Los Angeles: Medicare Fraud Summit Preventing Health Care Fraud

Uploaded by USGOVHHS on 02.09.2010

[Peter Budetti] Now for our panel on the -- on providers.
You have already met me.
I'm Peter Budetti from Centers for Medicare
and Medicaid Services.
The rest of our panel: Spencer Turnbull, who is the
senior counsel for the Department of Health
and Human Services Office's Office of Inspector General;
Dr. Jack Resneck from the University of California
in San Francisco; Dr. Phillip Baldi, who is medical director
for Medical Management of Blue Shield of California;
Margaret Hambleton, senior vice president of
Ministry Integrity, Chief Compliance Officer,
St. Joseph Health System; and Tammy Capretta,
assistant vice president, Health Care Compliance,
University of Southern California.
So, if you'll join me in welcoming
our provider panel.
[Peter Budetti] I'm going to start off and give you a few minutes of what we're
doing at the Centers for Medicare and
Medicaid Services in our new center for Program
Integrity that I have the privilege of having been
appointed to run by Secretary Sebelius.
And you heard her talk this morning about our shifting
emphasis, that we want to move away from the historical way
of trying to deal with fraud by chasing after people after they
had committed their fraud and after they
had received payments.
We want to move from that to a posture where we are in a
position to prevent fraud from happening in the first place.
And to do that, we need to do several things.
And fortunately, as the secretary mentioned,
the health reform legislation, the Affordable Care Act,
does give us very strong, new authorities to move
in that direction.
And those authorities will help us keep people from enrolling
in the first place as providers when they are not legitimate
providers and shouldn't be in the program and they're just
scam artists who just want to get into the program
and start billing.
It will give us the authority to stop payments before
we make them.
Medicare has a long history of wanting to pay claims on a
very timely basis and this will give us the authority that when
there's a credible allegation of fraud to
withhold the payments.
And then we will also be revisiting people who
are in the system, rechecking on their bonafides [phonetic sp]
over time and making sure that they are still up to snuff.
So, very important new tools and a whole bunch of others.
And one of the things I wanted to touch upon that the
secretary mentioned this morning is how we are moving in the
direction of using new, advanced technologies.
The idea that, you know, we're in the 21st century,
we've got lots of tools at our disposal; we should be using
them effectively and using them properly.
And we are right now conducting a number of pilots to use
technologies, analytic systems that are developed and in
place, but to apply them to the Medicare context.
And one of the places where we're using -- where we're
exploring using these has to do with screening people who want
to come into the program.
We all hear very big numbers.
You know, Medicare is over $400 billion in federal money;
Medicaid, 300 billion.
We get four million claims a day.
But the number that impresses me the most is that we get
19,000 new applications to be a Medicare provider every month.
So, we have to screen through 19,000 new applications to
find the very few who are not legitimate people,
not legitimate corporations, and don't belong in the system.
And of course, we've been doing that for some time.
We've been looking, we've been conducting background checks
in traditional ways, looking at names and Social Security
numbers and licenses and certifications,
looking at lists of excluded providers and so forth.
And that's been, you know, reasonably effective,
but it hasn't gotten us far -- as far as we need to go.
And one of the new technologies that we're looking at will
allow us to go into far more depth in terms of our
analysis of the person who's applying, to look at mapping
data of where the address is that they are submitting,
to look at court records to see if they've been convicted of
fraudulent activities, to look at a variety of other kinds of
data all at the same time in order to screen out people
who just simply don't belong in the program.
We're also exploring technology that will help us
screen out claims.
We get a claim in now; of course we do a lot
of screens on it.
We look to see, make sure that the identity of the provider is
an active provider; not someone who's dead, for example.
We look to make sure that it's an active beneficiary who is
in our system.
We look to make sure that the service that's being billed is
covered by Medicare and so forth.
This new technology will now also allow us to look
at other things.
We are setting up lists of beneficiaries whose medical
identity has been stolen.
We can check it against those lists.
We're looking at lists of suspicious billing patterns,
where things just don't match against each other.
We're looking at medical conditions that just
don't fit with each other.
So, we're moving in a very strategic and cautious way.
We're committed to doing this; we're committed to keeping the
bad guys out that you heard about his morning while
making sure that we have the legitimate, honest providers
into the system.
We want to make sure that we hold back on payments when
they shouldn't be made and that we continue to make payments
when they should be made.
It's a big task ahead of us, but I wanted to give you a
flavor for what we're doing at the Centers for Medicare and
Medicaid agency to move forward and to use modern technologies
to help us fight fraud by being able to prevent it from
occurring in the first place.
So, with that, I would like to now turn it over to our panel,
and we'll start with Spencer.
Spencer Turnbull?
[Spencer Turnbull] Thank you.
Good afternoon.
As Dr. Budetti mentioned, I represent the Office of
Inspector General, or OIG.
OIG has 1,500 men and women across the country whose
core mission is to protect the Medicare and Medicaid programs
and its beneficiaries.
As is evident, every time a HEAT Strike Force takes down
suspected criminals, we dedicate a lot of
our resources to going after those who prey on our programs.
But we're also committed to sending a proactive message
of compliance because we do believe that the vast
majority of providers are committed to the best
interests of our beneficiaries.
And that's why it's a particular pleasure to speak
with you today.
I think that you're here because you get it.
You share OIG's concern to root out fraud and
protect our beneficiaries.
