FWA Investigation Platform
The AEGIS ISD platform provides healthcare fraud investigation teams with a configurable workflow engine, structured evidence management, claims data integration, role-based security, real-time analytics, and embedded AI assistance — all in a multi-tenant cloud architecture built for HIPAA-aligned safeguards.
Core Platform Modules
Six integrated modules that share a unified data model, role-based permissions, and audit-ready logging.
Design investigation workflows with configurable queues, stage deadlines, escalation paths, approval gates, and automated routing rules. Adapt workflows to Medicaid, Medicare, or commercial program requirements without code changes. Dynamic Case Stages add event-triggered conditional stages on top of the primary workflow — stages that activate only when specific evidence is present, a flag is raised, or a prior decision was made — without disrupting the main case lifecycle.
Capture claims records, clinical documents, communications, and investigation notes in structured, searchable case timelines. Every evidence attachment is version-controlled and linked to specific case actions. The Activities Timeline threads case communications, attachments with running counts, evidence updates, status transitions, and reviewer notes into a single audit-ready feed; every entry is timestamped and attributed to an actor.
Support medical necessity reviews with structured documentation checklists, peer reviewer assignments, clinical criteria references, and threaded reviewer discussions. Connect clinical findings directly to investigation outcomes.
Monitor alert conversion rates, investigation cycle times, recovery outcomes, and investigator productivity with live dashboards. Drill down by program, queue, reviewer, and time period.
Connect claims feeds (837/835), provider credentialing databases, member eligibility systems, OIG exclusion lists, SAM databases, and state Medicaid data warehouses through standard APIs and batch import processes.
Apply role-based access control, data retention policies, and immutable audit logging to every platform action. Support HIPAA Security Rule requirements, CMS program integrity guidance, and state regulatory expectations.
Document Management
The AEGIS Drive subsystem is the platform's document layer for claims attachments, clinical documents, correspondence, case summaries, and report exports. Documents live alongside the investigation record they relate to, with role-aware sharing, version history, and audit-logged access.
Every document attaches to one or more investigation records (cases, leads, medical reviews, outcomes, recoveries). Documents inherit the access controls of the records they're attached to, so reviewers see only what their role permits.
Every save creates a new version. Reviewers can diff versions, restore prior versions, and trace edit history across investigators and time. Versions are immutable; restoring a prior version creates a new version pointing to the prior content.
Default permissions follow role-based access. Per-document overrides allow temporary expansion or contraction of access. Time-bound shared links support outside-counsel and regulator review without provisioning new accounts.
Every read, write, share, version retrieval, and link generation is captured in the immutable audit log alongside actor, timestamp, and access path. The same audit trail used for HIPAA compliance evidence covers Drive activity end to end.
Documents are linked into evidence timelines on the case, lead, or medical review they support. The same document can support multiple investigations without duplication, with linkage preserved across exports and methodology PDFs (including SVRS sample-run packages).
Claims PDFs, clinical attachments (HL7, DICOM-link, scanned PDF), correspondence (email exports, demand letters), case summaries, report exports, regulator-submission packages, and any investigator-uploaded artifact. Large attachments stream to object storage with content-hash deduplication.
Rules Engine
The AEGIS Rules Engine is a generic rule core extended by a healthcare fraud plugin. Business users author detection, scoring, routing, and escalation rules without code. A rule run against a claim, lead, or case produces a deterministic, audit-logged decision — ready for downstream SVRS sampling, medical review, or recovery action.
Conditions are expressed as a directed graph against a typed evaluation context. Priority resolution is deterministic; rule outcomes are pure functions of inputs, so the same case evaluated twice produces the same decision unless rules or inputs changed in between.
Bundled rule packs cover upcoding, unbundling, utilization outliers, eligibility/coverage gaps, pharmacy and DME irregularities, and network/Stark/AKS adjacencies. Packs ship with sensible defaults you can tune to your program's risk tolerance.
The AEGIS AI Assistant can suggest new rules from emerging case patterns — for example, when a cluster of cases shows a common provider behavior the existing packs don't cover. Suggestions are always human-approved before activation.
Every rule change creates a new version with an audit-logged actor, timestamp, and rationale. Rollback is one click. Cases evaluated against a rule version retain a permanent reference to that version so historical decisions remain reproducible.
Each rule surfaces hit rate, conversion rate, false-positive rate, average dollar impact, and time-to-determination. Program leaders can prune low-yield rules and double-down on rules that drive recoveries without writing analytics from scratch.
