Upcoding and Unbundling: The Healthcare Fraud Nobody Talks About

upcoding and unbundling

Ask most business owners or compliance professionals to describe healthcare fraud, and they’ll picture a dramatic criminal scheme: stolen identities, phantom clinics, shell companies laundering Medicare payments. What they rarely picture is a physician’s billing department quietly adjusting procedure codesday after day, patient after patientto inflate reimbursements by a few hundred dollars per claim.

That’s upcoding and unbundling. And it is one of the most pervasive, costly, and underreported forms of fraud in the American healthcare system.

The DOJ’s False Claims Act enforcement recovered $2.9 billion in FY 2024 and a record breaking $6.8 billion in FY 2025with healthcare fraud representing the dominant share in both years. The Trump administration has explicitly named upcoding and billing fraud as priority enforcement targets, and the DOJ has used the False Claims Act to aggressively pursue these schemes at institutions ranging from solo physicians to major health systems. Yet most patients, employers, and even many compliance officers don’t fully understand how upcoding and unbundling workor how to detect them before they become a criminal investigation.

What Is Upcoding? Understanding the Core Mechanism

Upcoding occurs when a healthcare provider submits a billing code for a more expensive service, diagnosis, or procedure than was actually delivered. It is, at its core, an inflation scheme embedded in the routine machinery of medical billing.

Every healthcare encounter is assigned Current Procedural Terminology (CPT) codes and Evaluation and Management (E&M) codes that determine reimbursement from Medicare, Medicaid, or private insurers. These codes exist on a spectrum of complexity and cost. A Level 2 office visit reimburses at a lower rate than a Level 5 visit. A simple surgical procedure carries a lower code than a complex one. Upcoding exploits this spectrum by systematically assigning higher tier codesregardless of what actually happened in the exam room.

Real world examples of upcoding include:

  • Billing a 45 minute comprehensive evaluation when the appointment lasted 10 minutes
  • Classifying a minor outpatient procedure as a complex inpatient service
  • Assigning higher acuity diagnosis codes to patients whose conditions do not clinically warrant them
  • Using electronic health record (EHR) software to copy paste prior visit notesmaking previous complex diagnoses appear present at every subsequent visit, inflating the billed complexity of routine follow ups

That last method is particularly concerning. As EHR systems proliferated, so did “note cloning”a practice where providers copy documentation from earlier, more complex encounters into current records to justify higher billing codes. It is technically invisible in the claims data and requires clinical chart review to detect.

Research published in the National Library of Medicine found that high acuity billing codes increased significantly across multiple medical specialties over a study period, with some categories showing risk score increases of nearly 70%a pattern consistent with systematic upcoding rather than genuine changes in patient complexity.

What Is Unbundling? How Fragmentation Inflates Claims

While upcoding inflates the complexity of individual codes, unbundling inflates revenue by breaking apart services that should be billed together into multiple separately charged components.

Medicare and Medicaid establish “bundled” reimbursement rates for groups of procedures commonly performed togetherbecause performing them as a package is more efficient than performing each separately. The bundled rate reflects that efficiency. Unbundling defeats this logic by billing each component of the bundle at its individual (higher) rate, as if each were performed as a standalone procedure.

A foundational real world example: Duke University settled for $1 million after DOJ investigators found the institution had unbundled cardiac and anesthesia services that are standardly billed together under a single comprehensive code. By applying a modifier that allowed the components to be billed separately, Duke received substantially higher reimbursement across thousands of procedures.

Common unbundling scenarios include:

  • Billing separately for incision, suturing, and closure in a surgical procedure that has a single comprehensive code
  • Charging individually for laboratory panel components (such as a blood chemistry panel) when a bundled panel code exists and should be used
  • Billing a follow up visit as a new patient encounter when continuity of care coding rules require a different, lower reimbursing code

What makes unbundling particularly difficult to detect without billing expertise is that each individual code may be technically validit’s the combination of codes that constitutes fraud. Payers reviewing individual claim lines may approve each without recognizing that the aggregate billing violates bundling rules.

The Legal Consequences: Severe and Expanding

Upcoding and unbundling are prosecuted primarily under the False Claims Act (FCA)one of the most powerful fraud enforcement statutes in the federal government’s arsenal. The FCA prohibits knowingly submitting false or fraudulent claims for government payment, and it imposes substantial consequences:

  • Civil penalties: Three times the amount of the fraudulent claims (treble damages) plus per claim fines that can reach thousands of dollars per submission. A provider who upcodes across 10,000 patient encounters does not face one penaltythey face up to 10,000 individual penalty counts.
  • Criminal prosecution: Where intent is established, criminal healthcare fraud charges carry up to 10 years in federal prison per count under HIPAA’s healthcare fraud statute.
  • Exclusion from federal programs: Providers found liable can be permanently excluded from Medicare and Medicaidan effective death sentence for any practice dependent on those payers.
  • License revocation: State medical boards routinely act on FCA findings, resulting in the suspension or permanent revocation of medical licenses.

