Vulnerabilities in Government Healthcare Programs
Medicare and Medicaid Management: A Guide to Protect Against Fraud
In 1965, President Lyndon B. Johnson created the federally funded, health-related Medicare and Medicaid programs to aid vulnerable U.S. citizens. These programs are now the largest payers of inpatient hospital services, mental health services, long-term care services, and births.
While both are federally funded, health-related programs overseen by the Centers for Medicare and Medicaid Services (CMS), they are intended for separate vulnerable groups. Medicaid is a social welfare program designed to meet the needs of low-income individuals with limited resources while Medicare is a social insurance program that funds hospitals and medical care for older or disabled citizens.
Both programs are widely utilized in the United States and billions of dollars are spent through these programs. Data shows that as of November 2019, over 64.5 million people were served by Medicaid with estimated costs approximating $600 billion. Medicare saw even more spending with payments over $750.2 billion and averages close to 7% growth every year.
How Are Funds Distributed for Medicaid and Medicare?
Neither Medicaid nor Medicare distribute to individuals. Instead, each pays healthcare providers or facilities. Medicaid is administered by state governments, but most follow national guidelines. Policymakers, healthcare providers, and insurers continue to debate the best payment and delivery systems to tackle rising costs, inefficiencies, and increasing fraud.
Medicaid payments are made through states according to a fee-for-service agreement or through prepayment arrangements such as health maintenance organizations (HMOs). The federal government will then reimburse each state for a percentage share of their expenditures. The percentage share, known as the Federal Medical Assistance Percentage (FMAP) changes each year according to the state’s average per capita income level. Reimbursements in 2020 ranged from 50% to 77% relative to a state’s per capita income.
Medicare has taken a lead in testing a variety of new models that include financial incentives for providers to work together to lower spending and improve care for patients in traditional Medicare. However, funds are currently distributed directly to health care providers and suppliers who must send their claims to Medicare.
The Centers for Medicare and Medicaid Services (CMS) sets reimbursement rates for Medicare providers and generally pays them according to approved guidelines such as the CMS Physician Fee Schedule. There are some exceptions to this and there may be occasions that individuals have to file for reimbursement. The Medicare supplier directory should be referenced for guidance.
Straw Owners and How to Detect Healthcare Fraud
As the largest provider of many health services in the U.S. Medicaid and Medicare are highly susceptible to fraudulent and abusive activities costing taxpayers billions of dollars a year. Fraudulent tactics to exploit Medicare and Medicaid are numerous but one common tactic is operating through straw owners or straw entities that mask the identity of the real owners, many of whom are often excluded from working in government-funded healthcare programs due to abuse or neglect.
A “straw owner,” reminiscent of a strawman or scarecrow, is used as a front for a person who owns a business on someone else’s behalf. By portraying legal ownership of the property or business, the actual business owner is essentially left off the books to keep the actual owner hidden. Straw owners create a false medical office, clinic, or supply company to hide behind since they may have a criminal record or be excluded from federally funded healthcare programs due to healthcare fraud, waste, or abuse. These excluded individuals may pay providers or entities to serve as the straw owner to continue receiving federal funds.
How to Detect and Prevent Fraudulent Activity
In order to detect these straw arrangements or prevent your organization from doing business with an excluded provider, it is critical that the following information is verified including, but not limited to:
- National Provider Identifier (NPI)
- Legal name on file with the Social Security Administration for individuals or the legal business name on file with the Internal Revenue Service (IRS)
- Date of birth and social security number of individuals
- Tax Identification Number or Employer Identification Number for corporations
- Schooling and professional license information
- Drug Enforcement Agency (DEA) numbers
- Information about adverse actions (including criminal, civil, or administrative)
- Business structure and organization
There are millions of examples of excluded healthcare providers hiding behind straw owners or in a straw arrangement who are defrauding the federal government. Consequences of doing so or not reporting such relationships include steep fees as well as the possibility of being barred from receiving federal payments, and potentially jail time.
An example of straw ownership healthcare fraud out of Fort Worth, Texas came out of a home health care straw arrangement. Three individuals were found guilty for their roles in defrauding the federal government out of $40 million. According to evidence presented in the trial, three companies appeared to be set up as separate entities but worked as one, the same employees being paid by all three companies. Regardless of who actually performed the service, one Medicare provider submitted for billing as the straw owner. This was done at an alarming rate with a prolonged service code, which allowed for higher billing. For their $40 million in defrauding government-funded healthcare programs, each provider was charged $4 million in restitution and some were additionally sentenced to jail time.
5 Steps to Mitigate Healthcare Fraud
Straw ownerships, as well as other healthcare fraud tactics, can have serious implications and consequences for affiliated organizations that can result in severe fines, penalties, and suspension in funding. In order to prevent and deter healthcare fraud and coordinate program integrity, CMS formed the Center for Program Integrity (CPI) in 2010. The centralized approach to these expansive programs has enabled CMS to pursue a more strategic and coordinated set of anti-fraud policies, as well as improve collaboration of anti-fraud initiatives with law enforcement partners including the HHS Office of Inspector General (OIG), the Department of Justice (DOJ), and State Medicaid Fraud Control Units.
The frequency of these fraudulent activities is only expected to grow as the Baby Boomer generation ages. Medicare prescription-drug spending is also a growing concern, with the Medicare Trustees projecting a comparatively higher per capita growth rate for Part D in the coming years than in the program’s earlier years due to higher costs associated with expensive specialty drugs.
In order to protect your organization from increasing vulnerabilities, here are five steps that can be taken with CMS to help minimize healthcare fraud:
- Create a rigorous screening process for providers and suppliers enrolling in Medicare or Medicaid
- Authorize CMS to temporarily stop enrollment of new providers and suppliers
- Authorize CMS to temporarily stop payments to providers and suppliers in cases of suspected fraud
- Incorporate updated technologies
- Utilize extensive data sets to fight fraud
FACIS by Verisys
In order to protect your organization screening and verifying individual and entity credentials through extensive databases is critical. FACIS® (Fraud Abuse Control Information System) is a Verisys owned and maintained data platform consisting of primary source content from federal and state sources for exclusions, sanctions, debarments, and disciplinary actions against healthcare professionals and businesses for all published license types and publishing jurisdictions. FACIS is the most comprehensive data set for screening and monitoring health care providers to ensure compliance and protect against financial and reputational risk. By verifying the provider’s or entity’s credentials in real-time, your organization can operate in full compliance with Medicaid and Medicare programs.
|Written by Juliette Willard
Healthcare Communications Specialist
Being creative is my passion! Writer. Painter. Problem Solver. Optimist.
Connect with Juliette on LinkedIn