So, I want to share with you a three-pronged message about
how you can help prevent fraud.
First, understand the laws and their consequences.
Second, have a plan in place at your organization that
cultivates a culture of compliance.
And third, know what to do when a compliance
issue is identified.
So, the first step: understanding and
complying with the law.
Whether you're a provider of health care services or
you're someone who works with providers, you should be aware
that there are many laws intended to prevent
health care fraud.
There are criminal laws that make it illegal to bill for
medically unnecessary services, to seek reimbursement for items
or services that were not provided, to pay kickbacks
for Medicare or Medicaid referrals, and to defraud
private insurers.
There's civil laws, such as the Civil False Claims Act,
which makes it illegal for anyone to knowingly present
a false claim to the United States.
And then there are administrative laws
such as OIG's ability to exclude providers from every federal
health care program, disallowing payments
for services rendered.
And administrative monetary penalties that reach
everything from kickbacks to false claims.
So, while I don't have time on this panel to go into detail
about all these authorities, I can offer this simple rule
that can serve as gut check to help ensure that you're doing
the right thing.
It's the newspaper test.
Don't do anything that you wouldn't want printed on
the front page of the Los Angeles Times.
If your organization is engaged in the practice
that you wouldn't want your patients to read about on
the front page of The Times that is a clue that those practices
probably present risk.
So, the second step: create a culture of compliance.
An effective compliance program helps everyone in a provider
organization improve their understanding of program
rules, and it can help identify overpayments and underpayments,
it can resolve potential problems more quickly,
and it minimizes your risk of whistle blowers.
Soon, compliance programs will be required of
all Medicare providers.
Many of you in the audience who lead sizable health care
organizations probably already have compliance
programs in place.
So, I encourage you to think beyond the basics of a
compliance program and ask yourself: is your
organization sending a message directly from the top that
compliance is taken seriously and treated as a priority?
Do your compliance committee meetings focus on compliance
or do they focus on the bottom line?
If you work at a small physician practice,
is the managing partner present and engaged in leading
compliance training?
And for those of you affiliated with larger institutional
providers, does your compliance officer have direct access to
your board of directors or is that person kept at a lower
level of management, reporting to the
general counsel?
The OIG has devoted substantial resources to providing
compliance program guidance and it's all available
at oig.hss.gov.
So, the third step is to become a partner in the fight against
health care fraud by disclosing problems to the government.
If you have in place a robust and effective compliance
program, it's inevitable that you're going to find billing
problems, employee misconduct, and potentially even fraud.
The law requires that you return to the government
funds to which you are not entitled and ethics require
that you address the problem honestly.
Hiding the problem will not work and only creates a
breeding ground for whistle blowers.
OIG wants to work with providers that seek to
self disclose fraud and we offer a self-disclosure protocol to
encourage providers that have identified problems to come
forward and work with us to get the problems resolved quickly
and equitably.
CMS is developing a similar program specifically for
self-disclosure -- pardon me -- for self-disclosure of
violations of the physician self-referral law.
You may also become aware of suspected health care fraud
being perpetrated by someone outside of your organization
and OIG encourages you to report suspected illegality
to 1-800-HSS-TIPS.
So, in conclusion, by understanding
the laws and their consequences, by having in place a program
that will cultivate a culture of compliance, and by knowing what
to do when you uncover a health care compliance issue,
you can help become a partner in combating health care fraud.
Thank you for your time.
[Peter Budetti] Thank you very much.
[Peter Budetti] Dr. Resneck.
Dr. Jack Resneck.
[Jack Resneck] Thanks, Dr. Budetti, both for assembling this summit and
for inviting a practicing physician to participate
on this panel.
I should also disclose that I serve as a member of the
American Medical Association's counsel on legislation.
So, I want to start with something that I hope is
stating the obvious, but I think I want to state it
anyway: that physicians as a group are also concerned
about health care fraud.
First of all, because it's the right thing to do;
it's an extension of our code of ethics.
But also, as we've heard today, because health care resources
are limited and in some ways becoming more so,
and there are consequences of diverting those critical
resources away from our patients who need care.
Those consequences are born by the taxpayers who fund the
programs, they're born by the physicians who need the
resources to treat our patients, and of course,
by our patients as well.
Also, as we've heard today, I think we're concerned as
physicians that it's getting easier in this era of the
internet and electronic claims for criminal elements to
undertake fraud, and that concerns us as well.
So, today, we've heard some dramatic examples from the
law enforcement community about some of the extreme things that
they run into.
And the reality is that for most physicians and other
providers -- fortunately, we don't interact very
often with the senior law enforcement officials and
instead, our interaction with the program really is more on
the front of the regular program integrity rules
that we all live with.
And for the vast majority of the physicians who are honest
physicians and for other providers, to comply with
the rapidly evolving program integrity policies --
and they seem to evolve more rapidly over time -- and to
reduce honest mistakes, there's some the things
that we feel like we need and would be helpful.
First of all, we need extremely clear policies concerning
payment, concerning reimbursement,
coverage, and program integrity.
And those policies need to be communicated effectively and
there needs to be an infrastructure in
place to make sure that the vast majority of physicians --
many of whom operate in small practices with one, two, three,
four doctors -- can get this information and make use of it.
We also need continued effective partnerships
between organized medicine, the contractors, the agency
personnel to really maximize these communication strategies,
to identify problems together, and to work together to come
up with practical solutions.
