Managed Care Fraud and Abuse-Draft

Document Sample
Managed Care Fraud and Abuse-Draft Powered By Docstoc
					Managed Care Fraud and Abuse Compliance Guidelines


I. Introduction


       The United States spends more than $1 trillion each year on healthcare

representing approximately 15 percent of the gross national product. The proportion of

annual health care expenditures lost to fraud and abuse remains unknown because such

losses have not been systemically measured. However, recent Medicare studies under

taken by the Office of Inspector General, U. S. Department of Health and Human

Services, estimates that losses to fraud and abuse may exceed 10 percent of annual health

care spending. Since 1992,when health care reform emerged as a matter of national

debate, the issue of fraud control has received much attention. Today, health care fraud

prevention and detection remains a top priority of the U.S. Department of Justice, with

criminal convictions in 1997 increasing threefold over the 1992 total (Sparrow, 1998).

       In Texas, the Comptroller of Public Accounts conducted a measurement of fraud,

abuse, and waste in three publicly funded health programs: the Texas Medicaid program,

the workers’ compensation program, and the Employee Retirement System. The study,

which covered acute care services to Medicaid recipients in Texas, was completed in

December 1998. The State Auditor’s Office and the Comptroller’s Office collectively

agreed that, as a result of the study, questionable claims in the acute care program of

Medicaid amount to between 6% and 6.8% of all claims filed.           These percentages

translate to between $143 million and $162 million in Medicaid spending when applied

to estimated fiscal year 1996 spending levels.
          The issue of preventing and detecting fraud and abuse in health care is a top

priority for the state of Texas. In June 1997, Governor George Bush signed into law

Senate Bill 30 an Act relating to fraud and improper payments under the state Medicaid

program and to the creation of a criminal offense; providing penalties. Some of the

provisions of Senate Bill 30 are as follows:

              The creation of the Office of Investigation and Enforcement;

             Mandated Medicaid fraud and abuse training for all Medicaid providers;

             The development and implementation of a fraud detection computer network,

              i.e., the Medicaid Fraud and Abuse Detection System (MFADS).

The Senate Bill, at section 2.05, section 16A, article 4413 (502), included specific

requirements for managed care organizations to read as follows1

         A managed care organization that contracts with the state to provide or arrange to

         provide healthcare benefits or services to Medicaid eligible individuals shall:

             Report to the commission or the state’s Medicaid claims administrator, as

              appropriate, all information required by commission rule, including

              information to set rates, detect fraud, neglect, and physical abuse, and ensure

              quality of care;

             Not later than 30 days after execution of the contract, develop and submit to

              the operating agency for approval by the commission a plan for preventing,

              detecting, and reporting fraud and abuse that conforms to guidelines

              developed by the operating agency with assistance from the commission and

              the office of the attorney general;

1
 This does not include all the subsections of Senate Bill 30, please review the final enrolled version of the
Senate Bill for a complete review.
          Require the managed care organization to report any known or suspected act

           of fraud and abuse to the operating agency for referral to the commission for

           investigation;

          Require that each contract between the managed care organization and the

           state contain provisions:

                           Stating that the information provided by a managed care

                            organization under this section may be used as necessary to

                            detect fraud and abuse;

                           Specifying    the   responsibilities   of    the   managed     care

                            organization in reducing fraud and abuse; and

                           Authorizing    specific   penalties    for   failure   to   provide

                            information required by commission rules.

       The signing into law of Senate Bill 30 was a continuing effort to control the costs,

improve the quality and the access to healthcare services in the State. In 1995, the Texas

Legislature passed Senate Bill 10 to enact a comprehensive restructuring of Medicaid,

incorporating a managed care delivery system (HHSC, 1999). In 1995 it was common to

hear government and industry commentators predict that the implementation of managed

care would control or eliminate fraud and abuse in the health care industry. The

assumption was that the managed care payment arrangements, such as capitation, would

eliminate the incentive to bill for services that were not delivered or not necessary. In

1993, Texas implemented two Medicaid managed cared pilot programs and has continued

an ongoing statewide expansion of Medicaid managed care. In spite of the expansion of

managed care, Texas spent $10 billion for Medicaid payments and, for the same period,
the Comptroller of Public Accounts and the State Auditor estimated losses to fraud,

abuse, or waste between $143 million and $162 million.

       The 76th Texas Legislature also enacted anti-fraud and abuse language as part of

the SB 445, the enabling statute for the Children’s Health Insurance Program (CHIP).

Section 62.058 requires HHSC to develop and implement rules for the prevention and

detection of fraud in the CHIP program.         In anticipation of those rules, HHSC is

providing these compliance guidelines as well as an accompanying template for use by

health plans that contract to provide health care coverage to CHIP-eligible children.

