The Importance of Fraud, Waste, and Abuse Training in Healthcare

Posted By Steve Alder on Mar 31, 2025

Fraud, waste, and abuse training in healthcare is important to educate workforce members on federal laws and regulations designed to safeguard the integrity of publicly funded health programs. The training should not only cover the laws and regulations, but also how to identify and report violations and the consequences of non-compliance.

What is Fraud, Waste, and Abuse in Healthcare?

The Department of Health and Human Services (HHS) separates its definitions of fraud, waste, and abuse in healthcare to distinguish between activities that intentionally violate federal laws and regulations from activities that violate federal laws and regulations due to a lack of care, inefficiencies, and improper – but not intentionally improper – procedures.

Fraud in healthcare is intentionally submitting information to a health plan or health program that is false (including situations in which the perpetrator should have known the information was false) for personal or financial gain. Examples include falsifying claims, billing for services not provided, or misrepresenting diagnoses to justify unnecessary treatments.

Waste in healthcare lacks the intent to deceive but involves the inefficient or unnecessary use of resources. Waste can be due to poor planning, over-ordering, or redundant medical testing that provides little to no benefit. Examples of waste in healthcare include ordering excessive diagnostic scans and stockpiling medications that expire before they can be used.

Abuse in healthcare can – but doesn’t necessarily – involve fraudulent intent. Usually it entails practices that are inconsistent with sound medical or business standards that result in excess costs. Examples include upcoding (charging for a more expensive service than was provided) or performing procedures that exceed those considered clinically appropriate.

Healthcare Fraud is Not a Victimless Crime

Nobody knows the true scale of fraud, waste, and abuse in healthcare. Current dollar estimates range from 3% to 7% of total healthcare expenditure, which imply that in 2023 between $147 billion and $343 billion was lost to healthcare fraud, waste, and abuse. However, healthcare fraud is not a victimless crime. The losses are recovered through higher premiums for health plan members and employers, and higher federal taxes.

In addition, the consequences of healthcare fraud, waste, and abuse are not only financial. Patients can be the victims of deliberate misdiagnoses and unnecessary medical treatments. Inappropriate prescribing and care inequalities are also consequences. Significantly, trust in healthcare organizations can be eroded by the actions of just one individual, and this can impact patient compliance – potentially resulting in worse patient outcomes.

Patients can also be the perpetrators of healthcare fraud, waste, and abuse – either by allowing somebody else to use their identity to obtain healthcare services, or by obtaining prescription medication and illegally selling it. In a 2013 survey, 30% of medical identity theft victims said the theft occurred due to sharing insurance information with family members or friends, while more than ten thousand people die each year due to the misuse of prescription opioids.

What Should Fraud, Waste and Abuse Training Consist Of?

Fraud, waste, and abuse training should consist of an overview of the federal laws and regulations that safeguard the integrity of publicly funded health programs, how to identify fraud, waste, and abuse in healthcare, and how to report it. Fraud, waste, and abuse training should also cover the consequences to members of the workforce of non-compliance.

Healthcare FWA Laws and Regulations

The following laws and regulations have been enacted to protect publicly funded health programs from healthcare fraud, waste, and abuse (FWA) and are enforced by HHS’ Office of Inspector General (OIG). However, they can also be used to pursue criminal and civil actions on behalf of private health plans by the FBI, FTC, or coalitions of public and private agencies.

The False Claims Act

The False Claims Act allows the government to recover damages and penalties from suppliers that knowingly submit, or knowingly cause to be submitted, false or fraudulent claims. The Act protects the government from being overcharged, mischarged, or sold shoddy goods or services. Knowingly retaining an overpayment may also give rise to liability under the Act.

It is important to highlight during fraud, waste, and abuse training that the False Claims Act defines “knowingly” to include not only actual knowledge of a false claim, but acts in deliberate ignorance or reckless disregard of an unlawful activity (i.e., “should have known”). Consequently, healthcare organizations can be held liable for a false claim if they are considered directly or indirectly complicit in a workforce member’s unlawful activities.

The Civil Monetary Penalty Law

The Civil Monetary Penalty Law is similar to the False Claims Act inasmuch as it permits HHS’ OIG to bring criminal cases in the event of a false claim. However, it also permits HHS’ OIG to bring civil cases before an administrative judge when an individual or organization has engaged in fraud or other improper conduct in order to obtain HHS grants, contracts or other agreements.

The law can also be used by HHS’ OIG to combat waste and abuse if incorrect claims are submitted to publicly funded health programs due to a lack of care or improper procedures. For example, if an organization fails to report drug pricing information accurately, HHS’ OIG can impose a corrective action plan, a financial penalty, or – in the case of repeat offenders – exclusion from public health programs.