Unfortunately, real and genuine fraud does exist.
As we've heard today, I think the majority of it is
probably committed by people who never should have been
enrolled in the program as a provider in the first place.
But we certainly do, as physicians,
agree that we need a program and a system in place that can find
and target the rare providers who do abuse their medical
ethics and who abuse the trust of their patients.
We heard a bit this morning about data mining and claims
data, and using claims data for screening is obviously an
effective tool, but screening has to move beyond simply
looking for volume outliers.
The claims data really can't tell the whole story.
Just as an example, I happen to be a dermatologist and if
you're a dermatologist working at high altitude in Denver
with a high-risk population, it's likely that just due
to disease prevalence, you're going to do a
lot more skin biopsies than somebody taking care of a
low-risk population.
It doesn't necessarily mean that you're abusing
the system.
So, we need smarter systems that can account for
justified outliers.
In medicine, we think about sensitivity and specificity.
Sensitivity: Can you find disease when it exists?
Specificity: Does your test pick up too many false positives?
And I think many physicians have experienced problems
with program integrity on both fronts.
Many of us have seen colleagues who were honest colleagues who
got caught up in an audit that didn't go well or wasn't
handled appropriately and were rather tortured by the process.
And on the other hand, some of us, myself included,
have actually tried to turn in fraud when we've seen it and
have faced a system that sometimes presents a lot
of challenges for us to do that as well.
So, we're hoping for continued improvements in sensitivity
and specificity because there are risks and harms that can
be done if the new funds that are being put towards this use
are deployed poorly.
It can certainly increase administrative burdens for
physicians and delay payments, can create liabilities for
honest practitioners who don't deserve them,
exacerbate patient access problems when physicians
see other physicians treated unfairly, and, out of fear,
leave the Medicare program.
And honestly, it's a lost opportunity because I think
honest physicians can be enrolled as allies in
rooting out fraud.
So, I do hope that we'll be able to build trust in the
years to come under the leadership we have now
at CMS because I think over time, again, if we see
egregious audits that can erode that trust.
And then the most important thing is communication with
the physician community.
Physicians now, in addition to the law enforcement personnel
you've seen today, face auditors with
all kinds of initials from their various agencies.
And a lot of these are private contractors who don't directly
work in government but are contracted to do the audits.
And I think another thing we'd really like to see
are some new metrics.
It's very easy with the sort of exciting cases and the big
$10 million cases to count the number of prosecutions,
to count the number of dollars recovered, and those things
are important, but it's also important to account for the
harms that are done if you have contractors out in the country
who are doing inappropriate audits.
I think in terms of appendectomies.
And, you know, it's -- they say that a surgeon whose doing
things about right, of course he's going to have some
surgeries that they do on appendectomies that turn
out not to be appendectomies, but you don't want to just
measure the number of appendectomies being
done because you might reward somebody who's at a hospital
where they're doing way too many, and we look at
audits in the same way.
So, just in summary, I think as physicians we welcome
opportunities to partner together with the government
to prevent fraud and to prevent the diversion of critical
health care resources from our patients who desperately need
those resources and need our care, and there are several
things we need to do in order to make that happen.
We need help reducing opportunities for
identify theft, effective communications
infrastructure, the opportunity for us to help participate in
developing tools, and importantly,
mitigating harmful impacts on honest doctors and their
patients that over time will, I hope, build trust with the
patient community.
[Peter Budetti] Thank you very much, Dr. Resneck.
I appreciate your remarks very greatly because they reflect
the attitude that I've brought to this job; now all I have to
do is deliver on that.
Dr. Baldi?
[Dr. Baldi] Thanks very much for having us here today.
I appreciate the opportunity.
I'm a medical director with Blue Shield.
I've been in -- I was in private practice for
23 years as an internist before I went to this, so I have a
good insight on really both sides of the field now.
What I wanted to do was just give you a quick overview of
our approach to fraud and abuse at Blue Shield.
On the -- I oversee the Provider Review Department.
We have two branches in our company.
We have a Special Investigations Branch.
They report to the Legal Department.
In that division, we have investigators that have
been in the business for a long time and they're really
focusing on truly fraudulent behavior and billing practices:
billing for services not rendered, falsifying a
patient's diagnosis to justify test, significant up coding,
significant unbundling of procedures.
As you know, sometimes it's a very fine line
between fraudulent intent and just exuberant billing.
And sometimes, that's difficult and we really do try to
interpret, you know, what the physician is really doing.
The other arm of our company, Fraud and Abuse Division,
is the provider compliance review, which I oversee.
We report to Health Care Services.
So, it's really the educational arm of the insurance company
of Blue Shield.
And we're looking at things sometimes similar,
but coding when documentation doesn't support codes
medically necessary, or unnecessary procedures,
procedures outside of specialty -- we're seeing that a lot now
in especially primary care areas -- you know, frequency of
visits, quality of care issues in general is what we look at.
We have a -- we have programs much like CMS programs.
We use one called Star Sentinel.
Star Sentinel can be set to various sensitivities in
terms of what we're looking for.
Examples would be higher than average medical tests per
patient, medical tests that provide an inordinate amount
of revenue, high incidences of medical tests of other
procedures, frequency of visits, and again,
high E and M codes.
And this is usually what we're looking for is what's outside
the peer group; that's how we have to start.
Our process starts by the Star Sentinel pick up.
