Kusserow on Compliance: Controls working to prevent Medicare Advantage capitation payments after beneficiaries’ death

The OIG released a report that stated CMS policies and procedures were generally effective in ensuring that capitation payments to Medicare Advantage (MA) organizations for Medicare Parts A and B services were not made on behalf of deceased beneficiaries after their death. The Medicare Access and Children’s Health Insurance Program Reauthorization Act of 2015 requires CMS to establish policies to ensure that payments are not made for Medicare services rendered after death of beneficiaries. In prior audits, the OIG identified problems in controls to prevent these kinds of Medicare payments. In this case, the OIG conducted an audit to determine effectiveness of CMS’s policies and procedures to prevent capitation payments to Medicare Advantage (MA) organizations for Medicare Parts A and B services after individuals’ dates of death.

Details of the audit report noted that during calendar years 2012 through 2015, CMS received updated beneficiary date-of-death information and then made approximately 1.8 million adjustments to capitation payments, thereby recouping $2.96 billion from MA organizations for Parts A and B capitation payments that had been made on behalf of beneficiaries who had died.  However, the OIG found that CMS did not identify and recoup all improper capitation payments. As of March 7, 2017, CMS had not recouped $2.4 million associated with 1,817 capitation payments that were made on behalf of 978 beneficiaries. The OIG noted these improper payments represented .0004 percent of the total capitation payments made to MA organizations and .08 percent of the total adjustments that CMS made after receiving information on beneficiaries’ dates of death.

The OIG recommended CMS (1) move to recoup the $2.4 million in capitation payments made to MA organizations on behalf of deceased beneficiaries and (2) implement system enhancements to identify, adjust, and recoup improper capitation payments in the future. CMS concurred with both of these recommendations and described corrective actions that it had implemented.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: The OIG on Health IT security

Many are not aware of the fact that the HHS OIG boasts having an A-class team that focuses on IT controls and engages in what they refer to as penetration testing or “hacking” into IT systems and networks. With 100 million health care records already compromised and medical records serving as a top target for hackers, healthcare related cybersecurity has become a high priority for the OIG. Health IT offers some unique challenges, in that health records are for a lifetime, whereas credit cards may have a shelf life, if they’re compromised, of just a day or two. This makes them very valuable for criminals that can often realize 60 times more than what a stolen credit card can yield on the dark web. Compromised health information could have wide-ranging consequences, including affecting credit and even someone filing a false tax return with the information. In addition to people’s personal information, there is concern about health care provider and managed care proprietary information.

The OIG IT audits begin with setting an audit objective, which varies according to what they are trying to accomplish. The OIG desires to provide transparent and objective assessments of the security posture of the systems within HHS and those that receive funding from HHS. The OIG engages in penetration testing, as a means to help strengthen IT vulnerabilities. By engaging in penetration testing or “hacking into” IT networks, the OIG is able to provide chief information officers, and sometimes CFOs, with information regarding particular vulnerabilities. Among the common testing of IT systems is determining whether passwords are being changed periodically.  The OIG stated guiding philosophy is that “what gets checked gets done.” By identifying vulnerabilities, they draw management attention to addressing them and raising their awareness to cybersecurity.

The OIG wants to ensure that funds for cybersecurity, and ultimate for technology, are being used judiciously, and overall the OIG is working every day to protect sensitive personal and proprietary data. The OIG is using its resources to enhance awareness around cybersecurity.  The OIG focuses much of its resources on IT controls for the Medicare enrollment database; however the OIG does not confine its work to the Medicare and Medicaid space. The OIG is also looking at IT security at NIH, Indian health hospitals throughout the country, and FDA information on drugs and medical devices. The OIG typically addresses reports to senior level personnel, such as the CEO and Chief Information Officer, and often addresses reports to state administrators for Medicare and Medicaid.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG reports the new Medicaid data system inadequate

The OIG reported that historical inadequacies in Medicaid data have hindered program integrity, research, budgeting, and policy. As a result the OIG has designated the improvement of Medicaid data as a top management HHS challenge. In 2016, the federal Government and states spent $574 billion on Medicaid, serving more than 74 million enrolled individuals. Complete, accurate, and timely Medicaid data are vital for the effective administration and oversight of the Medicaid program by states and the federal Government. The Transformed Medicaid Statistical Information System (T-MSIS) is a new data system that was developed to improve the completeness, accuracy, and timeliness of Medicaid data. The OIG provided a status update on the implementation of T-MSIS, building on its previous review of the 2013 T-MSIS pilot.

