To share or not to share? The tightrope of fighting government fraud


Data.  Google uses ours every day, and most people aren't concerned.  When our government is looking over our shoulders, however, tensions rise quickly.  On the one end lies the recent scandals with the National Security Agency (NSA), which is apparently spying on you, me, and Angela Merkel.  On the other lies case after case of failure to watch the gates, and letting billions of dollars of fraud, waste and inappropriate payments go out the door.

The total size of the problem is really unknown.  However, there are a number of studies that try to put things into perspective.  According to the federal government, the 3-year rate of erroneous payments nationally sits at 7.1%, down from 9.4% just a couple of years ago.  The goal for 2013 is 6.4%.  However, put into dollars, that is $19 billion going out the door that shouldn't be.  Unemployment is even worse, with the latest annual study from the U.S. Department of Labor pegging the national rate at 10.8%, although they claim an unrealistically low 2.85% are actual fraud.  Unlike the Medicaid numbers, this study doesn't hide the results from individual states, which ranged from a low of 3.7% in Vermont to a high of nearly 22.8% in Pennsylvania.  Shockingly, a study of the SNAP (food stamps) program puts error rates in the low single digits for every state, and just 2.77% nationally for 2012.

Not surprisingly, most of the states I've talked to dispute those federal studies, particularly the detailed numbers in the unemployment report.  Earlier in the year, one state pushed back at legislative efforts to address fraud in the Medicaid program, stating that there was "no proof" that they "even have a problem".  Maybe the study in Medicaid should go down to the state level as well?  Almost all of these are definitely understating the problem.  Truly knowing the rate of fraud and abuse is difficult.  Most experts in the field and economists that study it peg it at 10% or higher.  Malcolm Sparrow of the John F. Kennedy School of Government at Harvard, has written and spoken about these issues at length.  He has testified before congress about the weaknesses of evaluative methodologies in use in health care, particularly in the Medicaid and Medicare programs, and noted that fraud could be 20 or 30%.

Clearly, a balance must be struck between constant monitoring of the populace at large for a threat that may or may not exist, and failing to mind the gates.  Somewhere in the middle is an approach based on risk.  Individuals receiving significant funds from government programs, regardless of which programs, present a risk for fraud and abuse.  If you, or I, aren't collecting unemployment, or food stamps, or welfare, or on Medicaid, we aren't in the expenditure column, and shouldn't have all our private information poured over.  On the other hand, if you are choosing to receive government benefits, or are a business or medical provider billing significantly to provide services in those programs, an exposure exists.  Some basic level of analysis for fraud and risk should be expected.

In fact, the better the analytics running such a program, the less intrusive it is on the consumer or business.  Banks operate the same way - the vast majority of our credit card transactions go through very easily, and we don't receive annual audits, because of good proactive detection operations and link analysis to connect people, locations and payments, along with looking at past patterns.  When something looks like an anomaly, we receive a phone call to verify a transaction.  Government can and should operate the same way - reduce the number of intrusive audits and investigations, handle most transactions seamlessly, use a light touch with early interventions, and then hit the real risks hard.

One of the critical paths to doing this well is sharing data across programs.  Seeing the view of an individual from the property they own, car they just licensed, business they own and comparing that to whether they should be receiving food stamps is critical.  Viewing provider networks to see when false billings for medical equipment are happening, or a grocery store is trafficking in foot stamp cards protect from much larger exposures.  This also protects the rest of us from being victims of identity theft for fraud of government benefits or false tax refund filings, which now generate 43% of all complaints from identity theft in the U.S.

Some positive steps are happening.  Earlier this year, the IRS announced a change that would allow matching of federal tax filing data with any program that receives even partial federal funding.  That benefits broad programs run by the states - everything from welfare to unemployment to Medicaid.  A change in federal rules went from prohibiting state Medicaid Fraud Control Units (MFCUs) from utilizing any form of data mining to detect fraud to specifically allowing it, and federal matching funds to cover 75% of the cost of doing so.  The fact that a prohibition ever existed on doing the right thing, as opposed to manual referrals from Medicaid staff or the public is so backwards, only government could have thought it up!

However, despite increasing support from the federal government and easing of rules, at the state level, privacy concerns and very strict interpretations of laws continue to hamper efforts to bring data together.  Some states have made more strides - Washington State uses an integrated business identifier, and employs sharing across a number of different agencies.  California has an integrated task force that not only shares data, but does joint enforcement actions.  A law passed there this year lets the data sharing go much further.

The key is for managers of agencies across the nation to see the value in minding the store, and push hard to follow the laws, protect data from breaches and public exposure while at the same time improving sharing to gain a broader and more accurate view of recipients of services.  Long-term, this can not only protect against fraud, waste and abuse, but also lead to providing the right mix of services to gain the best outcomes from programs at the lowest cost.  After all, that's why these programs exist in the first place, right?


About Author

Carl Hammersburg

Manager, Government and Healthcare Risk and Fraud

Carl Hammersburg manages the SAS Government and Healthcare Risk and Fraud team, and has been with SAS since 2012. Prior to that, he spent 20 years in anti-fraud activities for Washington State’s exclusive workers’ comp insurer, the Department of Labor and Industries. In 2004, Carl formed that agency’s comprehensive fraud program, covering tax and premium audit, claim investigation, provider fraud and collections. Data sharing and investigative partnerships with other State and Federal agencies, as well as driving public availability of information and awareness served as cornerstones to the anti-fraud activities of the program. During his stewardship, audit and investigative activities doubled and outcomes tripled, based on a focus on data mining and predictive analytics that improved efficiency and case selection. Program success under Carl’s leadership resulted in awards from two successive Governors of Washington State.


  1. Nicely written, in depth perspective Carl. I've written in the past (and I believe you and I have spoken) about the need for cross-organizational data sharing to combat fraud. The problem, as you suggest, is around privacy concerns. There ARE ways to alleviate this hurdle, but until government jurisdictions and Fortune 500 companies stop viewing fraud losses as a 'cost of doing business', the push for data sharing will be an uphill battle.

    • Carl Hammersburg
      Carl Hammersburg on

      Thanks for the feedback Doug. This is an issue we've discussed in the past, and your history as a pioneer in identity resolution as an approach to fraud prevention gives you unique insight on this issue, and finding appropriate balance. The "cost of doing business" is an accurate description, and one that cuts both ways. Individuals committing fraud are doing their own calculations of risk and rewards - a fraud ROI if you will. Increasing the risk of detection changes that calculation.

Leave A Reply

Back to Top