Maximum sentence for head of Houston Medicare fraud scheme

Medicare losses of nearly $7 million were acknowledged by two individuals involved in a scheme to defraud the program. They were sentenced to federal prison and ordered to pay restitution, according to the Department of Justice (DOJ). The scheme involved “so-called diagnostic testing labs” in the Houston area which paid Medicaid beneficiaries for use of their Medicare numbers to fraudulently bill Medicare.

A man from California formed 11 diagnostic testing clinics in the Houston area that were used to fraudulently bill Medicare for services and tests that were either not performed or not medically necessary. Co-conspirators were instructed to order ultrasounds, allergy tests, and pulmonary function tests for every beneficiary and to include poor circulation, shortness of breath, heart problems, and allergies on their charts. The other sentenced individual, a woman from Houston, acted as a marketer at seven of the clinics to recruit and pay the Medicare beneficiaries. Marketers were paid $80 to $100 cash, with part of the amount going to the beneficiary and the rest being kept by the marketer. When the first clinic was put under pre-payment review and payments slowed down, the owner recruited others to open new clinics and new bank accounts in their names.

The owner was sentenced to the statutory maximum of 10 years. The marketer was sentenced to 37 months in prison. Two other co-conspirators previously pleaded guilty and are awaiting sentencing.

AGs request Medicaid policy change to fight in-home elderly abuse, neglect

The Centers for Disease Control and Prevention’s (CDC) estimate that one in 10 people aged 65 and over who live at home will become the victim of abuse has drawn the attention of the National Association of Attorneys General (NAAG). Millions of people in this age group are enrolled in Medicaid and the NAAG believes that a change in policy allowing federal funds to investigate more abuse and neglect cases—even those that occur in the home—will help.

Medicaid Fraud Control Units (MFCUs) are charged with investigating and prosecuting state Medicaid provider fraud as well as resident abuse and neglect complaints at Medicaid-funded health care facilities, and can choose to look into complaints at board and care facilities. The MFCUs usually operate within the state attorney general’s office. Because there are strict limitation on the use of MFCU funds to investigate fraud and abuse, the NAAG is now asking Secretary of HHS, Tom Price, to replace or eliminate the “outdated” policies. Instead NAAG provided two recommendations to the Secretary: (1) allow MFCU funds to investigate and prosecute abuse and neglect of Medicaid beneficiaries in non-institutionalized settings; or (2) allow use of MFCU funds to freely screen or review any and all complaints or reports of whatever type, in whatever setting.

The May 10, 1017, letter to Price was signed by attorneys general of 37 states and the District of Columbia. Montana Attorney General Tim Fox noted “abuse and neglect in the home takes many forms, including physical abuse, sexual abuse, and drug diversion. Abuse and neglect is perpetrated by family, friends, and caregivers alike. The requested change in policy would allow our MFCU to investigate reports…regardless of where they reside, whether it’s a home or in a healthcare facility.” David Y. Chin, Attorney General of Hawaii, cited “[the Hawaii MFCU] receives thousands of complaints relating to fraud and abuse and neglect every year…We hope that the federal government will hear our concerns and support our efforts to protect Hawaii’s most vulnerable residents.”

HELP committee advances public health bills

Among a series of bills voted on by the Senate Health, Education, Labor and Pensions (HELP) committee on April 26, 2017 were bills focused on access to medications in emergency situations (Protecting Patient Access to Emergency Medications Act of 2017 (S. 916)) and hearing loss screening for children (Early Hearing Detection and Intervention Act (S. 652)). Also sent to the Senate floor were two other public health bills which would create a national commission on clinical care (S. 920) and better prepare the public health community for Zika and other mosquito-borne diseases (S. 849).

S. 916

The Protecting Patient Access to Emergency Medications Act seeks to amend the Controlled Substances Act to make it easier for first responders and those providing emergency medical services to have access to “time-sensitive and life-saving treatments.” The bill is sponsored by Sen. Bill Cassidy (R-La) and co-sponsored by Sens. Michael F. Bennet (D-Colo), Roy Blunt (R-Mo), and Al Franken (D-Minn).

S. 652

The Early Hearing Detection and Intervention Act is sponsored by Sen. Rob Portman (R-Ohio) and co-sponsored by Sens. Tim Kaine (D-Va), Sheldon Whitehouse (D-RI), John Cornyn (R-Texas, Sherrod Brown (D-Ohio), and Richard Blumenthal (D-Conn). The bill aims to improve state-based efforts to screen newborns, infants, and young children with hearing loss screening and link them to follow-up care if needed by amending sec. 399M of the Public Health Service Act. The Health Resources and Services Administration (HRSA), the Centers for Disease Control and Preventions, and the National Institutes of Health would need to coordinate and collaborate these efforts with those administering such programs as the Medicaid Early and Periodic Screening, Diagnosis and Treatment (EPSDT) program, for example.

OIG reviews MassHealth and its Medicaid data and information system safeguards

MassHealth failed to adequately safeguard data and information systems through its Medicaid Management Information System (MMIS) according to an audit by the HHS’ Office of Inspector General (OIG) undertaken to determine whether Massachusetts safeguarded MMIS data as required under federal requirements.

What is MMIS?

The MMIS is “an integrated group of procedures and computer processing operations (subsystems) developed at the general design level to meet principal objectives” which are: Title XIX program control and administrative costs; service to recipients, providers and inquiries; operations of claims control and computer capabilities; and management reporting for planning and control. States receive 90 percent federal financial participation (FFP) for design, development, or installation of MMIS and 75 percent FFP for operation of state mechanized claims processing and information retrieval systems.

MassHealth MMIS

The Massachusetts Executive Office of Health and Human Services is responsible for administering the state Medicaid program, commonly known as MassHealth, and information technology architecture, maintenance, and support is provided by the Massachusetts Office of Information Technology. Application support is provided through a contract with Hewlett-Packard.

The audit

Audits of information security controls are performed routinely on states’ computer systems used to administer HHS-funded programs and states are required to implement computer system security requirements and review them biennially. The OIG’s audit of MassHealth’s MMIS included MassHealth’s websites, databases, and other supporting information systems. The review was limited to security control areas and controls in place at the time of the visit. Specifically, the OIG looked at MassHealth’s implementation of federal requirements and National Institute of Standards and Technology guidelines regarding: system security plan, risk assessment, data encryption, web applications, vulnerability management, and database applications. Preliminary findings were communicated directly to MassHealth prior to the report’s issuance.

OIG’s findings

The OIG found MassHealth did not safeguard MMIS data and supporting systems as required by federal requirements. Vulnerabilities were discovered related to security management, configuration management, system software controls, and website and database vulnerability scans. Should exploitation of the vulnerabilities have occurred (and there was no evidence that it had), sensitive information could have been accessed and disclosed and operations of MassHealth could have been disrupted. Sufficient controls must be implemented over MassHealth Medicaid data and information systems.

Specific vulnerabilities uncovered were not detailed in the report because of the sensitive nature of the information. However, specific details were provided to MassHealth so it may address the issues. In response to the report, MassHealth described corrective actions it had taken or planned to take in response to the vulnerabilities.