FRAUD AND ABUSE SAFEGUARDS

Transcription

1 Department f Health and Human Services OFFICE OF INSPECTOR GENERAL FRAUD AND ABUSE SAFEGUARDS IN SEPARATE STATE CHILDREN S HEALTH INSURANCE PROGRAMS Daniel R. Levinsn Inspectr General March 2007 OEI

2 Office f Inspectr General The missin f the Office f Inspectr General (OIG), as mandated by Public Law , as amended, is t prtect the integrity f the Department f Health and Human Services (HHS) prgrams, as well as the health and welfare f beneficiaries served by thse prgrams. This statutry missin is carried ut thrugh a natinwide netwrk f audits, investigatins, and inspectins cnducted by the fllwing perating cmpnents: Office f Audit Services The Office f Audit Services (OAS) prvides all auditing services fr HHS, either by cnducting audits with its wn audit resurces r by verseeing audit wrk dne by thers. Audits examine the perfrmance f HHS prgrams and/r its grantees and cntractrs in carrying ut their respective respnsibilities and are intended t prvide independent assessments f HHS prgrams and peratins. These assessments help reduce waste, abuse, and mismanagement and prmte ecnmy and efficiency thrughut HHS. Office f Evaluatin and Inspectins The Office f Evaluatin and Inspectins (OEI) cnducts natinal evaluatins t prvide HHS, Cngress, and the public with timely, useful, and reliable infrmatin n significant issues. Specifically, these evaluatins fcus n preventing fraud, waste, r abuse and prmting ecnmy, efficiency, and effectiveness in departmental prgrams. T prmte impact, the reprts als present practical recmmendatins fr imprving prgram peratins. Office f Investigatins The Office f Investigatins (OI) cnducts criminal, civil, and administrative investigatins f allegatins f wrngding in HHS prgrams r t HHS beneficiaries and f unjust enrichment by prviders. The investigative effrts f OI lead t criminal cnvictins, administrative sanctins, r civil mnetary penalties. Office f Cunsel t the Inspectr General The Office f Cunsel t the Inspectr General (OCIG) prvides general legal services t OIG, rendering advice and pinins n HHS prgrams and peratins and prviding all legal supprt in OIG's internal peratins. OCIG impses prgram exclusins and civil mnetary penalties n health care prviders and litigates thse actins within HHS. OCIG als represents OIG in the glbal settlement f cases arising under the Civil False Claims Act, develps and mnitrs crprate integrity agreements, develps cmpliance prgram guidances, renders advisry pinins n OIG sanctins t the health care cmmunity, and issues fraud alerts and ther industry guidance.

3 Δ E X E C U T I V E S U M M A R Y OBJECTIVES 1. T assess the extent t which six selected States with separate State Children's Health Insurance Prgrams (SCHIP) have established methds and prcedures t meet Federal requirements regarding SCHIP fraud and abuse preventin, detectin, and investigatin; and 2. T assess these States versight f SCHIP cntractrs and Centers fr Medicare & Medicaid Services (CMS) versight f States regarding SCHIP fraud and abuse preventin, detectin, and investigatin in the six selected States. BACKGROUND Federal and State gvernments jintly fund SCHIPs t prvide health care assistance t lw-incme children wh d nt qualify fr Medicaid. States may structure SCHIP as an expansin f Medicaid, as a prgram separate frm Medicaid, r as sme cmbinatin f these. Thirty-nine States have all r sme part f their SCHIP separate frm Medicaid. T prtect the integrity f these separate SCHIPs, Federal regulatins require States t establish safeguards against fraud and abuse. Hwever, little is knwn abut the arrangements these States have made t establish fraud and abuse safeguards. T determine the extent t which States have met requirements t establish fraud and abuse safeguards, we examined dcumentatin and interviewed staff frm 6 States with separate SCHIPs and 17 health plans cntracted by these selected States. Using this material, we als assessed State versight f separate SCHIP cntractrs regarding fraud and abuse issues. Finally, we assessed CMS versight by interviewing staff f CMS central and reginal ffices and by reviewing dcumentatin regarding CMS s nsite cmpliance reviews f the selected SCHIPs and ther versight mechanisms. FINDINGS The six selected States met requirements fr preventin and detectin f fraud and abuse by assigning respnsibility t SCHIP cntractrs that have established such prcedures. Each f these States has assigned t SCHIP health plans r administrative cntractrs respnsibility fr establishing safeguards thrugh which fraud and abuse OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS i

4 E X C U T I V E S U M M A R Y Δ E X E C U T I V E S U M M A R Y might be prevented r detected, including safeguards assciated with beneficiary eligibility and enrllment, prvider enrllment, and detectin f fraud and abuse. In each f the six States selected, these cntractrs have established safeguards that meet the Federal requirements in these areas. One f the six States has nt met Federal requirements fr investigating suspected SCHIP fraud and abuse cases and referring cases t law enfrcement. Five f the six States have established prcedures t meet Federal investigatin and referral requirements, and ne State has nt. In this State, SCHIP staff reprted that the State has nt identified a State law enfrcement entity that will accept SCHIP-nly fraud and abuse cases. State staff wuld nt investigate such cases because they wuld nt be prsecuted even if fraud were substantiated. Althugh versight mechanisms in the six States address Federal requirements, they d nt always enable States t knw hw well health plans are perfrming safeguard activities. All six States in ur review require SCHIP health plans t establish and submit written plans fr the preventin, detectin, and investigatin f fraud and abuse; t attest t the accuracy f claims fr payment; and t prvide the State access t relevant SCHIP data. All f these States als have prcedures t cnduct audits f beneficiary eligibility prcesses and enrllment data. Hwever, the current level f these States versight f SCHIP cntractrs des nt always prvide States with the means t knw hw well health plans are perfrming n sme critical fraud and abuse matters, including prvider enrllment, detectin f fraud and abuse, investigatin and referral t law enfrcement, service delivery t beneficiaries, and executin f fraud and abuse plans. Further, it appears that dispersal f SCHIP versight respnsibilities within States and State staff perceptins abut limited expsure t fraud and abuse may inhibit State versight f SCHIP health plans regarding fraud and abuse safeguards. CMS relies primarily n States fr versight f SCHIP fraud and abuse safeguards, althugh it has cmpleted sme nsite reviews f States. The SCHIP statute allws CMS discretin regarding Federal versight f separate SCHIP fraud and abuse safeguards, neither prescribing nr prhibiting particular versight activities. In interviews, CMS fficials expressed that, rather than being prescriptive regarding versight f fraud and abuse activities, SCHIP s statute and regulatins fcus n prgrammatic versight at the Federal level. Accrding t CMS fficials, SCHIP has limited expsure t fraud and OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS ii

