It is not every day that the words “innovative” and “nimble” are used when referring to an agency of the federal government bureaucracy. Yet, after studying the playbook of sophisticated corporations, the Health Care Fraud Prevention and Enforcement Action Team (HEAT), run jointly by the Department of Health and Human Services’ Office of the Inspector General (HHS-OIG) and the Department of Justice (DOJ), is changing this ingrained public perception. Under new authority conferred by the Affordable Care Act (ACA), the DOJ and the HHS-OIG have focused on replacing the slow “pay and chase” model, characterized by prolonged subpoena and account analyses, with real-time data analysis resulting in significantly shorter periods of time between fraud identification, arrest and prosecution, and larger monetary recoveries.
In 2016, DOJ and HHS-OIG issued the annual Health Care Fraud and Abuse Control (HCFAC) Program report showing that for every dollar spent on healthcare-related fraud and abuse investigations through this and other programs in the last three years, the government recovered $6.10.1 “These impressive recoveries,” said former HHS Secretary Kathleen Sebelius in 2014, are due in large part to “the new computer analytics system that detects and stops fraudulent billing before money ever goes out the door.”2
At the 2015 HEAT Takedown Conference in Washington, D.C., current HHS Secretary Sylvia Mathews Burwell extolled the Medicare Fraud Strike Force (a division of HEAT) for “excellent investigative work, which included data analytics combined with real-time field intelligence” resulting in the “largest arrest in [its] history.”3 Most recently, at the 30th Annual National Institute on White Collar Crime, Laura M. Kidd Cordova, Assistant Chief, Criminal Division, Fraud Section, United States Department of Justice, discussed DOJ’s data-driven focus on corporate investigations and extrapolation from statistical samples in False Claims Act litigation.4
These pronouncements evidence a trend that sizable providers, particularly managed care organizations, hospitals and health systems, ancillary service providers, and medical device and drug companies, should reflect upon and address immediately.
Defining “Real-Time Data Analytics” and Recent Applications
The fiscal year (FY) 2015 HCFAC Program report explains that HHS-OIG’s “complex data analysis” tools include “data mining, predictive analytics, trend evaluation, and modeling approaches” that “better analyze and target the oversight of HHS programs.”5 The report further details that HEAT teams “use near-time data” to determine “fraud patterns, identify suspected fraud trends, and to calculate ratios of allowed services as compared with national averages, as well as other assessments.”6 These advanced technologies and techniques, taken from private industry,7 have led to historic efforts to bring innovation to the fight against healthcare fraud.
For example, in announcing the “largest criminal healthcare fraud takedown in the history of the Department of Justice,” Attorney General Loretta E. Lynch described HHS/DOJ’s cutting-edge process: “We obtain and analyze billing data in real-time. We target hot spots—areas of the country and the types of healthcare services where the billing data shows the potential for a high volume of fraud—and we are speeding up our investigations. By doing this, we are increasingly able to stop schemes at the developmental stage, and to prevent them from spreading to other parts of the country.”8 In this case, the data was first compiled by the HHS-OIG in its report titled, Ensuring The Integrity Of Medicare Part D, which helped federal authorities identify “hotspots” of potential billing abuse by area physicians.10 DOJ then investigated the pharmacies supplying those physicians.11 The investigation revealed that 400 pharmacies filled, on average, a massive 62 prescriptions per patient.
Similarly, in March 2015, Dr. Shantanu Agrawal, the deputy administrator and director of Program Integrity for the Centers for Medicare and Medicaid Services (CMS) testified before the House Ways and Means Committee, explaining that CMS uses its Fraud Prevention System (FPS) to “apply advanced analytics on all Medicare fee-for-service claims on a streaming, national basis by using predictive algorithms and other sophisticated analytics to analyze every Medicare fee-for-service claim against billing patterns.”13 CMS announced last summer that it had identified or prevented $820 million in inappropriate payments over the past three years through FPS’s predictive analytics.14
In another case, HHS-OIG detected a healthcare fraud conspiracy through the analysis of aberrational data,15 culminating in the discovery of employees creating “phony medical notes in an attempt to back up the false billing and [forging] doctors’ names on prescriptions and charts.”16
As a final example, in a recent case, in which Ms. Kidd Cordova prosecuted, a former hospital president was sentenced to 45 years in prison for a $158 million Medicare fraud scheme.17 During the Health Care Compliance Association’s 20th Annual Compliance Institute, Assistant Attorney General Leslie R. Caldwell explained that the “catalyst for this investigation was the strike force’s review of aberrant real-time data trends.”18 Ms. Caldwell said that “real-time data analysis . . . has brought several significant benefits to the Medicare Fraud Strike Force[,]” including the ability to “bring cases more quickly,” identify “hot spots at the development stage by identifying data outliers,” and “track existing fraud schemes as they move to new geographic areas.”19
So what does all this mean for providers?
