Revenue Cycle Management (RCM) Companies: Exploiting Patient Data and Billing Codes for Profit
RCM-Related Fraud Schemes and Official Findings
Upcoding: Upcoding is the practice of billing for a more severe or expensive service or diagnosis than what was actually provided, in order to inflate reimbursement. For example, a routine office visit might be billed as a complex visit, or a minor diagnosis coded as a major complication. Upcoding has been flagged by regulators as a persistent problem. A 2021 HHS Office of Inspector General (OIG) analysis found hospitals increasingly billed inpatient stays at the highest severity level (nearly a 20% increase from 2014–2019) – a trend OIG warned was “vulnerable to inappropriate billing practices, such as upcoding”. OIG noted that over half of those high-severity claims were qualified by only one major complication or comorbidity, suggesting “billing at a level that is higher than warranted”. In response, OIG urged Medicare to target reviews at hospitals and diagnosis codes prone to upcoding. Upcoding is illegal under the False Claims Act (FCA) when it causes submission of inflated claims to government programs. In one FCA case, the Department of Justice (DOJ) intervened against UnitedHealth, alleging it “obtained inflated risk adjustment payments based on untruthful and inaccurate information about the health status of beneficiaries” in its Medicare Advantage plans. The whistleblower lawsuit contended UnitedHealth’s coding reviews added diagnoses to boost payments while ignoring evidence that certain diagnoses were invalid – thus “avoiding repaying Medicare monies to which it was not entitled”. This exemplifies how upcoding (whether by adding unsupported diagnoses or misclassifying severity) directly harms public programs.
Phantom Billing: Phantom billing (or “services not rendered”) refers to billing for tests, procedures, or supplies that the patient never received. This classic form of fraud can be perpetrated by providers or facilitated by complicit billing companies. For instance, the FBI describes phantom billing as submitting claims for a visit or equipment “the patient never received”, often as part of larger schemes. Phantom billing is common in Medicaid and Medicare fraud enforcement – e.g. durable medical equipment or home health agencies billing for ghost patients. In the context of RCM, an unscrupulous revenue cycle firm might not question implausible volumes of services on claims, thus enabling phantom charges to slip through. The tens of billions of dollars lost to health care fraud each year affect private insurers as well, not just government payers. Private insurance investigations have uncovered similar “ghost billing” schemes, though these are usually handled by insurers’ special investigative units or referred to law enforcement. The consequence of phantom billing is inflated costs for payers and patients – it raises premiums, and taxpayers foot the bill when Medicare/Medicaid funds are stolen. In sum, phantom billing is outright theft via false claims, and RCM companies are expected to have controls to detect such false charges – however, profit motives can conflict with rigorous self-policing.
Risk-Adjustment Upcoding (Medicare Advantage): A major RCM-driven exploitation involves risk adjustment coding in Medicare Advantage (MA) and other capitated insurance programs. Under MA, insurers (often with help from coding vendors) are paid more for sicker patients based on diagnosis codes. This creates a lucrative incentive to “improperly ‘upcode’ (exaggerate the sickness of patients)” by adding or inflating diagnosis codes. Multiple official investigations have exposed this behavior. The OIG and DOJ have highlighted that some MA organizations engaged in systematic additions of diagnoses to patient charts without proper support, purely to raise risk scores. In July 2021, the DOJ intervened in six FCA whistleblower lawsuits against Kaiser Permanente, alleging that Kaiser knowingly submitted inaccurate diagnosis codes to make patients seem sicker and overcharge Medicare. DOJ alleged these practices violated the False Claims Act by inflating MA capitation payments. In another high-profile case, Sutter Health (a large provider network) agreed in 2021 to pay $90 million to settle claims that it “overcharged the federal government by misrepresenting the health of patients” in Medicare Advantage. According to the settlement, Sutter had added unsupported diagnoses to patient records, resulting in higher payments – the largest FCA settlement to date involving a health system’s MA risk coding. These cases underscore how revenue cycle operations were leveraged to game risk scores for profit.
