Presentation on theme: "Guidelines for Addressing Fraud and Abuse in Medicaid Managed Care"— Presentation transcript:
1Guidelines for Addressing Fraud and Abuse in Medicaid Managed Care From the National Medicaid Fraud and Abuse Initiative, 10/2000Deyna Hall, MHD Compliance Officer 3/2005
2SummaryThe purpose of these guidelines is to assist you in preventing, identifying, investigating, reporting and prosecuting fraud and abuse in the Medicaid managed care environment.
3Overview1. Defining fraud and abuse in a Medicaid managed care environment.2. Roles of Medicaid purchasers in controlling fraud and abuse.3. Data needed to detect and prosecute fraud and abuse in managed care.4. Key components of an effective managed care fraud and abuse program.5. Fraud and abuse in managed care contracts, programs, and waivers.
41. Defining fraud and abuse in a managed care environment The first step in combating fraud/abuse is to identify it.Definitions found in 42 CFR 455.2Fraud = “an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person.”
5Definitions (42 CFR 455.2)Fraud = “an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person.”Abuse = “provider practices that are inconsistent with sound fiscal, business or medical practices and result in unnecessary cost to the Medicaid program, or in reimbursement for services that are not medically necessary, or that fail to meet professionally recognized standards for health care. It also includes beneficiary practices that result in unnecessary costs to the Medicaid program.”
6Medicaid Managed Care definitions Medicaid Managed Care Fraud = any type of intentional deception or misrepresentation made by an entity or person in a capitated MCO, PCCM program, or other managed care setting with knowledge that the deception could result in some unauthorized benefit to the entity, himself, or some other person.Can be committed by: an MCO, a contractor, a subcontractor, a provider, a State employee, or a Medicaid beneficiary/enrollee
7Medicaid Managed Care Definitions (continued) Medicaid Managed Care Abuse = practices in a capitated MCO, PCCM program, or the managed care setting, that are inconsistent with sound fiscal, business or medical practices and result in an unnecessary cost to the Medicaid program, or in reimbursement for services that are not medically necessary, or that fail to meet professionally recognized standards of contractual obligations for health care.
8Please note:Medicaid Funds paid to an MCO, then passing on to subcontractors, are still Medicaid funds from a fraud and abuse perspective….
9Fraud/abuse risk areas A. Procurement of the managed care contract.Marketing and enrollmentUnderutilizationClaims submission and billing proceduresFee-for-service fraud in managed careEmbezzlement, theft, and related fee-for-service fraud
10A. Procurement of the managed care contract The incentive may be receipt of payment of money to which the company would not otherwise be entitled.Examples:Falsification of health care provider credentialsFalsification of financial solvencyFalsified or inadequate provider networkFraudulent subcontract (agreement between parties that contains materially misleading information, has been pre- or post-dated and/or contains a forged or unauthorized signature)Fraudulent subcontractorBid-rigging or self-dealingCollusion among providersContracts with related partiesIllegal tying agreements
11B. Marketing and enrollment fraud Generally a “startup” type of fraudIncentive can be found where the MCO has established the practice of paying a fee or bonus for individuals enrolled.All marketing plans and materials need to be approved by the State.
12Marketing/enrollment fraud (continued) Examples:Misrepresentation to beneficiaries (aka “slamming”)Misrepresentation to beneficiaries by charging non-existent fees.Enrolling ineligible individuals.Enrolling nonexistent individuals.Enrolling nonexistent or ineligible family members.“Cherry-picking” or selecting healthier segments of the enrollment population.Kickbacks for referrals.Disenrolling undesirable members.Failing to notify the State of deceased members.Beneficiary enrollment fraud.
