Each layer adds a dimension of intelligence -- from raw relationship mapping through temporal modeling, physical validation, and graph-based risk scoring. Together they produce a continuously updated integrity signal that scales with the NDIS.
The foundation of CareIntegrity.AI. Instead of storing claims as flat rows in a database, Layer 1 builds a continuously updating knowledge graph of the entire care economy -- mapping every provider, participant, worker, location, and the relationships between them.
Edges represent: service delivery, billing, employment, co-location, shared staffing
Provider A and Provider B appear independent in a relational database. But the Care Graph shows they share 6 workers, operate from the same address, and bill the same 30 participants. They are operationally one entity hiding behind two registrations -- a pattern invisible without graph analysis.
Built on NetworkX with directed weighted edges. Node attributes include geographic coordinates, registration data, and entity metadata. Edge weights represent billing volume, service frequency, and employment strength. The graph updates continuously as new claims data arrives, maintaining a real-time representation of the care economy.
Layer 2 adds the dimension of time. It doesn't just detect anomalies -- it detects drift. Every provider's behaviour is modeled as a monthly fingerprint across 15+ dimensions. When these fingerprints change faster than any legitimate business evolution could explain, the engine identifies structural impossibility.
Sudden billing spike after months of stable behaviour = impossible acceleration signal
Provider PRV-0007 had 5 participants and 2 workers in January. By March, they had 60 participants -- but still only 2 workers. That's a 30:1 participant-to-worker ratio, up from 2.5:1. No legitimate provider can serve 30 participants per worker. The Temporal Engine flags this as structurally impossible -- the billing is fabricated.
A registered Occupational Therapy provider's monthly fingerprint shows their service mix shifting from 90% OT in January to 15% OT / 70% SIL by June. Legitimate providers don't fundamentally change their service category within 5 months. This semantic role shift indicates either a takeover or opportunistic billing fraud.
Layer 3 asks the most fundamental question: "Is this care delivery physically possible?" It enforces the immutable laws of physics -- a person can only be in one place at a time, a day has exactly 24 hours, and travel between locations takes time. Claims that violate these constraints are fabricated, period.
Worker WRK-0005 is billed for a session in Parramatta from 10:00-13:00 and simultaneously billed for a session in Penrith from 10:30-14:00. These locations are 25km apart. The Feasibility Validator flags this instantly -- one of these sessions is fabricated. The worker cannot physically be in both places.
Worker WRK-0013 finishes a session in Liverpool at 14:00 and starts another session in Hornsby at 14:10. These suburbs are 55km apart by road. At 60km/h average urban speed, this journey takes at least 55 minutes. A 10-minute gap is physically impossible -- the Hornsby session is fabricated or the times are falsified.
Layer 4 is where artificial intelligence meets graph theory. Every provider is converted into a high-dimensional behaviour vector (embedding). Graph Neural Network techniques then detect patterns that no human analyst and no rule-based system could find -- collusive clusters, synthetic behaviour patterns, and abnormal network centrality shifts.
Integrates via real-time API or batch pipelines -- no rip-and-replace required.
The Graph AI Risk Engine identifies that Provider PRV-0023 has a cosine similarity of 0.92 with known fraud provider PRV-0003. Their embeddings are nearly identical -- same service mix, same billing patterns, same time-of-day distribution, same geographic spread. PRV-0023 was not previously flagged, but its behaviour DNA is a near-perfect match for a confirmed fraudulent entity. This triggers automatic investigation.