2011
Before the Fact Prevention of Certain Medical
Insurance Fraud and Loss
A Pilot
Medicare Durable Medical Equipment...
Contents
Background ........................................................................................................
Background
The Medicare DME Program has historically been the victim of significant fraud and
abuse. GAO and HHS Inspect...
would be simpler to manage. The data communications between Castlestone, NGS DME
processing and NGS Part A/B processing w...
Methodology
Original Design
Much of the fraud and abuse in the DME program originates from ‘storefront’ locations
who s...
provider office swipe, the DME location swipe and the claim would be matched for
consistency.
Actual Implementation
Bec...
Summary of Findings
Implementation and ability to scale
The implementation of the system was simple and straightforward,...
System Usability
Providers and suppliers were able to use the system immediately. There were no
technical issues with th...
used for another. The IRS reports 400,000 returns every year where the identity of the
individual has been stolen, as hav...
This “Lo-Lo” matrix uses the low end of the cost range ($750 per PMD claim) and low
end of the fraud estimate (7.5%) with...
Afterword
Since the initial draft of this Summary, the largest fraud ever perpetrated against the
Medicare program was r...
Castlestone VisitEye Presentations and Reports –
Title Link
Fraud Prevention for Health Insurers http://slidesha.re/1pCG...
of 12

Prevention of doctor shopping

Summary description of an existing system that prevents doctor shopping. Patient prescription patterns are checked for the doctor before writing a new prescription. For the pharmacist, the claim is matched against valid prescriptions, and the filling of similar prescriptions are checked before drugs are dispensed.
Published on: Mar 4, 2016
Published in: Healthcare      Health & Medicine      Business      
Source: www.slideshare.net


Transcripts - Prevention of doctor shopping

  • 1. 2011 Before the Fact Prevention of Certain Medical Insurance Fraud and Loss A Pilot Medicare Durable Medical Equipment CMS and National Government Services (WellPoint) Jeffrey Leston CastleStone Advisors, LLC www.castlestone-llc.com
  • 2. Contents Background ....................................................................................................... 2 Technical and Functional Objectives ........................................................................ 3 Methodology ...................................................................................................... 4 Original Design ................................................................................................ 4 Actual Implementation ...................................................................................... 5 Project Operation ............................................................................................ 5 Summary of Findings ............................................................................................ 6 Implementation and ability to scale ...................................................................... 6 Provider Verification ......................................................................................... 6 System Usability .............................................................................................. 7 Design Specifications of Matching ......................................................................... 7 Protection of Physician Identity............................................................................ 7 Protection of Patient Identity .............................................................................. 7 Economics ......................................................................................................... 8 Afterword ....................................................................................................... 10 Castlestone VisitEye Presentations and Reports – ....................................................... 11 1 | P a g e Confidential to Castlestone Advisors LLC
  • 3. Background The Medicare DME Program has historically been the victim of significant fraud and abuse. GAO and HHS Inspector General reports, as well as HEAT arrests, pointed out the establishment of ‘storefront’ DME suppliers that used stolen physician identities and stolen beneficiary identities to bill Medicare for high value products never ordered or never delivered. There are also documented cases of known and established suppliers submitting claims using stolen or purchased physicians and beneficiary identities. Another impediment in spotting fraud and abuse in the DME and Part D programs is the processing infrastructure for Medicare claims. The claim for the Part B in-office visit to justify an order for DME is processed by a different contractor than the DME claim. There is little information sharing, and the DME claim contractor is forced to rely on the coding of the claim; they otherwise have no