The 2021 Top Management and Performance Challenges Facing HHS is an annual publication of the Department of Health and Human Services (DHHS) Office of Inspector General (OIG). The OIG has identified six top management challenges that the DHHS currently faces as it strives to fulfill its mission to enhance the health and well-being of all Americans These top challenges reflect overarching issues that affect multiple HHS programs and responsibilities. Fraud remains on this short list of OIG concerns.
The impact of COVID-19 on DHHS has been profound. As the lead Federal agency for medical support and coordination during this public health emergency (PHE), DHHS has numerous and significant responsibilities in providing assistance as the U.S. confronts COVID-19. The COVID-19 response affects nearly every challenge noted in this 2021 publication, including the potential for fraud during the pandemic.
This article focuses on those sections of the 2021 Top Management and Performance Challenges of DHHS which relate to fraud.
Challenges Related to Fraud, Waste and Abuse
Fraud, waste, and abuse divert needed program resources to inappropriate, unauthorized, or illegal purposes. As many providers faced financial and practice challenges due to COVID-19, CMS took steps to provide increased flexibility and advance payments to mitigate the financial effects of the pandemic. However, the increased flexibility created increased risk of improper payments and fraud schemes being perpetrated on DHHS, States, insurers and the public. DHHS has been faced with balancing the challenges created by the PHE with the need to be effective stewards of federal funds in these most unusual times.
Controlling Medical Costs
As the largest civilian agency in the federal government, DHHS annually manages $2.8 trillion in budgetary resources. Medicare and Medicaid, the Department’s largest health care programs, are administered by CMS. Almost 140 million beneficiaries, or more than 40 percent of Americans, rely on these programs for their health insurance including senior citizens, individuals with disabilities, low-income families and individuals, and patients with end-stage renal disease.
Due to the sheer size of the health care programs under its authority, the risk of overpayments and controlling medical costs remains a considerable challenge. Reducing improper payments—such as payments to ineligible recipients, duplicate payments and upcoding—is critical to safeguarding federal funds.
DHHS programs account for some of the largest estimated improper payments in the Federal government. Medicare, Medicaid, and CHIP accounted for 65 percent, or $134.2 billion, of all governmentwide estimated improper payments reported in FY 2020. 70 Original Medicare fee-for-service (FFS), Medicare Part C (also known as Medicare Advantage (MA)), and Medicare Part D (also known as Medicare Prescription Drug) accounted for $42.9 billion, or 32 percent, of the estimated improper payments that HHS reported in FY 2020.
|Improper Payments for Fiscal Year 2020
|Medicare, Medicaid & CHIP
|Medicare Part D, FFS, & MA
Some types of providers and suppliers pose heightened risks to the financial security of Medicare. For instance, OIG and CMS have identified especially high rates of improper payments for:
- home health services;
- hospice and SNF care;
- durable medical equipment;
- prosthetics, orthotics, & supplies;
- chiropractic services; and
- certain hospital services.
CMS has taken corrective actions for Medicare FFS by focusing on specific service areas such as these. As a result, the improper payment rate under Medicare Fee for Service (FFS) has dropped from 8.1 percent to 6.3 percent over the last 3 years.
However, the OIG recommends that CMS:
- take further action to reduce improper payments among certain provider and supplier types and in geographic locations that present a high risk to the financial security of Medicare; and
- ensure that it is prepared to detect and prevent improper payments in burgeoning areas, such as telemedicine and genetic testing.
Improper payments to Medicare Advantage Organizations (MAOs), which offer managed care coverage under Medicare Part C, remain a significant vulnerability for CMS because of the payment methodology used. Under these managed care arrangements, CMS makes a capitated payment to a MAO for each person enrolled in the MAO. In turn, the MAO pays providers for services a beneficiary may require that are included in the organization’s contract with CMS. The payment per patient is adjusted based on the different expected health care costs. Therefore, while this arrangement can improve access to care for beneficiaries with greater health care needs, it can create more opportunity for false claims and fraud. In FY 2020, the improper payment rate for the MA program (Medicare Part C) was 6.8 percent, for a total of $16.3 billion in improper payments. The OIG has found improper payments under Medicare Part C that were driven by diagnoses not supported in the medical records. In 2021, the DOJ has intervened in several large whistleblower suits in which allegations of systemic documentation fraud by health care insurers to increase patient risk scores have been made.
