OIG’s Use of IT Improves Oversight Efforts/Fraud Identification

Almost daily the Department of Justice or the HHS Office of Inspector General (OIG) issue a news release on an indictment or conviction of individuals or entities that have committed Medicare and Medicaid fraud. One of the most significant enhancements in the government’s approach to enforcement is the use of information technology. On July 12, 2011, Lewis Morris, Chief Counsel of the OIG testified before the Senate Committee on Homeland Security & Governmental Affairs, Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security on the role new technologies can play in cutting waste and fraud in the federal health care programs. Morris provided several examples of how advanced data analytics are helping OIG conduct risk assessments, identify fraud vulnerabilities, more effectively pinpoint oversight efforts, and significantly reduce the time and resources required for audits, investigations, and other program integrity activities.

OIG’s IT Innovations

Among the examples Morris in which IT has played an important role are:

Data Warehouse. A key component of its strategic use of IT is OIG’s data warehouse, which integrates data from Medicare Parts A, B, and D to develop a more comprehensive picture of beneficiaries’ histories of medical care and providers’ billing patterns. In addition to adding powerful analytic tools, Morris said that the data warehouse has the potential for dramatically improving the timeliness and impact of OIG’s work.  Prior to developing the warehouse, OIG analysts and auditors often waited months to access a data extract from Medicare’s National Claims History, Morris explained. Having the claims data in-house means that OIG no longer compete for time on the CMS mainframe servers and can introduce new data mining tools and other related databases tailored to OIG’s oversight and enforcement work. Data matches that used to take weeks or months to complete are now performed in-house in a matter of hours, Morris noted.

Hospital Audits.  Increased data storage, computer matching, and data analytic capabilities, has increased OIG’s ability to more quickly and efficiently analyze a vast array of hospital data and simultaneously identify multiple compliance risks. Hospitals are now tested against 27 risk areas, thus providing a comprehensive picture of how a hospital is performing and where compliance problems may exist. According to Morris, two years ago, the data analytics would have taken weeks or months to execute. Now, it takes approximately 20 minutes to run the computer program for each hospital. Moreover, by adopting these types of data analytics, hospitals should be able to identify and correct compliance problems before claim submission.

Fraud Investigations. OIG has been able to more quickly identify fraud schemes and trends because of sophisticated data analysis combined with field intelligence and traditional law enforcement techniques, Morris noted. For example, the data-driven approach of the Medicare Fraud Strike Forces pinpoints fraud hot spots through the identification of suspicious billing patterns and targets criminal behavior as it occurs. The Strike Force model has accelerated the government’s response to criminal fraud, decreasing by roughly half the average time from an investigation’s start to the case’s prosecution, Morris said.

Areas of Vulnerability and Challenges

Morris identified electronic health records (EHRs) and security of protected health information as areas of vulnerability. According to Morris, EHRs may facilitate more accurate billing and increased quality of care, but may also facilitate fraudulent billing. Morris also noted that OIG reports have found that there is inadequate protection of patients’ health data at hospitals throughout the country and existing federal standards and certification criteria fail to address important IT security controls.

Morris noted that CMS has launched a new predictive modeling tool like those used for credit card fraud that will eventually allow for improved fraud screening before claims are paid. OIG will be able to utilize the data derived from the predictive modeling to identify emerging fraud trends. He emphasized, however, that health care is very complex and it is difficult to predict and prevent health care fraud relying solely on data analytics. For example, because credit card transactions are typically submitted immediately at the place and time of service, data can be monitored in real time and the transaction hits the credit card company’s database in real time. On the other hand, a health care provider, can bill for a service months after the date of service and the claim may initially meet all the conditions for payment but subsequently is found to be improper. In addition, a health care payor must assess not only whether an item or service was provided as claimed, but also determine whether it is medically necessary. Determining medical necessity often requires information that is not apparent on the face of the claim.

Morris acknowledged that as program integrity efforts become more technology driven, health care fraud will as well. Because evidence of improper behavior may be entirely in electronic form, law enforcement will have to develop new investigation techniques to supplement the traditional methods used to examine the authenticity and accuracy of paper records, he added.