Official warnings make clear that falsifying risk data is illegal. In April 2022, the Centers for Medicare & Medicaid Services (CMS) issued a memorandum reminding MA insurers of their “existing… obligations to submit accurate risk adjustment data” and to delete any unsupported diagnoses. CMS bluntly stated that a diagnosis code not properly documented in the medical record “is not a valid basis for CMS risk adjustment payments”, and that misrepresenting enrollee health data “may result in Federal civil action and/or criminal prosecution”. This guidance came on the heels of a court decision upholding CMS’s authority to recoup overpayments when an MA plan fails to truthfully report (or correct) diagnosis codes. Despite these warnings, investigations show some RCM practices continue to prioritze revenue over accuracy. A whistleblower in 2024 alleged that Optum (UnitedHealth’s RCM and analytics arm) held meetings to “counsel nurses on how to incorporate additional medical conditions – and thus additional billing codes – from existing data on patient charts” in order to make patients appear sicker than they were. By mining charts for any possible diagnoses (even if irrelevant or resolved) and coding them, the MA insurer could “falsely make their patients look sicker” to trigger higher payments. Such tactics blur the line between aggressive coding and outright fraud, and they demonstrate how patient data is weaponized for profit.
Data Monetization and Unauthorized Use: Beyond billing codes, RCM corporations possess vast troves of patient data (medical histories, diagnoses, treatment and cost data). This data can be extremely valuable – for improving care efficiency, but also for commercial exploitation. There is growing concern over unauthorized monetization of patient data by RCM and health IT firms. One striking example arose from UnitedHealth Group’s attempt to acquire Change Healthcare (a leading health data clearinghouse and RCM technology provider). The DOJ sued in 2022 to block the $13 billion merger, warning that it would give UnitedHealth (via Optum) control over “a critical data highway through which about half of all Americans’ health insurance claims pass each year”. Regulators feared UnitedHealth could misuse competitors’ claims data – for example, by using insights about rival insurers’ patients or provider contracts to its own advantage. Although that merger ultimately went through after court challenges, the case spotlighted how consolidation in RCM puts sensitive patient billing data in one company’s hands, raising competition and privacy issues.
RCM companies have also been accused of repurposing patient data in ways patients never envisioned. In 2024, reports emerged that UnitedHealth’s Optum used patients’ insurance claims data to identify doctors’ lending needs – essentially flagging clinics with revenue shortfalls as targets to market Optum’s financial products. A congressional inquiry found UnitedHealth “is accused of using its proprietary insurance claims data about medical practices to flag prospective borrowers for Optum Bank”, potentially without consent. Such use of patient data (provided for care and billing) to drive unrelated profit streams blurs ethical lines and may violate privacy protections. The American Economic Liberties Project, in an April 2025 update, categorized this as a “patient privacy violation”, noting DOJ had previously sued UnitedHealth for misusing claims data. In short, RCM firms can leverage the detailed treatment and billing information they handle – not just for billing, but for analytics, marketing, or even trading advantages in healthcare markets. Selling de-identified patient data to pharmaceutical or tech companies is another revenue stream some RCM vendors pursue (often under the radar). While de-identified data sharing can be legal, questions arise when patients and providers are not made fully aware that their healthcare interactions are fueling a data marketplace.
Medicaid and Private Insurance Schemes: Although Medicare draws a lot of oversight, similar coding and billing exploitation occurs in Medicaid and private insurance. State Medicaid Fraud Control Units frequently uncover upcoding and phantom billing in Medicaid – such as providers billing for higher-complexity visits than occurred, or for services never rendered (e.g. transportation companies charging for non-existent rides, therapists billing for sessions not provided). Private insurers likewise suffer from upcoding and unnecessary billing, but these cases are usually handled contractually or referred to law enforcement under state fraud statutes. For example, a hospital or physician practice might upcode commercial insurance claims to maximize payouts (leading to higher premiums for employers and consumers). Federal investigators note that health care fraud “affects everyone – individuals and businesses alike” and is investigated across “both federal and private insurance programs”. In practice, schemes like unbundling (billing services separately that should be one package) or duplicate billing hit private insurers as well. However, because private insurance fraud isn’t always pursued under the False Claims Act (unless it involves a government-funded plan), such exploitation often goes underpublicized. The net effect is the same: RCM-driven abuses raise costs for the healthcare system at large.
