New resources will combat major weaknesses in Medicaid fraud detection

How effectively does the Medicaid Statistical Infor- mation System (MSIS), the only nationwide Medicaid eligibility and claims information source, detect fraud, waste, and abuse? Not very, according to a new report which found the MSIS failed to capture data elements that can assist in fraud, waste, and abuse detection. Also, the MSIS fully quality-checked, validated, and released for use only 54% of quarterly data files submitted by states, and took an average of 18 months to evaluate and release the data for public use.

These are some of the findings of a report on the ability of the Medicaid Statistical Information System (MSIS), the only nationwide Medicaid eligibility and claims information source, to detect fraud, waste, and abuse.

The August 2009 report, MSIS Data Usefulness for Detecting Fraud, Waste and Abuse, from the Department of Health and Human Services' Office of Inspector General (HHS OIG), analyzed over 3,000 quarterly data files states submitted for analysis for fiscal years 2004-2006 to the Centers for Medicare & Medicaid (CMS).

According to CMS spokesman Peter Ashkenaz, "the findings were not a surprise, as the report discusses previously identified gaps in MSIS. We will be working closely with state Medicaid directors as we look to expand and improve on the timeliness, quality, and depth of MSIS data."

Part of CMS' multipronged plan going forward involves incorporating lessons learned from individual state Medicaid program efforts, to inform efforts on the regional and national levels. "We are committed to deploying to states evidence-based tools that that they can use to combat waste, fraud, and abuse in Medicaid. We have made great headway in this area through conducting routine state program integrity reviews," says Mr. Ashkenaz.

Data from the State Program Integrity Assessment (SPIA), the first national data collection of state Medicaid program integrity activities, will establish a baseline assessment of each state that can be analyzed yearly to measure performance over time. Also, for the first time, states will have access to information on other states' program integrity activities.

CMS also plans to work with other entities, including the HHS OIG, to provide knowledge about program integrity to state Medicaid agencies. "OIG produces Management Implication Reports based on their audits and evaluations. CMS reviews those reports and will glean best practices for states from them," says Mr. Ashkenaz. "We see a stronger jurisdictional and cross-payer approach to attacking fraud and abuse. This means more work between Medicare and Medicaid, and between Medicaid and private insurers."

Mark Trail, a principal of Atlanta-based Health Management Associates and former director of Georgia Medicaid, notes that there is a difference between fraud and abuse. While the former requires criminal intent for personal gain from deliberate misrepresentation, the latter can include patterns of deviation from standards of practice; failure to properly price or bill for services; excessive use of services; failure to properly document service or level of service; and many other possible combinations.

"For most Medicaid agencies, it is difficult to find. First, because there are so many providers," says Mr. Trail. Most states have tens of thousands of Medicaid providers, and larger states may have in the hundred-thousand range, submitting millions of claims a month.

Most state detection systems do both prospective medical reviews, such as prior authorization for high-cost radiology services, and retrospective claims reviews looking for aberrant patterns of practice. "This can be accomplished by comparing the provider to similar peers," says Mr. Trail. For example, a physician may bill in the 90% range for the highest-cost evaluation and management codes, while most of their peers use the highest codes only 50% of the time. Once this is identified, an actual medical file review determines whether the physician actually did the higher level of service. "If this is not supported by the records, a recoupment would be sought. If the pattern was egregious enough, the provider could be referred on for a fraud investigation and possible criminal charges," says Mr. Trail.

Since the process is labor-intensive, resources have become an issue for many states. However, Mr. Trail said that as states have been fairly aggressive with fraud detection efforts over the years, "it's unlikely that the abuse is as great as some purport. The real issue is whether the detection technology and resources can be sufficiently improved to get at the remaining abuse in the system and accomplish the anticipated return on investment."

Sarah Lueck, a health policy analyst at the Center on Budget and Policy Priorities in Washington, DC, says the Payment Error Rate Measurement program, used by CMS to measure improper payments in Medicaid and the Children's Health Insurance Program, is at times mistakenly cited as fraud instead of errors. Another misconception is that fraud and abuse mainly involve beneficiaries deliberately misrepresenting their situation to try to get onto Medicaid. "That is just not the case, and there is no evidence that is going on. We are really talking about provider issues," says Ms. Lueck. "In particular, some of the biggest dollar recoveries that the federal government has been able to get have come from settlements with prescription drug makers."

