Compliance Update: Fraud and Abuse

A complex area for providers, especially with respect to their compliance programs, are the concepts of fraud and abuse. Central to current requirements for compliance programs, all post-acute providers are REQUIRED to have compliance programs that,

  • Include policies and procedures to define, test for, and mitigate any issues pertaining to fraud and abuse. In this case, abuse is not patient abuse rather, billing or programmatic abuse of federal reimbursement programs within Medicare and Medicaid.
  • Initial training for new staff and then ongoing training in the areas of fraud and abuse.
  • A process for reporting suspected fraud and abuse that is available to all employees, directors, officers, and contractors.

A good summary, though this page is geared for physicians, but it does have application for nearly all providers, is here: https://oig.hhs.gov/compliance/physician-education/fraud-abuse-laws/

The law most providers, whether a hospital, an SNF, a home health agency, a hospice, etc., need to be most familiar with is the False Claims Act.  The reason is its scope and applicability to billing federal reimbursement programs (most common being Medicare).  Summarized, the False Claims Act as it applies to providers is as follows.

(a) Any person who (1) knowingly presents, or causes to be presented, to an officer or employee of the United States Government or a member of the Armed Forces of the United States a false or fraudulent claim for payment or approval; (2) knowingly makes, uses, or causes to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the Government; (3) conspires to defraud the Government by getting a false or fraudulent claim paid or approved by the Government;. . . or (7) knowingly makes, uses, or causes to be made or used, a false record or statement to conceal, avoid, or decrease an obligation to pay or transmit money or property to the Government, is liable to the United States Government for a civil penalty of not less than $5,000 and not more than $10,000, plus 3 times the amount of damages which the Government sustains because of the act of that person . . . . (b) For purposes of this section, the terms “knowing” and “knowingly” mean that a person, with respect to information (1) has actual knowledge of the information; (2) acts in deliberate ignorance of the truth or falsity of the information; or (3) acts in reckless disregard of the truth or falsity of the information, and no proof of specific intent to defraud is required.

The challenge to False Claims Act issues tends to be around the “knowledge” principle. This summer, the Supreme Court provided clarification via a ruling stemming from Wal Mart, SuperValu, and Safeway (retail pharmacies) regarding prescription pricing.

The cases alleged that defendants misrepresented their “usual and customary” drug prices in the process of seeking reimbursement from Medicare and Medicaid over the course of several years.  Instead of reporting the “usual and customary charges to the general public,” as CMS instructs, which the cases allege were the heavily discounted prices the pharmacies provided to patients through cost-matching programs, the pharmacies allegedly submitted retail drug costs. 

The district court agreed that the discounted drug prices the pharmacies charged customers were the companies’ usual and customary prices, and that by failing to disclose the lower prices, the defendants had submitted false claims to the government. 

The Supreme Court reversed, holding that “[w]hat matters for a False Claims Act case is whether the defendant knew the claim was false.”  Looking first to the text of the FCA and noting that “either actual knowledge, deliberate ignorance, or recklessness will suffice” to satisfy the “knowingly” element, the Court explained that “[t]hat three-part test largely tracks the traditional common-law requirement for claims of fraud.” 

Essentially, what the Court held is that the law provides a specific test of knowledge but here’s the rub from a compliance perspective.  CMS has instituted a requirement for providers that “they seek to know” or in other words, have processes and systems in-place to identify fraud and abuse and/or, to have fraud and abuse reported.

Identification and reporting are two core elements, each requiring different but specific and frequent, activity.

  • Identifying possible fraud and abuse is a function of conducting routine claims audits.  For providers, the proper methodology is to use external audit services as internal will not suffice as an impartial test.
  • Reporting is all about establishing a system for anonymous reporting of potential fraud/abuse and then, providing multiple channels for such reporting plus education as to what to report.

The most common False Claims Act (Fraud/Abuse) cases involve coding for additional reimbursement.  Coding in this case is broad definition of a patient’s status (disease states, comorbidities, care, treatments) used in billing Medicare or Medicaid (via MDS, OASIS, etc.). The process of upcoding, especially when unsupported by documentation of medical necessity or actual services provided, is a violation of the False Claims Act and universally, when systemic, it is considered to meet the test of “actual knowledge”.

Illustrative is a False Claims Act matter involving Cigna and its Medicare Advantage plan.  The resolution was a settlement whereby Cigna paid the Federal Government $172 million.  Specifically, from the Department of Justice…

The Cigna Group, headquartered in Connecticut, has agreed to pay $172,294,350 to resolve allegations that it violated the False Claims Act by submitting and failing to withdraw inaccurate and untruthful diagnosis codes for its Medicare Advantage Plan enrollees in order to increase its payments from Medicare.

https://www.justice.gov/opa/pr/cigna-group-pay-172-million-resolve-false-claims-act-allegations

Anyone interested in the actual settlement for the Cigna case, and the settlement stipulation, the documents are available below.

In an upcoming post, I’ll provide more detail on what specific tests and mechanisms providers should use to address claims related compliance and how to develop a tailored approach to continuous, best practice compliance.

 

 

 

 

1 thought on “Compliance Update: Fraud and Abuse”

Leave a Comment