Saudi Arabia dental provider defrauds insurance company by duplicitous billing

A Saudi insurance company investigation discovered that a customer, a dental provider, was fraudulently billing thousands from uncontracted branches. Here’s how the insurance company discovered the evidence and broke the case.

The patients wouldn’t suspect a thing. They’d visit one of several offices in a chain of Saudi Arabian dental offices, have their teeth examined, cleaned and fixed, and leave thinking that their insurance company paid for the services. And, well, they did, but several offices in the chain, who hadn’t contracted with this insurance company, had illegally billed it for thousands of Saudi riyal.

As the manager of the fraud, waste and abuse (FWA) department within a Saudi health insurance company, I’ve encountered cases involving overbilling, unnecessary procedures and misrepresentation of services. Yet one case stands out in its sophistication and implications for market oversight.

The case concerned a dental provider that misused the contractual arrangements between its organization and our insurance company. Specifically, the provider treated patients at seven uncontracted branches out of 10 total branches but submitted requests and claims as if they’d originated from the one branch contracted with our company.

This column provides a detailed narrative of how this fraud was identified, investigated and resolved. Through a combination of digital tracking, mystery shopping, cross-verification with patients and dentists, and evidence triangulation, confirming fraudulent patterns through multiple independent sources (i.e., claims data, receipts, the provider’s staffing patterns, etc.), we were able to show how the provider fraudulently billed our company, and we were able to recover the losses.

Background of the case

Our investigation began innocuously. The dental provider approached our company with a proposal to add several new branches to the existing network. At first glance, the request seemed routine; providers often seek to broaden their reach to attract more patients covered under insurance. Any such proposal requires thorough vetting, including a review of branch operations. The provider’s request seemed to be part of its business expansion with us; not an attempt to cover up misconduct.

However, during this initial review, I identified inconsistencies that raised my suspicion of the provider. The branches it wanted to add looked as though they were already opened and operating for months, despite not yet being part of our contracted network.

In the Saudi insurance market, contracted branches are authorized to submit claims through the National Platform for Health and Insurance Exchange Services (NPHIES) system, the central digital platform that manages approvals and claims between payors and providers. Uncontracted branches, by contrast, shouldn’t have access to reimbursement under their own branch identity. Patients at those uncontracted branches didn’t pay fully out of pocket; instead, the provider billed the services under the patients’ insurance coverage with our company and then routed the claims through the contracted branch to make them appear legitimate in the system.

Identifying suspicious activity

My next step was to confirm if the uncontracted branches were indeed treating insured patients. I examined approval requests and claims submitted through the NPHIES portal. NPHIES, an application programming interface, standardizes all claim submissions across the market. Each provider’s location is assigned a unique NPHIES ID, which ensures traceability of requests to specific branches.

On initial inspection, all claims submitted by the provider appeared to originate from the one branch contracted with our company. The invoices carried the contracted branch’s name, and the NPHIES ID was consistent with that location. On paper, everything seemed legitimate. However, this only deepened my suspicion: If the provider’s uncontracted branches were operational, could they be bypassing the system by misusing the contracted branch’s identity?

I needed to verify operational practices directly — moving beyond desk audits into field investigations.

Deployment of mystery shoppers

To gather direct evidence, I deployed a team of mystery shoppers — staff members of our company trained to act as ordinary dental patients. Mystery shopping is a recognized method in fraud examination, particularly when we can’t confirm provider behavior solely through claims data. We tasked the shoppers with visiting the suspected uncontracted branches, requesting dental consultations and documenting their experiences.

The provider didn’t hesitate to accept the mystery shoppers and treated them at the uncontracted branches despite their insurance policies with us tied only to the one contracted facility. This confirmed our core suspicion: The dental provider was delivering insured services at uncontracted locations.

However, a single visit from a mystery shopper at each of the uncontracted locations was insufficient to establish patterns. I instructed the mystery shoppers to return to uncontracted locations periodically over several months. During each visit, they requested treatment, secured approval through the NPHIES system and collected receipts for deductible payments. These receipts were particularly valuable because they often bore the name of the actual branches visited, which provided tangible evidence of the discrepancies between operational reality and claims submissions.

