The Medicare program is broken down into four parts. Part A covers the cost of healthcare items and services provided during inpatient hospital stays as well as skilled nursing facility, hospice, and some home health care. Part B covers certain physician services, outpatient care, medical supplies, and preventive services. Together, Parts A and B are commonly referred to as traditional Medicare or fee-for-service (FFS) because claims for each item or service are submitted to the Centers for Medicare & Medicaid Services (CMS) for reimbursement through its Medicare Administrative Contractors.
Conversely, Part C (also referred to as Medicare Advantage (MA)), offers Part A and Part B coverage delivered through private insurers, known as MA plans or Medicare Advantage Organizations (MAOs). Part D separately covers prescription drugs and may be provided through either Medicare drug plans or MA plans with drug coverage.
Medicare FFS has historically been the predominant delivery care model. However, the number of MA enrollees has ballooned over the past decade, steadily rising year-over-year and, as of 2023, MA covers over half of the Medicare population. MA plans often have greater flexibility in care delivery and benefit design, enabling them to meet more needs of the patients they serve. For instance, some MA plans may offer supplemental benefits related to vision or dental services or even social determinates of health (SDOH) such as gym memberships, even though these services are not covered under Medicare FFS.
Additionally, MA plans are afforded more opportunities to integrate new technologies, such as telehealth services, into their coverage offerings. As a result, these plans have become very popular.
As more federal dollars flow to MAOs, scrutiny on how those dollars are spent is increasing as well. So too, as MAOs enjoy greater flexibility to shape their offerings, Medicare compliance oversight related to marketing and operations is increasing. This includes audit scrutiny from both CMS and the US Department of Health & Human Services, Office of Inspector General (OIG), more stringent bid requirements, and False Claims Act (FCA) exposure.
RADV Audit Activity
MAOs are paid a capitated rate (per member per month) for each Medicare-eligible beneficiary they insure. Because the health status of individuals varies significantly, the capitated payments to an MAO are adjusted so that patients with more serious health conditions result in greater payments to MAOs to cover the costs of services for managing those conditions. Therefore, if an MAO’s overall patient population is more acutely or seriously ill, the MAO will receive greater capitated funding.
CMS’s risk adjustment model (the CMS-HCC model) is used to calculate whether MAOs receive increased capitated payments for their patient populations. In short, ICD-9/ICD-10 diagnosis codes (representing various health conditions) are submitted by network providers to MAOs during the care of patients. In turn, these diagnosis codes are reported by the MAOs to CMS on an aggregate basis. The aggregated codes are converted into an overall risk score that serves as a multiplier on the standard per member per month rate. Of course, while some degree of inaccurate diagnosis coding is bound to occur, materially inaccurate coding can result in overpayments or underpayments to the MAOs.
To ensure the accuracy of diagnosis coding and resultant risk adjustment payments, CMS conducts yearly Risk Adjustment Data Validation (RADV) audits on a small number of plans (typically approximately 5% of all MAOs) during which a sample of diagnosis codes submitted for risk adjustment are reviewed to determine whether they are supported by medical record documentation. CMS Medical Record Review Contractors (MRRCs) request clinical documentation directly from healthcare providers and then compare that documentation to the list of codes submitted by the MAO to assess accuracy.
In the event that MRRCs determine that a diagnosis code is not supported by medical record documentation, the MRRC will adjust the MAO’s submission to remove the incorrect diagnosis code. This adjustment may alter the risk score and represent an overpayment to the MAO. CMS typically aggregates identified risk adjustment discrepancies to determine an overall level of diagnosis coding error, which CMS may then use to extrapolate to the MAO’s overall capitated payments and request a larger overpayment.
In a 2023 final rule, CMS announced that it would begin applying extrapolation to payment years on or after 2018, but elected not to adopt a specific methodology for its RADV audit sampling activities. Such extrapolations of RADV audit findings will have a substantial impact on MAOs and significantly heighten the importance of accurate coding as well as the need for MAOs to mitigate unfounded RADV audit results.
Recent MA coding audits by the OIG (similar in design to CMS’s RADV audits) reviewed diagnosis codes submitted by MAOs. In each of these respective audits, OIG gathered data and medical records regarding approximately 200 sample enrollees, identified single overpayment damages between $400,000 and $600,000 based on inaccurate diagnosis coding, and then extrapolated these overpayments to between $3.5 and $25.5 million. While OIG ultimately did not recommend implementation of the extrapolations because the audited years were prior to 2018, this highlights the dramatic effect extrapolation can have when applied to RADV audit findings.