If we see something that looks egregious, my team or myself
will review it.
If it looks like there really is something there, we'll ask
for medical records from the provider.
So, we'll do an audit perhaps five to 10 medical records.
If once we -- I look at these or my team looks at these,
we'll always send it to a specialty matched outside
advisor that's not part of Blue Shield.
And once they review these, if they feel that this does
look significant or these findings are significant,
we'll send a corrective action letter to the provider.
We'll document the provider's -- the advisor's findings and
his recommendations.
So, we'll give the physician a chance to read our letter.
We request that he sends a letter back explaining what
the findings are, if he has any reasons for this,
and he's always welcome to call me, too, or one of my partners.
So, assuming we get a corrective action plan,
everything looks pretty appropriate,
we will ask the provider to let us re-review records in three
to six months, and if things look good, that's the end of it.
If it comes back and there's been no improvement,
there's still egregious billing that's outside what's expected,
outside the peer group, possible actions would
be pre-payment review, which most providers
really dislike because that means they have to send
in medical records with each claim to be evaluated,
and if it doesn't look like we're going anywhere,
then there's always the possibility of termination.
Now, if there's quality issues, these doctors may be turned
over to credentialing.
If it looks truly fraudulent, which occasionally we pick up,
we'll send it over to the Special Investigations Unit.
Now, there are issues here.
Sentinel programs may misidentify
appropriate practice patterns.
So, a tertiary orthopedic doctor who only does ankle
redoes, it may -- that's going to show that he has a lot of
procedures maybe above the average.
Those are the kind of things we weed out very quickly;
we're not looking for those issues.
Identified practice outliers: most of the time after we look
at medical records, we look at the
corrective action explanations.
There's really nothing there.
So, I would say probably 70 percent of the things we
look at don't come to anything.
And again, most physicians -- I think 97 percent are very
honest and they take the corrective action plan serious.
They are sometimes indignant that somebody would not trust
them, and we listen to that and that's about as far as it goes.
So, I think there's areas for health care savings.
Right now, we're only really -- in California, we're only
looking at the PPO population, the traditional fee
for service population.
Half of our patients are capitated patients and
IPAs in other medical groups.
We're not looking at those.
In general, IPAs and medical groups don't have the
sophistication or the resources to really look for fraud,
so I think there's a big area there that's
not being identified.
And I also -- I think it's going to be essential that
medical groups, health plans, governmental payers are going
to need to work together to really better identify and
try to eliminate duplication of services because I think we
have all these separate entities doing the same
thing at this time.
And again, we're only identifying
office-based providers.
We need to probably expand our review of hospital claims,
which we find a lot of problems with at times.
Also, hospital claims from physicians' and facilities'
ambulatory surgery centers and hospitals.
So, and in summary, for us, documentation is the key.
We still, even in this time of electronic medical records,
a lot of -- you wouldn't be how many progress
notes are illegible.
There's no documentation -- no documentation for the
need of the visit, time of the visit, issues of the visit to
document their E and M codes or their decision-making process,
and that really would help us a lot, so.
That's it.
[Peter Budetti] Thank you very much, Dr. Baldi.
[Peter Budetti] From St. Joseph's Health System,
Margaret Hambleton, please.
[Margaret Hambleton] Thank you.
It's a pleasure for me to be with you this afternoon and
be part of such a distinguished panel.
I want to start with sort of my premise.
As a compliance officer, I want to put all of you in law
enforcement out of business and I hope every compliance officer
that really looks at their work with that goal in mind.
And how can we do that as compliance officers?
First, we want to establish a culture of ethical behavior.
We want to make sure our compliance
programs are effective.
We want to understand -- have a solid understanding
of our organization's risks and our vulnerability
to those risks.
We want to make sure that we are auditing and monitoring;
particularly auditing and monitoring those things to
which we are most vulnerable.
And we want to make sure we are taking effective corrective
action, which includes refund of overpayments
where identified and potential
self-disclosure where necessary.
Just a little bit about me.
I came into compliance in the late '90s with this sort of
"tag, you're it" method.
I had a fairly broad experience in health care having started
on the payer side, moving over the provider side in human
resources, and then in risk management,
and then to compliance.
And having that broad sort of understanding of health care
was actually quite valuable as I began my compliance career.
Now, back in the late '90s, of course, just after the
OIG published its Program Guidance for Hospitals,
a compliance program in the acute care side at least
was establishment of a hotline, doing some education,
some lab billing audits, and that was --
may have been about it.
We've come a long way since then in our
health care compliance.
At St. Joseph Health System is a Catholic ministry of the
Sisters of St. Joseph of Orange.
We've got about 24,000 employees.
We have 12 acute care facilities as well as other entities along
the continuum of care, such as hospice, home care,
a physician practice foundation model.
We serve about 138,000 inpatients each year,
over two million outpatients each year, and a number of
other patients as well.
The St. Joseph system has received for three years
Gallup's Great Workplace award which we're very proud of.
I'm going to start with an excerpt from my
compliance charter.
Now, this piece of the charter actually is not
my original work.
As a member of the Health Care Compliance Association,
I have an opportunity to network with a number of compliance
professionals to establish best practice, to share, and to
really figure out the -- some of the wonderful
things folks across the country are doing in
terms of compliance.
And this was borrowed from one of those
compliance professionals.
