Like most of us, William Murphy dreads calling health insurance companies. They route him onto a rollercoaster of irrelevant voice menus, and when he finally reaches a human, it’s a customer service rep who has no idea what he’s talking about. Then it can take days to hear back, if anyone responds at all.

The thing is, Murphy isn’t a disgruntled patient. He prosecutes medical fraud cases for the Alameda County District Attorney’s Office in Oakland, California. And when he calls insurers, he’s in pursuit of criminals stealing from them and their clients. But, he said, they typically respond with something akin to a shrug. “There’s no sense of urgency, even though this is their company that’s getting ripped off.”

It’s not just Murphy. I called health care fraud prosecutors across California to ask what insurers were doing to help bring cases against those plundering health care dollars. More than one simply burst out laughing. “Not much,” one prosecutor said.

It seems counterintuitive. Escalating health care costs are one of the greatest financial concerns in the United States. And an estimated 10% of those costs are likely eaten up by fraud, experts say. Yet private health insurers, who preside over some $1.2 trillion in spending each year, exhibit a puzzling lack of ambition when it comes to bringing fraudsters to justice.

Like much of what happens behind the scenes in the health insurance industry, the insurers’ tepid response to fraud typically goes unexamined. But this year, I dove into the crazy tale of a Texas personal trainer who didn’t have a medical license but was easily able to claim he was a doctor and bill some of the nation’s most prominent health insurers for four years — walking away with $4 million. David Williams, who was also a convicted felon, discovered stunning weaknesses in the system: that when he applied for a National Provider Identifier, the number required to bill health insurance plans, no one would verify whether he was a doctor; and that when he billed insurers as an out-of-network “doctor,” they wouldn’t check either and would keep paying him even long after they learned of his fraud. He was later convicted of health care fraud and is now in federal prison.

Williams’ scam raised the eyebrows of even my most jaded health care sources. It prompted a half-dozen Democratic senators to write to the federal agency that administers the NPIs and ask what it was doing to plug the “loopholes.”

But it also got me thinking: As journalists, we are peppered with press releases touting the fraud enforcement successes in Medicare and Medicaid, the government health plans. The federal Department of Justice and state Medicaid Fraud Control Units file thousands of criminal and civil cases a year (and still are accused of not being as aggressive as they could be). Clearly, their goal is to let folks know they will be prosecuted.

But we rarely hear about the fraud enforcement efforts of private health insurers. These companies manage the plans of about 150 million Americans who get their health benefits through their employers. They’re sitting on a massive trove of claims data that can help identify scammers, and problems are routinely flagged by their members. And experts, including investigators who once worked for the insurers, tell me there’s rampant fraud against the private plans.

The bottom line is significant: If a con artist, or a corrupt medical professional, makes off with health care dollars, those losses are not necessarily the insurers’. They will be passed on to people covered by the plans in the form of higher monthly premiums and out-of-pocket costs as well as reduced benefits.

So, what’s up?

I wasn’t going to find out from the insurers. Aetna, Cigna, UnitedHealthcare and others ignored or refused my many requests to interview their fraud investigators or responded with assurances about their fraud-fighting efforts, with few specifics.

A United spokesperson said I couldn’t speak to a fraud investigator because “we do not want to make information public that would make it easier for those intent on engaging in fraud to commit these crimes.” She said the insurer uses analytics to flag potentially fraudulent billing and, in some cases, physically verifies that medical offices exist.

With that scant response, I plunged into the daunting thicket of agencies that are supposed to oversee the fight against health care fraud, each divided by region and responsibility. I contacted insurance regulators in every state and interviewed more than 50 other experts, including prosecutors, claims analysts and a dozen former investigators for the internal fraud units of private insurers.

What I found has troubling implications, especially for employers and workers who get their health plans through the big insurers. Far from being fierce guardians of your health care dollars, experts told me, the big-name insurers — who sell their own plans or are paid to manage employers’ — pick and choose their battles. And, for a variety of reasons, fraud is not a top priority.

---

California is known for sunshine, surf and health care scams. It’s so rife with suspicious bills and kickbacks that the feds based a Medicare Fraud Strike Force in its ground zero for schemes, Los Angeles. The state’s Medicaid Fraud Control Unit in the attorney general’s office is among the busiest in the nation.

With almost 40 million residents, California is also one of the largest markets for commercial health insurance in the country. Commercial health insurers covered about 14.4 million Californians in 2018. If there’s anywhere private health insurers should be beating back fraud, flagging suspicious cases and referring fraudsters to the authorities, it’s the Golden State.

Like any rip-off, there are two ways to publicly hold perpetrators accountable and deter others: Prosecute them or sue to recoup the money. I called the district attorneys’ offices in California’s 14 largest counties, which cover about 80% of the state’s population, or 32 million people. How often, I asked, did a fraud case referred by a commercial health insurer lead to criminal charges in 2017 and 2018?

All told, prosecutors in those counties filed charges in just 22 such cases in the two years.

To put that record in context, take a look at the state’s Medicaid program, which covers about 13 million low-income people. During fiscal 2017 and 2018, the program’s fraud unit filed criminal charges against 321 fraudulent medical providers. It garnered 65 civil settlements and judgments and recovered more than $93 million, according to the state attorney general’s office.

