welcome to "managed care plans: critical partners in the fight against fraud, waste, and abuse in medicaid." today's presentation addresses the role of managed care organizations (mcos), prepaid inpatient health plans (pihps), and other managed care entities in the fight against medicaid fraud, waste, and abuse. this presentation refers to all of
these entities collectively as managed care plans (mcps). as of july 1, 2015, more than two thirds of medicaid beneficiaries received most or all of their services from mcps. federal regulations define an mco as an entity that has, or is seeking to qualify for, a comprehensive risk contract under the medicaid program. the mco may be
a federally qualified health maintenance organization (hmo), or any entity that meets the conditions of participating as an mco in medicaid. pihps are a type of organization that may meet such conditions. pihps are not defined in the regulations, but the medicaid and children's health insurance program (chip) payment and
access commission defines a pihp as an entity that does not have a comprehensive risk contract but does accept risk on arranging hospital or institutional services. another potential mco entity is the prepaid ambulatory health plan (pahp) pahps are capitated entities that do not cover inpatient hospital or other
institutional services but do cover a limited set of ambulatory services such as dental care and non-emergency medical transportation. many of these managed care entities assume responsibility for care management and the creation and reimbursement of a network of providers. let's take a look at the
objectives of this presentation. at the conclusion of this presentation, learners will be able to: recall three elements of an effective compliance program; list three steps that mcps can take to prevent, detect, and report fraud, waste, and abuse; and identify tools used to prevent excluded,
debarred, and terminated providers from participating in the medicaid program. several program integrity requirements are discussed throughout this presentation, namely the requirements for certain types of mcps to adopt and implement a compliance program and to conduct training related to false claims, detection, and prevention of fraud and abuse.
current regulations at 42 c.f.r. section 438.608 require that mcos and pihps have a compliance plan and administrative and management arrangements or procedures that are designed to guard against fraud and abuse. the regulation does not use the word "program." the difference between a plan and a program can be expressed as follows:
a compliance plan spells out how the mco intends to ensure compliance; and a compliance program is the ongoing implementation of the plan. although the regulation does not use the word "program," it is clear that a plan by itself is not enough. a plan that is not implemented is just another folder on a shelf. also, the affordable care act used
the term "program" when describing forthcoming provider compliance requirements that the secretary of the u.s. department of health and human services will establish as a condition of enrollment in medicaid. the compliance programs required of mcos and pihps under current regulations must incorporate seven
specific elements that we will discuss. pahps are not currently required to have a compliance program, but for reasons that we will discuss it would be wise for them to have one. many state medicaid agencies (smas) require mcps to have a compliance program. as indicated in its 2011 review of program integrity in medicaid
managed care, the u.s. department of health and human services, office of inspector general (hhs-oig) found that many smas review the adequacy of such programs by conducting both desk and on-site reviews. mcps will want to be well-prepared for such on-site reviews. the fraud, waste, and abuse component of the compliance program is critical
because these are the issues that are costing taxpayers large sums of money. according to the centers for medicare & medicaid services (cms), each year medicaid covers medical expenses for more than 64 million beneficiaries through 56 state and territory-administered programs. the total cost of this coverage in fiscal year (fy) 2014 was $508 billion.
the government accountability office (gao) has estimated that in fy 2014 the amount of improper payments made by medicaid was $17.5 billion. although some improper payments are errors rather than fraud or abuse, the case examples discussed later in this presentation show fraud and abuse together make up a significant
portion of improper payments. in addition to discussing compliance programs, this presentation discusses the requirement under section 1902(a)(68) of the social security act that certain mcps provide to employees, agents, and contractors certain information on false claims. before discussing the components of a
compliance program or the false claims requirement in detail, let's look at the meaning of the terms "fraud, waste, and abuse." a federal regulation defines "fraud" as "an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. it includes
any act that constitutes fraud under applicable federal or state law." application of the definition of fraud in a specific case may vary depending on circumstances, but generally speaking, an innocent billing mistake would be failure to comply with established procedures, but would not be fraud. by contrast, an intentional over-billing
would be fraud. an mcp compliance program that prevents, detects, and corrects negligent failures to follow procedure but does not do the same for intentional violations is not a true compliance program. waste is not defined in the rules that govern the medicaid program, but is "generally understood to encompass
over-utilization or inappropriate utilization of services and misuse of resources, and typically is not a criminal or intentional act." examples of waste by a beneficiary could include making excessive office visits or accumulating more prescription medications than necessary for treatment of specific conditions. waste by a provider could include
scheduling those excessive visits, writing excessive or duplicate prescriptions, writing prescriptions for drugs that are no more effective than less expensive ones, ordering excessive patient medical supplies, or ordering excessive laboratory tests. a provider who engages in this conduct does not generally profit from it directly and may do so out of
ignorance or negligence. waste is an important issue that a compliance program should address, but this presentation focuses on fraud and abuse. the same federal regulation defines abuse as "provider practices that are inconsistent with sound fiscal, business, or medical practice, and result in an
unnecessary cost to the medicaid program, or in reimbursement for services that are not medically necessary or that fail to meet professionally recognized standards for health care. it also includes beneficiary practices that result in unnecessary cost to the medicaid program." examples of abuse include billing for
services that the provider does not realize are medically unnecessary, or prescribing more expensive brand prescription medication when an equally effective generic medicine is available. a provider can abuse the medicaid program even if there is no intent to deceive. such a provider may not be subject to criminal prosecution, but may
still be subject to administrative and civil sanctions, including monetary penalties and possible exclusion from federal health care programs. these consequences are discussed later in the presentation. as we have discussed, only mcos and pihps are required by law to have a compliance program. there are good
reasons why other mcps should also have a compliance program. first, the affordable care act provides that the secretary of hhs establish core elements of a compliance program that will be required of all federal health care program providers, including mcps. the year after the affordable care act was passed, the then chief counsel to
the inspector general, hhs-oig, talked about why it is important to have a compliance program. under the health care reform, all providers are going to be required to have compliance programs in place, and even if that law didn't exist, there's a very good common sense reason to have compliance. a compliance program is
like a seat belt. you want to wear it all the time, even if you never intend to get into an accident. cms has suggested that having a compliance program benefits the mcp in many ways. those ways include a decrease in billing mistakes, an increase in patient safety and quality of care, and the ability to meet private commercial
insurance company requirements to train employees on compliance. billing mistakes can be reduced when a compliance program causes better adherence to billing procedures and improved documentation. treatment errors that a compliance program can prevent or detect include: failure to treat a patient in light of a
change in the patient's condition, premature discharge of a patient from a hospital and providing incomplete follow up or discharge instructions. a compliance program can also help protect the mcp from the risks of significant losses as a result of undetected misconduct by mcp officers or employers, network
providers, or other contractors. as in any other business organization, mcps face the possibility of theft, embezzlement, or other financial misconduct by officers and employees of the mcp. this misconduct can lead to significant losses for the mcp. one commentator has identified "[t]he risk that senior management might override
important financial controls to manipulate financial reporting." this risk is not just academic. officials of a large florida-based mcp illegitimately increased the mcp's profit by over- reporting the amount of money spent by the mcp to provide medical services to beneficiaries. as a result, the mcp paid $137.5 million in 2013 to settle false
claims allegations by the federal government and 9 states. other examples of harm coming to an mcp as a result of false statements by its officers include: an ohio mcp's payment of $26 million to settle allegations that its officers had lied to the sma about services provided to beneficiaries; a florida-based mcp's payment of $80
million to settle allegations that its officers inflated expenditures; and a long beach-based mcp's payment of $320 million to settle allegations that it had reported inflated patient risk adjustment scores to the sma and failed to disclose the fact when it was discovered in an audit. if addition to false statements or
omissions, mcps can risk damages or penalties for misconduct in in other areas. areas of vulnerability include bid rigging; marketing and enrollment fraud; underutilization; having officers, employees, contractors, or network providers who have been excluded; providing insufficient beneficiary access to network providers; paying or accepting
kickbacks; and operating a sham special investigations unit. a well-functioning compliance program can help protect the mcp from crippling sanctions when officials or employees engage in this sort of fraudulent conduct discussed on the previous slide. strong internal controls and prompt corrective action can persuade prosecutors not to
bring charges against the company. having an internal investigation process that can provide all relevant facts about individual misconduct may be considered by the government as mitigation in deciding what action to take against the mcp. before discussing the details of an effective compliance program, this presentation considers additional
reasons for adopting a compliance program. one of those reasons is the possibility of misconduct by network providers. as mentioned earlier in this presentation, the adequacy of mcp efforts to prevent and detect network provider fraud is subject to increasing government scrutiny, and that is one reason why mcps should address this issue in their
compliance programs. in addition, the mcp's contract with the sma, or state law, may require that the mcp include network providers in its compliance program and meet certain performance standards. for example, the largest mcp in florida was fined $3.4 million in 2011 for failing to promptly report suspected abuse by providers in its network.
