Insights from OIG’s Strategic Plan for Oversight of Managed Care (Part II)

Podcast
January 30, 2024
11:33 minutes

Following their first discussion surrounding the Strategic Plan for Oversight of Managed Care for Medicare and Medicaid and its impact on the first two phases of the managed care life cycle: plan establishment and enrollment and associated enforcement and regulatory actions, Ropes & Gray health care partner Devin Cohen and litigation & enforcement partner Andrew O’Connor provide an overview of the final two stages of the managed care life cycle: payment and services to people. They discuss ongoing enforcement trends in light of the Strategic Plan and note a market shift among plans, providers, and vendors, to a more proactive approach to monitoring and oversight.


Transcript:

Devin Cohen: Hello. Welcome to part two of our discussion of the Office of Inspector General’s Strategic Plan for Managed Care, and how that plan highlights recent regulatory and enforcement actions in the managed care space. My name is Devin Cohen—I’m a health care partner at Ropes & Gray, and with me today is Andrew O’Connor, a partner in our litigation & enforcement practice group.

On our last podcast, we spoke about the first two phases of the managed care life cycle: plan establishment and enrollment and associated enforcement and regulatory actions. To recap, we discussed how providing inaccurate information to CMS during plan establishment or the bid process can improperly inflate payments in a way that OIG has been focusing on, as well as the risks related to aggressive marketing tactics that might be untruthful or deceptive. This week, we will discuss the final two stages of the life cycle: payment and services to people. Andrew, why don’t you take it away?

Andrew O’Connor: Thanks, Devin. Good to be back. The third phase of the managed care life cycle that OIG focuses on is the payment stage. And candidly, this is where we’ve seen the most DOJ attention in terms of recent enforcement actions. It’s during the payment phase that the federal government’s financial risk really is related to capitation payments, especially those based on risk adjustment. Now, as you may know, risk adjustment provides higher payments to plans for individuals who are sicker and require more care to ensure that the costs to the MAO are being covered. Given that financial incentive, OIG has expressed concerns over the years about incentives on the part of plans to overstate the conditions that enrollees might have in order to take advantage of higher reimbursement rates. And so, what OIG is reiterating here is that compliance organizations within the MAOs really ought to be laser-focused on ensuring the accuracy of risk adjustments and medical loss ratios and the other value-based care mechanisms that feed into the payment process. OIG has also said that it will continue to investigate overlap between providers who they believe are engaging in problematic behavior in the fee-for-service world who also are providing services through managed care networks. So, Devin, this is another area, especially with respect to risk adjustment, where we’re seeing a lot of enforcement activity.

Devin Cohen: I think that’s right, and it comes really on the tail of the settlement in U.S. v. Cigna Corp. for $172 million this past fall. Here, Cigna-affiliated plans contracted at a fixed fee with vendor health care providers to conduct home visits as part of Cigna’s “360 Comprehensive Assessment.” Based on each visit, the vendor health care professional (“HCP”) completed a Cigna-created form to document a wide range of medical conditions, and Cigna’s coding team then identified the diagnosis codes that correspond to the reported conditions and submitted them to CMS for risk adjustment purposes. In doing, Cigna identified 12 classes of generic chronic diagnoses viewed as “often underdiagnosed,” for example, and through trainings and seminars, allegedly encouraged the vendor health care practitioners to make these diagnoses. This alleged use of vendors to systematically add diagnoses for risk-adjustment purposes in order to receive higher payments, particularly without a review of codes that might need to be removed from a record for inaccuracy, is exactly the sort of behavior that the Strategic Plan hopes to address. And as a result, Cigna and DOJ entered into a five-year corporate integrity agreement with the Department of Health and Human Services and its OIG.

Andrew O’Connor: Yes, Devin, and that corporate integrity agreement includes a number of accountability and auditing provisions that focus on the importance of substantiating diagnosis codes with medical record documentation. Not surprisingly, this is an area where OIG says compliance departments should be focused, making sure that the medical record documentation adheres to ICD-10 requirements, so that coders can really readily identify whether diagnoses are consistent with the documentation and adequate clinical evaluation needed to underlie those diagnoses. Now, the government did not pursue any vendors in the Cigna case, but I will say that we’re seeing increased focus on the part of vendors who are involved in some of these kinds of reviews on the compliance concerns that OIG has mentioned here, because there certainly is a possibility that DOJ may turn its attention to those who are actually involved in the process of adding diagnoses, for example, in addition to focusing on the MAOs who ultimately benefit.