5 E X E C U T I V E S U M M A R Y abuse because Federal alltments are capped and managed care arrangements prvide prtectins against fraud and abuse. Despite its reliance n States fr versight, CMS has used its authrity t cnduct nsite reviews f separate SCHIP fraud and abuse safeguards. Since SCHIPs were established in 1997, CMS has cnducted at least ne nsite review that included sme aspect f fraud and abuse safeguards fr five f the six States we reviewed. Hwever, these nsite reviews typically examined nly a few fraud and abuse issues. Further, althugh CMS cited five f these States during these nsite reviews fr having insufficient fraud and abuse safeguard prcedures reviews, CMS staff reprted requiring executin f a crrective actin plan fr nly ne f the five States. CMS used less frmal fllw-up methds, such as telephne cnversatins, in the ther fur States in which prblems were nted. RECOMMENDATIONS T address the nncmpliance by ne State identified in this reprt, as well as ther ptential areas f imprvement, CMS shuld: Ensure that the nncmpliant State institutes prcedures t meet Federal requirements fr investigating cases f suspected SCHIP fraud and abuse and referring cases t law enfrcement, and Take steps t strengthen Federal and State versight f separate SCHIPs fraud and abuse safeguards. AGENCY COMMENTS In its cmments t the draft reprt, CMS stated that it des nt dispute the findings in the reprt and suggested clarifying language t emphasize that the SCHIP statute is nt prescriptive in describing Federal versight f fraud and abuse. CMS als nted its recent effrts t assist States in strengthening fraud and abuse effrts. OFFICE OF INSPECTOR GENERAL RESPONSE We made changes t the final reprt t clarify that the SCHIP statute allws CMS discretin regarding its versight f SCHIP fraud and abuse activities, neither prescribing nr prhibiting particular versight activities. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS iii

6 Δ T A B L E O F C O N T E N T S EXECUTIVE SUMMARY...i INTRODUCTION... 1 FINDINGS... 6 Six sample States met requirements fr preventing and detecting fraud and abuse by assigning respnsibilities t cntractrs... 6 One f the six States has nt met requirements fr investigatin and referralf suspected fraud and abuse cases... 8 Oversight in six States addresses requirements, but des nt always enable States t knw hw well health plans perfrm CMS relies primarily n States fr versight f separate SCHIP fraud and abuse safeguards RECOMMENDATIONS ENDNOTES APPENDIXES A: Expanded Methdlgy B: AgencyCmments ACKNOWLEDGMENTS... 32

7 Δ I N T R O D U C T I O N OBJECTIVES 1. T assess the extent t which six selected States with separate State Children's Health Insurance Prgrams (SCHIP) have established methds and prcedures t meet Federal requirements regarding SCHIP fraud and abuse preventin, detectin, and investigatin; and 2. T assess these States versight f SCHIP cntractrs and Centers fr Medicare & Medicaid Services (CMS) versight f States, regarding SCHIP fraud and abuse preventin, detectin, and investigatin in the six selected States. BACKGROUND The Balanced Budget Act f 1997 established SCHIP under Title XXI f the Scial Security Act. 1 T implement SCHIP, Cngress apprpriated nearly $40 billin ver 10 years t help States prvide health care assistance t uninsured, lw-incme children whse family incme is t high t qualify fr Medicaid. The Federal and State gvernments jintly finance the prgram and States are prvided a capped alltment f Federal funds each year. States administer their SCHIPs and CMS prvides Federal versight. Title XXI allws States t design their SCHIPs using ne f three prgram ptins: a Medicaid expansin prgram, a separate SCHIP prgram, r a cmbinatin f bth. Medicaid expansin prgrams, which relax the financial rules f existing Medicaid eligibility categries, are subject t Federal and State Medicaid requirements. In cntrast, Federal requirements that gvern separate SCHIPs allw States mre flexibility in eligibility criteria; cst sharing; and type, amunt, and scpe f services cvered. In 39 States, all r sme part f SCHIP is separate frm Medicaid. Federal Fraud and Abuse Safeguard Requirements Federal regulatins regarding fraud and abuse safeguards differ amng the Medicaid prgram and separate SCHIPs. Medicaid expansin prgrams are subject t the prgram integrity rules and requirements specified under Title XIX. 2 Safeguards fr Medicaid are mre structured. They include Medicaid Eligibility Quality Cntrl reviews f beneficiary enrllment prcesses; 3 tls fr detecting fraud and abuse in prvider billing, e.g., Medicare-Medicaid data match 4 and State Surveillance Utilizatin Review Subsystems; 5 Medicaid Fraud Cntrl OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 1