In conducting its review, the OIG analyzed the implementation status of T-MSIS using 40 states’ approved plans for data submission; and interviewed staff from CMS and 16 states about their experiences implementing T-MSIS. The OIG reported the following:

  1. States and CMS reported early implementation challenges resulted in delays with T-MSIS
  2. Technological problems and competing priorities for states’ resources caused delays
  3. The goal date for when T-MSIS will contain data from all states has been repeatedly postponed
  4. CMS expects that all states will be reporting to T-MSIS by the end of 2017
  5. 21 of 53 state programs were submitting data to T-MSIS
  6. States and CMS continue to raise concerns about completeness and reliability of the data
  7. States indicate that they are unable to report data for all the T-MSIS data elements
  8. Even with a revised data dictionary for each data element, states and CMS report concerns about states’ varying interpretations of data elements
  9. Without uniform interpretations of data elements, the data submitted will not be consistent across states, making any analysis of national trends or patterns inherently unreliable.

The OIG concluded that successfully getting all states’ data into T-MSIS requires states and CMS to prioritize T-MSIS implementation. However because of CMS’s history of delaying target dates for implementation, the OIG expressed concerned that CMS and states will delay further rather than assign the resources needed to address the outstanding challenges. The OIG further noted that without a fixed deadline, some states and CMS may not make the full implementation of T-MSIS a management priority.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Oncology remains high federal enforcement priority

Oncology continues to be a high enforcement priority for the DOJ, OIG, FBI, and CMS.  The latest fraud investigation by the DOJ involves CCS Oncology, large and prominent providers of cancer care. The reported question being investigated relates to possible billing irregularities involving Medicare and Medicaid. As with most cases related to oncology irregularities, the predication was by a “whistleblower.” The complaint alleges CCS billed for more expensive procedures than were actually performed, billed for procedures that never were performed, and performed medically unnecessary procedures on patients, among other violations, according to the source. The stream of cases is long enough to outline key factors that have led to settlements with the DOJ and OIG. Compliance Officers, whose portfolio of responsibilities include oncology services may wish to review the following to ensure none of these factors are at work in a manner that may trigger investigation.

Common Oncology Enforcement Issues

  1. Employees knowingly submitted false records to Medicare and Medicaid to increase revenue
  2. Claims submitted for services performed without required physician supervision
  3. Offering unnecessary treatments and services to patients
  4. Recruitment and treatment of terminal patients that should have been referred to hospice care
  5. Re-treatment of patients in excess of prescribed dosage limits
  6. Claims for services when physician reviews had not taken place
  7. Claims where treatment occurred without prior required IGRT scan
  8. Physicians allowed registered nurses to fill out prescriptions for medications
  9. Offering inducements (“kickbacks”) to patients by waiving their co-pays
  10. Conducting not necessary fluorescence in situ hybridization (FISH) tests for bladder cancer
  11. Filing payment claims for GAMMA functions by improperly trained physicians and staff
  12. Seeking payments for tests whose results doctors had not reviewed
  13. Billing E&M services on the same day as a related procedure
  14. Double and over-billing Medicare for services that lacked supporting documentation
  15. Improperly billing for radiation treatment without proper physician supervision
  16. Submitting false claims for magnetic resonance imaging (MRI) services
  17. Billing for services that were not documented in the patients’ medical records
  18. Billing twice for the same services
  19. Misrepresentation of the level of a service provided to increase reimbursement
  20. Routinely waived patient copayments as an inducement, then billing Medicare for them.
  21. Claims for services not performed, medically necessary, and/or properly documented
  22. Claims for services rendered to patients referred by physicians benefiting from referral
  23. Purchasing cancer treatments from unlicensed sources for oncology practice
  24. Diluting patients’ chemotherapy treatments and delivering in a manner designed to extend period of treatment time
  25. Claims for medically unnecessary or properly documented intensity-modulated radiation therapy (IMRT)
  26. Unsupported add-on claims for “special treatment procedures” and “specialty physics consults”
  27. Violating the Stark Laws and Anti-Kickback statute by rewarding referring physicians