13C. UnderutilizationFraud/abuse occurs when an organization shows a pattern of failing to provide its members with medically necessary health care services on a timely basis.Examples:Untimely first contact with clientsUntimely assignment of a primary care physicianDelay in reassigning a PCP upon an individual’s requestDiscouragement of treatment using geographic or time barriersEngagement in any Federally-prohibited activitiesFailure to serve individuals with cultural or language barriersFailure to provide educational servicesFailure to provide outreach and follow-up care or Federally-required referralsFailure to provide court-ordered treatment
14Underutilization (continued) Examples (continued)Defining “appropriateness of care” and/or “experimental procedures” in a manner inconsistent with standards of care.Slow or non-existent drug formulary updatesStrict Utilization Review standardsCumbersome appeal processes for enrollees or providersIneffective grievance processInadequate prior authorization “hotline”Unreasonable prior authorization requirementsDelay or failure of the PCP to perform necessary referrals for additional care.“Gag orders”Incentives to illegally limit services or referralRoutine denial of claims.
15D. Claims Submission and Billing Procedures Examples:Balance billingInflating the bills for services/goods providedDouble-billingImproper coding (upcoding/unbundling)Billing for ineligible consumers or services never renderedInappropriate physician incentive plansReporting phantom visits and improper cost reportingInappropriate cost-shifting to carved outs servicesBeneficiary fraud/abuse
16E. Fee-for-service fraud Can occur if contracts with subcontractors/providers are not capitated and are paid on a fee for service basis.Examples:Billing for unnecessary services/overutilizationDouble billingUnbundlingUpcodingGhost billing/billing for services not provided
17F. Embezzlement, theft and related fee-for-service fraud Diversion of funds for medical services to unnecessary administrative costs“Bust outs” (premiums paid, but MCO claims bankruptcy and avoids paying providers/vendors)
182. Roles of Medicaid Purchasers in Controlling Fraud/Abuse CMSDevelops and implements effective oversight plans to assure that funds are used legitimately.Assures that States have effective program integrity systems in place.Approves State Medicaid Agencies’ MCO contracts.Reviews current laws/regs and develops legislative proposals.Provides technical assistance to StatesAllows considerable flexibility in review/approval of demonstration projectsPromotes exchange of information among statesProvide information and assistance
19State Medicaid Agency Roles Designs/implements cost effective programs to combat fraud/abuseDevelop contract provisions relating to program integrity, and require MCOs to implement program integrity programs.Provides technical assistance to MCOs to identify fraud/abuse, promote best practices in program integrity, and improve program outcomes.Provide periodic training to MCOs.Disseminate information and coordinate efforts and comply with reporting requirements.Procedures to report suspected fraud/abuse to MFCUs and CMS.Audits and contract reviews to assess complianceAnalyze EQRO data to identify potential fraud/abuse issues and inform the MCO and MFCU as appropriate.
20Managed Care Organization Roles Develop comprehensive internal programs to prevent and detect program violations.Recover funds misspent due to fraudulent/abusive actions.Comply with all reporting and other anti-fraud requirementsReports suspected cases of fraud/abuse to the State Medicaid Agency.Submit a certification to the State as to the truth, accuracy, and completes of each submission of their data.Cooperates with MFCUs/DA and other agencies that conduct investigations.Provides for exchange of information and strategies with State, MFCU, DA for addressing fraud/abuse, as well as allowing access to documents and other available information r/t program violations
21Office of the Inspector General (OIG) roles Conducts investigations, audits and evaluations and protects HHS programs/operations against fraud, waste and abuse.Establishes and administers a nationwide Fraud and Abuse Control Program.Coordinates federal, state and local law enforcement programs and the conduct of investigations, audits, evaluations and inspections.Oversees the operation of the Medicaid Fraud Control Units (MFCUs) through their certification process and distribution of Federal matching funds.Authority to exclude from participation individuals/entities determined to pose a risk to the program.Authority to impose civil monetary penalties (CMPs)
223. Data needed to detect and prosecute fraud and abuse in managed care Data can be used to:Monitor service utilization, access to care, quality of careUpdate/evaluate capitation payment ratesMonitor MCO and provider contract performance, and manage and enforce managed care contracts.
