Medicare fraud and abuse

December 12, 2018

Compliance programs to protect your practice, staff and patients.

During the 2016 fiscal year, the Medicare fee-for-service improper payment rate reached an estimated 11 percent or roughly $40.4 billion. This improper payment rate does not measure fraud, but rather payments that did not meet Medicare coverage, coding or billing rules.  

These billing errors represent a significant depletion of available Medicare funds, and as a result healthcare providers share the responsibility of ensuring the accuracy of submitted claims. 

The Centers for Medicare & Medicaid (CMS) cites five major categories of improper billing: 

  • no documentation, 
  • insufficient documentation, 
  • lack of medical necessity, 
  • incorrect coding, and 
  • other.  

Insufficient documentation makes up nearly 64 percent of improper payments, while the other four categories account for the remaining 36 percent. They serve to highlight changes healthcare professionals can make to ensure accurate payment rates.

Fraud defined

While Medicare fraud contributes to improper payments, not all improper payments constitute Medicare fraud. While Medicare fraud is done intentionally, erroneous billing results in the same consequences-overpayment-even though unintentional. 

Medicare fraud is more than simply submitting false claims or making misrepresentations to obtain payment that would not otherwise occur. Medicare fraud can occur in any size institution ranging from solo practices to large institutions. Fraud can be committed by a wide range of individuals from the patients to the physicians. Medicare fraud committed by the provider includes: 

  • billing for appointments that the patient failed to keep, 
  • billing for services not provided, 
  • upcoding, 
  • billing for unnecessary services or items. 

Fraud vs. abuse

Medicare abuse includes practices that directly or indirectly result in unnecessary costs to the Medicare program. Abuse includes practices inconsistent with providing a patient with medically necessary services that meet professionally recognized standards. Medicare abuse can be committed in many of the same ways as fraud.

Improper payments from erroneous billing can also occur in many forms. These include insufficient documentation such as treatment plans, physician’s orders and progress notes. Other forms of improper payments stem from policy changes, data entry mistakes, failure to meet statutory coverage requests or medical necessity requirements, or incorrect coding. 

By ensuring the proper documentation is in place physicians can decrease the risk of improper payments. Incorrect coding that results in improper payments are similar to the coding errors that lead to Medicare fraud.  Though deterrence is difficult to quantify, there is empirical evidence that investigating and prosecuting healthcare fraud has resulted in reductions in improper claims to Medicare.

Compliance keys

The Office of Inspector General (OIG) and CMS suggest that individual and small group practices who accept Medicare implement compliance programs to avoid both erroneous and fraudulent claims. The OIG suggests that such a program would not only reduce the risk of improper claims and an external audit but improve the quality of care.

Essentially, a compliance program allows errors to be identified and resolved internally before claims are submitted. Since every practice is unique there is not one compliance program that fits the needs of every practice. Instead, the OIG has developed seven guidelines that can help to establish the basics of a compliance program. These guidelines include: 

  • implementing written procedures, 
  • designating a compliance professional, 
  • providing training for employees, 
  • developing effective communication, 
  • conducting internal monitoring and auditing, 
  • enforcing policies and standards, and 
  • responding to issues.

Writing policies and procedures is an important step in establishing a compliance program, but these policies need to be enforced and regularly updated in order to be effective. 

This is where having a designated compliance professional becomes beneficial. The role of the compliance professional is to remain up to date with new requirements and ensure this information is effectively communicated to all necessary employees.

Training & education

In addition to a compliance professional, employees should receive proper education and training about current Medicare billing requirements. CMS and OIG offer web-based educational resources on Medicare coding, fraud and abuse, office management, provider compliance, and payment policy. 

The specific type of training conducted should be based on the needs of the practice and could be provided by an outside source as well. Training may also be available at local community colleges for billing and coding. After initial training is completed the OIG recommends that training sessions continue to be provided at least once a year for employees involved in billing. 

Conduct self-audits

Once a compliance program has been established it is imperative to conduct self-audits to assess its efficacy. 

If a self-audit has never been performed the OIG recommends that a baseline audit be completed which reviews the claims submitted during the three months following the implementation of an initial compliance program. This will provide insight about how effective the initial compliance program is and where any potential problems exist.

After the first baseline audit is completed the OIG recommends that self-audits continue at a minimum of once a year to ensure the compliance program is still being followed and is effective. During these yearly audits the OIG recommends at least five to ten medical records per physician. 

The American Institute of CPAs recommends a minimum sample size of eleven per item type, assuming the expectation of no errors. The claims examined could be from a random sample of all Medicare claims or chosen specifically based on potential risk areas that have been identified. The OIG recognizes four potential risk areas for all providers. These include coding and billing, reasonable and necessary services, documentation, and improper documents.

During the self-audit there are generally six areas that the CMS recommends examining. These include: availability of documentation, adequacy of documentation, acceptability of documentation, allowability of service, appropriateness of service, accuracy of payment. If an error is detected during the self-audit a prompt response is necessary and the action taken will depend on the error.

The OIG also recommends that any risk areas identified be addressed in the written procedures. After an audit is completed the error rate, error count and total amount paid for all potential errors should be documented. This allows practices to track their progress and determine if the compliance plan is effective. 

Jonathan Montrose, Courtney McClure, Hannah Rector are osteopathic medical students and Janis Coffin, DO, FAAFP, is a professor in the department of family medicine at Kansas City University of Medicine and Biosciences in Joplin, Mo. Send your practice management questions to medec@ubm.com.

download issueDownload Issue : December 25, 2018 edition