this failure violated both state law and the terms of the mcp's contract with the sma. in addition to avoiding a fine, mcps have other reasons to monitor network providers for compliance. these include cms guidance and the need to reduce the mcp's exposure to significant losses from provider fraud.
civil penalties can be imposed on the mcp for providing false statements even if no one in the mcp actually knew about or participated in the fraud. it is enough if mcp personnel "should have known" that the information was false. specifically, hhs-oig has authority to impose a civil monetary penalty on any individual or entity that presents, or
causes to be presented, a claim for "an item or service that the person knew, or should have known, was not provided as claimed." if the mcp fails to exercise due diligence regarding provider submissions, or ignores clear signs of fraud or abuse, and forwards those submissions to the sma, it runs the risk of exposure to civil penalties.
a compliance program that monitors and audits these submissions can reduce the chances this will occur. in addition to the risk of civil penalties, mcps that do not monitor their providers for fraud, waste, and abuse risk losing money either directly or indirectly. if the mcp pays its providers on a fee-for-service basis, then the mcp will be
losing money directly when it dispenses payment based on false information. capitated basis, the impact of fraud, waste, and abuse will be delayed but it will show up when the capitation rate is adjusted for the next contract. mcps without a compliance program should adopt one, and mcps that already have a compliance program
should take a fresh look at their programs to ensure they are effective. many mcps already have strong compliance programs in place. one might ask why they should spend resources evaluating those programs. one answer is that the mcp may be at increased risk of loss if the program is not effective. another reason is that
government agencies are subjecting the quality of mcp compliance programs to increasing scrutiny and regulatory sanctions. in the past there may have been a tendency by some government bodies to concentrate on fee-for-service fraud, waste, and abuse and leave those problems in managed care to the mcps.
that has changed. government agencies are subjecting mcp compliance programs to scrutiny, and this scrutiny will increase. in its fy 2014 annual report on the states' medicaid fraud control units (or mfcus), hhs-oig noted that while medicaid services provided under managed care have increased in recent
years, "many mfcus voiced concerns about a lack of fraud referrals from mcos in their states." hhs-oig further noted, "specifically, officials from 21 mfcus reported that their units received fewer fraud referrals from medicaid mcos than the respondents expected on the basis of the number of managed care-covered
beneficiaries in their states." "some mcps had only a small number of employees assigned to fraud prevention, had not established robust efforts for detecting potential fraud, or used a narrow interpretation of the provider activities that would constitute potential fraud and warrant referral." state officials expressed concern that
mcps lacked the incentive to detect and refer potential fraud as opposed to simply removing a provider from their networks. hhs-oig noted that it plans to examine how effectively medicaid mcps identify and address incidents of potential fraud by providers. government scrutiny is not limited to the federal level. in september 2014, the
national association of medicaid directors (namd) recommended that cms adopt regulations requiring all mcps to submit compliance plans to the sma annually for approval, and requiring smas to oversee the implementation of those plans. in 2013, the medicaid fraud division of a state comptroller's office found that an mcp had failed to meet its compliance obligations.
among other things, the mcp failed to meet the contractually required ratio of investigators to beneficiaries and failed to meet state training requirements for its quality assurance auditors. whether an mcp is adopting a compliance program for the first time, or is taking another look at an existing program, it will be necessary to examine
the elements of the compliance program as set forth in the medicaid regulation. the regulations requiring mcos and pihps to implement compliance programs lay out the seven elements of the program but do not further define what each element should include. in deciding how to structure their compliance programs, mcps may be
able to learn from documents available on the cms website. such documents include: "affordable care act provider compliance programs: getting started webinar"; "guidelines for addressing fraud and abuse in medicaid managed care"; "program integrity review annual summary reports"; and
"best practices for medicaid program integrity units' collection of disclosures in provider enrollment." in 2014, cms indicated that it would update its guidance on medicaid managed care program integrity. mcps should watch for this updated guidance and follow it when it becomes available. mcps may also wish to consult two
documents on the hhs-oig website: "compliance program guidance for medicare+choice organizations offering coordinated care plans"; and "health care fraud prevention and enforcement action team (heat) provider compliance training." the first required element of a compliance program is "written policies,
procedures, and standards of conduct that articulate the organization's commitment to comply with all applicable federal and state standards." it is important that mcp's written policies identify the laws, rules, and contract requirements governing employee conduct since employees will not necessarily be aware of them.