way to verify that a provider actually wrote the order. In addition, many DME items can be ordered by mail from suppliers out of jurisdiction. In Part D, the office visit where the prescription is written is processed by a Part A/B contractor, and the actual prescription, requiring the doctor’s order, is processed by the beneficiary plan of choice. The OIG highlighted this problem in a report in 2011, stating that at least 375,000 part D prescriptions were paid for without a proper physician ID. These types of fraud listed above arise from the improper use of physician identities or NPIs. Preventing the misuse of the physician ID, and verifying that the order actually emanates from the physician office, were objectives of the pilot. Recent press has also focused on the theft of Social Security numbers, used both for Medicare claim processing as well as tax filing. . Stolen Medicare IDs (SSNs) have been used to file fraudulent tax returns as well. It is likely that the potential impact of stolen identities on Medicare has been understated, since the identities on their known compromised list have to date only come from CMS-initiated actions and audits. The IRS has their own list of compromised identities, and at the initiation of Castlestone, the agencies are now communicating about this common problem. Testing another identification that is recognized at all locations to protect the identity, like a credit card number with no financial or Personal Health Information, is an original objective of the pilot as well. In addition to a focus on reducing fraud and abuse in the DME program, CMS concentrated on screening providers to eliminate bad actors from getting into the system. Integral to this effort is the inclusion of third party information to validate data from providers, CMS and contractors. The location selected for the pilot was in Indiana because it was deemed that since National Government Services was both the Part A/B Administrative Contractor, and the DME claims contractor, and since the pilot required communications with both groups it 2 | P a g e Confidential to Castlestone Advisors LLC
  • 4. would be simpler to manage. The data communications between Castlestone, NGS DME processing and NGS Part A/B processing would be representative of separate contractors for those services. Technical and Functional Objectives The objectives of the proof of concept were: • Identify and prevent storefront operations from billing CMS for high value durable Medical Equipment. Additionally, test the use of financial network information and other outside data sources in provider screening and verification processes • Assist physicians in protecting their identities, as pointed out in Dr. Budetti’s recent article in the Journal of the American Medical Association • Test the ability to use an alternate beneficiary ID for beneficiaries • Test the ability to use the financial networks for secure communication of healthcare transactions • Test the ability to verify transactions from provider offices as a form of prior authorization, in an environment with multiple contractors processing related claims. • Test the ease of use for provider offices to use the existing swipe terminal The pilot was not structured to quantify savings from reductions in fraud and abuse. Because of voluntary participation, no financial measures such as withholding payment, as would be implemented under ACA, and no reimbursement code for participating, as there often is in other pilots. It is also unlikely that perpetrators would commit to working with the project. However, because of the certainty of verified information received from the card networks, and the known types of fraud and abuse in the program, we can forecast with a level of confidence what the Return on Investment would be if the project were mandatory and scaled to include known fraud hotspots. We also found that physicians’ offices tend to participate in projects or procedures that are either mandatory or reimbursed. 3 | P a g e Confidential to Castlestone Advisors LLC
  • 5. Methodology Original Design Much of the fraud and abuse in the DME program originates from ‘storefront’ locations who steal IDs and submit claims. If the claim meets the proper formats, it is likely to have been paid. This and other frauds are possible because there had been no way to verify that the beneficiary was ever in the provider office (also a source of fraud for Part B claims) or that the physician who’s NPI appears on the claim actually ordered the DME. The original design of the system incorporated the swipe of a beneficiary card in the provider office swipe terminal to verify that the beneficiary was in the office and the provider did write an order for Durable Medical Equipment. This would also verify the Part B claim and meet the requirements of the Affordable Care Act and other pending and proposed legislation. It would also test the use of a magnetic stripe card for replacement of the current beneficiary cards. CMS, like other insurers, must