       The compliance guidelines outlined in this document are designed to assist the

managed care organization in the establishment of a culture within the organization that

promotes the prevention, the detection, and the resolution of instances of conduct that do

not conform to Federal and State law or healthcare program requirements. It is the

responsibility of the managed care organization’s officers and managers to provide

ethical leadership to the organization and to ensure adequate resources are available and

in place to facilitate and promote ethical and legal conduct.

       Implementing an effective compliance            program    requires   a substantial

commitment of time, energy and resources by the senior management and the managed

care organization’s governing body. Superficial programs that simply purport to comply

with the compliance guidance discussed in this document, or programs quickly developed

and implemented without appropriate ongoing monitoring, will likely be ineffective and

could expose the organization to greater liability than not having a program. Although an

effective compliance program may require significant additional resources or a
reallocation of existing resources, the long term benefits of implementing such a program

significantly outweigh the costs (OIG, 1999).

II. Benefits of a Compliance Program

    The Texas Health and Human Services Commission believes an effective compliance

program provides a mechanism that brings the public and private sectors together to

reach the mutual goals of reducing healthcare fraud and abuse, improving operational

quality, improving the quality of healthcare, while reducing healthcare costs.

Furthermore, in addition to fulfilling its legal duty to ensure that it is not submitting false

or inaccurate information to the State or providing substandard care to Children’s Health

Insurance Program (CHIP) beneficiaries, a CHIP organization may gain additional

benefits by implementing an effective compliance program. These benefits may include:

   The development of effective internal controls to ensure compliance with Federal and

    State regulations and internal guidelines;

   Improved collaboration, communication and cooperation between healthcare

    providers and the CHIP managed care organization;

   Improved communication with and satisfaction of CHIP managed care enrollees;

   The ability to react promptly and accurately to employees’ compliance concerns and

    the capability to effectively use resources to address those concerns;

   A demonstration to the employees and the community of the organization’s strong

    commitment to honest and responsible corporate conduct;

   The ability to obtain an accurate assessment of employee and contractor behavior

    relating to fraud and abuse;

   Improved clinical and non-clinical quality of care and service;
   Improved auditing and monitoring tools that could have a positive effect on many or

    all of the organization’s divisions or departments;

   Increased likelihood of identification and prevention of illegal and unethical conduct;

   A centralized source for distributing information on healthcare statutes, regulations

    and other program directives related to fraud and abuse;

   A corporate environment that encourages employees and healthcare providers to

    report potential problems;

   Procedures that allow the prompt, responsible and thorough investigation of possible

    misconduct by corporate officers, managers, employees and independent contractors.

    In summary, the State believes that an effective compliance program is a prudent

business investment that has the potential of enhancing the efficiency and effectiveness of

the CHIP managed care organization. It may also improve the organization’s financial

structure by identifying not only fraud and abuse concerns, but also efficiency and

productivity concerns in other operational areas.

    The HHSC recognizes the implementation of an effective compliance program may

not completely eliminate fraud, abuse and waste from an organization. However, a

sincere effort by the organization to comply with applicable Federal and State standards,

through the establishment of an effective compliance program, significantly reduces the

probability of unlawful and/or unethical conduct.

III. Application of Compliance Program Guidelines

       Before outlining the specific elements of a compliance program, it is important to

emphasize several aspects of this document. First, it should be understood that this

program development guidance is voluntary. Although this document provides a basic
structural design for a compliance program, it is not in itself a compliance program.

Rather, it is a set of guidelines for consideration by a CHIP managed care organization

interested in obtaining specific information on implementing a compliance program. This

guidance represent the OIG’s and HHSC’s suggestions on how an organization can

establish internal controls and monitor company conduct to detect, correct and prevent

fraudulent activities.

         It is important for the organization to assess its own organization and determine

its needs concerning compliance with applicable Federal and State statutes, and Federal

and State healthcare program requirements. The OIG and the HHSC strongly encourage

organizations to develop and implement compliance components that uniquely address

the individual organization’s risk areas. As appropriate, this guidance may be modified

and expanded as more information and knowledge is obtained by the HHSC and the OIG,

and as changes in the law, and in the rules, policies and procedures of the Federal and

State plans occur2.


