Healthcare investigations and enforcement trends

We turn our focus to two very active enforcement topics—the US Department of Justice's (DOJ) evolving compliance regime and increased focus on the Medicare Advantage space.

More compliance guidance from the DOJ: Control of communications data and executive compensation

In early March, two of the DOJ's highest-ranking officials, Deputy AG Lisa Monaco and Assistant AG Kenneth Polite Jr., made public remarks explaining two new fundamentals for the agency's view of effective compliance—control of communications data and compensation as incentivization.

Late last year we highlighted the Garland DOJ's revised statements on compliance, and we provided guidance for healthcare providers on structuring compliance programs in the wake of the DOJ's revised policies. Here are the compliance takeaways from the most recent DOJ statements:

Control of communications data

Law enforcement views missing data skeptically and will now hold employers responsible for perceived mismanagement of employee communications data. The DOJ will scrutinize an employer's policies and procedures to determine whether data was properly and consistently managed.

• A company's policies and procedures with respect to communications "should be tailored to the corporation's risk profile and specific business needs" with an eye toward the preservation and access of that data.
• Affected policies include Bring Your Own Device (BYOD), Company-owned Assets, Acceptable Use, Third-Party Records and Data Preservation.
• Consistency in the application and enforcement of these policies is critical.
  • For example, if a company deploys an app-based messaging system and mandates preservation of that data for at least six months, but allows its sales team to circumvent that policy to delete messages before such time, that type of inconsistency will raise questions about the company's commitment to preserving that data for compliance purposes.
• Missing data will be scrutinized. Blaming outdated data systems or third-party preservation will not be received well.

Compensation as incentivization

The DOJ also now wishes to see companies leverage their compensation system and employee evaluations to disincentivize misconduct and reward compliance-promoting behavior, such as:

• A prohibition on bonuses for employees who do not satisfy compliance performance.
• Disciplinary measures for employees who violate applicable law and those who supervised the employees or their business area, if the supervisors knew of, or were willfully blind to, the misconduct.
• Incentives for employees who demonstrate full commitment to compliance processes.

Implementation of policies and procedures embracing these concepts should be the "ounce of prevention" that prevents many pounds of cure.

Managed care: Enforcement scrutiny of risk adjustment practices

With nearly half of Medicare beneficiaries now enrolled in Medicare Advantage Organizations (MAOs), it should not come as a surprise that additional scrutiny is being placed on these organizations, and in particular the risk adjustment mechanism that determines payments to MAOs. As scrutiny rolls downhill, providers should be aware of the attention being paid to MAO payments and anticipate additional attention to their coding and reimbursement from insurers. Medicare beneficiaries enrolled in Medicare Advantage plans are given a risk score based on their health status using hierarchal condition categories, which are then utilized to adjust capitation amounts to MAOs. Higher beneficiary risk scores in turn lead to higher capitation payments to MAOs. The US Department of Health and Human Services Office of Inspector General (OIG) has stated that this "may create financial incentives for MA companies to make beneficiaries appear as sick as possible."

The government has been increasing scrutiny of this program in recent years as Medicare costs continue to grow. According to the March 2023 MedPAC Report to Congress, Medicare spends an estimated 6 percent more for MA enrollees than it would have had those beneficiaries remained in the fee-for-service (FFS) program, resulting in a projected US$27 billion in "excess payments in 2023 alone." A recent analysis found that Medicare Advantage plans have gross margins that are double those of other insurance markets. The OIG has engaged in a number of targeted reviews of MAOs and issued reports relating to the risk adjustment program (see "The Impact of Health Risk Assessments on Risk-Adjusted Payments in Medicare Advantage" and "Some Medicare Advantage Companies Leveraged Chart Reviews and Health Risk Assessments To Disproportionately Drive Payments"). And on February 1, 2023, CMS finalized a long-anticipated rulemaking that updates the risk adjustment data validation (RADV) audit methodology to provide greater scrutiny of unsupported risk adjustment diagnoses codes. CMS will now extrapolate RADV audit findings of MAOs beginning with payment year 2028. While MAOs are expected to challenge this final rule, it is another example of the closer eye being paid to the risk adjustment program.

In addition, recent years have seen whistleblower lawsuits under the False Claims Act against some of the largest MAOs based on allegations of malfeasance in their risk adjustment practices. More specifically, the scrutiny has focused on Medicare Advantage plans submission of inaccurate information in order to capture larger reimbursement. The DOJ's recent announcement that over US$2 billion in recoveries were made under the FCA during FY 2022 referenced several qui tam lawsuits where the department has intervened.

• The allegations contained in these qui tam lawsuits include mechanisms involving providers such as inaccurate diagnosis codes, the use of health risk assessments, chart reviews, and in-home assessments.
• While the OIG has acknowledged that chart reviews and health risk assessments "are allowable sources of diagnoses for risk adjustment," activities that lead to one-sided revisions to risk scores that don't also delete codes may draw scrutiny. The government and whistleblowers are certainly focused on the issue.
• Additionally, because diagnoses must be supported by up-to-date and accurate medical records, provider participation in risk adjustment programs occurring after the date of a patient visit or retrospectively could lead to subsequent and unwanted scrutiny. Scrutiny of these practices have been the basis of qui tam lawsuits and settlements with the DOJ.

Success begets success, and as the eight-figure settlements and verdicts favorable to the government and whistleblowers continue to stack up, we expect whistleblower lawsuits relating to the risk adjustment programs to continue to increase. In matters of risk adjustment, and compliance generally, the best offense remains a good defense. In light of the increased scrutiny of MAOs, healthcare providers should be ensuring compliance effectiveness in relation to their participation in risk adjustment activities as well as compensation received from MAOs.

Conclusion

Norton Rose Fulbright's Healthcare Investigations group helps providers engage with government investigators (and whistleblowers) effectively and efficiently. Sometimes, an issue can be concluded with an early, proactive engagement to address misconceptions. On the other end of the spectrum, where litigation and potentially trial is necessary, no one presents a better team of former government attorneys and trial lawyers, including a former federal healthcare fraud prosecutor and a former attorney for the US Department of Health and Human Services. Please let us know if we can help.