Regulatory bodies are increasingly using data analytics to guide their audit processes to great effect. In this landscape, compliance can no longer be an afterthought. Health plans must take proactive steps to address issues before they arise so they may focus their valuable time and resources on what matters most—caring for patients.

Navigating health care’s complex risk adjustment compliance landscape can feel akin to playing whack-a-mole. New regulations, evolving audit methodologies, and increased scrutiny are a constantly moving target that pose significant challenges for health plans, which are already under strain as we head into year three of the pandemic. Compounding the issue, available solutions are often piecemeal and lack the analytical rigor to address problems at their root.

To cut through the noise, we’ve broken down everything you need to know about compliance audits in 2022. The overarching theme: Regulatory bodies are increasingly using data analytics to guide their audit processes to great effect. In this landscape, compliance can no longer be an afterthought. Health plans must take proactive steps to address issues before they arise so they may focus their valuable time and resources on what matters most—caring for patients.

CMS ramps up RADV audits

When it comes to RADV audits, 2022 is a mixed bag for health plans. The good news is that the Centers for Medicare & Medicaid Services (CMS) is holding off on publishing its final Medicare Advantage Risk Adjustment Data Validation regulations until November of this year. This means plans can continue audit preparations for now without worrying about an updated methodology. However, they should be prepared for changes that could result in $1 billion in clawbacks for improper payments.

CMS has also taken steps to ramp up the scope and scale of its audits, doubling its 2021 budget for fraud, waste, and abuse mitigation. With this additional funding, the agency is investing in a number of areas—from hiring more administrative law judges to reduce the five-year backlog at the third level of Medicare provider appeals, to expanding its Targeted Probe-and-Educate process, and putting more money into predictive analytics and data mining tools designed to identify instances of overcoding.

OIG doubles down on tools to increase audit oversight

Health plans will also need to contend with the Office of Inspector General (OIG) pursuing its own targeted audits, which should come as no surprise given the well-publicized crackdown on billions in improper payments. While RADV audits review a sample of ~200 members and their HCC codes, OIG auditors can be much more comprehensive, spending nearly a week reviewing a plan’s entire risk adjustment process, including coding, policies and procedures, and sample Risk Adjustment Processing System (RAPS) data.

Like CMS, the OIG is increasingly leveraging analytics and other technologies such as artificial intelligence to automate the analysis of billions of records and data points. Over the last year, the agency has focused on enhancing existing tools as well as developing new methods to rapidly identify patterns, trends, and geographical hotspots that show a high potential for fraud, and then extrapolating that information to uncover similar instances. Looking to the year ahead, health plans should expect the OIG to increase scrutiny around telehealth. While no official auditing policy is currently in place, the agency recently announced it was engaged in roughly eight audits and studies related to telehealth as of August 2021, indicating more to come.

The DOJ and the False Claims Act

In September 2020, the Department of Justice (DOJ) launched the National Rapid Response Strike Force within its Health Care Fraud Unit to combat COVID-related fraud. In a recent keynote address, the DOJ celebrated the program's success, noting that its use of analytics has led to the prosecution of $8 billion in telehealth fraud and May 2021 criminal charges totaling $143 million in false billings. While the federal government has recognized the benefits of telehealth, and recently moved to permanently expand Medicare coverage for select services, it has also taken aggressive measures to combat fraud, waste, and abuse associated with its use.

While the focus of these investigations has been squarely on providers, health plans should be aware that this is the tip of the iceberg of a larger federal crackdown which opens the door for further scrutiny. For example, it may look for instances where telehealth was an inappropriate setting to submit a given diagnosis code, including codes that need to be documented in person or codes on audio-only visits that actually require videoconferencing to be risk adjustable. Such reviews could not only uncover cases of fraud, but honest mistakes that a health plan may fail to catch without proper oversight.

Staying prepared for an audit

With audits and compliance pressure coming from several directions, the question is no longer if a health plan will be audited, but when. While preparing for an audit can be overwhelming, it also presents an opportunity for plans to clean up their day-to-day operations and strengthen their compliance programs. Signing up for alerts on OIG’s Work Plan and its most-recent audit findings is a good first step, but information gathering alone is not enough. As the federal government continues to employ increasingly sophisticated analytics tools to detect fraud, waste, and abuse, health plans should be leveraging similar technology to do the same.

To this end, Episource has created a Retrospective Compliance Cleanup solution that examines a plan’s claims, charts, and supplemental data to surface high-risk HCCs that fall into the same fact patterns identified by OIG. The solution can also anticipate scenarios not yet scrutinized by OIG but which may still pose a risk e.g., audio-only telehealth encounters. From there, it provides a breakdown of diagnoses across a dozen risk categories, highlighting areas where additional documentation is needed and diagnosis codes don’t add up. Finally, we work with clients to develop and implement an action plan for resolving high-risk codes, which can include NLP-enhanced audit, additional retrieval, and deletes for non-compliant codes, to name a few.

Now more than ever, health plans must be vigilant in their compliance efforts throughout every step of the risk adjustment process. Partnering with the right technology vendor can help provide a safety net for years to come. 

About the author

As chief operating officer of Episource, Erik Simonsen is responsible for the delivery of onshore and offshore coding services, record retrieval, IT infrastructure, and compliance. His knowledge in engineering, finance, and operations enables him to continuously improve performance and operational transparency for clients.

He has over 10 years of experience managing outsourced centers, and substantive backgrounds in investment banking and technology. Erik has a BS in Biomedical Engineering from Johns Hopkins University and an MBA from NYU Stern.