Kusserow’s Corner: Develop a Defense Strategy to Government Data Mining

Health care compliance is witnessing increasing use of data mining and analysis in government oversight. The days of audit findings for questioned costs arising from traditional HHS Office of Inspector General (OIG) audits based upon chart review and statistical sampling alone is passing. The expansion of data mining and analysis and automated review for throughout the Medicare and Medicaid is now a part of every major Medicare/Medicaid recovery program. Providers should be preparing now for anticipated recovery efforts by the contractors, particularly the Recovery Audit Contractors (RACs). Sitting back hoping they won’t find problems at your institution is not an option. It is time for taking proactive action to reduce the risk of serious interference with your revenue cycle by huge demands from these entities.

Dr. Cornelia Dorfschmid, leading authority on the subject, states “to date, many hospitals do not yet fully grasp the nature and potential impact of data mining on revenue.” At its most basic, data mining and analysis can be defined as the use of techniques and technology to derive or predict patterns from large amounts of data. These results can involve the use of databases, statistics, computer analysis, prior research, and group discussion. Data mining often follows data analysis and relies on models that can be used not only to uncovere specific results (such as an overpayment or “never event”) but to spot and predict the situations surrounding those events in order to increase proactive prevention of the event in the first place.

Not surprisingly, CMS and its contractors have integrated data mining into their enforcement strategy to prevent waste, fraud, and abuse. RACs review Medicare claims to identify over- or underpayments, and receive a percentage of any erroneous payment (under or over) they identify. CMS has continued to provide guidance on the rules that impact the manner by which RACs conduct their work in order to permit them to receive full contingency payments for overpayments they identify. Similarly, Medicaid Integrity Contractors (MIC) that were established through the Deficit Reduction Act (DRA) of 2005 are part of a comprehensive federal strategy to prevent and reduce provider fraud, waste, and abuse in the $300 billion per year Medicaid program. There three types of MICs: Education, Review, and Audit MICs; they work together. Education MICs supply education and resources for providers. Review MICs review the practices of individuals and organizations furnishing Medicaid services to identify questionable claims to receive follow-up review. Audit-and-Identification MICs examine the targeted Medicaid claims and identify overpayments. Review MICs will be using data analysis and data mining techniques on both the national and multi-state level as part of their near and long term approaches.

CMS zone program integrity contractors (ZPICs) are tasked with the goal of aggressively responding to fraud, abuse, and overpayment matters. ZPICs utilize massive databases of Medicare claims and data mining to identify billing patterns and high-risk areas of fraud. Data mining and analysis is a direct part of the ZPIC mission. The coming consolidation of MICs and ZPICs into Unified Program Integrity Contractors (UPICs) will further enable their data mining and fraud analysis tools and techniques beyond just sampling and extrapolation. The worst-case scenario for providers is that the government agencies and contractors will know more about your data, including problems within the data and abnormal payment patterns, than you do—unless you beat them to the punch and know it first. Using appropriate billing monitoring and data mining will do just that.

Government results can be used not only as a template for in-house data mining projects but as a means to an end when re-designing company models, procedures, and systems to meet federal standards. It is imperative that providers keep up to date on the latest published government investigations. Government techniques will be constantly evolving to increase effectiveness, so for a compliance program to truly use internal data mining effectively, it must do what it can to stay one step ahead of published reports. If a new technique, focus area, or formula is part of a government agency investigation involving data mining, a provider might theoretically be on the receiving end of a similar government query.

Dr. Dorfschmid believes it is critical for providers to develop defensive measures and internal control metrics and make an aggressive effort to know their claims data now, such as conducting internal data analysis following the same issue areas that have already proven to be a major return on contractor investment during the pilot period. Providers should also develop a process and tracking system to keep up to date with the latest reports and updates as these data mining programs evolve. With adequate resources, providers can develop and analyze the hypotheses into possible queries and report on their own analysis internally to management officials. Doing this now will be much less costly and time consuming than taking the hard road to defend claims from recovery and fines. Any financial services or business office should have data mining on its agenda. Clues to where these other contractor opportunities exist can be found where they are looking, the OIG and CMS and CMS contractor websites.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow’s Corner Newsletter

Copyright © 2014 Strategic Management Services, LLC. Published with permission.