BP - Health Care Compliance Association

More documents

Recommendations

Info

Increased government oversight of managed care plans ...continued from page 57 content to leave that oversight function to the states for now. Consistent with these federal exhortations, the state-level agencies that directly oversee Medicaid managed care plans typically require those plans to monitor and investigate their provider networks for fraud and abuse. For example, a state Medicaid agency may require, by contract, the following fraud and abuse-related obligations: n Develop a comprehensive internal fraud and abuse program; n Upon a complaint of fraud or abuse or upon identifying any questionable practices, conduct a preliminary review to determine whether in the contractor’s judgment, there is sufficient reason to believe that the provider or enrollee has engaged in fraud or abuse, and where sufficient reason exists, report the matter in writing; n Make diligent efforts to recover improper payments or funds misspent due to fraudulent or abusive actions by the organization or its subcontractors; n Require providers to implement corrective actions or terminate provider agreements, as appropriate; n Submit reports on its fraud and abuse activities; and n Certify in writing on an annual basis that to the best of its (or its designated signatory’s) knowledge, the contractor is in compliance with its contract and is not aware of any instances of fraud and abuse in the program covered by the contract, other than those previously reported in writing. Medicaid managed care fraud and abuse requirements may vary by state, but they will tend to share common elements, and, if anything, they will become more demanding in light of the government’s recent emphasis on curtailing Medicaid fraud and abuse. Practical implications for governmentcontracted plans The practical challenge for many governmentcontracted health plans is implementing a competent fraud and abuse infrastructure, particularly for smaller plans that may not historically have investigated external fraud and abuse with vigor. The not-so-insignificant question of reasonableness remains open as well. As it stands, for example, CMS’ Part D fraud and abuse requirements for plan sponsors are impractical, if not impossible, to meet in certain respects and hopefully, with experience, CMS will recognize this fact. Finally, there are certain elements of an outward-looking fraud and abuse compliance program that, if implemented, should not only meet a government-contracted plan’s compliance obligations, but that also may make sense as a business proposition. The balance of this article addresses each of these practical implications in turn. Implementing an outward-focused program The ease with which a government-contracted health plan can implement a reasonable, compliant fraud and abuse program will vary, obviously, by the size and type of plan. For larger insurers that manage governmentcontract plans alongside other lines of health insurance, compliance with the burgeoning externally-focused fraud and abuse requirements have been, and will be, relatively painless. Most such insurers have established special investigations units (SIU’s), antifraud functions in audit or legal areas, or investigative outsourcing relationships for all of their lines of insurance, and it is not difficult to fold the government-contract business into the plan’s pre-existing antifraud activities. There will be additional, minimallyburdensome reporting obligations, but the antifraud infrastructure will be in place and the incremental cost of government-required fraud and abuse activities will be small. Even though insurers or plans may already have an investigative structure in place, however, there is still a need to develop a government program-specific monitoring and audit plan. For instance, in its recent report on fraud and abuse programs at Part D plans, the GAO noted that only one of five plan sponsors that the GAO reviewed conducted data analysis of Part D claims separate and apart from its “regular” analyses. 23 The implication from this finding is that, at least in the GAO’s view, a plan sponsor’s fraud and abuse program should include a Part D-specific work plan. Smaller or newer government-contracted plans may face a relatively greater challenge in demonstrating a compliant “downstream” fraud and abuse program, because they may not have a dedicated SIU or other antifraud infrastructure in place. To be sure, CMS expressly states that its Part D guidance does not require a health plan to develop an SIU. CMS does require a fraud and abuse program however. 24 In addition to the obvious solution — creating and staffing an SIU — a niche health care fraud investigations outsourcing industry is growing and may be a more financially-viable solution for small to mid-sized health plans. In any case, a program should be established in some demonstrable fashion. Reasonableness of fraud and abuse programs Reasonableness should be a core attribute of March 2009 58 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
any governmental guidelines for fraud and abuse programs, but, as shown, there may be a perception gap regarding reasonableness that will hopefully be bridged as both government agencies and plan sponsors become more experienced in this area. For example, taken literally, certain aspects of CMS’ Part D fraud and abuse guidance are virtually impossible to administer. CMS does not (and cannot as a practical matter) specify how and to what extent, for instance, plan sponsors should “monitor” and “investigate” downstream entities, such as drug wholesalers or PBMs. Typically, a plan sponsor will not have practical or legal access to the books, records, or data of such downstream entities nor will it have the expertise to review such records and data even if it were to have access. A plan sponsor will typically have little ability to determine whether a downstream entity is properly calculating true out-of-pocket costs for drugs or whether a pharmaceutical manufacturer’s relationship with a physician may violate federal law. Likewise, CMS does not