Abstract: A device for using rules in the processing of information includes a first interface that allows for secure communications, a first database, a second database, a second interface that allows for secure communications, and a detection component implemented at least partially in hardware, the first interface connecting to the first database, the first database connecting to the detection component, the second database connecting to the detection component, the second interface connecting to the detection component, the second database including a plurality of rule libraries, each rule library, of the plurality of rule libraries, storing a set of related rules, and a plurality of rule engines, each rule engine, of the plurality of rule engines, corresponding to a rule library, of the plurality of libraries, and the detection component including a rule selector, and a rule applicator to apply a selected rule to information.

Abstract: A device may identify information associated with other devices, generate a first value for one or more indicators associated with the information, process, based on providing the information to a rules engine corresponding to a library of rules including the rule and receiving, from the rules engine and based on providing the information to the rules engine, information associated with a second value the information using a rule to generate the second value based on combining the first value with one or more third values, and output information regarding the second value to determine how to process the information.

Abstract: A system for providing secure communications may include a management system to receive first information, the first information being received via a first secure connection, analyze the received information to form analyzed information, and provide the analyzed information, a processor device to receive the analyzed information, the analyzed information being received via a second secure connection between the processor device and the management system, and perform an action based on the analyzed information, and a clearinghouse device to receive second information, the second information being received via a third secure connection between the clearinghouse device and each provider device of a plurality of provider devices, process the second information to form the first information, and provide the first information to the management system via the first secure connection.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A device for using rules in the processing of information includes a first interface that allows for secure communications, a first database, a second database, a second interface that allows for secure communications, and a detection component implemented at least partially in hardware, the first interface connecting to the first database, the first database connecting to the detection component, the second database connecting to the detection component, the second interface connecting to the detection component, the second database including a plurality of rule libraries, each rule library, of the plurality of rule libraries, storing a set of related rules, and a plurality of rule engines, each rule engine, of the plurality of rule engines, corresponding to a rule library, of the plurality of libraries, and the detection component including a rule selector, and a rule applicator to apply a selected rule to information.

Abstract: A device may identify information associated with other devices, generate a first value for one or more indicators associated with the information, process, based on providing the information to a rules engine corresponding to a library of rules including the rule and receiving, from the rules engine and based on providing the information to the rules engine, information associated with a second value the information using a rule to generate the second value based on combining the first value with one or more third values, and output information regarding the second value to determine how to process the information.

Abstract: A system for providing secure communications may include a management system to receive first information, the first information being received via a first secure connection, analyze the received information to form analyzed information, and provide the analyzed information, a processor device to receive the analyzed information, the analyzed information being received via a second secure connection between the processor device and the management system, and perform an action based on the analyzed information, and a clearinghouse device to receive second information, the second information being received via a third secure connection between the clearinghouse device and each provider device of a plurality of provider devices, process the second information to form the first information, and provide the first information to the management system via the first secure connection.

Abstract: A healthcare fraud management system is configured to store multiple rules for detecting healthcare fraud, receive a healthcare claim involving a provider and a beneficiary, and obtain other healthcare fraud information associated with the provider or the beneficiary. The healthcare fraud management system is further configured to select rules, from the multiple rules, based on information associated with the claim, information associated with the provider or the beneficiary, and the other healthcare fraud information. The healthcare fraud management system is also configured to process the healthcare claim using the selected rules to generate a fraud score, and output, prior to payment of the healthcare claim, information regarding the fraud score to a clearinghouse or a claims processor to assist the clearinghouse or the claims processor in determining whether to accept, deny, or review the healthcare claim.

Abstract: A healthcare fraud management system receives healthcare claims, performs data reduction on information associated with the healthcare claims, and processes the reduced information associated with the healthcare claims by using a plurality of rules. The system also generates alarms, for the healthcare claims, based on the processing of the reduced information associated with the healthcare claims, generates scores for the alarms based on one or more predictive modeling rules, and prioritizes the healthcare claims, to create a list of prioritized healthcare claims, based on the generated scores for the alarms corresponding to the healthcare claims. The system further outputs, prior to payment of the healthcare claims, the list of the prioritized healthcare claims to a clearinghouse or a claims processor to assist the clearinghouse or the claims processor in determining whether to accept, deny, or review the healthcare claims.

Abstract: A healthcare fraud management system receives healthcare claims associated with a particular entity, selects rules, from a plurality of rules for detecting healthcare fraud, based on information associated with the healthcare claims, and processes the healthcare claims using the selected rules to generate alarms. The healthcare fraud management system prioritizes, based on the generated alarms, healthcare information associated with the particular entity in relation to healthcare information associated with other entities. The healthcare fraud management system provides for display, prior to payment of the healthcare claims, the prioritized healthcare information associated with the particular entity and the other entities.

Abstract: A healthcare fraud management system receives healthcare claims information associated with a particular entity, and receives historical healthcare information associated with the particular entity. The healthcare fraud management system also performs data mining techniques on the historical healthcare information to produce data mining information associated with the particular entity. The healthcare fraud management system generates reports, associated with the particular entity, based on the healthcare claims information, the historical healthcare information, and the data mining information, and outputs the generated reports to a clearinghouse or a claims processor.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as a rules-based thresholding engine and a profiling engine. The detection layer can include an Artificial Intelligence based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as a rules-based thresholding engine and a profiling engine. The detection layer can include an Artificial Intelligence based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A configurable and scalable rules-based thresholding system, method and computer program product for processing event records includes a core infrastructure and a configurable domain-specific implementation. The core infrastructure is generically employed regardless of the actual type of network being monitored. The domain-specific implementation is provided with user specific data and rules. The core infrastructure includes an event record enhancer which enhances events with additional data and a threshold detector which determines whether an enhanced event record, alone or in light of prior event records, exceeds one or more thresholds. The enhancer can access external databases for additional information related to an event record. In one embodiment, the enhancer generates feature vectors to represent enhanced event records. The threshold detector receives enhanced event records from the event record enhancer.

Abstract: A system, method and computer program product for interactively enhancing and presenting event data includes an enhancing portion and a presentation server. The enhancing portion includes a case enhancer that uses configuration data and an optional rules-based enhancing engine to enhance cases. The case enhancer includes a first informant that retrieves data from external data systems. The presentation server includes a presentation interface which interfaces one or more client workstations with a case data base. The presentation server also includes a second informant which interfaces the presentation interface with external data systems. The presentation server also includes an enforcer which interfaces the presentation interface with external action systems. A multi-level security system controls access to databases, the second informant and to the enforcer. In an exemplary embodiment, the security system includes a core infrastructure and a domain-specific implementation.

Abstract: A fraud detection system is disclosed for telephone PBX calls. The system includes a fraud data server for buffering the call detail records relating to inbound 800 number calls and outbound international calls. A threshold manager is connected at its input to an output of the fraud data server for detecting numerical counts exceeding preselected threshold values, in predetermined fields of the call detail records, and generates an alarm. The output of the threshold manager is connected to an input of the fraud data server for buffering the alarm incident to respective call detail records. A computer workstation is connected to the fraud data server for receiving packets of call detail records relating to alarm data, in a filtered preselected format. The workstation includes a monitor for displaying the alarm data on a graphical interface.

Abstract: Telephone fraud is monitored by effectively interfacing workstations with a fraud data server. Multiple customers may have their respective workstations coupled to the data server with attendant limited access to ensure security. A workstation manager and alarm manager cooperate with a management system database to process login and alarm detail requests from the various workstations. The managers are coupled to a single shared memory. The interface between the workstations and the fraud data server is by means of a message-based interface which standardizes the various functions of the workstation.