Medicare Advantage: Where Are the Audits?

Medicare Advantage (MA) programs continue to gain popularity, with about one-third of Medicare beneficiaries currently enrolled in a variety of MA programs. MA plans are issued by MAOs, or Medicare Advantage Organizations, that are typically insurance companies.

Medicare beneficiaries are attracted to these programs because they offer increased coverage for little increase in cost, relative to traditional Medicare. The MAOs like these programs because their payment from Medicare is risk-adjusted. This means that the MAOs receive extra payment for sicker patients. This is the point at which the system can be gamed, with high risk scores being developed by using additional diagnoses that may or may not be reflected in the documentation.

Providers, particularly physicians and hospitals, experience challenges with the various MA programs. Claim adjudication and payment occurs through contracts that can be quite different from each other, and certainly from the various rules and regulations found with traditional Medicare. If a non-contracted or out-of-network provider is providing services, then payment is made by the MAO under the traditional Medicare rules and regulations. This means that questions may arise as to how an MAO will adjudicate a claim under traditional Medicare rules while the MAO’s adjudication system has been developed to address claims under its contracted system.

While different entities, Medicare beneficiaries, providers, and/or MAOs are affected differently by the fashion in which MA programs have been established, again, there is a point at which fraudulent activity can easily occur: with the risk adjustment process that provides extra payments to the MAO for including sicker patients. It is all too easy to include, either purposefully or inadvertently, additional diagnosis codes that increase the risk adjustment factor. The actual calculation of the risk factor is through a separate system called the hierarchical condition categories (HCCs). 

Routine auditing is the mechanism generally used to make certain that the risk adjustment factor and the supporting documentation are appropriate. This auditing includes risk adjustment data valuation audits (RADV), of which there are two types: comprehensive and condition-specific. Comprehensive RADV audits cover all cases, while the condition-specific audits are limited in scope to high-risk conditions.

In order to perform a RADV audit, a number of different steps must be taken, including the following:

• Establish the statistical extrapolation parameters;
• Retrieve or otherwise access the medical records for selected cases; and
• Review the diagnosis coding and supporting documentation for valid coding and assignment of the risk factors.

Statistical extrapolation cases are generally vulnerable to questions and appeals. Thus, any sort of audit using statistical extrapolation will need careful review regarding how it is parameterized. When statistical extrapolation is used to gauge MA risk as well as in other types of matters, a mathematician or statistician should be retained to review the case.

Now, what about the medical records? The big question here is this: who has the medical records, and how can they be accessed for audit? This is where the variability in the MA programs becomes apparent. In some cases, the medical records will need to be retrieved from providers such as physicians and hospitals. If the providers are members of a tightly organized network, then the medical records may already be centralized through the network. Thus, access to and transference of medical records can be a major issue for these risk-adjusted audits, depending upon certain circumstances.

The third issue is that of reviewing the records and validating that the appropriate risk adjustment factor is being used. What kind of expertise is needed in order to accomplish this part of an audit? Well, it is going to have to include that of professional coding staff, nurses, and/or other clinically oriented personnel. Is it possible that an appeal could be made, even relative to the issue of competent personnel and correct interpretations?

Where do the Recovery Audit Contractors (RACs) fit into this process?  The Patient Protection and Affordable Care Act of 2010 requires that the RACs be involved in such audits. This involvement has not occurred uniformly. Perhaps with the new contacts, this will finally become a reality.

Whistleblowers are now coming forward indicating that fraudulent activities have occurred within the MA programs. Various reports and estimates of overpayment suggest that billions of dollars were involved. The normal way to address this kind of issue is through an aggressive audit program. Even when audits are conducted, the findings may be challenged through a rather lengthy appeals process.

This brings us to our main question: where are the risk adjustment audits? The simple answer is that they appear to be making little headway relative to the numbers of claimed overpayments and amounts that need recoupment. Even trying to accurately calculate the potential overpayment still appears to present a problem, given that the MA program is more than a decade old.

U.S. Sen. Chuck Grassley (R-Iowa) sent a letter to the Centers for Medicare & Medicaid Services (CMS) on April 17, referring to a report from the Center for Public Integrity estimating that about $70 billion in improper payment occurred during the years of 2008 through 2013.

Sen. Grassley said he sought answers to questions such as:

• How many audits have taken place since the inception of the MA program?
• What kind of recoupments haven been made?
• What audits are planned?
• Will each MAO have some sort of audit each year?
• How will the RACs become involved in this process?
• How is the appeals process going to be made functional?

Be sensitive to the fact that with billions of dollars at stake over a period of several years, withdrawal from the MA program and/or some sort of bankruptcy on the part of a given MAO is a real concern.