For twenty-four (24) years now the Department of Justice (DOJ) has been in combat against healthcare fraud and abuse through the “Healthcare Fraud and Abuse Control Program” or HCFAC. We can be thankful for HIPAA (Health Insurance Portability Accountable Act) which put in place the national program. The HCFAC program is under the joint direction of the United States Attorney General (AG) and the Health and Human Services (HHS) Secretary. The program also works closely with the Office of Inspector General (OIG) and the Federal Bureau of Investigation (FBI).
Fraudulent and abusive healthcare activities abscond with millions to billions of taxpayer dollars. Some of these fraud and abuse activities are random in nature while others are purposeful and organized schemes. Public and private health plans are included in the HCFAC program with the following goals:
(1) To coordinate federal, state, and local law enforcement efforts relating to health care fraud and abuse with respect to health plans;
(2) To conduct investigations, audits, inspections, and evaluations relating to the delivery of and payment for health care in the United States;
(3) To facilitate enforcement of all applicable remedies for such fraud; and
(4) To provide education and guidance regarding complying with current health care law.
For Fiscal year (FY) 2020, the DOJ annual report on the “Healthcare Fraud and Abuse Control Program” states that about $3.1 billion was deposited within the Department of the Treasury (Treasury) and Centers for Medicare & Medicaid Services (CMS), transferred to other federal agencies administering health care programs, or paid to private persons during the fiscal year. These recoveries partially represent dollars returned to the Medicare Trust Fund ($2. billion), but also include “Relators’ payments”, and Restitution/compensatory damages to Federal agencies.
Criminal and civil investigation and prosecutions for healthcare fraud and abuse for FY2020 resulted in 578 criminal actions and 781 civil actions through HCFAC. The Opioid and COVID-19 pandemic healthcare related fraud issues have been widely made public and have been visible through regular appearances in the news. There has been many other DOJ and Office on Inspector General reports and audits within many sectors of healthcare to help bring attention to healthcare fraud and abuse and the activities and projects to curtail and/or stop it from occurring. For example, the Medicare Part C gross improper payment estimate reported for FY2020 (based on the 2018 payment year data) was 6.78 percent or $16.27 billion. Thus, there continues to be attention drawn to the accuracy of Part C encounter risk scores (which is linked to the Hierarchical Condition Categories or HCC and ICD-10-CM diagnosis codes).
The following is from the report and gives some great insight into the efforts surrounding Contract-level Risk Adjustment Data Validation (RADV) audits. Remember that these audits are CMS’s primary corrective action to recoup overpayments.
RADV uses medical record review to verify the accuracy of enrollee diagnoses submitted by MA organizations for risk adjusted payment. CMS expects payment recovery will have a sentinel effect on risk adjustment data quality submitted by plans for payment because contract-level RADV audits increase the incentive for MA organizations to submit valid and accurate diagnosis information. Contract-level RADV audits also encourage MA organizations to self-identity, report, and return overpayments. In September 2019, CMS launched the payment year 2015 RADV audit. On January 9, 2020, CMS held a contract-level RADV training session for the 2015 payment year audit that included an overview of RADV enrollee data, guidance on preparing and submitting medical records and demonstration of the Central Data Abstraction Tool (CDAT). Due to the COVID-19 PHE, CMS suspended the 2015 audit in March 2020 and resumed it in September 2020. On September 10, 2020, CMS provided a refresher training regarding the payment year 2015 RADV audit that also included updates on enrollee data and how to access systems to submit medical records. The payment year 2014 RADV audit medical record submission phase is complete, and the audit is expected to conclude in FY 2021. CMS expects to start contract-level RADV audits for payment years 2016 and 2017 by fall 2021.
Certainly, we can all be proactive in Risk Adjustment documentation and coding accuracy by conducting our own internal and external audits on Medicare Part C hospital inpatient and outpatient, and physician encounters. This should also include looking closely at the clinical documentation functionality of the electronic health record.
In addition, the following are findings and reports that combat fraud and abuse which are noteworthy in relation to Medicare Advantage Risk Adjustment:
Billions in Estimated Medicare Advantage Payments From Diagnoses Reported Only on Health Risk Assessments Raise Concerns. Billions of estimated MA risk-adjusted payments supported solely through health risk assessments (HRAs) raise concerns about the completeness of payment data submitted to CMS, the validity of diagnoses on HRAs, and the quality of care coordination for beneficiaries. Diagnoses that MA organizations reported only on HRAs—and on no other encounter records in 2016—resulted in an estimated $2.6 billion in risk adjusted payments for 2017. In addition, in-home HRAs generated 80 percent of these estimated payments. Most inhome HRAs were conducted by companies that partner with or are hired by MA organizations to conduct these assessments—and therefore are not likely conducted by the beneficiary’s own primary care provider. 20 MA organizations generated millions in payments from in-home HRAs for beneficiaries for whom there was not a single record of any other service being provided in 2016. (OEI-03-17-00471).
Billions in Estimated Medicare Advantage Payments From Chart Reviews Raise Concerns. Billions of estimated MA risk-adjusted payments supported solely through chart reviews raise potential concerns about the completeness of payment data submitted to CMS, the validity of diagnoses on chart reviews, and the quality of care provided to beneficiaries. Diagnoses that MA organizations reported only on chart reviews—and not on any service records—resulted in an estimated $6.7 billion in risk-adjusted payments for 2017. CMS based an estimated $2.7 billion in risk-adjusted payments on chart review diagnoses that MA organizations did not link to a specific service provided to the beneficiary. Although limited to a small number of beneficiaries, almost half of MA organizations reviewed had payments from unlinked chart reviews where there was not a single record of a service being provided to the beneficiary in all of 2016. (OEI-03-17- 00470)
Across healthcare we often talk about and say that we want and strive to achieve “Revenue Integrity”. For the Centers for Medicare and Medicaid Services or CMS perspective, they define “program integrity” very simply: “pay it right.” Program integrity focuses on paying the right amount, to legitimate providers and suppliers, for covered, reasonable and necessary services provided to eligible beneficiaries while taking aggressive actions to eliminate fraud, waste, and abuse.
According to the annual report the return on investment (ROI) for the HCFAC program over the last three years (2018–2020) is $4.30 returned for every $1.00 expended!! I certainly get a lot out of value reading through this annual report from the Department of Justice (DOJ), which this year is 124 pages in length. The work of this program is making a difference, but we can also do our part on the provider side, so please access this annual report at the following site and learn more: https://oig.hhs.gov/publications/docs/hsfas/FY2020-hcfac.pdf
Discuss this report with your auditing team, consulting firm, and internal staff and then narrow down some auditing targets to address. Remember that we must be proactive rather than reactive when it comes to healthcare compliance, clinical documentation, and coding accuracy.