Critically, the FCA’s civil provisions do not require proof of deliberate intent. “Reckless disregard” of billing accuracysuch as failing to update compliance programs or ignoring known EHR documentation problemscan be sufficient for civil liability. Healthcare providers are legally responsible for billing compliance even when they outsource billing to third party administrators.

In FY 2025, more than $2.3 billion of the DOJ’s record total FCA recoveries came from cases where the government initially declined to intervenemeaning whistleblowers and their attorneys successfully pursued fraud cases on their own. This trend underscores how seriously both relators and courts treat upcoding and unbundling, even without active DOJ prosecution.

Our guide on whether you can sue someone for fraud in civil court even if police won’t help covers the civil litigation landscape relevant to organizations navigating these situations.

Why Upcoding and Unbundling Go Undetected for So Long

The persistence of upcoding and unbundling is a direct product of structural features in healthcare billing oversightthe same features we examined in depth in our post on what is medical billing fraud and how it goes undetected for years.

Volume is the primary shield. Medicare processes hundreds of millions of claims annually. No human review system can examine each encounter for coding accuracyand fraudsters who stay within statistically plausible ranges rarely trigger automated flags.

Complexity provides cover. There are thousands of CPT codes, each with nuanced documentation requirements. The line between defensible aggressive coding and fraudulent upcoding can be genuinely ambiguouswhich is exactly what sophisticated fraud exploits. Payers approving claims in real time don’t have the clinical expertise or the time to investigate individual code selections.

Documentation camouflages intent. The EHR note cloning problem is particularly acute: a chart that superficially meets the criteria for a higher billing codeeven if those criteria were imported from a previous visitis extraordinarily difficult to challenge without a concurrent clinical record review conducted by someone with medical expertise.

And whistleblowers face barriers. Many of the people who first notice upcoding patternsbilling coders, compliance staff, clinical documentation specialistswork directly for the organizations committing the fraud. Without credible protections and clear reporting mechanisms, they stay silent. Our post on whistleblower retaliation documents why this barrier is real and consequential.

How Organizations Can Detect and Prevent These Schemes

Healthcare organizations, insurers, and employer sponsored health plans all have roles to play in identifying and stopping upcoding and unbundlingand the tools available have never been more powerful.

For healthcare providers and compliance programs:

  • Conduct retrospective coding audits that compare billed CPT and E&M codes against full clinical documentationnot just against billing benchmarks
  • Deploy statistical peer comparison to identify providers whose high acuity billing rates significantly exceed those of same specialty peers in the same region
  • Prohibit copy paste documentation in EHR policies or implement technical controls that flag cloned notes for physician review before billing
  • Train billing and coding staff annually on bundling rules and the specific code combinations that trigger FCA exposure
  • Establish and protect anonymous reporting channels so compliance staff can surface concerns without fear of retaliation

For insurers and employer health plans:

  • Use data analytics to identify providers with statistically anomalous high complexity code distributionsespecially those billing Level 4 and Level 5 E&M codes at rates far exceeding specialty benchmarks
  • Flag claim patterns where procedure components are billed separately when standard bundled codes exist
  • Engage a forensic accountant or healthcare billing specialist to investigate statistically anomalous billing patterns that internal review cannot explain
  • Cross reference lab, DME, and procedure orders for patterns consistent with unbundling arrangements

The DOJ’s expanding use of AI and data analyticsincluding the new Health Care Fraud Data Fusion Centermeans enforcement is becoming increasingly proactive. Organizations with compliance gaps that were previously invisible may find themselves under scrutiny as detection technology matures.

Frequently Asked Questions (FAQ)

Q1: What is the difference between upcoding and unbundling? Upcoding assigns a billing code for a more expensive service than was actually deliveredinflating the value of a single claim. Unbundling splits procedures that should be billed together under a single comprehensive code into multiple separate charges to generate higher aggregate reimbursement. Both violate the False Claims Act and can result in treble damages plus per claim civil penalties.

Q2: Can a provider commit upcoding without knowing it? Inadvertent coding errors can occur and may still trigger False Claims Act civil liability if they result in unwarranted government payments. However, systematic patterns of upcodingespecially across thousands of encountersare difficult to characterize as isolated errors. The FCA’s “reckless disregard” standard means that failing to maintain an adequate compliance program can establish liability even without proof of deliberate intent.

Q3: Are hospitals liable for upcoding committed by their physicians? Yes. Healthcare institutions can face FCA liability for billing fraud committed by employed physicians or contracted providers, particularly where the institution had billing oversight responsibilities and knewor should have knownabout compliance problems. Institutions that receive internal reports of upcoding and fail to investigate face heightened legal exposure.