RCM companies that serve both government and private payers may apply similar tactics across the board – for instance, an RCM vendor might encourage documentation habits that maximize billable codes for all patients, not just Medicare. In doing so, inappropriate billing can permeate all insurance types. A stark illustration is the home health software case U.S. ex rel. Schieber v. Homecare Homebase, where a billing software vendor allegedly programmed prompts to push providers to increase the number of visits if they were just below a reimbursement threshold. This kind of automated upcoding guidance could affect Medicare, Medicaid, or private cases equally. The court allowed that FCA case to proceed, suggesting that even software tools can be liable if they cause fraudulent claims. It highlights that RCM technology can institutionalize upcoding unless checked.
Major RCM Corporations and Their Political Influence (2015–2025)
The revenue cycle management industry is highly concentrated, and leading vendors have deep ties to both healthcare providers and payers. To understand how they might exploit the system, it’s instructive to examine their political and policy influence. Major RCM companies – such as Optum360 (UnitedHealth Group), Change Healthcare, Conifer Health Solutions (Tenet Healthcare’s affiliate), R1 RCM Inc., and Ensemble Health Partners – have deployed lobbying and campaign contributions to shape the regulatory environment in their favor. Below is an analysis of these key players and their influence:
Optum360 / UnitedHealth Group: Optum360 is part of UnitedHealth Group (UHG), the nation’s largest health insurer and a dominant force in health services. UHG leverages Optum (which includes Optum360 billing, Optum Insight data analytics, etc.) to maximize revenue from coding and data. UHG is correspondingly one of the top healthcare spenders on lobbying. It nearly doubled its federal lobbying outlays from about $3.09 million in 2015 to $7.52 million in 2024. In 2024 alone, UHG and its affiliates made $4.47 million in political contributionsto candidates and PACs. This largesse buys a seat at the table in policy debates on Medicare Advantage, coding audits, and data regulations. For instance, UHG (often through the industry lobby AHIP) successfully delayed CMS from extrapolating audit findings for years. UHG’s influence was evident when its subsidiary Optum spearheaded the controversial acquisition of Change Healthcare – a move opposed by hospitals and other insurers. UHG also funds think tanks and advocacy groups that promote Medicare Advantage (where upcoding has been an issue) and resist aggressive oversight. In Congress, UHG targets committees overseeing Medicare; its PAC donations have gone to key lawmakers in both parties. This spending correlates with policies favorable to RCM profits, such as relatively lax audit regimes prior to 2023 and the growth of MA enrollment (from which UHG benefits). In summary, Optum/UHG uses its political clout to protect the profitable status quo in billing and risk scoring practices.
Change Healthcare: Change Healthcare is a major health IT and RCM company that operates claims processing networks, billing software, and data analytics (it was partially owned by McKesson and then merged with Emdeon). Change has been at the center of policy battles over health data. In 2020 (before the UnitedHealth merger was proposed), Change Healthcare spent about $190,000 on federal lobbying under the category of health IT/Services. It also contributed to political campaigns (over $230,000 in the 2020 cycle) to build goodwill. Change’s lobbying likely focused on issues like claims data standards, interoperability rules, and antitrust concerns (once the Optum deal was in play). Indeed, Change and Optum combined mounted a significant lobbying campaign to win approval for their merger in 2021–2022, in the face of DOJ scrutiny. A major policy influence of Change was in shaping the conversation on data-sharing: Change executives argued that integrating claims data with Optum would “improve care,” whereas regulators feared anti-competitive misuse. Change Healthcare also has been involved in the pushback against new transparency requirements – for example, requirements to publicly release negotiated rates or to make claims data available to patients via APIs (which could disrupt their data monopoly). Though now absorbed into Optum, Change’s legacy influence is seen in how the “data highway” of claims remains largely opaque and controlled by a few entities. By investing in lobbying and by cultivating relationships (e.g. hiring former CMS officials as consultants), Change helped set the terms of debate on how far regulators can go in policing claims data usage.
