Decision Instrument · Claims Governance · Payer or Provider
FWA Governance Diagnostic
A 25-question structured assessment evaluating your organisation's FWA detection architecture, false positive rate, appeal process maturity, AR-DRG coding audit capability, and governance framework. Designed for payers and providers navigating a claims environment in transition.
5 domains
25 questions
Approximately 15 minutes
Payer or provider perspective
Self-assessment version. This instrument is available as a facilitated Full Diagnostic with independent audit of your FWA detection logic, false positive analysis, and a board-ready written report with documented conditions.
Several questions have payer-specific and provider-specific variants. Select your perspective before starting.
Section 1 of 50% complete
Section 1 of 5
Detection Architecture
Evaluates whether your FWA detection capability is analytically structured to distinguish between fraud, waste, abuse, and coding error – and whether it is calibrated for the AR-DRG claims environment rather than the fee-for-service patterns it was originally designed to catch.
Tests against: Undifferentiated Detection · FFS-Calibrated Rules in a DRG Environment
Question 1
Does your FWA programme formally distinguish between fraud (intentional misrepresentation), waste (overutilisation without intent), abuse (deviation from standards without clear intent), and coding error (documentation inaccuracy): with separate detection logic, escalation pathways, and remediation responses for each?
Strong – 3 pointsAll four categories are formally defined, have separate detection rules, trigger different escalation pathways (legal referral for fraud, education for waste, contract management for abuse, coding support for error), and produce separate reporting metrics.
Partial – 2 pointsBroad distinction exists between fraud and other categories but detection logic and escalation pathways are not formally separated across all four.
Weak – 0 pointsFWA is treated as a single category. Detection, escalation, and remediation apply uniformly regardless of underlying cause.
Question 2
Has your FWA detection logic been reviewed and updated specifically to address AR-DRG coding manipulation – including DRG upcoding, inappropriate comorbidity addition, and principal diagnosis selection optimisation – rather than remaining calibrated for fee-for-service line-item patterns?
Strong – 3 pointsDetection rules have been explicitly updated for DRG-based fraud patterns. Upcoding detection, comorbidity outlier analysis, and DRG weight distribution monitoring are all operational.
Partial – 2 pointsDRG-specific patterns are being considered but detection logic has not been fully updated. Some FFS rules remain active alongside partial DRG-focused additions.
Weak – 0 pointsDetection logic was built for FFS and has not been reviewed for DRG applicability. AR-DRG coding manipulation is not a defined detection target.
Question 3
Does your organisation have an analytical capability to identify FWA patterns at the network level – clustering flagged activity by provider, specialty, and geographic area – rather than reviewing claims only at the individual transaction level?
Does your organisation have an analytical capability to monitor your own coding patterns against network benchmarks – identifying which clinical teams, departments, or coders are generating outlier DRG weight distributions that may attract payer audit attention?
Provider perspective: internal coding benchmarking against network norms.
Strong – 3 pointsNetwork-level or internal benchmark analysis is active, produces actionable intelligence, and feeds directly into detection or coding improvement programmes on a regular cycle.
Partial – 2 pointsSome aggregate analysis exists but is not systematic, not regularly produced, or not translated into actionable detection or improvement programmes.
Weak – 0 pointsAnalysis is at the individual claim level only. No network or internal benchmarking capability exists.
Question 4
Is your FWA detection capability connected to NPHIES transaction data in a way that enables near-real-time pattern analysis – rather than operating on periodic claim samples reviewed manually?
Strong – 3 pointsNPHIES data feeds directly into automated FWA detection systems. Pattern analysis runs on the full transaction universe, not samples, and produces alerts within the same reporting cycle as the claims being reviewed.
Partial – 2 pointsNPHIES data is used for FWA analysis but access is periodic, sample-based, or requires manual extraction before analysis can begin.
Weak – 0 pointsFWA detection does not draw on NPHIES transaction data in a structured way. Detection relies primarily on manual claim review or exception reporting.
