2.1.

Construction of knowledge graph for medical insurance fraud detection

The knowledge graph for medical insurance fraud detection is constructed in this paper based on the actual medical insurance settlement data provided by the medical insurance department in a region of China. The data consists of three data sets. The first data set contains 1.83 million medical expense records. The second data set contains 6.53 million expense detail records. The third data set is the label of insured members reviewed and determined by medical insurance experts. This data covers 20,000 insured members, including 19,000 normal insured members and 1,000 fraudulent insured members. Each medical bill of the insured member is stored as a record in the medical expense data set, and expense details of the bills are stored in the expense detail data set. Two parts of the records can be connected by “SNID”. There are 15 columns in medical expense records, including SNID, PID (ID of insured members), hospital, disease, declaration amount of drug expense, examination expense, treatment expense, operation expense, bed expense, medical material expense and other expense, approval amount of the bill, the amount paid by the individual, the amount paid by medical insurance fund and reimbursement time. There are 5 columns in expense detail records, including SNID, hospital, service (service items covered by medical insurance), unit price, and quantity. For privacy protection, the names of insured members and hospitals have been desensitized.

Knowledge graph has powerful capability of knowledge representation and reasoning¹¹. At present, knowledge graph are actively used in the medical field to process medical data¹². In this paper, the knowledge graph is applied to the processing of medical text data. The text data used in this paper mainly contain three types: hospital, disease, and service. Therefore, the knowledge graph for medical insurance fraud detection is built based on these three columns. The construction of the knowledge graph consists of three steps:

Firstly, entities, attributes, and relationships are extracted from medical text data using natural language processing technology. The knowledge graph is essentially the semantic network that reveals the relationship between entities, consisting of nodes and edges¹³. The entity, attribute, and relationship are the essential elements of the knowledge graph¹⁴. Nodes represent entities, and edges represent relationships between entities.

In this paper, four types of entities are extracted: insured member, hospital, disease, and service. Then, define the ID for each entity as the unique identifier. And the name of the disease and service entity is regarded as the attribute of the entity.

The knowledge graph constructed in this paper aims for the medical insurance fraud detection of insured members, so it is centered on the insured members. Therefore, three relationship types, visit, ill, and serve, are defined between the insured member and other entities, and the triples composed of these three relationships are insured member-visit-hospital, insured member-ill-disease, and insured member-serve-service.

Secondly, the data are organized into the triple, and entity table and relationship table are established. Triple is the general representation form of the knowledge graph, and its forms mainly include entity1-relation-entity2 and entity-attribute-attribute value. The entity table stores entities and their attributes; namely, the triples in the form of entity-attribute-attribute value are stored in the entity table. The relationship table stores the relationship between entities; namely, the triples in the form of entity1-relationship-entity2 are stored in the relationship table. Examples of the entity table are shown in Table 1. Examples of the relationship table are shown in Table 2.

Table 1.

Examples of the entity table.

Table 2.

Examples of the relationship table.

Finally, entities are denoted as nodes for the knowledge graph, relationships are denoted as edges that connect nodes, and Neo4j is used to construct the knowledge graph. The knowledge graph constructed in this paper contains 53,164 nodes and 1209,847 edges, and its scale is shown in Table 3. The visualization function of the Neo4j graph database is used to show a part of the network in the knowledge graph, as shown in Figure 1.

Figure 1.

Part network in the knowledge graph.

Table 3.

The scale of knowledge graph.

2.2.

Feature engineering based on knowledge graph

The data form of knowledge graph is graph, which is generally difficult to be directly used in machine learning. In this paper, we use representation learning to vectorize the knowledge graph, so that the information in the knowledge graph can be used for machine learning.

