The Centers for Medicare and Medicaid Services (CMS) issued revised Medicare Program Integrity (PIM) instructions, effective May 10, 2004, via Transmittal 71 (April 9, 2004). The revisions may be accessed online at www.cms.hhs.gov/manuals/transmittals/comm_date_dsc.asp. The revisions to the PIM are significant because they are a final step in implementing the transition of fraud case development and law enforcement support work from Medicare carriers and fiscal intermediaries to Program Safeguard Contractors (PSCs). The discovery of alleged Medicare program billing abuse in connection with Medicare claims involving power wheelchairs underscored the need for updating the PIM to instruct PSCs to undertake more intensive data mining projects. The revised PIM also has provisions facilitating data sharing with Medicaid agencies.
PSCs are now assigned work associated with Medicare program safeguard functions in the following areas: medical review; cost report audit; data analysis; provider education; and fraud detection and prevention. Currently, 12 PSCs perform program integrity functions in these work areas. A listing of the 12 PSCs, and the states covered by each, is available on the PSC website. The revisions also signal another change given that the PIM is now a CMS Internet Only Manual (IOM), covering hundreds of pages in its printed form and replacing the former paper PIM.
The main focal point to the revisions involves data mining, specifically, the major thrust of the new process delineated in Chapter 3 “Verifying Potential Errors and Taking Corrective Actions”, and in Chapter 4 “Benefit Integrity.” PSC’s use software to compare providers’ billing patterns to baseline data and identify potential errors and potential fraud in a process called data mining. Dating mining is a tool that McDermott expects will be increasingly utilized by PSCs and Affiliated Contractors (Medicare carriers, intermediaries, and durable medical equipment regional carriers) to detect apparently unusual billing patterns for further review or investigation, and where necessary, remediation. The PIM is also updated to change, add and clarify various other instructions related to the PSCs. Medicare contractors who have not transitioned their benefit integrity or medical review work to a PSC are still required to follow the revised PIM. Some of the revisions to the PIM also address use and disclosure of individuals’ protected health information under the Privacy Act of 1974 and the HIPAA Privacy Rule.
Section §3.10 contains major additions to the PIM providing guidelines on “Use of Statistical Sampling for Overpayment Estimation.” The guidelines are described as applicable to administrative reviews performed by the PSC or Medicare contractor Benefits Integrity units. According to disclaimers in the manual, CMS, PSCs and Medicare contractor Benefits Integrity units are not limited to the procedures described in §3.10 for case development or when investigating suspected fraud. Furthermore, the PIM explains that PSCs, their employees and professional consultants are protected from criminal or civil liability as a result of the activities they perform under their contracts as long as they use due care--even if they fail to follow CMS instructions. CMS may request legal representation from the U.S. Attorney’s Office if a PSC, or any of its employees or consultants are named as defendants in a lawsuit or allow the PSC to defend and be reimbursed for the reasonable cost of legal expense it incurs. (PIM, §220.127.116.11.)
PSCs are generally required to retain files and documents for 10 years, but the PIM now requires the PSC to retain files and documents “indefinitely” if they relate to a current investigation or litigation/negotiation; involve ongoing Workers’ Compensation set aside arrangements, or prompt suspicions of fraud and abuse or overutilization of services. While “indefinite” document retention would appear to be difficult for PSCs to administer, as a practical matter, the PIM notes that the reason for this indefinite retention period is to satisfy evidentiary needs and discovery obligations critical to the agency’s litigation interests. (PIM, §18.104.22.168.) Providers and suppliers should be aware of this requirement when seeking disclosure of documentation in connection with future disputes.
While the PIM previously contained extensive exhibits, including sample letters and forms, the revisions to the PIM exhibits focus on updating the process for law enforcement agency requests to obtain CMS and Medicare data to assess allegations of fraud, examine billing patterns, ascertain losses to the Medicare program for a procedure, service or time, and to conduct a sample of claims for medical review. The letters and forms compiled in the exhibits to the PIM are used to deal with protected health information from CMS, Medicaid or from CMS contractors as part of the PSC review process.
It appears that the high rate of return which the government receives on its expenditures for enforcement activities may be further enhanced by the implementation of PSC reviews using data mining. It remains to be seen, however, whether this approach will limit false positives and actually enable CMS to better identify only actual fraud and abuse situations.