Conifer Health Solutions: Conifer is the RCM subsidiary of Tenet Healthcare, a large hospital chain. Conifer handles billing and collections for Tenet hospitals and many other providers, managing $25+ billion in net patient revenue for clients (according to its reports). As an arm of Tenet, Conifer’s policy influence is often channeled through Tenet and the American Hospital Association (AHA). Tenet Healthcare itself consistently spends over $1 million annually on lobbying, often targeting Medicare payment rules and fraud enforcement policies. Through this, Conifer’s interests are represented in discussions on hospital billing regulations. For example, when OIG and CMS proposed tightening inpatient coding oversight (to catch upcoding of hospital stays), hospital companies including Tenet pushed back, arguing that higher severity coding reflected “sicker patients, not fraud”. Additionally, Conifer/Tenet lobby on Medicaid supplemental payment programs and Medicare bad-debt reimbursement – areas that intersect with RCM and collections. Conifer has also faced scrutiny indirectly: Tenet in 2016 paid over $500 million to settle a kickback scheme involving patient referrals (though not a coding issue, it showed willingness to bend rules for profit). In the late 2010s, Tenet considered spinning off Conifer, but regulatory and market conditions stalled that. Conifer does not have a well-known PAC of its own; however, Tenet’s PAC and contributions (nearly $2.3 million in the 2020 cycle, heavily to congressional leaders) ensure that policies around billing, audits, and data reporting favor large hospital systems. Notably, hospital industry lobbying helped delay the expansion of certain Medicare claim audits and tempered regulations like price transparency – outcomes beneficial to RCM operations like Conifer which prefer to keep billing practices in-house and less visible.
R1 RCM Inc.: R1 RCM is a pure-play, publicly traded RCM vendor that handles billing and revenue operations for numerous hospital systems (originally born out of the bankruptcy of Accretive Health). R1’s growth in 2015–2025 (through acquisitions of Intermedix, Revint, and Cloudmed) made it one of the largest independent RCM firms. Correspondingly, R1 began engaging in federal lobbying midway through this period. In 2023, R1 RCM spent $200,000 on federal lobbying, increasing to $280,000 in 2024. This was a notable rise for a company of its size, signaling its desire to influence policy on medical billing, telehealth reimbursement, and possibly data security standards. R1 RCM’s lobbying disclosures (available via OpenSecrets) indicate it hired lobbyists with government experience, and it focused on issues like Medicare payment models and price transparency rules (which affect how hospitals collect from patients). R1’s PAC and employees also contributed around $87,000 in the 2024 cycle(leaning towards healthcare-focused legislators and mostly to party committees). Policy influence: R1 has advocated for modernizing billing regulations (for example, supporting the use of technology in automating coding, and cautioning against overly punitive fraud penalties that might burden its hospital clients). It likely supported provisions in COVID-era legislation that provided hospitals relief funds and more flexible billing for telehealth. However, R1 has also been on the radar for potential compliance issues – a whistleblower case (U.S. ex rel. Graziosi) in the 2010s accused R1 of structuring its contracts as kickbacks (contingency fees for boosting revenue), though that case’s outcome is not public. In summary, R1 RCM’s increased lobbying suggests the RCM service sector is stepping up political engagement, possibly to influence Medicare billing rules, audit protocols, and to promote outsourcing of hospital revenue cycles as a positive efficiency.
Ensemble Health Partners: Ensemble is another major RCM firm, managing billing for health systems (it was affiliated with Mercy Health and backed by private equity). While not as large as R1, Ensemble grew rapidly in the late 2010s and even filed for an IPO. As a private company for much of this period, Ensemble’s direct political spending is harder to track (no publicly listed lobbying as of 2020, for instance). However, Ensemble’s leadership and investors likely work through industry groups like the Healthcare Financial Management Association (HFMA) and the Healthcare Business Management Association (HBMA) to influence policy. Ensemble often publishes guidance on regulatory changes – indicating an interest in shaping those rules. For example, Ensemble’s experts have commented on OIG fraud alerts (telehealth fraud, diagnostic billing scrutiny), advising providers how to mitigate risk (and thereby positioning Ensemble as a necessary partner). This thought leadership can be seen as a soft form of lobbying, aiming to align industry perspectives. Additionally, Ensemble’s private equity stakeholders have political connections; they want to ensure no regulations arise that would devalue their investment (such as drastic cuts to hospital reimbursement or a broad crackdown on collection practices). Thus, Ensemble likely has behind-the-scenes influence through hospital alliances and by responding to CMS proposed rules. By 2021, Ensemble was reportedly valued in the billions, which speaks to the market expectation that RCM companies will thrive under existing policies. It is in their interest to maintain relatively provider-friendly billing rules and to avoid patient-protective measures that could hinder collections (like strict limits on surprise billing or collections – though Congress did enact surprise billing legislation in 2020, RCM firms have since worked on compliance and carving out exceptions).
