IDN-001

BPJS Kesehatan DEFRADA ML Fraud Detection in Healthcare Claims (Indonesia)

Download PDF
Indonesia East Asia & Pacific Upper middle income Scaled & Institutionalised Confirmed

BPJS Kesehatan (Badan Penyelenggara Jaminan Sosial Kesehatan), Indonesia

At a Glance

What it does Anomaly and change detection — Compliance and integrity
Who runs it BPJS Kesehatan (Badan Penyelenggara Jaminan Sosial Kesehatan), Indonesia
Programme Jaminan Kesehatan Nasional (JKN) – DEFRADA Fraud Detection System
Confidence Confirmed
Deployment Status Scaled & Institutionalised
Key Risks Operational and system integration risks
Key Outcomes DEFRADA contributed 25-30% of total JKN efficiency gains in 2017 (ISSA gp/173411).
Source Quality 5 sources — News article / media, Report (multilateral / development partner)

BPJS Kesehatan (Badan Penyelenggara Jaminan Sosial Kesehatan), Indonesia's national health insurance administering body, operates DEFRADA (Deteksi Potensi Fraud Dengan Analisa Data Klaim), a machine learning-based fraud detection system designed to identify potentially fraudulent hospital claims submitted under the Jaminan Kesehatan Nasional (JKN) programme. The JKN programme, launched in 2014, is the world's largest single-payer health insurance scheme, covering approximately 270 million participants across Indonesia. DEFRADA was developed in-house by BPJS Kesehatan to address a critical gap: as the JKN programme scaled rapidly, few fraud detection tools existed for the Indonesia-Case Based Group (INA-CBG) case-mix system used to reimburse referral health services, and by the end of 2017 the system was processing over 80.6 million claims submissions annually (ISSA, gp/173411).

DEFRADA analyses structured claims data submitted by hospitals through the INA-CBG case-mix billing system, using data analytics and machine learning algorithms to identify patterns consistent with fraudulent, abusive, or erroneous billing. The system flags claims exhibiting anomalous patterns — such as upcoding of procedures, phantom billing for services not rendered, and manipulation of diagnostic or procedural codes — for human review before reimbursement is authorised. Common fraud patterns detected have evolved over time: in 2023, phantom billing accounted for approximately 40 percent of total fraud cases; in 2024, manipulation of medical procedures (particularly hemophilia therapy claims) represented 52 percent; and in 2025, manipulation of ventilator procedures accounted for 59 percent of cases, with investigations revealing that ICU ventilator claims frequently involved only nasal cannulas or oxygen masks (Kompas, 2025).

The machine learning component of BPJS Kesehatan's fraud detection infrastructure was formally introduced in 2020, building upon an earlier data analytics tool called PIN-F that had been operational since 2014 for automated claims scanning. The ML model was iteratively implemented with a phased scaling approach: beginning with 10 hospitals in 2019, extending to 265 hospitals in 2020, and scaling up to 2,511 hospitals in 2021. By 2021, the artificial intelligence engine screened 5.8 million transactional claims from hospitals, flagging approximately 390,000 transactions for additional review by BPJS Kesehatan verification teams (ISSA, 2022). The system operates within BPJS Kesehatan's Vedika (Verifikasi Digital Klaim) digital claims verification platform, where AI-generated flags inform but do not determine final payment decisions. Flagged claims are reviewed by provincial teams of medical experts who assess clinical necessity and determine whether reimbursement should proceed, be adjusted, or be denied.

BPJS Kesehatan has also deployed biometric authentication (fingerprint scanning) as a complementary fraud prevention measure to verify patient identity at the point of service, ensuring that claims correspond to legitimate patient encounters. The combination of biometric verification at the front end and ML-based claims analytics at the back end creates a layered fraud prevention architecture. Director of Information Technology Wahyuddin Bagenda described the system as performing filtration on claims to produce those eligible for payment, with machine learning studying patterns in submitted claims to minimise fraud potential (ANTARA News, 2020).

In 2017, DEFRADA contributed to cost efficiency gains of approximately 25-30 percent of total efficiency improvements for the JKN programme (ISSA, gp/173411). In 2019, BPJS Kesehatan reported preventing approximately Rp 10.5 trillion (approximately USD 740 million) in fraudulent claims, though actual confirmed fraud cases represented approximately 1 percent of the total programme budget (ANTARA News, 2020). The system's enforcement outcomes have included termination of cooperation agreements with 32 health facilities (26 advanced-level and 6 primary-level) found to have engaged in fraudulent billing practices (Kompas, 2025).

