Kusserow on Compliance: GAO calls for strengthening oversight of Managed Care organizations

Medicaid is a major commitment of federal and state budgets, with total estimated expenditures of $596 billion in fiscal year 2017—expenditures that rival the budget of the Department of Defense. States are permitted wide latitude in the design and implementation of their program. The resulting diversity of the program and its size make the program particularly challenging to oversee at the federal level. The Government Accountability Office (GAO), in testimony before Congress, reported last year that they estimated about $37 billion in improper payments that accounted for about 26 percent of government-wide improper payments. The GAO testimony called for increased oversight of Medicaid providers and managed-care plans, and was critical of the Obama administration’s lax auditing of Medicaid insurers as millions joined the rolls through expansion. During the same hearing, the CMS Administrator responded by reporting the structure of expansion with the 90 percent match and an open-ended entitlement is an incentive for the states to spend more and more.

 

Highlights of GAO recommendations to CMS

  1. Add to clearly establish approval criteria and review processes to ensure supplemental payments of around $50 billion a year are identified and accounted for by states when setting future payment rates.
  2. Ensure demonstrations do not increase federal costs and properly conduct evaluations to increase significant savings and better informed policy decisions.
  3. Improve the Transformed Medicaid Statistical Information System to improve program oversight and collect complete and comparable data from all states.
  4. Conduct a fraud risk assessment and implement a risk-based antifraud strategy for Medicaid.
  5. Increased collaboration with the states is needed to help reduce improper payments.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS increases audits to address Medicaid fraud and abuse

In efforts to prevent Medicaid fraud and reduce improper payments, CMS is in the process of implementing eight “new or enhanced” program integrity initiatives and strategies to address reported billions in improper Medicaid payments. These initiatives include target auditing of selected state programs and known vulnerabilities. The stated aim is to promote transparency and accountability. The CMS announcement noted that Medicaid spending has risen more than 26 percent in the three years leading up to 2017, from $456 to $576 billion. A significant part of the increase was as result of states expanding their Medicaid programs under the Patient Protection and Affordable Care Act (ACA). Most of this increase was covered by the federal government, with its share rising 38 percent, from $263 billion to $363 billion, over the same three-year period. CMS efforts include evaluating the impact of this expansion on program integrity. The announced new initiatives followed a Senate hearing that lambasted CMS, reporting that Medicaid pays out $37 billion a year of improper payments, an increase of 157 percent since 2013.  The new initiatives will be designed to address previously identified activities that harmed Medicaid’s program integrity, and address problems identified by the GAO and OIG and include:

  1. Targeted audits of certain state MCOs. CMS will review financial reports from MCOs in targeted states to ensure they match actual claims experience.
  2. New audits of beneficiary eligibility. States that had OIG reviews of Medicaid beneficiary eligibility will have follow-up determinations reviewed by CMS.
  3. Claims and provider data optimization. CMS will validate the quality and completeness of state-provided data in the Transformed Medicaid Statistical Information System (TMSIS) using data analytics and other techniques to improve data quality and to flag potential problems that require further investigation.
  4. Data analytics pilots. CMS will use analytics and other IT tools on state-provided data to optimize state data to identify areas that need additional investigation.
  5. Provider screening on an opt-in basis. CMS will pilot a plan to screen Medicaid providers on behalf of states, in the belief that centralizing this process will improve efficiency and coordination across Medicare and Medicaid. This, in turn, should reduce state and provider burden, and address one of the biggest sources of error as measured by the Payment Error Rate Measurement (PERM) program.
  6. State-federal data sharing and collaboration. CMS is giving states access to the SSA’s master file of death records to help with managing provider enrollment.
  7. Publicly report state performance. The Medicaid scorecard will indicate how well states perform on certain measures pertaining to their Medicaid programs. This scorecard will include the state’s “integrity performance measures,” such as PERM.
  8. Provider education to reduce improper payments. CMS will bolster education efforts for Medicaid providers to reduce billing errors, including targeting comparative billing reports and provider-facing tools currently in development.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Stark law to undergo interagency review

