Kusserow on Compliance: CMS increases audits to address Medicaid fraud and abuse

In efforts to prevent Medicaid fraud and reduce improper payments, CMS is in the process of implementing eight “new or enhanced” program integrity initiatives and strategies to address reported billions in improper Medicaid payments. These initiatives include target auditing of selected state programs and known vulnerabilities. The stated aim is to promote transparency and accountability. The CMS announcement noted that Medicaid spending has risen more than 26 percent in the three years leading up to 2017, from $456 to $576 billion. A significant part of the increase was as result of states expanding their Medicaid programs under the Patient Protection and Affordable Care Act (ACA). Most of this increase was covered by the federal government, with its share rising 38 percent, from $263 billion to $363 billion, over the same three-year period. CMS efforts include evaluating the impact of this expansion on program integrity. The announced new initiatives followed a Senate hearing that lambasted CMS, reporting that Medicaid pays out $37 billion a year of improper payments, an increase of 157 percent since 2013.  The new initiatives will be designed to address previously identified activities that harmed Medicaid’s program integrity, and address problems identified by the GAO and OIG and include:

  1. Targeted audits of certain state MCOs. CMS will review financial reports from MCOs in targeted states to ensure they match actual claims experience.
  2. New audits of beneficiary eligibility. States that had OIG reviews of Medicaid beneficiary eligibility will have follow-up determinations reviewed by CMS.
  3. Claims and provider data optimization. CMS will validate the quality and completeness of state-provided data in the Transformed Medicaid Statistical Information System (TMSIS) using data analytics and other techniques to improve data quality and to flag potential problems that require further investigation.
  4. Data analytics pilots. CMS will use analytics and other IT tools on state-provided data to optimize state data to identify areas that need additional investigation.
  5. Provider screening on an opt-in basis. CMS will pilot a plan to screen Medicaid providers on behalf of states, in the belief that centralizing this process will improve efficiency and coordination across Medicare and Medicaid. This, in turn, should reduce state and provider burden, and address one of the biggest sources of error as measured by the Payment Error Rate Measurement (PERM) program.
  6. State-federal data sharing and collaboration. CMS is giving states access to the SSA’s master file of death records to help with managing provider enrollment.
  7. Publicly report state performance. The Medicaid scorecard will indicate how well states perform on certain measures pertaining to their Medicaid programs. This scorecard will include the state’s “integrity performance measures,” such as PERM.
  8. Provider education to reduce improper payments. CMS will bolster education efforts for Medicaid providers to reduce billing errors, including targeting comparative billing reports and provider-facing tools currently in development.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ establishes new Medicare Strike Force for the Newark/Philadelphia area

The DOJ announced the formation of the Newark/Philadelphia Regional Medicare Fraud Strike Force (Regional Strike Force). The Strike Force operations are part of a joint initiative between the DOJ and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. Since its inception in March 2007, the prosecutors in the 10 Medicare Fraud Strike Force locations have charged over 3,700 defendants who collectively have falsely billed the Medicare program for over $14 billion. The new Strike Force will focus its efforts on aggressively investigating and prosecuting cases involving fraud, waste, and abuse within the federal health care programs, and cases involving illegal prescribing and distribution of opioids and other dangerous narcotics. Prior to the announcement, there were only 10 cities that had such tasks forces.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Stark law to undergo interagency review

The CMS Administrator announced plans to convene an inter-agency group to focus on how to minimize the regulatory barriers created by Stark law, which was established in 1989 and underwent expansion in the 1990s. Providers have raised concerns from the beginning of the implementation of the Stark law. The agencies involved in the review will include CMS, OIG, HHS General Counsel, and the DOJ. The Stark law prohibits doctors from referring Medicare patients to hospitals, labs and colleagues with whom they have financial relationships unless they fall under certain exceptions. It also prevents hospitals from paying providers more when they meet certain quality measures, such as reducing hospital-acquired infections, while paying less to those who miss the goals. The result is the law is viewed as making it difficult for physicians to enter innovative payment arrangements because they are not susceptible to fair market value assessment—a Stark requirement. These prohibitions are seen as interfering with key factors related to value-based care. Unlike the Anti-Kickback Statute, which is enforced by the OIG, the Stark law is considered regulatory and falls under CMS jurisdiction. From a regulatory standpoint, there is only so much that CMS can do to make substantive changes. Any real changes in the law will have to come from Congress.