8 I N T R O D U C T I O N Units t investigate and prsecute cases f suspected fraud and abuse; 6 External Quality Reviews f Medicaid managed care entities; 7 and the recently created Medicaid Integrity Prgram. 8 By cntrast, Federal regulatins fr separate SCHIPs allw States cnsiderable flexibility in hw they safeguard their prgrams against fraud and abuse. Separate SCHIPs are nt required t have equivalent Medicaid structures. Rather, as a general Federal requirement, States must establish prcedures fr ensuring prgram integrity and detecting fraudulent r abusive activity in separate SCHIPs. 9 Further, Federal regulatins cntain a number f standards related t safeguarding SCHIPs frm fraud and abuse, but these regulatins typically d nt specify the prcedures States shuld use t meet the requirements. States are allwed, but nt required, t establish a prgram integrity unit fr mnitring and maintaining the integrity f separate SCHIPs. 10 Federal regulatins relevant t safeguarding against fraud and abuse in separate SCHIPs include prvisins regarding criteria fr beneficiary eligibility and enrllment in SCHIP, 11 rules regarding prvider participatin in SCHIP, 12 and requirements fr States and their health plan cntractrs t have structures t detect ptential fraud and abuse. 13 Federal regulatins als address investigatin f suspected SCHIP fraud and abuse cases and their referral t law enfrcement. 14 Additinally, Federal regulatins address prgram versight, including States versight f SCHIP cntractrs 15 and CMS s versight f States regarding SCHIP. 16 Oversight f Separate SCHIPs By Federal law and regulatins, States and CMS share respnsibility fr versight f SCHIP fraud and abuse preventin, detectin, and investigatin. States must ensure that SCHIP health plans have arrangements r prcedures designed t safeguard against fraud and abuse and t verify the accuracy f health plan claims fr payment. In this reprt, the term health plans refers t a variety f entities that these six States have cntracted with t prvide health care services t SCHIP beneficiaries, including fee-fr-service insurance plans and managed care plans. States must als safeguard against ptential fraud and abuse by SCHIP health plans themselves. 17 Federal regulatins als cntain a number f prvisins regarding State cntracts with health plans. 18 Federal regulatins prvide States flexibility t design prcedures fr ensuring OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 2

9 I N T R O D U C T I O N prgram integrity and detecting fraud and abuse that are based upn the needs f their unique SCHIP prgrams. 19 This flexibility allws States t use a variety f methds in establishing their prcedures, including cntractually assigning certain respnsibilities t SCHIP health plans r ther cntractrs. Federal regulatins prvide CMS with three tls fr versight f SCHIPs fraud and abuse preventin, detectin, and investigatin. First, Federal regulatins specify that CMS reviews State and lcal administratin f the SCHIP plan thrugh analysis f the State s plicies and prcedures, n-site reviews f selected aspects f agency peratin, and examinatin f samples f individual case recrds. 20 Secnd, CMS receives frm States annual SCHIP reprts which cntain prescribed prgram infrmatin that CMS can use fr mnitring. 21 Third, the Payment Errr Rate Measurement prgram, which became effective Nvember 4, 2005, and was preceded by a series f CMS pilt prjects, is designed t measure imprper SCHIP payments. 22 In part t facilitate CMS s use f these tls fr versight f SCHIPs, Federal law requires States t cllect, maintain, and furnish prgram infrmatin t enable CMS t mnitr State prgram administratin and cmpliance and t evaluate and cmpare the effectiveness f State plans METHODOLOGY Scpe T meet the study bjectives, we examined fraud and abuse safeguards in 6 f the 39 States that have all r part f their SCHIPs separate frm Medicaid. 24 Within these 6 States, we examined fraud and abuse safeguards established by 17 selected SCHIP health plans and ther cntractrs. Althugh States may use many f the methds and prcedures we examined t versee additinal issues related t prgram integrity, ur review fcused primarily n the preventin, detectin, and investigatin f suspected fraud and abuse cases. We als assessed these States versight f SCHIP cntractrs and CMS s versight f the six selected SCHIPs regarding fraud and abuse. Selectin f States We purpsively selected six States with separate SCHIPs. Factrs cnsidered fr State selectin included diversity in prgram design (fully separate frm Medicaid r a cmbinatin f separate and Medicaid expansin prgrams), number f prgram enrllees, primary OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 3

10 I N T R O D U C T I O N type f service delivery (managed care r fee-fr-service), gegraphic lcatin, and States lcatins within CMS regins. The six selected States are Iwa, Massachusetts, Michigan, New Yrk, Pennsylvania, and Texas. Within each f these States, we selected the 3 health plans with the largest SCHIP enrllment (except Iwa, which cntracts with nly 2 health plans), fr a ttal f 17 health plans. The selected States accunted fr 31 percent f natinal enrllment in separate SCHIPs as f December Appendix A cntains a detailed descriptin f the six States and additinal infrmatin abut ur study methdlgy. Data Cllectin and Analysis Frm each selected State and selected health plan, we requested dcuments demnstrating their methds and prcedures fr safeguarding the separate SCHIPs against fraud and abuse. We als inquired abut States use f SCHIP cntractrs t prevent, detect, and investigate fraud and abuse, including States versight f cntractrs, and safeguards against fraud and abuse by health plans themselves. Frm CMS, we requested cpies f reprts fr cmpliance reviews it had cnducted f these six States since the inceptin f SCHIP, assciated review prtcls, and State annual reprts. We received initial respnses and dcumentatin frm the 6 States and 17 health plans frm May t July We als received dcumentatin after interviews and ther fllw-up activities frm July t January Mst data cllectin frm CMS ccurred in August and September We interviewed staff frm the six States, frm selected health plans, frm the CMS central ffice, and frm each CMS reginal ffice respnsible fr versight f these States. We cnducted these telephne interviews t clarify any questins abut previusly submitted dcuments, t request additinal dcuments when needed, and t discuss the experiences and perceptins f staff regarding fraud and abuse in separate SCHIPs. We als discussed preliminary findings and an early draft f the reprt with CMS SCHIP fficials during a meeting in July We reviewed dcuments and ther infrmatin prvided by respndents t determine what safeguards and versight mechanisms had been established. Fr purpses f this reprt, the term established means that we btained dcumentatin that, in ur best judgment, demnstrated that the mechanism was in place and available fr use. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 4