these laws include relevant provisions of the affordable care act, the confidentiality and security requirements of the health insurance portability and accountability act (hipaa), state laws on confidentiality of patient information, federal medicaid laws and rules, state medicaid rules, state laws or contract requirements on compliance, and various
anti-fraud laws, including the false claims act (fca). policies should also give examples of types of conduct that would violate these laws, rules, and contract requirements. "identify" does not mean include all of these sources verbatim. this could make the policy both incoherent and cumbersome. instead, policies should
include a brief summary of the provisions that are most relevant to employees. since sources change over time, they should be identified and their locations given rather than quoted extensively. remember, it is best if such requirements are provided in user-friendly, plain english. consider having administrative and junior staff members serve as cold
readers of policy and pronouncements. the procedures should address how to implement the plan, who is responsible for updating policies on compliance matters, and who ensures that training is completed. procedures should also address how to report suspected violations. to encourage reporting, mcps should allow employees to report suspected
violations to either the compliance officer or their supervisor or manager. written policies should also address oversight of investigations, monitoring of corrective action plans, and communication with others about compliance issues. the mcp's written policies should be reviewed by employees within 90 days of hire
and annually thereafter. the policies should prohibit intimidation and retaliation for good-faith participation in the compliance program. this protection should cover reporting potential issues, investigating issues, conducting self-evaluations, performing audits and remedial actions, and reporting to appropriate officials.
the mcp's written policies should also address several items relating to fraud and abuse. under section 1902(a)(68) of the social security act, any entity that receives or makes payments of $5 million annually from a state medicaid program must provide to its employees, contractors, and agents, in the form of written
policies, certain information on: state and federal laws on false claims; whistleblower protections; and the mcp's policies and procedures for detection and prevention of fraud, waste, and abuse. policies on false claims should explain in layman's language that officers and employees who knowingly participate in
the submission of a false claim to the sma can subject themselves and the mcp to a range of sanctions under both state and federal law, including administrative penalties, treble damages and exclusion from the medicare and medicaid programs. many states have their own false claims statutes.
a list of these states, with links to some state statutes, is available on the internet, but mcps should also consult their sma directly to learn the details of the statute in their state. although not required by law, policies should also provide information on the criminal provisions of the false claims act and related federal criminal statutes that can
lead to criminal fines and imprisonment. policies should identify types of conduct that can easily give rise to false claims liability for the mcp and its employees. examples include over-reporting the amount of money spent by the mcp to provide medical services to beneficiaries; cherry-picking healthy patients to avoid future costs; operating a sham
special investigations unit; billing for screening, assessment, and case management services not provided; and inflating patient risk adjustment scores. hhs-oig's 2014 work plan states it will investigate mcp reporting of medical loss ratios. include a policy of non-intimidation and non-retaliation for good-faith participation
in the compliance program, including, but not limited to, reporting potential issues, investigating issues, conducting self- evaluations, performing audits and remedial actions, and reporting to appropriate officials. section 1902(a)(68) does not require the mcp to have an employee handbook. if such a handbook does exist, however,
the law requires that it include the same information on false claims, whistleblower protections, and fraud, waste, and abuse detection procedures that are required to be included in the mcp's policies. the second element of a compliance program is "the designation of a compliance officer and a compliance
committee that are accountable to senior management." in the absence of a culture and language of compliance, even the most comprehensive written compliance plan is merely another colored binder on the shelf. as noted by the inspector general of hhs in an address to a compliance association, an effective compliance
program begins with management setting the tone that compliance is important to the enterprise. it takes time and effort to establish a culture of compliance among employees and providers. the compliance officer, compliance committee, and board of directors play essential roles in establishing this culture.
as many mcps know, experience with successful compliance programs has shown that the compliance officer should be a person of high stature in the organization. it is not sufficient to simply add "compliance officer" to the duties of someone who has no authority in the organization. the compliance officer should be a person who has
demonstrated excellence in the fields of compliance and ethics. mcps with effective compliance programs have learned that having a broad representation from senior management on a compliance committee allows the committee to understand the risks from various parts of the organization and align resources
according to the risk. operational areas that should be represented on the committee, to the extent they exist in the organization, include: finance; internal audit; human resources; licensing and credentialing; contract management; legal; provider relations; medical management; customer service; compliance; and investigations.
mcps may assign investigative tasks to a special investigations unit (siu), a compliance unit, or another unit, or may split investigative tasks among different units. units that have responsibility for investigations should be represented on the committee. one of the compliance officer's most important duties is to report compliance
issues to senior management and the board of directors. hhs-oig suggests that the compliance officer report directly to the chief executive officer (ceo). this arrangement avoids the conflicts of interest that may arise when the compliance officer reports to the general counsel and has an indirect or infrequent reporting relationship
to the board of directors. the compliance officer should identify risks and develop a risk assessment system and monitoring plan. under the plan, the officer and the committee should continually use a risk assessment system to assess risks across the organization and measure whether those risks are being
appropriately mitigated. for example, if the mcp has delegated functions for mental health care through a contract with another entity, the number of inpatient days should be reviewed. if that metric is being looked at and no inpatient hospitalizations are found, that might be an indicator that the contractor is not using the proper criteria and may
be denying inpatient benefits as a way of maximizing profit. the mcp remains ultimately liable to the state to ensure that benefits are properly provided. the compliance officer and committee should also review internal monitoring and auditing reports and monitor the adequacy and effectiveness of policies
and procedures, communication mechanisms, internal controls, and corrective and preventive actions. finally, regular reports from the compliance officer and committee to the board of directors should include information on the: number and types of reported violations; stage of investigative
activities; and time from complaint to resolution or referral. the compliance officer should not have operational responsibilities for other areas of the organization's work, especially those that might present a conflict of interest, such as general counsel or chief financial officer (cfo). if the compliance officer does have
operational responsibilities for areas that do not pose a conflict, the mcp should ensure that sufficient resources are allocated to permit this person to satisfactorily perform the compliance functions. hhs-oig has pointed out that a conflict of interest may arise when the mcp compliance officer
is also the general counsel. the compliance officer and the committee members should stay up-to-date on compliance issues by: attending conferences, webinars, and other training programs offered by national and regional organizations devoted to prevention and detection of fraud, waste, and abuse in health care;
subscribing to publications and hhs-oig's email list; monitoring the cms and hhs-oig websites; and communicating with peers at other mcps. compliance supervision duties are not limited to the compliance officer and committee. the board of directors must also be fully engaged. to be effective, the compliance officer
and committee must have the support of the mcp's board of directors. the board should take the lead in examining the effectiveness of the mcp's compliance program. taking this role is consistent with all board members' legal duty to exercise due care in protecting the best interests of the corporation. hhs-oig and cms have highlighted the
need for an engaged board of directors or governing body that understands the line of business and has compliance issues as a standing agenda item. the board's duties include: reviewing the mcp's compliance program, with emphasis on measures to identify and return overpayments; determining the adequacy of resources
devoted to compliance and reviewing compliance officer reports, including information on how management responded to violations of policies or law; requiring periodic updates on regulatory changes and the actions the committee has taken to ensure compliance; and retaining the services of an experienced regulatory, compliance, or
legal professional if none is included as a member of the board. board members can underline the importance of the compliance program by attending staff meetings on compliance. those board members who are interested in learning more about compliance duties may want to consult reputable private
as well as government sources. the federal regulation on medicaid managed care compliance requires that the mcp's compliance program include "effective training and education for the compliance officer and the organization's employees." for the compliance program to be effective, the mcp should go beyond the
minimum requirements of the regulation and deliver training to other officers as well as the board of directors. training should be tailored to the different responsibilities of the compliance officer, other officers, employees, and directors. for example, employees who work in areas that are at high risk for fraud,
waste, and abuse should receive specialized training that addresses those risks. the regulation does not specify which subjects training and education must address. however, cms and hhs-oig have both issued guidance on what should be included. pursuant to cms' guidance, training
should cover the elements of the compliance program as well as the prevention, detection, and reporting of fraud and abuse. according to hhs-oig guidance, the training should also ensure that mcp employees, officers, and directors understand that the consequences of noncompliance can include civil fca
liability, director and officer liability, and corporate integrity agreements. similarly, training should ensure that understand the consequences of violations of law, such as the health care fraud statute, the civil and criminal provisions of the fca, the anti-kickback statute, and the anti-fraud laws of the states where the mcp does business.