23Data Sources and Collection EQRO findingsQA studiesMCO financial, access, quality and grievance reportsEncounter data (most crucial)
24Encounter DataHow an encounter is defined has considerable impact on the content/value of information collected.Standard format for encounter data submission includes: HCFA-1500 for professional services, UB-92 for institutional care, and National Standard Drug Claim Form.Data standards need to be stipulated in the RFP and individual MCO contracts, as well as the frequency that data should be submitted, maximum lag between date of service and encounter data submission, and time lines for correcting and resubmitting rejected claims.
25DataData certification – MCO must attest to the truthfulness, accuracy and completeness of data submitted, each time data is submitted to the State, base d on best knowledge, information and belief, even if the actual provider of services has a Medicaid provider agreement with the state. Apples to related entities, contractors, subcontractors.
26Data 4 potential areas for data integrity breakdown: 1. getting the data into the MCO’s management information system.2. getting the data through the MCO’s MIS3. getting clean data out of the MCO’s MIS and into the State’s MMIS, and4. getting the data through the State’s MMISSystem edits help verify data accuracy and completeness
27Data Data integration Data analysis Monitoring access to services is one process that requires that data be linked to other Medicaid data sourcesData analysisOverutilizationUnderutilizationAppropriate utilization (setting of care)Appropriate utilization (clinical focus area)
284. Key components of an effective managed care fraud and abuse program Formal PlansPreventionCoordinationDetectionEnforcementReporting suspected cases of fraud/abuse
29Formal Plans State Medicaid Agency Fraud and Abuse Plan Outlines all of the State’s fraud and abuse prevention and detection activities, key partners and stakeholders and roles/responsibilities.Outline goals of fraud/abuse effortsOutline measurements to assess progress towards goalsOutlines areas of vulnerability and approaches to addressShould be incorporated into the State’s Quality Improvement StrategyAdequate resources and data systems to manage a successful plan.
30Formal plans MCO Fraud and Abuse Plan Formal commitment to prevent, detect, investigate and report potential fraud and abuse occurrences.Conduct regular reviews/audits of operations to guard against fraud/abuseAssess/strengthen internal controls to ensure claims are submitted and payments made properlyEducate employees, network providers, beneficiaries about what fraud/abuse is and how to report.Organizing resources to respond to complaintsEstablish procedures to process complaintsEstablish procedures for reporting information to the State Medicaid Agency.Develop procedures to monitor service patterns of providers, subcontractors and beneficiaries.
31B. Prevention Provider enrollment and contract requirements Beneficiary provider outreach and educationState hotlines (24-hour toll-free hotline)Assess program vulnerabilitiesIdentify debarred individuals or excluded providers in MCOs (http://www.arnet.gov/epls or
32C. CoordinationMCO networking with MFCU/DA, State Medicaid Agency and EQROState Medicaid Agency Quality Improvement Staff Communication with SURS StaffCoordination of reviews by different entities of same providersCommunication with Medicare and other State Medicaid staffReporting to CMS
33D. Detection Routine reviews on problem areas Validation of managed care service dataRandom reviews and beneficiary interviewsUnannounced site visitsUse of feedback and Quality Improvement
34E. Enforcement SANCTIONS: Suspensions Permissive exclusion by MCO/StatePermissive/mandatory exclusions by the Federal governmentCorrective action plansProsecution by either MFCU or DAOverpayment collectionCivil Monetary PenaltiesTemporary state managementSuspensions in enrollmentDebarmentNon-renewal of contractContract revisionTermination of a managed care entity
35F. Reporting of suspected cases of Medicaid managed care fraud and abuse State MCOs and Medicaid Agencies should have procedures for exchange of information and collaboration among all involved parties to determine the best course of action.
365. Fraud and abuse in managed care contracts, programs and waivers Explicit fraud and abuse measures need to be incorporated into contracts, programs and waivers.States should require MCOs to submit periodic written reports on their fraud and abuse activities, so that these can be monitored and assistance/guidance given as needed.States to provide random medical record review as validation of services provided as reported.States to provide providers and beneficiaries materials that include education about fraud abuse identification and reporting.