1. Government Sophistication
It is abundantly clear that the use of advanced technology and real-time data analytics is the future of healthcare fraud enforcement. To that end, providers should appreciate that the federal government is on the offensive when it comes to healthcare fraud and that increased use of real-time data analytics will lead to increased investigations and swift prosecutions.
HHS/DOJ will likely continue to expand its real-time data analytic approach. Indeed, HHS-OIG has noted that, “[t]he availability and proactive use of data are essential to identify and address program vulnerabilities; identify providers with questionable billing; and meaningfully target program integrity resources to the areas of greatest vulnerability.”20
Similarly, with the creation of the Chief Data Officer post in late 2014, CMS has indicated that it is committed to using real-time data analytics to identify fraud.21 Niall Brennan, CMS’s first Chief Data Officer, has said in an interview that CMS is “using predictive modeling to identify fraud before it happens” and will be “moving more and more to real-time delivery system monitoring,” such as “tracking readmissions in real time” and “tracking emergency visits in real time.”22
2. Partnership Opportunity
Providers should consider partnering with HHS through the Healthcare Fraud Prevention Partnership (HFPP), which is a voluntary public-private partnership between the federal government, state agencies, law enforcement, private health insurance plans, and healthcare anti-fraud associations.23 HFPP partners “share data and information for purposes of detecting and combating fraud, waste, and abuse in healthcare” and are praised for their assistance and cooperation.24 Ultimately, through the use of real-time data and information exchanges with the private sector, CMS, along with HHS-OIG and the FBI, have secured 200 indictments, informations, and complaints in fiscal year 2015.25
3. Preventative Treatment
Because of increased government sophistication and attention, providers can expect continued scrutiny. To reduce such scrutiny, providers should follow a two-pronged approach: (1) develop a robust compliance program; and (2) be proactive in developing systems that evaluate real-time data.
First, it is as important as ever for providers to maintain robust and up-to-date compliance programs, which, as DOJ has suggested in the latest Corporate Integrity Agreements,26 include:
- Hiring a compliance officer/appointing a compliance committee,
- Developing written standards and policies,
- Implementing a comprehensive employee training program,
- Retaining an independent review organization to conduct annual reviews,
- Establishing a confidential disclosure program, and
- Restricting employment of ineligible persons.
Second, providers should prepare their internal compliance systems to account for the paradigm shift in government oversight by data mining and real-time data analysis. Specifically, it is essential that providers are timely in identifying statistical deviations that may draw the attention of HHS/DOJ. This is particularly true for Medicare and Medicaid providers, who may be audited by CMS Recovery Audit Contractors (RAC) who aggressively use real-time data analytics to find potential fraud, misuse, and/or abuse.27 Providers must have their own robust data systems if they are going to challenge the findings of a RAC. Finally, providers should ask themselves whether their current internal compliance systems can identify patterns that signal external fraud, waste, or abuse. Providers should also query whether routine triggers are in place to keep suspect claims from going out the door to payers.
In sum, the key takeaway for providers is to know what patterns in the data may trigger further investigations and audits and to understand how to head off problems before they occur. By engaging in proactive pattern and compliance data analysis, providers can minimize the effect of any audits that are triggered by patterns in diagnosis, treatment and billing.
Providers should recognize the government’s increasing technological sophistication in analyzing claims. Providers also should evaluate their compliance and oversight programs and identify weaknesses. Finally, providers should determine whether their current internal compliance systems are capable of identifying the statistical anomalies that attract HHS/DOJ’s attention, and immediately develop such systems if none are currently in place. Ultimately, an understanding of HHS/DOJ’s goals and new data analysis tools should encourage providers to be proactive about their own data analysis and remain vigilant in an era of rising enforcement actions.