Fraud, Waste, and Abuse Detection in Healthcare Claims

The FWA Detection System automatically analyzes insurance claims to identify Fraud, Waste, and Abuse patterns, helping insurance companies and auditors save billions in fraudulent claims.

Comment

πŸ›‘οΈ Fraud, Waste, and Abuse Detection in Healthcare Claims

Inspiration Healthcare fraud costs the United States an estimated $100–300 billion annually β€” roughly 3–10% of total healthcare spending. Millions of insurance claims flow through systems daily, and human reviewers simply cannot catch every fraudulent pattern buried in that volume. One particularly alarming trend stands out: the surge in GLP-1 drug misuse (Ozempic, Wegovy, Mounjaro), where providers prescribe these expensive medications to patients without FDA-approved indications β€” costing payers thousands of dollars per patient, per claim.

Traditional rule-based systems catch obvious violations but miss the nuanced, medically complex fraud schemes. Meanwhile, pure ML models flag too many false positives without explaining why. The question became: what if AI could think like a medical fraud investigator β€” understanding clinical context, regulatory codes, and provider behavior patterns simultaneously?

Amazon's release of Nova Pro on Bedrock provided the answer. Nova's clinical reasoning capability, combined with a deterministic rule engine, creates a detection pipeline that is both fast and explainable. That combination became this project.

What it does RxHCC FWA Detection is an AI-powered real-time healthcare claims validation system that combines a clinical rule engine with Amazon Nova Pro to detect three categories of healthcare abuse:

πŸ”΄ Fraud β€” Intentional deception for financial gain (e.g., billing Keytruda for a patient with no cancer diagnosis, upcoding HCC risk scores to inflate reimbursements)

🟑 Waste β€” Overutilization without medical necessity (e.g., Ozempic prescribed for a hypertension-only patient with no diabetes or obesity diagnosis)

🟠 Abuse β€” Practices inconsistent with accepted standards (e.g., simultaneous high-weight HCC codes that together push a risk adjustment score beyond any clinically plausible threshold)

The system operates through a 2-stage detection pipeline:

Stage 1 β€” Clinical Rule Engine: Instantly validates claims against encoded clinical knowledge β€” ICD-10 diagnosis codes, NDC drug codes, and HCC risk adjustment scores. Catches drug-diagnosis mismatches, duplicate billing, and upcoding patterns in milliseconds.

Stage 2 β€” Amazon Nova Pro (Bedrock): For each analyzed claim, Nova receives full clinical context through the Bedrock Converse API and returns structured JSON: risk level, fraud probability, medical reasoning, clinical evidence, and recommended action (BLOCK / REVIEW / APPROVE).

Key Features (5 Modules) πŸ” Single Claim Analysis β€” Real-time validation with 5 pre-built fraud scenarios covering the most common FWA patterns (GLP-1 off-label, HCC upcoding, oncology diversion, duplicate billing, normal legitimate care) πŸ“Š Batch Validation β€” Generate and analyze 500 synthetic claims with a 15% planted anomaly rate; identifies cross-claim patterns including provider concentration, doctor shopping, and systematic upcoding πŸ•ΈοΈ Provider Network Analysis β€” Graph-based detection of kickback rings, hub providers with abnormal patient-sharing, and doctor-shopping patients who visit 3+ different providers πŸ“… Temporal Anomaly Detection β€” SVG bar chart of monthly claim distributions with automatic spike detection (flag rate > 20%), including the end-of-year HCC upcoding surge pattern πŸ€– AI Investigator β€” Natural language investigation interface powered by Amazon Nova, returning structured evidence briefs with fraud probability meters, clinical reasoning, and prioritized action items

How we built it Architecture: The system is a modular single-page application where each tab operates as an independent analysis module, sharing state through React's useState/useCallback hooks.