Medicaid is equally problematic. The estimated Medicaid improper payment rate increased significantly, from 14.9 percent in FY 2019 to 21.4 percent in FY 2020, while CHIP increased from 15.8 percent to 27.0 percent.
|Improper Payments % Increase
Medicaid accounted for approximately $86.5 billion in estimated improper payments in FY 2020. CMS attributes these increases to high levels of observed eligibility errors. OIG audits have also identified substantial improper payments to providers across a variety of Medicaid services including school-based, nonemergency medical transportation, targeted case management, and personal care services. Given that CMS will apply the updated Medicaid eligibility measurements for the first time in FY 2021, the improper payment rate is likely to see similar, significant increases in the next year as well. As such, the OIG found it imperative that CMS focus its efforts to implement strategies to reduce Medicaid and CHIP improper payment rates.
Managing COVID-19 Funds
As of May 2021, CMS had made advanced and accelerated payments to Medicare providers totaling more than $107.3 billion and paid providers for certain services at enhanced rates applicable during the PHE. CMS also suspended or reduced the scope of many program integrity safeguards, such as provider enrollment screening. While these steps may be appropriate to ensure access to care, they also raise the risk that fraud will be committed by those seeking to exploit the PHE. OIG has identified serious concerns related to fraud schemes that would divert funds intended for COVID-19 response and recovery.
The OIG has identified a number of actions needed to mitigate COVID-19 fraud:
- HHS should ensure that funds are paid only to eligible recipients—in correct amounts—and used in accordance with program requirements. For example, OIG settled a case for civil monetary penalties, involving a provider that received COVID relief funds despite having its Medicare billing privileges revoked and falsely attesting to its eligibility.
- DHHS must apply effective internal controls and efficiently manage the collection, maintenance, and analysis of relevant data that are key to ensuring that COVID-19 funds are used for their intended purposes. News reports during the PHE have highlighted misuse of these funds for personal trips, boats and vacation homes.
- DHHS must take action to protect individuals from being defrauded under the guise of the PHE. In August 2021, OIG alerted the public about COVID-19-related fraud schemes. The OIG noted that fraudsters were offering unapproved and illegitimate COVID-19 tests, HHS grants, and Medicare prescription cards in exchange for personal details, including Medicare information, which could then be used to commit medical identity theft.
Medicare and Medicaid
Schemes to steal money from Medicare and Medicaid take many forms – from as simple as billing for services not provided and identity theft, or as complex as kickbacks, improper prescribing, deceptive marketing, and money laundering. The perpetrators of fraud schemes range from highly respected providers to organized criminal enterprises with no legitimate role in health care. Scammers target individuals through various methods including phone, email, or social media to obtain money or personal, medical, or financial information. To combat fraud, the OIG recommends that CMS continue its crucial coordination with, and support for, law enforcement, including taking parallel administrative actions as appropriate.
HHS faces a significant challenge in conducting oversight of managed care programs and protecting against fraud, waste, and abuse. Managed care is the primary delivery system for Medicaid, covering at least some services for more than 80 percent of all enrollees. In Medicare, more than one-third of beneficiaries are currently enrolled in MAOs. OIG has found weaknesses in MAOs’ and Medicaid Managed Care Organizations’ (MCOs’) efforts to identify and address fraud and abuse by their providers. However, these programs vary widely among the MAOs and Medicaid MCOs, as does the detection of suspected fraud.
Furthermore, the MA program is vulnerable to fraud, waste, and abuse perpetrated by MAOs to inappropriately inflate the payments that they receive from Medicare or to inappropriately deny care that they are obligated to provide. In multiple audits, OIG analyzed whether the MAOs submitted diagnosis codes to CMS for use in the risk adjustment program in accordance with Federal requirements and found that risk-adjustment data submitted to CMS for use in the risk-adjustment program was not always supported by medical records. OIG also found that billions of dollars in estimated MA risk-adjusted payments supported solely through chart reviews or diagnoses reported only on health risk assessments raise concerns about the completeness of payment data submitted to CMS, the validity of diagnoses on chart reviews and health risk assessments, and the quality of care provided to beneficiaries.
The OIG also found that high numbers of overturned denials upon appeal and persistent performance problems identified by CMS audits raise concerns that some beneficiaries and providers may not be getting services and payment that MAOs are required to provide.