The CMS Administrator announced plans to convene an inter-agency group to focus on how to minimize the regulatory barriers created by Stark law, which was established in 1989 and underwent expansion in the 1990s. Providers have raised concerns from the beginning of the implementation of the Stark law. The agencies involved in the review will include CMS, OIG, HHS General Counsel, and the DOJ. The Stark law prohibits doctors from referring Medicare patients to hospitals, labs and colleagues with whom they have financial relationships unless they fall under certain exceptions. It also prevents hospitals from paying providers more when they meet certain quality measures, such as reducing hospital-acquired infections, while paying less to those who miss the goals. The result is the law is viewed as making it difficult for physicians to enter innovative payment arrangements because they are not susceptible to fair market value assessment—a Stark requirement. These prohibitions are seen as interfering with key factors related to value-based care. Unlike the Anti-Kickback Statute, which is enforced by the OIG, the Stark law is considered regulatory and falls under CMS jurisdiction. From a regulatory standpoint, there is only so much that CMS can do to make substantive changes. Any real changes in the law will have to come from Congress.

This is not the first time the CMS has tried to move the easing of rules concerning the Stark law.  In 2015, CMS published a Proposed rule relaxing aspects of the Stark law, including easing of some of the strict liability features of the law and CMS’ burden in dealing with the interpretation of key terms, requirements, and other issues. After reviewing an enormous amount of self-disclosures, CMS realized that a large part of the docket involved arrangements that may technically violate the statute but do not actually pose significant risks of abuse. Therefore, it appears that CMS seeks to reduce the number of self-disclosures reported. However, the proposed update is also intended to account for recent changes relating to health care reform and advancements in patient care and payment methodologies. CMS wanted to ensure that Stark does not inhibit Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) reforms and these are the same concerns driving the latest initiative.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Conducting compliance risk assessments

The issue of conducting compliance risk assessments continues to be a challenge for Compliance Officers. In the SAI Global’s ninth annual Compliance Benchmark Survey conducted with Strategic Management Services, nearly four out of ten responding organizations reported that the Compliance Office had responsibility for all risk management, not just for the compliance program.  As with all program managers, Compliance Officers have responsibility for risk management in the areas of their areas of responsibilities. This includes conducting risk assessments as part of ongoing monitoring.  However, there remains a lot of confusion among compliance officers and organizations regarding the whole subject. However, regardless of who assumes the responsibility for assessing risk areas, the subject should begin with how regulatory bodies define risk assessment.

Defining risk assessment 

Federal Regulations. (e) Annual review. The operating organization for each facility must review its compliance and ethics program annually and revise its program as needed to reflect changes in all applicable laws or regulations and within the operating organization and its facilities to improve its performance in deterring, reducing, and detecting violations under the Act and in promoting quality of care  (see 42 C.F.R. 483.85).

US Sentencing Commission Guidelines Manual. 2(a)(5) The organization shall take reasonable steps—(B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program (§8B2.1 Nov. 2016).

OIG Compliance Guidance Documents.  The OIG has in a variety of compliance guidance documents called for compliance risk assessments. For example, in their Compliance Guidance for Nursing Faculties they “recommend that all nursing facilities evaluate their current compliance policies and procedures by conducting a baseline assessment of risk areas, as well as subsequent reevaluations. . .” How a nursing facility assesses its compliance program performance is therefore integral to its success. The attributes of each individual element of a compliance program must be evaluated in order to assess the program’s ‘‘effectiveness’’ as a whole. Examining the comprehensiveness of policies and procedures implemented to satisfy these elements is merely the first step. Evaluating how a compliance program performs during the provider’s day-to-day operations becomes the critical indicator.

When conducting a risk assessment it is necessary to determine the objectives. The following relates to ideas and tips concerning compliance program risk assessment.

Compliance program risk assessment objectives

  • Verify all the elements of the compliance program have been implemented
  • Determine whether all the elements are functioning as planned
  • Evaluate the documentation evidencing effectiveness of the program
  • Identify compliance program strengths, as well as areas warranting improvement
  • Develop a work plan to measure program improvements and address any weaknesses

Questions to ask about compliance risk areas

  • Were levels of risk and vulnerabilities assigned?
  • Is there an annual work plan to address identified high-risk areas?
  • Are their internal controls and policies addressing high-risk areas?
  • Are policies periodically reviewed and updated?
  • Do policies address applicable regulations, recent OIG Work Plans, etc?
  • Were compliance-related policies distributed to all covered persons?
  • Is there a Code of Conduct that provides compliance guidelines for employees?
  • Do employees signed receipt evidencing receipt of Code of Conduct?
  • What evidence is there that employees were trained on the Code and policies?
  • What evidence exist that employees understood and remembered lessons?

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.