Caution: Fix MA faux pas before OIG intervenes. With managed care on the HHS Office of Inspector General’s (OIG’s) watch list, your practice should prioritize educating staff on the ins and outs of Medicare Part C. Keep reading for expert tips on establishing and maintaining a robust managed care program, including what questions you need to answer when you’re evaluating your organization’s situation. What’s Managed Care, Anyway? Managed care is a health insurance plan that tries to mediate costs and boost quality by having plan members agree to see only particular practitioners in specific facilities or abide by other factors that may limit choice. Some examples of managed care plans include health maintenance organizations (HMOs) and preferred provider organizations (PPOs). HMOs limit members to particular doctors and facilities and tend to keep costs low, while PPOs offer a network of contracted practitioners but allow enrollees to seek care beyond the network, which can increase costs in several ways.
Although Medicare originated as an inclusive safety net to provide elderly people with a guaranteed standard of healthcare, Medicare Advantage (MA) was designed to give beneficiaries more flexibility and autonomy — and potentially save the government (and taxpayers) money. See Why Careful Compliance Matters OIG has made managed care a priority, in part because more and more patients are relying on managed care programs, including Medicare beneficiaries, via MA plans. According to OIG, in 2022, 50 percent of Medicare enrollees received some component of care via Medicare Advantage while 81 percent of Medicaid enrollees did. As providers start moving toward having a greater percentage of patients who partake in value-based care and thus, as an organization, assume the inherent risk adjustments that make those plans possible, providers need to run internal programs to mitigate audit risk. Incidents of fraud have grown alongside beneficiaries’ increasing utilization of MA, and OIG has the authority to investigate not just providers or health plans but entire health systems and the vendors who support the provision of managed care, said Khushwinder Singh, MD, MHA, CRC, in the presentation “How to Build a Robust Managed Care Program” during AAPC’s Collaborative Compliance Conference. In at least one investigation published so far by OIG, the agency says it evaluated records, especially health records involving high-risk diagnosis codes, showing that the Centers for Medicare & Medicaid Services (CMS) paid Medicare Advantage Organizations (MAO) accordingly but found no evidence of correlating treatment. OIG alleges that one MAO received overpayments from CMS to the tune of several million dollars and recommended that the organization refund CMS $3.1 million. (See the July 2023 report here https://oig.hhs.gov/oas/reports/region7/72001202.asp.) “This should be concerning to every managed care program. If any program is reporting these diagnosis code categories, you should have a robust compliance system around it,” Singh emphasized. The OIG has a specific list of diagnoses they’re focused on, which allows some risk mitigation: Stakeholders can identify the “high-risk diagnoses” that OIG is most likely to scrutinize and audit, said Jeff De Los Reyes, MBA, in the same presentation. Because OIG’s investigations revealed such significant overpayment to health plans, De Los Reyes warns that the agency will follow the money. “If providers start to take risks … then the OIG can actually go after the providers also. There are actually active cases where they are going for provider groups,” he asked. Evaluate These Factors To evaluate your own program, start with fact finding, De Los Reyes said. Look at these elements: Determining and/or delegating the responsibilities of RAF preparation is crucial, De Los Reyes said. Managed care compliance experts and other stakeholders recommend approaching this from a legal perspective because any internal (and certainly external) scrutiny should or will be on the partnership relationships and responsibilities. “In the end, the health plan is the one submitting for accuracy statements and collecting the money,” Singh said. But the provider agreements support compliance (or noncompliance) because the accurate encounter data submission comes from the providers’ submitted claims. “If they’re partnering in risk relationships, how are they responsible for maintaining accuracy, and what are the tools and resources?” he asked. Whether your practice is using tools or programs provided by vendors or constructed internally, the resources your organization utilizes need to be compliant. Evaluate whether the programs you’re implementing are good for reporting and oversight and follow the appropriate submission processes. Start asking your organization how you’re incentivizing providers — whether you’re a plan that is incentivizing providers or you’re a provider entering into a contract with payers — and look at any contractual obligations related to risky judgment, De Los Reyes said. De Los Reyes mentioned two red flags he’s seen recently: 1) A provider incentivized to improve RAF and 2) They’re going to get a sliding scale based on RAF improvement. Such a sliding scale can be misconstrued as paying for codes, he said. “Are you setting providers to pay for or be penalized for having low RAF members?” he asked. Also audit the diagnosis codes being used. “We always want to see evidence that inaccurate diagnosis codes are always being followed by a ‘delete’ transaction with CMS,” he said. “Plans or providers are obligated to submit a delete to CMS to remove it from the patient’s risk profile.” Take action: Responsible parties in organizations should be investigating whether incentives are in place and whether those incentives are “perverse,” as a way to artificially inflate RAF, as well as looking at the actual actions and transactions happening.