Case Study 2: MedClaim Adjudication Rules Reverse Engineering
The Compliance Mandate
MedClaim's compliance team needed a complete catalog of all adjudication rules for a regulatory audit. The rules existed in two places: the benefit plan documentation (maintained by the business) and the COBOL code (maintained by IT). Nobody knew if they matched.
The Challenge
CLM-ADJUD was 7,200 lines with: - 14 EVALUATE statements - 47 nested IF blocks - 23 PERFORM THRU ranges - Rules accumulated over 20 years by different developers
The Approach
James Okafor (technical) and Sarah Kim (business analyst) worked as a pair.
Pass 1: EVALUATE Extraction (3 days)
Every EVALUATE statement was documented. The largest had 31 WHEN clauses mapping plan types to coverage percentages.
Pass 2: IF Block Extraction (4 days)
Every nested IF containing a financial calculation was analyzed. Some blocks were 40+ lines deep.
Pass 3: Cross-Reference (2 days)
Each rule was linked to its input fields (where data came from) and output effects (what changed as a result).
Pass 4: Business Verification (5 days)
Sarah compared each extracted rule against current plan documentation.
Pass 5: Gap Analysis (1 day)
Rules in documentation with no corresponding code were identified.
Findings
| Category | Count |
|---|---|
| Total rules extracted | 112 |
| Rules matching documentation | 82 (73%) |
| Rules correctly implemented but undocumented | 19 (17%) |
| Rules implementing superseded requirements | 7 (6%) |
| Rules incorrectly implemented | 4 (4%) |
The Critical Discovery
Four rules were incorrect. The most serious: the out-of-pocket maximum for HDHP plans was calculated using the individual limit when it should have used the family limit for family plans. This had been in production for three years, potentially overpaying claims by $2,000-$5,000 per affected member.
Outcome
- Complete 112-rule catalog delivered to compliance
- 7 superseded rules flagged for removal
- 4 incorrect rules fixed with emergency change
- 19 undocumented rules added to plan documentation
- Estimated financial exposure from incorrect rules: $340,000
- Process established for annual rule reconciliation
Discussion Questions
- Why did the incorrect OOP maximum rule go undetected for three years?
- How could automated testing have caught the discrepancy between code and documentation?
- Should rule extraction be an annual process? What would that cost vs. the risk of undiscovered errors?
- How would you organize the 112-rule catalog for ongoing maintenance?