Introduction
Prior blogs have discussed the audit processes used by the Centers for Medicare & Medicaid Services (CMS) to ensure proper payments to Medicare Advantage organizations (MAOs). In this blog, we discuss audits being conducted by the Office of Inspector General (OIG) and what MAOs can do to avoid compliance issues.
Background
The statutorily mandated mission of the OIG includes protecting the integrity of all Department of Health and Human Services (HHS) programs. Under this authority, OIG conducts audits of all CMS programs, including the MA program. In recent years, OIG has conducted several audits of MAOs, and in each case has recommended that the Federal Government seek refunds for overpayments due to unsupported diagnosis codes used in risk adjustment. The estimated MAO-level overpayments have reached into the hundreds of millions of dollars. In addition, OIG has recommended enhancements to each MAO’s compliance procedures that are required as part of internal processes to validate diagnosis codes that are used to calculate risk-adjusted payments.
On top of payment recoupments, it is possible that these OIG audits can lead to lawsuits as well as reputational fallout due to any associated negative media attention. Below, we provide more detail on the types of audits conducted by OIG, before describing their implications and how MAOs can avoid negative consequences.
OIG Audits
OIG has been conducting multiple types of audits of MAOs. The two main types include a general risk adjustment data validation (RADV) audit (known as a “Compliance” audit), in which OIG reviews encounter and medical records from a random sample of enrollees for an MAO. These audits are similar to the RADV audits conducted by CMS. OIG has also conducted targeted audits (known as “Specific Diagnosis Compliance” audits), focusing on what they consider to be diagnoses that are “high-risk” to be unsupported by medical record documentation. OIG does not go into detail on the criteria used for determining high-risk, but they mention using “data mining techniques and discussions with medical professionals.” Targeted conditions have included: acute stroke, acute heart attack, acute stroke and acute heart attack combination, major depressive disorder, embolism, vascular claudication, lung cancer, breast cancer, and colon cancer. For the targeted reviews, OIG will work with the MAO to identify a stratified random sample by the high-risk conditions. The total sample size has often been between 200 and 300 enrollees.
OIG uses an independent medical review contractor to conduct manual audits, with any unsupported diagnosis codes undergoing at least two rounds of review. OIG also uses rules-based algorithms to investigate the potential for when a diagnosis code is mis-keyed into an electronic claim. The focus is on identifying data transposition or other data entry errors that could result in the assignment of an incorrect hierarchical condition category (HCC) to an enrollee’s risk score. In addition, OIG interviews MAO officials to gain an understanding of whether their policies and procedures related to risk adjustment comply with Federal requirements. This includes the policies and procedures that the MAO uses to submit diagnosis codes to CMS for use in the risk adjustment program and the MAO’s monitoring of those diagnosis codes to identify and detect noncompliance with Federal requirements.
The OIG review process generally takes about a year to conduct from when OIG identifies the MAOs for audit until their findings are publicly reported. The number of MAOs that are audited varies each year.
Reducing Negative Consequences of Audits
MAOs are learning there are actions they can take before, during, and after an audit to help limit any adverse consequences from an OIG audit.
Pre-Audit: Preemptive Actions
The pre-audit period offers MAOs the best opportunity to avoid negative findings in an OIG audit. In preparation for potential audits, MAOs can develop their own internal audit frameworks, enabling the analysis of current vulnerabilities based on previous OIG targeted high-risk conditions. More and more, MAOs are embracing the use of advanced artificial intelligence (AI) methods to efficiently evaluate all electronic medical records and claims. This use of AI allows MAOs to conduct comprehensive coding and review at a fraction of the time and cost of human coders. In fact, many companies utilize AI to expand the productivity of their in-house coders.
There is more than one way to approach data validation. Some organizations rely on solutions driven by rules-based algorithms to identify anomalies. This is a step in the right direction, but doesn’t necessarily reveal if the anomalies will result in a payment error or compliance violation. An MAO’s audit capabilities must go beyond simple pattern analysis and include RADV analytics designed to evaluate medical record documentation and claims from a payment validation perspective. When a solution incorporates payment policies and RADV audit protocols into evaluation algorithms, an MAO can essentially run their own audits, efficiently and economically identifying unsupported diagnoses in advance of an actual OIG audit. MAOs that operate surveillance programs with such tools can even target and prioritize remediation activities by identifying clusters of vulnerability by condition, type of beneficiary, and provider.
