On February 24, 2012, the Department of Health and Human Services Office of the Inspector General (OIG) published the results of its study entitled “Medicare Advantage Organizations’ Identification of Potential Fraud and Abuse” (Study) (http://go.usa.gov/UKA). The Study reviewed the reporting by Medicare Advantage (MA) organizations on potential fraud and abuse and the variation in MA organizations’ mandatory compliance programs in measuring the detection, correction, and prevention of fraud, waste, and abuse.

Also on February 24, 2012, the Center for Medicare and Medicaid Services (CMS) released its “Notice of Final Payment Error Calculation Methodology for Part C Medicare Advantage Risk Adjustment Data Validation Contract-Level Audit” (Notice) (http://www.cms.gov/plan-payment/02_paymentvalidation.asp). CMS is taking steps to reduce improper payments and save money for the Medicare program by moving forward with a new initiative to reduce errors through audits of the MA contracts, which will reduce the payment-error rate for the MA program and will recover an estimated $370 million in overpayments for the first audit year.

It is apparent that OIG and CMS are following the old strategy of “follow the money” in turning their attention to potential fraud and abuse in the Medicare Part C and the Medicare Part D programs, since in 2010 the MA program accounted for $115 billion out of the total $504 billion of Medicare expenses.

The Study collected and reviewed data from 170 of the 188 MA organizations offering plans in 2009. The MA organizations reviewed accounted for 94 percent of all Medicare beneficiaries enrolled in MA plans in 2009. The OIG collected and summarized a number of potential fraud and abuse incidents, inquiries, corrective actions, and referrals related to those plans during that year. They also categorized the types of potential fraud and abuse incidents and corrective actions that were reported to CMS by the MA Organizations.

The OIG found that 19 percent of MA organizations did not identify any potential fraud and abuse incidents related to their Part C health benefit and Part D drug benefits during the audited year. There was a wide range in the occurrence of reported incidents among the MA organizations, with reported incidents ranging from one to 1.1 million incidents. Three organizations identified 95 percent of the total 1.4 million reported incidents. The Study attributed the difference in the number of reported incidents among the organizations to how the organizations define “fraud” and “inquiry.”

While CMS requires MA organizations to initiate inquiries and corrective actions where appropriate, the Study found that not all MA organizations took such steps in responding to incidents they identified. The Study found that MA organizations sent 2,656 referrals of potential fraud and abuse incidents to other entities for further investigation in 2009.

As a result of the Study’s findings, OIG recommended that CMS take the following actions: 1) ensure that MA organizations are implementing compliance programs to detect, correct, and prevent fraud, waste, and abuse, as required in their compliance plans to identify all Part C and Part D potential fraud and abuse incidents; 2) review MA organizations to determine why organizations reported especially high or low volumes of potential incidents and inquiries; 3) develop specific guidelines for MA organizations on defining Part C and D fraud and abuse incidents and inquiries; 4) require MA organizations to report to CMS aggregate data related to their Part C and Part D anti-fraud, waste, and abuse activities; 5) ensure that all MA organizations are responding appropriately to potential fraud and abuse incidents; and 6) require MA organizations to refer potential fraud and abuse incidents that may warrant investigation to CMS or other appropriate entities. CMS only concurred with OIG’s first, third, and fifth recommendations.

It is interesting that on the same day that OIG released its Study, CMS announced its new initiative to reduce errors and save money for Medicare by performing new audits of MA contractors to reduce the payment-error rate for the MA program that it estimates will recover approximately $370 million in overpayments for the first audit year alone. CMS Acting Administrator, Marilyn Tavenner, stated, “[F]ighting fraud, improving payment accuracy, and saving money for Medicare is one of our top priorities. CMS will use a new method of auditing Medicare Advantage plans that improves program integrity and reflects public input.”

CMS is required to adjust payment to MA organizations based on the health status of their plan enrollees. The CMS payment adjustment to MA organizations is based on data submitted by the MA organizations. The final audit methodology announced by CMS for the Risk Adjustment Data Validation (RADV) Program aims to further reduce the MA error rate. CMS audit of MA organizations in FY 2010 to FY 2011 had an error rate of 11 percent, down from 14.1 percent in the prior audit.

Pursuant to its Notice, CMS will perform MA contract-level audits on payment year 2011. Payment year 2011 will be the first year for which CMS will conduct payment recovery based on extrapolated estimates. The current plan is for CMS to audit 30 MA contracts each year. The recovery of payment amounts will be subject to a fee-for-service adjuster. The adjuster is necessary because the documentation standard used in RADV audits to determine a contractor’s payment error rate is different from the documentation standard used to develop the Part C risk-adjustment model.

Given the increased governmental focus on potential fraud and abuse in Part C and Part D, MA organizations should review their compliance programs, including policies and procedures for diligently identifying potential fraud and abuse incidents and effectively addressing and correcting such incidents. MA organizations not only must be cognizant of the specific laws and regulations applicable to Medicare Part C and Part D, but also to the general fraud and abuse laws, such as the Anti-Kickback Statute and False Claims Act, which arguably also are applicable to MA organizations.