Question 5
Does your organisation have documented, quantified detection thresholds – specifying at what statistical deviation from expected patterns a claim or provider triggers a flag – rather than relying on undocumented analyst judgment?
Strong – 3 pointsDetection thresholds are documented, statistically grounded, reviewed annually against actual false positive and false negative rates, and approved by a governance committee with accountability for FWA performance.
Partial – 2 pointsSome thresholds are documented but others rely on analyst judgment. Threshold review is infrequent or not tied to measured false positive or false negative outcomes.
Weak – 0 pointsDetection thresholds are not formally documented. Flag decisions are made by analysts without reference to quantified benchmarks or documented escalation criteria.
Section 2 of 5
False Positive Management
Tests whether your organisation actively measures its false positive rate, has structured appeal and reversal processes, and uses false positive data to continuously recalibrate detection logic – rather than treating incorrect flags as an acceptable cost of doing FWA work.
Does your organisation actively measure its false positive rate – the proportion of flagged claims that, on review or appeal, prove to be legitimate – and report this metric as a performance indicator alongside detection volume?
Does your organisation track the proportion of rejected or audited claims that you successfully appeal or reverse – and use this rate to assess whether your coding and documentation practices are generating avoidable FWA flags?
Strong – 3 pointsFalse positive rate (payer) or successful reversal rate (provider) is actively tracked, reported monthly, and triggers recalibration of detection logic or documentation improvement when it exceeds defined thresholds.
Partial – 2 pointsSome tracking exists but false positive or reversal data is not systematically reported or used to drive detection recalibration.
Weak – 0 pointsFalse positives or reversals are not tracked as a performance metric. The organisation does not know its false positive rate.
Question 7
Is there a structured, time-bound appeal process for flagged or rejected claims – with defined response timelines, a named appeals decision-maker with authority to reverse flags, and documented outcomes that feed back into detection logic?
Strong – 3 pointsA formal appeal process exists with documented timelines (e.g., initial response within 10 business days), a named decision-maker with defined authority, and a systematic feedback loop that uses reversal outcomes to recalibrate detection thresholds.
Partial – 2 pointsAn appeal process exists but lacks formal timelines, defined decision authority, or a systematic feedback loop to detection logic.
Weak – 0 pointsNo structured appeal process. Disputes over flagged claims are handled through informal negotiation without defined timelines or authority.
Question 8
Has your organisation quantified the financial and relationship cost of its current false positive rate – including working capital impact on providers (payer perspective) or administrative cost of resubmission (provider perspective) – and used this to set a false positive rate target?
Strong – 3 pointsThe financial cost of false positives has been quantified and a target false positive rate has been set, with detection logic calibrated to balance fraud recovery against the cost of generating false flags.
Partial – 2 pointsThe cost of false positives is understood conceptually but has not been quantified or used to set a calibrated detection target.
Weak – 0 pointsFalse positive costs have not been assessed. Detection is optimised for fraud recovery volume without consideration of the cost of incorrect flags.
Question 9
Are provider or insurer relationships actively managed as part of FWA governance – with a named relationship manager responsible for communicating FWA decisions, explaining the basis for flags, and maintaining constructive engagement during dispute resolution?
Strong – 3 pointsA named relationship manager with FWA communication responsibility exists, proactive briefings on flagging patterns are provided to counterparties, and FWA dispute escalation is handled separately from routine claims management.
Partial – 2 pointsRelationship management exists but FWA communication is handled by the same team as routine claims, without a dedicated escalation pathway or proactive pattern briefings.
Weak – 0 pointsNo dedicated FWA relationship management. Disputes are handled through standard claims correspondence without differentiation.
Question 10
Is the organisation's FWA detection logic tested annually for systematic bias – for example, whether certain specialties, provider types, or beneficiary segments are flagged at disproportionate rates unrelated to actual fraud incidence?
Strong – 3 pointsAnnual bias testing is conducted, findings are reviewed by the FWA governance committee, and systematic biases are corrected through threshold adjustment before the next detection cycle.
Partial – 2 pointsBias is acknowledged as a risk but formal testing is not conducted on a defined schedule or with a documented correction process.
