so).  Yes  No Other, additional information/comments 7. What types of analytical techniques are used to detect fraud? Check all that apply and provide specific examples where possible.  Rules-based (gender-, age-, service-, provider-specific “red flags”, etc)  Outlier analysis  Predictive/regression-based models  Social network analysis  Other Other, additional information/comments 8. Are these data-mining activities conducted by a government entity, insurer, or third-party administrator?  Government entity  Insurance company  TPA Please elaborate. 29 9. What are the most common types of provider fraud observed under the program? Check all that apply.  False claims, such as billing for services not rendered  Up-coding, such as billing higher rates than for services rendered  Unnecessary billing, such as billing for services that were not medically necessary  Unnecessary billing in the form of outpatient services that were “converted” into hospitalizations  Duplicate claims, such as, multiple billing for same patient/intervention  Multiple admissions for same intervention Other, additional information/comments 10. Describe the process followed when cases of fraud are discovered. Who is (are) the key decision-maker(s)? What is the role of government agency/department vis-à-vis other Govt entities, the insurance company (if applicable) and the third-party administrator (if applicable)? Please elaborate. 11. Describe the sanctions applied when cases of fraud are discovered. Check all that apply.  Financial penalties  Immediate blacklisting/de-empanelment  Blacklisting/de-empanelment only after reaching a specified number of infractions (for example, based on scoring system)  Legal proceedings  Other Other, additional information/comments 12. Are there any estimates of the share of claims that are fraudulent? Does the payor keep data on the number and type of fraud cases detected? If available, provide statistics on sanctions applied due to fraud during 2017. % of claims estimated to be fraudulent # confirmed cases of fraud # providers with confirmed cases of fraud # providers subject to financial penalties # providers black-listed # providers facing legal proceedings 30 13. Provide three examples of law enforcement cases due to health insurance fraud during the past three years. Please elaborate. 1. 2. 3. 31 This paper draws lessons from anti-fraud experiences in social health insurance programs of six selected countries across the income spectrum: Indonesia, the Philippines, Republic of Korea, Croatia, Turkey, and the United States. A standardized questionnaire was used to collect information on how the programs prevent, detect, and deter fraud. The questionnaire was supplemented by a literature review and conversations with key informants. The analysis summarizes similarities and differences in the legal framework, institutional mechanisms, and capacity to manage fraud. Across all countries, the primary responsibility for managing fraud lies with the public entity that administers the program. In terms of capacity, all program-administering agencies have dedicated anti-fraud units and staff. In addition, all countries have specific anti-fraud policies and guidelines that address fraud and have a clear operational and legal definition of fraud. In terms of preventing fraud, the use of pre-authorization screening for high-end procedures is common. For detecting fraud, most countries use anti- fraud “hotlines” and encourage other forms of reporting of suspected fraudulent behavior; the use of “red flags”— triggers that identify suspicious claims based on deviations from norms—is also common. The level of sophistication in using data analytics to detect potential fraud, however, varies across countries. Social health insurance programs in higher-income countries are more likely to use advanced statistical and data-mining techniques compared to those in lower-income countries. All programs across all countries undertake post- reimbursement medical claims and beneficiary audits. In terms of deterring fraud, sanctions often include the use of financial penalties, cancellation of contracts, and criminal prosecutions; however, in most countries, public providers are not penalized and prosecuted to the same degree as private providers. ABOUT THIS SERIES: This series is produced by the Health, Nutrition, and Population Global Practice of the World Bank. The papers in this series aim to provide a vehicle for publishing preliminary results on HNP topics to encourage discussion and debate. The findings, interpretations, and conclusions expressed in this paper are entirely those of the author(s) and should not be attributed in any manner to the World Bank, to its affiliated organizations or to members of its Board of Executive Directors or the countries they represent. Citation and the use of material presented in this series should take into account this provisional character. For free copies of papers in this series please contact the individual author/s whose name appears on the paper. Enquiries about the series and submissions should be made directly to the Editor Martin Lutalo (mlutalo@ worldbank.org) or HNP Advisory Service (askhnp@worldbank.org, tel 202 473-2256). For more information, see also www.worldbank.org/hnppublications. 1818 H Street, NW Washington, DC USA 20433 Telephone: 202 473 1000 Facsimile: 202 477 6391 Internet: www.worldbank.org E-mail: feedback@worldbank.org