RISE summarizes recent regulatory-related headlines.
CMS releases guidance for MA plans to report supplemental benefit data via EDS
The Centers for Medicare & Medicaid Services (CMS) this week released new guidance for Medicare Advantage (MA) plans to report supplemental benefits data on encounter data records immediately.
The memo announced CMS has made system changes and updated its submission instructions so MA organizations can more easily submit supplemental benefits into the MA Encounter Data System (EDS). The memo provides instructions on how to submit the data when an MA organization lacks certain required data elements for non-medical supplemental services.
MA organizations must submit data for supplemental benefits beginning with contract year (CY) 2024 dates of service. CMS said that while it understands MA organizations will need time to implement these new procedures for submitting data for supplemental benefits, it encourages them to submit the data as soon as possible.
In a LinkedIn post, Melissa Newton Smith, founder, Newton Smith Group, said the changes outlined in the memo have an immense, urgent impact for Medicare Advantage. “This fundamentally changes reporting processes for all plans and will require significant adjustments to billing/reporting for most supplemental benefit vendors/suppliers,” she wrote. “Non-reporting is not an option. And many supplemental benefit vendors do not follow CMS guidance as closely as their customers may wish.”
Newton Smith advises MA organizations to notify each supplemental benefit vendor of these new requirements; ask each vendor if they are able to provide the data as required; recognize that many vendors may not review the memo quickly and may need your assistance; and prepare to work collaboratively with vendors as they may service multiple MA plans.
OIG audit: MediGold received $3.7M in MA overpayments
The Office of Inspector General released the findings of its audit report on MediGold, a Medicare Advantage organization based in Columbus, Ohio with 46,555 enrollees. During the audit for the 2017 and 2018 period, CMS paid MediGold approximately $1.1 billion to provide coverage to its enrollees. The audit focused on seven groups of high-risk diagnosis codes to determine whether the organization complied with CMS’ risk adjustment program.
The audit focused on a random sample of 210 unique enrollee-years with the high-risk diagnosis codes for which MediGold received higher payments for 2017 through 2018. Auditors focused on payments associated with the high-risk diagnosis codes, which totaled $567,570. According to the report, the medical records of 189 sampled enrollee-years didn’t support the diagnosis codes and resulted in $469,907 in net overpayments.
Based on the sample results, OIG estimated that MediGold received at least $3.7 million of net overpayments in 2017 and 2018. However, because of federal regulations that limit the use of extrapolation in Risk Adjustment Data Validation audits for recovery purposes to payment years 2018 and forward, OIG is reporting the estimated overpayment amount but only recommending a refund of $2.2 million in net overpayments ($224,001 for the sampled enrollee-years from 2017 and an estimated $2 million for 2018). In addition, the watchdog asks that MediGold identify instances of noncompliance that occurred before and after the audit period and refund any overpayments to Medicare and review its compliance procedures and make necessary improvements.
MediGold disagreed with the findings for 30 of the 194 enrollee-years and audit methodology. After reviewing the health plan’s comments and additional information, OIG reduced the number of enrollee-years in error and revised the amount owed.
Association urges CMS to prevent MA instability in 2025 final rate notice
The Better Medicare Alliance (BMA), a leading research and advocacy organization supporting Medicare Advantage, has urged CMS to ensure its CY2025 Final Rate Notice accounts for current health care utilization trends and the ongoing implementation of significant policy changes to the program.
BMA asks that the final rate notice include more recent and complete data when determining the growth rate, and that CMS reconsider its calculation of the normalization factor. If CMS takes these actions, BMA believes the changes will promote stability in the Medicare Advantage program.
“There has been a notable increase in seniors using health care services from their doctors and providers, which makes sense given an increasingly aging population and the pent-up demand after the COVID-19 pandemic. At the same time, the Medicare Advantage program continues to adjust to significant policy changes, including the implementation of major changes to Part D. To ensure program stability for the 32 million beneficiaries who rely upon Medicare Advantage, adjustments should be made to appropriately account for these trends,” said Mary Beth Donahue, president and CEO of BMA, in a statement.