Weak – 0 pointsNo bias testing. The organisation does not know whether its detection logic systematically over-flags particular specialties, provider types, or beneficiary segments.
Section 3 of 5
Coding Audit Capability
Tests whether your organisation has the clinical coding expertise to audit ICD-10-AM/ACHI/ACS accuracy and DRG weight assignment – the analytical foundation for both detecting genuine FWA and avoiding the false positives that damage compliant providers and relationships.
Does your FWA function include certified clinical coders with ICD-10-AM/ACHI/ACS competency – not just data analysts – who can review clinical documentation to determine whether a DRG assignment is clinically supported or represents upcoding?
Strong – 3 pointsCertified clinical coders with AR-DRG V9.0 competency are embedded in the FWA function. Clinical record review is a standard step in the fraud investigation process before a flag is escalated.
Partial – 2 pointsClinical coding expertise is available but is not embedded in the FWA function. Coding review is commissioned externally or on an ad hoc basis when specific cases require it.
Weak – 0 pointsFWA detection is conducted by data analysts without clinical coding expertise. DRG assignment accuracy cannot be assessed internally.
Question 12
Can your organisation distinguish, from the available clinical documentation, between a DRG weight increase that reflects legitimate comorbidity documentation improvement and one that reflects inappropriate upcoding without clinical support?
Strong – 3 pointsA structured clinical review protocol exists for assessing comorbidity documentation against the clinical record. Legitimate documentation improvement is differentiated from upcoding through a defined analytical process with documented criteria.
Partial – 2 pointsClinical review is conducted but the distinction between legitimate improvement and upcoding relies primarily on analyst judgment without documented criteria.
Weak – 0 pointsThe distinction cannot be made systematically. DRG weight changes are assessed statistically without reference to underlying clinical documentation.
Question 13
Is there a structured pre-payment audit programme – reviewing a defined sample of claims before settlement rather than relying exclusively on post-payment recovery – specifically targeting high-weight DRG categories with known fraud risk?
Strong – 3 pointsA pre-payment audit programme is operational, with defined sampling methodology targeting high-weight DRGs, documented review criteria, and a turnaround timeline that does not create unacceptable provider payment delays.
Partial – 2 pointsSome pre-payment review exists but is not structured around DRG risk categories, or the programme is not consistent in scope or frequency.
Weak – 0 pointsFWA is addressed almost entirely through post-payment recovery. No structured pre-payment audit programme targets DRG fraud risk.
Question 14
Does your organisation maintain a current map of the highest-risk DRG categories in the Saudi market – based on national rejection rates, clinical audit findings, and published IA/CHI guidance – and concentrate audit resources on those categories?
Strong – 3 pointsA maintained, regularly updated risk map exists for high-risk DRG categories. Audit resources are explicitly allocated based on this map, and the allocation is reviewed quarterly against emerging patterns.
Partial – 2 pointsHigh-risk DRG categories are broadly understood but audit resources are not systematically concentrated based on a maintained, updated risk map.
Weak – 0 pointsNo DRG risk map. Audit scope is determined by volume or historical patterns rather than current risk-based analysis.
Question 15
Is coding audit activity coordinated between the FWA function and the clinical documentation improvement or revenue cycle team – ensuring that findings in one direction (fraud flagging) inform the other (documentation quality) without creating perverse incentives?
Strong – 3 pointsFWA and CDI/RCM functions have a formal coordination mechanism: sharing audit findings, reviewing cases where documentation improvement and fraud suspicion overlap, and maintaining a governance oversight that prevents either function from distorting the other's incentives.
Partial – 2 pointsSome coordination occurs but it is informal. There is no systematic mechanism for sharing findings or managing the overlap between documentation improvement and fraud suspicion.
Weak – 0 pointsFWA and CDI/RCM operate independently with no coordination. The risk that fraud suspicion chills legitimate documentation improvement, or that documentation improvement is used to justify upcoding, is not managed.