these consequences can include imprisonment, fines, forfeitures, and exclusion from the medicaid program. training should also address whistleblower information, the roles of the compliance officer and committee, and ways of preventing, detecting, and reporting fraud and abuse. all 45 of the mcps responding to a 2010
survey by hhs-oig confirmed that they provided training to their employees not only on the compliance program, but also on identifying and reporting suspected fraud and abuse. training should address the following areas which hhs-oig has identified as problematic for compliance: coding, billing, and accidental hiring
of excluded individuals. training should also address the areas identified by mcps as being of highest concern for fraud: billing for services not rendered, upcoding, billing for services not medically necessary, fraudulent beneficiary enrollment, and beneficiary drug diversion. for training and education to be
effective, it is important to: use a blend of presentation methods, including live training, computer-based training, and other methods; regularly review and update training programs. try different approaches. use "real-life" examples; make training completion a job requirement; assess participants' knowledge of the material:
benchmark the knowledge before the training, test employees' understanding of training topics after the training; and evaluate the effectiveness of the training. in addition to training and education, the mcp must maintain other means of communication on compliance issues. element four requires that the mcp have "effective lines of communication
between the compliance officer and the ways to maintain effective communication include: maintaining an anonymous "hotline" to report issues; enforcing a non-retaliation policy for employees who report potential problems; establishing a direct line of communication between the compliance officer and the board;
using surveys or other tools to get feedback on training and on the compliance program; using newsletters or intranets to maintain visibility with employees; and having the compliance officer regularly brief the board about the compliance program. element five requires "enforcement of standards through well-publicized
disciplinary guidelines." mcps with effective compliance programs recognize that standards of conduct do not enforce themselves. for a compliance program to be effective, the mcp's commitment to compliance must be more than a poster or a slogan. it must be embodied in an employee code of conduct that includes sanctions
for participation in noncompliant behavior and also for failure to report suspected noncompliance by others. the commitment should also be evident in the code's statement of employee expectations and the inclusion of compliance in the employee performance appraisal process. failure to enforce standards results
in an ineffective compliance program. the process needs to be transparent, which includes publicizing disciplinary actions within the organization in the same ways that the guidelines are publicized. element six is "provision for internal monitoring and auditing." monitoring consists of regular reviews that take
place as part of normal operations. monitoring should be done with a specified frequency by a specific responsible person. auditing is more comprehensive than monitoring and is a more formal review based on specific standards. cms guidance suggests mcps conduct regular audits to guard against fraud and
abuse, underutilization, and overutilization. cms also suggests that mcps assess and strengthen internal controls to ensure claims and payments are correct. audits can be part of such assessments. audits should take place in accord with an audit work plan based on the risk assessment and should occur periodically,
but no less frequently than once a year. together, the mcp's internal monitoring and auditing system should: gather risk intelligence from all parts of the entity; aggregate and prioritize risks in a coherent way; report on prioritized risks; and focus on prioritized risk areas through audits.
some internal risk areas, such as financial mis-reporting and underutilization, were discussed earlier in this presentation. to mitigate the risk of an mcp officer reporting false information to the sma, personnel in the mcp's finance department could conduct an ongoing comparison of the information in the mcp's records with the
information that is provided to the sma. other risk areas, and means of monitoring those areas, can be identified by looking to the experience of other mcps. risks can also be identified by using risk assessment tools that are available commercially or free of charge from the websites of compliance organizations.
under section 1128 of the social security act, hhs-oig has the authority to exclude individuals and entities from participating in federal health care programs for many different reasons, including conviction of a program-related crime; license revocation or suspension; participation in fraud, kickbacks, or other prohibited activities; and default
on educational loans. in addition to prohibiting excluded persons and entities from participating in federal health care programs, the social security act provides that mcps that have certain relationships with excluded persons or entities may be excluded from receiving any program funds. if an mcp owner, director, officer, agent, or
managing employee has been excluded, the mcp runs the risk of being excluded. in addition to exclusion, mcps face the risk of financial consequences as a result of these relationships. exclusion means that medicaid cannot legally pay for, and should not be billed for, any services or items furnished directly or indirectly by excluded persons or entities.
"excluded persons are prohibited from furnishing administrative and management services even if the administrative and management services are not separately billable." administrative and management services include those services rendered by corporate officers and department heads. these services also include "health
information technology services and support, strategic planning, billing and accounting, staff training, and human resources." therefore, an mcp that receives such services is not entitled to receive any funds from an sma. if an sma employs an excluded person to perform management or administrative functions,
any government health care program funds it receives are considered overpayments under section 1128j(d) of the social security act. those funds must be returned within 60 days after they are identified. failure to do so may make each overpayment a false claim, which could subject the mcp to damages
and other serious consequences under the civil fca. in addition, under the civil monetary penalties law, the mcp may be liable for civil monetary penalties for such overpayments. it is simple for an mcp to determine whether any owners, directors, officers, agents, or managing employees
are excluded. when hhs-oig excludes such persons from participation, it places their names on the list of excluded individuals/entities (leie) on the hhs-oig website at the website shown on this slide. this is where mcps should look. in addition to monitoring for exclusion, mcps should also monitor for debarment.
federal agency officials may prohibit individuals and entities that are not behaving responsibly from participating in federal programs. mcps are prohibited from allowing debarred individuals to serve as directors, officers, or partners. mcps may not allow debarred individuals or entities to have a beneficial ownership of
5 percent or more of the mcp. mcps are also prohibited from having an employment, consulting, or other arrangement with debarred individuals or entities. mcps that have such a relationship may lose their medicaid contracts. mcps can mitigate this risk by checking to see whether present or proposed directors, officers, owners, partners,
employees, or consulting individuals, or entities, are debarred by using the system for award management's advanced search-exclusions database. this database may be found on the system for award management (sam) website as shown on this page mcps can mitigate other risks by regularly conducting internal audits.