11 I N T R O D U C T I O N Based n ur review f dcumentatin and interviews f key persnnel, we cmpleted the fllwing analyses: T assess State cmpliance with Federal requirements t establish separate SCHIP fraud and abuse safeguards, we determined what safeguards the six States and their SCHIP cntractrs had established and assessed whether these safeguards met applicable Federal requirements. T assess States versight f separate SCHIP cntractrs regarding fraud and abuse safeguards, we determined what methds and prcedures States had established fr versight, whether State prcedures met Federal requirements fr State versight, and whether ptential prgram vulnerabilities existed. T assess CMS versight f States separate SCHIPs, we determined hw frequently and t what extent CMS cmpliance reviews and ther CMS versight mechanisms addressed fraud and abuse issues. Limitatins Because the 6 States and 17 SCHIP health plans were purpsively selected fr review, findings and cnclusins cannt be generalized beynd these entities. Additinally, because measuring utcmes f established prcedures was beynd f the scpe f the study, the reprt des nt draw cnclusins regarding the effectiveness f these separate SCHIPs fraud and abuse safeguards. Finally, althugh we made every effrt t btain all relevant infrmatin and dcumentatin fr ur analysis, it is pssible that States have established additinal prcedures fr which they did nt prvide dcumentatin. Standards This study was cnducted in accrdance with the Quality Standards fr Inspectins issued by the President s Cuncil n Integrity and Efficiency and the Executive Cuncil n Integrity and Efficiency. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 5

12 F I N D I N G S Δ F I N D I N G S Each f these States has met The six selected States met requirements fr Federal requirements fr preventin and detectin f fraud and abuse by preventing and detecting fraud assigning respnsibility t SCHIP cntractrs that and abuse in separate SCHIPs, have established such prcedures largely by assigning respnsibility fr establishing mst fraud and abuse safeguards t SCHIP health plans r administrative cntractrs. Federal requirements gverning prgram activities thrugh which fraud and abuse might be prevented and detected include beneficiary eligibility and enrllment, prvider enrllment, and detectin f fraud and abuse. State cntractrs have established safeguards that met the Federal requirements in these areas. Entities respnsible fr eligibility determinatins have established prcedures t btain required applicant infrmatin Federal regulatins require an SCHIP eligibility determinatin based n criteria such as financial need, eligibility fr Medicaid (which takes precedence ver SCHIP), and the existence f ther health cverage. 26 The six States have assigned respnsibility fr SCHIP enrllment activities t administrative cntractrs (three), health plans (tw), and State staff (ne). Regulatins als require eligibility redeterminatin at least every 12 mnths. 27 Each entity respnsible fr determining SCHIP eligibility in these States has established prcedures that meet State and Federal requirements. The respnsible entities use self-reprted infrmatin frm a standardized applicatin (a cmbined Medicaid/SCHIP applicatin in five f these States) 28 plus any supprting dcumentatin required by the State t meet eligibility requirements. Entities in five f the States have prcedures t redetermine beneficiary eligibility every 12 mnths, and in the sixth State, every 6 mnths. Health plans in ur review have established prcedures t verify that netwrk prviders meet criteria fr participating in SCHIP All six States rely n the SCHIP health plans t determine whether prviders in their netwrks meet standards fr SCHIP participatin. 29 Federal regulatins prvide a number f criteria that physicians and ther prviders must meet t participate in SCHIP and prhibit States frm making payments t prviders wh have been excluded frm participating in the Medicare and Medicaid prgrams. 30 T meet these requirements, the SCHIP health plans we reviewed have established a variety f prcedures, mst cmmnly a frmal enrllment prcess OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 6

13 F I N D I N G S thrugh which they verify State licensure and check fr certain criminal cnvictins 31 and exclusins (see Table 1). The 17 health plans that we reviewed reenrll prviders in their netwrks every 2 years (3 health plans) r every 3 years (14 health plans). Table 1. Prvider Enrllment Activities f SCHIP Heath Plans We Reviewed Prcedure T Check: State Licensure Bards State Adverse Actin Lists OIG Exclusins Natinal Practitiner Data Bank Certain Criminal Cnvictins Prvider Address [Onsite] Healthcare Integrity Practitiner Data Bank Health Plans With Prcedure Surce: OIG analysis f dcumentatin frm 17 SCHIP health plans in 6 States, Health plans have a variety f techniques, data analysis tls, and infrmatinal tips t satisfy requirements fr fraud and abuse detectin The 6 States pay these 17 health plans n a capitated basis, i.e., a predetermined amunt fr each SCHIP beneficiary. These health plans, in turn, pay health care prviders fr SCHIP services. Althugh Federal regulatins require States t have methds and criteria fr identifying suspected fraud and abuse cases, the regulatins d nt specify the prcedures States shuld establish. 32 Five f the six States largely leave it t their health plans t determine the prcedures t establish fr detectin f fraud and abuse. One State was a ntable exceptin because its cntract specifies a number f activities that SCHIP health plans shuld establish t ensure that prvider payments are apprpriate and t detect ptential fraud and abuse. The health plans that we reviewed have established a cre set f techniques fr detecting fraud and abuse (see Table 2). Nt all f these health plans have established all detectin prcedures, but mst have multiple prcedures, and a few ther prcedures were reprted t be under develpment during ur study. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 7

