Reports on Weaknesses in MCOs’ Identification of Medicaid Fraud and Abuse.

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently issued a report detailing the weaknesses in Medicaid managed care organization (MCO) efforts to identify and address fraud and abuse in federal health care programs.  Medicaid uses managed care as the primary delivery system for Medicaid.  The program covered 80 percent of all Medicaid enrollees in 2015, and MCO payments accounted for more than $236 billion of the $554 billion in total Medicaid expenditures in 2016.  Despite managed care’s rapid expansion, program integrity has not been a central focus as it has been with Medicaid fee-for-service payments.  This has led the OIG and other government actors to raise concerns about Medicaid managed care program integrity.  The OIG has conducted prior work that has primarily focused on states’ efforts with Medicaid and the need to improve Medicaid data, including data submitted by MCOs.  This recent OIG report builds upon its previous work by focusing on MCOs’ efforts to identify and address cases of suspected fraud or abuse.  The report also provides information about strategies that states employ to strengthen MCOs’ program integrity efforts.

The OIG utilized data for this study from three sources: (1) a survey requesting 2015 data from the MCO with the largest expenditures in each of the 38 states that provides Medicaid services through managed care; (2) structured interviews with officials from five selected MCOs; and (3) structured interviews with officials from the same five states as the selected MCOs.  The data was then analyzed to determine the number of suspected fraud or abuse cases that the MCOs identified and referred and the overpayments that they identified and recovered.  The MCOs varied in size, with enrollees ranging from 18,000 to more than 1.6 million and incurring anywhere from $90 million to more than $6 billion in expenditures for 2015.

The OIG made the following findings:

1. Some MCOs identified and referred few cases of suspected fraud and abuse.

• The median number of cases that MCOs identified was 38, with seven MCOs identifying fewer than 30 cases and two MCOs identifying no cases during the year. In contrast, three MCOs identified more than 800 cases each.  Although these three MCOs were generally larger in terms of Medicaid enrollees and expenditures, MCO size did not fully explain the number of cases identified by each MCO.  The OIG saw this as evidence that some MCOs are much more proactive than others in looking for and working cases of fraud and abuse.  The large variation could be reconciled by what states expect MCOs to report.  For instance, some states expect MCOs to only refer cases of confirmed fraud or abuse after a full investigation has been conducted.  Other states, however, require MCOs to refer all identified cases regardless of whether the MCO has conducted an investigation.
• Healthcare entities often use proactive data analysis to find outliers, such as providers billing for an excessive number of services per enrollee. Proactive data analysis uses data to identify patterns that may indicate potential fraud, waste, or abuse.  Organizations also use other sources such as audits or provider complaints to identify these outliers.  Regardless of the method, proactive analysis is essential to detecting suspicious behaviors that other methods do not identify as quickly.  In its study, the OIG found that ten MCOs did not use proactive data analysis.
• The size and capacity of MCO Special Investigative Units (SIUs) also correlated to the number of cases MCOs referred. The larger-staffed SIUs were more likely to report cases of fraud and abuse compared to states with smaller SIUs.  These larger SIUs were able to optimize resources and efficiency, in part by coordinating program integrity issues and information sharing across the organization.  Hiring additional SIU staff also improved the number and quality of referrals.

2. MCOs did not typically inform the state of their actions against providers suspected of fraud or abuse.

• MCOs may pursue various actions once they suspect provider fraud or abuse, including provider education, implementing corrective action plans, and terminating a provider’s contract. In its evaluation, the OIG found that 38 MCOs initiated 2,668 corrective actions in 2015, which included pre- or post-payment billing reviews.  Of the 28 MCOs that educated providers as part of their corrective action, 18 informed the state of these actions.  Additionally, 15 of the 31 MCOs that conducted pre-payment or post-payment reviews did not report those actions to the state.  The 23 MCOs that terminated 5 percent of the providers suspected of fraud or abuse did not report this to their respective state.
• “For cause” termination led to 179 providers being terminated in 18 of the MCOs, and 3 of these MCOs did not typically notify the state of these terminations. 12 MCOs terminated a total of 73 provider contracts “not for cause”, and 4 MCOs did not renew 30 provider contracts suspected of fraud or abuse.  The MCOs varied in their reasoning for not reporting these corrective actions and terminations.
• The OIG found that the lack of reporting has hindered states from effectively monitoring the disciplined providers. This gives providers the opportunity to potentially defraud other Medicaid programs.

3. MCOs did not always identify and recover overpayments.

• MCOs identified a total of $57.8 million in overpayments associated with fraud and abuse for 2015, but four MCOs did not identify any such overpayments. Only 22 percent of the overall identified payments were actually recovered.  Six MCOs recovered the same amount they identified and seven MCOs recovered less than two percent of identified payments.
• MCOs are prohibited from collecting payments once a referral case is accepted from the state, which has heavily limited MCOs’ ability to recover payments.
• Payments not related to fraud and abuse, such as those for billing errors, were more likely to be identified and recovered. MCOs identified $831.4 million in such overpayments for 2015.  Six MCOs did not identify any overpayments, but MCOs recovered an average of two-thirds of the amount they did identify.
• MCOs in states that are required to report overpayments both related and not related to fraud and abuse were found to generally report more overpayments. States explained that these requirements incentivize MCOs to open more cases and recover more money while providing states with a baseline to measure MCOs’ performance.

4. Selected states employ various strategies to improve MCOs’ fraud and abuse related efforts.

• States reported that further incentivizing the identification and recovery of overpayments would encourage states in their MCO oversight efforts, particularly when they were able to retain a share of the recovery.
• Several state and MCO officials noted that cost avoidance measures would also be helpful in avoiding improper payments in the first place.
• The state activities that were found to enhance MCOs’ efforts in identifying fraud and abuse included:
  • Facilitating cooperation and information sharing among MCOs;
  • Providing ongoing training and education;
  • Requiring additional information, including standardized information or templates, from MCOs; and
  • Using encounter data to conduct their own proactive data analysis.

The OIG recommended that CMS:

• Improve MCO identification and referral of cases of suspected fraud or abuse;
• Increase MCO state reporting regarding actions taken against providers suspected of fraud or abuse;
• Clarify the information MCOs are required to report regarding providers that are terminated or otherwise leave the MCO network;
• Identify and share best practices about payment-retention policies and incentives to increase recoveries;
• Improve coordination between MCOs and other state program integrity entities;
• Standardize reporting of referrals across all MCOs in the state;
• Ensure that MCOs provide complete, accurate, and timely encounter data; and
• Monitor encounter data and impose penalties on states for submitting inaccurate or incomplete encounter data.

The OIG report concluded that MCOs are playing an increasingly important role in combating fraud and abuse because they can scrutinize the activities of providers within their networks.  Still, the weaknesses in MCO identification and referral of fraud and abuse cases and their recovery of overpayments suggest that MCOs require additional incentives to rectify these issues.

The full OIG report is available at: https://oig.hhs.gov/oei/reports/oei-02-15-00260.pdf.