Reporting Healthcare Fraud and Abuse: Patient Guide

Healthcare fraud costs the United States an estimated $68 billion annually according to the National Health Care Anti-Fraud Association (NHCAA), and patients are frequently the first — sometimes the only — people positioned to spot it. This page covers the definitions, reporting mechanisms, common fraud patterns, and the distinctions that help patients decide when and where to act. Understanding patient rights and responsibilities in this context is foundational, because fraud isn't just a financial crime; it distorts care, delays legitimate treatment, and can land inaccurate information in a patient's permanent medical record.

Definition and scope

Healthcare fraud is an intentional act of deception for financial gain. Healthcare abuse involves practices that are inconsistent with sound medical or business operations — resulting in unnecessary costs to programs like Medicare or Medicaid — but without necessarily rising to the level of deliberate deceit. The distinction matters both legally and practically.

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services draws this line clearly: fraud requires intent, while abuse may reflect negligence, poor billing practices, or systemic errors. A provider who bills for a service that was never performed is committing fraud. A provider who consistently bills at a higher code level than the service warrants — possibly out of misunderstanding — may be engaging in abuse, which is still actionable but pursued differently.

Both categories fall under federal jurisdiction through two primary statutes: the False Claims Act (31 U.S.C. §§ 3729–3733) and the Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)). States layer additional statutes on top of these, particularly for Medicaid fraud, which is administered jointly at the federal and state level.

How it works

Reporting flows through several parallel channels, and patients can use more than one simultaneously.

1. Medicare and Medicaid: Report to the HHS OIG Hotline at 1-800-HHS-TIPS, or submit online. This covers fraud involving federally funded programs.
2. State Medicaid Fraud Control Units (MFCUs): Every state maintains a dedicated MFCU, typically housed within the state attorney general's office. The National Association of Medicaid Fraud Control Units (NAMFCU) maintains a state-by-state provider network.
3. False Claims Act qui tam provisions: A patient — or any private citizen — can file a qui tam lawsuit on behalf of the federal government. If the lawsuit succeeds, the whistleblower may receive between 15% and 30% of the recovered funds (31 U.S.C. § 3730(d)). These actions require an attorney and are filed under seal.
4. Private insurer fraud units: Each major insurer maintains a Special Investigations Unit (SIU). Reports submitted here trigger internal audits and may be referred to law enforcement.
5. State insurance commissioners: Applicable when fraud involves licensed insurance products rather than federal programs.

Accessing medical records and HIPAA-protected documentation is often the first practical step — a patient needs the actual billing codes, Explanation of Benefits (EOB) statements, and visit summaries to substantiate a report.

Common scenarios

Fraud patterns cluster around a recognizable set of schemes:

• Phantom billing: A provider bills for services, procedures, or visits that never occurred. Patients notice this when an EOB lists a date they weren't seen.
• Upcoding: The service rendered was a routine office visit (CPT code 99213), but the claim was submitted as a comprehensive evaluation (CPT code 99215), which reimburses at a higher rate.
• Unbundling: Procedures that should be billed together under a single code are split into multiple claims to inflate reimbursement. The American Medical Association's CPT guidelines define which services are bundled.
• Kickbacks: A physician refers patients to a facility or laboratory in which the physician has a financial interest, without disclosing that relationship. This is a frequent concern in care coordination services arrangements.
• Medically unnecessary services: Services are billed as medically necessary when the patient's diagnosis does not support them — a pattern that can appear in chronic disease management programs with high billing volume.
• Identity theft and credential fraud: A patient's insurance information is used to bill for services delivered to a different person, or services are billed under a provider who didn't treat the patient.

Decision boundaries

Not every billing error is fraud, and this distinction shapes how a patient should respond.

Billing errors are common — a 2022 analysis cited by the American Hospital Association found that coding errors appear in a significant share of hospital claims — and the appropriate first step is the patient grievance and complaint process at the provider or insurer level. A simple written dispute to the billing department, with supporting documentation, resolves the majority of these cases without escalation.

Suspected fraud, by contrast, warrants external reporting. The threshold: if a patient has reason to believe the discrepancy is intentional, recurring, or involves federal program funds, the OIG hotline is the appropriate channel. Retaliation against patients for reporting fraud is prohibited under federal law, and patient advocacy services can provide support through the reporting process.

The comparison that clarifies most situations: a provider who charges for a 45-minute visit that lasted 12 minutes may be upcoding — a reportable pattern. A provider whose billing system transposed two digits and generated a wrong code is making an error — correctable internally. The question is whether the pattern suggests intent or system failure, and whether it appears once or repeatedly across an Explanation of Benefits history.

Patients who have faced financial harm as a result of fraud may also qualify for patient financial assistance programs while disputes are pending, particularly in cases involving Medicaid or Medicare coverage gaps created by fraudulent billing.