Medicare Compliance & Reimbursement

Incidents of fraud have grown alongside beneficiaries’ increasing utilization of MA, and OIG has the authority to investigate not just providers or health plans but entire health systems and the vendors who support the provision of managed care, said Khushwinder Singh, MD, MHA, CRC, in the presentation “How to Build a Robust Managed Care Program” during AAPC’s Collaborative Compliance Conference.

In at least one investigation published so far by OIG, the agency says it evaluated records, especially health records involving high-risk diagnosis codes, showing that the Centers for Medicare & Medicaid Services (CMS) paid Medicare Advantage Organizations (MAO) accordingly but found no evidence of correlating treatment. OIG alleges that one MAO received overpayments from CMS to the tune of several million dollars and recommended that the organization refund CMS $3.1 million. (See the July 2023 report here https://oig.hhs.gov/oas/reports/region7/72001202.asp.)

“This should be concerning to every managed care program. If any program is reporting these diagnosis code categories, you should have a robust compliance system around it,” Singh emphasized.

The OIG has a specific list of diagnoses they’re focused on, which allows some risk mitigation: Stakeholders can identify the “high-risk diagnoses” that OIG is most likely to scrutinize and audit, said Jeff De Los Reyes, MBA, in the same presentation.

Because OIG’s investigations revealed such significant overpayment to health plans, De Los Reyes warns that the agency will follow the money.

“If providers start to take risks … then the OIG can actually go after the providers also. There are actually active cases where they are going for provider groups,” he asked.

Evaluate These Factors

To evaluate your own program, start with fact finding, De Los Reyes said.

Look at these elements:

• Are there network contracts that expect a certain result in financial gain according to Risk Adjustment Factor (RAF) recapture?
• Are your practice’s submissions for MA beneficiaries accurate?
• Who is responsible for the RAF preparation?

Determining and/or delegating the responsibilities of RAF preparation is crucial, De Los Reyes said. Managed care compliance experts and other stakeholders recommend approaching this from a legal perspective because any internal (and certainly external) scrutiny should or will be on the partnership relationships and responsibilities.

“In the end, the health plan is the one submitting for accuracy statements and collecting the money,” Singh said. But the provider agreements support compliance (or noncompliance) because the accurate encounter data submission comes from the providers’ submitted claims. “If they’re partnering in risk relationships, how are they responsible for maintaining accuracy, and what are the tools and resources?” he asked.

Whether your practice is using tools or programs provided by vendors or constructed internally, the resources your organization utilizes need to be compliant. Evaluate whether the programs you’re implementing are good for reporting and oversight and follow the appropriate submission processes. Start asking your organization how you’re incentivizing providers — whether you’re a plan that is incentivizing providers or you’re a provider entering into a contract with payers — and look at any contractual obligations related to risky judgment, De Los Reyes said.

De Los Reyes mentioned two red flags he’s seen recently: 1) A provider incentivized to improve RAF and 2) They’re going to get a sliding scale based on RAF improvement. Such a sliding scale can be misconstrued as paying for codes, he said. “Are you setting providers to pay for or be penalized for having low RAF members?” he asked.

Also audit the diagnosis codes being used. “We always want to see evidence that inaccurate diagnosis codes are always being followed by a ‘delete’ transaction with CMS,” he said. “Plans or providers are obligated to submit a delete to CMS to remove it from the patient’s risk profile.”

Take action: Responsible parties in organizations should be investigating whether incentives are in place and whether those incentives are “perverse,” as a way to artificially inflate RAF, as well as looking at the actual actions and transactions happening.