BMA said its comments are underscored by shifting dynamics in the health care landscape that impact patients and providers. These trends include cost increases from higher health care utilization rates, resulting from delayed care during the COVID-19 pandemic and an aging population. This year, 2024, will see the highest number of people turning 65 in the United States in history, a trend that is only expected to accelerate in coming years.
Additionally, the Medicare Advantage program continues to adjust to significant policy changes implemented in recent years, including modernizing the prior authorization process, new marketing regulations, and the phase-in of a new risk model enacted in 2023, along with additional changes to the way the program is administered and funded.
White paper offers recommendations to enhance LTC providers’ role in value-based care
The American Health Care Association and National Center for Assisted Living (AHCA/NCAL) and the National Association of ACOs (NAACOS) have released a set of recommendations that they shared with CMS that, if implemented, would increase the participation of long term and post-acute care (LTPAC) providers in accountable care organizations (ACOs).
Currently, fewer than 2,000 skilled nursing facilities (SNFs) participate in ACOs, representing less than 10 percent of SNFs nationwide, and nearly 70 percent of ACOs have no SNF participation. LTPAC providers face myriad challenges participating in CMS value-based care models, including ACOs, despite targeted partnerships’ ability to produce significant cost savings and care improvements. Current program policies in ACO models do not align well with LTPAC providers, including those that determine which patients ACOs are accountable for, setting financial benchmarks, and quality measures. But as one of the highest-cost and most complex patient populations, LTPAC presents a significant opportunity for improved resident outcomes and reduced costs to the Medicare program, the groups said in an announcement.
AHCA/NCAL and NAACOS convened a roundtable of stakeholders in 2023 to address the challenges and, more specifically, develop recommendations on how LTPAC providers can more effectively participate in ACOs.
The paper focuses on two priority areas:
- How existing risk-based arrangements, such as the ACO Realizing Equity, Access, and Community Health (REACH) Model and Medicare Shared Savings Program, can be improved to increase SNF participation
- How models can better incorporate episodic-based payment within broader ACO arrangements
Ultimately, the roundtable recommendations focused on five key areas:
- Alignment/participation options for beneficiaries residing in LTC facilities
- Financial methodology
- Quality measurement
- Data
- Future model concepts
“If CMS is to achieve its goal of having all Medicare beneficiaries in an accountable care relationship by 2030, then it must take steps to better include provider types less represented in ACOs, including SNFs,” NAACOS Senior Vice President of Government Affairs Aisha Pittman said in the announcement. “We hope our recommendations spark attention to this area, because patients served by LTPAC providers deserve the higher quality, lower cost care we know value-based care delivers.”
HHS OCR settles ransomware cyber-attack of behavioral health practice for $40K
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), this week announced a settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with Green Ridge Behavioral Health, LLC, a Maryland-based practice that provides psychiatric evaluations, medication management, and psychotherapy.
The settlement resolves an investigation following a ransomware attack that affected the protected health information of more than 14,000 individuals. Ransomware is a type of malware (malicious software) that denies access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. This marks the second settlement that OCR has reached with a HIPAA regulated entity for potential violations identified during an investigation following a ransomware attack.
“Ransomware is growing to be one of the most common cyber-attacks and leaves patients extremely vulnerable,” said OCR Director Melanie Fontes Rainer in the announcement. “These attacks cause distress for patients who will not have access to their medical records, therefore they may not be able to make the most accurate decisions concerning their health and well-being. Health care providers need to understand the seriousness of these attacks and must have practices in place to ensure patients’ protected health information is not subjected to cyber-attacks such as ransomware.”
In February 2019, Green Ridge Behavioral Health filed a breach report with OCR stating that its network server had been infected with ransomware resulting in the encryption of company files and the electronic health records of all patients. OCR’s investigation found evidence of potential violations of the HIPAA Privacy and Security Rules leading up to and at the time of the breach. OCR also found that Green Ridge Behavioral Health failed to:
- Have in place an accurate and through analysis to determine the potential risks and vulnerabilities to electronic protected health information
- Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level
- Have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack
Under the terms of the settlement, Green Ridge Behavioral Health agreed to pay $40,000 and implement a corrective action plan that OCR will monitor for three years.