Why Healthcare Still Accepts Fraud Levels Other Industries Wouldn’t

Healthcare fraud losses remain orders of magnitude higher than what financial services would tolerate for comparable transaction volumes. In banking, sustained fraud measured in basis points triggers executive escalation, regulatory scrutiny, and rapid control changes. In healthcare, materially larger losses have historically been treated as an unfortunate but expected cost of doing business. In this column, I will examine the world of healthcare fraud in the U.S. and what can be done to tackle it.

Who am I

My first job out of college was managing fraud at Capital One, the credit card company and online bank, and my whole career since, spanning more than two decades, has been dedicated to fighting fraud. I have built effective fraud software solutions and led fraud analytic teams in the financial services industry, healthcare, and public sector across industry-leading firms, including Capital One, FICO, Accenture, Zelle, Mastercard and General Dynamics IT. 

Why Healthcare Fraud Matters

Reuters states that the total U.S. health care spending was estimated to be about $4.8 trillion in 2023, about $1.6 trillion of which was from private sector healthcare payers. The Association of Certified Fraud Examiners suggests that the fraud rate for U.S. healthcare is between 3%-10%, or between $144 billion-$480 billion per year.  Since its creation in 1965, the Centers for Medicare and Medicaid Services has overseen one of the largest financial systems in the world, and CMS (the Centers for Medicare and Medicaid Services) self-reports that fraud losses for Medicare in 2024 were around $57 billion per year.  

Already in 2011, CMS published an RFP soliciting leading fraud analytic solution providers to transform Medicare’s “pay-and-chase” fraud detection process to an analytics-enabled pre-pay fraud prevention capability to prevent payment on likely fraudulent claims.  While it received much press and national attention, Elon Musk and Donald Trump’s DOGE initiative can’t be credited for notable reductions in Medicare fraud.  In any event, DOGE’s efforts were focused more on the less obvious fraud and waste. Investments in analytics, program integrity, and private sector partnerships have driven real improvement since the growth of partnerships with private sector fraud solution providers starting in  2011. But even after that progress, healthcare fraud losses still dwarf those seen in other industries.

Within U.S. healthcare itself, the contrast between public and private payers adds another layer of discomfort. The U.S. public healthpayers Medicare and Medicaid are required to publish improper payment estimates, which include fraud, waste, and administrative error. Private insurers are not required to disclose comparable, standardized metrics. As a result, public programs appear to experience fraud rates that could otherwise be undisclosed at private healthpayers.  But transparency alone does not explain the difference. Structural factors continue to shape very different fraud economics across payer types.

Together, these gaps raise a harder question than how much fraud exists: why healthcare still accepts levels of fraud that other industries would never tolerate.

Acceptance Is the Real Outlier

Most fraud professionals understand that fraud will never reach zero, especially in a fraud-and-revenue optimized organization. The difference in fraud from one bank to another is ambition and risk appetite, but the difference between the financial services and healthcare industries is not necessarily ambition nor risk appetite; instead, it is fraud tolerance.

Commercial health insurers live under constant scrutiny from Wall Street analysts who expect clear answers when losses rise. Government health payers do not face that same pressure, although they should from their American taxpaying shareholders. The absence of market discipline does not mean fraud is ignored, but it does change how urgently losses are framed, how quickly corrective action is expected, and where that corrective action ranks against treatment of constituent healthcare beneficiaries.

In financial services, fraud is treated as an operational risk with clearly defined thresholds. Losses are measured continuously. When those thresholds are crossed, leadership reacts. Controls change. Customer-experience tradeoffs are reassessed. Fraud is not allowed to quietly blend into the cost structure.

Healthcare has historically operated differently. Fraud has often been framed as a compliance obligation, something addressed through audits, post payment reviews, and post-adjudicated enforcement actions months or years after the money has moved. That approach can recover marginal dollars, but it does little to change behavior at scale.

Complexity Changes the Fight

Healthcare claims are far more complex than financial transactions, making fraud harder to combat.  Whereas a credit-card swipe is binary: approved or denied, goods delivered or not, healthcare claims involve multiple parties, intricate billing rules, and clinical nuance absent in banking. That complexity slows investigators and gives fraud room to hide.

Complexity doesn’t justify high losses, but it partially explains why improved detection hasn’t produced widespread, lasting deterrence. 

The Economics Still Favor Fraud

Fraud does not decline simply because detection improves. It declines when the economics of committing fraud stops working.

In healthcare, many schemes remain profitable even when detection improves because payments are issued before full verification, recovery actions are delayed, penalties are inconsistent, and provider ecosystems are fragmented and loosely standardized.  In financial services, layered controls, real time interdiction, and shared intelligence make fraud expensive, unpredictable, and frustrating to sustain. 

Even though in many cases the same fraudsters are perpetrating fraud across both financial services and healthcare, the fraud prevention posture of the healthcare industry makes it still more attractive for the fraudsters.  The healthcare system is the perfect storm for fraud with its high-complexity and its weaker external accountability. 

What Healthcare Fraud Leaders Should Do Differently

Healthcare can’t just blindly copy the financial services industry as it has unique limits.  But key lessons do apply.

• Healthcare leaders should explicitly define loss tolerance, because if leadership can’t name an unacceptable level, too much is already accepted.
• Fraud controls need to be moved up in the claims payment process to make fraud decisioning affect whether a claim gets paid, before it gets paid.  Pre-payment checks add friction, but post-payment recovery is slower, costlier, and a weaker deterrence.
• Prioritize fraud as one of the core potential risks to profitability by placing fraud strategy beside cyber, operational, and financial risk, instead of being buried in recovery and audits.
• Take aim at the incentives for fraudsters, not just schemes they deploy.  By disrupting the business model for the perpetrators of healthcare fraud, healthcare leaders can deter crooks to other industries.

A Practitioner’s Closing Thought

Healthcare has gotten much better, and that matters to the American taxpayer. But despite improvements, healthcare still has a long way to go to equalling the fraud posture of the financial services industry.  As long as fraud losses in healthcare generate less alarm than similar losses elsewhere, tolerance will persist and continue to enable higher rates of fraud.  To put it into perspective, how would a bank react if their card-not-present card fraud rates were suddenly similar to Medicare fee-for-service fraud rates?