Methodology

This page describes how Zervio.ai identifies Medicare billing anomalies from publicly available data. Our methodology is based on established statistical techniques used in healthcare analytics and fraud detection research.

From Outlier to Theory: Why Statistics Alone Aren't Enough

Most healthcare fraud analytics platforms stop at identifying statistical outliers — providers whose billing deviates from peers. But courts have consistently held that statistical anomalies alone are insufficient to meet the plausibility standard required for False Claims Act litigation.

In recent federal court rulings involving statistical analysis of Medicare claims data, courts dismissed cases where the analysis showed only that providers were outliers, because the statistical patterns were "consistent with a legal and obvious alternative explanation." Conversely, cases with specific fraud theories — identifying particular billing codes inflated at particular facilities — have secured DOJ intervention and nine-figure recoveries.

Zervio.ai is built on this distinction. Our platform doesn't just find outliers — it constructs specific, court-viable fraud theories by:

  1. Identifying the specific codes and patterns that drive the anomaly, not just aggregate metrics
  2. Testing and ruling out innocent explanations before concluding an anomaly warrants investigation
  3. Mapping flag combinations to FCA provisions with explicit falsity, knowledge, and materiality elements
  4. Generating DOJ-ready output that anticipates what federal attorneys need to evaluate a case for intervention

Data Sources

All data used in our analysis is publicly available from U.S. government agencies. No proprietary, insider, or non-public data is used at any stage.

  • CMS Medicare Provider Utilization & Payment Data (Part B) — Per-provider, per-service billing records for 2021–2023. Includes service volume, beneficiary counts, and Medicare payment amounts by HCPCS code.
  • CMS Medicare Part D Prescriber Data — Drug prescribing patterns, claim counts, and costs by provider for 2021–2023.
  • CMS Open Payments (Sunshine Act) — Payments from pharmaceutical and medical device companies to physicians for 2021–2023.
  • HHS-OIG LEIE — List of Excluded Individuals/Entities maintained by the Office of Inspector General.
  • NPPES NPI Registry — National provider enrollment data including specialty, taxonomy, and practice location.
  • CMS Revalidation Reassignment Data — Maps individual clinicians to the group practices they bill under, including provider counts per group. Used to determine practice size and identify billing structure anomalies.
  • CMS Care Compare (Doctors & Clinicians) — National clinician enrollment file with group affiliations, member counts, credentials, and medical school data. Cross-validated against Reassignment data for practice size confidence scoring.
  • CMS Facility Affiliations — Links individual providers to hospitals and facilities via CMS Certification Numbers (CCNs). Used to validate facility-based billing claims.

Analysis Pipeline

Our platform processes data through a multi-stage analytical pipeline:

  1. Data Ingestion & Entity Resolution — Raw CMS data files are downloaded, parsed, and loaded into an analytical database. Fuzzy matching links excluded providers to their NPIs even when identifiers differ.
  2. Peer Group Construction — Providers are grouped by medical specialty and state to ensure comparisons are clinically and geographically meaningful. Groups require a minimum of 30 providers.
  3. Practice Size Enrichment — CMS Reassignment and Care Compare data are cross-validated to determine how many clinicians practice under each group NPI. When both sources agree (within 20%), the practice size is rated high confidence; when they diverge, the higher count is used conservatively. Billing volume is then normalized per provider, eliminating false positives where large group practices were previously flagged for aggregate volume.
  4. Statistical & Rule-Based Detection — Multiple billing metrics are computed and compared against peer benchmarks. Deterministic rules identify logical impossibilities. Volume-based checks are normalized by validated practice size.
  5. HCPCS Code-Level Analysis — Provider billing is decomposed to the individual procedure code level, comparing each code's share of total services against peer norms. This is where generic "high complexity" becomes specific: "bills 99215 at 78% vs 32% peer median while billing 99213 at 5% vs 38%."
  6. Alternative Explanation Testing — For each statistical flag, the system tests whether innocent explanations can account for the anomaly:
    • Is this an organization billing under a single NPI for multiple clinicians?
    • Is the anomaly consistent across all years (suggesting long-standing practice)?
    • Is this a new practice with expected rapid growth?
    • Is the provider facility-based (with inherently different billing norms)?
    • Does the HCPCS code mix suggest a narrow subspecialty focus?
    • Does a validated large practice size explain elevated aggregate volume?
    Each explanation is either ruled out (with reasoning) or flagged as a mitigating factor that reduces the evidence strength of the finding.
  7. Fraud Theory Mapping — Flag combinations are mapped to specific False Claims Act provisions. Each theory articulates:
    • Falsity: What specifically is false about the claims
    • Knowledge: What indicates the provider knew or should have known
    • Materiality: Why the government would not have paid if it knew the truth
  8. Machine Learning & Composite Scoring — Gradient-boosted and isolation forest models capture non-linear interactions. All signals are aggregated into a composite score with bonuses for specific fraud theories and HCPCS specificity, and penalties for unruled-out alternative explanations.

Detection Methods

Z-Score Peer Comparison

For each billing metric — payment per service, services per beneficiary, total volume, and high-complexity coding ratio — we compute z-scores relative to the specialty peer group within the same state. A z-score measures how many standard deviations a provider's value is from the peer mean. Providers with z-scores exceeding 2.5 on a single metric, or 2.0 across multiple metrics simultaneously, are flagged for further review.

