BP - Health Care Compliance Association
BP - Health Care Compliance Association
BP - Health Care Compliance Association
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
any governmental guidelines for fraud and<br />
abuse programs, but, as shown, there may<br />
be a perception gap regarding reasonableness<br />
that will hopefully be bridged as both<br />
government agencies and plan sponsors<br />
become more experienced in this area. For<br />
example, taken literally, certain aspects of<br />
CMS’ Part D fraud and abuse guidance are<br />
virtually impossible to administer. CMS does<br />
not (and cannot as a practical matter) specify<br />
how and to what extent, for instance, plan<br />
sponsors should “monitor” and “investigate”<br />
downstream entities, such as drug wholesalers<br />
or PBMs. Typically, a plan sponsor will not<br />
have practical or legal access to the books,<br />
records, or data of such downstream entities<br />
nor will it have the expertise to review such<br />
records and data even if it were to have access.<br />
A plan sponsor will typically have little ability<br />
to determine whether a downstream entity<br />
is properly calculating true out-of-pocket<br />
costs for drugs or whether a pharmaceutical<br />
manufacturer’s relationship with a physician<br />
may violate federal law.<br />
Likewise, CMS does not explain how a plan<br />
sponsor might, for example, go about reviewing<br />
or investigating transactions between<br />
pharmaceutical manufacturers and physicians<br />
for purposes of identifying “inappropriate<br />
transactions” or “illegal remuneration<br />
schemes.” Plan sponsors typically do not have<br />
access to information that would allow them<br />
to even begin to identify such transactions or<br />
schemes. Thus, it does not seem reasonable<br />
for CMS to expect significant “monitoring”<br />
or “investigating” of any entities other than<br />
the “first tier” entities with which the plan has<br />
direct day-to-day interaction (e.g., network<br />
pharmacies and physicians). CMS’ expectations<br />
and guidance will likely moderate over<br />
time.<br />
Indeed, HHS-OIG’s audit work tends to<br />
prove that plan sponsors are generally unable<br />
to investigate once-or-more-removed entities<br />
with any vigor. In another October 2008<br />
audit, HHS-OIG reviewed the fraud and<br />
abuse reporting data from 86 plan sponsors<br />
to determine what types of fraud and abuse<br />
the plans were identifying and what they were<br />
doing in response. 25 Although the general<br />
results of this audit are not terribly interesting<br />
— some plans identify and report more<br />
fraud and abuse incidents than others — the<br />
results of the type-of-fraud survey show that<br />
most identified incidents result from “direct”<br />
interaction with the plan sponsor (e.g.,<br />
improper billing being the most prevalent<br />
type of fraud and abuse identified). In<br />
contrast, and unsurprisingly, the plan sponsors<br />
identified very few “downstream” types<br />
of fraud and abuse by entities not in direct<br />
contractual privity with the plan sponsors<br />
such as illegal renumeration, bribes, inappropriate<br />
formulary decisions, manipulation<br />
of “true out-of-pocket costs,” or inappropriate<br />
manufacturer sales techniques.<br />
The most reasonable approach for all fraud<br />
and abuse compliance would seem to be that<br />
exemplified in the Medicaid HMO contractual<br />
language set forth above. It is reasonable<br />
to ask government-contracted plans to monitor,<br />
investigate, and resolve fraud and abuse<br />
issues with their direct networks of providers,<br />
members, or others (e.g., PBM’s) for which<br />
the plan has reasonable access to claims data,<br />
medical records, and similar information. It<br />
is also reasonable to expect that plans analyze<br />
and monitor their claims data for aberrations<br />
or patterns indicative of fraud and abuse.<br />
Indeed, at least based on anecdotal information,<br />
Part D plans seem to be structuring<br />
their fraud and abuse compliance plans<br />
assuming that they are responsible for reasonable<br />
outward-looking fraud and abuse efforts<br />
focused on entities with which the plan has a<br />
direct relationship.<br />
Elements of a reasonable program<br />
CMS and Medicaid programs will continue<br />
to require specific, unique fraud and abuse<br />
program components, but a reasonable<br />
outward- or downstream-looking fraud and<br />
abuse investigation program generally will<br />
include the following, scalable elements:<br />
n Monitoring. A “fraud hotline” for members<br />
and providers to report fraud or abuse<br />
by providers and other downstream entities<br />
will be of obvious utility. Depending<br />
on the size of the plan, a dedicated<br />
Medicare or Medicaid fraud hotline might<br />
be warranted. The hit and miss nature of<br />
relying on ad hoc “tips” or “leads” from a<br />
fraud hotline will not be entirely sufficient<br />
for compliance purposes, however. A plan<br />
will want to demonstrate a regularized,<br />
data-driven monitoring process by which<br />
it looks for aberrational billing patterns<br />
based on recognized pattern-detection<br />
methods, for example, peer-group analysis<br />
(e.g., identifying those physicians who<br />
perform the most services per patient and<br />
conducting further investigation). A plan’s<br />
data analysis should also include a specific<br />
focus on claims or risk areas associated<br />
with government-contracted claims or<br />
members.<br />
n Investigating. Depending on the size of<br />
the plan, a qualified, dedicated investigative<br />
staff may be required. The days of<br />
assigning a provider relations employee<br />
to “follow up” on allegations of provider<br />
fraud are over. The investigative function<br />
should be performed by trained personnel;<br />
the specialized skills necessary for<br />
the function are now widely recognized<br />
and accreditation is becoming the norm.<br />
Again, this is a function that could be outsourced<br />
for smaller plans. For example,<br />
using criteria of years of experience,<br />
continuing education, and an examination,<br />
the National <strong>Health</strong> <strong>Care</strong> Anti-Fraud<br />
Continued on page 60<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
59<br />
March 2009