Ensuring medical necessity for services or supplies isn’t just about getting paid. It’s a safeguard against unnecessary or duplicative services that increase the risk of patient harm or medical errors. That’s reason enough for this to be an important topic for compliance leaders.
This is the first article in a series on medical necessity — an area that many compliance programs struggle with. In this piece, we explain the medical necessity compliance risk in general, while subsequent articles highlight specific examples of enforcement actions experienced by medical providers such as hospitals and health systems.
Impact of Denial Rates and Medical Necessity on Payer Costs
Data suggests that medical necessity is becoming a primary way for payers to manage costs, making it even more worthy of leadership attention. The “State of Claims 2025” Report found that 54% of providers agree claim denials are increasing faster than they can appeal.
A data accuracy gap also contributes to the problem. Roughly 41% of healthcare organizations report at least 1 in 10 claims is denied, often due to “bad data” at intake or lack of clinical justification.
All of this creates further justification for the need to better understand medical necessity from a compliance standpoint.
Role of Clinician Review in Determining Medical Necessity
Medical necessity isn’t an easy compliance risk to tackle, especially when OIG recommendations bump up against front-line reality. Sometimes, clinicians view medical necessity as their bailiwick.
Of course, their expertise is the basis for medical decision making. Generally speaking, clinicians are making their decisions based on what they believe is medically necessary. They are the clinically trained professionals and should know when something is medically necessary or not, right?
However, from a compliance standpoint, medical necessity often really means “covered” by a third-party payor. If something is considered “not medically necessary,” it may actually mean it does not meet payor coverage requirements.
OIG on Clinical Review of Medical Necessity in Claims Audits
In their General Compliance Program Guidance document (GCPG), the Department of Health and Human Services (HHS) Office of Inspector General (OIG) emphasized the importance of ensuring claims submitted to government payors are medically necessary.
Specifically, they note:
“Medicare requires, as a condition of payment, that items and services be medically reasonable and necessary. Therefore, entities should ensure that any claims reviews and audits include a review of the medical necessity of the item or service by an appropriately credentialed clinician. Entities that do not include clinical review of medical necessity in their claims audits may fail to identify important compliance concerns relating to medical necessity.”
Considerations for Compliance Risks in NCD and LCD
Other entities have also emphasized medical necessity as coverage criteria. For example, Medicare publishes National Coverage Determinations (NCDs) and Local Coverage Determinations (LCDs). These are, in essence, coverage criteria for a specific service.
Though generally accepted medical guidelines or medical practice may suggest a certain treatment plan is appropriate, the LCD might not cover the service for a particular condition or diagnosis or might not allow the service at a particular cadence or frequency.
Example: Meeting LCDs for Pain Injection Procedures
LCDs addressing pain injection procedures are a good example of this. A Medicare LCD might state that before Medicare considers a spinal injection “medically necessary” (think “covered”), the patient needs to have failed four months of conservative therapy (e.g., lifestyle changes, physical therapy, etc.)
Or the LCD might state a total of four injections in a twelve-month period is the maximum number of injections they will allow. Additionally, an LCD might require that a patient has a certain condition (represented by an ICD-10 or diagnosis code i.e., diagnosis code) before considering a service covered.
There is potential compliance risk in all these areas if coverage criteria are not met and documented in the medical record or if codes are reported to ensure coverage, but the medical record does not support the diagnosis code reported.
Overlap with Patient Safety
Medical necessity can also overlap with patient safety issues. If a physician exaggerates the severity of a condition to make it look like the services should be covered, a patient could undergo a procedure that was not appropriate or medically necessary to perform in the first place.
This raises patient safety issues for subjecting a patient to certain risks when the service does not appropriately meet clinical standards or indications for performance.
How Medical Necessity Compliance Is Enforced
The government utilizes various tools for enforcing medical necessity compliance. These include the False Claims Act (FCA), typically used by the U.S. Department of Justice (DOJ), and the Civil Monetary Penalties Law (CMPL) utilized by the OIG.
The DOJ can investigate allegations of medically unnecessary services when credible information is brought to its attention by whistleblowers (qui tam relators). A qui tam relator is a private individual or entity who files a lawsuit on behalf of the government under the FCA against companies or individuals committing fraud. Or the DOJ can investigate on their own, typically because of data analytics they proactively perform.
How OIG Pursues Financial Penalties and Program Exclusion
The OIG is authorized to pursue monetary penalties and exclusion through a variety of civil authorities, most notably the CMPL. Under the CMPL, OIG can seek assessments in lieu of damages, Civil Monetary Penalties (CMP), and exclusion from participation in federal health care programs.
According to the OIG, one example of conduct that could lead to CMP liability is presenting a claim for a pattern of medical or other items or services that a person knows or should know are not medically necessary.
Medical Necessity Risk Tied to Clinical Services
There isn’t a one-size-fits-all risk profile when it comes to medical necessity. Each organization’s risk is going to be tied to the clinical services it offers or orders. Organizations and their compliance programs should undertake risk assessments tailored to their particular situation.
Via the GCPG document, the OIG recommends that when conducting risk assessments, organizations should “ensure that medical necessity, patient safety, and other quality compliance issues are included in the risk universe.”
Download Tip Sheet
Video resource hub
Coming Articles: Details of Recent Enforcement Actions
In subsequent articles in this series, we’ll take a closer look at the details of recent enforcement actions involving allegations that submitted claims lacked medical necessity. This information will help compliance leaders stay on top of situations and reduce risks in their own organizations.
About the Author
CJ Wolf, MD, M.Ed. is a healthcare compliance professional with over 27 years of experience in healthcare economics, revenue cycle, coding, billing, and healthcare compliance. He has worked for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System, an international medical device company and a healthcare compliance software start up. Currently, Dr. Wolf teaches and provides private healthcare compliance and coding consulting services as well as training.
Download our Latest Whitepaper
Sign-up for our Weekly Newsletter
Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management