14 F I N D I N G S Table 2: Fraud and Abuse Detectin Prcedures and Safeguards f SCHIP Heath Plans We Reviewed (N = 17) Prcedure r Safeguard Targeted Claims Reviews Telephne Htline Prvider Verificatin f Beneficiary Eligibility Autmated Prepayment Edits Utilizatin Review Staff Randm Sampling Aberrant Billing Detectin Errr Rate Measurement Fraud Reprting Infrmatin n Internet Health Plans With Prcedure Health Plans Develping Prcedure Surce: OIG analysis f dcumentatin frm 17 SCHIP health plans in 6 States, 2006 Althugh all SCHIP health plans we reviewed appear t have a variety f data analysis tls that can be used fr detecting fraud and abuse, 5 f the 17 health plans had sftware systems specifically designed fr fraud detectin. Health plan staff explained that these fraud detectin sftware systems ften use autmated prcesses t analyze several years wrth f billing data and t identify the areas f greatest vulnerabilities. When cases f suspected fraud One f the six States has nt met Federal and abuse are detected, Federal requirements fr investigating suspected SCHIP regulatins require States t fraud and abuse cases and referring cases t cnduct a preliminary law enfrcement investigatin r take ther actin t determine whether a full investigatin is warranted. 33 Fr cases that warrant mre than preliminary investigatin, Federal regulatins require States t establish prcedures fr cnducting full investigatins, including referral f cases t the apprpriate law enfrcement agencies if necessary. 34 OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 8

15 F I N D I N G S Five f the six States have established prcedures t meet Federal investigatin and referral requirements and ne State has nt. 35 In the State that is nt in cmpliance with Federal requirements, SCHIP staff reprted that the State has nt identified a State law enfrcement entity that will prsecute SCHIP-nly fraud and abuse cases. SCHIP staff in this State explained that, althugh there is a State unit designated fr investigating and referring SCHIP fraud and abuse cases, this unit wuld nt investigate cases invlving nly SCHIPs because f the lack f a State entity t prsecute if fraud were substantiated. Bth State SCHIP staff and CMS reginal ffice staff were aware f this situatin and the State s nncmpliance with Federal regulatins. SCHIP health plans typically task designated staff t cnduct preliminary investigatins, including identifying and develping suspicius cases All six States assign respnsibility fr cnducting preliminary investigatins t the separate SCHIP health plans and require health plans t have written plicies and prcedures fr detecting and investigating fraud and abuse. Beynd the basic requirement t investigate suspicius cases, additinal requirements amng these States included that health plans designate specific staff t investigate fraud and abuse cases (fur States), peridically reprt their investigatin activities t SCHIP agencies (fur States), and train staff regarding fraud and abuse (tw States). Staff frm health plans we reviewed reprted that mst fraud and abuse investigatin leads cme frm tips frm emplyees, such as utilizatin review staff, and tips frm telephne htlines. T investigate these leads, 14 f the 17 health plans we reviewed assign preliminary investigatins t a special fraud unit r ther designated health plan persnnel. Investigatin prcedures fr these staffs typically invlved a general review f the case facts and analysis f relevant claims and services. Of the three remaining health plans, tw subcntract fr investigatin services and ne was in the prcess f btaining these services frm a subcntractr at the time f ur study. 36 Staff assigned t ther State agencies r departments are usually respnsible fr full investigatins f suspected SCHIP fraud and abuse Staff in five f the six States clearly identified State agencies r departments respnsible fr handling full investigatins. 37 Hwever, as previusly mentined, the respnsible entity in ne f these five States des nt investigate SCHIP-nly cases. The sixth State listed entities t OEI F RAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 9

16 F I N D I N G S which fraud and abuse reprts are t be made but did nt specify which State entity is respnsible fr investigating cases. In three f the States, a Memrandum f Understanding (MOU) r an Interagency Agreement gverns the relatinship between SCHIPs and entities respnsible fr cnducting investigatins. These MOUs and agreements typically specify respnsibilities regarding investigatins, referrals t law enfrcement, prsecutin, and reprting between parties. Three States d nt have MOUs r agreements t gvern the relatinship between the separate SCHIPs and the entity respnsible fr cnducting investigatins. State staff in tw f these States reprt relying n health plans t cnduct bth preliminary and full investigatins fr sme cases f suspected fraud and abuse and t wrk with lcal law enfrcement. As mentined, the six States Althugh versight mechanisms in the six States have assigned many address Federal requirements, they d nt always respnsibilities fr preventin, enable States t knw hw well health plans are detectin, and investigatin f perfrming safeguard activities fraud and abuse t SCHIP health plans and ther cntractrs. In these States, versight mechanisms d nt always allw these States t knw the extent t which SCHIP health plans are perfrming safeguard activities. Further, State staff respnsible fr investigating fraud and abuse in the six States reprt receiving few, if any, referrals f such cases frm their health plans. This is a pssible indicatin that safeguard respnsibilities assigned t health plans are nt carried ut as well as they need t be. Fr example, ne State reprted having investigated 13 cases f suspected fraud and abuse by separate SCHIP prviders frm 2001 t mid-2005, nne f which had been referred t State investigatrs by separate SCHIP health plans. The mst cmmn State versight mechanisms address areas specifically required by Federal regulatins All six States have established mechanisms fr cnducting versight f SCHIP health plans and cntractrs (see Table 3). T ensure that SCHIP health plans have administrative and management arrangements r prcedures that meet Federal requirements, all f these States cntractually require their SCHIP health plans t have written fraud and abuse plans. 38 All six States als include in their cntracts federally mandated requirements that SCHIP health plans OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 10

