The Heat is on
Expect increased audit activity in the near future
PAAS expects to see increased audit activity from Medicaid Managed Care Organizations (MCO) across the country. Our predictions include larger numbers of MCO audits, increased scope of audits and new audit strategies. We also believe we will see collaborative audits with coordination between CMS, state Medicaid programs and multiple MCOs working together. Now is the time for you to take proactive measures to audit proof your pharmacy.
PAAS bases these predictions upon the signs coming from the federal government that point toward efforts to push state Medicaid programs to step up program integrity efforts by placing much higher levels of scrutiny on state MCOs. Government reports from the HHS Office of the Inspector and Government Accountability Office published in July, 2018, highlight deficiencies in the states’ oversight of program integrity of their MCOs. These reports conclude that many MCOs are not performing their responsibilities related to the detection, reporting and reduction of fraud, waste and abuse. They are also sure to stimulate CMS to enforce much higher levels of accountability upon states and in turn states to enforce stronger oversight of their MCO plans. CMS will expect state Medicaid agencies to strengthen program integrity with stronger audits, stricter enforcement, corrective action plans and greater overpayment recoveries.
There are waves of Medicaid beneficiaries that states have moved to MCOs over the last few years. This surge is attributable to the Affordable Care Act (ACA) of 2010 (“Obamacare”). The ACA was premised upon improving the quality of healthcare while increasing efficiencies. The Act includes provisions that encourage states to move their Medicaid populations into MCOs.
The managed care provisions in the ACA are actually the second major try at reducing Medicaid expenditures by hiring MCOs to manage Medicaid beneficiaries. The first large wave started in the 1990s as many states pushed Medicaid patients to MCOs. Instead of capping costs the states found that managed care increased their overall expenditures. States that had transferred the majority of their Medicaid populations to MCOs saw costs escalate and retreated to traditional fee-for-service Medicaid programs. The ACA contained incentives in the managed care approach intended to protect state expenditures as motivation for states to move to MCOs. For example, ACA extends Medicaid manufacturer rebate requirements to apply to MCOs. The states that took advantage of Medicaid expansion by utilizing MCOs to handle the large volume increases in beneficiaries.
Medicaid is a federally mandated, but state managed program created in 1965. It provides healthcare for the indigent. The majority of funding comes from federal matching funds. To qualify for federal matching funds States must operate their Medicaid programs within federal guidelines. Traditionally, Medicaid programs operated as fee-for-service plans meaning that the states process claims and makes direct payments to providers. Under risk-based Medicaid managed care MCOs contract with a state and receive capitation payments (example: dollars per patient per month) to manage and administer the care of Medicaid beneficiaries. In turn MCOs contract through PBMs to pay providers for services on a fee-for-service basis.
Program Integrity Responsibilities
In July, 2018, the Senate Committee on Homeland Security and Government Affairs reported they had found $37 billion in overpayments to providers in 2017.
Program integrity encompasses efforts to ensure Medicaid beneficiaries receive high quality and efficient care—with minimal waste. CMS is ultimately responsible for oversight of program integrity efforts across the country. CMS requires states as well as their MCOs to share the responsibilities for program integrity.
While states are directly responsible to monitor potential fraud and abuse, MCOs are obligated under state contracts to administer actions on behalf of states to detect, investigate and in some instances refer and report fraud and abuse. These responsibilities also include the recoupment of overpayments to providers.
Although MCOs are not required to establish Special Investigation Units (SIUs) many do. This is an attempt to meet program integrity responsibilities incorporated into their state contracts. Most MCOs establish SIUs to battle fraud, conduct investigations, identify and recover overpayments, refer cases and take corrective actions.
CMS drafted rules to address program integrity provisions and issued a Final Rule in 2016, with an effective date of July 1, 2017. But many of the provisions have been delayed and are yet to be enforced.
Two Government Reports
In July 2018, two government reports were published addressing the inadequacy of oversight of MCOs—one by the HHS Office of the Inspector General (OIG) and the other by the Government Accountability Office (GAO). Although both studies employed different methodologies, their findings arrive at similar conclusions. There are many gaps and deficiencies in the oversight of MCOs at the federal and state levels. These challenges have resulted in many MCOs delivering less than minimal efforts to maintain program integrity.
OIG MCO Report
HHS OIG report July 2018 (OEI-02-15-00260) “Weaknesses Exist in Medicaid Managed Care Organizations’ Efforts to Identify and Address Fraud and Abuse”
The OIG reported concerns of managed care fraud and abuse back in 2011, noting the lack of fraud and abuse referrals. Currently MCO programs serve 80% of all Medicaid enrollees with 2016, MCO payments from state and federal funds exceeding $236 billion. MCOs are responsible to identify and recoup overpayments.