DEFRADA received the ISSA Good Practice Award in 2018 in the Information and Communication Technology category, recognising its innovation in healthcare fraud detection for social security systems. BPJS Kesehatan subsequently won the highest ISSA Good Practice Award for Asia and the Pacific in 2021, with the broader digital transformation programme — including AI-based fraud detection — cited as a contributing factor. The organisation was further recognised at the 17th ISSA International Conference on ICT held in Bali in 2024, where its AI implementations were presented as best practice in social security management.

The regulatory framework governing data protection in Indonesia relevant to this system includes Government Regulation No. 71 of 2019 on Electronic Systems and Transactions and the Personal Data Protection Law (UU PDP) No. 27 of 2022. BPJS Kesehatan's infrastructure processes approximately 1 million transactions daily and is connected to over 23,000 primary healthcare facilities, approximately 3,000 advanced healthcare facilities, and more than 950,000 payment channels across Indonesia. The organisation is also integrated with 15 ministries and institutions, handling over 100 million data flows and transactions daily (Jakarta Post, 2024).

Classifications follow the DCI AI Hub Taxonomy. Hover over field labels for definitions.

AI Capabilities

Anomaly and change detection primaryClassification

Use Cases

Compliance and integrity primaryData quality and anomaly detection

Social Protection Functions

Implementation/delivery chain
Accountability mechanisms primaryManagement of contributions and withdrawals Provision of payments/services
SP Pillar (Primary) The social protection branch: social assistance, social insurance, or labour market programmes. Social insurance
Programme Name Jaminan Kesehatan Nasional (JKN) – DEFRADA Fraud Detection System
Programme Type The type of social protection programme, classified under social assistance, social insurance, or labour market programmes. View in glossary Health Insurance
System Level Where in the social protection system the AI is applied: policy level, programme design, or implementation/delivery chain. View in glossary Implementation/delivery chain
Programme Description Indonesia's Jaminan Kesehatan Nasional (JKN) is the world's largest single-payer national health insurance scheme, covering approximately 270 million participants. Administered by BPJS Kesehatan, the programme reimburses healthcare services through the INA-CBG case-mix system. DEFRADA operates within the Vedika digital claims verification platform, using machine learning to screen hospital claims for potential fraud before reimbursement authorisation.
Implementation Type How the AI output is produced: Classical ML, Deep learning, Foundation model, or Hybrid. Affects validation, compute requirements, and governance profile. View in glossary Classical ML
Lifecycle Stage Current stage in the AI lifecycle, from problem identification through to monitoring, maintenance and decommissioning. View in glossary Monitoring, Maintenance and Decommissioning
Model Provenance Origin of the AI model: developed in-house, adapted from open-source, commercial/proprietary, or accessed via third-party API. View in glossary Developed in-house
Compute Environment Where the AI system runs: on-premise, government cloud, commercial cloud, or edge/device. View in glossary Not documented
Sovereignty Quadrant Classification of data and compute sovereignty: I (Sovereign), II (Federated/Hybrid), III (Cloud with safeguards), or IV (Shared Innovation Zone). View in glossary Not assessed
Data Residency Where the data used by the AI system is stored: domestic, regional, or international. View in glossary Not documented
Cross-Border Transfer Whether data crosses national borders, and if so, whether documented safeguards are in place. View in glossary Not documented
Decision Criticality The rights impact of the decision the AI supports. High criticality requires HITL oversight; moderate requires HOTL; low may operate HOOTL. View in glossary Moderate
Human Oversight Type Level of human involvement: Human-in-the-Loop (active review), Human-on-the-Loop (monitoring), or Human-out-of-the-Loop (periodic audit). View in glossary HITL
Development Process Whether the AI system was developed fully in-house, through a mix of in-house and third-party, or fully by an external provider. View in glossary Fully in-house
Highest Risk Category The most significant structural risk source identified: data, model, operational, governance, or market/sovereignty risks. View in glossary Operational and system integration risks
Risk Assessment Status Whether a formal risk assessment, informal assessment, or independent audit has been conducted for this system. Not assessed
Documented Risk Events In 2025, investigations revealed ICU ventilator claims frequently involved only nasal cannulas or oxygen masks, indicating systematic procedural manipulation. BPJS Kesehatan terminated cooperation agreements with 32 health facilities for fraudulent billing. AI-based claims filtering has generated large numbers of pending claims, requiring hospitals to make additional efforts to clarify flagged cases (Kompas, 2025).

