The New Office of The Medicaid Inspector General:
What Are They Up To?
Connie A. Raffa, JD, LLM Rachel Hold-Weiss, RPA-C, JD OMIG Alert
Introduction
The Deficit Reduction Act of 2005 (“DRA”) provides incentives to state Medicaid programs to increase their enforcement efforts against fraud, waste and abuse. There are three major provisions of the DRA. The first provision increases the federal reimbursement to the Medicaid program, known as Federal Financial Participation (“FFP”), by 10% to 60% for recoveries of Medicaid overpayments as a result of state False Claims laws. The state must enact a False Claims law equivalent to the federal law. The second provision establishes a federal Medicaid Integrity Program administered by the Centers for Medicare & Medicaid Services (“CMS”) to conduct audits, contract with private entities to conduct audits, and support state Medicaid programs in their effort to identify fraud, waste and abuse committed by providers and Medicaid recipients. The third provision requires providers that receive $5 million or more in Medicaid reimbursement to inform their employees and contractors about the federal and any state False Claims Act (“FCA”), including whistleblower rewards and protections. As a result of these DRA provisions, states are incentivized to maximize their efforts to identify Medicaid overpayments. In New York State (“NYS”), the Governor has appointed James G. Sheehan1 as the first Medicaid Inspector General (“MIG”). The Office of the Medicaid Inspector General (“OMIG”) is part of the New York State Department of Health (“DOH”) because DOH is the “single state agency” administering the Medicaid program. However, the OMIG reports directly to the Governor. New York is projecting $590 million in Medicaid overpayments. The OMIG is hiring 750 investigators and auditors to audit Medicaid providers, and New York State has invested in computer software to identify fraudulent claims, maximize identification of liable third parties (“TPL”), and coordinate with other state agencies to detect fraud. OMIG also has a computer card identification program to identify fraudulent Medicaid recipients.
The OMIG Medicaid Work Plan (the “Plan”) for SFY 2008-2009 is “a road map” explaining the future audit activities. This article summarizes the Plan. For SFY 2008, NYS has entered into an agreement with CMS requiring the State to identify $215 million in Medicaid overpayments. Failure to meet this goal will impact OMIG’s funding, of which 50% is paid for by CMS.
1
On April 6, 2007 James G. Sheehan was appointed as the NYS Medicaid Inspector General. Mr. Sheehan has a long and distinguished career as a federal prosecutor in the U.S. Department of Justice’s Philadelphia Office. As both an Assistant and Associate U.S. Attorney since 1980, he has
In addition to conducting audits and investigations, the OMIG will recommend legislative, policy and structural changes to improve the state Medicaid program. The OMIG’s mission includes enforcing quality standards. The OMIG coordinates its activities with several state agencies, including:
1. Medicaid Fraud Control Unit (“MFCU”) of the Attorney General’s Office 2. State Comptroller
3. Department of Health (“DOH”) 4. Office of Mental Health (“OMH”)
5. Office of Mental Retardation and Developmental Disabilities (“OMRDD”) 6. Office of Alcoholism & Substance Abuse (“OASA”)
7. Office of Temporary Disability Assistance 8. Office of Children & Family Services
9. Commission on Quality Care & Advocacy for Persons with Disabilities 10. Department of Education (“DOE”)
11. Computer Sciences Corporation (“CSC”) 12. Local Governments & Entities
13. NYC Human Resources Administration (“HRA”) 14. Office of Health Insurance Programs (“OHIP”)
Working with all of these different agencies, the OMIG investigates, audits, recovers overpayments, enforces civil and administrative remedies, and develops evidence for criminal prosecution by law enforcement agencies, such as the MFCU. The OMIG will also investigate state and local officials who fail to prevent fraud, waste and abuse in the Medicaid program. The OMIG is located in Albany, and has satellite offices in New York City, White Plains, Hauppauge, Syracuse, Rochester and Buffalo.
Division of Audit
The Division of Audit, together with outside contractors and local district authorities, through the “County Audit/Investigation Demonstration Project,” will investigate and audit compliance with quality of care, accuracy of promulgated rates through cost reports, and all other requirements.
When a health care provider is approved to participate in the Medicaid program, a contractual relationship between the provider and New York State is created. The provider assumes responsibility for complying with all laws, regulations, and manual requirements, especially quality of care requirements. Medicaid providers are required to keep books, records, clinical documentation, fiscal and statistical records and reports to support their claims, rates and cost reports. Most records have to be kept for a minimum of six years. When the government conducts an audit or investigation they can go back and review a six year period. There will also be medical review audits to determine if services were reasonable and medically necessary.