explain how a plan sponsor might, for example, go about reviewing or investigating transactions between pharmaceutical manufacturers and physicians for purposes of identifying “inappropriate transactions” or “illegal remuneration schemes.” Plan sponsors typically do not have access to information that would allow them to even begin to identify such transactions or schemes. Thus, it does not seem reasonable for CMS to expect significant “monitoring” or “investigating” of any entities other than the “first tier” entities with which the plan has direct day-to-day interaction (e.g., network pharmacies and physicians). CMS’ expectations and guidance will likely moderate over time. Indeed, HHS-OIG’s audit work tends to prove that plan sponsors are generally unable to investigate once-or-more-removed entities with any vigor. In another October 2008 audit, HHS-OIG reviewed the fraud and abuse reporting data from 86 plan sponsors to determine what types of fraud and abuse the plans were identifying and what they were doing in response. 25 Although the general results of this audit are not terribly interesting — some plans identify and report more fraud and abuse incidents than others — the results of the type-of-fraud survey show that most identified incidents result from “direct” interaction with the plan sponsor (e.g., improper billing being the most prevalent type of fraud and abuse identified). In contrast, and unsurprisingly, the plan sponsors identified very few “downstream” types of fraud and abuse by entities not in direct contractual privity with the plan sponsors such as illegal renumeration, bribes, inappropriate formulary decisions, manipulation of “true out-of-pocket costs,” or inappropriate manufacturer sales techniques. The most reasonable approach for all fraud and abuse compliance would seem to be that exemplified in the Medicaid HMO contractual language set forth above. It is reasonable to ask government-contracted plans to monitor, investigate, and resolve fraud and abuse issues with their direct networks of providers, members, or others (e.g., PBM’s) for which the plan has reasonable access to claims data, medical records, and similar information. It is also reasonable to expect that plans analyze and monitor their claims data for aberrations or patterns indicative of fraud and abuse. Indeed, at least based on anecdotal information, Part D plans seem to be structuring their fraud and abuse compliance plans assuming that they are responsible for reasonable outward-looking fraud and abuse efforts focused on entities with which the plan has a direct relationship. Elements of a reasonable program CMS and Medicaid programs will continue to require specific, unique fraud and abuse program components, but a reasonable outward- or downstream-looking fraud and abuse investigation program generally will include the following, scalable elements: n Monitoring. A “fraud hotline” for members and providers to report fraud or abuse by providers and other downstream entities will be of obvious utility. Depending on the size of the plan, a dedicated Medicare or Medicaid fraud hotline might be warranted. The hit and miss nature of relying on ad hoc “tips” or “leads” from a fraud hotline will not be entirely sufficient for compliance purposes, however. A plan will want to demonstrate a regularized, data-driven monitoring process by which it looks for aberrational billing patterns based on recognized pattern-detection methods, for example, peer-group analysis (e.g., identifying those physicians who perform the most services per patient and conducting further investigation). A plan’s data analysis should also include a specific focus on claims or risk areas associated with government-contracted claims or members. n Investigating. Depending on the size of the plan, a qualified, dedicated investigative staff may be required. The days of assigning a provider relations employee to “follow up” on allegations of provider fraud are over. The investigative function should be performed by trained personnel; the specialized skills necessary for the function are now widely recognized and accreditation is becoming the norm. Again, this is a function that could be outsourced for smaller plans. For example, using criteria of years of experience, continuing education, and an examination, the National Health Care Anti-Fraud Continued on page 60 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 59 March 2009
Page 1 and 2:
Volume Eleven Number Three March 20
Page 3 and 4:
Publisher: Health Care Compliance A
Page 5 and 6:
incrementally, and CMS has made cle
Page 7 and 8: New developments in payment and pub
Page 9 and 10: New developments in payment and pub
Page 11 and 12: of privacy and infliction of emotio
Page 13 and 14: Unauthorized access to protected he
Page 15 and 16: prescient steps we’ve taken. When
Page 17 and 18: tions anytime, anywhere. Third, und
Page 19 and 20: The Jones Day/HCCA iPod ® Nano Giv
Page 21 and 22: RAC demonstrations and inpatient re
Page 23 and 24: RAC program. The documentation of t
Page 25 and 26: ASK LEADERSHIP Compliance Today Nee
Page 27 and 28: YOUR INFORMATION FYIFOR Declining e
Page 29 and 30: sampling methodology is vital in de
Page 31 and 32: Health Care Compliance Association
Page 33 and 34: to earlier concerns over corporate
Page 35 and 36: Executive compensation in troubled
Page 37 and 38: independence for board members in t
Page 39 and 40: 2. The notice included sufficient i
Page 41 and 42: Upcoming Regional Conferences June
Page 43 and 44: operational decision-making process
Page 45 and 46: Standing at the crossroads ...conti
Page 47 and 48: prescription, and lab orders. The e
Page 49 and 50: Telemedecine equipment The technolo
Page 51 and 52: Mandatory Stark reporting: Is a den
Page 53 and 54: Charge Description Master complianc
Page 55 and 56: Increased government oversight of m
Page 57: Medicare Advantage plan sponsors ma
Page 61 and 62: New HCCA Members The Health Care Co
Page 63 and 64: Case Management & Quality Coding, C
show all

BP - Health Care Compliance Association

Create successful ePaper yourself

Delete template?

Save as template?