As the above figures show, RADV audits are a source of risk to MAOs. The volume of data maintained by MA plans is enormous. Each MA plan receives millions of claims from its network providers on an annual basis and each claim may contain multiple diagnosis codes. Often, due to provider errors, coding mistakes, and other factors, MAOs are unable to provide sufficient supporting documentation to validate all diagnosis codes. MRRCs may use extrapolation during RADV audits, resulting in substantial overpayment demands against MAOs even when the specific codes audited represent nominal payment.
While inaccurate diagnosis codes can represent overpayment risk, schemes to push for more aggressive diagnosis coding might also implicate the FCA if there is the requisite intent to achieve greater payment. MAOs, like other healthcare industry stakeholders, should consider their whistleblower exposure, develop and maintain a robust compliance program, and take reported compliance concerns related to diagnosis coding seriously.
MAOs may further mitigate their RADV and diagnosis coding risks by monitoring high-risk coding and common errors, establishing certain value-based arrangements with providers, and auditing based on data analytics. In 2024, coding accuracy will be a major focus, and evidence of upcoding, or intentional inflation of diagnosis codes, continues to be a source of many FCA settlements.
Marketing and Advertising
Marketing by MAOs will be a major focus in 2024. On January 31, 2024, the Biden administration announced its focus on strengthening MA by, in relevant part, establishing new guardrails to address “predatory marketing” and removing misleading TV ads.
Additionally, in 2023, CMS issued a final rule implementing 21 new requirements related to marketing and enrollment activities prompted by complaints received from members and MAOs (e.g., requiring insurance agents to tell prospective enrollees how many plans are available from the organization for whom the agent sells; expanding MAOs’ role in monitoring agent and broker activities). CMS also proposed new standards for plan compensation to agents and brokers to prevent steerage of patients to plans based on compensation.
Clearly, there is a compelling focus on how MAOs market to potential enrollees and the legitimacy of those marketing efforts, as well as such marketing’s compliance with CMS regulations and applicable fraud and abuse statutes.
In today’s market, MAOs must carefully consider their marketing activities, especially during the annual enrollment period, to ensure compliance with CMS’s Medicare Communication and Marketing Guidelines (MCMGs) as well as the Anti-Kickback Statute, Beneficiary Inducement Civil Monetary Penalties Law, and the FCA.
Medical Loss Ratio Compliance
MAOs are limited in the amount of profit they can earn in a year. Specifically, MA plans must submit to CMS data related to their Medical Loss Ratio (MLR), the numerator of which consists of medical claims and quality improvement activities and the denominator of which consists of premiums minus allowable deductions. A MA plan’s MLR percentage must be at least 85% (called the MLR threshold). In other words, the MLR threshold effectively caps all MAO profit and administrative spending at 15% of the total amount of revenue (combined from CMS and patient cost sharing amounts) received by the MAO in a given year.
The MLR threshold was intended to incentivize MAOs to reduce administrative costs and ensure that enrollees receive value from Medicare health plans. Changes have been made over time regarding additional costs that may be included in the MLR numerator (e.g., expenditures related to fraud reduction activities), but MLR payment restrictions are here to stay.
As MAOs seek to offer new supplemental benefits not covered by traditional Medicare, careful consideration should be given to how the plan offers such benefits. While MAOs want to provide robust benefits to attract more enrollees, there is also an incentive to remain within the MLR threshold by ensuring that costs for supplemental benefits qualify as medical claims (also called incurred costs) or quality improvement activities. MAOs may offer mandatory supplemental benefits (subject to CMS approval) or optional supplemental benefits (funded solely by enrollee premiums), but both have implications for the MLR calculation.
CMS contractors conduct audits of costs reported relevant to the MLR. During the audit, CMS or its contractor may request additional documentation supporting the information contained in MLR data forms. Such audits may result in certain costs being disallowed from the numerator as medical claims. If such disallowances result in an MAO’s failure to meet the minimum MLR threshold, the statute imposes several levels of sanctions, including remittance of funds to CMS, a prohibition on enrolling new members, and contract termination. If an MAO fails to meet the MLR threshold for two or more consecutive years, earlier reporting deadlines will also be imposed.
As these various risk areas demonstrate, MAOs are continuing to be subject to enhanced scrutiny as their enrollee numbers increase. Due to the unique nature of the program, there is added complexity about how federal fraud and abuse laws interplay with MAO payments. MAOs will need to double down on their compliance efforts this year to stay out of the fray.