The Centers for Medicare & Medicaid Services (CMS) is ratcheting up its efforts to have Medicare Advantage (MA) organizations take more aggressive actions to combat fraud and abuse. These efforts come on the heels of a recent study by the Department of Health and Human Services Office of Inspector General (OIG) examining the vigilance of MA organizations (also known as Part C insurers) in identifying fraud and abuse.
Accordingly, it is imperative for MA organizations to reassess the effectiveness of their compliance programs to detect and prevent fraud and abuse. The reassessment should include evaluating the effectiveness of methods used to identify suspicious claims. Such methods include claims monitoring, prepayment reviews, screening software, hotlines and complaint monitoring. Those organizations relying solely on hotlines and complaints should consider employing other methods; the OIG study found hotlines and complaints were the least effective identification methods.
CMS requires MA organizations to have compliance plans that include measures to detect, correct and prevent fraud, waste and abuse. In addition, compliance plans must include procedures for ensuring prompt responses to detected fraud and abuse, such as conducting timely inquiries, initiating corrective actions (e.g., repayment of overpayments) and voluntarily self-reporting fraud and abuse to CMS. The need for effective compliance plans is critical given that the MA program accounts for almost one-quarter of the more than $500 billion in total Medicare benefit payments. Fraud in the MA program is estimated to be involved in 11 percent of payments.
Fraud and abuse may be committed by MA organizations themselves, within their networks of contracted providers or by beneficiaries. These are some examples of fraud and abuse:
- An MA organization engages in improper marketing and enrollment practices, such as misrepresenting covered benefits to prospective enrollees, or denies payment for Medicare-approved treatment.
- A contracted provider undertreats patients or uses improper coding.
- A beneficiary misrepresents eligibility information to obtain services or stockpiles medications.
The OIG study found, while all MA organizations included in the study had compliance plans, the volume of potential fraud and abuse incidents identified by organizations varied significantly. Nineteen percent of MA organizations did not identify any potential fraud and abuse incidents related to their Part C health benefits and Part D drug benefits. Organizations that identified potential fraud and abuse reported between one incident and 1.1 million incidents. Three MA plans accounted for 95 percent of the total 1.4 million reported incidents. Moreover, not all MA organizations that identified incidents conducted inquiries, initiated corrective actions or referred incidents to regulatory authorities for further investigation.
The findings indicate not all MA organizations have a common understanding of key fraud and abuse terms, including "incident," "inquiry" and "corrective action." To address the findings, the OIG made six recommendations to CMS:
- Audit compliance plans to ensure MA organizations are implementing programs to identify potential fraud and abuse.
- Review MA organizations to determine why certain organizations reported especially high or low volumes of potential fraud and abuse incidents and inquiries.
- Develop specific guidance for MA organizations on defining potential fraud and abuse incidents and inquiries.
- Require MA organizations to report to CMS aggregate data related to their antifraud, waste and abuse activities.
- Develop materials, outreach and education to ensure MA organizations respond appropriately to potential fraud and abuse incidents.
- Require MA organizations to refer to CMS or other appropriate regulatory authorities any potential fraud and abuse incidents that may warrant further investigation.
CMS concurred with the first, third and fifth recommendations. To implement these recommendations, CMS is developing a fraud handbook for MA organizations on detecting and preventing fraud, which will be available in fall 2012. CMS rejected the second recommendation because it does not believe a review of the varying volume of potential fraud and abuse incidents and inquiries is necessary in light of its current compliance plan audits and the age of the 2009 data used in the OIG study. Finally, CMS concurred in part with the fourth and sixth recommendations.
CMS does not now require MA plans to report aggregate data on fraud prevention programs or self-report actual fraud. CMS feels its current compliance plan audits may provide an indication of overall fraud program performance. However, it will explore the option of placing the additional burden on MA organizations of requiring them to report aggregate data on their antifraud activities. Further, CMS will explore requiring MA organizations to self-report potential fraud and abuse incidents.