The Centers for Medicare and Medicaid Services (CMS) releases extensive datasets that are important resources for fighting fraud on the government healthcare programs—and they could be doing even more to make their data publicly available.
One dataset, Physician and Other Practitioners’ Services, shows a portion of Medicare Part B (which covers outpatient care) data for non-institutional (non-hospital) providers’ claims.  For 2021, this dataset detailed $91.5 billion paid to 1.1 million medical providers’ 2.5 billion claims.
Of the dataset’s 1.1 million providers, 879,659 are individuals. But some of these were paid more than others. CMS paid 5,689 individuals more than $1,000,000 each.
In 2021 CMS Part B paid for 6,253 distinct procedures. But it spent less than half of the $91.5 billion on 99.4% of the procedures (6,216 of 6,253), and the top twenty procedures received about 40% of all payments.
The most common Medicare Part B procedure claim was a comprehensive “evaluation and management” (E&M) office visit. CMS paid $8.4 billion for 79 million claims under this code. Further, this service and related E&M services (CPT Codes 99201-99215) totaled $17 billion, 19% of this dataset.
For each service, some providers are outliers. Outliers are not inherently fraudulent. Providers who billed substantially more, or more often, than the average provider might simply be the better or more popular, or may receive more referrals for a particular procedure reasons unrelated to misconduct or fraud. But outlier status sometimes suggests medically unreasonable or unnecessary claims. Whistleblowers and their lawyers have analyzed and synthesized CMS data to reveal anomalous and fraudulent claims.
There are several CMS datasets that can be used to identify potential fraud. For example, another Part B dataset detailing amounts paid for Durable Medical Equipment, Prosthetic, Orthotics and Supplies (DMEPOS). This shows $12 billion paid to 292,299 unique providers.
CMS used to release a shared patient data set, showing providers patient overlaps, which could reveal unusual and anomalous patterns. One way this dataset could be used is to identify providers who are located very far apart and are sharing patients with each other, which could indicate that the claims submitted for those patients are false or fraudulent. Unfortunately, CMS no longer releases this dataset—a step in the wrong direction for fraud-fighting.
Fraudsters of course would prefer that CMS not reveal their claims data, but these publicly available examples show that CMS datasets are indispensable to ensuring transparency and accountability. With Medicare data, whistleblowers and government investigators are better equipped to ensure that government healthcare spending is medically necessary and reasonable. Working together, CMS and whistleblowers expose more fraud.
 Generally, this dataset excludes hospital outpatient services, home health agency services, Durable Medical Equipment, Prosthetic, Orthotics and Supplies (DMEPOS). Further, to maintain confidentiality, the dataset also excludes claim-related information if a provider had 10 or fewer patients for a particular procedure. In 2021, this exclusion totaled $17.7 billion.
 We filtered from the definition of “individuals” provider types that contain the words Center, Laboratory, Clinic, Group, Facility, Pharmacy, Practice, Agency, Supplier, Biller, Ambulance, or Program.