17 F I N D I N G S attest t the accuracy f payment r claims data and prvide Gvernment fficials with access t these data. 39 Table 3: Cmmn Oversight Mechanisms Established by Six States State Oversight Methd Health Plans Required T Have Written Fraud and Abuse Plans Cntracts Require Claims Accuracy Attestatin and Access t Data Mnitring f Summary Data Supplied by Health Plans State Htlines fr Cmplaints and Fraud Tips Peridic Audits f SCHIP Beneficiary Eligibility and Enrllment* Required Reprting f Health Plan Investigatin Activities Verificatin f Prvider Address [Onsite] States With Methd * One State des nt assign beneficiary enrllment t cntractrs. Anther State reprted it had nt cmpleted these audits fr tw f the three health plans we reviewed. Surce: OIG analysis f dcumentatin frm 6 States, T meet Federal requirements that States have methds t identify, reprt, and verify the accuracy f claims fr beneficiaries enrlled in a separate SCHIP, the five States that assign beneficiary enrllment t health plans r administrative cntractrs have prcedures t peridically cnduct audits t verify apprpriate enrllment. 42 The ne State that enrlls beneficiaries itself has prcedures t rutinely cmpare health plan enrllment data with its wn recrds t identify any discrepancies. Because SCHIP health plans are typically paid by the six States based n the number f beneficiaries enrlled in the plans, these beneficiary enrllment audits als serve as ne f the primary versight mechanisms these States have established t meet the Federal requirement t safeguard against fraud r abuse by health plans themselves. Current versight des nt always allw States t knw hw well SCHIP health plans are perfrming safeguard activities in sme critical prgram areas Our assessment f the primary versight appraches these six States use fr the critical areas f fraud and abuse safeguard activities with health plans identified the fllwing cncerns. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 11

18 F I N D I N G S One State had nt cnducted all beneficiary eligibility audits. Althugh this is generally ne f the strnger areas fr State versight in these six States, ne State reprted that, despite having prcedures in place fr peridic beneficiary eligibility audits, it has never cnducted such an audit fr tw f its three SCHIP health plans included in ur study. This State relies n its health plans t enrll SCHIP beneficiaries. Cnsidering that these audits are a primary versight mechanism reprted by this State t verify apprpriate enrllment and accuracy f payments t its health plans, failure t cnduct beneficiary enrllment audits leaves this State vulnerable t fraud and abuse. States have few methds t verify prvider enrllment prcedures perfrmed by health plans. Althugh all six States rely n health plans t ensure that prviders enrlled in SCHIP meet participatin rules, State versight mechanisms typically d nt invlve States verifying health plan perfrmance in this area. Tw States had established prtcls fr verifying health plan prvider enrllment prcesses, but ne had used its prcedures nly fr health plans that als participated in the Medicaid prgram at the time f ur study. Other cmmn versight mechanisms established by these States include relying n health plan accreditatin by natinal rganizatins and sharing infrmatin with ther States abut adverse actins taken against prviders. States have few mechanisms fr versight f health plans prcedures fr detectin f fraud and abuse in imprper billing by prviders. Althugh the six States rely heavily n SCHIP health plans t detect ptential fraud and abuse by prviders, these States have generally nt established versight mechanisms t mnitr this aspect f health plan perfrmance. State SCHIP staff in these States ften expressed their perceptins that ptential fraud and abuse by prviders is mre the cncern f health plans than f the State. Hwever, States als reprted that SCHIP health plans have referred very few cases f suspected fraud and abuse by prviders, suggesting that greater versight is needed. States rely n self-reprted infrmatin fr versight f health plan investigatins and referral activities. The six States rely t varying degrees n SCHIP health plans t investigate and refer cases f suspected fraud and abuse. The primary versight mechanism established by five f the States is t require health plans t peridically reprt their investigatin and referral activities, OEI F RAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 12

19 F I N D I N G S including such items as the number and types f cases and referrals, amunts f verpayments and recveries, and ther penalties. Reliance n self-reprted infrmatin des nt allw States t knw whether, r hw well, health plan staff are investigating cases f suspected fraud and abuse. States cmmnly use self-reprted, aggregated data fr mnitring health plan services. The mst cmmn versight mechanism fr mnitring SCHIP health plan service delivery, established by the six States, relies n aggregated data self-reprted by health plans. These data vary acrss the States and include infrmatin abut beneficiary cmplaints, utilizatin f services, and/r beneficiary health data. Althugh fur States reprt requiring r receiving actual encunter data frm SCHIP health plans, nly ne State had established prcedures fr using such data t mnitr the services prvided by health plans. Additinally, ne State sends an explanatin-f-benefits ntice t a randm sample f beneficiaries. Althugh these versight mechanisms allw these States t mnitr sme aspects f SCHIP health plan service delivery, few include means t verify service delivery. States have nt implemented nsite reviews f the health plan fraud and abuse plans. As previusly mentined, all six States require separate SCHIP health plans t have written plicies and prcedures fr preventing, detecting, and investigating fraud and abuse. 43 Fur f the six States had nt adpted nsite reviews regarding fraud and abuse safeguards fr their separate SCHIPs. Tw States reprted develping prtcls fr nsite reviews f health plans t verify implementatin f their fraud and abuse plans. Hwever, nne f these States had frmally cnducted such a review at the time f ur study. 44 State versight regarding fraud and abuse safeguards may be inhibited by dispersal f SCHIP versight respnsibilities within States and certain perceptins expressed by State staff Placement f State versight functins with several agencies seems t create cnfusin and pssible gaps. In all six States, respnsibility fr versight f separate SCHIP fraud and abuse safeguards is dispersed amng several agencies. Acrss the six States, the SCHIP agencies are mst cmmnly respnsible fr versight f beneficiary eligibility and enrllment, whereas versight f prvider enrllment, detectin f fraud and abuse, and investigatin and referrals are ften the respnsibility f ther State entities. Cnsequently, n single unit OEI F RAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 13