Rule activation requires the appropriate role; rule authors cannot grant themselves expanded permissions; and every rule run is logged against the case audit trail. The full governance model integrates with the platform-wide HIPAA-aligned audit logging described on our Security page.
Architecture
AEGIS ISD's platform architecture addresses the unique requirements of healthcare fraud investigation — multi-tenant data isolation, real-time collaboration, standards-based integration, and cloud-native deployment.
Every organization operates in its own database schema. No shared tables, no cross-tenant queries, no commingled protected health information. This schema-per-tenant architecture supports strong data isolation for healthcare compliance frameworks.
Server-sent events (SSE) deliver live case updates, assignment notifications, and workflow state changes to investigators without page refresh. Teams see case activity as it happens, reducing communication delays.
Every platform capability is accessible through RESTful APIs. Connect claims adjudication systems, provider directories, member eligibility databases, and external intelligence sources through documented, versioned endpoints.
Containerized services deployed on Kubernetes with automated scaling, rolling updates, and infrastructure-as-code provisioning. Designed for high availability and disaster recovery in regulated healthcare environments.
Investigation Lifecycle
The AEGIS ISD platform connects every phase of the healthcare fraud investigation lifecycle, ensuring evidence continuity and audit readiness from initial alert through final resolution.
Normalize claims, provider credentialing, member eligibility, and external intelligence data (OIG exclusion lists, SAM, state databases) into a unified investigation record.
Apply configurable fraud detection rules, risk scoring models, and statistical thresholds to prioritize alerts. Route high-priority signals to the appropriate investigation queue automatically.
Manage evidence collection, clinical peer review, provider outreach, and case determinations in a structured workflow. Every action is logged in an immutable case timeline.
Capture outcomes, overpayment calculations, recovery actions, corrective measures, and regulatory referrals. Export audit-ready case packages for CMS, state MFCU, or internal compliance review.
Investigation Workspace
The AEGIS ISD investigation workspace gives fraud analysts, SIU investigators, and medical reviewers a single operational view of all active cases, evidence, and investigation activity.
Correlate claims, provider, and member signals to identify fraud patterns. Explainable risk scoring shows investigators exactly which indicators triggered an alert and why.
Surface fraud trends, provider outliers, and risk clusters with role-appropriate dashboards for investigators, supervisors, and program leaders.
Design investigation workflows that match your program policies, clinical standards, and SIU procedures without code changes or vendor professional services.
Analyze millions of claims records without sacrificing query speed or investigation responsiveness. Built for the data volumes of large Medicaid and Medicare programs.
Capture every investigation decision, document attachment, communication, and status change in a tamper-proof, chronological case timeline.
Data & Integrations
AEGIS ISD integrates with the claims, provider, member, and external intelligence data sources that healthcare fraud investigation teams depend on. Reduce manual data entry and ensure investigators have complete, current information.
AI-Powered Investigation
AEGIS AI Assistant reads the active case, lead, document, or provider context from the investigator's current screen and provides evidence-linked answers, similarity matches, and recommended next actions. It is not a separate analytics tool — it is built into the investigation workflow.
Question: Find providers with similar billing patterns and highlight fraud risk indicators.
Platform Performance
Improvement in fraud alert accuracy with configurable risk scoring and triage rules.
Reduction in average time from alert to determination with automated workflows.
Cases meeting full documentation standards at the time of final determination.
Increased fraud recovery amounts through earlier detection and structured tracking.
FAQ
AEGIS ISD is built with Java 21 and Spring Boot on the backend, Angular on the frontend, and PostgreSQL for the database. It runs as containerized services on Kubernetes and supports deployment in cloud and on-premise environments.
Each organization operates in its own dedicated database schema. There are no shared tables or cross-tenant queries. This schema-per-tenant architecture is designed to support strong tenant isolation and HIPAA-aligned data segregation.
AEGIS ISD integrates with standard 837 and 835 transaction formats, custom claims feeds, provider credentialing databases, member eligibility systems, OIG exclusion lists, and SAM databases through RESTful APIs and configurable batch import processes.
AEGIS ISD is designed to support customer HIPAA compliance with role-based access control, encryption at rest and in transit, audit logging, and schema-per-tenant data isolation. AEGIS ISD enters into Business Associate Agreements before processing PHI.
Most organizations launch their first program within 90 days following a phased approach: workflow discovery and data integration (weeks 1-4), configuration and testing (weeks 5-8), and user training and go-live (weeks 9-12). Additional programs are added in subsequent phases.
Implementation
Start with fraud detection and triage, then expand into medical review, recovery tracking, and advanced analytics.