In-Audit: Concurrent Review Actions
After being selected for an audit, but before the findings have been released, there are at least three key activities an MAO can do to optimize their outcome:
- Validation of encounter records. An MAO can identify and highlight to OIG any selected diagnoses that were either rejected for payment or deleted by the MAO prior to notification of selection. This protects the MAO from OIG auditing deleted diagnoses, which has happened in prior audits and can result in artificially inflated audit findings.
- Prepare for review meetings with OIG. In addition to conducting medical record audits, the OIG review team typically interviews key staff at MAOs to review RADV processes to ensure that they meet the requirements of the federal government for payment purposes. Well prepared MAOs combine validation analytics with consultative expertise from industry veterans, including former CMS leaders previously responsible for the RADV audits, to gain the benefit of a definitive understanding and expectations when preparing for these discussions with OIG around medical record documentation and sample determination.
- Sample review. Once a sample is selected, having an efficient and effective ability to evaluate all relevant medical record documentation enables MAOs to share findings with the OIG reviewers before they complete their review. When an MAO can readily identify the best supporting documentation, they can better ensure positive audit findings.
It is critical MAOs have the ability to conduct medical record reviews and provide any other useful information to the OIG before the OIG has finalized their review. That will help ensure the MAO’s comments and provided insight can still influence the OIG audit conclusions and recommendations.
Post-Audit: Measures taken after the Audit has Occurred and OIG Findings are Published
Finally, comprehensive audit frameworks should also include steps and measures for post-audit (even after the OIG has published their findings) and ongoing improvements.
Recommended for every MAO is the implementation of an oversight process to limit audit findings in the future. Ideally, an MAO should be capable of conducting comprehensive medical record reviews across their entire MAO enrollee population on a regular on-going and on-demand basis. Among other benefits, this helps ensure medical documentation reviews can be conducted prior to when payments are finalized. Such processes can provide MAOs actionable insights to address documentation shortcomings at an optimal time.
Many MAOs also benefit from advisory services and analytic intelligence to support appeals (see text box for more details on the appeals process). In the case of OIG audits, OIG lacks direct authority to recover any overpayments; rather, this is a CMS function with its RADV authority. Consequently, all levels of appeals are also addressed by CMS. As with the audit process, having the ability to efficiently and effectively evaluate all relevant medical record documentation enables an MAO to quickly identify where the best supporting information is located in the medical record and respond quickly and favorably to audited or contested diagnoses.
The Appeals Process
Overview: OIG lacks direct authority to recover any overpayments; this responsibility falls to the Centers for Medicare and Medicaid Services (CMS) through its Risk Adjustment Data Validation (RADV) authority.
Level 1 Appeal: CMS oversees the initial Level 1 appeal, which is essentially a coder review. Based on instruction provided by Medicare Advantage Organization (MAO) regarding the location of the supporting documentation in the audited medical record, CMS uses an independent coder to determine whether a contested HCC is supported. If the CMS coder determines there is support for the HCC, then the negative findings is overturned.
Level 2 Appeal: Any findings not overturned in Level 1 will result in CMS overpayment recovery. The MAO then has 60 days to escalate to a Level 2 appeal, which is made on the basis of arguments the MAO puts forth to affirm the content identified in Level 1 as supporting the audited Hierarchical Condition Category (HCC).
Level 3 Appeal: A Level 3 appeal, if pursued, would be conducted by the CMS administrator’s office based only on the information that had been submitted in Level 2. After the Level 3 review, the only recourse would be through the court system. MAOs are required to exhaust administrative appeals rights before seeking relief in federal court.
Conclusion
OIG is currently responsible for most of the activity in the MA auditing arena. Each of these audits have resulted in a recommendation to refund overpayments back to CMS. Hence, it is important that MAOs are prepared for these audits. In addition, while the OIG audits are mostly independent from CMS RADV audits, many of the processes an MAO can take for one type of audit can be useful for other audits. Also, OIG shares MAO selection with CMS to prevent “double dipping” on MAOs between the two audit activities: consequently, increasing the likelihood of an eventual audit for an MAO.
Interested in adding capabilities described in this blog to your internal audit framework? Contact RaLytics for more information: Info@ralytics.com.