Collectively, these RCM companies and their backers form a quiet but powerful lobbying bloc. They often align with hospitals, physician groups, or insurers on issues of billing and coding. For instance, when CMS proposed expanded audits or stricter documentation requirements, RCM firms typically echoed the concerns of their clients that such measures were “burdensome” or “overzealous.” On the other hand, they have lobbied for policies that increase billing opportunities – such as extending Medicare coverage to more telehealth services (which, while beneficial for access, also opened a new arena prone to upcoding and fraud that RCM firms could capitalize on). From 2015 to 2025, lobbying records show healthcare service and HMO companies (which include RCM interests) spending roughly $100–120 million per year in Washington, a significant portion of which aims to shape how billing is regulated. Notably, the industry successfully pressed for delays in enforcing certain rules. A pertinent example: a CMS rule (first proposed in 2018) to extrapolate Medicare Advantage audit findings was stalled for years after intense lobbying and only finalized in 2023. Even when finalized, insurer lobbying groups (AHIP, backed by companies like UnitedHealth/Optum) decried it as “unlawful and fatally flawed” and hinted at legal action. This shows the lengths RCM stakeholders will go to protect lucrative coding practices.
Furthermore, RCM companies influence policy through political contributions at state levels. For example, UnitedHealth and Change Healthcare funded state lawmakers and Attorneys General, which can matter for Medicaid managed care oversight or for state approval of mergers. Conifer/Tenet and Ensemble’s hospital clients donate to state officials who oversee hospital billing transparency and debt collection laws. The result in many jurisdictions has been relatively lenient oversight of how patient bills are generated and pursued. Until recently, data on upcoding or overbilling was often only uncovered by whistleblowers rather than proactive audits, indicating the political environment favored by RCM firms – one with limited interference unless fraud becomes egregious.
In summary, RCM corporations have strategically invested in lobbying and PAC contributions to defend and expand their profit models. They have helped kill or water down reforms that might limit billing abuses, while promoting regulations that expand reimbursable services or delay stringent audits. This influence spans Medicare (e.g. risk adjustment policies), Medicaid (state payment systems), and commercial insurance (where they often argue against heavy-handed federal regulation of billing). The policy footprint of RCM firms from 2015–2025 is thus characterized by: slowing down anti-fraud enforcement, advocating for more coding opportunities, and quietly commoditizing the data under their stewardship.
Timeline of Key Events, Enforcement Actions, and Policy Changes (2015–2025)
| Date | Event |
|---|---|
| May 2017 | DOJ Intervenes in Upcoding Case: The U.S. Justice Department intervenes in a whistleblower lawsuit against UnitedHealth Group, alleging the company knowingly inflated Medicare Advantage risk codes to overcharge Medicare. DOJ’s complaint says UnitedHealth obtained payments using “untruthful and inaccurate” diagnoses and ignored invalid diagnoses found in coding reviews. This marks one of the first major federal fraud cases targeting MA upcoding by an RCM operation. |
| Nov 2018 | CMS Proposes RADV Audit Overhaul: CMS proposes a rule to use extrapolation in Risk Adjustment Data Validation (RADV) audits for Medicare Advantage, meaning sample audit findings of improper diagnoses would be applied to full plan populations. The proposal, aimed at clawing back large amounts of upcoding-related overpayments, faces immediate industry opposition, delaying its finalization. (Insurers argued extrapolation should not reach back to older years.) |
| Feb 2021 | OIG Warns of Inpatient Upcoding Trend: HHS OIG releases a data brief titled “Trend Toward More Expensive Inpatient Hospital Stays…”, finding that from 2014–2019 the highest-severity DRGs grew to nearly half of inpatient payments. OIG concludes that “stays at the highest severity level are vulnerable to inappropriate billing practices, such as upcoding”, and recommends CMS target audits at hospitals with these patterns. OIG presses for action, though CMS at the time does not immediately concur with new audits. |
| July 30, 2021 | DOJ Intervenes in Kaiser FCA Cases: The DOJ (Civil Division) intervenes in six FCA lawsuits against Kaiser Permanente affiliates for allegedly submitting false diagnosis codes in Medicare Advantage to inflate payments. DOJ alleges Kaiser pressured physicians to add diagnoses that patients did not actually have or that weren’t supported, in order to boost risk-adjusted reimbursement. This coordinated enforcement signals a broader crackdown on risk-score upcoding across the MA industry. |
