Compliance is an ever-growing concern for the risk adjustment industry, the elephant in the room addressed in our last blog. Today, compressed timelines, a rise in regulatory oversight, and a dependence on third-party vendors all present plans and providers with new compliance challenges — and risks.
In this piece, we take a high-level look at four government agencies heavily involved in ensuring compliance, and penalizing organizations that do not follow Medicare Advantage (MA) compliance guidelines. We examine their roles and how they are influencing the current industry climate.
1. CMS: The agency responsible for MA
The Centers for Medicare & Medicaid Services (CMS), operating within HHS (the United States Department of Health and Human Services) administers the Medicare Advantage Risk Adjustment program, including administration of audits and where necessary, levying of penalties.
According to the GAO (U.S. Government Accountability Office), CMS estimates that about $16 billion or 9.5% of its payments to Medicare Advantage organizations were improper in 2016. This makes sense, given that only a small percentage of the HCC codes submitted to CMS are reviewed by plans annually and the fact that CMS only audits 5% of MA plans each year.
CMS has a proposed goal to increase this to 100% of plans, a target which continues not to be met (the needle has not moved much past the 5% benchmark). As a result, CMS understandably continues to see increased pressure from legislators, and specifically the GAO to greatly increase its audit and recovery efforts.
In an April letter to CMS Administrator Seema Verma, Senator Chuck Grassley (R-Iowa), wrote,
“By all accounts, risk score gaming is not going to go away. Therefore, CMS must aggressively use the tools at its disposal to ensure that it is efficiently identifying fraud and subsequently implementing timely and fair remedies,”
He continued, “The use of these tools is all the more important as Medicare Advantage adds more patients and billions of dollars of taxpayer money is at stake.”
MA Advantage is indeed popular, and growing fast. Newly released figures indicate that in 2018, the total number of MA programs will increase by 10% to 38,110, and enrollment will increase by 9% to 20 million. We can expect scrutiny of and pressure on MA organizations by CMS to increase as the dollar value associated with these programs rises.
2. The GAO: The congressional watchdog
The GAO is a government agency that audits and investigates the spending of public funds, providing reports to Congress. The GAO has highlighted the need for CMS to elevate its regulation of MA risk adjustment several times.
In an April 2016 report, the organization called for “fundamental improvements” to CMS’s administration of the risk adjustment program. They found that CMS’s methodology “does not result in the selection of contracts for audit that have the greatest potential for recovery of improper payments”. The report stated that CMS has spent about $117 million on the audits, but recouped just under $14 million. It recommended that CMS consider the following tactics:
- Establish requirements for collection and submitting encounter data
- Review health plan’s capabilities to submit data
- Automated checks for completion and accuracy
- Statistical analysis for completion and accuracy
- Review of medical records to verify encounter data
- Summarize findings to provide recommendations to MAO
Another report from January 2017 by the GAO found that CMS had made only “limited progress to validate the completeness and accuracy of Medicare Advantage (MA) encounter data”. The report criticized this slow progress, and called again for the 2014 recommendations to be completed.
In 2017, the GAO also found that:
- RADV audits did not target the plans with highest potential for improper payment
- There were substantial delays in RADV audits in progress, resulting in domino-effect delays of annual RADV audits (2011, 2012, 2013 are still underway)
3. The OIG: Prevents abuse in HHS
The Office of the Inspector General (OIG) safeguards the integrity of the billions of dollars of payments from the federal government to healthcare organizations within HHS. Specifically, the HHS OIG has the responsibility of identifying and combating waste, fraud and abuse in HHS’ programs: Medicare, Medicaid, the Food and Drug Administration, the Centers for Disease Control, the National Institutes of Health, and more.
A prior OIG review found that $20 million of improper payments were made for MA patients who were deceased, and as previously discussed 9.5% of payments to MA organizations were reported by CMS to be improper, largely due to unsupported diagnoses by these MA organizations.
The OIG releases a work plan annually, that outlines various projects including OIG audits and evaluations that are underway or planned to be addressed during the next fiscal year. The Fall 2017 Work Plan for Medicare Advantage plans is below:
OIG Work Plan, Fall 2017:
- OIG reviews CMS’s oversight process of MA encounter data validation
- OIG assesses CMS’s Integrated Data Repository to understand how timely, complete and valid it is
- OIG will conduct medical record reviews to find supporting documentation for diagnoses submitted
- Review results to be released FY 2018
4. The DOJ: Federal law enforcement arm
The Department of Justice (DOJ), the executive department responsible for the enforcement of federal laws and administration of justice, prosecutes cases on behalf of the Federal Government. With regard to MA, the DOJ may handle escalated concerns, and allegations regarding violations of the False Claims Act (FCA), or join a case that otherwise gets on their radar.
Medicare Advantage insurers are required to return overpayments to the government within 60 days of identifying them or they will find themselves in violation of the FCA, and potentially subject to civil lawsuits, triple damages and other penalties.
A worst-case scenario
In a failed DOJ case that had sent shockwaves through the risk adjustment industry, a major national payer had faced allegations of violating the FCA (presenting a false or fraudulent claim for payment or approval). The case was first brought by a whistleblower, and joined by the DOJ, which has opted not to rework and refile the suit after it was dismissed on October 9, 2017.
The suit had exposed the MA organization to well over $1 Billion dollars in potential damages, and though the suit is now abandoned, there are lingering challenges in terms of reputational damage, both within the public arena, and on Capitol Hill. Indeed, regulatory crosshairs have narrowed, and the other organizations listed above are paying closer attention than ever.
In this example, the DOJ had alleged and highlighted that:
The payer’s Chart Review Program since 2010, had data from blind reviews to identify deletions
That their Claims Verification Program
- Was implemented to look both ways and therefore demonstrated a knowledge of accuracy problems with submitted codes. The program was improperly structured to try to save codes, by re-reviewing codes not supported by the initial coder and reflected actual knowledge that invalid codes existed but failed to be deleted.
Provider Focused Validation Programs (Internal Data Validation and Risk Adjustment Coding and Compliance Review)
- Was designed to target outliers, however, but DOJ alleges the program was structured so as to avoid deletes, demonstrating further knowledge of inaccuracy
The collapse of this particular case does not affect a similar parallel whistleblower case that the DOJ joined in February of 2017. The DOJ had asked the court to consolidate the two cases, but the motion was denied. This case now remains ongoing, and while no dollar figure is assigned in the suit by the DOJ, the claimant’s lawyer speculates it could be in the billions.
What does this mean for MA plans?
Putting this all into context: These four agencies create a challenging climate that MA organizations and risk adjustment executives have to monitor and navigate.
MA organizations have no choice but to take compliance seriously — because the organizations charged with aligning the guardrails certainly are. The real challenge though, will be in applying the right tools to do so, and organizations that are ahead of the curve in technology implementation will see the greatest advantage. Mammoth quantities of data will need to be processed to bring the industry up to task, and traditional chart review methodologies just cannot suffice any longer.