A rigorous search for civil lawsuits filed by private health insurers over fraud in California turned up just one case in 2017 and 2018. Experts said insurers rarely sue over fraud because of the high cost of litigation.

I asked the commercial insurers in California for the case numbers of any civil lawsuits they’d filed in those years. Most didn’t respond. United said it had filed “more than a dozen civil arbitrations and lawsuits across the country” over “the past couple of years.” It included a list of four lawsuits in which the company won, or is seeking, tens of millions of dollars from medical providers. That’s not reassuring. United is a behemoth with more than $226 billion in revenue in 2018. Yet it only rarely pursued reimbursement in court.

I called up a former federal fraud prosecutor who’d worked with both Medicare and private insurers. He said my calls to the prosecutors exposed alarming differences in the way fraud is enforced in the private and government health plans. The Medicaid fraud units are “staffed and actively engaged,” said Michael Elliott, who ran about 100 fraud investigations when he worked for the Department of Justice in Texas from 2008 to 2015.

Private insurers, he said, simply don’t make fraud enforcement a big enough part of their mission. “At the end of the day, it shows their priorities are elsewhere,” he said.

Jennifer Lentz Snyder, who heads health care fraud prosecutions for the Los Angeles County District Attorney’s Office, said insurers should be grateful she’s pursuing fraudsters. But she said that when she asks for even basic information, like the number of times patients were treated at a location, they make it difficult.

“They want us, a criminal agency, to submit questions to their civil lawyers, to examine if there’s a ‘problem’ with the questions,” Snyder said. “It suggests we are not on the same page in terms of enforcement and protecting the integrity of the system.”

---

I wondered if perhaps private insurers worked better with regulators, whom they are bound by law to obey.

Michael Marben quickly quashed that notion. Marben, director of the Commerce Fraud Bureau in Minnesota, suspects health insurers in his state are breaking the law. They are required to send his office any case where they have a “reasonable belief” there’s been fraud. That allows his office to spot trends, assist with investigations and warn other insurers.

In 2017, insurers in the state referred just two cases of suspected fraud. In 2018, they referred five.

That’s not because everyone there is “Minnesota nice.” During the same time period, the state’s Medicaid fraud unit conducted 596 investigations and netted 134 indictments.

And it wasn’t an issue of the profit-driven sector not wanting to cooperate with regulators. In the auto insurance market, for example, the state’s Fraud Bureau had more than 2,200 referrals, most of them from insurers.

There’s “conscious underreporting” by health insurers, Marben said. “You can’t have a company that doesn’t experience fraud.”

The public doesn’t realize that the unregulated fraud has a cost, he said. “This has a direct impact on consumers.”

Fraud involving the programs of private insurers has long been flagged as a problem. About three dozen states have similar reporting requirements, based on model legislation developed in the 1990s by the Coalition Against Insurance Fraud. The laws require all insurers to notify state regulators about potential scams. But no one seems to believe the health insurers actually do. “Everyone I visit says the same thing. In some states they receive basically no referrals from health insurers,” said Dennis Jay, executive director of the coalition, a nonprofit group of private insurers, government agencies and consumer groups that fights fraud.

Incompetence may also be part of the problem. The California Department of Insurance found in recent audits that the investigators for two major health insurers needed more training because they “missed opportunities” for identifying what the auditors thought could be fraud, an official told me.

But as I began calling around, the dearth of cases was truly remarkable. What was happening to people who were defrauding the insurers? What was happening to the doctors billing for services they didn’t provide? And who was watching the money?

Georgia regulators said only three of the state’s top 10 health insurers reported any suspected fraud cases in 2017 and 2018.

The Arizona Department of Insurance got 32 referrals in 2017. That seemed low, so the regulator reminded the companies about its fraud reporting law. The next year the number more than quadrupled to 133. Paul Hill, the department’s chief law enforcement officer, speculated that companies don’t report fraud because they “don’t want the publicity.”

In Washington, the Office of the Insurance Commissioner only got one report in 2017 from Premera Blue Cross, one of the state’s largest insurers. A Premera official told me the company doesn’t report potential fraud unless it finds criminal intent. Instead it deals with most cases internally as “abusive billing,” which means the company “educates” the perpetrators. Only if the billing issues continue does it become suspected fraud.

Apparently, Premera is a great educator. The company’s investigations have led to only one fraud conviction since 2014, the official said.

Steve Valandra, a spokesman for the Washington regulator, doesn’t buy the Premera official’s explanation for the low number of referrals. The state’s reporting law doesn’t say insurers have to prove intent to refer a case, he said. It says they need to report any case where they have a “reasonable belief” there may be fraud.

Jay, director of the fraud-fighting coalition, said regulators need to use their authority to crack down on the insurers who don’t report suspected fraud. “Fine them,” he said.

---

States only regulate the fully insured health plans, in which people pay monthly premiums and the insurer pays their bills. But more than half of working Americans are covered under self-funded plans, in which their employer is paying the bills and hires an administrator, typically an insurance company, to run things.