Risk Dimensions

Data-related risks
Representation bias
Governance and institutional oversight risks
Weak documentation or auditability
Model-related risks
Behavioural driftOpacity or limited explainability
Operational and system integration risks
Inadequate real-world validationMonitoring gapThreshold or rule misconfiguration

Impact Dimensions

Autonomy, human dignity and due process
Opaque or unexplained decision
Equality, non-discrimination, fairness and inclusion
Systematic exclusion from benefits or services
Systemic and societal
Erosion of public trust in SP systemIncreased administrative burden on frontline staff
  • Human oversight protocol
CategorySensitivityCross-System LinkageAvailabilityKey Constraints
Beneficiary registries and MISPersonalLinks data across multiple systemsCurrently available and usedJKN participant registry and claims history. BPJS Kesehatan integrated with 15 ministries and institutions, handling 100+ million data flows/transactions daily.
Financial and payments data: programme operationsPersonalSingle source (no linkage)Currently available and usedINA-CBG case-mix claims data submitted by hospitals: diagnostic codes, procedure codes, length of stay, billing amounts, facility identifiers, patient identifiers. Structured electronic claims processed through Vedika digital verification platform.
National ID and biometric databasesSensitiveLinks data across multiple systemsCurrently available and usedBiometric fingerprint data used for patient identity verification at point of service. Linked to JKN participant registry covering ~270 million members.

ANTARA News (2020). 'BPJS Kesehatan gunakan biometrik dan machine learning cegah fraud', ANTARA News, 21 July. Available at: https://www.antaranews.com/berita/1582942/bpjs-kesehatan-gunakan-biometrik-dan-machine-learning-cegah-fraud (Accessed 26 Mar 2026).

View source News article / media

International Social Security Association (2018). 'DEFRADA (Deteksi Potensi Fraud Dengan Analista Data Klaim): The development of a fraud detection tool in hospital services', ISSA Good Practice gp/173411. Geneva: ISSA. Available at: https://ww1.issa.int/gp/173411 (Accessed 26 Mar 2026).

View source Report (multilateral / development partner)

Kompas (2025). 'BPJS Kesehatan Ends Partnerships with 32 Health Facilities to Deter Fraud', Kompas.id. Available at: https://www.kompas.id/artikel/en-berikan-efek-jera-akibat-fraud-bpjs-kesehatan-putus-kerjasama-dengan-32-faskes (Accessed 26 Mar 2026).

View source News article / media

The Jakarta Post (2016). 'BPJS Kesehatan has app to track hospital fraud', The Jakarta Post, 26 August. Available at: https://www.thejakartapost.com/news/2016/08/26/bpjs-kesehatan-has-app-to-track-hospital-fraud.html (Accessed 26 Mar 2026).

View source News article / media

The Jakarta Post (2024). 'BPJS Kesehatan recognized as best practice of world social security', The Jakarta Post, 6 March. Available at: https://www.thejakartapost.com/front-row/2024/03/06/bpjs-kesehatan-recognized-as-best-practice-of-world-social-security.html (Accessed 26 Mar 2026).

View source News article / media
Deployment Status How far the system has progressed into real-world operational use, from concept/exploration through to scaled and institutionalised. View in glossary Scaled & Institutionalised
Year Initiated The year the AI system was first initiated or development began. 2017
Scale / Coverage The scale and geographic or population coverage of the deployment. ML model scaled from 10 hospitals (2019) to 265 hospitals (2020) to 2,511 hospitals (2021). In 2021, AI engine screened 5.8 million transactional claims, flagging 390,000 for review. BPJS Kesehatan connected to 23,000+ primary healthcare facilities, ~3,000 advanced healthcare facilities, and 950,000+ payment channels nationwide. JKN covers ~270 million participants.
Technical Partners External technology vendors, academic partners, or development partners involved. Developed fully in-house by BPJS Kesehatan. No external AI vendor identified in public sources.
Outcomes / Results DEFRADA contributed 25-30% of total JKN efficiency gains in 2017 (ISSA gp/173411). In 2019, BPJS Kesehatan reported preventing approximately Rp 10.5 trillion (~USD 740 million) in fraudulent claims. In 2021, AI engine screened 5.8 million claims and flagged 390,000 for review. Won ISSA Good Practice Award 2018 (ICT category) and highest ISSA Good Practice Award for Asia-Pacific 2021.
Challenges AI-based claim filtering generates substantial volumes of pending claims, creating administrative burden for hospitals required to clarify flagged cases. Fraud patterns continuously evolve (phantom billing, procedural manipulation, ventilator fraud), requiring ongoing model adaptation. Indonesia's healthcare infrastructure spans a vast archipelago with variable connectivity and digital maturity across facilities. The INA-CBG case-mix system's complexity creates opportunities for gaming that require sophisticated detection. Balancing fraud prevention with timely claims processing remains an ongoing operational challenge.

How to Cite

DCI AI Hub (2026). 'BPJS Kesehatan DEFRADA ML Fraud Detection in Healthcare Claims (Indonesia)', AI Hub AI Tracker, case IDN-001. Digital Convergence Initiative. Available at: https://socialprotectionai.org/use-case/IDN-001 [Accessed: 1 April 2026].

Change History

Created 30 Mar 2026, 08:40
by v2-import (import)