In recent years, the health care industry increasingly uses the power of data to improve the quality of care and protect the integrity of federal programs. CMS has invested considerable time and effort toward the adoption of sophisticated predictive analysis technology to prevent and detect fraud, waste, and abuse in the Medicare program by examining Medicare claims for known patterns of fraud, identify suspected fraud trends, and calculate ratios of allowed services compared to national averages. In addition to requiring data analysis activities from its contractors and bolstering existing programs with data analysis, CMS implemented programs such as the Fraud Prevention System and the Integrated Data Repository, resulting in record-breaking fraud takedown and millions in recouped and prevented inappropriate payments.
An earlier Strategic Perspective detailed health care providers’ use of data analytics to improve the quality and lower the cost of care (see Predictive analysis uses data to improve costs, quality, February 10, 2016). This second Strategic Perspective s discusses CMS’ use of data analytics to combat Medicare fraud, waste, and abuse as well as the roles played by contractors and health care providers.
Fighting Fraud with Technology
“The use of technology in health care generally and in health care fraud particularly is a noteworthy trend,” said Sidney Welch, Chair of Health Care Innovation at Polsinelli PC, in an interview with Wolters Kluwer. CMS has committed to maintaining comprehensive data and collaborating with federal investigative agencies to institute real-time prosecution of health care fraud cases.
Medicare Fraud Strike Force. The Medicare Fraud Strike Force, which was established in 2007, uses the power of data analytics, supported by the combined resources of federal, state, and local law enforcement, including the Office of Inspector General (OIG), the Department of Justice, the Offices of the United States Attorneys, and the Federal Bureau of Investigation to prevent and combat health care fraud, waste, and abuse. Operating in Miami, Florida; Los Angeles, California; Detroit, Michigan; southern Texas; Brooklyn, New York; southern Louisiana; Tampa, Florida; Chicago, Illinois; and Dallas, Texas, the Strike Force thrives on interagency collaboration and has a strong record of success in analyzing data and using investigative intelligence to identify fraud efficiently and bring prosecutions.
As of September 30, 2015, the Strike Force has identified 1,387 criminal actions relating to $1.8 billion and resulting in 1,977 indictments. In June 2015, the Strike Force participated in the largest coordinated fraud takedown in history, resulting in charges against 243 individuals for participation in Medicare fraud schemes involving nearly $712 million in false claims (see Medicare Fraud Strike Force sets record with $712 million takedown, June 24, 2015).
Fraud Prevention System. CMS’s advanced analytics system, the Fraud Prevention System (FPS), plays an integral role in the identification of fraud and the recoupment of inappropriate payments and is often used by the Strike Force. In its first three years of existence, the FPS, which uses predictive analysis to identify irregular billing patterns and outlier claims for action with methods similar to those used by credit card companies, identified or prevented $820 million in inappropriate payments (see Program integrity through analytics, Fraud Prevention System saves $454 million in first 3 years, July 15, 2015).
According to Welch and Brian F. McEvoy, also of Polsinelli, the FPS uses data to catch fraud by identifying:
- rules-based violations, such as a provider improperly billing Medicare by using an ID stolen;
- individual and aggregated abnormal patterns when compared to a peer group, such as when a provider bills for more services in a single day than do similar providers;
- providers with characteristics similar to other bad actors;
- providers linked to other bad actors through addresses or phone numbers (identified through associative link analysis);
- data from bank accounts showing money going in and immediately going out;
- unusual billing patterns in Medicare claims data; and
- use of publicly released data on doctor billing.
CMS also uses data to cross reference provider numbers with claims data for ancillary services such as claims for home health, hospice, durable medical equipment, including motorized wheelchairs, and to identify patients to interview who might aid in uncovering fraud.
Integrated data repository. CMS’s Integrated Data Repository (IDR) is a warehouse that integrates Medicare and Medicaid, allowing CMS and its partners to access data from a single source (Health Care Compliance Professional’s Manual, ¶30,715). The IDR stores data from the entire life cycle of a claim, allowing users to perform pre-payment analytics on historical data and develop models that can be applied in the FPS. In addition to providing claims data, the IDR also contains beneficiary data, provider data, and plan data as well as clinical perspectives, such as quality data. Ultimately, the IDR provides greater information sharing, broader and easier access, enhanced data integration, increased security and privacy, and stronger analytic capability.
Section 6402 of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) expanded the IDR and requires CMS to include claims and payment data from Medicare, Medicaid, the Children’s Health Insurance Program, the Veterans Administration, the Department of Defense, the Social Security Disability Insurance Program, and the Indian Health Service (see CMS shifts focus to ‘inspect and prevent,’ stifling provider fraud, July 16, 2014).
Challenges faced by CMS. In implementing predictive analysis technologies to identify Medicare fraud, waste, and abuse, CMS faces challenges both in its methods for dealing with data inconsistencies and in its calculation methodology, Welch said. For example, CMS uses the FPS to identify inappropriate payments based on Medicare policy. However, policies are always changing. Most recently, “CMS cited using the FPS to identify issues with billing for observation care—yet CMS has been revising the rules related to observation care and [the Two-Midnight Rule] for the past several years. Further, with the advent of [the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) (P.L. 114-10)], CMS will have to re-tool its algorithms to account for new models, which is going to be highly complex,” Welch added.
