In August 2023, the Office of Inspector General for the Department of Health and Human Services (OIG) announced a new strategic plan to investigate the life cycle of Medicare Advantage and Medicaid managed care contracts from inception through enrollment, reimbursement, services, and renewal. OIG's plan is intended to address fraud, waste, and abuse risk, with a stated goal of holding Medicare Advantage organizations (MAOs) and Medicaid managed care organizations (MCOs) accountable. While scrutinizing MAO and MCO contracts on the one hand, OIG intends to partner with MAOs and MCOs on the other hand to address health fraud schemes that harm both the government and private insurers. OIG's strategic plan will usher in a new wave of managed care audits for which MAO and MCO audit response teams should prepare, and may foreshadow audits for entities outside of managed care whose contracts fall within OIG's purview.

Contracting, Enrollment, Payment, and Provision of Services

To oversee the federal government's nearly $700 billion 2022 spending on managed care programs—which cover more than half of Medicare enrollees and more than 80% of Medicaid enrollees—OIG has outlined four phases of managed care that it intends to investigate: (1) plan establishment and contracting, (2) enrollment, (3) payment, and (4) provision of services. Each phase, according to OIG, presents unique risks and vulnerabilities, which Carolyn Kapustij, senior advisor for managed care in the OIG Office of Audit Services, elaborated on in a September 2023 interview.^[1]

In the first phase, OIG intends to review activities that occur when the Centers for Medicare & Medicaid Services (CMS) or states initially establish or renew managed care contracts. In Medicare Advantage, CMS contracts with MAOs that provide healthcare coverage to enrollees in exchange for monthly capitated payments from CMS. Those monthly payments are meant to approximate the expected cost of healthcare in the applicable plan year according to each enrollee's "risk score," which is based on the enrollee's demographics and health conditions. CMS generally reimburses MAOs at a higher rate for insuring members with higher risk scores. In Medicaid, states contract with MCOs to make services available to Medicaid enrollees. In its contract review phase, OIG will evaluate whether MAOs and MCOs are providing the government with accurate information, including in their bids, and abiding by the contract terms for their plan design, service offerings, and coverage area.

In the second phase, OIG will review enrollment processes—specifically focusing on potentially aggressive marketing campaigns and inaccurate information collection. On the marketing front, OIG will review whether Medicare Advantage plans are disseminating misleading or incorrect information to encourage enrollment. On the information collection front, OIG recognizes that transmitting inaccurate eligibility and demographic information during enrollment risks incorrect payments in the future.

In the third phase, OIG will track CMS and state payments to plans, as well as plan payments to providers, with an eye on risk adjustment. OIG is concerned that plans receiving risk-adjusted payments (and, presumably, providers in risk-sharing arrangements with plans) may be incentivized to make enrollees appear sicker than they are to receive higher government reimbursement. OIG appears intent on studying payments from plans to providers even where they do not pose direct financial risk to the government because, according to OIG, there remains risk that, absent correction, potentially improper costs eventually might pass to Medicare and Medicaid in future years. OIG pledges to continue investigating providers that pose fraud risk in one program—e.g., fee-for-service Medicare and Medicaid—across other programs in which they render services (e.g., Medicare Advantage).

In the fourth phase, OIG will investigate enrollees' access to quality health services, with an eye toward different payment models that trigger different incentives among managed care plans. As an example, OIG raises a concern that plans with capitated risk-adjusted payment models may erect barriers to care to reduce plan medical costs. OIG acknowledges that program safeguards exist to curb such behaviors—like medical loss ratios, which require at least 80% or 85% of premium dollars be spent on medical care (or else private insurers must issue rebates)—but notes that risks remain, warranting additional oversight. In analyzing access to services, OIG will focus on provider network adequacy, ineligible or untrustworthy providers, coverage determinations, care that meets clinical guidelines, and fraud schemes that cross multiple plans and/or federal healthcare programs.