Representation learning can realize the mapping of high-dimensional graph data to low-dimensional vector, enabling the data to be directly inputted into machine learning while preserving the structure and semantic information in the knowledge graph. Node2vec is an effective and extensible representation learning algorithm, which can reflect network characteristics and node neighbor characteristics. This method integrates two random walk methods of the depth-first walk and breadth-first walk. The sequence obtained by random walk is processed by the method of processing the word vector, and the vector representation of nodes is obtained. In a nutshell, the graph is processed by Node2vec, and a unit vector with dimensions of n for each node in the knowledge graph is obtained. In this paper, the Node2vec is used to obtain the node vector features of insured members by taking the knowledge graph as input and setting n as 30.

To further explore the key information that can be used for medical insurance fraud detection in the knowledge graph, we construct the fraud risk feature for insured members based on the improved LPA.

LPA is a semi-supervised learning algorithm based on the graph, and the basic idea is to predict the label of the unlabeled node from the label of the labeled node. Each node propagates the label to its neighbor nodes according to the similarity. LPA is often used in fraud detection, but it has some limitations. LPA is mainly used in graphs containing only one entity type, as shown in Figure 2a. For example, in telephone fraud detection¹⁵, only one kind of entity is included in the graph. Each entity represents a telephone number, and the connection between entities indicates the call record between two numbers. In this case, LPA can be directly used to judge the labels of unknown numbers. However, in graphs containing multiple entity types, as shown in Figure 2b, LPA cannot be applied directly. Such as in the medical insurance fraud, assuming that the white circle represents the entities of the insured members (B1, B2), the grey circle represents other types of entities (C1-C6) such as hospital, disease, et al. Only the entities of the insured members have labels, other types of entities do not have labels. Different entities of the insured members are not directly connected but indirectly connected by other types of nodes (C4, C5). In this type of graph, LPA cannot be directly applied.

Figure 2.

(a) Graph of single type entity; (b) Graph of multiple types entity.

This paper improves the LPA and applies it to the graph containing multiple entities, and then constructs the fraud risk feature of the insured members. The fraud risk feature S_i of the insured member i with the unknown label is calculated according to the information of the insured members with the known label. The specific methods are as follows:

(1) The similarity between the insured member node i with the unknown label and all other insured member nodes with the known label are calculated. Based on the knowledge graph, the Jaccard similarity coefficient is used to calculate the similarity between the insured member nodes. Assuming that N_i represents the set of nodes directly connected to the insured member node i and N_j represents the set of nodes directly connected to the insured member node j, then the node similarity between the insured member node i and the insured member node j is:

For example, if the node similarity between node B1 and node B2 in Figure 2b is calculated, find the set of nodes directly connected to node B1 is N_B1 = {C1, C2, C3, C4, C5}, and the set of nodes directly connected to node B2 is N_B2 = {C4, C5, C6}, so the intersection of two sets N_B1 ∩ N_B2 = {C4, C5}, the union of two sets N_B1 ∪ N_B2 = {C1, C2, C3, C4, C5, C6}, the similarity of node B1 and B2 is Jaccard(N_B1,N_B2) =|N_B1 ∩ N_B2|/|N_B1 ∩ N_B2|=|{C4,C5}|/|{C1,C2,C3,C4,C5,C6}|= 2/6 = 1/3.

(2) Node similarity is used as the weight in the information propagation of insured members with the known label to insured members with the unknown label, and the fraud risk feature of insured members with the unknown label is calculated. For the insured member node i with the unknown label, finding out k insured member nodes with the known label with the highest similarity is j_m(m = 1,2,…k). The similarity between the node i and the node j_m is taken as the weight of the influence of the node j_m on the label of the node i. The larger the similarity with the node i, the larger the weight on its label.

Based on this, the fraud risk feature S_i of the insured members is constructed for the insured member i, as shown in equation (2). In this formula, y_jm represents the label (0 or 1) of the insured member j_m. The higher the value of S_i, the larger the risk that the insured member i is a fraudulent insured member.

In this part, representation learning is firstly used to transform the knowledge graph for medical insurance fraud detection into the 30-dimensional node vector features of the insured members, which can be directly used in the machine learning model while retaining the structure and semantic relations in the graph. Then, based on the improved LPA, the fraud risk feature of the insured members S_i is constructed, and the key information that can be used to detect the medical insurance fraud in the knowledge graph is further mined.