By the end of this phase, the mystery shoppers had accumulated multiple receipts from identifiable uncontracted branches along with claims that the branches submitted as though they came from the one contracted branch.

Evidence of manipulation

As the mystery shoppers made their rounds, visiting the branches, I started analyzing the NPHIES data. Every approval request and claim contains metadata, including the NPHIES ID of the submitting branch. I mapped these IDs across the provider’s network, which created a reference list of all branch identities — contracted and uncontracted.

The results were revealing. The approval requests and claims tied to mystery shopper visits consistently carried the NPHIES ID of the one contracted branch — even though the patients had been treated at uncontracted locations. This deliberate substitution demonstrated manipulation at the system level. The provider was misrepresenting the true origin of services to conceal the use of uncontracted facilities.

My further examination of claim documentation reinforced this finding. Invoices attached to claims consistently bore the name of the one contracted branch rather than the locations where treatment occurred. This dual manipulation — of both NPHIES IDs and invoices — was clearly intended to disguise the provider’s fraudulent behavior.

Cross-verification with dentists and patients

To further substantiate the case, I examined the human element of the scheme. I needed to verify whether the dentists listed in the claims were actually working at the contracted branch.

The dentists who treated the mystery shoppers worked exclusively at uncontracted branches. To confirm, I made recorded phone calls directly to each branch, posing as a patient seeking appointments with those dentists. In each case, staff confirmed that they practiced only at the uncontracted locations.

I reviewed prior submissions associated with the same dentists but filed under the contracted branch. This revealed a broader pattern: patients were being consistently treated at uncontracted branches while claims were submitted under the contracted branch’s identity.

To leave no doubt, I contacted several patients (after obtaining their consent) whose claims had been linked to these dentists. In recorded phone conversations, they confirmed that their dental services had been provided at the uncontracted branches. This direct patient testimony provided irrefutable evidence of the provider’s scheme.

The provider had treated patients at uncontracted branches while disguising claims as originating from the one contracted location.

Evidence consolidation 

The evidence was overwhelming. Multiple independent lines of proof — receipts, NPHIES ID tracking, invoices, dentist employment patterns, mystery shopper experiences and patient confirmations — all pointed to the same conclusion: The provider had systematically treated patients at uncontracted branches while disguising claims as originating from the one contracted location. Triangulating data from digital and human sources created a comprehensive case file.

Outcome and recovery

I presented the findings to the provider. Faced with indisputable evidence, the provider conceded and entered negotiations with our insurance company. Our company didn’t pursue criminal litigation; instead, the provider’s consequence was financial, and we continued the contractual relationship with it — under close monitoring.

Over the course of a year, the provider had fraudulently billed for approximately 1,300,000 Saudi riyal. Our company recovered 18.5% of the total net claimed amount as it was the percentage of claims we investigated and linked to the fraudulent activity in this case. This outcome was unprecedented for our FWA department. And the case seemingly had a deterrent effect on other providers: After the investigation, providers reduced the number of claims they submitted to my company.

Vigilance and evolution of fraud detection strategies

Our detection of this case illustrates the power of combining regulatory frameworks, digital oversight and innovative investigative techniques in the Saudi health insurance sector. By identifying uncontracted branches masquerading as contracted facilities, our company recovered significant financial losses and reinforced market integrity.

As Saudi Arabia continues to modernize its insurance landscape under the Insurance Authority, this case underscores the importance of vigilance and the continuous evolution of fraud detection strategies. Validating and monitoring our providers’ activities, especially when multiple branches are contracted with insurers, are essential tasks for ensuring compliance. This incident also highlights the need for more robust regulations by the Insurance Authority to specifically address fraudulent behaviors that exploit technical systems like NPHIES. Stronger compliance mechanisms, stricter penalties and clearer operational guidelines could further safeguard the health insurance market and protect policyholders from abuse. 

Ibrahim AlFawaz, MBBS, is the senior manager of fraud, waste and abuse at Al Rajhi Takaful. Contact him at Ibrahim_alfawaz@hotmail.com.