Self-funded plans are regulated by the federal Department of Labor, but it barely looks at fraud. The Labor Department oversees plans covering tens of millions of people, but it opened just 359 health-related criminal cases in 2017 and 2018 and filed charges in 185, a spokesman said in an email.

The Department of Justice, which oversees the FBI and federal prosecutors, also investigates and prosecutes fraud in employer-sponsored health plans. But its spokesman said it doesn’t track how many cases involve commercial health plans.

Elliott, the former federal fraud prosecutor, said the Justice Department is more focused on policing fraud against the government health plans. When he was a federal prosecutor in North Texas, Elliott said he had about 15 cases involving government plans for every one involving a private one.

When private insurers pitched the occasional case, Elliott said, prosecutors had to weigh whether the insurer would fully cooperate with the investigation. Federal prosecutors dig into the details when they get referrals, he said. They might want to broaden a case, which could create more work for the insurer, or sully its reputation. Or, prosecutors might find out the insurer was not doing its job. “Certain things they wanted you to know about and certain things they didn’t want you to know about,” he said.

The private insurers, Elliot said, seemed to prefer to close cases quietly, cutting off the fraudster and pursuing repayment. But, he said, that allows the scammer to go on cheating others. That’s not fraud enforcement, he said. It’s an “accounting mechanism.”

---

I tracked down a dozen or so investigators who once worked for insurers, and they all said the same thing: Insurers don’t police fraud as much as they could because it hurts the bottom line.

When Dan Bowerman worked as a medical director for Independence Blue Cross in Philadelphia, he said it was easy to spot apparent fraud. But Bowerman, who is a chiropractor as well as a fraud investigator and expert in billing codes, said it takes a lot of work to show criminal intent. A medical provider can say a staffer made an honest mistake, he said. Or a doctor could claim to be trying a novel treatment, a gray area that medical policies allow. And medical providers can also produce records, bogus or not, to substantiate claims, he said. “There are very few providers that willingly agree that they committed health care fraud,” said Bowerman, who worked at the plan for about a decade, leaving in 2012, and is now semiretired.

Michael Crowley investigated fraud for more than a decade for three companies, including Humana and United. The flood of fraud was so great, he said, that investigators ignored suspect claims worth less than $300. Investigating those, the companies determined, would cost more than what they could recover, he said.

But those small claims add up. Williams, the personal trainer from Texas, billed insurers in increments of $300 and under for more than four years, and it added up to about $25 million. “If you’re a provider, you’re going to figure out that threshold real quick and stay under it,” Crowley said.

Crowley and other investigators say targeting suspect medical providers and facilities puts the insurers in a dilemma. They need a certain number of doctors and hospitals in their networks to make plans attractive to employers. They also must ensure patients have access to the care they need.

So apparently, I learned, there’s a calculation that goes on: If, for instance, you’re the only neurologist in town, your fraud may be forgiven.

“Commercial payers have relationships they are trying to keep intact,” said Jennifer Warren, who worked in payment integrity and fraud investigations for the insurance giants Optum, a subsidiary of United, and Cigna. She left the insurance industry in late 2017 to work for a vendor that helps employers reduce pharmacy spending.

At Optum, she said, the payment integrity team would require some suspect providers to provide records substantiating their claims. Or, she said, they would require everyone who billed for certain procedures to provide documentation. But if the providers complained enough, she’d be told to remove the hurdle. It’s a balancing act, she said. “They don’t want that provider out of the network, even though they’re obviously billing incorrectly,” she said.

Some insurers say they participate in a voluntary Medicare-led program called the Healthcare Fraud Prevention Partnership that analyzes claims data to look for fraud. But Medicare won’t say which insurers had actually shared data, or whether that information had been used to help convict scammers.

Several former fraud investigators said the first step was always to school suspected fraudsters on their misbehavior. That means months of letters ending with the admonition: “Don’t do this anymore.” Meanwhile, the former investigators said, a river of suspicious bills flowed through the payment system.

“If you talk to anyone who works in the special investigation units and cares about what they’re doing, they’re frustrated,” Warren said.

Louise Dobbe worked as an attorney for United and advised its fraud unit for more than a decade. She believes fraudsters know they are less likely to be prosecuted by private plans. Billing data showed that people cheating United on the commercial side played it straight with Medicare, said Dobbe, who left United in 2014 and stressed she is not speaking on its behalf.

If a doctor fleeces Medicare, the agency can block that person from billing it — a crushing blow. “We don’t have the hammer on the private side or the commercial side that Medicare does,” she said.

And Dobbe said referring cases to law enforcement is harder than it sounds. “They want it on a silver platter,” she said. An insurer might have nailed a $3,000 claim as fraud “dead to rights,” but the authorities will pass. “They want the bang for their buck,” she said.

Snyder, the Los Angeles County prosecutor, said insurers rarely send her any cases, and there’s no excuse. It is “incredibly easy to make a fraud report.”

Private insurers, she said, weigh fraud enforcement by its “return on investment,” when their priority should be the integrity of the health care system.

“The crime itself is stupid simple,” she said. “You lie about something to get something you’re not entitled to.”