Article | April 26, 2022

Is Your Compliance Program Ready for the Sophistication of the Department of Justice?

Government enforcement agencies have been developing expertise in utilizing data analytics to comb through the vast amounts of data that providers are submitting to the government to identify fraud waste in abuse.

This is well evidenced by the actions of the Department of Justice (DOJ).  In 2017, the DOJ created a specific Data Analytics Team within their Health Care Fraud Unit.1  In addition to analyzing trends within healthcare, the Data Analytics Team also provides the offices of the U.S. Attorney with analytics support, including case specific support.  Furthermore, the DOJ leadership has continued to express how the role of data analytics in developing cases.

The DOJ has expressly said that it analyzes data submitted to Medicare to identify fraud.  Acting Assistant Attorney General Brian M. Boynton explained in his remarks to the Federal Bar Association that the DOJ “has increasing been undertaking sophisticated analysis of Medicare data to uncover potential fraud schemes that have not been identified by whistleblower lawsuits, as well as help analyze and support the allegations that we do receive from such suits.” 2 (emphasis added)

Identifying Potential Fraud with Data

Government agencies have access to a trove of data submitted by providers and pharmaceutical and device manufacturers and are comparing these disparate data sets to identify potential fraud, with a focus on outliers.

  1. Medicare Parts A, B, C, and D, including DME, home health, SNF and hospice.
  2. Medicaid data, including prescription claims.
  3. Medicare and Medicaid provider and beneficiary information.
  4. Open Payments.

These data can be utilized to identify potential fraud both within a dataset and across data sets.  Over the past few years, I have seen an increase in the sophistication of the analytics by governmental agencies and which often times results in larger cases.

Some recent examples from my experience, as well as cases announced by the DOJ:

  1. Physicians that bill an uncommon code more often than normal, including unusually high amounts of a particular DME or drug, can be identified using claims data.
  2. Ancillary service providers (e.g., labs, pharmacies) that receive a large portion of referrals form certain physicians or set of physicians can be identified using claims data and provider information.
  3. Providers that provide care to patients that do not live geographically close by and providers that do not practice close to a frequently used lab can be identified using claims, provider and beneficiary information.
  4. Providers that diagnose and prescribe differently from other providers for the same patient can be identified using claims data.

Recently, the DOJ announced criminal charges against 14 defendants for alleged participation in a COVID-19 exploitation scheme involving telehealth and laboratory testing.3  You can view a simple infographic about the scheme here:

Having experience with these types of allegations, specifically in analyzing claims and other data as it relates to lab referrals for testing, I understand how claims, beneficiary and provider data likely played a role in identifying outliers.  Further, unrelated data was likely used to identity the flow of money between the various parties.

What this means for the Compliance Department?

As part of an effective compliance program, compliance programs should leverage the data they have to proactively identify potential fraud. The DOJ’s Evaluation of Corporate Compliance Programs Guidance (ECCP) provides guidance to prosecutors on evaluating compliance programs.  Imporantly, the guidance includes evaluating “Data Resources and Access” to ensure that the Compliance Departments “have sufficient direct or indirect access to relevant sources of data.” 4

Compliance programs can leverage analytics to sift through their own claims data to identify high-risk areas.  The Office of Inspector General’s (OIG) Audit Work Plan is an good place to start for high-risk areas identified by the Government.5  Compliance programs should review the targets of the Audit Work Plan and dig into the relevant regulations to determine how data can be mined in order to be proactive.

Dashboards with KPIs can be developed that measure and identify risk. Investing in an analytics project that utilized modern technology will streamline this process so that the Compliance Department can focus on investigating and mitigating the risk instead of focusing on data challenges.  Scripts can be developed to pull new data in as it becomes available, cleanse it, and then harmonize it with other data.  Data visualization tools provides quick dashboarding and an opportunity for further analysis to determine what might be driving risk for further investigation.

I also believe that with an effective analytics program measuring the correct KPIs and resources focused on investigating and mitigating risk, the Compliance Department transitions from a cost-center to a revenue generator through the protection of past and future revenue.


As one who has been known to “geek out” in data from time to time, I enjoy seeing analytics continue to play a major role in compliance.  I also appreciate that analytic tools have become robust enough that the analysis of disparate data sets is becoming more accessible.

While data is a good foundation to help prove a hypothesis, one must recognize that data does not provide context.  It does not inherently explain why there is an outlier or why there is a trend.  The context within the industry is important in order to understand if the outlier really is an outlier.  A good example is trending and identifying outliers related to COVID-19.  Normal curves and averages do not exist as benchmarks, therefore, what might seem like average could be considered high, even though not an outlier.

Providers may not be well-positioned to act on their data.  Although tools are better, analyzing disparate data is a challenge within itself.  By linking disparate data together, one can derive more meaning from the analytics.  The most time-consuming part of any data project is data engineering, which I lovingly call the art of cleansing, harmonizing and herding data cats.  However, this is a rabbit hole to be explored in a future article.


  1. DOJ Fraud Section Year in Review 2017:
  2. Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Federal Bar Association Qui Tam Conference
  3. DOJ Announces Coordinated Law Enforcement Action to Combat Health Care Fraud Related to COVID-19:
  4. U.S. DOJ ECCP:
  5. OIG Audit Work Plan Fiscal Year 2021:

Data problem?  Analytics?  Regulations?  Data privacy?  Humanity?  Coffee and talk?  You can reach me at or 312.933.2752.

Josh Leventhal is an expert in healthcare data and analytics and is Managing Director with Kohler HealthCare.  He has over 15 years of hands-on experience in healthcare data and analytics solving problems for providers, payers and life science organizations.  Josh started his career in management consulting analyzing data for the largest joint defense litigations in the country before applying his skills and expertise at local startups to assist the Medicaid a managed care organization and medical research industries.  His experiences as a consultant, product manager and developer allow him to work effectively with both business and technology stakeholders.