eliminate the Social Security on the face of the card as well as eliminating it as the identifier in processing systems, to reduce identity theft. Providers are issued a card also which would protect the use of their NPI (National Provider Identification.) The provider swipes the card in the terminal in their place of business to register the swipe terminal in the data base. The computer “signature” of the swipe terminal, the process required to obtain one (verification of bank account and other incorporation information) and the information on location and ownership-transmitted during swipes with a complete data set available during monthly network reconciliation- enhance the provider screening process, as well as verifying that a transaction initiated in that provider’s office. This would eliminate a major cause of fraud. In the original design, a DME transaction would be entered on the swipe terminal by means of a code, which can be done using the Castlestone technology. The combination of 1) the beneficiary card being swiped, 2) the provider card being swiped at 3) the verified location where that physician practices, gives us a high level of certainty that the beneficiary was in the office when the [Part B] claim stipulates, and the provider wrote an order for DME for that beneficiary on that date from that office. Those data, the provider name and NPI and the date of service, must accompany the DME claim from the DME supplier in their claim as well. The DME suppliers were also provided with a card, which they would swipe to register their credit card device. Those who did not have physical swipe terminals, but entered credit card information on a browser, could still use the system. They entered complementary information about the beneficiary HICN. The information from the 4 | P a g e Confidential to Castlestone Advisors LLC
  • 6. provider office swipe, the DME location swipe and the claim would be matched for consistency. Actual Implementation Because of the controversy or pending decisions on various types of beneficiary cards, the use of the beneficiary card was eliminated. Castlestone’s system was re-engineered to capture the transaction at the provider office with a provider card only. The provider office then entered the last 4 digits of the beneficiary’s HICN. This re-engineering process also proved the flexibility of the Castlestone technology in using the card networks, handling multiple swipes for a single transaction, and redesigning transactions for a specific purpose. The re-engineering process was completed in one week. It also made the transaction more cumbersome than the original card swipe, and required that the provider card and the supplier card be present in order to initiate a transaction. This was problematic in locations like retail pharmacies that also supply Durable Medical Equipment. It would not have been necessary with a beneficiary card. In the pilot, participation was voluntary. Unlike the design of pilots such as the DME preauthorization pilot, there is no reimbursement code available for physicians to bill for their participation. There was also no withholding of payment if transactions did not match. Project Operation All technology infrastructures between NGS and Castlestone was agreed upon, coded, tested and implemented in less than 60 days. The interfaces between Castlestone and NGS were limited, and Castlestone and NGS added further protections to provider and beneficiary identities by creating an alternate reference; Castlestone held no HICN/SSNs or NPIs in its systems at any time. This proves that the Castlestone architecture can be implemented quickly and cost effectively with various Medicare claims contractors, many of whom use common systems. The data base of locations and swipe terminals was built from the initial registration of the provider and supplier cards from IVR activation and a swipe and entry of a registration code. When a beneficiary was to receive DME, the physician card would be swiped and the last 4 digits of the HICN entered. The order would go to the DME supplier, who would enter the same information into their system. 5 | P a g e Confidential to Castlestone Advisors LLC
  • 7. Summary of Findings Implementation and ability to scale The implementation of the system was simple and straightforward, and accomplished in 60 days. The system can be scaled to support the DME program nationally with no software changes, and only minor changes to accommodate a beneficiary card. The connections to any Medicare Administrative Contractor were proven to be simple to implement and secure. Risks/Issues The largest risk to large scale implementation is the addresses of the providers. Since much of the communication between CMS, contractors and providers has become electronic, the maintenance of physical address locations has lagged. In the distribution of cards to providers, approximately 15% of the addresses were not current. During the project, following the discovery of this gap, we proposed and have implemented