The envelope arrives on a Tuesday. Inside: a Civil Investigative Demand from the Department of Justice, requesting every billing record, every email, and every internal communication related to your Medicare submissions for the last six years. You have thirty days to respond.
Somewhere in those records is the pattern that got you here. Someone filed a qui tam complaint. The government decided to look closer. And now your defense — or your prosecution — depends entirely on what the data says.
The False Claims Act is the federal government's primary tool for recovering money lost to fraud. In fiscal year 2024, the Department of Justice secured $2.9 billion in FCA settlements and judgments — the vast majority from healthcare providers, pharmaceutical companies, and defense contractors. Every one of those cases was built, at least in part, on data.
Here are the seven ways systematic data analysis shapes who wins.
1. Detecting Billing Fraud at Scale
Most FCA healthcare fraud cases don't start with a single smoking-gun claim. They start with a pattern: a provider billing at rates dramatically higher than peers, procedure codes that cluster suspiciously, or services documented for patients who were deceased at the time of treatment.
The most common billing fraud schemes — upcoding (billing for a more expensive service than was actually provided), unbundling (billing separately for components of a procedure that should be billed together), phantom billing (billing for services never rendered), and medically unnecessary procedures — each leave a statistical fingerprint in claims data.
Data analysis makes those fingerprints visible. Running frequency distributions across CPT codes, cross-referencing claim dates against patient records, and flagging providers whose billing patterns fall more than two standard deviations above their peers — these are the analytical moves that transform a complaint into a viable case. For defendants, the same analysis works in reverse: identifying the statistical rationale for billing decisions before the government does.
"Billing fraud doesn't hide in individual claims. It hides in aggregate patterns. You can only see it if you look at everything at once."
2. Statistical Sampling and Extrapolation for Damages
A large FCA healthcare case might involve five hundred thousand individual claims. No court expects litigants to review each one. What courts do expect is a statistically defensible methodology for establishing what the full population looks like.
The Department of Health and Human Services Office of Inspector General has used statistical sampling in healthcare fraud investigations for decades. Federal courts have repeatedly upheld the method when the sample is randomly drawn, sufficiently sized, and analyzed by a qualified expert. The logic is straightforward: if 78% of a random sample of 500 claims are found to be false, it is statistically valid to conclude that approximately 78% of the 500,000 total claims are false — and to calculate damages accordingly.
For plaintiffs and the government, this methodology allows FCA damages to be established accurately and efficiently. For defendants, challenging the methodology — the randomness of the sample, the adequacy of the sample size, the qualifications of the expert — is a primary avenue of defense.
3. Proving Scienter Through Communications Analysis
The FCA's most contested element is scienter — the requirement that the defendant acted "knowingly." A billing error, however large, is not fraud. Fraud requires that the defendant knew the claims were false, deliberately ignored warning signs, or acted with reckless disregard for the truth.
Proving scienter typically means finding the email where a compliance officer raised concerns that were overridden by management. Or the memo documenting that billing staff had flagged the same issue three times before the government started asking questions. Or the Slack message where someone asked "are we sure we can bill for this?" and was told to proceed anyway.
These documents exist in almost every significant fraud case. The challenge is finding them in a corpus of fifty thousand emails. Natural language processing tools that can search across unstructured communications for specific concepts — not just keywords, but intent, concern, override — compress weeks of document review into hours. The practical example:
Example Overstand query
"Find all emails and Slack messages where billing staff, compliance, or legal expressed concern about Medicare coding practices between January 2021 and December 2023"
The result isn't a list of keyword matches. It's a structured timeline of internal concern — exactly what a jury needs to understand that the defendant wasn't simply making mistakes.
4. Network Analysis to Expose Kickback Schemes
A significant portion of FCA cases involve violations of the Anti-Kickback Statute — arrangements where referrals are made in exchange for payment, free equipment, or other benefits. These schemes are structurally complex: they involve multiple parties, financial flows that are deliberately obscured, and referral patterns designed to look like legitimate business relationships.
Network analysis maps those relationships. It starts with financial data — payments between entities, vendor contracts, ownership structures — and builds a graph of who is connected to whom and how. When that graph is overlaid with referral patterns from claims data, the picture becomes readable: entity A is receiving an unusual volume of referrals from entity B, exactly coincident with a consulting agreement that pays entity B's principals.
The technique is equally valuable on the defense side. If a network analysis reveals that referral patterns are consistent with clinical relationships rather than financial ones, that's evidence that the Anti-Kickback Statute wasn't violated — regardless of what financial arrangements existed.
