CMS Document Sheds Light On The New Medicaid World

On July 20, 2007, the Centers for Medicare and Medicaid Services (CMS) Office of Acquisition & Grants Management issued a document that provides vital information to health care providers about what to expect during the coming years of intensified Medicaid review and enforcement. That document, a request for proposal (RFP) for would-be Medicaid Integrity Contractors (MIC(s)), sets forth the tasks each MIC will be expected to perform as the MIC identifies and reports suspected incidents of waste, fraud and abuse in the Medicaid program. In doing so, the RFP provides a valuable look ahead into the coming world of escalated Medicaid enforcement.

Medicaid is a Federal/State entitlement program that pays for medical assistance for certain individuals and families with low incomes and resources. Medicaid is a cooperative venture jointly funded by the Federal and State governments, and is the largest source of funding for medical and health-related services for America’s lowincome population.

Section 6034 of the Deficit Reduction Act (DRA) of 2005 established the Medicaid Integrity Program (MIP). This RFP was issued by CMS as part of its responsibility to implement the MIP. Under the contract contemplated by the RFP, MIP functions are to be performed by the MIC. Specifically, MICs will be required to:

• Prevent or detect Medicaid fraud, waste, and abuse through the review of the actions of individuals or entities furnishing items or services under the Medicaid program;

• Decrease the submission, processing and payment of inappropriate Medicaid claims;

• Recommend appropriate administrative action as necessary in accordance with Medicaid laws and regulations, etc., to ensure that appropriate and accurate payments for Medicaid services are made consistently with Medicaid coverage policy; and,

• Recommend leads to the audit Medicaid Integrity Contractors for those individuals or entities identified through the review of actions to determine if any Medicaid claims or services were paid inappropriately.

The Medicaid Integrity Program has established 5 field offices, which will serve as the bases for the territory covered by the Medicaid Integrity Contractors (MIC) for the purpose of audits and identification of overpayments. Those field offices, and their associated territories, are as follows:

The DRA defines three main objectives of the Medicaid Integrity Program:

1. Review the actions of individuals or entities furnishing items or services for fraud, waste or abuse;
2. Audit claims for payment for items or services furnished, or administrative services rendered; and
3. Identify overpayments to individuals or entities receiving Federal funds under this title.

This RFP addresses only the first objective. Objectives (ii) and (iii) are supported by this contract, but will be performed pursuant to a separate, as yet un-issued RFP. The minimum award under the RFP is $50,000.00, while the maximum to any contractor is $100,000,000.00, with a one-time possible increase of $25,000,000.00.

As noted, this RFP addresses only review of information to identify possible improper activity; however, the RFP requires the MIC to support the other two objectives by coordinating with other agencies who perform the tasks required for their completion. Specifically listed are:

• Single State Agencies, who administer the Medicaid programs for their states - The MIC must provide information and reports to discourage unnecessary duplication of effort.

• The Office of the Inspector General (OIG) - MICs are to provide the OIG with access to files, records, and data.

• Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) – MIC is to provide access to files, records, and data.

• Medicaid Fraud Control Units - MIC is to provide access to files, records, and data.

• Professional Societies and Quality Improvement Organizations – MICs are to use these organizations to raise provider awareness and exchange information regarding policies, statutes, rules, or process.

• Managed Care Organizations and Private Health Insurers – MICs are to share information as permitted by law, and conduct an ongoing dialogue to coordinate ant-fraud, waste and abuse initiatives.

The true value in reviewing the RFP lies in the clues it provides to the coming activities of MICs in each state. By reviewing the tasks required of each MIC, providers may reasonably identify the provider activities likely to come under MIC scrutiny, and may take appropriate proactive steps to ensure that their activities do not attract the attention of their state’s MIC.

The RFP states that it is likely MICs that will be required to review providers furnishing Medicaid items or services to determine whether fraud, waste or abuse has occurred or is likely to occur. Toward that end, MICs must gather and analyze data and perform risk assessment, including assessment of Medicaid claims data. To facilitate this review in the near term, the RFP provides for MIC use of existing state database systems where they exist. If a state does not maintain a functional database for tracking Medicaid claims data, the contractor must use CMS databases for those states. More long range, MICs will be required to use a CMS data mining tool to perform these assessments.

To accomplish the reviews described above, MICs will be required to perform the following tasks, as well as others to be described in the future:

• Data mining, data analysis: The contractors shall perform work using a common technical platform that conforms to open system standards using non-proprietary tools for data mining and analysis. The platform and tools must conform to all technical standards and specifications of the CMS-OIS enterprise system. In the course of the work, all intellectual knowledge, techniques and products, learned or developed will be the sole property of and for the use of CMS or its designees.

• The contractor shall use data-mining and analysis techniques to develop models that combines healthcare quality indicators, billing practices and Medicaid specific business rules to predict aberrant provider patterns to identify and rank by risk providers to be audited.

• The contractor will develop reporting tools that show ranked providers according to risk of fraud/overpayment problems with sufficient detail for auditors to begin their audits.

• This risk assessment report that can be run upon demand for any provider group will provide a risk assessment of all providers, within their respective group within the Medicaid System. The risk based assessment tool will provide, on demand, a report card on the status of the internal controls of the Medicaid program. At a minimum, the risk assessment tool shall identify high risk/problem areas of providers and details of why they place the program at risk.

• The contractor shall conduct simulations using models, to include peer groupings, and the business rules in real world conditions and provide enhancements as new data and technology becomes available.

• The contractor shall utilize the protocols developed by CMS or its contractors which contain sample steps, processes, methods, and templates for data mining / analysis. The contractor shall append to the protocol steps, processes, methods, and templates as needed by CMS.

• As needed, the contractor shall update the data-mining techniques, the evaluative risk assessment techniques, and/or the models for data analysis to include, but not limited to, the development of algorithms and scripts.

• The contractor shall recommend new business rules and/or models for data mining / analysis based on results of existing rules and/or models, coordination with other Medicaid partners and stakeholders, or through any other means or channels as defined by CMS.

• The contractor shall define, develop, test, and submit for approval any new business rules and/or models proposed to CMS.

• The contractor shall utilize and update, as necessary, a central repository for new and existing business rules and/or models.

• The contractor shall execute the data mining / analysis of data using existing and new business rules and/or models as needed by CMS.

• The contractor shall provide training materials and a training plan for CMS and its agents or other stakeholders of the data mining and risk assessment tools and update the materials as necessary.

What does this RFP tell us? First, that the DRA’s provision for a Medicaid Integrity Program establishes a program that will probably look very much like the Medicare Integrity Program. Accordingly, any provider activities geared toward compliance with the Medicare Integrity Program should likely be extended to include Medicaid claims, if those claims are not already part of the process. Second, that the MICs sole job under this RFP will be to identify, and report for audit by a Medicaid audit contractor, any suspected incidents of Medicaid waste, fraud, and abuse. We can anticipate that the MICs will take this responsibility seriously, and will intensively review Medicaid claims in their effort to report suspected improper provider activity. Third, the required coordination by the MIC with agencies such as the OIG, DOJ and FBI tells us that enforcement under the Medicaid Integrity Program will likely be as vigorous and as onerous as the enforcement activities already undertaken in the Medicare program. Finally, the provider community should continue to monitor CMS’s issuance of RFPs for detail regarding substantive areas of interest in Medicaid enforcement and further take this opportunity to ensure that Medicaid compliance assumes an important place in their overall compliance activities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.