But for us at the St. Joseph Health System -- and this
charter, by the way, was approved by our
board and is integrated into the fabric of our organization --
for us, health care is -- it meets the needs of our
compliance program when it's delivered with the highest
quality of care; when it's document, coded, and billed
in a manner that's consistent with what was -- with the
services that were ordered and provided; that it's provided
to meet the best interests of our patients and their
families, free of any undue influence; that it respects
the rights and dignities of our patients and their families;
it's provided by appropriate and competent providers;
that's it's appropriately reimbursed by government
and other payers, including our self-payers; and that it
furthers the mission of the St. Joseph Health System in
its tax exempt purpose.
An effective compliance program requires both structural
elements as well as substantive elements.
Our focus on the structural elements includes focus on
the seven elements of an effective compliance program,
such as ensuring that we have an effective standard of conducts,
policies, high level oversight for our program, auditing,
monitoring, educational programs, training and
the other things, as well as ensuring that we have a
rigorous risk-assessment process.
The risk-assessment process helps us to evaluate the
adequacy of our controls, our auditing program
ensures that we can test those controls, and we establish
metrics to measure the effectiveness
of our program.
Along with those structural elements, we also have
substantive elements; that is, addressing those risks to which
we are most vulnerable.
That starts with a risk assessment which includes
an analysis of risks both internal and looking
external, looking at what's going on in law enforcement,
looking at CIAs, looking at guidance from the
government and others.
From our risk assessment, we can develop then our work plan:
those things -- addressing those things to which we are
most vulnerable, develop our audit and monitoring plan,
as well as our education plan.
You know, as a compliance officer, I am not responsible
for compliance in my organization.
Compliance responsibility really comes from a
collaboration with our board, management, and every employee
in the organization.
My job is to establish the framework to ensure that
that collaboration and the effective -- an effective
program can take place.
I think we can work together really effectively.
I think our program goals are actually very well aligned.
Things like the data sharing projects,
the comparative billing reports, PEPPER reports,
and other data sharing initiatives are
incredibly helpful to the provider community.
It allows us -- given the fact we can't compare as effectively
against our peer groups as you can, it really allows us to
establish -- recognize where we may need to focus efforts.
Round table discussions, summits like this,
and ultimately, what we want to do as compliance officers is
to replace your actions on the enforcement side
with our actions.
We want to earn your trust, but fully expect you to
verify that.
And finally, we've talked a lot about education here.
I think it's important to remember that education
imparts knowledge; it doesn't necessarily change behavior.
Changing behavior really requires a change in
culture in some organization, or culture is what
drives the behavior.
And I think CIAs and other settlements can actually
help drive organizational culture by requiring
things like score cards, metrics which are tied to management
incentives, to ensure an effective compliance
program, have a compliance officer on the board,
make sure metrics are reported regularly, have board standards
for evaluation of the program, mandatory board education,
and making sure that agenda is always on the board agenda.
Thank you so much.
I think my time is done.
[Peter Budetti] Thank you very much.
[Peter Budetti] Then Tammy Capretta
from the University of Southern California health care system.
[Tammy Capretta] Thank you.
And thank you for having me.
Let me just introduce the
University of Southern California health care
components to you.
We recently acquired from tenant [phonetic sp] two
hospitals and we have had in private practice since the
early '90s a very robust medical group consisting
of over 500 physicians that encompass almost every
specialty you can think of.
And when we came into private practice in this big way that
we did in the early '90s, it was about that time
that the word "compliant" and "compliant programs" were
being introduced.
And one of the first things that the University of
Southern California said is that we will build a compliance
program and I'd like to give our physicians the credit for
actually executing that.
They looked to the OIG, they looked to other
guiding documents, and it was under their guidance and their
funding that our first program evolved.
So, let me just take you -- Margaret mentioned effective
compliance program are essential elements,
but these are elements on a page, and the thing that was
very, very important to us, both when we branched into
private practice and when we bought our hospitals, is that
a compliance program would not be a shelf document.
It would be a living, breathing program that
was integrated into every aspect of the organization.
A compliance program, simply put, is a risk
management program, but if it is just a department that sits at
the end of the hallway, it will not be effective.
Talk a little bit about education.
I want to spend some time on that because education,
as far as we're concerned, is the cornerstone of an
effective program, and education is
not about a once-a-year slide deck, it's not about online
education programs.
It may be that, but it really is a running dialogue with your
providers to help them understand,
as has been referenced here already, the complex rules
that we face every day and try to comply with them.
To help us do that, we have to have policies and procedures
that are specific that help us guide our behaviors.
Risk-based monitoring: When that OIG plan
comes out, if the OIG is worrying about it,
we're worrying about it.
And we also look to things like our past error rates.
What -- again, what Margaret references.
What have we -- what have we not feel that we have not done
well in terms of coding and documentation in the past,
and certainly other types of risks that have come into the
compliance area beyond coding and documentation?
Auditing to us means that we look to an outside organization
to come in and look at the integrity of our program.
It's one thing to think that you're doing it well, but it's
another thing to have someone validate that what you are
doing, what you are studying in your monitoring is effective,
your education is effective, and we engage outside experts
to do that with us.
Governance: I think Spencer mentioned, you know,
tone from the top.
It can't be said often enough.
When we purchased our hospitals a year ago, the first board
meeting, the first action item was what is the compliance plan
going to be for the year and you will be back here in six
months to tell us how you're doing.
With that kind of support from a board, you can be very,
very effective.