OIG Oversight Goals

OIG hopes that its oversight plan will achieve three core goals: (1) promote access to safe, effective, and equitable healthcare, including mental health services; (2) enhance payment accuracy and fraud prevention through comprehensive financial oversight of payments to Medicare Advantage and Medicaid plans; and (3) improve data accuracy and encourage data-driven decisions through timely and accurate data collection and reporting. Showcasing that its strategic plan already is under way, OIG notes its prior work in each area.

Access to Quality Care

OIG found that certain Medicaid MCOs denied one out of every eight requests for prior authorization, and states had limited oversight over MCO prior authorization denials. In an April 2022 Medicare Advantage audit report, OIG determined that of the 250 prior authorization requests across several Medicare Advantage plans that it reviewed, 13% were denied for services that met Medicare coverage rules (that is, would have been covered under traditional Medicare). In addition to OIG's efforts, OIG senior advisor Kapustii noted in her September 2023 interview that CMS issued a final rule to streamline the prior authorization process in Medicare Advantage,^[2] and Congress has been proposing legislation aimed at reducing prior authorization delays and denials across managed care.^[3]

Payment Accuracy and Fraud Prevention

In Medicare Advantage, OIG notes that it has conducted audits of health plans to validate risk-adjusted payments made by CMS—as of August 2023, OIG has classified as potential "overpayments" approximately $377 million. As OIG's Kapustii explained, one focus of these audits was on so-called high-risk diagnoses that are "especially prone for error," with OIG finding "across the board" that 69% of such diagnoses lacked sufficient medical record substantiation. OIG also has examined the use of chart reviews and health risk assessments, where certain diagnoses were submitted from chart reviews and health risk assessments without corresponding care services related to those conditions. For OIG's Kapustii, this finding raises concerns around what health plans may be "doing to provide services for these beneficiaries." In Medicaid, OIG has evaluated the oversight and integrity of managed care plans' reported medical loss ratios to determine whether managed care plans are directing appropriate funding toward patient care.

Data Accuracy and Data-Driven Decisions

OIG emphasizes the importance of complete, accurate, and timely data for payment integrity and healthcare quality, noting that analyzing complete, near-real-time data illuminates emerging risks. In Medicare Advantage, OIG has flagged the lack of provider identifiers in Medicare Advantage encounter data as a barrier to providing robust oversight. In Medicaid, OIG audits of Medicaid enrollment data found that states made approximately $1 billion per year in questionable payments for concurrent enrollment in two different states or in two different MCOs and issued more than $170 million in payments after enrollees' deaths.

Implications

OIG's strategic plan signals more audits for the Medicare Advantage, traditional Medicare, and Medicaid managed care plan community. OIG acknowledges its own resource constraints in executing this plan, with Kapustii stating that while the strategic plan is a "priority," OIG is "still working through" how to deploy its resources, because its budget "only get[s] two cents to oversee every $100 that are spent on HHS programs." As a result, OIG may seek to streamline its audit processes through virtual or shorter audits, which could risk quicker adverse findings. Accordingly, vetting current compliance infrastructure around the issues in OIG's strategic plan, developing an audit readiness checklist, evaluating documentation availability, and advising key stakeholders of OIG's latest focus areas may at least smooth the path for those managed care plans whose contracts OIG selects for review. And this new spate of audits may be an instructive foreshadowing to government contractors outside of managed care.

[1] See Federal News Network, The Health and Human Services inspector general takes on a $400B program, Sept. 19, 2023, available at https://federalnewsnetwork.com/agency-oversight/2023/09/the-health-and-human-services-inspector-general-takes-on-a-400b-program/.

[2] See Medicare Program; Contract Year 2024 Policy and Technical Changes to the Medicare Advantage Program, Medicare Prescription Drug Benefit Program, Medicare Cost Plan Program, and Programs of All-Inclusive Care for the Elderly, 88 Fed. Reg. 22120 (pub. Apr. 12, 2023; eff. June 5, 2023).

[3] See Kerry Dooley Young, Prior Authorization Reform Bill Advances in Congress, but Conflict Looms, Medscape (Aug. 3, 2023), available at https://www.medscape.com/viewarticle/995133.