| Aug 2021 | $90M Settlement – Sutter Health: California’s Sutter Health agrees to pay $90 million to settle a whistleblower FCA suit alleging it upcoded diagnoses for Medicare Advantage patients. DOJ called this the largest settlement with a hospital system over MA fraud. Sutter had implemented an RCM program that added high-value diagnosis codes (some unsupported by medical records); when a coder whistle-blew, the fraud was exposed. Federal officials tout this as a warning to providers and RCM vendors that falsifying patient acuity is punishable. |
| Feb 24, 2022 | DOJ Sues to Block Optum–Change Merger: The Justice Department files an antitrust lawsuit to prevent UnitedHealth’s Optum from acquiring Change Healthcare. DOJ argues the deal would give Optum access to competitors’ sensitive claims data for hundreds of millions of patients, creating unfair advantages. Regulators specifically highlight that UnitedHealth could exploit Change’s clearinghouse data to benefit its insurance arm and stifle innovation. (The case goes to trial in 2022; although DOJ loses and the merger proceeds, UnitedHealth is required to divest certain assets. The suit underscores official concern over RCM data concentration.) |
| April 15, 2022 | CMS Memo on Accurate Coding: CMS issues a guidance memo titled “Reminder of Existing Obligation to Submit Accurate Risk Adjustment Data.” Sent to all Medicare Advantage organizations, it reiterates that MA plans must delete or correct any unsupported diagnosis codes. CMS warns that any diagnosis code not backed by the medical record “is not a valid basis” for payment and that misrepresenting data “may result in…civil and/or criminal prosecution”. This memo comes after a court upheld CMS’s authority to recoup overpayments; it puts plans and their RCM contractors on notice that coding games will not be tolerated. |
| Apr–Sep 2022 | OIG Audits Find Widespread MA Overpayments: HHS OIG conducts audits of 9 different Medicare Advantage plans (findings released in its semiannual report) focusing on diagnoses deemed “high-risk” for upcoding. The audits uncover over $72 million in combined overpayments to those plans. OIG found diagnoses that either lacked support or were added in error, resulting in inflated risk scores. The report notes that MA plans have faced “allegations of upcoding members’ medical records to make them appear sicker” and receive more money. These audits bolster DOJ’s parallel efforts and foreshadow stricter audits to come. |
| Jan 30, 2023 | CMS Finalizes RADV Audit Rule: After years of delay, CMS finalizes the Risk Adjustment Data Validation rule to extrapolate audit findings for MA plans starting with payment year 2018. This means if an audit sample finds a certain error rate of unsupported codes, CMS can recoup improper payments from the entire plan. CMS expects this to recover ~$4.7 billion over a decade. Insurers and RCM advocates react with fierce opposition: AHIP’s CEO Matt Eyles calls the rule “unlawful and fatally flawed” and claims it will harm seniors. Despite pushback and even talks of litigation, the rule is set to take effect, significantly tightening oversight on MA coding. |
| Mar 2024 | Whistleblower Highlights Data-Driven Upcoding: A former executive in an Optum East physician group (part of UHG) goes public with allegations that Optum used analytics to find additional diagnoses in patient chartsand trained staff to code them, irrespective of clinical relevance. Internal documents show checklists and home assessments aimed purely at capturing more HCC (risk adjustment) codes. These claims, reported in media and an Examiner article, provide an inside look at how RCM strategies systematically optimize (or overstate) patient risk for profit. Optum denies wrongdoing, but the revelations fuel ongoing DOJ inquiries. |
| Jan 2025 | Investigations Continue – MA Coding: A Wall Street Journal investigation (published January 2025) finds that UHG and other large MA insurers routinely engaged in practices to “diagnose Medicare Advantage patients with conditions that made them more money” – including sending nurses to homes to find new diagnoses and giving doctors bonus checklists for adding codes. These findings mirror the whistleblower stories and suggest the issue is industry-wide. In response, Sen. Chuck Grassley and others intensify oversight. |
| Feb 21, 2025 | DOJ & Congress Scrutinize RCM Practices: The DOJ launches a new civil fraud investigation into UnitedHealth Group’s MA billing practices, investigating whether diagnoses were improperly boosted by its owned providers. On the same day, Senator Grassley sends UHG’s CEO a detailed letter demanding answers on its risk coding, citing concerns about “questionable diagnoses” driving up costs. This represents a culmination of years of mounting evidence and suggests potential further FCA actions. RCM companies, particularly Optum, face the possibility of significant penalties or mandated changes if findings confirm systematic fraud. |
(Table key: MA = Medicare Advantage; HCC = Hierarchical Condition Category risk code; RADV = Risk Adjustment Data Validation audit program; FCA = False Claims Act.)