Effective communication is key

Lisa Simonson Maiuro , MSPH, PhD, a consultant in the Sacramento, CA, office of Health Management Associates, says that one of the biggest challenges for Medicaid is effective communication between the audits and investigation field staff who get leads on fraud, and individuals who can use the Medicaid Management Information System/Decision Sup- port System (MIS/DSS) to effectively mine the data and substantiate the fraud.

This observation is based on her position several years ago with a Medicaid MIS/DSS vendor. During that time, she oversaw a research group that addressed issues of fraud and abuse in the state Medicaid program, and she served as an expert witness to prosecute a provider who was defrauding Medicaid by using other provider IDs. After a tip was received, subsequent data analysis resulted in a successful case against that provider.

"While our unit had many algorithms to identify data outliers that may reflect fraud, there were a lot of false positives," says Dr. Maiuro. "Often, it was difficult to make a strong case from the data alone that there was fraud and abuse." For this reason, more effective detection and prosecution could occur through a stronger collaboration between field workers and Medicaid analysts.

Another major challenge is that of finding resources in an economically strained environment to detect and substantiate fraud or abuse. "While data analysis alone may not always be successful, it is an important component in the process," says Dr. Maiuro. "As many Medicaid programs face cutbacks, there are fewer resources available to keep up with the scam of the day and analyze data for patterns or irregularities that warrant further investigation. Even with ARRA [the American Recovery and Reinvestment Act], HIT funding state resources are so tight."

A November 2009 report, "The Fiscal Survey of States," from the National Governors Association and the National Association of State Budget Officers, both based in Washington, DC, forecasted continued fiscal difficulties for states. State revenues are expected to remain depressed throughout FY 2010 and likely into FY 2011 and FY 2012.

"Just this year, Medi-Cal terminated adult dental, a service it had offered for more than 40 years," says Dr. Maiuro. "With so many states facing budget problems that are likely to last well into the next decade, I'm guessing that simply providing services is going to be a struggle, much less focusing on fraud."

Patrick W. Finnerty, director of Virginia's Department of Medical Assistance Services (DMAS), says the department has worked with CMS and other national entities to have "a strong national Program Integrity presence."

"The department has consolidated its Program Integrity provider review resources across divisions," says Mr. Finnerty. The Program Integrity Division uses sophisticated data-mining software to identify providers whose billing practices appear aberrant in relation to their peers. An annual provider review plan assures that an appropriate number of providers is audited, and targets provider types which have the potential to be problematic based on certain risk factors.

"The plan is developed using national data and trends regarding provider types and risk assessments that are prone to inappropriate billing and integrity issues," says Mr. Finnerty.

More resources available

The health care reform discussion has addressed new efforts for fraud prevention and control in Medicaid and Medicare. "There are a few different ideas that have been incorporated in the various bills. One is an enhanced screening process for medical providers that are going to be billing the program," says Ms. Lueck. "There is definitely interest in trying to make sure federal programs are run as efficiently as possible."

As part of ARRA's Hi-Tech Act provisions, more resources are being made available to auditors and investigators. "Some of these efforts are new, and some are consolidations of previous efforts," says Dr. Maiuro. "All represent increased exposure for health care providers to additional audits and claims by the government for reimbursement of previous payments, or even claims of fraud or abuse. I have no sense about how successful these will be."

One example is a new CMS program, Medicaid Integrity Contractors, which refers suspected fraud cases to the OIG for prosecution or sanctions. Other efforts include the Fraud Enforcement Act of 2009, and the Healthcare Fraud Prevention and Enforcement Action Team, a new interagency collaboration to combat Medicare and Medicaid fraud. "The initial plan called for the departments to expand Medicare Fraud Strike Force team operations currently operating in South Florida and Los Angeles to two additional metropolitan areas, Detroit and Houston," says Dr. Maiuro.

The Strike Force teams use a data-driven approach to identify unexplainable billing patterns and investigate the providers for possible fraudulent activity. "These will increase the use of on-site visits during provider and supplier enrollment, increase training and resources for providers on Medicare and Medicaid compliance, and improve data coordination between CMS and law enforcement to better identify patterns that lead to fraud," says Dr. Maiuro.

Contact Mr. Ashkenaz at peter.ashkenaz@cms.hhs.gov, Mr. Finnerty at (804) 786-8099 or Patrick.finnerty@dmas.virginia.gov, Ms. Lueck at lueck@cbpp.org, Dr. Maiuro at (916) 446-4601 or lmaiuro@healthmanagement.com and Mr. Trail at (404) 313-8432 or mtrail@healthmanagement.com.