The Anti-Kickback Statute

The Anti‐Kickback Statute is a criminal law that prohibits the knowing and willful exchange, offer to exchange, solicitation, or receipt of anything of value in an effort to influence, induce, or reward the referral of federal healthcare program business. No payment (including in kind) is necessary to violate the Statute. Simply offering a kickback is sufficient to activate liability for a criminal violation.

Importantly in the context of fraud, waste, and abuse training, the Statute applies to both the individual offering (or paying) a kickback and the recipient. For example, if a diagnostic lab offers a physician $100 for each Medicare referral – and the physician accepts the kickback – both parties are in violation of the Anti-Kickback Statute. If a referral results in a claim for payment from Medicare, both parties are also liable under the False Claims Act.

Stark’s Law

Stark’s Law prohibits physicians from referring Medicare and Medicaid patients for “designated health services” to entities with whom the physician or an immediate family member has a financial relationship. For example, under Stark’s Law, a general physician is prohibited from referring a patient to a physical therapy office owned by his wife.

Additionally, all entities are prohibited from presenting – or causing to be presented – claims to Medicare or Medicaid for referred services that violate Stark’s Law. There are multiple exceptions to this law when certain conditions are met, and the referral is in the patient’s best interests. For example, self-referrals and referrals to family members are often permitted in rural areas when no other treatment options exist.

How to Identify and Report Violations

The processes for identifying and reporting violations can vary depending on whether a violation occurs internally (workplace colleague, administrator, etc.) or externally (supplier, patient, etc.). Each organization needs to ensure that all workforce members are told how to identify and report each type of violation during fraud, waste, and abuse training in order to mitigate the impact of unlawful activities.

To guide organizations on what information should be provided during fraud, waste, and abuse training, HHS has produced a list of internal “red flags” workforce members should look out for. When identified, these should be reported to the organization’s Security Officer – or can be reported directly to HHS OIG, where the opportunity exists to report violations of healthcare fraud laws anonymously.

Issues with documentation include:

• Abnormal billing patterns indicating overutilization of services.
• Entering incorrect procedures on medical charts and in EHRs.
• Listing incorrect or unnecessary expensive medications.

Changes in attitudes or performance include:

• Unreasonable explanations and annoyance when questioned.
• Deviation from standard practices or decrease in quality of work.
• Preventing full transparency on issues regarding expenses.

Financial red flags include:

• Unexplained spending beyond one’s income.
• Use of several bank accounts or frequent changes of bank accounts.
• Shifting costs or remittances from one bank account to another.

With regards to reporting external violations by suppliers, it can be beneficial to explain the “qui tam” process during fraud, waste, and abuse training – especially if an organization runs a program that supports qui tam whistleblowers. Preventing external violations by patients can be resolved by implementing identification processes beyond those recommended by the Joint Commission – for example, at least one form of photo ID.

The Consequences of Non-Compliance

In addition to the consequences of non-compliance discussed above (“Healthcare Fraud is Not a Victimless Crime”), it should be explained to workforce members during fraud, waste, and abuse training how the consequences of non-compliance can affect them personally. This is because, unlike penalties for HIPAA violations which are applied to an organization, penalties for violations of healthcare FWA laws and regulations can be applied to individuals.

For example, civil financial penalties per False Claims Act violation range between $13,946 to $27,984 (as of February 2024) plus – if a false claim is paid before the fraud is identified – three time the amount(s) claimed. Criminal financial penalties for violations of the False Claims Act can go up to $250,000 for individuals or $500,000 for organizations. In addition, individuals convicted of a felony violation can face up to five years imprisonment per violation.

HHS’ OIG also has the authority to exclude individuals and organizations from participating in publicly funded healthcare programs. Individuals convicted on a felony healthcare fraud charge are automatically added to the OIG’s Exclusion List, and this means they cannot be employed by, or provide goods or services to, a healthcare provider that participates in a publicly funded healthcare program. In most cases, a healthcare professional will also lose their license to practice.

Who Is Responsible for the Provision of Fraud, Waste, and Abuse Training?

Most healthcare providers that participate in publicly funded healthcare programs are required to provide fraud, waste, and abuse training to all members of the workforce (including senior management and governing body members). Training must be provided on appointment and at least annually thereafter (see 42 CFR §422.503(b)). The HIPAA Journal is the leading provider of FWA training, HIPAA training, and OSHA training in the healthcare sector.

While basic fraud, waste, and abuse training must be provided to all members of the workforce, additional specialized or refresher fraud, waste, and abuse training may be required when a workforce member’s job function or the business setting is particularly exposed to risks of fraud, waste, or abuse. It is up to each organization’s compliance officer to determine where the risks exist and what type(s) of fraud, waste, and abuse training is required.

Healthcare providers and first tier, downstream, or related entities that are not required by regulation to provide fraud, waste, and abuse training are advised to conduct a risk analysis to identify any areas of their operations that may be exposed to FWA violations. If the analysis identifies risks, threats, or vulnerabilities, organizations should speak with a healthcare compliance professional to seek assistance with developing a healthcare compliance program.