OIG has recommended that:
- certain MAOs refund overpayments and enhance their policies and procedures to prevent, detect, and correct noncompliance with Federal requirements.
- CMS to improve its oversight of MAOs so that MAOs will ensure practices drive better care—not just higher profits—as well as enact policies and procedures to improve the integrity and usefulness of payment data.
- CMS make improvements to MA encounter data. CMS has taken action to address potential errors in the data and ensure that billing provider identifiers are active and valid on all records. The OIG also recommended that CMS provide targeted oversight of MAOs that have submitted a higher percentage of records with potential errors, track how MAOs respond to edits that reject data, and establish and monitor performance thresholds related to MAOs’ submissions of records with complete and valid data.
In Medicaid managed care, program integrity responsibilities are shared among CMS, States, and managed care plans. This makes effective program integrity oversight by CMS more complex and challenging. OIG found that most States did not provide complete and/or accurate data on Medicaid managed care payments to providers in the national data system— the Transformed Medicaid Statistical Information System (T-MSIS). CMS and States need complete and accurate payment data to effectively monitor and administer Medicaid managed care. The need for complete and accurate payment data is more important than ever, given the unprecedented stress that the COVID-19 pandemic has placed on the Medicaid program.
OIG found that opioid-related fraud encompasses a broad range of criminal activity, from prescription drug diversion to addiction treatment schemes. OIG investigations show that opioid drug diversion (the redirection of legitimate drugs for illegitimate purposes) is on the rise. Diverted opioid drugs are at high risk of inappropriate use and causing significant harm. The OIG has made the following recommendations:
- CMS and States should follow up on prescribers with questionable prescribing patterns to ensure that Medicare Part D and Medicaid are not paying for drugs being diverted for resale or recreational use;
- Indian Health Services should improve its internal controls against opioid-related fraud, including controls at entry points to sensitive areas of its hospitals to protect its pharmacy inventory from unauthorized access;
- CMS should collect comprehensive data from Medicare Part D plan sponsors; and
- CMS should also require pharmacies that bill Medicare Part D to enroll in the Medicare program. Currently, CMS’s three key tools for safeguarding against fraud—enrollment, revocation, and preclusion—apply to pharmacies only when they bill Medicare Parts B or C, not when they bill Medicare Part D.
Systems for detecting and preventing fraud
CMS’ Fraud Prevention System (FPS)
For detecting and preventing fraud and improper payments, CMS’s Fraud Prevention System (FPS) has been in use since 2011. The OIG recognizes FPS as an important tool that runs predictive algorithms and provided other sophisticated analytics nationwide on Medicare FFS claims prior to payment to identify, and stop fraudulent claims. However, OIG found that FPS is not as effective as it could be and recommended that CMS make better use of the performance results within its FPS to refine and enhance its predictive analytic models.
Provider Enrollment Screening
An effective provider enrollment screening process is an important tool for preventing Medicaid and Medicare fraud. It plays a vital role in identifying unscrupulous providers and preventing them from enrolling in Medicaid and Medicare. The OIG found that Medicaid is vulnerable to being defrauded by high-risk providers that were not properly screened.
- 13 States had not implemented fingerprint-based criminal background checks for their high-risk Medicaid providers as of January 2019
- 23 States had not enrolled all providers serving Medicaid beneficiaries in their respective Medicaid programs, exposing them to potentially harmful providers that had not been screened for fraud, waste, and abuse.
- Nearly 1,000 terminated providers—or 11 percent of all terminated providers—were inappropriately enrolled in State Medicaid programs.
Therefore, despite the 21st Century Cures Act which was designed in part to strengthen Medicaid program integrity, terminated providers continue to serve Medicaid beneficiaries. OIG recommended that CMS should:
- ensure that all States fully implement fingerprint-based criminal background checks for high-risk Medicaid providers;
- work with States to ensure that they have the controls required to prevent unenrolled providers from participating in Medicaid; and
- follow up with States to remove terminated providers that OIG identified as inappropriately enrolled in Medicaid.
The 2021 Top Management and Performance Challenges Facing HHS issuance addresses many other areas of concern by the OIG. The sheer size and complexity of the Department and its broad authority over health care in this country compound the challenges faced by DHHS management to successfully meet its mandate, while also addressing the pressing issues related to COVID-19. While the challenges and recommendations are daunting, the importance to meet these challenges has never been greater.