Healthcare Fraud and Abuse

Arlington, Virginia—In 2009, the Centers for Medicare & Medicaid Services (CMS) lost an estimated $24.1 billion (7.8%) of the claims it paid to healthcare waste, fraud, and abuse, which helped prompt the government to place more emphasis on curbing the abuses.

According to a session at the Medicaid Managed Care Summit titled Health Care Reform and Its Impact on Fraud & Abuse, agencies in the United States, such as the Office of the Inspector General (OIG), the Department of Justice (DOJ), and the Department of Health and Human Services (DHHS), are working together to recover stolen drugs and medical products, enhance criminal penalties, and improve detection systems. Stuart Freedman, director of compliance at Molina Healthcare of Washington Inc, discussed ways several legislative developments are focusing on decreasing waste, fraud, and abuse. He said that 3% to 10% of every dollar in healthcare spending is lost to waste, fraud, and abuse, with Molina losing $40 million to $70 million per year because of those issues. Mr. Freedman pointed out that the Fraud Enforcement and Recovery Act of 2009 increased oversight on mortgage, securities, and financial institution fraud and was in response to the subprime and economic crisis that the United States faced during that time period. The legislation also expanded the False Claims Act and affected companies that worked with federal healthcare programs.

The Patient Protection and Affordable Care Act, enacted in March 2010, contained provisions to combat healthcare fraud and abuse. Providers are exposed to more scrutiny through fingerprinting, criminal background checks, and database inquiries in multiple states. They are also penalized for making false statements on applications, failing to pay for overpayments, and failing to grant access to the OIG to conduct audits and investigations. Providers, compliance professionals, and attorneys also are now required to enroll in compliance training programs. Furthermore, people convicted of criminal activities now face longer prison terms and fines.

The healthcare reform bill also encouraged Medicare, Medicaid, the Department of Defense, the Department of Veteran Affairs, the Social Security Administration (SSA), and the Indian Health Service to share information such as provider demographics, hospital cost reports, and the SSA’s death master files. On February 2, 2011, CMS issued the final rules on how it will attempt to prevent waste, fraud, and abuse. Providers and suppliers are categorized into 1 of 3 categories based on data pertaining to the risk of fraud: limited, moderate, or high. The limited risk group includes physician or nonphysician providers, hospitals, and medical groups or clinics. They are subject to verification that they meet the federal and state requirements and have a state license, as well as a database check that includes social security number and taxpayer identification number. The moderate-risk group includes mental health agencies, hospice organizations, and outpatient rehabilitation facilities. They are subject to all of the screening requirements that the limited group receives plus an on-site visit. The high-risk group includes prospective home health agencies and providers of prospective durable medical equipment, prosthetics, orthotics, and supplies.

They undergo the same screening requirements as the moderate-risk group. Individuals with a ≥5% ownership stake in the provider or supplier must submit their fingerprints and are subject to a fingerprint-based criminal history record check. In addition, the rules require that providers and suppliers to Medicare or Medicaid must submit a $500 application fee. CMS also has the authority for a temporary payment moratorium of up to 6 months if the agency determines the provider may be at risk for waste, fraud, and abuse. During fraud investigations, payment may be suspended for up to 180 days, according to Mr. Freedman. Mr. Freedman said President Barack Obama and his administration have taken several steps to decrease waste, fraud, and abuse.

In November 2009, President Obama signed Executive Order 13520 that indicated federal government agencies “must make every effort to confirm that the right recipient is receiving the right payment for the right reason at the right time” and “reduce improper payments by intensifying efforts to eliminate payment error, waste, fraud, and abuse.” President Obama’s budget proposal also includes $1.9 billion allocated to detect, recoup, and prevent fraud and abuse. In May 2009, the DOJ and DHHS created the Health Care Fraud Prevention and Enforcement Action Team, a group of federal, state, and local investigators to focus on Medicare fraud. In 2010, CMS created the Center for Program Integrity by combining the Medicare and Medicaid integrity groups. The Center for Program Integrity focuses on all fraud and abuse issues pertaining to national and state Medicare and Medicaid programs. Mr. Freedman suggested that health plans should be proactive in finding ways to detect waste, fraud, and abuse. They can assess the effectiveness of their internal data mining, assess their auditing of providers and recouping of overpayments, and review their Medicare enrollment and marketing processes as well as their oversight of brokers. With the OIG’s role expanding, Mr. Freedman said plans must review how they respond to government requests for data and how they retain their records. Also, because the CMS Recovery Audit Contractors are gaining more authority to identify and recover improper Medicare payments, managed care organizations must review their antifraud effectiveness plans, according to Mr. Freedman.

To ensure they are effective at tracking waste, fraud, and abuse, health plans must first have a compliance program that trains employees and makes them aware of the issues, according to Mr. Freedman. They should also have a code of conduct with policies and procedures; initiate a hotline where employees can report waste, fraud, and abuse without fear of retaliation; have an auditing and monitoring process; establish an investigative process; utilize fraud detection software for data mining; maintain relationships with regulators and law enforcement agencies; and measure and track their results.

Mr. Freedman said organizations must monitor their antifraud and risk assessment strategies, too, by monitoring enforcement actions, identifying risks by speaking with management, monitoring claim edit systems and reimbursement measures, identifying unusual billing patterns, and sharing information and seeking feedback from other health plans’ compliance officers as well as law enforcement agencies. Mr. Freedman outlined possible results of antifraud efforts: organizing reports by line of business, tracking investigations by category and referral source, reporting findings to external agencies, and impacting cost avoidance.