matching the address from the swipe networks to the address on file with CMS and its contractors. PECOS and other initiatives should help reduce the risk and improve accuracy, when combined with the swipe and telephone network data Castlestone proposed. A mailing prior to the mailing of the provider cards would also reduce the scope of this issue. Provider Verification The system was able to match information from the swipe terminal to provider information, including name and address. This provides another level of provider verification. This technology and third-party verification of terminal user or owner, their street address and their banking relationship has demonstrated that it can and should be part of CMS’s provider screening process. Risks/Issues In certain situation the swipe terminal was listed under the name of the billing company for the practice. This information can be matched against PECOS information, but required a manual intervention to correct. We believe that this can be corrected automatically with access to PECOS billing company information. Castlestone also proposed a multiple level match with the telephone number associated with the practice and matching that number, used in the activation process, to the directory listing for telephone numbers. There are other methods available to verify the use and activity of the swipe terminal with claims 6 | P a g e Confidential to Castlestone Advisors LLC
  • 8. System Usability Providers and suppliers were able to use the system immediately. There were no technical issues with the system or card network reported, save a short downtime at the server location. The predominant errors that came from the system were from transactions that were rejected because the provider or supplier location did not properly follow the activation instructions. Those transactions were posted on the system as unrecognized. Castlestone and NGS created a methodology to verify the location and have the transactions reclassified as accepted once the criteria were met. Risks/Issues Providers who work in large outpatient facilities found it inconvenient to access swipe terminals. Castlestone has mobile solutions in its inventory. Early on in the project, we found that DME suppliers who accept credit cards but do not have a walk-in business do not have a physical swipe terminal, but enter credit card information via a browser application. This was engineered into the application with no changes to the underlying processes. Design Specifications of Matching The matching algorithms developed by NGS and Castlestone were able to successfully match information from the swipe at a provider office against a swipe transaction at a DME supplier and the claim from the DME. This validates, at a high level of certainty, the ability to prevent fraud where a physician identity is inappropriately used to submit a claim. This process verifies that the beneficiary was in the provider office, that the DME order originated in the provider office, and once the order was ‘counterswiped’ by the DME supplier, any other supplier who attempted to fill the order would have it rejected. This capability can be used for any ‘ordered and referred’ service such as home care, physical therapy and pharmacy claims. The FBI Financial Crimes lists duplicate claims as one of the major causes of fraud. It is highly likely that duplicate DME claims have been filed in multiple jurisdictions for the same beneficiary. The US Attorney has told Castlestone that organized gangs submit the same claim across jurisdictions Protection of Physician Identity At no time did Castlestone have or require the NPI to perform this pilot. Assigning the physician an ID card and requiring that the order be verified with a swipe from the physician office blunts fraud from stolen NPIs. Even if the NPI were to be compromised, and CMS has a list of 5,000, the transaction would have to be verified with the physician card at the swipe terminal in the physician office. If a beneficiary card were to be used, that would provide the same protection. Protection of Patient Identity Since the beneficiary card was not implemented in the pilot, there was no way to fully test the ability to protect patient identities. However, creating a different identification from that used by the IRS will reduce the ability to use an ID stolen in one context to be 7 | P a g e Confidential to Castlestone Advisors LLC
