kolm
get started
health-insurance · templates · fraud-detector

Fraud, waste & abuse detector

A kolm template that analyzes claims and claim sequences for fraud, waste, and abuse risk. The detector flags upcoding, unbundling, duplicate billing, and impossible-day patterns; explains each anomaly; redacts PHI before any inference; and lets a SIU investigator re-verify the trail offline against a 4-ring receipt chain.

template id
fraud-detector
k-score gate
≥ 0.95
seed examples
14 anonymized
held-out eval
240 cases

Input & output spec

The detector takes one claim plus a window of recent provider history. It returns a structured risk verdict with flag types and per-flag explanations so SIU can prioritize the queue.

input

{
  "claim": {
    "claim_id":      "CLM_2026_0481923",
    "provider_npi":  "1234567893",
    "service_date":  "2026-05-09",
    "cpt_codes":     ["99214", "99213", "99212"],
    "billed_amount": 487.20
  },
  "provider_history_30d": {
    "claim_count":     412,
    "avg_per_day":     14.7,
    "unique_members": 87
  }
}

output

{
  "risk_level":    "high",        // "low" / "medium" / "high"
  "flags":         [
    "upcoding_e&m_99214",
    "unbundling_99213_99212",
    "impossible_day_volume"
  ],
  "explanation":   "3 simultaneous E&M codes for one visit. Same-day 99214+99213+99212 is mutually exclusive under NCCI.",
  "confidence":    0.97,
  "suggested_action": "hold_for_siu_review",
  "redaction_count":  2
}

4-ring receipt schema

Every FWA flag ships a receipt that an SIU investigator can re-verify offline. The chain proves the input claim + provider context, the rule-mapping, the decision, and the seal.

ring 01 · pre-image
claim_id + provider_hash + cpt_window
tenant-rotated HMAC
ring 02 · derived
rule_set_hash (NCCI + plan FWA rules)
rule_version bound
ring 03 · execution
risk_level + flags[] + confidence
judge_id signed
ring 04 · seal
SHA-256(ring1..3) · verify endpoint
offline-verifiable

Verify command: kolm verify --hash <receipt_hash>. Runs locally against the seal, no network required.

BAA fast-track

Health plans on a BAA see kolm production-ready in two business days. The customer-hosted bridge runs in the tenant network boundary; PHI is processed there and never crosses our infrastructure; the audit log is yours to keep.

how it works

# 1. Sign the BAA (legal-team turnaround)
[ DocuSign · 48 hours typical · mutual NDA in same envelope ]

# 2. Provision the bridge in your VPC
$ kolm bridge install \
    --provider aws \
    --region us-east-1 \
    --baa <baa-id>

# 3. Compile this template against your FWA seed examples
$ kolm compile --spec fraud-detector.spec.json \
    --examples ./your-fwa-anonymized.jsonl \
    --gate 0.95 \
    --out fraud.kolm

what we sign

- HIPAA Business Associate Agreement
- HIPAA Security Rule §164.308 (admin safeguards)
- HIPAA Security Rule §164.310 (physical safeguards)
- HIPAA Security Rule §164.312 (technical safeguards)
- Breach Notification §164.404
- Subcontractor flow-down (none — kolm holds no PHI)
- Audit-log retention (6 years, your S3 bucket)

Get the template

Two ways to take this live. Self-serve with the sample artifact, or kick off a BAA conversation if you need PHI day one.

Start with this template Talk to a human about BAA Download spec JSON

The spec is a portable JSON file. Drop it into kolm compile --spec with your anonymized seed examples to build a private .kolm tagged LicenseRef-kolm-default-1.0 by default; pass --license to tag it differently.

Five more templates for health plans

01 · template
claims-adjudication
02 · template
prior-auth-review
04 · template
member-support-triage
05 · template
risk-adjustment-coder
06 · template
provider-credentialing
index
all health-insurance