IV. Compliance Program Guidelines

1.       Development and distribution of written standards of conduct and written
         policies and procedures that promote the organization's commitment to
         compliance and that address specific risk areas. This is to include, but is not
         limited to the following recommendations :
          Identify specific areas of organizational concern-conduct a comprehensive
             self-administrated risk analysis or contract for an independent risk analysis by
             an experienced health care professional;
          Policies and procedures are to be distributed to all affected individuals.
          The organization's compliance manual is to be distributed to its health care
             providers;
          The organization's standard of conduct must clearly delineate senior
             management's commitment to compliance.
2
    Source: The OIG’s draft compliance plan guidance for Medicare+Choice organizations.
        Policies and procedures in the following risk areas:
          Benefits & beneficiary protections;
          Quality assurance;
          Solvency, licensure, and other state regulatory issues;
          Claims processing;
          Appeals & grievance procedures
          Marketing materials & personnel;
          Underutilization and quality of care;
          Data collection & submission;
          Anti-kickback statue & other financial inducements;
          Enrollment & disenrollment;
        Distribution, retention, storage, retrieval and destruction of documents;
        Corporate compliance programs should require that the promotion of, and
         adherence to, the elements the organization’s compliance program be a factor
         in the evaluation of the performance of all employees.

2.   Designation of a chief compliance officer and/or other appropriate individual
     or individuals, e.g., a corporate compliance committee, charged with the
     responsibility of operating and monitoring the compliance program and who
     report directly to the CEO and/or governing body.

        The compliance officer should have direct access to the organization's
         governing body, the CEO and all other senior management, and legal counsel;
        The compliance officer must have the authority to review all documents and
         other information that are relevant to compliance activities;
        The compliance officer should have sufficient funding and staff to fully
         perform His/her duties;
        A compliance committee should be established to advise the compliance
         officer and to assist in implementation of the compliance program.


3.   Development and implementation of regular effective education and training
     programs for all effected employees.

        All employees should be required to attend annual training that emphasizes
         the organization's commitment to Federal and State statues and requirements;
        Individuals involved in risk areas should have additional specialized training;
        Employees should be required to have a minimum number of hours of
         educational training as deemed appropriate to their employment
         responsibilities;
        All training materials should be designed to include the skills, knowledge,
         experience and cultural diversity of the individual trainees;
        An evaluation method should be used to determine the success of the training;
        The organization should disseminate compliance information on an ongoing
         basis, e.g., a monthly newsletter or website.
4.   The organization should develop effective lines of communication between
     the compliance officer and all employees.
         An organization should have in place a hotline or another mechanism for
         employees, enrollees, or other parties to report potential or suspected
         violations of the Federal or the State health care program or contractual
         requirements or of the organization's compliance policies;
         The compliance officer should maintain a log to record calls, nature of the
         investigation, and the outcome;
         The compliance officer should develop and encourage routine
         communication with his/her employees, with the organization's enrollees, and
         with healthcare providers;
         The organization should develop and distribute to all employees, enrollees,
         and providers, written confidentiality and non- retaliation policies that
         encourage the communication and reporting of suspected or potential
         violations. The policies should explicitly communicate that there may be a
         point in the investigation where an individual's identity may become known or
         may have to be revealed.

5.   The organization should implement and use audits or other risk evaluation
     techniques to monitor compliance and assist in the reduction of identified
     problem areas.
      The compliance officer should develop and maintain reports of suspected
         noncompliance and an evaluation of the compliance program. The reports
         should be reviewed by the senior management and the compliance committee
         on a regular basis;
      The organization should perform regular, periodic compliance audits by
         internal or external auditors.
      Develop monitoring techniques that allow for review of variations from an
         established baseline or control chart parameter.


6.   There should be development and implementation of disciplinary
     mechanisms that consistently enforce the standards and the development of
     policies addressing dealings with sanctioned and other specified individuals.
      The organization should have policies regarding disciplinary action for all
         employees who have failed to comply with the organization's standard of
         conduct, policies and procedures, contract requirements, Federal and/or State
         laws, or those who have engaged in otherwise illegal or unethical conduct;
      The organization should have a policy that prohibits the employment of or
         contracting with individuals or entities who have been convicted of a criminal
         offense related to healthcare or who are listed as ineligible to participate in
         Federally or State funded healthcare programs.

7.   Policies and procedures should be developed to respond to detected offenses
     and to initiate corrective action to prevent similar offenses.
   The organization has a specific and detailed procedure for the compliance
    officer, senior management, and employees to follow when reporting and
    investigating program violations to include, but not limited to the following:
   Internal investigation procedures for interviews and review of relevant
    documents;
   Investigation documentation that includes the alleged violation, a description
    of the investigative process, copies of interview notes, a log of witnesses
    interviewed and documents reviewed, and the results of the investigation, e.g.,
    any disciplinary action taken and any corrective action implemented.
   The organization has a policy to report any confirmed or suspected violations
    to the Provider Sanctions Unit of the Texas Health and Human Services
    Commission within a reasonable period, but not more than 60 days after
    determining that there is credible evidence of a violation (OIG, 1999);
   The organization has a policy and procedure to report all fraud and abuse
    enforcement actions or investigations involving the organization and/or any of
    its subcontractors by any state or federal agency. See Title XVIII or Title
    XIX of the Social Security Act or any Texas State law or regulation.

				
DOCUMENT INFO