Unique Risks in Managed Care Compliance

At a recent conference, the Office of Inspector General (OIG) presented its 2024 plan for oversight in the managed care space. The OIG revealed that it prioritizes oversight of managed care because of the rapid growth and the identification of risks throughout managed care programs.

Defining Managed Care and Its Objectives

The term “managed care” describes a type of healthcare focused on helping reduce costs while keeping the quality of care high. A managed care organization (MCO) is a healthcare company or a health plan focused on limiting costs while maintaining high quality. Health plans available today often include features of managed care such as provider networks, provider oversight, prescription drug tiers, and more.

A Focus On Medicare Advantage Plans

Those MCOs offering Medicare Advantage (MA) health plans should prepare for increased government oversight. The OIG analyzed MA encounter data to determine whether health plans used chart reviews and health risk assessments to increase their risk-adjustment payments disproportionately relative to their size or peers’ reports. During this review, the OIG identified $9.2B in Medicare Advantage (MA) risk-adjusted payments for diagnoses with no other record of services, which appeared to be driven by 20 of 162 Medicare Advantage Organizations (MAOs) reviewed. Additionally, six risk adjustment data validation (RADV) audits identified $375M in overpayments.

The audits revealed a high risk of overpayments for certain diagnoses, and the government is likely to expand and increase RADV audits. As a result, the OIG has recommended that the Centers for Medicare and Medicaid (CMS) increase oversight of MAOs. The regulations finalized in 2023 permit CMS to recover extrapolated overpayments back to 2018 and incentivize MAOs to review documentation for risk-adjusted payments closely.

The RADV audit program is the government’s primary way to address improper overpayments to MAOs. During a RADV audit, CMS confirms that any diagnoses submitted by an MAO for risk adjustment are supported in the enrollee’s medical record documentation and medically necessary treatment. RADV audits look at patients’ medical records to verify diagnosis codes that are tied to hierarchical condition categories (HCCs). RADV audits occur after the final risk adjustment data submission deadline for the MA contract year and after CMS recalculates the risk factors for affected individuals to determine if payment adjustments are necessary. 

In 2023, Cigna Group, an MAO, settled a $172M False Claims Act allegation due to overpayments and entered into a corporate integrity agreement with the OIG. Expectations for RADV audits are outlined in the Cigna Group settlement press release. Chart reviews must audit not only for documentation to justify assigning beneficiaries with additional diagnosis codes but also for unsubstantiated diagnosis codes.  Further, it was pointed out that merely past documentation of a condition is not enough to increase an individual’s risk score. There must be current documentation and a linked treatment to increase the risk score.

How MAOs Can Prepare For RADV Audits

In general, CMS will provide the MAO with a sample of 200 plan members as the audit sample. From the 200 plan members audit sample, only those plan members tied to an HCC will be used for the RADV audit.

MAOs may consider obtaining claims data themselves to conduct a precursor audit using their own coders. By reviewing the data themselves, the MAO may gain significant knowledge about their providers and members and decrease overpayment risks.

MAOs can also use the RADV as part of their risk adjustment umbrella for tracking and trending purposes. The results of the RADV process can help MAOs identify health services to address population health conditions. 

OIG has developed a high-risk diagnosis code toolkit intended to provide MAOs with information about replicating techniques for identifying and evaluating high-risk diagnosis codes, facilitating proper payments, and providing better care for enrollees. The toolkit is meant to be a practical, hands-on resource to assist MAOs with improving the accuracy of claims containing high-risk diagnoses that are often miscoded. The toolkit is available at Toolkit: To Help Decrease Improper Payments in Medicare Advantage Through the Identification of High-Risk Diagnosis Codes (hhs.gov).

How Providers Can Prepare To Respond To RADV Audits

  1. Be organized. Providers should be prepared to provide large amounts of information in response to RADV audit requests within a limited period. The ability to readily produce documentation to support diagnosis codes tied to HCCs is critical.
  2. Consider tabletop exercises. Providers may consider engaging in tabletop exercises, practice audits, or adding a RADV audit to a compliance work plan to prepare.
  3. Medical record sample.  MAOs and their providers are required to submit a sample of medical records to validate risk adjustment data (42 CFR § 422.310(e). Consider selecting records where the HCC was initially generated.
  4. Know coding guidelines. Medical records should be coded to meet the requirements of the ICD-10-CM Official Guidelines for Coding and Reporting and ICD Guidelines.
  5. Follow CMS rules for submissions. CMS has set very clear guidance, available at RADV-Checklist.pdf (cms.gov) regarding requirements for submissions and contents of the samples.
  6. Review results. As with any audit, reviewing results is critical so that the MAO can correct errors as needed.
  7. Appeal denials as necessary.

Auditing And Monitoring

As any experienced compliance professional knows, a robust auditing and monitoring program is essential to an effective compliance program. Auditing and monitoring should be a major part of the compliance work plan. Compliance auditing and monitoring are different from quality reviews, and accurate auditing and monitoring should be conducted by individuals without connection to the department being audited.

If you don’t have an effective compliance program, you may be seen as acting in “deliberate ignorance,” which could violate the False Claims Act. MAOs and providers can survive the RADV process by preparing. Clearwater offers a Compliance Program Effectiveness Assessment (CPEA) to provide you with an objective review of your compliance program and implementation of OIG’s defined seven elements.

Contact us at info@clearwatersecurity.com to learn more about the CPEA and how it can help position your organization for a successful audit.

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Perspective on the Proposed Health Infrastructure Security and Accountability Act

Perspective on the Proposed Health Infrastructure Security and Accountability Act

The Health Infrastructure Security and Accountability Act (HISAA) introduced in the U.S. Senate on September 26 is another good step forward in addressing key factors contributing to the healthcare sector’s deficiency in establishing and maintaining adequate cybersecurity controls and risk management programs. While there are many in the sector that are already implementing recognized standards, having mandated standards would help to make sure everyone is playing by the same rules.

Connect
With Us