Medical Bill Tamper Detection — Catch Edited Bills
A medical bill PDF can be edited to add a line, change an amount, or invent a procedure — and most insurance reviewers will not notice. Insurance claims adjusters and SIU teams see medical bills attached to most health and disability claims. Expense reimbursement reviewers process medical-related receipts in T&E. Lenders accept medical bills as supporting documents in hardship requests. The fabrication paths are well-known to fraudsters — and the visual layout is convincing enough to pass review.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don't inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated medical bill, we're the most specific tool for it.
When HTPBE? returns INCONCLUSIVE on a medical bill, that's itself a fraud signal in this context — real medical bills always come from clinical billing software (Epic, Cerner, athenahealth, Allscripts, NextGen, eClinicalWorks), never from a desktop tool.
The problem
Modern document fraud is invisible to visual review
A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.
Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.
Common tampering patterns
- Modified balances or totals after export
- Swapped IBAN or beneficiary on invoices
- Post-signature edits on contracts
- Backdated issue and modification dates
- Fabricated documents from consumer PDF tools
What this looks like
How fake and tampered medical bills actually look
Three real fraud mechanics we catch at the structural PDF layer.
Real medical bill edited to add line items
Authentic medical bill from a clinical billing system. The patient or claimant downloads it, opens it in any PDF editor, adds a procedure line or bumps an existing amount, exports as PDF. The producer field changes from the EHR billing engine to whichever editor was used; the xref chain shows an incremental update.
Medical bill fabricated in Word from a template
A medical-bill-shaped PDF authored in Word using a clinic letterhead lifted from a public source, populated with a desired diagnosis, CPT code, and amount, exported. The producer is Microsoft Word; the structured EHR-billing metadata authentic medical bills carry is missing entirely.
Multiple "office visit" bills aggregated to inflate annual claim
Several bills claiming different visit dates are produced in one session to inflate an annual hardship or claim. Cross-document timestamp clustering and font subset consistency reveal that "five different visits" all generated PDFs within minutes of each other.
The scale
Why your existing checks miss this
Claims-platform OCR reads what the bill shows. It does not check the file.
And calling the provider to check is slow and partial.
Claims platforms (Guidewire, Duck Creek, Origami) and OCR-based bill processing tools extract data and apply rules — they cannot tell whether the underlying PDF was issued by a real EHR or fabricated on someone's desktop. Provider fraud detection (calling the clinic to confirm) works but is slow and impractical for high-volume claims. SIU teams investigate downstream, after the claim has already moved through. HTPBE? catches the medical bill PDF the claimant uploaded at the moment of intake — standalone, no EHR integration, no provider call required.
What HTPBE? checks
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature mismatch
Authentic medical bills carry the producer signature of clinical billing software (Epic, Cerner, athenahealth, Allscripts, NextGen, eClinicalWorks, Greenway, Practice Fusion). When the producer is Microsoft Excel, Microsoft Word, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored on a desktop — it didn't come from the EHR.
Incremental update trail
A clean EHR billing export has one cross-reference table. Re-saves through any editor append a second xref — visible structural evidence of post-issuance editing.
Line-item arithmetic fraud detection
Line arithmetic across the bill (line items → subtotal → tax/insurance adjustments → patient responsibility) is checked row by row. Edited line items break the chain unless every dependent figure is also adjusted.
Modification timestamp gap
A real medical bill issued at the time of the visit has CreationDate matching the visit date. A months-later modification on a "freshly issued" bill is a high-confidence flag for post-export editing.
Cross-bill timestamp clustering
When multiple "office visit" bills arrive together, the API surfaces creation timestamps for each. Real visit-by-visit issuance produces dates spread across the claim period; batch-fabricated sets cluster within minutes.
Image-stream artefacts in fabricated headers
Fabricated bills often paste clinic logos lifted from public sites. The pasted image stream carries different compression characteristics than authentic embedded headers — a structural fingerprint of fabrication.
Share with engineering
Wire this into your intake pipeline in under a day
Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.
Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does this work with bills from any EHR or clinical billing system?
How is this different from claims-platform OCR or VRF (Vendor Recovery)?
Can it catch medical bills generated by AI tools?
What does an INCONCLUSIVE verdict mean for a medical bill?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.