This is not the first time the CMS has tried to move the easing of rules concerning the Stark law.  In 2015, CMS published a Proposed rule relaxing aspects of the Stark law, including easing of some of the strict liability features of the law and CMS’ burden in dealing with the interpretation of key terms, requirements, and other issues. After reviewing an enormous amount of self-disclosures, CMS realized that a large part of the docket involved arrangements that may technically violate the statute but do not actually pose significant risks of abuse. Therefore, it appears that CMS seeks to reduce the number of self-disclosures reported. However, the proposed update is also intended to account for recent changes relating to health care reform and advancements in patient care and payment methodologies. CMS wanted to ensure that Stark does not inhibit Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) reforms and these are the same concerns driving the latest initiative.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Nine tips for compliance officers—addressing high-risk areas

Carrie Kusserow is an expert on conducting compliance risk assessments and has been called upon by compliance officers to meet their challenge of addressing the numerous compliance high-risk areas. She notes that there are more than 40 high-risk areas identified by the OIG in its Compliance Guidance for hospitals. Guidance for other health care sectors has a similar set of compliance high-risk areas and the number of identified compliance risk areas continues to grow every year. To meet this challenge, compliance officers must stress to program managers their ongoing monitoring responsibility to identify and manage compliance risks within their areas of operations. This includes keeping informed of current rules and regulations; ensuring changes are incorporated into policies and procedures; training staff on following that written guidance; and verifying staff adherence to new policies. Ongoing auditing of operational high-risk areas has two primary objectives, including verifying that managers meet their obligations, and validating that the process achieves the desired outcomes. Audits need to be conducted by parties independent of the operational areas being audited, and may include compliance office staff, internal audit, outsider consultants and auditors, or any combination thereof. She offered the following tips for consideration by compliance officers:

 

  1. Work with management to identify operational high-risk compliance areas as set forth in the OIG Work Plans, Fraud Alerts, Advisory Opinions, audits, and enforcement priorities and in Medicare contractor activities, industry news, PERM reports, and PEPPER data.

 

  1. Implement specialized training programs for program managers on what they need to do to meet their ongoing monitoring of high-risk areas in their operational area.

 

  1. Ensure that program managers have identified and listed all compliance high-risks areas related to their operational areas; have developed/implemented monitoring plans for identified risk areas as part of meeting their ongoing monitoring responsibilities. This includes testing and reviewing adequacy of the internal controls (e.g. policies/procedures) to reduce likelihood of that an unwanted event will occur in high risk areas.

 

  1. Rank high-risk areas in terms of vulnerability and impact or damage from a risk incident, including calculating the potential damage from a compliance risk failure, including the magnitude of direct and indirect financial and reputational consequences; and the likelihood of a compliance risk event by considering whether the area is a current enforcement priority based on risk assessment results.

 

  1. Develop and implement an audit plan based on risk assessment results, giving highest priority to the highest risk areas. The audits should test and continuously review current internal controls for adequacy in mitigating risk and reducing the chance of an unwanted risk event.

 

  1. Ensure corrective action plans have been instituted for all risk area deficiencies identified by ongoing monitoring or auditing.

 

  1. Have a follow-up review of any areas where there had been findings requiring remedial action to ensure corrective measures have been taken and are working as intended.

 

  1. Consider engaging compliance experts to independently evaluate the effectiveness of a compliance program.

 

  1. Present results of risk assessment, monitoring and auditing as regular agenda items for management and board level compliance committees.

 

For more information on compliance high-risk assessment, contact Carrie Kusserow, Strategic Management Managing Senior Consultant (703-535-1453) or at ckusserow@strategicm.com

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.