20 F I N D I N G S within each f the six States had cmplete infrmatin abut State versight f SCHIP cntractrs. Crdinatin and cmmunicatin amng agencies that share SCHIP versight respnsibilities in these States als appeared prblematic. T the extent that these prblems are persistent r typical, successful versight will likely be affected. Crdinatin difficulties in ne State resulted in the submissin f separate respnses t ur data cllectin request frm tw different agencies, which smetimes prvided cnflicting answers. Within tw ther States, different agencies pinted t each ther as the respnsible entity fr ensuring cntractr cmpliance with a particular Federal SCHIP requirement, suggesting that neither grup was cnducting versight. Indeed, in ne f these States, SCHIP staff were unaware that a cntract cmpliance review f their largest SCHIP health plan had never been cnducted. State staff indicate that their SCHIP has limited expsure t fraud and abuse. State staff cmmnly expressed the belief that the capitated nature f cntracts with SCHIP health plans prtects States frm expsure t fraud and abuse in prvider billing, placing the risk instead n health plans. Althugh capitated cntracts may insulate States frm the csts f imprper billing by prviders during the current cntract perid, health plans may increase capitated rates under subsequent SCHIP cntracts t accunt fr any lsses due t fraud and abuse. State staff indicate that versight f Medicaid health plans benefits the separate SCHIP. Sme SCHIP staff in these States nted that the separate SCHIPs likely benefited frm the mre stringent standards and versight in the Medicaid prgram regarding fraud and abuse. Fr example, States subject all Medicaid health plans t an annual External Quality Review, including thse health plans that participate in bth the Medicaid prgram and separate SCHIPs. Hwever, Medicaid versight wuld seem t have minimal effect n separate SCHIP health plans that d nt als participate in Medicaid, which was true fr 4 f the 17 SCHIP health plans we examined. Further, ptential benefits fr SCHIPs frm Medicaid versight f health plans that participate in bth prgrams wuld be dependent upn the extent and quality f the Medicaid versight itself. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 14

21 F I N D I N G S CMS relies primarily n States fr versight f The SCHIP statute allws CMS SCHIP fraud and abuse safeguards, althugh it discretin regarding Federal versight f separate SCHIP has cmpleted sme nsite reviews f States fraud and abuse safeguards, neither prescribing nr prhibiting particular versight activities. In interviews, CMS fficials expressed that, rather than being prescriptive regarding versight f fraud and abuse activities, the SCHIP s statute and regulatins fcus n prgrammatic versight at the Federal level. Accrding t CMS fficials, SCHIP has limited expsure t fraud and abuse because Federal alltments are capped and managed care arrangements prvide prtectins against fraud and abuse. Therefre, CMS fficials reprt that CMS relies primarily n States fr versight f separate SCHIP fraud and safeguards. Despite CMS s reliance n States fr versight, it has cnducted nsite reviews fr mnitring separate SCHIP fraud and abuse safeguards. In 2002, CMS prduced and distributed t its reginal ffices guidance fr cnducting these nsite reviews. In this dcument, we identified 14 tpics related t fraud and abuse that culd be reviewed during nsite reviews f SCHIPs. 45 Frm 1997, when SCHIP started, t August 2005, CMS cnducted a ttal f 11 nsite reviews f 5 f ur 6 States that examined at least 1 fraud and abuse-related tpic. Ten f the eleven CMS nsite reviews f these States examined fur r fewer issues related t SCHIP fraud and abuse, mst ften thse invlving beneficiary eligibility and enrllment prcesses. CMS des nt always require that crrective actin plans be develped t address prblems nted during nsite SCHIP reviews. CMS cited fur f the five reviewed States fr having insufficient prcedures in at least ne f the fraud and abuse-related issues. Fr three f these States, CMS staff reprted using infrmal means, such as telephne cnversatins r s, t fllw up n cncerns raised by the reviews. CMS staff reprted requiring the ne remaining State t execute a crrective actin plan t address the issues with 10 fraud and abuse-related Federal regulatins with which CMS fund the State t be nncmpliant. Althugh CMS s nsite review ccurred in 2003, ur study fund that as f 2005 this State remained nncmpliant with Federal requirements fr full investigatin and referral f suspected SCHIP fraud and abuse cases. State SCHIP staff prvided dcuments indicating that, althugh its crrective actin plan did address many OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 15

22 F I N D I N G S issues f nncmpliance cited by CMS, it did nt fully address the investigatin and referral issue. CMS has nt always fllwed up n the prblems in subsequent reviews. Fr the fur States with mre than ne nsite review, the CMS reviewers typically did nt reevaluate prblems identified in prir reviews, even when prir review reprts did nt indicate that States had crrected the prblems. CMS staff respnsible fr determining the nsite review tpics reprted that they typically base decisins abut nsite review tpics n their familiarity with State prgrams, discussins with State staff, CMS initiatives, and annual reprt data, but nt necessarily n reevaluating past prblems. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 16