The OIG methodology included a review of 2015, MCO data submitted to CMS. They focused upon the MCO with the largest expenditures in each of 38 states. In addition, the OIG conducted interviews with key Medicaid personnel in five states and five MCOs. Here is what they found.
- Seven MCOs identified fewer than 30 instances in 2015, of fraud or abuse.
- The median number of cases per MCO was 116.
- Three MCOs identified over 800 cases.
- Three MCOs averaged only about 1 case per month.
- Thirteen MCOs referred few cases to their state.
- One-third of the MCOs referred fewer than 10 cases.
- Two MCOs did not refer any cases.
- Four MCOs referred more than 100 cases.
- 38 MCOs identified $57.8 million in overpayments because of fraud and abuse.
- The median was $402,000 per MCO.
- Four MCOs did not identify any overpayments
- Overall MCOs recovered only 22% of the amounts they identified as overpayments.
- Seven of the MCOs only recovered 2% or less of the amounts they identified as provider overpayments.
- The MCOs with SIUs consisting of five or more employees referred four times as many cases to states as MCOs with fewer than five employees.
- The OIG emphasized the importance of proactive data analysis to detect overpayments but not all the MCOs used proactive data analysis to detect potential fraud and abuse.
- The OIG found disincentives for the MCOs to refer cases to the states because when the State takes a case the MCO is prevented from collecting the overpayment. Some states include “finders’ keepers” incentives in their contracts to allow MCOs to keep a portion of recoveries.
- The study found the states to be inconsistent in their expectations of MCOs to refer cases to them with a general lack of direction or continuity from state to state.
The most pertinent recommendations included:
- Improve MCO identification and referral of cases of suspected fraud or abuse.
This recommendation will translate into more Medicaid Managed Care audits of pharmacies
- Increase the MCO reporting of corrective actions taken against providers for fraud or abuse to the State
Expect tougher audits wider in scope—more claims, greater detail
- Improve coordination between MCOs
Expect the possibility of several MCO plans working together.
Expect States to take a more active role in making sure their MCOs operate strong anti-fraud and abuse programs
GAO MCO Report
GAO report July, 2018, (GAO-18-528) “Medicaid Managed Care: Improvements Needed to Better Oversee Payment Risks”
In 2017 Federal spending for Medicaid Managed Care was $171 billion, nearly half of total federal expenditures. This figure does not include state funds matched with federal money. Between 2013 and 2016 Medicaid enrollments in MCOs increased from 35 million to 54.6 million beneficiaries. The GAO noted that, up to this point, state audits focus upon Medicaid fee-for-service providers and not MCOs. GAO found that payment risks with managed care are more difficult and complex to manage than traditional Medicaid fee-for-service.
The GAO study spanned from October, 2016, to July, 2017. To conduct their study, they reviewed federal and state audit reports, particularly Medicare managed care. They also reviewed previous reports regarding Medicaid program integrity. From these actions the GAO identified payment risks. They also conducted structured interviews with key state employees—managed care offices, program integrity units, state auditors, Medicaid Fraud Control Units (MCFU) and a MCO.
The GAO identified six risk areas. At the top of their list is MCO fee-for-service payments to providers. Of their interviews 59% of the stakeholders rated incorrect MCO fee-for-service payments as “high risk.”
Key GAO Findings
- States are not providing an adequate level of oversight over MCO risks.
- Gaps exist in CMS and state program integrity oversight.
- CMS does not receive full information on the breadth of MCO overpayments
- .CMS does not have methods in place to regularly collect overpayment information.
- CMS does not know if overpayments are accounted for by the states in setting MCO capitation payments.
- CMS must publish the long-delayed guidance to address many oversight issues.
This translates into greater controls of MCOs which will force them to conduct more audits and investigations.
- CMS must increase collaborative audits.
This means MCOs will work more closely with each other and state Medicaid agencies comparing notes.
- CMS must up their game to reduce managed care payment risks.
As CMS pushes harder it will produce a domino effect eventually filtering down to provider pharmacies.
PAAS Final Takeaways
The heat is on. CMS will begin to penalize states where their Payment Error Rate Measurements are excessive. CMS plans to increase its activity of auditing state claims for federal matching payments.
With the information from the HHS OIG and GSA reports it is easy to understand how PAAS came up with their prognosis—Expect Medicaid Managed Care Plans to drastically increase audits.
- Expect larger numbers of Medicaid Managed Care organization audits of provider pharmacies.
- Expect the scope of these audits to increase in terms of breadth and depth.
- Expect to see new and cleverer audit strategies.
- PAAS sees a strong likelihood of multiple MCOs and state Medicaid programs collaborating efforts.
Audit proof your pharmacy today!