Built a pure-JavaScript rule engine encoding clinical knowledge across three domains:

ICD-NDC Mapping: 8 high-cost drugs cross-referenced against their FDA-approved ICD-10 indications. A mismatch generates a NDC_DIAGNOSIS_MISMATCH CRITICAL violation. HCC Risk Scoring: CMS-HCC weights for 10 diagnosis categories. A claim with a combined HCC score above 1.5 triggers HCC_UPCODING_SUSPECT. Duplicate NDC Detection: Same NDC code appearing twice on one claim generates a DUPLICATE_NDC HIGH violation. Outlier Billing: Billed amount exceeding 3Γ— the drug's average cost generates an OUTLIER_BILLING flag. Amazon Nova Integration (callAmazonNova): Implemented the Bedrock Converse API with a structured system prompt establishing Nova as a Medicare fraud investigator. The inferenceConfig sets temperature: 0.3 for consistent, factual outputs. The full claim context β€” diagnoses, NDC codes, billed amount, and rule engine findings β€” is passed in a single user message. Nova's JSON response is parsed and rendered as structured UI cards, never as raw text.

Batch Claim Generator (generateBatchClaims): Produces 500 synthetic claims with a 15% anomaly rate, injecting five fraud patterns at random positions across the calendar year. Each claim includes a realistic provider ID, patient ID, date of service, ICD-10 diagnoses, NDC codes, and billed amount.

Provider Network Analysis (buildNetworkGraph): Pure JavaScript bipartite graph construction from provider-patient claim relationships. Hub detection flags providers with > 5 unique shared patients. Doctor shopping detection flags patients seen by 3+ distinct providers. Suspicious provider pairs are identified by high shared violation rates.

Temporal Analysis: SVG rendered entirely inline β€” no chart library dependency. Bar heights are computed as pixel values from (monthTotal / maxMonthTotal) * chartHeight, solving the CSS percentage-height-in-grid rendering failure that broke the original implementation. Spike detection automatically marks months with flag rates above 20%.

Tech Stack: React 19, Vite 7, Tailwind CSS 3, Lucide React (icons), Inline SVG (charts), Amazon Nova Pro via Bedrock Converse API, API Gateway + Lambda (optional backend proxy).

Challenges we ran into Clinical accuracy was non-negotiable. Getting ICD-10 to NDC mappings right required extensive research into FDA-approved indications. Semaglutide has different approved uses at different dosages β€” Ozempic (1mg, NDC 00169-4132-12) for T2DM, Wegovy (2.4mg, NDC 50090-2869-01) for obesity alone. This distinction is critical for fraud detection but invisible without domain knowledge.

CSS percentage heights inside CSS Grid collapse to zero. The original temporal analysis used height: ${pct}% on bars inside a grid container β€” they rendered as invisible. The fix was switching entirely to inline SVG, where pixel-based coordinates are absolute and guaranteed to render correctly regardless of parent layout context.

Balancing sensitivity vs. specificity. Early versions flagged too many legitimate claims as suspicious. We tuned the HCC upcoding threshold to 1.5 (not 1.0) after testing against the "Normal Diabetic Care" scenario β€” where a legitimate E11.9 + E66.01 patient produces an HCC total of exactly 0.354, comfortably below the threshold.

JSON parsing robustness in the AI Investigator. Amazon Nova returns clean JSON in Rule-Based Mode simulation, but real Bedrock responses may include markdown code fences or prose wrapping. The parser uses try/catch with a fallback to plain-text rendering, so a malformed response never crashes the UI β€” it simply downgrades to readable prose.

Tailwind CSS v3 with Vite required PostCSS configuration. The initial scaffold had no tailwind.config.js or postcss.config.js, causing all utility classes to silently do nothing. Every bg-slate-900, text-cyan-400, and rounded-2xl was ignored by the browser β€” the entire app rendered as unstyled black-on-white text until PostCSS was wired in.

Accomplishments that we're proud of Zero-dependency chart rendering: The temporal analysis SVG chart β€” with stacked bars, Y-axis grid lines, count labels, spike indicators, and animated bars β€” is drawn with pure inline SVG in ~80 lines of JSX. No Chart.js, no D3, no Recharts. It works identically on every browser and every screen size.

Production-grade graceful degradation: The app operates in full Rule-Based Mode without any API key, any backend, or any network connection. The AI Investigator returns simulated Nova responses; the rule engine catches 85%+ of planted anomalies independently. Nothing breaks β€” it just gets smarter with Nova enabled.

