Live from Managed Care – Changing Landscape of Government Operational Compliance Requirements for Managed Care Contracting

By Kortney Nordrum, CHC

Presentation by

Brenda Tranchida, Of Counsel, Venable LLP
Heidi Arndt, Director of Compliance & Special Projects, Community Health Group

Government Managed Care Oversight Focus:

2015 OIG Work Plan: Medicare & Medicaid Managed Care

  • Risk adjustment/encounter claims data (Medicare/Medicaid)
  • Part D bid administrative costs, coverage gap discount payments, dual formularies, P&T committee conflict of interest (Medicare)
  • Medical Loss Ratio (Medicaid)
  • Payments for ineligibles, network adequacy and provider access, grievances/appeals, marketing practices (Medicaid)
  • FWA identification (Medicaid) (also OIG “Top Challenges”)

HIPAA Privacy & Security Violations

  • Office of Civil Rights (OCR) Managed Care Settlements
    • BCBS TN –$ 1.5 million for unencrypted drives
    • WellPoint – $1.7 million for unsecured databases
    • Affinity Health Plan – $1.2 million for PHI on copiers
    • Concentra Health Services – $1.2 million for unencrypted laptops
    • QCA Health Plan – $250,000 for unencrypted laptops
  • Typically larger fines are levied against managed care plans, probably because of the shear amount of enrollees affected
  • OCR must investigate all complaints filed and health plans are required to self-disclose breaches
  • OCR is using fines for future enrollment efforts
  • State attorneys general and FTC enforcement actions

Key ACA Program Integrity Provisions

  • Section 6402(a) mandated CMS “Integrated Data Respository” (IDR)
    • All Medicare & Medicaid data and all other federal healthcare program data for identifying FWA
    • Section 4241 of the Small Jobs Act further required HHC to use predictive analytics in the Medicare program in September 2010, with mandatory use in the Medicaid program by April 2015
  • Section 6402(d)
    • Overpayments must be reported and returned by the later of 60 days after the date overpayment was identified, or the date any cost report is due
    • Failure to timely report or return creates potential liability under the False Claims Act
    • “Overpayment” means “any funds that a person receives or retains under [the Medicare or Medicaid programs], to which the person, after applicable reconciliation, is nto entitled”
  • Proposed Rule (77 Fed. Reg. 9179, 2/16/12)
    • Applied to providers/suppliers, not managed care entities
    • Significant industry concerns, including the 10-year proposed look-back period
    • CMS has not issued final regulations

CMS 60-Day Overpayment Managed Care Requirements

  • “Identified overpayment” is when an entity has determined or should have determined, through the exercise of reasonable diligence, that it received overpayment (g., risk adjustment and HEDIS data)
  • Must be reported and returned to NLT within 60 days after the identification date
  • Act of submitting corrected data fulfills the requirement to report/return
  • Enforcement via the False Claims Act – any retained overpayment is an obligation
  • Look back period applies to the 6 most recently completed payment years
  • Reasonable diligence might require an investigation conducted in good faith and in a timely manner by qualified individuals in response to credible information of a potential overpayment
  • Certification of accuracy of payments: the CEO, CFO, or COO must certify information provided for purposes of reporting/returning overpayments is accurate, complete, and truthful

Key Managed Care Compliance Operational Risks

  • Accuracy of Payment Data Submissions generally
  • Accuracy of Payment Data Submissions – Risk Adjustment
    • CMS is phasing in using more detailed encounter data in risk adjustment calculations
    • Added 4 new authorized purposes for use/release of encounter data:
      • Conduct evaluations/analysis to support the Medicare program, support public health initiatives/research;
      • Support Medicare program administration;
      • Support program integrity; and
      • For purposes authorized by other laws.
    • Accuracy of Payment Data Submissions – Medical Loss Ratio
      • Medicare Advantage and Part D plans are required to meet ACA requirement to have a Medical Loss Ratio of at least 85%
    • Network Accuracy/Adequacy and Access to Providers
    • Rehabilitation Act of 1973 – Section 504
      • Requires entities receiving federal funds to provide equal access to program benefits and services to individuals with disabilities
    • Protecting Confidentiality of Beneficiary Information
      • HIPAA privacy and security requirements are applicable to health plans as “covered entities”

Trends in Medicaid Compliance

Most Common Deficiencies based on 2014 Audits across 20 plans

  • Oversight of delegates/vendors
  • Involvement of physician in decision making
  • QIP Follow Up
  • Network Mangement and Training
  • FWA and Privacy Research reporting

Most Common Findings in Compliance Audits

  • Failure to oversee delegated entities
  • Failing to provide proof of activities
  • Lack of visibility of compliance officer as well as compliance structure
  • Medicare is a small part of the business and lacks the types of operations oversight needed
  • Lack of evidence that the compliance plan has been implemented
  • Compliance officer is not knowledgeable or equipped to handle the work
  • Compliance officer does not have the staff or resources to do the job
  • No evaluation of compliance program effectiveness
  • No ongoing monitoring and auditing

Key Components of an Effective Compliance Program

  • Engaged senior leadership who understand the importance of compliance
  • Compliance staff with appropriate skillsets, knowledge base, and experience
  • Functional operations with effective and compliance processes, appropriate staff, management controls, and accessible data and systems
  • Flexible systems
  • Standardized, clear, robust, and documented processes with thorough, accurate, and easily understood documentation
  • Open and frequent communication that is tailored appropriately for the audience
  • Plans of action