All right, now we’re onto the fourth and final phase that OIG laid out in its recent guidance, and that has to do with risk around the provision of care. When it comes to providing care, OIG is really focused on ensuring that patients are getting the care they need. Various commentators and oversight agencies have expressed concern over the years about the incentives that managed care provides that might incentivize plans to undertreat patients. They’re very concerned about barriers to care that patients actually need, and they want to ensure that while the care provided is done so in a cost-effective way, that patients are still able to get the kind of care they expect and deserve. And here, historically, OIG has focused on things like prior authorization restrictions, and so, it’s not surprising to see this new guidance continue that focus, not just on prior authorization but also on efforts to ensure network adequacy, to identify and weed out problematic providers within the network, to making sure that the coverage determinations are accurate and consistent with plan guidelines, and just ensuring that enrollees are receiving the care that meets industry standards.

OIG has also addressed this point in the recent final rule, which actually lays out several specific requirements relating to prior authorizations in particular, and I think it’s worth just highlighting those. So, under the recent rule, the coordinated care plan prior authorizations can only be used to confirm the presence of diagnoses or medical criteria that ensure that an item or service is medically necessary—that’s the purpose, number one. Number two, coordinated care plans must provide a minimum 90-day transition period when an enrollee currently undergoing treatment switches to a new MA plan, and during that 90-day period, the MA plan may not require prior authorization for the active course of treatment. Third, Medicare Advantage plans must establish a utilization management committee to review policies annually and ensure consistency with traditional Medicare’s national and local coverage determinations and guidelines. Finally, approval of prior authorization requests for course of treatment must be valid for as long as the treatment is medically reasonable and necessary to avoid any inappropriate disruptions in the patient’s care. Those specific regulatory requirements around prior authorizations and the OIG’s focus in its recent guidance on the provision of care really underscore the desire on the part of the U.S. government oversight agencies to ensure that plans are not putting up artificial roadblocks to reduce the kinds of care that patients need medically but may accrue additional costs to the plan. So, that’s another area where, I think, DOJ in particular, sees issues and tends to be very energetic in pursuing potential action. Devin?

Devin Cohen: Yes, and I think the prior authorization implications will also have a ripple effect with the providers that are delivering the care and on what’s going to be in their contracts, particularly a Participating Provider Agreement between those providers and the Medicare Advantage plan. There will likely be fewer prior authorization requirements in these agreements moving forward and in the provider manuals related to them—that’s not unexpected, but providers should also expect, I think, for ancillary results of these adjustments, more expansive on-site audits, more expansive requirements for electronic submissions fraud, as well as circumstances where the plan may try to claw back certain amounts of payments if, as a result of extrapolation or risk adjustment, a provider’s record causes the plan to have additional claims clawed back and additional repayments. The role of the primary care physician here really becomes key as the gatekeeper to limit costs on behalf of these plans but also to ensure that the patients are receiving medically necessary services.

The OIG’s and DOJ’s continued scrutiny on fraud and abuse risks in managed care follows ongoing industry discussions on best practices from mitigating False Claims Act risk through compliance safeguards. It’s clear that the agency believes sufficient programmatic safeguards are required to ensure that plans are not submitting claims of reckless disregard or otherwise under the False Claims Act. Now, in light of the Strategic Plan and ongoing enforcement trends identifying potentially suspect plan, provider, and vendor conduct, many in the market are shifting to a more proactive approach to monitoring and oversight—particularly with respect to auditing provider records to satisfy OIG and DOJ expectations for an effective compliance program. While those continue to evolve, we do understand, and we appreciate, the ongoing need for an effective compliance program in the event of a defense against the False Claims Act allegation.

Andrew O’Connor: Thanks, Devin. Thanks everyone for listening. If you found today’s conversation to be useful, check out Ropes & Gray’s other podcasts. You can subscribe now wherever you listen to your podcasts, including Apple and Spotify. Thanks again for listening.

Subscribe to RopesTalk Podcast