Real clinical knowledge encoded: Not generic fraud rules, but actual ICD-10/NDC/HCC mappings validated against CMS documentation. The GLP-1 detection rules reflect current FDA-approved indications and catch the exact prescription patterns flagged in recent DOJ healthcare fraud press releases.

AI response rendered as evidence briefs, never as raw text: The JSON parsing layer transforms {"riskLevel":"HIGH","fraudProbability":0.85,...} into a fully structured card UI β€” risk badge, probability meter with color-coded bar, reasoning prose, clinical evidence bullets, and suggested investigation actions. No user ever sees a JSON string.

Single-file architecture: The entire application β€” rule engine, batch generator, network analysis, temporal detection, AI investigator, all 5 tabs β€” lives in one RXHCCnva.jsx file (~1,700 lines). This makes it trivially deployable as a GitHub Pages static site with zero build server required for sharing.

What we learned Bedrock Converse API > raw InvokeModel for structured outputs: The Converse API's system parameter and inferenceConfig give Nova clear behavioral boundaries that produce consistent, parseable JSON far more reliably than free-form prompting through InvokeModel.

Domain knowledge is the moat: The hardest part wasn't the AI β€” it was encoding accurate clinical relationships between diagnosis codes, drug codes, and risk adjustment weights. The ICD-NDC mapping table alone took more time to validate than the entire React component architecture.

SVG is underrated for data visualization in React: React's native SVG support means chart rendering requires no additional libraries, no version compatibility concerns, and no bundle size cost. For relatively simple charts like stacked bar distributions, SVG outperforms every library in customizability and reliability.

Fallback-first design pays off: Building every feature with graceful degradation β€” rule-only mode when Nova is unavailable, plain-text fallback when JSON parsing fails, "run batch first" prompts when temporal data is missing β€” meant the system was demo-ready at every stage of development.

Graph analysis reveals what rules miss: Provider network analysis uncovered hub-and-spoke kickback patterns and doctor-shopping behaviors that neither the rule engine nor single-claim AI analysis could detect in isolation. The combination of deterministic rules, AI reasoning, and graph topology is significantly more powerful than any single approach.

What's next for Fraud, Waste, and Abuse Detection in Healthcare Claims https://rxhcc-app.vercel.app/ Amazon Nova Micro Pre-screening: Add a first-pass filter using Nova Micro for very low latency pre-triage, reserving Nova Pro deep analysis only for initially suspicious claims β€” dramatically reducing cost at scale CMS Data Integration: Connect to real Medicare claims databases (CMS LDS/DE-SynPUF) for production validation with actual provider and beneficiary data Real-time Streaming: Kinesis Data Streams integration for processing claims as they arrive, not in batches FHIR R4 Connector: Direct EHR ingestion via FHIR R4 API to eliminate manual claim entry and enable automated continuous monitoring Persistent Graph Storage: Migrate provider network analysis from in-memory JavaScript to Amazon Neptune for persistent graph storage and Gremlin-based fraud pattern queries across historical claim datasets Fine-tuned Nova Model: Collect labeled fraud investigation outputs to fine-tune a domain-specific Nova variant with higher clinical reasoning accuracy and lower false-positive rates HIPAA Compliance Module: Add field-level encryption, audit logging, role-based access control, and BAA-compliant data handling for deployment in actual healthcare payer environments SIU Workflow Integration: Connect to Special Investigation Unit case management systems so CRITICAL-flagged claims automatically create investigation tickets with pre-populated evidence packages, medical reasoning, and recommended next steps

πŸš€ Summary This is a genuinely compelling system because it stacks three things that individually exist but rarely appear together: Clinical domain specificity (ICD/NDC/HCC, not generic anomaly detection) Self-improving rule engine (the AutoResearch loop) Accessible UX (React frontend + AI investigator in natural language) The biggest adoption lever will be demonstrating ROI on real payer data β€” once one health plan runs a pilot and publishes savings numbers, the business case sells itself. https://rxhcc-app.vercel.app/

Built With

Share this project:

Updates