What the OIG Study Means for Providers

By Michael D. Bossenbroek

In August 2013, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a report addressing Recovery Audit Contractors’ (RAC) identification of improper payments and oversight of the RAC program by the Centers for Medicare & Medicaid Services (CMS).

The report followed two prior studies conducted by the OIG and Government Accountability Office. These prior reports charged CMS with inaction in addressing potential fraud referrals by contractors, inaction in addressing improper payment vulnerabilities and a general lack of oversight of its contractors.

With these reports in mind, the OIG conducted a study collecting data from fiscal years (FYs) 2010-2011, to determine the extent to which:

1. RACs identified improper payments for services billed to the Medicare program;
2. CMS addressed improper payment vulnerabilities with corrective actions;
3. RACs referred potential fraud to CMS and CMS took action on those fraud referrals; and
4. CMS evaluated RACs’ performance responsibilities and whether CMS’s evaluation metrics addressed contract requirements.

The OIG noted, “Given the critical role of identifying improper payments, effective oversight of RAC performance is important.”

With respect to RACs’ identification of improper payments, the OIG’s study revealed that RACs reviewed 2.6 million claims in FYs 2010-2011, and identified improper payments in approximately half of them, totaling $1.3 billion. Notably, claims from inpatient hospital stays accounted for 88% of all recovered or returned improper payments. Delivering medical services in inappropriate facilities or billing incorrect codes on Medicare claims accounted for over half of all recovered or returned improper payments. Additionally, hospitals were identified as the top five providers with the largest improper payment amounts.

Despite RACs’ findings, the OIG report noted that CMS oversight of the RAC program is seriously lacking. In FYs 2010-2011, CMS identified 46 “vulnerabilities”, which CMS defined as any specific issue resulting in more than $500,000 in improper payments. However, according to the OIG’s findings, CMS took corrective action to remedy only 28 of the 46 vulnerabilities, which were associated with $1.86 billion in improper payments. Further, the OIG found that CMS never evaluated the effectiveness of its corrective actions. As a result, the OIG concluded that large amounts of improper payments may continue.

Further, the OIG noted that CMS failed to take action on six potential fraud referrals that it received from RACs in FYs 2010-2011, and that CMS failed to provide fraud identification and referral training to RACs in FY 2011.

The OIG concluded its study with the following recommendations for CMS:

1. Address existing vulnerabilities that are pending corrective action and evaluate the effectiveness of those actions;
2. Ensure that RACs refer all appropriate cases of potential fraud to CMS;
3. Review and take appropriate and timely action on RAC referrals of potential fraud; and
4. Develop additional performance evaluation metrics to improve RAC performance and ensure that RACs are properly evaluated based on contract requirements.

Significantly, the CMS administrator, Marilyn Tavenner, responded to the report, stating that CMS concurred with recommendations 1, 2 and 4. CMS did not specifically concur with recommendation 3, stating that it reviewed the six RAC referrals and forwarded four of them to Zone Program Integrity Contractors (ZPICs) to determine whether the providers committed Medicare fraud.

Providers, and especially hospitals, should take note of CMS’s response to and concurrence with the OIG’s recommendations.

Increased oversight of RACs and annual metric-based performance evaluations may lead to more effective and efficient RACs in the future. Additionally, fraud audits may be pursued with increased vigor, due to additional training programs for RACs and the OIG’s request for increased collaboration with ZPICs. Hospitals are particularly vulnerable to the OIG’s recommendations, as claims concerning inpatient hospital stays proved a particularly profitable subject for RACs in FYs 2010 and 2011. Providers should ensure that medical services are billed under the appropriate codes and that medical documentation supports the services billed and the level of care provided. Hospitals should have a clear and working understanding of CMS’s Hospital Inpatient Prospective Payment System Final Rule for FY 2014 (CMS-1455-F; CMS-1599-F), and seek clarification early on to establish a compliance program for the new rule, if one is not yet in place.

Providers may further insulate themselves from RAC audits through the practice of self-auditing and by taking advantage of the Self-Disclosure Protocol (SDP) when providers identify fraud. In the wake of the OIG’s recommendations, all providers - especially hospitals - should anticipate increased RAC oversight by CMS and renewed activity by RACs to achieve the OIG’s recommendations. Consequently, providers should review their existing compliance programs to ensure they comply with current CMS policy.

Michael Bossenbroek is an attorney at Wachler & Associates, P.C. Mr. Bossenbroek primarily represents healthcare providers and suppliers in the defense of RAC, Medicare, Medicaid, and third party payor audits.