What happened
Cigna’s PxDx system (short for “procedure-to-diagnosis”) flagged claims where a patient’s diagnosis did not match the tests or procedures the company considered appropriate. ProPublica reported in March 2023 that, over a two-month period in 2022, Cigna denied about 300,000 requests for payment through the system, spending an average of 1.2 seconds on each. According to the same investigation, former Cigna doctors described signing off denials in bulk with an electronic signature, and one physician’s signature was reported to have rejected roughly 60,000 claims in a single month, without the individual patient files being opened.
The significance is legal as well as clinical: laws in California and other states require an individual physician review before a claim is denied. The lawsuits that followed allege that PxDx let Cigna reject payments “in batches of hundreds or thousands at a time,” bypassing that review. Cigna disputed the framing, telling reporters that PxDx was “a simple tool to accelerate physician payments” that had been “grossly mischaracterized in the press.”
What an auditable version would have shown
The question a denied patient, or a regulator, asks is whether a qualified person actually reviewed this specific claim, and on what basis. An auditable version records, per denial, whether a human reviewed the file, for how long, what was examined, and the reason for the decision, signed at the moment it was made. A denial that reportedly took 1.2 seconds and opened no record would then be visible as exactly that, individually and in aggregate across hundreds of thousands of decisions, rather than hidden inside a single batch signature.
Where the gap was
The gap was a human signature standing in for a human review that, as alleged, did not occur. A signature is only as good as the process behind it, and here the process was a batch action. A ConductRecord binds each decision to what actually happened: reviewed or not, by whom, for how long, on what evidence, so a signature cannot certify a review that never took place. A MetricRecord computed over those signed records gives a regulator a verifiable view of review times and denial rates across the whole population, the number that turns “individual review” from an assertion into something checkable.
What governance should have looked like
If the law requires an individual review before a denial, the system has to be able to prove one happened, not assert it by applying a signature to thousands of files at once. Record the review, or its absence, for every decision, and let the aggregate be audited. A tool that accelerates payment is unobjectionable; a tool that accelerates denial past the point of review, and cannot show whether any review occurred, is the failure. The record is what separates the two.
The reference implementation of ConductRecord and MetricRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.
Sources
- How Cigna Saves Millions by Having Its Doctors Reject Claims Without Reading Them (ProPublica)
- Cigna accused of using an algorithm to automatically reject patient claims (CBS News)
- Cigna sued over algorithm allegedly used to deny claims (Healthcare Dive)