in addition to monitoring ongoing processes, such as payments to providers, mcps should also conduct self-audits. audits are formal processes that seek "positive assurance" that specific criteria were followed or that information was correct. persons performing an audit must not be employed in the
department being audited. mcps should use self-audits to determine whether specific monitoring processes are effective. for example, the mcp could determine the effectiveness of claims monitoring by having claims processing personnel identify the types of claims that have typically shown the greatest likelihood of
error, and then examine a random sample of such claims. the self-audit would determine whether the claims in the sample were properly documented, were for covered services only, and were from providers who have not been excluded. the audit team should document its findings and, to the extent appropriate,
the mcp should change its claim processing and monitoring processes in light of the audit findings. follow-up work should also be done to determine if the changes were implemented and had the desired effect. undertaking such audits, and sharing findings regarding improper payments with the government, can result in more
lenient treatment of the mcp than if the government had to discover the violations on its own. if the mcp contracts out billing, credentialing, pharmacy services administration, or other functions, it is important to monitor the contractor's performance. mcps could perform audits or insist on contractors undergoing
outside audits by outside firms. mcps seeking to establish or strengthen a contractor compliance program can look to contractor monitoring programs that have been adopted by other mcps. external audits can also strengthen the mcp's compliance program. the mcp can retain an outside firm, or may find itself the subject of an audit by a
government agency or contractor, such as a medicaid recovery audit contractor (or rac) hhs-oig, the sma, or a state comptroller or inspector general. regardless of the type of external audit, the mcp should promptly respond to auditor requests for documents and information. compliance personnel should review the documents when
submitted to the auditor to attempt to identify, correct, and, if appropriate, disclose any non-compliance promptly rather than waiting for the auditor to find it. when the audit is done, the compliance officer and committee, and the board compliance committee, should carefully study the report and take action to correct specific violations as well as
weaknesses in the compliance program. self-audits and internal monitoring make up the sixth element of a compliance program. the seventh element consists of prompt responses and corrective action. element seven requires "provision for prompt response to detected offenses, and for development of corrective action initiatives relating to the mco's or pihp's contract."
the first step in responding promptly to a report of a violation is to determine the scope of the potential violation in terms of patient harm, monetary loss, whether the violation is isolated or part of a pattern, or other factors, and place an appropriate priority on the investigation. the mcp should assign a dedicated and trained person, who may be a compliance officer
or a member of an siu, to investigate. that person should interview the person who made the complaint, review the relevant documents, and interview other persons with knowledge. in some cases, the person investigating will need to talk with a person who is knowledgeable about the department where the alleged violation took place as well as
persons who are familiar with the relevant policies and laws. if your enforcement program does not allow prompt receipt, processing, and investigation of a complaint, it is not effective. to monitor the effectiveness of the program, the compliance committee should regularly report to senior management and the board of directors
on how quickly complaints are investigated and addressed. part of addressing complaints is taking corrective action. after evaluating the information gathered during the investigation in light of applicable legal and policy provisions the investigator should make a recommendation regarding
the appropriate corrective action. when an investigation confirms that fraud, waste, and abuse has taken place, the medicaid regulation requires that the mcp take corrective action. there are additional reasons for the mcp to take such action. in assessing the amount of civil monetary penalties for a violation, hhs-oig considers it a mitigating
circumstance if "corrective steps were taken promptly after the error was discovered." corrective action may include employee or provider education, discipline or termination, policy changes, referral to government agencies for civil or criminal proceedings, self-disclosure, or some combination of these or other actions. referral of misconduct occurring within
or by the mcp is described as "self-disclosure." it is in the financial interest of the mcp to self-disclose. self-disclosure typically results in settlements for half the amount of damages that could be assessed under the fca. other types of referrals are discussed later in this presentation. to be able to take prompt corrective
steps or appropriate and timely corrective action, the compliance program should have a procedure in place to identify who is responsible for implementing corrective action and how implementation will be monitored. the corrective action plan should contain specific steps to correct the problem and time frames for
implementation of those steps. in addition to implementing a corrective action plan, the compliance officer, with the assistance of the investigator, should determine whether the violation was discovered through the existing compliance program. if the violation was not discovered through the existing compliance program, the compliance
officer should consider whether additional protections are necessary to prevent or identify the type of fraud, waste, and abuse that occurred. prompt responses and corrective action make up the last of the seven required elements of the compliance program that is required by medicaid regulations. that is not the end of the story, however.
part of guarding against fraud and abuse, as required by the regulation, is prevention. the mcp's compliance program should include measures to prevent fraud, waste, and abuse from occurring in the provider network. the first step in eliminating fraud and abuse in the mcp provider network is prevention. providers who are members of risk-based
managed care plans are not required to enroll with the sma nonetheless, it is in the mcp's best interest to require, or have its credentialing contractor require, network providers to disclose the same information required of medicaid fee-for-serivce providers. as mentioned previously, the mcp is potentially liable
for damages for any claim or encounter data passed along to the sma from the mcp if the mcp or its contractor "knew or should have known" that the service or item "was not provided as claimed." provider information that should be verified includes: ownership and relationships with other providers; criminal convictions; status of licensure; uncollected debt; payment suspensions;
and current or previous exclusion from federal health care programs or debarment from contracting with federal agencies. the mcp or its contractor should not simply rely on the provider's word. instead, the mcp or its contractor should first verify a provider's credentials, including licensure and u.s. drug enforcement administration (dea)
registration, medicaid provider number, and national provider identifier (npi) number. the mcp or its contractor should also verify that the provider does not have a criminal record and is not excluded or debarred from participating in medicaid. taking these steps is in accordance with cms' strategic emphasis on keeping
problem providers out of the program and preventing fraud at the front end of the payment cycle. verifying credentials is not a trivial activity. just one example of many cases involving unqualified persons masquerading as providers involved a person who had a history of identity theft crimes who assumed a nurse's identity.
using this identity, she obtained employment at several dallas area hospices. over the course of three years, she purported to treat 243 patients at a cost of $880,000 to medicare. similarly, a surgical assistant in maryland presented to a pediatrician's office a fabricated diploma and a forged physician assistant license and dea certification.