  • 9. used for another. The IRS reports 400,000 returns every year where the identity of the individual has been stolen, as have their refunds. These identities can be used for Medicare fraud if and when the individual is eligible. The beneficiary card would protect patient identity be eliminating the Social Security number on the current card. The same identification card can be used if the beneficiary remains on fee-for-service or switches to a Medicare Advantage plan. If implemented, the MA plan may not need the Social Security number of the beneficiary, only their ID. This would further protect beneficiary identities. Economics The average DME claim, as based on statistics from NGS, is approximately $100. The overall fraud and abuse rate estimated by the GAO is 10%, which means that each claim ‘carries’ an approximately fraud or abuse component of $10, although DME CERT error rates and estimated fraud rates are higher than the GAO average. The verification and matching process costs about $0.20 per claim, which would decrease if and when the project is scaled nationally. Even at this level, each 1% of fraud prevented or detected, in the form of non-match of information, would provide a Return on Investment of 50%. Reducing or preventing only 5% of fraud and abuse in the DME program overall produces a Return on Investment of 250%. This does not include the benefit to the Part A/B program of verifying the outpatient office visit. This calculation includes low-cost DME items such as diabetic test strips and pressure bandages. CMS’ focus on power mobility equipment would bring even greater benefits if the technology is used. CMS is currently proposing a pilot for prior authorization of power mobility equipment. The power mobility equipment costs range from $700- $4,500. Assuming the same fraud and abuse rates, varying assumptions of: The cost range of power mobility equipment Low: $750 High $4500 The range of fraud and abuse in Power Mobility Equipment Low: 7.5% High 17.5% Percentage of Fraudulent claims arising from lack of face to face visit, no prior authorization or inappropriate use of physician ID: Low: 10% High 50% Return on Investment: 8 | P a g e Confidential to Castlestone Advisors LLC
  • 10. This “Lo-Lo” matrix uses the low end of the cost range ($750 per PMD claim) and low end of the fraud estimate (7.5%) with a range of 10-50% of frauds due to physician or beneficiary information improperly used to submit a claim, as a percentage of the [7.5%] fraud percentage. Each “percentage reduction” across the top is a reduction as a percentage of the [7.5%.] The highlighted cell, for example, would be interpreted as follows: “Assuming PMDs cost $750, and 7.5% of the claims are fraudulent, and 20% of that fraud is caused by inappropriate use of provider or beneficiary ID, no prior authorization, or no [required] office visit, and we are able to reduce that fraud by 7%, the Return on Investment is 267.50%.” 9 | P a g e Confidential to Castlestone Advisors LLC Lo-Lo Percentage Reduction Percent of Fraud from 5.0% 6.0% 7.0% 10.0% 15.0% 20.0% Unverified Orders with 10% 31.25% 57.50% 83.75% 162.50% 293.75% 425.00% no documentation: 15% 96.88% 136.25% 175.63% 293.75% 490.63% 687.50% 20% 162.50% 215.00% 267.50% 425.00% 687.50% 950.00% 25% 228.13% 293.75% 359.38% 556.25% 884.38% 1212.50% 30% 293.75% 372.50% 451.25% 687.50% 1081.25% 1475.00% 40% 425.00% 530.00% 635.00% 950.00% 1475.00% 2000.00% 50% 556.25% 687.50% 818.75% 1212.50% 1868.75% 2525.00%
  • 11. Afterword Since the initial draft of this Summary, the largest fraud ever perpetrated against the Medicare program was recently announced. A Texas physician was indicted on charges of ordering over $375 Million for ordering home care visits that were either unnecessary or never provided. It is also probable that most of the 11,000 orders were for patients that never were in the accused doctor’s office, as is required for an evaluation to qualify for homecare services. That fraud on that scale would have been prevented using the same infrastructure built for the DME program. The system designed for the DME swipe card, if properly implemented and enforced, can be used to prevent frauds in programs that are “ordered and referred” These products and services include DME, pharmacy, physical therapy, lab services and home care, where a physician ID is required for a claim, and an office visit to that physician is necessary for approval of the same claim In concert with other analytical techniques developed by Castlestone and others, frauds like this, on this scale, should never occur. Claims for those beneficiaries who were never seen would not have been paid. Also, the Inspector General also issued a report Questionable Billing for Medicare Independent Diagnostic Test Facility Services (OEI-09-09-00380 March 2012) which discusses the problems in verifying that services such as imaging, testing and evaluations were actually ordered by physicians and actually delivered to beneficiaries as ordered. This report should be read along with this project summary as the platform implemented for the DME can be used to address these frauds as well. 10 | P a g e Confidential to Castlestone Advisors LLC
  • 12. Castlestone VisitEye Presentations and Reports – Title Link Fraud Prevention for Health Insurers http://slidesha.re/1pCGh98 Doctor Shopping and Prevention http://slidesha.re/1nNb9OL CMS Pilot/Test of VisitEye http://slidesha.re/1vlGGeU Management Tech. for Therapeutic Cannabis 11 | P a g e Confidential to Castlestone Advisors LLC http://slidesha.re/1nQ5JkD Corporate Wellness http://slidesha.re/1qQf6Fi

Related Documents