Conclusion
Over the past decade, the profit motives embedded in revenue cycle management have led some RCM companies and their clients to exploit every angle – billing codes, diagnosis data, and patient information – to maximize revenue. Official audits and whistleblower cases uncovered practices like upcoding (billing higher rates than justified), phantom billing (charging for nonexistent services), and manipulation of risk adjustment codes (to inflate capitated payments). These tactics siphon funds from public programs and payers, undermining trust in the system. At the same time, RCM corporations have not hesitated to monetize patient data obtained through billing processes, raising alarms about privacy and competition when that data is aggregated at massive scale.
Policy responses have gradually intensified: OIG and DOJ enforcement picked up in the late 2010s, and by mid-decade (2020s) CMS has started tightening rules (e.g. extrapolated audits, requiring deletion of bad codes). However, the RCM industry’s formidable lobbying and political spending has often delayed or diluted reforms. With billions of dollars at stake in how diagnoses and bills are coded, companies like Optum (UnitedHealth), Change Healthcare, R1 RCM, Conifer, and Ensemble have cultivated influence to protect their revenue streams. They have advocated for looser oversight and broader billing opportunities, while pushing back on measures intended to curb abuse.
As of 2025, we see a landscape in which enforcement is catching up to long-known schemes: major settlements and ongoing investigations signal that upcoding and fraud will be pursued, especially in Medicare Advantage. New rules aim to recover more overpayments and deter future gaming of coding. Yet, the persistence of these issues – and the sophisticated lobbying against stronger oversight – suggests that RCM-driven exploitation will remain a challenge. Balancing efficient revenue cycle management with ethical compliance is crucial. Going forward, continued vigilance by regulators, empowered whistleblowers, and possibly new legislation (if industry self-policing falls short) will be needed to ensure that patient data and billing codes serve patient care, not just corporate profit.
Sources:
FBI – Common health care fraud schemes (upcoding, phantom billing)
HHS OIG – Data Brief on Inpatient Hospital Billing (Feb 2021), highlighting upcoding vulnerabilities
Becker’s Hospital Review – Summary of OIG audits finding MA upcoding overpayments (Dec 2022)
DOJ Press Release – U.S. joins whistleblower case vs. UnitedHealth (May 2017)
DOJ / HHS-OIG News – Intervention in Kaiser Permanente risk coding cases (July 2021)
Reuters – Sutter Health $90M settlement for Medicare Advantage fraud (Sept 2021)
DOJ Press Release – Antitrust suit to block Optum’s purchase of Change Healthcare, citing data concerns (Feb 2022)
CMS Memo – Reminder to MA plans on accurate risk data submission (Apr 2022)
Optum/UnitedHealth whistleblower allegations (Economic Liberties Project tracker, Mar 2024)
MedCity News – Insurer lobbying response to RADV final rule (Jan 2023)
OpenSecrets – Lobbying and contribution profiles (2015–2024) for UnitedHealth Group and R1 RCM
Wall Street Journal / Grassley letter reporting (Feb 2025) on ongoing investigations into MA upcoding.