the license and certification bore numbers belonging to another individual. she was hired and for 10 days worked in the office, purporting to treat 137 patients, writing over 400 prescriptions for controlled substances, and causing almost $20,000 in false claims to be filed with medicaid. mcps can screen their network providers
for exclusions and debarments by searching the leie available on the hhs-oig website. this screening, and verification of licensure status and absence of a criminal record, should be conducted not only upon hiring but also periodically thereafter. if a provider who is already in the network is discovered to have engaged
in fraud, waste, and abuse or to have been excluded, the mcp should take appropriate action. in the case of termination for fraud, integrity, or quality of care issues, some states require that the mcp report the termination action to the sma. although this is not required in all states, it is a best practice to do so. this reporting can
be very helpful when the provider continues to participate in government health care programs as a member of other networks or as a fee-for-service provider. verification and screening of providers should take place upon admission to the network and periodically thereafter. mcps should check not only for
exclusions of providers but for exclusion of providers' employees as well. in addition to ensuring that providers are screened for exclusion, mcps should also ensure that the employees of providers are also screened. this is because a claim or encounter report can be a false claim if the provider employs an excluded person. hhs-oig has given
guidance that payments for services from providers that employ excluded individuals are overpayments that must be returned. this rule applies even if none of the services performed by the employee are billed to medicaid directly or included in encounter data. for example, a hospital cannot be paid for the services of an excluded nurse;
an ambulance company cannot be paid for the services of an excluded dispatcher; a pharmacy cannot be paid for the services of an excluded pharmacist who inputs prescription information for billing to medicaid; and a medical practice cannot be paid for the services of an excluded practice manager. overpayments must be returned to the
sma no later than 60 days from the date they are identified. if not repaid, the claim for payment may be treated as a false claim under social security act section 1128j(d) providers that employ excluded individuals and entities may also expose mcps to civil monetary penalties. since mcps may be harmed when network providers employ
excluded individuals, mcps should require network providers to screen their employees. an hhs-oig report found that in 2011 a sample of network providers failed to detect a number of excluded individuals, including some who provided direct patient care. problems arose because the names checked differed from those listed in the
leie, names were not correctly spelled, or contracted staffing and background check agencies failed to check for exclusion. mcps can educate their providers about these problems and require that procedures be put in place to avoid them. screening mcp personnel, providers, and provider employees reduces the
chances of fraud, waste, and abuse, but does not eliminate it. mcps with effective compliance programs take other measures to prevent or detect fraud, waste, and abuse in their provider network cms suggests that mcps develop procedures to monitor service patterns of providers, subcontractors, and beneficiaries. these procedures
may include pre-authorization, edits, and data analysis. just as credentialing can help keep bad providers out of the network, preauthorization procedures and prepay edits can help prevent payment of fraudulent or improper claims. mcps should establish preauthorization procedures for expensive services and
services that are prone to in addition to pre-authorization, mcps should incorporate prepayment edits in their claims processing system that can identify claims that are erroneous or possibly fraudulent. prepayment edits are based on elementary data analysis performed by algorithms built into the claims or
encounter processing software. these algorithms are designed to detect a limited range of potential fraud. for example, edits should identify claims that would result in duplicate payments by the mcp. in a study done in 2011 and 2012, hhs-oig found that medicaid providers had retained over $24 million in overpayments. a portion of these
overpayments was due to accounting errors of payment by third parties such as medicare, but another portion was due to duplicate payments. in addition to edits, the mcps should require their network providers to periodically compare their invoices to the mcp to credit balances resulting from payments by the mcp and reconcile the two.
other edits should identify claims for services which are medically impossible or unlikely. for example, edits should be in place to detect claims for a hysterectomy on a male, two major surgeries of the same type on the same day, or claims for more services on the same day than are possible. it is possible that these and other
suspicious claims can be explained by provider error in entering data in the record or in the claim. even if there is no fraud, waste, or abuse, there is obviously a failure to comply with proper claims procedure that needs to be corrected. the mcp should test the effectiveness of edits to ensure they are working properly.
preauthorization requests and claims edits are important means of detecting possible fraud, waste, and abuse. the mcp should also consult other sources of information about possible fraud, waste, and abuse. just as mcps should have effective lines of communication that make it easy for employees to report suspected fraud or
abuse, they should likewise make it easy for beneficiaries, providers, and the general public to make such reports. the mcp should establish a fraud and abuse report line, incorporate a fraud and abuse reporting form on its website, and include the link and report line number in all enrollment, marketing, and program usage material that is
distributed to providers and members. the online report form should be identical to the paper form. both should have an anonymous submission option. when possible fraud, waste, and abuse is detected, the mcp should use data analysis and other investigative tools to discover whether fraud, waste, and abuse has in fact occurred.
encounter processing software which is designed to detect a limited range of potential fraud. other types of fraud require more sophisticated data analysis. such data analysis may include: data matching; comparative analysis of claims to identify anomalies or outliers; monitoring of complaints and social
media using text mining; sampling and extrapolation; and validation of encounter data. an example of data matching would be comparing the list of beneficiaries with the social security administration death master file to ensure that the mcp is not paying for services in the name of a beneficiary who is dead.
another example would be comparing the list of network providers against state licensure databases to make sure the mcp is not paying for services rendered by unlicensed or suspended providers. an example of comparative analysis would be analyzing the number of prescriptions for pain killers written by physicians with similar practices to
identify outliers who may be overprescribing. another example would be analyzing prescriptions for controlled substances written by two or more physicians for the same beneficiary. this pattern may indicate a beneficiary is doctor shopping, which can be an indicator of abuse and is illegal in some states.
follow-up investigation for suspected overprescribing and suspected doctor shopping may include obtaining medical records to see if there is a medical necessity for the prescriptions. in performing data analyses, mcps should be sure to include approaches that might detect the types of fraud, waste, and abuse that are of the most concern.
an hhs-oig survey done in 2010 identified the types of provider and beneficiary fraud, waste, and abuse about which mcps and smas were most concerned. these types were billing for services not rendered, billing for a higher level of service than that provided (upcoding), fraudulent beneficiary enrollment or
retention, and beneficiary drug diversion. indicators of some of these types of fraud, waste, and abuse may be revealed by some of the analyses above, but detection of other types of fraud, waste, and abuse may require other approaches. to facilitate data analysis, mcps are "adopting 'big data' approaches to fraud
surveillance." these approaches include data warehousing and use of software fraud and abuse detection tools. a data warehouse is a relational database that is designed for query and analysis rather than processing of transactions. putting data in such a warehouse avoids the possibility of analysis getting in the way of ongoing
claims processing. it also makes the analytical process simpler. after data analysis, or in tandem with it, the mcp should open an investigation to determine whether the fraud, waste, and abuse indicated by the data or reports in fact took place. experience shows that some allegations of fraud, waste, and abuse will turn out,
on even a cursory examination, to be lacking in substance or too unspecific to be verifiable. likewise some indications of fraud resulting from data analysis may, upon further examination, turn out to be false positives. an effective compliance program will separate these allegations from those that appear to be more plausible.
while investigating the truthfulness of allegations that appear to be plausible, the mcp should also investigate whether the alleged fraud, waste, and abuse poses a credible threat to patient safety, or whether there is a danger that evidence may be destroyed or stolen funds removed from the jurisdiction. if any of these factors apply, the mcp
should request immediate assistance from law enforcement, either directly or through the sma, as provided by the mcp's contract. depending on the nature of the allegation, a preliminary investigation could include an examination of: claims; enrollment forms; licensure status; medical records;
exclusion, debarment, and termination databases; applicable law, rules, and policy provisions; any prior investigations, monitoring or audit reports, or reviews; any previous communication with, or training provided to, the suspected violator; any relevant posts on social media, by the subject or others; and a statistically valid sample of other
claims concerning the same provider or beneficiary to determine whether the conduct complained of is: an isolated incident due to error or ignorance; or part of a pattern that suggests fraudulent intent. when a preliminary investigation finds that an allegation of fraud, waste, and abuse is plausible, the mcp should
promptly report the matter to the sma or other designated agency and initiate a full investigation. address the conduct of full investigations. those policies should specify: how investigations will be conducted; a time limit for duration of investigations; when to use an outside investigator; and how and when to refer an investigation
to the sma or cms, or to hhs-oig or other law enforcement agencies. in some states the sma has established standards for these requirements, so the mcp should be sure to check for those before writing its own policies. likewise, in some states smas require that mcps coordinate their investigations with the program integrity division of the sma.
