For years, the government employed traditional methods of combating fraud, waste and abuse. Regulation of Medicaid involved issuing payment to providers for patient services, then later chasing down recoveries on payments deemed improper. On average, this method recovered only 17 percent of improperly billed funds. Slight adjustments to these efforts occurred over time, including the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996. HIPAA aimed to combat fraudulent business practices under the traditional fee-for-service healthcare system. Due to numerous revisions, exceptions and interpretations, however, HIPAA has grown convoluted and ineffective.
The Patient Protection and Affordable Care Act (ACA) included provisions to enhance anti-fraud efforts, and $350 million in additional funding was provided to support the hiring of new personnel. Broad authority was granted to the Office of Inspector General (OIG) to impose stronger civil monetary penalties alongside increased federal sentencing guidelines for crimes involving more than $1 million in losses. The ACA also expanded data sharing between government agencies to incorporate information from all federally supported healthcare programs. Further alignment of federal, state and local law enforcement resulted in the creation of the Medicare Fraud Strike Force and the Health Care Fraud Prevention and Enforcement Action Team through a partnership between Health and Human Services and the Department of Justice.
The Department of Justice (DOJ) was able to recover more than $3 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending Sept. 30, 20191. Congress strengthened the False Claims Act in 1986, and since, recoveries total more than $62 billion. Heightened focus on exposing erroneous healthcare billing practices and recovering unjustly received funds has also fueled the rise of the whistleblower (an individual who uncovers and reports fraud, waste and abuse). Government agencies provide legal assistance to support whistleblowers, who receive rewards of up to 30 percent of the government’s recovery as an incentive.
The “newest” normal is the enforcement landscape relating to fraud, waste and abuse resulting from the massive disbursement of stimulus funds via the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The $2 trillion in economic stimulus released by the federal government included $130 billion for the medical and hospital industries. Those dollars were distributed with oversight: Section 4108 of the CARES Act established a Special Inspector General, who is expected to pursue FCA cases aggressively with far-reaching subpoena powers. Enforcement of fraud related to CARES Act funds is expected to be similar to the investigative efforts that followed the 2008 Troubled Asset Recovery Program (TARP) stimulus package, which resulted in $11 billion in recoveries2.
What this means for customers
The “newest” normal of payment compliance means responding to and resolving enhanced regulatory investigations, which can be costly and time consuming. While announced settlements contain flashy headlines describing large recoveries, they typically do not detail
the additional costs incurred by providers, such as legal defense costs, fines and penalties. Healthcare organizations regularly evaluate the need for additional spend to remain compliant with billing and contracting regulations. This
can include investments in additional personnel, software, and external legal and consulting services. Best-in-class healthcare organizations have been developing their compliance systems and cultures in conjunction with
The Seven Fundamental Elements of an Effective Compliance Program, published by the Office of Inspector General (OIG)3. The OIG’s articulation of compliance culture has inspired increased utilization of outside consultants and legal advisors, as well as new investments in staffing and technology.
Healthcare organizations should consider adding insurance to their plans to manage compliance risk. While regulatory coverage has been available in the market for several years, the majority of healthcare entities do not purchase specialized regulatory coverage. Although D&O policies often contain sub-limits for regulatory claims, coverage
is often limited to defense costs for FCA violations. Additionally, the limited scope of D&O coverage may
not be enough to mitigate the balance sheet impact of a governmental investigation. Most dedicated regulatory policies cover fines, penalties and claims arising from violations of the STARK Act and anti-kickback statutes. Captives have also become popular for transferring a wide range of insurable risk, but so far have not extended to costs for a response to regulatory investigations.
What this means for insurers
Insurers are responding to their healthcare clients’ needs by developing products to transfer risk. It is a small, nascent market, so insurers need to exercise underwriting discipline in several ways, including:
Evaluating policies and procedures and compliance culture
Reviewing outside legal- and compliance-focused consultants
Continually educating themselves in areas of enforcement articulated by the Department of Justice and the Office of Inspector General
Understanding increased exposures from acquisitions and assumed legacy operations
From an underwriting perspective, the rating of healthcare regulatory risk starts with a review of the organization’s revenues and the sources thereof—the “payor mix.” Organizations with a higher percentage of government revenues (Medicare and Medicaid) are under heightened scrutiny. Insurers then look at the operating venue, historical settlements and the mechanisms in place to respond to future investigations. Continued dialogue between insurers and healthcare operators on the topic of compliance is integral to the development of the market for regulatory risk.