23 Δ R E C O M M E N D A T I O N S With ne exceptin, the six States we reviewed cmply with Federal requirements regarding the establishment f fraud and abuse preventin, detectin, and investigatin safeguards in their separate SCHIPs. One f the six States des nt meet Federal requirements fr investigating cases f suspected fraud and abuse and referring cases t law enfrcement. These States rely extensively n their SCHIP cntractrs t prevent, detect, and investigate fraud and abuse. Hwever, the current level f State versight f SCHIP cntractrs des nt always prvide States with the means t knw hw well cntractrs are perfrming n sme critical fraud and abuse matters, including prvider enrllment, detectin f fraud and abuse, investigatin and referral t law enfrcement, service delivery t beneficiaries, and executin f cntractr fraud and abuse plans. It appears that a number f factrs may inhibit State versight f SCHIP cntractrs regarding fraud and abuse safeguards. CMS reprts that it relies primarily n States fr versight f SCHIP fraud and abuse safeguards. CMS has cnducted nsite cmpliance reviews f separate SCHIPs in five f the six States we reviewed. Hwever, CMS s reviews typically examined nly a few f the areas we identified in CMS guidance dcuments as related t fraud and abuse safeguards. Additinally, CMS has nt typically required States t develp frmal crrective actin plans in respnse t prblems nted in its reviews. T address the ne instance f nncmpliance fund in this reprt, as well as ther ptential areas f imprvement, CMS shuld: Ensure That the Nncmpliant State Institutes Prcedures T Meet Federal Requirements fr Investigating Cases f Suspected SCHIP Fraud and Abuse and Referring Cases t Law Enfrcement Staff in ne State reprted that it has nt identified a law enfrcement entity that will accept fraud cases invlving nly SCHIP. Therefre, that State s designated investigatin unit des nt investigate such cases r refer them t law enfrcement, as required. CMS shuld wrk with State fficials t bring the State int cmpliance with Federal regulatins n this issue. Optins may include additinal effrts t identify a State law enfrcement entity t accept SCHIP fraud cases r develpment f prcedures fr the State t refer cases t Federal law enfrcement entities, such as OIG r the Department f Justice, when necessary. Althugh this issue f nncmpliance affected nly ne f the OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 17

24 R E C O M M E N D A T I O N S six States, CMS shuld determine whether all States with separate SCHIPs have apprpriate investigatin and referral prcedures. Take Steps T Strengthen Federal and State Oversight f Separate SCHIPs Fraud and Abuse Safeguards CMS relies heavily n States fr versight f fraud and abuse safeguards fr separate SCHIPs. In turn, these six States rely n SCHIP cntractrs t prevent, detect, and investigate ptential fraud and abuse. Hwever, ur findings indicate that the current Federal and State versight appraches have vulnerabilities. Optins CMS shuld cnsider t strengthen its versight f separate SCHIPs include: Establishing a specific frequency fr nsite reviews and a basic set f required review elements t ensure that SCHIP fraud and abuse safeguards are rutinely examined; Requiring States t submit crrective actin plans in respnse t prblems nted during reviews that invlve nncmpliance with Federal regulatins r ther serius fraud and abuse-related vulnerabilities t better supprt prblem reslutin; and Requiring States t submit, in their annual SCHIP reprts, data abut separate SCHIP fraud and abuse activities, e.g., the number f cases investigated and/r referred. Optins CMS shuld cnsider t strengthen States versight f SCHIP cntractrs include: Prviding training and written guidance t States n fraud and abuse versight, including identifying what a full State versight effrt might encmpass; Prviding technical assistance t States n hw t implement mre direct methds fr assessing cntractr perfrmance; and Facilitating frums fr sharing infrmatin amng States, including sharing practices that States find effective. AGENCY COMMENTS In its cmments t the draft reprt, CMS stated that it des nt dispute the findings in the reprt. Hwever, CMS suggested clarifying language t emphasize that the SCHIP statute is nt prescriptive in describing Federal versight f fraud and abuse. CMS expressed that the SCHIP statute and regulatins fcus n prgrammatic versight at the Federal OEI F RAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 18

25 R E C O M M E N D A T I O N S level. CMS als nted its recent effrts cmpleted r underway t assist States in strengthening fraud and abuse effrts. The effrts described are cnsistent with ur secnd recmmendatin. In its cmments, CMS did nt specifically respnd t ur first recmmendatin. OFFICE OF INSPECTOR GENERAL RESPONSE We made changes t the final reprt t clarify that the SCHIP statute allws CMS discretin regarding its versight f SCHIP fraud and abuse activities, neither prescribing nr prhibiting particular versight activities. We als included the full text f CMS cmments in Appendix B, which includes CMS s descriptins f its recent effrts t assist States in strengthening fraud and abuse effrts. OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 19

26 Δ E N D N O T E S 1 42 U.S.C. 1397aa 1397jj; Scial Security Act, ; Pub. Law. N , Subtitle J CFR (c) CFR U.S.C. 1395ddd(g); Scial Security Act, 1893(g); Pub. Law N , Title VI, Subtitle A, Ch (d)(1) CFR CFR CFR U.S.C. 1396u-6; Scial Security Act, 1936; Pub. Law N , Title VI, Subtitle A, Ch (a)(2) CFR (a) CFR (b) CFR (a)(1) and (2); 42 CFR ; 42 CFR CFR CFR (a)(1); 42 CFR (a) CFR (c); 42 CFR ; 42 CFR CFR ; 42 CFR ; 42 CFR ; 42 CFR CFR ; 42 CFR ; 42 CFR (a) and (b) CFR ; 42 CFR ; 42 CFR CFR ; 42 CFR CFR CFR (a) CFR OEI FRAUD AND A BUSE S AFEGUARDS IN S EPARATE SCHIPS 20