in other states, the sma requires mcps to coordinate with another agency, such as an inspector general's office or a mfcu. even if the mcp's contract does not require such coordination, the mcp should inform the sma and other mcps of its investigations. the provider or beneficiary that the mcp is investigating may also be under
investigation by other mcps or fee-for- service programs, and it is helpful for the sma to be able to make these connections. in specifying how investigations will be conducted, the policy should set forth the steps that investigators should usually take. the mcp should assign a qualified
person, such as an auditor, reviewer, monitor, or investigator, to conduct a full investigation of fraud, waste, and abuse allegations that appear to be plausible. in addition to reviewing the information accumulated during the preliminary investigation, the investigator may want to obtain and analyze the following additional records:
medical records, for a comparison to claims, to determine whether: there is a lack of documentation to show that the service or item was ever furnished; there is a lack of medical necessity for the service or item provided; or the service provided was less costly than the one billed for.
any previous communication with, or education or training provided to, the suspected violator to show that the subject knew about the applicable policy, regulation, or statute and thus cannot credibly claim ignorance as an excuse. as appropriate, an investigator may also: interview the source of the complaint; visit the provider's work site; and
interview witnesses at the work site or elsewhere. if the scope of the mcp's required investigation is not addressed in the mcp's contract, the mcp should seek guidance from the sma or other agency to which the sma has deferred such issues. this is important to avoid problems with referral of suspected
violations after the investigation is completed. for example, some law enforcement agencies do not want mcps to take statements from witnesses or to interview the suspect. if the mcp takes these steps in an investigation and does not coordinate with the appropriate agency in advance, law enforcement may
reject the resulting referral. the job of the person assigned to the investigation does not end when the facts are gathered. the next step is to analyze those facts in light of the applicable law or contract provisions. the investigator should: analyze patterns in the relevant claims and medical records;
develop a chronology of both the alleged wrongdoing (dates of conduct) and mcp actions; determine the extent of the possible monetary loss (include sample and exposed dollar amount); identify the laws, rules, and policies that appear to have been violated; and determine the general nature, scope,
risks, and fiscal materiality of the potential violations. the investigative process must be designed to discover whether the alleged fraud took place, not just to accumulate facts that might support the allegation of fraud, waste, and abuse. the process must also seek to eliminate any false positives that might have resulted from
data analysis. in many cases, a sound analysis of investigative results will require the application of clinical judgment. we have previously discussed how an investigation that leads to a finding of non-compliance can lead to imposition of discipline or other sanctions on providers and beneficiaries. when there is a finding
of possible fraud, waste, and abuse, the mcp should determine not only what internal corrective action to take but also whether the facts require a report and referral to the sma or another agency for further action. there is no regulation specifying what level of proof the mcp must have before reporting or referring fraud, waste, and
abuse, but it makes sense to use the same standard states must use in deciding whether to suspend payments: credibility. an allegation of fraud is credible if the allegation has been verified, has indicia of reliability, and has been reviewed carefully in light of all the evidence on a case by case basis.
a referral of a credible allegation of fraud, waste, and abuse should be accompanied by an investigative report documenting the investigator's findings. in the 2013 hhs-oig report discussed previously in this presentation, hhs-oig noted reasons why mcps may not want to invest resources in investigations and referrals. those reasons include the time
it takes to investigate and refer, the inability under some contracts to share in fraud related recoveries, and the lack of negative consequences for failure to investigate and refer. as discussed, mcps might want to perform these functions to withstand increased government scrutiny of such efforts, and to protect themselves
from losses that can be caused by provider fraud and civil penalties that can be imposed as a consequence of provider fraud. among other reasons, the mcp might wish to consider that investigation, referral, and administrative or judicial action against a fraudulent provider can have a powerful deterrent effect on other
providers that are engaged in fraudulent schemes. in addition, the mcp's contract, or state law, may require the mcp to investigate and refer. effective referrals must contain sufficient information to permit a thorough investigation by the receiving agency. mfcus have complained that referrals from smas "sometimes lack key data
elements or do not distinguish between fraud and overpayments." similarly, law enforcement agencies have expressed concern that referrals from mcps are of poor quality. regardless of whether the mcp referral goes through the sma or straight to the mfcu, there is good reason to take care to make the referral effective.
to ensure the quality of their referrals, mcps should follow guidance found in the "cms-mig performance standards for referrals of suspected fraud from a single state agency to a medicaid fraud control unit." although the standard does not apply to mcp referrals, it makes sense for mcps to meet this standard because the
ultimate destination for referrals from an mcp to a sma will often be a mfcu. in states where the mcp is required to make referrals directly to the mfcu it makes even more sense to follow this standard. based on the criteria found in the cms standard, mcp referral communications should be accompanied by an investigative report and copies of the
relevant documents. mcps should also follow any additional requirements for referrals under their contracts and any agreements with the sma or the agencies to which the referral is addressed. the cms standard defines a referral as a "'collection of information' communicated from the single state agency
to the mfcu due to a suspicion of provider fraud through a formalized process." the standard sets forth the minimum contents of the collection of information that a sma should send to the mfcu. this standard, when adapted to referrals from an mcp, requires inclusion of the following information: subject (name, medicaid id, address,
and provider type); source; date reported to mcp; description of suspected fraud, including type of service, facts, statutes, regulations, or policies violated, dates; amount paid to provider during the past 3 years or during the period of the alleged misconduct, whichever is greater; all communications between subject
and sma or mcp; amount of money at stake; and contact information for the mcp employee. although the cms standard does not specify the format in which this information is to be conveyed, the format that law enforcement itself uses and is accustomed to receive is the investigative report.
law enforcement agencies and civil enforcement agencies receive more referrals than they are able to act upon. it is, therefore, important that the mcp's investigative report quickly get to the point so that the receiving agency can properly assess the priority to give the referral. a referral that does not start off with a concise case summary may end
up gathering dust. the case summary should briefly state how and when the violation was detected; identify the statute, regulation, or policy that has been violated; briefly recite the facts that prove the violation; set forth the amount of the loss and the non-monetary impact of the violation; and give reasons that the receiving
agency should act on it. the summary should show how the violation involves lying, cheating, or stealing. after the case summary, the report should provide a more detailed account of the facts and an analysis of those facts under applicable law or policy. it should present this information in a logical, easy-to-follow format.
the information should be presented in the order in which the violation occurred rather than the order in which the mcp discovered it. to facilitate review and possible further investigation by the receiving agency, the mcp should divide the report up into labeled sections, and use headers as appropriate to break up the text.