2.3.

Construction of medical insurance fraud detection model

Aiming to detect more accurately and effectively in medical insurance fraud detection, we not only use the node vector features and the fraud risk feature S_i of insured members constructed based on the knowledge graph, but also construct the expense features which can greatly reflect the behavior of the insured members when building the medical insurance fraud detection model of insured members.

The data collected in this paper contains ten columns of expense data, which can be roughly divided into three categories. The first category is the declared amount of 7 types of expenses, including drug, examination, treatment, operation, bed, medical material, and other expenses. The second category is the approval amount of the bill. The third category is the payment amount of different payment subjects, including the amount paid by the individual and the amount paid by the medical insurance fund.

Each bill is a line of the record in the collected data, and an insured member may have many records. Therefore, the number of bills is counted for each insured member, and the sum, the mean, and standard deviation of each bill are respectively counted for ten columns of expense data. In addition, the proportions of each expense in the sum of this category are calculated respectively for the expenses in the first and third categories. All of these are expense features.

The node vector features of the insured members, the fraud risk feature S_i, and the expense features are integrated, and a total of 71 features of insured members are obtained. These features are integrated with the PID and label of the insured members to obtain the data set D, which is used for medical insurance fraud detection of insured members.

The stratified sampling method is adopted to divide the data set D into train set D_r and test set D_e in the ratio of 8:2 to ensure that the proportion of normal insured members and fraudulent insured members in the train set D_r and test set D_e are consistent with the data set D. Data set D contains 20,000 insured members, including 19,000 normal insured members and 1000 fraudulent insured members. Train set D_r contains 16,000 insured members, including 15,200 normal insured members and 800 fraudulent insured members. The test set D_e contains 4,000 insured members, including 3,800 normal insured members and 200 fraudulent insured members. The train set D_r is used to train the model, and the test set D_e is used to test the effect of the model.

In particular, when constructing the fraud risk feature S_i, the parameter k is set to 64. In the train set, the insured members’ label is known. When constructing the fraud risk for the insured member i in the train set, the node i of the insured member is regarded as the node of the unknown label. And all other nodes of insured member in the train set are regarded as the node of the known label to calculate the fraud risk for the insured member i. In the test set, the label of the insured members is unknown. When constructing the fraud risk for the insured member i in the test set, the node i of the insured member is taken as the node of the unknown label. And all the nodes of insured member in the train set are taken as the nodes of the known label to calculate the fraud risk for the insured member i.

In model training, firstly, the data should be balanced. Medical insurance fraud detection is a typical data imbalance problem. In this paper, the ratio of normal insured members to fraudulent insured members is 19:1. The number of fraudulent insured members is far lower than the number of normal insured members. If the data is not balanced, the effect of the medical insurance fraud detection model will be seriously affected. This paper uses the idea of the EasyEnsemble method to balance the data. Assuming that the majority class samples set in the train set is D₊, the minority class samples set in the train set is D_{_} (|D_{_}| ≪ |D₊|). The D₊ is randomly sampled, which a subset D_+k of the majority class samples with the same number as the minority class samples set D_{_} is sampled, and the balanced subset D_k is obtained by combining D_+k and D_{_}. The process is repeated nine times to obtain nine balanced subsets.

Secondly, nine sample subsets are taken as input respectively, and the machine learning algorithm is used to train the base model M_k (k = 1,2,…,9). XGBoost algorithm is developed based on GBDT, which adds a regularization item to the error function of GBDT to control the complexity of the model, and uses the Random Forest algorithm for reference to support column sampling of data. Compared with other algorithms, XGBoost has better Accuracy and faster running speed. Therefore, we select XGBoost to train the base model.

Finally, according to the voting mechanism (equation (3)), the nine basic models are integrated to obtain the medical insurance fraud detection model of insured members. The process of model construction is shown in Figure 3.

Figure 3.

Flowchart of medical insurance fraud detection model.