Q4: How does the False Claims Act protect whistleblowers who report upcoding? The FCA’s qui tam provisions allow individuals with knowledge of healthcare fraud to file sealed lawsuits on the government’s behalf and potentially receive 15–30% of recovered funds. The Act also explicitly prohibits retaliation against employees who report fraud, including termination, demotion, or harassment. Our post on reporting corporate fraud anonymously covers the practical steps involved.

Q5: What triggers a DOJ or HHS OIG investigation into upcoding? The most common triggers are whistleblower qui tam complaints, statistical outlier analysis identifying anomalous billing patterns, and referrals from Medicare contractors who flag unusual code distributions. The DOJ’s Health Care Fraud Data Fusion Center increasingly uses AI to surface patterns that would not be visible through manual audit.

Q6: What should an organization do if it discovers potential upcoding in its own billing? Engage legal counsel immediatelypreferably white collar healthcare specialistsand commission an independent billing audit to scope the issue. Voluntary self disclosure to the government, while difficult, can significantly reduce penalties under OIG self disclosure protocols. The forensic accounting investigation process is directly applicable to quantifying and documenting the scope of billing irregularities.

Conclusion: The Fraud in the Billing Code

Upcoding and unbundling don’t look like fraud from the outside. There are no shell companies, no false identities, no dramatic confrontationsjust a systematic pattern of billing decisions that, claim by claim, drains billions from public and private healthcare programs. That invisibility is precisely what makes them so dangerous and so costly.

For healthcare organizations, the compliance imperative is clear: proactive auditing, robust documentation standards, credible reporting mechanisms, and legal readiness are not optional extrasthey are essential defenses against liability that can be existential. For payers and employers who fund health benefits, data analytics and periodic billing reviews are the primary tools available to identify what claim by claim processing cannot surface on its own.

If your organization has identified potential billing fraud or wants to build the detection systems that prevent it, contact FraudOrder today to speak with a fraud investigation professional who can help.

References

  1. U.S. Department of Justice. (2026, January 12). False Claims Act Settlements and Judgments Exceed $6.8 Billion in Fiscal Year 2025. https://www.justice.gov/opa/pr/false claims act settlements and judgments exceed 68b fiscal year 2025
  2. Gibson Dunn. (2026, January 28). False Claims Act 2025 Year End Update. https://www.gibsondunn.com/false claims act 2025 year end update/
  3. Epstein Becker Green. (2025, January). DOJ’s False Claims Act Recoveries Top $2.9 Billion in FY 2024. https://www.healthlawadvisor.com/dojs false claims act recoveries top 2 9 billion in fy 2024 but health care numbers dip what could fy 2025 hold for health care enforcement
  4. Phillips & Cohen LLP. Upcoding & Unbundling Fraud Explained: Healthcare Whistleblowers. https://www.phillipsandcohen.com/upcoding unbundling fragmentation/
  5. Rural Health Information Hub. (2025, March). Five Federal Fraud and Abuse Laws That Apply to Physicians. https://www.ruralhealth.us/blogs/2025/03/five federal fraud and abuse laws that apply to physicians
  6. Federal Lawyer.com. (2024). What Kinds of Billing and Coding Errors Constitute Health Care Fraud? https://federal lawyer.com/what kinds of billing and coding errors constitute health care fraud/
  7. National Institutes of Health / PubMed Central. Upcoding Medicare: Is Healthcare Fraud and Abuse Increasing? https://pmc.ncbi.nlm.nih.gov/articles/PMC8649706/
  8. Federal Bureau of Investigation. Health Care Fraud. https://www.fbi.gov/investigate/white collar crime/health care fraud
  9. U.S. Department of Health and Human Services, Office of Inspector General. (2025). 2025 National Health Care Fraud Takedown. https://oig.hhs.gov/newsroom/media materials/2025 national health care fraud takedown/
  10. National Health Care Anti Fraud Association (NHCAA). The Challenge of Health Care Fraud. https://www.nhcaa.org/tools insights/about health care fraud/the challenge of health care fraud/

Disclaimer: This article is provided for informational purposes only and does not constitute legal, financial, compliance, or professional advice. No attorney client or consulting relationship is created by reading or sharing this content. False Claims Act liability, billing compliance obligations, and enforcement priorities vary by jurisdiction, payer type, and organizational circumstances. Always consult a qualified healthcare attorney, certified fraud examiner, or compliance professional for guidance specific to your situation. For questions about FraudOrder services, visit https://fraudorder.co/

Add Comment

At Fraud & Order, we are dedicated to uncovering the truth behind complex financial crimes and unethical practices. Our team of experienced investigators, analysts, and compliance experts provides professional fraud detection, forensic analysis, and risk assessment services to businesses, regulatory bodies, and legal partners.

Contact Info

+1 5206896814
info@fando.info
tips@fando.info
7426 N La Cholla Blvd, Tucson, AZ 85741, USA

Follow Us