We also -- our university is governed by a board of trustees
and our board of trustees receives a regular report
directly from the chief compliance officer as to
our self-monitoring and our activities and our findings.
Sanctions: I wanted to describe something we established early
on as a unique sanction, but basically, if you
can't, at the end of the day, deploy sanctions for bad
behavior, non-compliant behavior, it will be an
ineffective program.
Help and reporting: We established that
as one of the early elements of our program, but I'm really
proud to say that it's the help side of that line that gets
the most frequent calls.
We get OP reports that are sent to us where surgeons are
saying, "I have no clue.
"Please have somebody who's an expert at this teach us how to
code this."
Or new proposals, new rules, complex rules that are coming
out: Those help line calls come in and we work with our
constituency to make sure that they feel well informed.
Compliance education always, you know, it needs to be
begin -- you're interested, certainly,
in coding and documentation.
We spend a lot of time in education in this area.
We have multiple ways to deliver it, but the most
effective way that we deliver it is one on one.
So, post monitoring with the findings of that monitoring
activity, certified coders sit side by side with physicians
to help them, coach them into the proper -- and I'm going
to say this several times -- most importantly, I think
the thing that most providers need coaching on are the
evaluation and management codes.
We do a lot of education around privacy and the importance of
protecting our patients' privacy.
Ethics: Margaret mentioned ethics.
You know, certainly, we have a code of ethics, but how do you
bring that alive and how do you make sure that it's guiding
your business decisions and how are you supporting what you say
in your code of ethics with responses.
Quality, this is a new area that I think Inspector
General Levinson I think opened up this year certainly in his
remarks to HCCA, and that is quality is a part of
compliance and how are we integrating our activities
with those activities that determine the quality of
care that you are delivering in your institution.
Then conflict of interest: Certainly, research
universities have for a long time had a lot of concentrated
area -- effort in the area of conflict of interest in
research, but a new dialogue that has started is around
our relationships with industry.
What is appropriate?
What is inappropriate?
And that certainly has been education that I'll speak a
little bit about and has been very, very high on
our radar screen.
I like to call this "connecting the dots" because I think in
health care, we tend to work too often in silos.
When we started our compliance program, we also
started an integrated credentialing process.
I've heard Dr. Budetti mention credentialing and looking at
individuals when they come into the Medicare program.
We do that when individuals come into our medical group and
are seeking privileges to practice within
our environment.
So, we're doing primary source verification, we are checking
references, but at the same time, we are saying that
you have to be a member in good standing with
the compliance program.
So, before you start, you sign in at a station saying you've
looked at the policies, you understand that this
is a standard that we expect you to comply with, and that's to
get in the door.
To stay with us, you are reappointed every two years,
and in that process, you have to have shown sufficient ability to
understand how to document your records and that the results of
your monitoring indicated -- and we literally test according
to a common standardized test pattern with finding codes to
determine that someone understands how to
properly document a record, which eventually is going
to end up with bill to the Medicare program.
So, looking at quality now and how we can integrate; we feel
like we really accomplished that relationship between
compliance and credentialing.
How do we effectively move into the area of embracing quality
at the same time into a compliance program?
Now, certainly, those of us that are in health care,
we understand that we have the never events.
Those of us in California are vigilant about looking for
those things that need to be reported and reported
in a timely fashion.
Never events have to do with timely things like wrong site
surgery, wrong patient, retained foreign bodies:
things that never should happen to a patient when they're
under your care.
How do we report them, but more importantly,
how do we study the root cause of them and how do we respond
in terms of taking care of them?
Jim Sheehan has launched a term that we're looking at closely
called "worthless care."
And in terms of worthless care, what does that mean?
We certainly understand never events, but in the terms of
worthless care, what is the difference -- and this is
something we have to continue to define, I think,
between all of us -- between a bad outcome that could have
been expected from what the patient was about to approach
to really something that was below the standard of care.
And then in terms of quality improvement, how has compliance
integrated into quality committees so that they
can be a part of the examination of the quality
within the organization?
[Peter Budetti] We're going to have to leave it at that.
Thank you very much.
We've used up all of our time.
[Peter Budetti] We have -- we -- I do want to take just a couple of questions
even though we've used up all of our time.
I know there might be some strong interests, but I do want
to move on to introduce the inspector general.
Does anybody have any questions that you'd like to bring?
You did hear from the previous panel mentioned that I was very
interested in our beneficiary incentive award program,
and we will be looking into bringing that up to speed.
[Male Speaker] I am [unintelligible] from -- a provider
from [unintelligible].
One of -- you know, we are as physicians agree that there is
some fraud and we need to prevent that, but I think
it would help us a lot if the Medicare and CMS is more
transparent in what they want, because every few months,
every six months, things keep changing, and besides for us
to keep abreast of what is happening in the medical field,
we have to keep worrying about this compliance and regulations.
So, what I can ask and request is -- because talking to my
other colleagues, they all want to cooperate; they are happy
that government is looking into fraud.
They want to prevent it, but they also want to make
sure that they are not inadvertently contributing
to this fraud because they don't know.
Laws are being changed so fast, so often, so frequently,
and there's not much transparency there.
So, it should be made more simple for people to
understand, because they want to comply and that will help
the Medicare to stay solvent.
[Peter Budetti] I think that's a comment as much as a question and I have
to say that the message is received and well-received.
This is something that we fully understand: that compliance is
on both sides.