Section 4 of 5
NISS Expansion Readiness
Tests whether your FWA governance framework has been scaled and recalibrated for the NISS expansion to 23 million beneficiaries – recognising that increasing the insured population by 75% dramatically increases the fraud surface area before detection capacity has been proportionally upgraded.
Tests against: Scale Mismatch · New Population Risk Profiles
Question 16
Has your FWA programme modelled the increase in fraud surface area resulting from the NISS expansion – quantifying the additional claims volume, new provider types, and new beneficiary risk profiles that the expanded population introduces?
Strong – 3 pointsA formal NISS FWA impact assessment has been completed, covering incremental claims volume, new provider entry risk, beneficiary risk profile changes, and required detection capacity increase. Results have been reviewed by FWA governance leadership.
Partial – 2 pointsThe NISS expansion has been noted as increasing FWA risk but a formal impact assessment with quantified capacity requirements has not been completed.
Weak – 0 pointsNo NISS-specific FWA impact assessment. The current FWA programme is expected to absorb the expanded volume without additional capacity or recalibration.
Question 17
Has your detection logic been reviewed for applicability to the expanded beneficiary population – recognising that the dependants joining the NISS pool may present different utilisation patterns and fraud risk profiles than the existing insured workforce population?
Strong – 3 pointsDetection thresholds and risk models have been reviewed and adjusted for the expanded beneficiary mix. New risk categories specific to the dependent population have been incorporated into the detection framework.
Partial – 2 pointsThe different risk profile of the new population is acknowledged but detection logic has not been formally recalibrated to account for it.
Weak – 0 pointsExisting detection logic will be applied to the expanded population without review. No assessment of whether thresholds calibrated for the workforce population remain valid for dependants has been conducted.
Question 18
Is there a plan for expanding FWA detection capacity – analytical resources, clinical coding expertise, and appeal handling – in proportion to the claims volume increase the NISS expansion will generate?
Strong – 3 pointsA capacity plan exists with defined resource requirements, a recruitment or automation roadmap, and a timeline linked to NISS expansion milestones. The plan has been approved with budget allocation.
Partial – 2 pointsCapacity expansion is planned at a high level but a detailed, funded, timeline-linked plan has not been approved.
Weak – 0 pointsNo capacity expansion plan for NISS FWA impact. Current FWA resources are expected to absorb the expansion without additional investment.
Question 19
Have new provider categories entering the network under the NISS expansion been assessed for FWA risk – with enhanced onboarding scrutiny, provisional monitoring periods, and defined conditions for full network access?
Strong – 3 pointsA structured provider credentialing and FWA risk assessment process applies to all NISS-expansion network additions. New providers receive enhanced monitoring for a defined period before transitioning to standard oversight.
Partial – 2 pointsProvider credentialing exists but FWA-specific risk assessment and provisional monitoring for NISS-expansion additions has not been formalised.
Weak – 0 pointsNo FWA-specific provider onboarding risk assessment. New providers under the NISS expansion enter the network without enhanced FWA monitoring.
Question 20
Has your organisation assessed whether its FWA governance framework meets the Insurance Authority's regulatory expectations under the consolidated oversight structure – including documentation standards, reporting obligations, and investigation protocols?
Strong – 3 pointsA formal regulatory mapping of FWA governance against IA requirements has been completed. Gaps have been identified and a remediation plan is in place, with defined timelines for compliance before the next IA supervisory cycle.
Partial – 2 pointsIA requirements are broadly understood but a formal gap analysis of the FWA governance framework against IA expectations has not been completed.
Weak – 0 pointsNo assessment of IA FWA regulatory requirements. The FWA governance framework was designed for the CHI regulatory environment and has not been reviewed for the consolidated IA framework.
Section 5 of 5
Governance Framework
Evaluates whether FWA governance sits at the right level of the organisation – with board visibility, a named accountable executive, a documented programme, and defined escalation thresholds – rather than operating as an operational function without strategic oversight.
Does the board or a board-level committee receive a regular FWA report – covering detection volume, false positive rate, investigation outcomes, financial recovery, and forward risk assessment – at least quarterly?
