Mitigating fraud, waste, and abuse (FWA) is taking on a new urgency for healthcare compliance professionals. Enforcement agencies are prioritizing efforts to deter FWA as more individuals enroll in government healthcare programs like Medicare and Medicaid, and telehealth services continue to evolve post-pandemic.
Compliance professionals can help their organizations reduce FWA with a “prevent, detect, report” strategy, guided by recommendations from the Office of the Inspector General (OIG) and the Centers for Medicare and Medicaid Services (CMS). This three-pronged strategy focuses on educating patients and staff about how to avoid misconduct. It also emphasizes training individuals on how to recognize and report FWA violations when they see them. Integrating this strategy into your compliance culture can help your organization avoid penalties and deliver compliant patient care.
Enforcement Priorities
The Inspector General of the U.S. Department of Health & Human Services (HHS) recently shared focus areas for the OIG, which is working to identify facility compliance weaknesses including financial integrity and FWA. According to a recent Semiannual Report to Congress, the OIG expects audit recoveries of more than $1 billion and more than $2.7 billion in investigative recoveries from more than 1,400 criminal and civil actions. In addition, the OIG excluded more than 2,300 individuals and entities from federal programs. Given the severity of penalties associated with FWA, compliance professionals’ knowledge and skills will be crucial to ensuring that their organizations avoid penalties and provide compliant patient care.
In addition, CMS education and outreach focuses on preventing, detecting, and reporting Medicare fraud and abuse. This aligns nicely with the OIG’s efforts to identify facility financial integrity weakness because the OIG accepts FWA tips and complaints from many sources. Compliance professionals as well as healthcare workers and employees, providers and patients, and insurance companies can file potential complaints.
Compliance professionals can help combat FWA by educating patients and training staff on how to identify and report potential violations. Here’s where the “prevent, detect, report” concept comes into play.
Step 1: Prevent
To educate patients about FWA, compliance professionals can create materials for waiting rooms that give simple examples of what FWA looks like. For example, they can describe how to read a billing statement and identify services or supplies that were not provided. They also could record short videos for the organization’s website with examples of FWA and where to confidentially report such activities.
For staff, compliance officers should support annual online FWA compliance training. In addition, they can create educational flyers that address situations staff may encounter, such as what to do if a provider is ordering medically unnecessary services or tests or knowingly billing for services at a level of complexity higher than the services actually delivered.
Look to OIG’s seven elements as you implement the “prevent” part of your strategy. Prevention is aligned with Element 1 – implementing written policies, procedures and standards of conduct – as you’re developing policies and procedures to protect patients’ personal health information. And Element 3 – conducting effective training and education – is in play as training helps staff feel confident that they know the proper billing procedures and codes.
Step 2: Detect
According to CMS, the distinctions between fraud, waste, and abuse depend on the facts, circumstances, intent, and knowledge of the activity. Compliance professionals should highlight examples in their training materials to help organization staff better identify:
- Abuse – Improper billing such as upcoding, when an inaccurate or a different code is used to increase the reimbursement amount to the provider or facility.
- Fraud – Billing for supplies or services that were not given or provided to the patient.
- Waste – Ordering services that are excessive, such as additional laboratory tests or diagnostic images.
There also should be education on other important, but less recognizable, types of Medicare or Medicaid fraud. These include:
- Insurance card sharing – Allowing a family member to impersonate the insurance card holder to receive care.
- Drug diversion – Obtaining services and prescriptions for back pain, for example, and giving pain medication to someone else.
- Program eligibility – Misstating information or lying during enrollment to obtain insurance.
You can find real-life cases of Medicare fraud and abuse, and the consequences for offenders, on the OIG’s Medicare Fraud Strike Force website.
Again, you can turn to the OIG’s seven elements to guide these efforts. Detection touches on Element 4, developing effective lines of communication, as staff and patients alike must feel comfortable reporting concerns to the compliance department or hotline. Element 5 – conducting internal monitoring and auditing – is the foundation of detection and should be aligned with the department’s compliance workplan. Finally, Element 6, enforcing standards through well-publicized disciplinary guidelines, includes sharing patients’ rights to promote patient privacy. Moreover, the process for deviations in the standards is clearly defined and made known to staff and patients alike.
Step 3: Report
Once any of the above activities are discovered, compliance officers should educate patients and staff on how to report FWA. This is critical to enabling the organization to avoid misconduct and maintain fiscal integrity.
First, compliance officers should widely post information for patients and staff on where and how to report potential FWA. This could include how to submit a hotline report on the HHS-OIG website. Moreover, compliance professionals should report activities such as upcoding or unbundling in a timely manner so overpayments can be promptly returned. This helps maintain the financial integrity of the organization and prevents staff from engaging in abusive practices that could result in violations of civil or criminal laws.
Finally, refer to the OIG’s seven elements for the “report” aspect of your strategy. Reporting involves Element 2 – designating a compliance officer and compliance committee – as deviations in policy or breaches of information can be reported appropriately to internal and external stakeholders. And Element 7, responding promptly to detected offenses and undertaking corrective action, aligns directly with the reporting responsibility. It may also involve notification to patients if their protected health information has been compromised.
Delivering compliant care means educating staff and patients about how to prevent, detect, and report FWA. Compliance officers should keep patient care front and center in their training and education efforts, while making the most of the OIG’s guidance and CMS resources. This type of focused strategy – prevent, detect, and report – enables compliance teams to support patient-centered care that focuses on doing the right thing.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal, and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix and Vice President of the company’s self-insurance captive.
Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management
Our in-house team works tirelessly to monitor US regulators, carefully read the regulations in their entirety, and translate the information into simple regulatory intelligence you can use. We deliver model procedures and expert tools that can be used to fulfill your business requirements. Everything is validated by a third-party law firm.
Get the latest from healthcare compliance experts
Never miss an article by Denise Atwood. Sign up for YouCompli’s weekly email if you haven’t already.