Medical bill fraud

Medical Bill Tamper Detection — Catch Edited Bills

A medical bill PDF can be edited to add a line, change an amount, or invent a procedure — and most insurance reviewers will not notice. Insurance claims adjusters and SIU teams see medical bills attached to most health and disability claims. Expense reimbursement reviewers process medical-related receipts in T&E. Lenders accept medical bills as supporting documents in hardship requests. The fabrication paths are well-known to fraudsters — and the visual layout is convincing enough to pass review.

~3 sec

per document

35 checks

forensic layers

From $15

per month

1,500+

docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don't inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated medical bill, we're the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a medical bill, that's itself a fraud signal in this context — real medical bills always come from clinical billing software (Epic, Cerner, athenahealth, Allscripts, NextGen, eClinicalWorks), never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered medical bills actually look

Three real fraud mechanics we catch at the structural PDF layer.

Real medical bill edited to add line items

Authentic medical bill from a clinical billing system. The patient or claimant downloads it, opens it in any PDF editor, adds a procedure line or bumps an existing amount, exports as PDF. The producer field changes from the EHR billing engine to whichever editor was used; the xref chain shows an incremental update.

Medical bill fabricated in Word from a template

A medical-bill-shaped PDF authored in Word using a clinic letterhead lifted from a public source, populated with a desired diagnosis, CPT code, and amount, exported. The producer is Microsoft Word; the structured EHR-billing metadata authentic medical bills carry is missing entirely.

Multiple "office visit" bills aggregated to inflate annual claim

Several bills claiming different visit dates are produced in one session to inflate an annual hardship or claim. Cross-document timestamp clustering and font subset consistency reveal that "five different visits" all generated PDFs within minutes of each other.

The scale

$308B+

lost to insurance fraud globally each year

10–15%

of all claims involve some form of document fraud

~3 sec

per medical bill via API

Why your existing checks miss this

Claims-platform OCR reads what the bill shows. It does not verify the file.

And calling the provider to verify is slow and partial.

Claims platforms (Guidewire, Duck Creek, Origami) and OCR-based bill processing tools extract data and apply rules — they cannot tell whether the underlying PDF was issued by a real EHR or fabricated on someone's desktop. Provider verification (calling the clinic to confirm) works but is slow and impractical for high-volume claims. SIU teams investigate downstream, after the claim has already moved through. htpbe? catches the medical bill PDF the claimant uploaded at the moment of intake — standalone, no EHR integration, no provider call required.

Results in under 3 seconds·30 to 1,500+ documents/month·From $15/mo

How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Document types

Medical bill and adjacent healthcare PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

Medical bill PDF (EHR-issued)Hospital discharge summary PDFDiagnostic report PDFPrescription PDFExplanation of Benefits (EOB) PDFInsurance claim form PDFSpecialist invoice PDFPharmacy receipt PDF

What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

Authentic medical bills carry the producer signature of clinical billing software (Epic, Cerner, athenahealth, Allscripts, NextGen, eClinicalWorks, Greenway, Practice Fusion). When the producer is Microsoft Excel, Microsoft Word, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored on a desktop — it didn't come from the EHR.

Incremental update trail

A clean EHR billing export has one cross-reference table. Re-saves through any editor append a second xref — visible structural evidence of post-issuance editing.

Line-item arithmetic verification

Line arithmetic across the bill (line items → subtotal → tax/insurance adjustments → patient responsibility) is verified row by row. Edited line items break the chain unless every dependent figure is also adjusted.

Modification timestamp gap

A real medical bill issued at the time of the visit has CreationDate matching the visit date. A months-later modification on a "freshly issued" bill is a high-confidence flag for post-export editing.

Cross-bill timestamp clustering

When multiple "office visit" bills arrive together, the API surfaces creation timestamps for each. Real visit-by-visit issuance produces dates spread across the claim period; batch-fabricated sets cluster within minutes.

Image-stream artefacts in fabricated headers

Fabricated bills often paste clinic logos lifted from public sites. The pasted image stream carries different compression characteristics than authentic embedded headers — a structural fingerprint of fabrication.

Integrate in minutes

Two HTTP calls to verify any medical bill

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/claimant-medical-bill.pdf"}'

Step 2 — read the verdict

{
  "id": "m1e2d3b4-5i6l-7l8t-9k9z-r1s2t3u4v5w6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Spreadsheet producer detected (Microsoft Excel)",
    "Two cross-reference tables — incremental update",
    "Modification date 3 weeks after creation date"
  ],
  "producer": "Microsoft Excel",
  "creator": "Epic Billing (original)",
  "creation_date": 1707091200,
  "modification_date": 1709078400,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

Original came from Epic Billing. Then three weeks later it was opened in Microsoft Excel and re-saved — adding a second xref table. Verdict: modified at high confidence. The claimant edited a real medical bill after the clinic issued it — likely to add a procedure line or bump an amount.

Get your API key — free test keys included Full API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Yes. The analysis is producer-agnostic — it inspects whichever PDF the claimant submits. Authentic bills from Epic, Cerner, athenahealth, Allscripts, NextGen, eClinicalWorks, Greenway, Practice Fusion, and other major and small EHR systems all carry recognisable producer signatures. Re-saves change those signatures, which htpbe? flags.

OCR-based bill processing extracts data; htpbe? inspects file structure. VRF and downstream recovery happens after the claim moves through. htpbe? catches the file at intake, before adjuster review. Use all three: OCR for data, htpbe? for file integrity, VRF for downstream recovery.

Many AI-generated medical bills carry recognisable producer fingerprints (headless browsers, AI-platform tooling) that distinguish them from authentic EHR exports. htpbe? flags these patterns. For deeper treatment of AI-generated documents, see /ai-generated-document-detection.

htpbe? returns INCONCLUSIVE when a medical bill PDF lacks the institutional metadata that genuine EHR billing exports carry — typically because the file was authored on a desktop with consumer software (Word, Excel, generator-site renderers) rather than exported from an EHR. For medical bills, INCONCLUSIVE is itself a high-confidence fraud signal: a real medical bill from any major or small US/UK/EU clinical system always carries the EHR's producer signature. Treat INCONCLUSIVE on a medical bill as fraud-positive and route the case to provider verification or SIU review before claim payout.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflow View API docs