Strong – 3 pointsQuarterly FWA reporting to the board or audit/risk committee is in place, covering all five metrics with trend analysis and a forward risk assessment that addresses NISS expansion and AR-DRG transition impacts.
Partial – 2 pointsSome FWA reporting reaches board level but it is infrequent, incomplete, or does not include forward risk assessment.
Weak – 0 pointsFWA is not reported to the board. The programme operates at an operational level without board-level visibility or accountability.
Question 22
Is there a named senior executive with explicit accountability for FWA governance – with the authority to escalate cases to legal referral, suspend provider or beneficiary access, and engage the Insurance Authority on material FWA matters?
Strong – 3 pointsA named senior executive holds FWA accountability with documented authority covering legal referral, access suspension, and IA engagement. Escalation thresholds triggering each level of action are defined and board-approved.
Partial – 2 pointsAccountability is assigned but escalation authority is not fully defined or documented, creating ambiguity at the boundary between operational and legal escalation.
Weak – 0 pointsNo named senior executive accountability for FWA. The programme has no clear escalation pathway from operational detection to legal or regulatory action.
Question 23
Does your organisation have a documented FWA programme – covering detection methodology, investigation protocols, escalation criteria, appeal process, reporting obligations, and training requirements – that is reviewed and updated at least annually?
Strong – 3 pointsA comprehensive FWA programme document exists covering all six components, is reviewed annually with formal version control, and has been updated to reflect the AR-DRG transition and NISS expansion context.
Partial – 2 pointsA programme document exists but does not cover all six components, has not been recently updated, or has not been reviewed in the context of AR-DRG and NISS changes.
Weak – 0 pointsNo formal FWA programme document. The programme operates through informal practices and individual analyst knowledge rather than documented, governed methodology.
Question 24
Is there a structured FWA training programme for all staff involved in claims submission, review, or adjudication – covering the distinction between fraud/waste/abuse/error, the organisation's detection thresholds, and the legal obligations arising from identified FWA?
Strong – 3 pointsA structured, role-specific FWA training programme exists with tracked completion rates, annual refreshers, and content that has been updated for the AR-DRG environment. Legal obligations are clearly covered for all roles with potential fraud exposure.
Partial – 2 pointsTraining exists but is not role-specific, not tracked for completion, or has not been updated for the AR-DRG and NISS context.
Weak – 0 pointsNo structured FWA training programme. Staff awareness of FWA obligations relies on informal communication and individual initiative.
Question 25
Does your organisation have a defined protocol for engaging with the Insurance Authority on material FWA matters – including mandatory reporting thresholds, communication channels, and a documented process for responding to IA-initiated FWA investigations?
Strong – 3 pointsA formal IA engagement protocol for FWA exists with defined reporting thresholds, named communication contacts, and a documented response process that has been tested against the consolidated IA regulatory framework.
Partial – 2 pointsIA engagement on FWA is understood at a general level but a formal protocol with defined thresholds and a tested response process has not been documented.
Weak – 0 pointsNo IA engagement protocol for FWA. Regulatory contact on FWA matters would be handled reactively without a defined process or documented communication pathway.
FWA Governance Diagnostic – Results
Your FWA Governance Profile
0
/ 75
Calculating...
Processing...
Domain Breakdown
Detection Architecture
0/15
False Positive Management
0/15
Coding Audit Capability
0/15
NISS Expansion Readiness
0/15
Governance Framework
0/15
Indicative Findings
Calculating...
This self-assessment shows the methodology. The facilitated diagnostic goes further.
A facilitated HealthElevate FWA diagnostic includes independent review of your detection logic, false positive rate analysis, coding audit capability assessment, and a board-ready Proceed / Redesign brief with explicit conditions.
FWA in Saudi Healthcare: Structural Exposure, False Positives, and the True Cost of Misaligned Controls
The analytical context behind this instrument: why FWA detection conflates fraud with coding error, what AR-DRG does to the fraud surface, and what the NISS expansion means for detection capacity.