OIG audit: CarePlus received $117M in MA risk adjustment overpayments in 2015
A recent Office of Inspector General (OIG) audit estimated that CarePlus Health Plans Inc., a subsidiary of Humana, Inc., received at least $117.3 million in net overpayments for 2015 for submitting high risk diagnosis codes not supported in medical records. The audit was based on a sample of 200 enrollees, which found 446 of the 1,656 HCCs submitted for payment were not validated and resulted in overpayments. However, OIG recommended that CarePlus refund the Centers for Medicare & Medicaid Services (CMS) $641,467 because CMS has updated its regulations to only allow the recoupment of extrapolated overpayments beginning with payment year 2018. CarePlus disagreed with the findings, questioning the audit and statistical sampling methodologies.
OCR settles ransomware cyberattack investigation for $100K
The Department of Health and Human Services’ (HHS) Office for Civil Rights announced it had settled a ransomware cyberattack investigation with Doctors’ Management Services, a Massachusetts medical management company that provides medical billing and payer credentialing services. The $100,000 settlement, the first ransomware agreement OCR has reached, resolves a data breach that affected the electronic protected health information of 206,695 individuals.
OCR said that on April 22, 2019, Doctors’ Management Services filed a breach report with HHS stating that the 200,000-plus individuals were affected when their network server was infected with malicious software that denied access to a user’s data. The initial unauthorized access to the network occurred on April 1, 2017; however, Doctors’ Management Services did not detect the intrusion until December 24, 2018, after ransomware was used to encrypt their files. In April 2019, OCR began its investigation.
OCR said it found evidence of potential failures by Doctors’ Management Services to have in place an analysis to determine the potential risks and vulnerabilities to electronic protected health information across the organization. Other findings included insufficient monitoring of its health information systems’ activity to protect against a cyber-attack and a lack of policies and procedures in place to implement the requirements of the HIPAA Security Rule to protect the confidentiality, integrity, and availability of electronic protected health information.
As part of the settlement, OCR will monitor Doctors’ Management Services for three years to ensure compliance with HIPAA. In addition, Doctors’ Management Services has agreed to pay $100,000 to OCR and to implement a corrective action plan, which identifies steps that Doctors’ Management Services will take to resolve potential violations of the HIPAA Privacy and Security Rules and protect the security of electronic protected health information.
“Our settlement highlights how ransomware attacks are increasingly common and targeting the health care system. This leaves hospitals and their patients vulnerable to data and security breaches.” said OCR Director Melanie Fontes Rainer in the settlement announcement. “In this ever-evolving space, it is critical that our health care system take steps to identify and address cybersecurity vulnerabilities along with proactively and regularly review risks, records, and update policies. These practices should happen regularly across an enterprise to prevent future attacks.”
Medical marketer convicted in $55 million fraud scheme
A federal jury in the Northern District of Texas convicted a medical marketer today for his role in a $55 million fraud conspiracy involving TRICARE, a federal program that provides health insurance benefits to active duty and retired service members and their families, and several other federal health care programs.
The Department of Justice said Quintan Cockerell, 42, of Palos Verdes Estates, Calif., worked with others to create and market expensive compounded medications that were instead used to maximize TRICARE and other federal health care program reimbursements regardless of patient need or medical efficacy. Pharmacy owners and others paid illegal kickbacks to individuals like Cockerell, who recruited area doctors to write prescriptions for these expensive compounded medications, including by creating so-called investment opportunities so that doctors who wrote prescriptions to the pharmacy could profit from the pharmacy operations. Cockerell then spent the proceeds of the scheme on expensive vacations, trips on private jets, and a yacht charter.
The jury convicted Cockerell of one count of conspiracy to defraud the United States, one count of receiving unlawful kickbacks, and one count of money laundering. A sentencing date has not yet been set. He faces a maximum penalty of five years in prison for the count of conspiracy to defraud the United States, five years in prison on the kickback count, and 10 years in prison on the money laundering count.
Biden issues executive order on artificial intelligence
President Biden this week signed a landmark Executive Order to protect Americans from the potential risks of AI systems. It creates new standards for AI safety and security, including protecting Americans from AI-enabled fraud and deception, establishing an advanced cybersecurity program to find and fix vulnerabilities in critical software, developing a National Security Memorandum, and protecting Americans’ privacy. It calls for the responsible use of AI in health care and the development of affordable and life-saving drugs. The Department of Health and Human Services will establish a safety program to receive reports of—and act to remedy—harms or unsafe health care practices involving AI.