the report should provide a complete picture of the violation and the suspect provider, beneficiary, or subcontractor. mcps should not assume that the receiving agency is familiar with the context in which the violation occurred. the mcp should document as much information as possible, including the minimum items in the cms guidance
document discussed earlier. it is not a good idea to aim only to meet the minimum requirement. therefore, mcps should consider adding other relevant information, including: any previous investigations, discipline, or litigation involving the subject; the contact information for the: source of the report of fraud, waste, and
abuse, if available; person at the mcp who is the most knowledgeable about the case; and witnesses; any facts showing urgency related to time; any news media coverage or other high profile characteristics of the case; and any involvement by another agency in investigation of the subject. if another agency, such as a licensing
board or the dea, is also investigating the subject for fraud or abuse, it is important to include this information in the report. civil and criminal enforcement agencies do not want to duplicate the efforts of other agencies. failure to inform them of other agency involvement on the front end may lead to rejection of the referral later on.
the mcp should follow state law and the mcp contract with the sma regarding referral of fraud or abuse. in many states, the contract will require the mcp to refer the results to the sma's program integrity unit. in other states, the mcp may be instructed to report fraud and abuse cases to the mfcu, hhs-oig, or
another designated agency. aside from any contract provision or other legal requirement, mcps should refer suspected fraud and abuse because referrals can lead to administrative, civil, or criminal enforcement actions that may prevent the fraud, waste, and abuse from continuing and deter others. sending a referral to the sma or other
designated agency does not mean the mcp's involvement with the suspected fraud or abuse stops. mcps with effective compliance programs follow up with state agencies and law enforcement to determine the outcomes of their referrals. if the mcp does not receive any response to a referral within a reasonable time, it should inquire
of the receiving agency. by federal regulation, when a mfcu accepts or declines a case referred by the sma, the unit is to notify the sma in writing. presumably this same requirement would apply to referrals made by an mcp directly to a mfcu at the sma's direction. if the referral is accepted, or if the
receiving agency has not yet made a determination whether to accept the referral, it is quite possible that the receiving agency will have questions about the suspected violation. the mcp will need to be prepared to respond to these questions, which may involve clarifying the mcp's policies and procedures, providing additional
documents, or gathering further information through witness interviews. the mcp should be prepared to assist the receiving agency in all of these ways. the mcp should also be prepared to wait for a result. health care fraud settlements and prosecutions show that it can be years between the time fraud is reported and the responsible parties
settle or are brought to judgment. if a referral leads to a recovery or successful prosecution, the mcp investigator should inform the compliance officer, who should in turn inform senior management and the board of directors. ultimately the mcp should spread the word throughout the organization-- this is
a sign of an effective compliance program! mcps who have had this experience know what a motivator this can be for the whole organization. success stories should also be shared with network providers and other contractors. this can be done by including the information in regular communications with these entities such
as newsletters or emails. if the referral was declined, the mcp should find out why. if there was a deficiency in the investigation, or if the matter investigated was not appropriate for referral, the mcp should change its policies accordingly. regardless of the outcome of a referral, mcps should share their detection and
investigation experiences with other mcps. these experiences could include identifying and determining the reliability of different sources of intelligence, and using different methods to prevent and detect fraud, waste, and abuse. in addition to having strong compliance and anti-fraud programs, mcps that wish to be effective partners in the fight
against fraud, waste, and abuse can take additional steps to promote program integrity. these steps include participating in periodic meetings with the sma (often in collaboration with the mfcu.) these meetings are good opportunities to discuss current investigations, state and national trends, problem providers,
detection methods, and deterrence strategies. hhs-oig found that 11 of 13 states surveyed in 2010 and 2011 held recurring meetings with mcps. the meetings typically discussed mcp and state concerns and reviewed ongoing fraud and abuse cases. compliance officers typically attended these meetings. staff from the state
mfcu sometimes attended as well. mcps can also promote program integrity by meeting regularly with other mcps and the mcp's own subsidiaries to exchange information and ideas related to fraud, waste, and abuse. for example, mcps that contract with the same pharmacy benefit manager (pbm) could meet monthly to discuss pharmacy
compliance issues. in addition to regular meetings, another means of exchanging ideas and information is by participation in state and national meetings on compliance and the elimination of fraud, waste, and abuse. many of these meetings are sponsored by private organizations and are held on a regular basis.
participation in national meetings is an important part of compliance education because at these meetings mcp representatives can learn of trends and strategies from other parts of the country. in addition to face-to-face contact with partners and peers, mcp compliance personnel should take advantage of resources available on the internet.
the cms website includes a medicaid program integrity education page where additional materials on compliance, as well as fraud, waste, and abuse, are posted. these materials consist of toolkits, many of which address subjects that may be relevant to an mcp's compliance program. one toolkit that may be particularly
relevant is on fraud, waste, and abuse. other toolkits that may be of interest address the following topics: drug diversion, beneficiary card sharing, compliance for the dental professional, non-emergency transportation, personal care services, off-label pharmaceutical marketing, and safeguarding your medical identity.
the compliance page of hhs-oig's website also provides a range of compliance- and fraud-related materials, including fraud training for providers and compliance guidance for solo or small physician practices. many states-- including, for example, new york and florida--provide training materials on their websites.
private organizations also post many helpful fraud, waste, and abuse materials on their websites. it is impossible to mention all of them here. although cms does not endorse any private entities or products, participants interested in such materials may want to review free materials on compliance, auditing, and investigations that can be
found on the websites of the health care compliance association, the association of certified fraud examiners, and similar organizations. fraud, waste, and abuse is a serious problem in the medicaid program. it is one that government alone cannot solve. a solution will require a joint effort by all of the program's stakeholders.
with the growth of managed care in medicaid, mcps have become critical partners in preventing, detecting, and reporting fraud, waste, and abuse. a major component of this partnership is the ongoing implementation of effective mcp compliance programs. as partners, we can all learn from the excellent compliance programs that many mcps
already have in place. we can also learn from the guidance of cms, hhs-oig, and the resources available from these agencies and other organizations. we hope you have found today's presentation interesting and informative. this presentation is just one of four products that are part of the cms
managed care compliance toolkit. the other products include a handout of the slides, a resource handout with links to many of the sources on which the presentation is based, a set of referral guidelines, and a fact sheet. these products, and a video recording of this presentation, are posted on the cms website.
this presentation was current at the time it was published or uploaded onto the web. medicaid and medicare policies change frequently so links to the source documents have been provided within the document for your reference. this presentation was prepared as a service to the public and is not intended to grant rights or impose obligations.
this presentation may contain references or links to statutes, regulations, or other policy materials. the information provided is only intended to be a general summary. use of this material is voluntary. inclusion of a link does not constitute cms endorsement of the material. we encourage readers to review the
specific statutes, regulations, and their interpretive materials for a full and accurate statement of their contents.
No comments:
Post a Comment