HCPCS Code-Level Analysis

Beyond aggregate metrics, we analyze each provider's billing at the individual procedure code level. For every HCPCS code a provider bills, we compute the code's share of their total services and compare it against the peer distribution. This detects patterns like:

  • E&M upcoding pairs: Over-billing 99215 while under-billing 99213, indicating systematic code substitution
  • Code concentration: Anomalous reliance on specific high-payment codes
  • Missing codes: Absence of codes that peers routinely bill, suggesting services not being rendered or being billed under higher-paying codes

Rule-Based Anomaly Detection

Certain patterns are identified through deterministic rules:

  • Impossible hours: Billed service volume that implies more than 24 hours of work per day based on procedure time estimates
  • Exclusion list billing: Medicare billing activity by providers appearing on the OIG exclusion list
  • Billing velocity: Year-over-year billing growth that significantly exceeds peer growth rates, with disproportionate growth analysis (payment growing faster than services indicates upcoding rather than expansion)
  • Prescribing anomalies: Controlled substance prescribing rates significantly above specialty norms, with higher thresholds for pain management specialties
  • Kickback patterns: Correlation between industry payments (Open Payments data) and elevated prescribing of the paying companies' drugs, with temporal causation analysis

Practice-Level Fraud Detection

By cross-referencing CMS Reassignment, Care Compare, and Facility Affiliation data, we detect fraud patterns that are invisible to per-NPI analysis alone:

  • Shell groups: Organizations with very few documented providers but billing volume that implies a much larger clinical staff — a classic fraud mill pattern
  • Split billing: Individual providers reassigned to multiple group practices whose aggregate billing across all groups exceeds individual thresholds, suggesting volume is being distributed to evade detection
  • Ghost provider billing: Organizations billing Medicare with no documented reassigned individual providers — raising the question of who is actually rendering services
  • Facility affiliation anomaly: Providers billing predominantly from facility settings but with no facility affiliations documented with CMS, which may indicate billing at higher facility rates for office-based work
  • Practice size mismatch: Per-provider volume that still exceeds specialty thresholds even after normalizing by validated practice size — a higher-confidence flag because the practice size defense has been eliminated
  • Credential mismatch: Providers billing for services outside their credentialed specialty as documented in CMS enrollment records

Alternative Explanation Testing

This is what separates Zervio.ai from standard outlier detection. For each statistical flag, we systematically test whether innocent explanations could account for the anomaly. Explanations that cannot be ruled out reduce the evidence strength of the finding. This directly addresses the legal standard courts apply: moving from possibility of fraud to plausibility by demonstrating that obvious alternative explanations have been considered and eliminated.

Composite Risk Scoring

Individual anomaly signals are combined into a composite score (0–100) using a weighted model that incorporates:

  • Hard flag scores (exclusion billing, impossible hours, ghost patients)
  • Practice-level flags (shell groups, split billing, ghost provider billing, facility anomalies)
  • Z-score-based statistical contributions (capped per category)
  • Fraud theory bonus (+10–15 points for specific, articulated theories)
  • HCPCS specificity bonus (+5 points for code-level evidence)
  • Alternative explanation penalty (-5 per unruled explanation, capped at -15)

Providers are then assigned to tiers:

  • Priority (score ≥ 70) — Multiple strong anomalies with specific fraud theories
  • Watchlist (score ≥ 50) — Significant anomalies warranting detailed analysis
  • Flag (score ≥ 30) — Moderate anomalies noted for monitoring
  • Low (score < 30) — Minor or isolated deviations

Estimated Overpayments

Estimated overpayment amounts represent the mathematical difference between a provider's actual billing and the expected billing based on peer benchmarks. These are conservative estimates using the following approach:

  • Only excess above peer mean is counted (not total billing)
  • Peer benchmarks use same specialty, same state, same year
  • Services below peer threshold are excluded
  • Per-claim civil penalties ($13,946–$27,894 per false claim) are not included
  • No assumption of intent — estimates represent statistical excess only

Case Package Output

For priority-tier providers, the platform generates exhibit-ready case packages including:

  • Executive summary with estimated damages and relator recovery range
  • Statistical evidence with peer comparison charts
  • Fraud pattern analysis with full flag detail
  • Fraud theory & FCA provision mapping (falsity, knowledge, materiality elements)
  • Alternative explanations considered and their disposition
  • HCPCS code-level analysis tables
  • Damages methodology and conservative assumptions
  • Suggested DOJ discovery roadmap

Limitations

  • Statistical anomaly does not necessarily constitute fraud. Many anomalies have legitimate explanations — our alternative explanation testing addresses common ones, but cannot capture all clinical nuance.
  • Peer groups are based on specialty and state. Sub-specialty variation within broad categories may explain some deviations.
  • The analysis uses aggregate annual data, not individual claim-level records. Chart-level review is necessary to confirm any findings.
  • Estimated overpayment amounts are approximations based on peer deviation.
  • This analysis does not include patient acuity adjustment beyond what peer grouping provides.
  • The methodology is designed to minimize false positives while maximizing detection of genuine anomalies, but no statistical method is perfect.

Last updated 2026-04-07.