Senators introduce bipartisan bill to ensure MA plans maintain accurate provider directories
Senators Thom Tillis (R-N.C.), Ron Wyden (D-Ore/), and Michael Bennet (D-Colo.) have introduced a bipartisan bill that aims to ensure Medicare Advantage plans maintain accurate provider directories and protect seniors from unexpected health care costs.
Many seniors enrolled in Medicare Advantage rely on their health plan’s provider directory to find in-network physicians and practitioners, but inaccurate data can make it harder to find a provider or lead to unexpected costs. These inaccurate provider directories are known as “ghost networks” because some listed health care providers are not in a patient’s network, are not accepting new patients, or, in some cases, are no longer in business. Ghost networks make it more difficult for patients to find in-network health care providers, a more acute issue in the mental and behavioral health fields, resulting in unexpected costs or delayed patient care.
The REAL Health Providers Act would:
- Strengthen requirements for Medicare Advantage plans to maintain accurate and updated provider directories
- Ensure patients do not pay out-of-network costs for appointments with providers that were incorrectly listed in their plan’s provider directory as in-network
- Direct CMS to publish guidance for plans to maintain accurate provider directories
Senate Finance Democrats urge CMS to take more action against MA deceptive marketing
Meanwhile, Wyden and Senate Finance Committee Democrats have sent a letter pressing CMS to take additional steps to protect seniors from deceptive practices used by marketing middlemen in Medicare Advantage.
In their Oct. 25 letter to CMS Administrator Chiquita Brooks-LaSure, sent after their most recent hearing on misleading marketing practices, they urged the agency to limit third party marketing organizations from selling seniors’ personal information, as well as increase transparency around marketing spending in the Medicare Advantage program and ensure a level playing field for plan participants within Medicare Advantage.
“The marketing onslaught can create confusion among beneficiaries resulting in beneficiaries feeling overwhelmed and choosing not to make a decision, even if a change might be beneficial, or enrolling in a new plan only to find out that the marketing was misleading,” the Senators wrote. “We applaud the changes the Centers for Medicare & Medicaid Services (CMS) made to enforce existing rules prohibiting deceptive marketing practices in the Medicare Advantage program and provide clearer guidance to plans around marketing. We urge CMS to continue to maintain robust enforcement of these commonsense requirements.”
Republicans urge CMS to withdraw federal nurse staffing mandate
U.S. Senate Finance Committee Ranking Member Mike Crapo (R-Idaho) is leading a call to CMS and the Department of Health and Human Services to withdraw a proposed staffing mandate that he says could force many nursing homes to close and threatens resident access to direct care services.
Crapo, along with U.S. House Ways and Means Committee Chair Jason Smith (R-Mo.) and U.S. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.), wrote in a letter to Brooks-LaSure and U.S. Health and Human Services (HHS) Secretary Becerra to immediately withdraw the proposed rule and provide justification for its $40.6 billion unfunded mandate. The “one-size-fits-all” minimum nurse staffing standards proposed rules, jeopardizes access to care for the 1.2 million Americans who live in more than 15,000 certified nursing homes nationwide, they wrote.
“Since January 2020, over 400 nursing homes closed their doors and approximately 190,000 nursing home employees left the workforce,” the letter said. “Alarmingly, this trend shows little sign of abatement. Given this current landscape, the Administration’s proposal will only serve to further undermine patient access to skilled nursing care. As such, we strongly urge you to withdraw the rule and work with us on tailored solutions addressing the severe health care workforce shortages in our states.”
CMS issues final ESRD rule
CMS has released a final rule that updates payment rates and policies under the end-stage renal disease (ESRD) prospective payment system (PPS) for renal dialysis services furnished to Medicare beneficiaries on or after January 1, 2024. The rule will be published in the Federal Register on November 6.
Among the key changes, CMS will:
- Increase the ESRD PPS base rate to $271.02, increasing total payments to ESRD facilities by approximately 2.1 percent.
- Increase payment for certain new renal dialysis drugs and biological products after the Transitional Drug Add-on Payment Adjustment (TDAPA) period ends to ensure payment is not a barrier for patients to access innovative treatments.
- Add a new requirement, effective January 1, 2025, for reporting on ESRD PPS claims for “time on machine” data.
- Finalize a new transitional add-on pediatric ESRD dialysis payment adjustment for CYs 2024, 2025, and 2026, which is expected to promote equitable and accurate payments, since treatment for the pediatric ESRD population tends to be especially complex and costly.