We have to have our policies and procedures not only clear,
but reasonable and appropriate, and we need to target what
we're doing to the problems that we're actually facing.
Law enforcement is for criminals and everything else that we're
doing in program integrity is for the real provider community,
so I think you're message is, as I said, both well made
and well taken.
[Female Speaker] It sounds like the -- I set the doctor up for my question,
but I didn't.
My question goes to the compliance officers and
physician on the panel.
What would your response be if you had more specificity from
the government about what constitutes an effective
compliance program?
Now, putting aside the one size doesn't fit all, but we spoke
about metrics earlier: If we had more general metrics coming
from the government that gave you guidance, more specificity
and guidance around what an effective compliance program
requires and some benefit that runs there from.
[Female Speaker] I would first like to dialogue about that because having
been in the organization and running a compliance program
as long as we have, we've had the opportunity to see what
works and what doesn't work.
So, I think before I would look to the government to give me
metrics, I would prefer that we open that as a robust
discussion roundtable.
[Margaret Hambleton] And I would agree with that.
I would be -- you know, having some opportunity to develop
a program that's consistent with our organizational culture,
with our mission and our values, I think is really important
and I would hate to see a program established just
to check off the box that I've got the government's --
that I'm satisfying the government's metrics
where I may be able to establish metrics that
are more meaningful for my organization.
[Male Speaker] I also think physicians know fraud when they see it
and I think this is a reason that we want to partner.
I think between all the specialty societies and
AMA and the other physician groups out there,
there's a huge opportunity for us to sit down with CMS and
talk about the things we think would make sense.
The health system reform bill does require that even small
physician offices will have to have
mandatory compliance plans.
So, I hope that as we roll this out, we can really sit down
together to talk about within different specialties and
within different venues and different sized offices what
makes the most sense to accomplish things without
creating too big of a burden.
[Peter Budetti] I think in this area, you'll find that you
will have that opportunity for that dialogue.
Join me in thanking our panel and I can move on now.
[Peter Budetti] It's now my pleasure to introduce our special guest,
the inspector general of the
Department of Human Health and Services, Dan Levinson.
Dan has headed the Office of Inspector General at the
U.S. Department of Health and Services since 2004 as
inspector general.
He serves as the chief audit and law enforcement executive
for the entire department.
He leads an office of more than 1,500 professionals dedicated
to fighting fraud, waste, and abuse in our
Health and Human Services programs,
including Medicare and Medicaid.
He is a close colleague and partner of ours at the
Centers for Medicare and Medicaid services in terms
of developing and implementing our programs to combat fraud,
and if you'll join with me in welcoming Dan Levinson,
the inspector general of the
Department of Human Health and Services.
[Daniel Levinson] Good job, as always.
Well done, well done.
Thank you, Peter, and good afternoon everyone.
I've been a part of the audience since the very
beginning of the day, so I know firsthand that we have heard
some very important and very useful information from a
variety of panelists this afternoon and this morning.
And on behalf of all of OIG, I want to thank the panelists
for providing the information and the views that are so
valuable, and of course, thank you for
being here today.
This is an incredibly important summit and having this kind of
turnout is just a very important marker for
how much more visible our health care fraud fight
has become recently.
Why has OIG been asked to close our main session for today?
I say "main" because there's going to be a breakout
session right after these remarks.
Why has OIG been asked to close?
Well, as most if not all of you in the audience know, our office
has as its core mission fighting health care fraud, waste,
and abuse.
That's what we're all about.
And we are in charge of policing very, very large programs.
It's useful as we end this session to be reminded that
nearly one out of every three Americans depends on either
the health care insurance or health care assistance programs
running through HHS: nearly one in three.
And we police a program to try to avoid and eliminate
fraudulent claims, illegal kickbacks,
or referrals.
It is a very large mission for very, very large programs and
we are, relatively speaking, a precious few in charge
of doing that.
Fortunately -- very fortunately -- we have very, very important
partners that are a very, very significant part of this
effort and they are well represented at this
summit today.
Who are our partners?
Let me just try to capture, and I doubt I'll be able to
do a truly comprehensive job, but let me capture the key
partners in our efforts.
And let me start internally, because I'm especially pleased
to say today that in our audience, we have
representatives from every one of the OIG offices
here in California.
In L.A. County, in San Francisco,
in Orange County, and in San Diego County:
representatives from all our OIG offices are here today,
and all of our components are here today.
OIG is an office of many important experts and
disciplines, including an Office of Audit Services,
an Office of Counsel, an Office of Investigations, an Office of
Inspections and Evaluation.
Each one of these components plays a very important part
in ensuring to the maximum extent possible the integrity
of Medicare and of Medicaid.
We really emphasize within our own office the importance of
collaboration, of working across our various
disciplines represented by these components.
And we take that sense of collaboration externally.
And who are those partners?
Well, you've heard from many of them today.
Those partners certainly include our partners
within the department itself, the Centers for Medicare and
Medicaid Services, the Administration on Aging,
the General Counsel's Office.
All are very, very important partners with us.
And cross the Mall: the Department of Justice;
the Criminal Division; the Civil Division; the FBI; nation-wide,
the 94 Untied States attorney's offices: all very,
very important law enforcement partners.
Our sister inspector general offices in the executive
branch of the federal government,
the Department of Defense OIG for TRICARE,
the Office of Personnel Management OIG for the FEHBP,
the Social Security Administration OIG,
the U.S. Postal Service OIG: All are important law
enforcement partners with us.