"Kickback schemes are designed to look like normal business. Network analysis is how you make the design visible."
5. Benchmarking Against Industry Peers
One of the most powerful tools in FCA litigation is comparison. When a provider's billing patterns are dramatically different from statistically similar providers — same specialty, same geography, similar patient population — that deviation becomes evidence. It doesn't prove fraud on its own, but it establishes that what happened was not normal, which shifts the burden of explanation to the defendant.
CMS publishes Medicare billing data that allows this kind of comparison at scale. The analytical approach: identify a cohort of comparable providers, run the same frequency distribution across their CPT billing, and calculate where the defendant falls on the distribution curve. A provider billing Evaluation and Management code 99215 (the highest-complexity office visit) at four times the rate of their peer cohort is going to need a compelling clinical explanation.
For defendants, this same analysis is critical before litigation begins. Running your own benchmarking analysis — and understanding where your billing patterns fall relative to peers — is the difference between being caught off-guard by a CID and being prepared to explain your clinical rationale from the first day of a government investigation.
6. Reconstructing the Timeline
The FCA requires proving not just that false claims were submitted, but that the false claims were material to the government's payment decision — meaning the government would not have paid if it had known the claim was false. Establishing materiality often requires reconstructing a timeline: when did the defendant know the claims were problematic, what internal decisions were made, and when did the government pay?
Timeline reconstruction in complex FCA cases requires correlating multiple data streams simultaneously: internal communications (when did leadership become aware of compliance concerns?), billing records (when were the disputed claims submitted and paid?), regulatory correspondence (were there prior audits or warning letters?), and personnel records (did compliance officers raise concerns that were dismissed?).
When those streams are analyzed together, causation becomes visible. The most common pattern in major FCA cases: a compliance concern raised internally, a business decision made to continue billing despite the concern, and government payment received after the decision. That sequence — concern, override, payment — is the timeline that FCA plaintiff attorneys are building toward.
7. Corroborating the Qui Tam Relator
Most FCA cases begin with a whistleblower. A former billing manager who noticed that the codes didn't match the charts. A compliance officer whose concerns were dismissed. A physician who watched a hospital systematically overcharge Medicare for years. These relators file qui tam complaints on behalf of the government and, if the case succeeds, receive between 15% and 30% of the government's recovery.
The DOJ intervenes in roughly 25% of qui tam cases. The cases most likely to attract government intervention are those where the relator can point to specific, documented examples of fraud — not just a general pattern they observed, but concrete claims, internal communications, and financial records that corroborate their account.
This is where data analysis at the outset changes everything. A relator who can present the government with a structured dataset — here are 200 specific claims that I believe are fraudulent, here is the documentation that explains why, here is the internal communication showing leadership knew — is operating at a completely different level than a relator who files a narrative complaint and hopes the government finds the evidence itself.
"The qui tam relator who arrives with data doesn't just have a complaint. They have a case."
What This Looks Like in Practice
Consider Rachel Nguyen, a compliance analyst at a regional home health agency. Over eighteen months, she noticed that the agency was systematically billing for visits that either didn't happen or didn't meet medical necessity criteria. She documented examples where she could — screenshots, spreadsheets, emails where she raised concerns to her supervisor — but knew that the full pattern was buried in the agency's billing system.
Before filing her qui tam complaint, Rachel worked with a legal team that used Overstand to query several years of billing exports she had legitimately obtained. The query was direct:
Example Overstand query
"Show me all home health visits billed in 2022 and 2023 where the patient had fewer than two documented visits in the preceding 60 days but was billed for a recertification episode"
The result: 4,300 claims matching the pattern, totaling $8.7 million in Medicare payments. Rachel's complaint went from a narrative based on personal observation to a data-backed allegation covering specific claims, specific patients, and specific dollar amounts. The DOJ intervened within eight months.
The Defensible N
Why seven? Because each of these analytical moves is genuinely distinct — it requires different data, different methods, and targets a different element of an FCA case. Fraud detection at the billing level proves the claim was false. Statistical sampling establishes how much. Communications analysis proves the defendant knew. Network analysis reveals the scheme structure. Benchmarking contextualizes the abnormality. Timeline reconstruction establishes materiality. Relator corroboration turns insider knowledge into actionable allegations.
Any one of these, done well, can move a case. All seven, done systematically, is how the government secured $2.9 billion last year.
Overstand for Legal Intelligence
Aggregate billing records, communications, and case documents. Query across all of it in plain language. Surface the patterns that matter before the other side does.
See How Overstand Works