The audit process will include an entrance conference for on-site audits, where the nature and extent of the audit will be explained to the provider. The OMIG will conduct an exit conference to explain their preliminary findings, followed by a draft report. The provider will have thirty days to respond. Thereafter, a final report will be issued. The provider will have sixty days to request an administrative hearing, which will be limited to issues the provider objected to in the draft report. After the hearing decision, a provider can appeal to New York State court by commencing an Article 78 proceeding.
Adult Day Health Care (“ADHC”)
ADHC rates are based on a budget and ceiling of 65% of the skilled nursing facility’s rate for 1990 plus trending. OMIG will audit billing and whether staff meets education, certification and license requirements.
Ambulatory Surgery Service
Services performed at an Ambulatory Surgery Center (“ASC”) are reimbursed at a higher rate than services performed in a hospital. The prerequisite for reimbursement is whether the ASC location is justified for reason of patient safety and administration of anesthesia. The OMIG will audit documentation to justify the ASC services.
Assisted Living Facilities (“ALF”)
ALFs receive a per diem rate for providing certain services and items. These audits will indentify whether other claims are being submitted to Medicaid for services and items covered n the ALF rate. The Commission on Quality Care has opined that the ALF per diem rate is excessive for the services actually provided pursuant to a resident’s treatment plan. The OMIG will also audit this issue.
County Audit/Investigation Demonstration Provider
OMIG has contracted with thirteen counties and New York City to conduct audits and investigations of ambulatory care areas. One hundred audits are expected.
Diagnostic and Treatment Centers
These medical reviews will concentrate on three issues: medical necessity of physical, speech and occupational therapy; compliance with conditions of participation, and provider qualifications.
Durable Medical Equipment
Several issues are the subject of these audits of sample payments and data matches. The OMIG is looking for authorization, delivery, accuracy of claimed reimbursement, “propriety” of DME ordered for institutional residents, accuracy of Medicare co-insurance claims, and proper billing for dual-eligible patients.
Fee for Service Systems Matches
The OMIG will conduct data matches of post-payment data from numerous providers to identify double billing scenarios. Specific matches planned are for over lapping billing issues of: (1) all inclusive products of ambulatory care-clinic rates and billing for related procedures, physician services and testing; (2) dialysis treatment and Epogen; and (3) all inclusive clinic rates and billing for related procedures, physician services and testing. Home Health Care Demonstration Project
CMS has been working with the Medicaid programs of Connecticut, Massachusetts and New York to use a sample approach to identify claims billed to Medicaid that allegedly should have been billed to Medicare. Commonly referred to as Medicare Maximization Audits or “TPL” – Third Party Liability Audits, this tug-of-war issue between Medicare and Medicaid has existed in the Northeast for more than ten years. The OMIG will conduct medical reviews of home health care claims to determine proper billing for these dually eligible patients.
Home Health Services
Home Health Agency Claims and Payments for Personal Care Services will be audited for
authorization, documentation, third-party liability, qualified personnel, and double billing for recipients in institutions whose rates already cover these services.
Home Health Care In Audit Home Settings - Based on its victory in the decision in the Matter of First to Care Home Care, Inc., the OMIG will audit to identify Medicaid
over-billing for home health care services provided to residents of Adult Homes by certified home health agencies. The over-billing occurs because personal care services are already included in the daily rate of the Adult Home.
Hospice Services
The OMIG will audit, data match and conduct medical reviews of:
1. Compliance with DOH regulations on hospice, CON, governance and patients rights.
2. Duplicate billing for routine home care and general inpatient care days. 3. Whether services were authorized, documented, and were billed to liable third
parties.
4. Whether personnel meet regulatory, education, medical and experience requirements.
5. Whether the patient is terminally ill. Hospitals
The OMIG will audit for inappropriate up-coding of diagnosis, justification of ASC services, return of credit balance, pursuit of TPL, legitimacy of disproportionate share hospital payments, and compensation of hospital based physicians with respect to direct patient care, and administrative services.
Laboratory Services
A sample of claims will be audited for orders, availability of test results, proper billing, TPL, unbundling from a clinic rate, and whether lab tests are included in the rate for resident of facilities.