Here, especially in California, at the state level,
at the county level, and at the city level -- well represented
on our panels and in our audience today --
are our state and local partners' integral in
the effort to keep these very important programs clean.
Beyond that, GAO at the federal level: I don't want to exclude
the Government Accountability Office that is our partner as
well in making sure that our program evaluation is done as
comprehensibly as possible for the benefit both of the
executive branch policy makers and for the Congress.
And in the private sector, in the not for profit sector,
certainly our health care suppliers, our health care
providers, our private insurance industry:
All are important partners.
Perhaps the most important partner -- and we've heard
about this today -- are the beneficiaries.
We do rely upon our beneficiaries to let
us know when the numbers don't add up.
We have a very robust hotline and we do depend upon that as
a very important source of critical leads.
So, we really have a very comprehensive set of partners
and it's so important that we do that for the reasons, again,
that have been, over the course of the last few hours,
certainly alluded to.
The fact of the matter is there is a lot of money that flows
through these programs, and that money needs to
be focused, targeted for quality goods, quality services,
maintaining professional standards of care.
From a taxpayer perspective, we certainly can't afford
sub-standard care or no care, and certainly, our seniors
and our disadvantaged deserve better.
So, we certainly have very important reasons to work
both within our own offices and together.
And I say we have as our core mission fighting health care
fraud, waste, and abuse; I know that for many
of you, that is not necessarily your core mission.
It is an important part of what you do, but you presumably have
other duties and responsibilities
as well.
And I think it's terribly important that you've come out,
you've shared this day, and that we've been able
to begin in some cases and continue in others the
importance of figuring out better how we can get what
we need done as best we can so that the great majority of
health care suppliers, the great majority of
health care providers can actually do the important
work on behalf of the nation's beneficiaries that they do
everyday honestly and very, very effectively.
I really can't add too much in terms of the substance,
I think, at least for today's sessions, but what I do want to
try to capture as a final note from an OIG perspective to
today's session is how we try to capture what this field for
us is all about and we do that through an acronym that we
named EPCOR: E-P-C-O-R.
The "E" stands for enrollment, the "P" stands for payment,
the "C" stands for compliance, the "O" stands for oversight,
and the "R" stands for response.
It's an easy acronym for me and I love it.
And let me give you a brief explanation of what it all
means and none of this should come as a surprise to you.
"E" is for enrollment standards.
Historically, too relaxed; for the future,
much more rigorous.
A need to ensure that filter out those who are masquerading
as health care providers before they actually get a number.
We need to get rid of a lot of the fraud that shouldn't have
occurred just by virtue of not having a certain cohort of
people in the program to begin with.
So, "E", enrollment standards: very, very important.
"P" -- payment methodologies.
Very important going forward to ensure that we align pricing in
Medicare and Medicaid to reflect, as much as
practicable, market prices.
Again, these programs are big and they can be expensive,
and we need to make sure that the government gets their
money's worth; beneficiaries are well-served.
The nation can't afford to overpay for those things
that are either overpriced or that simply are not delivered.
"C" for compliance.
Compliance is a very important part of what we're all about
because we know that in many, many parts of our Medicare
and Medicaid Program, there are complexities.
There are issues that need to be understood and worked
through by you and your colleagues.
And indeed, we have what I think is a world-class website,
if I have to say so myself, that you can get at oig.hss.gov
that includes a wealth of valuable material on how
to actually work compliance programs effectively,
regardless of your corner of the health care field.
We have compliance programs guidance going back in some
cases a number of years, but still all very current
and timely that can be of tremendous assistance in
your being able to ensure that your practices and your
industries are conforming to the program requirements.
The "O" is for oversight, to be able to get data in a timely
way, quality data, to understand it,
and to act on it accordingly.
We need to do a better job when it comes to being able to
understand that data, and thankfully, with increased
resources and with enhanced expertise, we're in a much
better position to do the kind of quality data work that is
really very, very important to do to make these
programs work effectively.
The "R" is for response, and maybe you've heard
as much about the "R" as you have anything today.
And again, I thank all of our law enforcement partners for
showing how our response can be quick, it can result in
multi-million and sometimes over $1 billion returns
to the Treasury.
This is serious money no matter how you slice or dice it,
and it is because we have such an effective collaboration.
And I think that is the word that is always important to
leave with you and that is that these systems are large,
these programs are very big, very important,
and do require the kind of partnership that, from an OIG
perspective, we are working very, very hard to encourage,
to really flower in all parts of what we do because that is
really the key to being able to get a better handle on
eliminating health care fraud, waste, and abuse.
The challenges are great going forward, but with your help,
with the help of those in the room, they will be met.
Thank you so much for being such an important part of
today's event, and I'll turn matters back over
to Peter so he can provide instruction
on the next session.
Thank you.
[Peter Budetti] Well, we've had a full and I think a very educational
and interesting session, but wait; there's more.
For those of you who are participating in the
provider panel -- which is closed to the press --
and the provider breakout session, it is just
outside these doors to the left in the Cambonito [phonetic sp]
room and we will meet there and go for about an hour.
We have some additional guests there and we'll have a chance
to be much more interactive and have some questions
and answers as well.
So, I thank all of you very much for attending.
I think we -- I very much appreciate your
participation with us and look forward to learning from this
session very extensively.
Thanks again, everyone.