Data Analysis Requirements for Contractors
Effective in February 2016, Medicare Administrative Contractors (MACs) as well as Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs), and the Supplemental Medical Review Contractor (SMRC) were charged with using data analysis to identify and verify potential errors to produce the greatest protection to the Medicare program (Medicare Program Integrity Manual, Pub. 100-08, Ch. 2, 2.1). According to the Manual, contractors should objectively utilize analytical methodologies to evaluate potential errors, not taking administrative action until they have verified the error and ensured that it is a high enough priority to justify taking action. (While the use of data analysis is required for these types of contractors, the resources and procedures in the Program Integrity Manual largely apply to MACs and ZPICs. For guidance, CMS instructs RACs to look to their statements of work.)
Requirements for data analysis programs. The analysis of data is the first step in the determination of claim submission and payment patterns that indicate potential problems. The analysis should identify statistical outliers in billing patterns within well-defined groups that suggest improper billing or payment. Such review is mandated by CMS as a part of general surveillance and review of claims submitted to Medicare, but data analysis also is proper when conducted in response to information about specific problems arising from complaints, input from providers or beneficiaries, fraud alerts, or reports from CMS, other MACs, or independent government or nongovernmental agencies.
The analysis of data by these entities should:
- identify areas of potential errors (e.g., services that may not be covered or may be incorrectly coded) that pose the greatest risk;
- establish baseline data to enable the entities to recognize unusual trends, changes in utilization over time, or schemes that inappropriately maximize reimbursement;
- identify where there is a need for a local coverage determination (LCD);
- identify where there is a need for targeted education efforts;
- suggest claim review strategies to efficiently prevent or address potential errors;
- produce innovative views of utilization or billing patters to bring to light potential errors;
- identify high volume or high costs services being widely overutilized, which is important because, while the services may be overlooked initially because they do not appear as outliers, they may actually pose the greatest financial risk;
- identify programs areas and specific providers for possible fraud investigations; and
- determine if major findings represent significant problem areas within a certain jurisdiction (Pub. 100-08, Ch. 2, 2.2).
Data analysis programs should involve the analysis of national data received from CMS as well as reviews of internal billing utilization and payment data with the goal of identifying provider billing practices and services that pose the greatest financial risk to Medicare.
Necessary resources. Chapter 2, section 2.2 of the Manual states that, to implement a proper data analysis program, MACs and ZPICs should have sufficient hardware and software and staff personnel with the analytical skills needed to identify programs efficiently and to develop and implement corrective actions efficiently. If the MAC or ZPIC is unable to hire such staff, the contractor should utilize other entities, such as universities, consultants, or other contractors to provide the necessary technical expertise. CMS strongly encourages MACs and ZPICs to hire staff with clinical expertise and a mix of skills in programming, statistics, and data mining analysis.
Frequency of analysis. CMS encourages MACs to have 36 months’ worth of data to analyze, though it requires only 18 months. At a minimum, MACs must compare the current six-month period with the previous six months to detect changes in providers’ billing practices and identify trends in new services. (Pub. 100-08, Ch. 2, 2.2). ZPICs should have, at a minimum, the most recent 36 months’ worth of data (Pub. 100-08, Ch. 2, 2.3). If the volume of data is too large, CMS allows the analysis of statistically representative samples.
The Role of Providers
Providers must be proactive to ensure the data they submit to CMS does not draw unnecessary attention. Welch advised providers “to be a step ahead of their game. In particular, they should make sure that they are gathering and analyzing their own data to assess (1) areas where they fall outside the bell curve; and (2) as immediate priorities, those areas that the OIG has identified in its annual Work Plan” (see OIG has 2016 Work Plan in hand, predicts oversight done right, November 4, 2015).
While providers are the often main source of data analyzed by CMS in program integrity activities, they rarely have an opportunity to participate in the analysis of data. “Unfortunately, limitations in providers’ systems and recordkeeping traditionally have not allowed them to gather and analyze data in the same fashion as CMS—both for the provider [itself] and as compared against national data,” Welch explained. Other challenges include the interoperability of systems for collecting data and variations in coding practices as well as the cost and resources necessary to devote to these efforts, she noted.
New analytic tools and methods are constantly being developed to perform more innovative and complex data analysis, according to CMS. While challenges still exists—such as developing analytical technology fast enough to keep up with rapid policy changes—so far, combining data analysis with traditional investigative skills has been highly effective in fighting health care fraud, and the implementation of data analysis within CMS’ existing programs and the development of new systems have proven to be successful.
Attorneys: Sidney Welch and Brian McEvoy (Polsinelli PC)
MainStory: StrategicPerspectives NewsFeed AgencyNews HealthInformationTechnologyNews MedicarePartANews MedicarePartBNews MedicarePartCNews MedicarePartDNews ProgramIntegrityNews
Interested in submitting an article?
Submit your information to us today!Learn More
Health Reform WK-EDGE: Breaking legal news at your fingertips
Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on health reform legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.