Managed Care/Data Mining Project
Managed Care plays a significant role in the NY Medicaid Program. There are eleven health maintenance organizations, sixteen prepaid health service plans, seventeen managed long term care plans, four primary care partial capitation providers, and three HIV special needs plans. The OMIG will audit twenty-one different issues involving these plans, including: billing for deceased, incarcerated or out-of-state enrollees, stop loss payments, immunization, patients in skilled nursing homes, family planning, Supplemental Security Income, birth payments prior to birth, duplicate payments, documentation, newborn and maternity payment errors, multiple client ID numbers for same person, Graduate Medical Education, Federally Qualified Health Center, retroactive disenrollment, reported costs by MCO Plan Companies, Prepaid Mental Health Plans, and Compliance contract reviews.
Medicaid in Education
OMIG will work with DOH and DOE to provide guidance, monitoring, and training for providers. Both pre-payment and post-payment claims reviews will be conducted of providers with billing problems.
Medicare Payment Recovery
More Medicare Maximization audits of home health agencies will be conducted to resolve dual eligible claims identified by the Center for Medicaid Advocacy.
Nursing Facilities
The OMIG will conduct rate audits focusing on issues involving base year, rate appeals, property/capital costs, rollovers, dropped ancillary services, patient review instruments and bed reserve payments.
Office of Alcoholism and Substance Abuse Services (“OASAS”)
The OMIG and the OASAS will work together to investigate Medicaid fraud, waste and abuse by chemical dependence providers. Audits will focus on missing progress notes, treatment plans, missing signature on treatment plans, medical necessity, excessive services, and use of Code 10 for administrative delays in prior authorization process. Office of Mental Health
OMIG will review Medicaid payments made for case management services, community residence rehabilitation services, and outpatient mental health services provided by clinics continuing day treatment, partial hospitalization, and intense psychiatric rehabilitation programs.
Office of Mental Retardation and Developmental Disabilities (“OMRDD”)
OMRDD currently has existing Medicaid audit processes and refers suspected Medicaid waste, fraud and abuse, lack of documentation to support the filed claims, and providers who self disclose issues related to Medicaid billing and payments to OMIG.
OMIG will be working with OMRDD on more expansive reviews of day treatment
providers, clinic and HCBS waiver providers, as well as case management providers who do not pass OMRDD’s initial review. OMIG will also investigate whether the Health Care Benefits administrative subsidiaries, which are supposed to be used to subsidize health care premiums for patient care staff, have been properly utilized.
Pharmacy
OMIG will audit selected in-state and out-of-state pharmacies that bill Medicaid, and will review claim information and actual prescriptions to determine compliance. OMIG will also audit for pharmacy claims submitted after Medicaid beneficiary has died. During the audits, OMIG will also verify the ordering providers’ licenses.
Physicians
OMIG will be focusing on physicians who have or ordered a high volume of controlled substances.
Pre-Payment Review
OMIG will be conducting pre-payment reviews on a multitude of providers who submit claims for medical services, equipment and supplies provided to Medicaid recipients. OMIG has a stated goal of increasing the number of providers under review by 50%, and increasing the number of referrals to the Bureau of Medicaid Audit and Bureau of Investigations and Enforcement.
OMIG will also review payments made under the Home and Community Based Services waiver programs for the Long Term Home Health Care Program and Traumatic Brain
Social Security Act, and payments made for transportation services. Third Party Match & Recovery
OMIG will use the following methods for identification of fraud or overpayments: 1. Retroactive recovery
2. Data matching – both for future and past claims 3. Payment integrity
4. Prepayment Insurance Verification Other Fraud & Abuse Initiatives
New York is the tenth state participating in the CMS-sponsored Medi-Medi project. Under this initiative, Medicare and Medicaid computerized matching and data analysis is performed. This program is being used for both Medicare and Medicaid fraud and abuse detection.
