By Erin Rutzler, VP, Cotiviti
LinkedIn: Erin Rutzler
LinkedIn: Cotiviti
The new year brings with it all kinds of new opportunities for healthcare fraud, waste, and abuse (FWA) from bad actors. As FWA trends remain as relevant as ever in 2026, one common scheme to stay vigilant against is “phantom providers.” Phantom provider schemes are a form of healthcare fraud that can have serious consequences for both patients and the healthcare system overall. Moving quickly, these entities only exist long enough to submit fraudulent claims and often disappear before detection. They are highly calculated, fast-moving, and sometimes operate internationally.
What is a phantom provider?
Phantom providers are healthcare professionals or organizations that don’t exist but act under the guise of being legitimate providers. Phantom providers create a fake network for the purpose of fraudulent billing, using dormant or newly created national provider identifiers (NPIs). With thousands of new NPIs created every week, they rely on blending in amongst legitimate providers and avoiding detection.
Once established, phantom providers typically submit a large volume of fraudulent claims over a short period of time, often just a matter of weeks. This rapid escalation allows them to avoid discovery until their claims have already been paid. As a result of the speed of these attacks, catching these fraudsters can be difficult, with many being caught simply by chance.
Adding to the gravity of these attacks, recovering fraudulent payments from phantom providers is often nearly impossible. These instances are often tied to organized criminal networks or entities that operate from outside the U.S., making enforcement and recoupment nearly impossible.
Preventing phantom provider attacks
Preventing phantom provider claims from being paid relies on a combination of oversight, expert cross-checking, and technology.
Reliance on accreditation
The first line of defense against these bad actors is strict oversight from Centers for Medicare & Medicaid Services (CMS) over accrediting organizations via annual accreditation surveys, which help to catch fake or fraudulent providers before they have a chance to strike. These unannounced on-site evaluations are conducted by CMS-approved organizations every three years alongside other reviews. CMS is also enacting new changes mandating unannounced surveys to better align with federal standards. This aims to increase oversight and quickly identify non-compliant entities before they can engage in long-term fraudulent billing.
Another area that CMS is tightening is for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) businesses. DMEPOS suppliers are now required to be surveyed and re-accredited every year, a shift from the previous three-year cycle. This is great news for fighting phantom provider claims, which are especially common in the DMEPOS space.
Verifying documentation and new NPIs
Verifying medical record documentation and claim matching is the second factor in catching phantom providers. For example, if there’s no DME noted in the medical record during an audit, but the claims history notes that this member is receiving DME, this is an opportunity to verify the presence of a possible phantom provider may be attempting to bill for supplies not provided. Ensure billed services are documented in the patient’s medical record and make sure to cross-check that the data matches the patient history.
Health plans should also watch and work with provider networks to stay current on any new incoming NPIs and providers. Keep an eye out for strange names that might be misspelled or somehow otherwise a little “off.” For example, a plan might flag claims from providers that have addresses that include an apartment or P.O. box rather than a proper business address. These human detection efforts are also useful for informing prepay analytics solutions, which can flag suspicious activity at scale before claims are paid.
Prepay review solutions
Automated prepay review solutions that flag claims before payment are a crucial way to combat phantom providers. Pattern detection can provide a helpful jumping-off point for further investigation. The sheer volume of opportunities for exploitation means that health plans should adopt predictive strategies to stay ahead.
A prepay solution might flag a spike in claim volumes that exceed what is considered normal for a specific service. Link analysis is another way that prepay solutions help flag errant behavior, spotting similarities across demographic regions for specific members or provider types. For example, prepay solutions can monitor for unusual clusters of DMEPOS claims within one specific geographic region. Outside of DMEPOS, monitoring any claims that are low-volume, high-cost and vice versa is considered a best practice.
Staying vigilant against FWA
As we continue into the new year and beyond, FWA schemes are certain to evolve. As phantom providers continue to attempt to exploit the healthcare system for their own benefit, health plans should prepare themselves against the possibility of FWA. However, stricter regulatory demands from CMS, reliance on human expertise, and technological scalability all combine for a solid defense against these bad actors.