OMIG’s Division of Investigations and Enforcement had the following units to combat fraud and abuse:
Investigations and Enforcement Unit. The Bureau of Investigations and Enforcement
investigates fraud and misconduct of providers and beneficiaries. Its responsibilities include:
1. Investigation of health care fraud together with MFCU and the OIG; 2. Investigation of beneficiary fraud; and
3. Special projects, including provider exclusions and terminations.
Recipient Control Unit, which is comprised of:
1. Recipient (Beneficiary) Surveillance and Utilization Review Subsystem Unit; 2. Recipient Restriction Program Unit;
3. Recipient Restriction Program Implementation and Outreach Unit; and 4. Medical Utilization Threshold Program Unit.
The Recipient Control Unit is also working on three specific projects: 1. Duplicate Client Identification Number Project;
2. Prescription Forgery Project; and
3. Provider Beneficiary Intersect Special Projects
Provider Surveillance and Utilization Review Systems Unit. This unit focuses on the
care and services provided to Medicaid recipients. This Unit works with MFCU, OPMC, and the State Board of Education, the Bureau of Controlled Substances, OMIG Bureau of Medicaid Audit and other government agencies.
Enrollment Audit Review. This unit is responsible for the review of provider
enrollment and reinstatement applications. Office of Counsel
The following items are included in the Office of Counsel Work Plan for FY 2008: 1. Creation and Revisions of Regulations
2. Industry Compliance Guidance 3. Corporate Integrity Agreements 4. Bureau Support
5. Administrative Decision-Making 6. Hearings and Litigation
What Should A Medicaid Provider Do To Protect Itself?
With all this scrutiny by so many different parties – federal, state, contractors and whistleblowers – it is imperative that every provider have and implement a compliance program. What is a compliance program? The origin is a footnote to the United States Sentencing Commission Guidelines which describes a compliance program as “an
effective program to prevent and detect violations of law means a program that has been reasonably designed implemented, and enforced so that it generally will be effective in preventing and detecting criminal conduct. Failure to prevent or detect the instant offense, by itself, does not mean that the program was not effective. The hallmark of an effective program to prevent and detect violations of law is that the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents.” See U.S. Sentencing Commission Guidelines § 8A 1.2, application Note 3(k).
An effective compliance program consists of eight components. It must have Compliance Standards and Procedures that are reasonably capable of reducing the prospect of criminal conduct. A statement of Corporate Philosophy, a Code of Conduct and an employee manual are recommended. The provider should have implemented Steps to Detect and Prevent Offenses which may occur in an organization engaged in providing health care services and items. The provider should have a Compliance Officer and a Compliance Committee who have the authority and responsibility to oversee the
operations of the provider. The goal is to ensure that the laws, regulations, standards and procedures of the particular type of provider are followed. The Compliance Officer should be an individual with integrity, who is approachable by anyone and respected by his or her colleagues. The Compliance Officer must have the confidence of senior management, and simultaneously be independent enough to report to the Board of Directors. The provider must exercise Due Care in Delegating Discretionary Authority to individuals that the provider knows, do not have a propensity to engage in illegal activities. For example, criminal background checks of employees should be a standard practice. There should be Employee Training on a regular and repeated basis of the rules and policies governing the operation of the provider. Policies should be written so that they are easy to
understand and should be available, for example, the DRA policies on federal and state False Claims laws. There should be ongoing auditing and monitoring both by independent consultants hired through health care counsel to preserve attorney client privilege, and internal compliance staff to ensure compliance with rules and standards. The provider should have a penalty-free and confidential reporting mechanism, such as a hotline. The provider should implement Enforcement and Discipline of violators no matter what position they hold in the company. Finally, the provider needs to have a Response and Prevention Procedures if a violation of the law is discovered. The response should include an internal compliance investigation conducted by health care counsel, a voluntary disclosure if appropriate, and fixing the cause of the problem so it is not repeated.
An attorney who specializes in health care should create your compliance program. Unlike other industries, normal business practices in the health care industry may be considered a kickback for referrals or an inducement to patient to choose your provider. Paying for referrals in health care may land you in jail. Business relationships between providers usually involves parties that can refer patients to each other for health care services or items. Many of the rules governing these relationships are federal and have parallel state laws. The main areas of concern are state license laws, state corporate practice of medicine laws, anti-kickback laws, physician self referral laws, patient
inducement or solicitation laws, fee splitting laws, cost report rules and complex Medicare and Medicaid reimbursement rules. This minefield of federal and state regulations can be
for a provider to use an attorney who does not have health care experience. The press is always reporting about people who became millionaires overnight as a result of
whistleblower or relator lawsuits. In this highly regulated and ever-increasing investigatory environment which has been heightened by the requirements of the DRA, it is wise to protect your business and yourself from corporate and personal liability, as well as audits and investigations performed by CMS’s new Medicaid Integrity Program and the state Medicaid Fraud Control Unit.