Preparing for “novel strains” of healthcare fraud and other COVID-19 related issues
To be effective, Special Investigation Units (SIUs) must stay on top of the ever-changing healthcare landscape. In times of crisis and uncertainty like today’s global coronavirus crisis, this represents an even greater challenge. For example, a U.S. Attorney recently appointed a COVID-19 fraud coordinator to identify and prosecute newly emerging fraud schemes related to the global pandemic.[i] From fake cures, to malware and illegitimate charities, scammers are taking advantage of the current situation. The feds are already putting measures into place, and so should you.
How can SIUs get in front of the scams and be prepared to fight new variations of fraud? And what issues may impact cases going forward? Here is our list of the top 10 focus areas for SIUs amidst the COVID-19 pandemic:
- “Low tide phenomenon”
When the tide is high, scammers have cover. When the tide is low, scammers are exposed. What does this mean? Day in and day out, clinics treat large numbers of patients. High volumes of claims flow into payers like an ocean tide, making it difficult to identify when phantom services are charged for services that never occurred. When something happens, however, that causes legitimate services to halt or slow to a mere trickle, bad actors stick out like a sore thumb.
This occurs because fraud schemes usually can’t slow down to match the pace of the real world. Sometimes this is due to greed, while in other cases fraudsters are over-extended financially and can’t afford to stop. And don’t discount those who are just too stupid to realize that fake claims need to mirror the real-world claim volumes. Whatever the reason, detecting outliers in these times of crisis may be easier. In states where major snow storms come through and shut down travel, payers utilize “bad blizzard” analytics to identify the outliers on dates when legitimate claim volumes dried up. Regional and national coronavirus quarantines present a similar opportunity for enterprising SIUs.
What can you do? In the coming weeks and months, payers should begin to analyze claim volumes for non-essential outpatient services (especially those with place of service 11-office). The analysis should begin on the date that a stay at home order was issued. For each specialty, the analysis should also include a baseline. If you’re not sure when various orders were issued, take a look at this NBC News graphic, which provides state-by-state details on various stay at home orders.[ii]
- Doctors self-prescribing/hoarding drugs
ProPublica recently reported that pharmacists are seeing unusual and fraudulent prescribing activity related to two unproven coronavirus drugs: chloroquine and hydroxychloroquine.[iii]
What can you do? Be on the lookout for providers suddenly billing an increased amount of J codes and NDCs for these drugs.
- Clinics and other healthcare providers going out of business
With decreased revenues resulting from cancelled appointments or shuttered office locations, some healthcare providers may be forced out of business.
What can you do? As payers undertake new post-pay reviews, it will be more important than ever to review business filing records and recent claim activity to confirm whether a provider is still in business. Provider communication portals/newsletters may be a good place to post reminders about provider obligations to retain and provide access to records after going out of business. This is also a good time to review procedures for collecting or writing off overpayments.
Payers should coordinate with their credentialing and provider directory/network teams to ensure that updated information is shared across the company. Adding a flag to the payment system and other controls are ways to stop payments to shuttered businesses that owe money to the plan. This can limit future exposure and reduce ongoing liabilities.
- Increased member complaints
With so much confusion around member cost sharing for COVID-19 testing and even some treatments, member complaints are likely to increase.
What can you do? Payers should define a clear, well-documented policy about cost-sharing in these situations and communicate it to the provider network. Educating call center staff on the policy can also go a long way toward ensuring timely and accurate responses to member questions. Other best practices include providing a refresher to staff on fraud reporting procedures, and ensuring that internal and external fraud reporting mechanisms are effectively publicized and properly monitored. Consider developing an overview of all the new COVID-19 schemes mentioned here for internal staff who intake complaints.
- Pharmacy and DME claims for non-delivered items
CMS recently issued guidance that collecting patient signatures for proof of delivery/dispensing drugs may undermine public health efforts aimed at reducing the spread of COVID-19.[iv] CMS has encouraged plan sponsors and prescription benefit managers (PBMs) to issue guidance that signature verification will not be required during this crisis. This relaxed signature gathering approach, in combination with home-delivered drugs/items, have left payers wondering how to ensure that members received the item/s billed. At the same time, bad providers are likely wondering how to exploit the newly relaxed standards.
What can you do? For starters, stick to the basics of routine fraud detection analytics. Use analytics to identify drugs or durable medical equipment and supplies (DME) that don’t match a patient’s diagnoses.
Taking it a step further, payers should consider implementing alternate forms of verification on a short term basis. A post-pay validation effort might include member post-cards or telephone calls to verify receipt of medications/items. Don’t forget to include the fraud hotline in communications so members know how to report concerns about prescriptions or items not received.
To increase the sentinel effect, payers and PBMs may consider alerting pharmacies and DME suppliers that enhanced validation will be occurring. Like parking a squad car under the overpass to slow down speeding vehicles, this notification may deter some who might otherwise take advantage. Fraud experts know that the risk of being caught is one of the greatest deterrents for bad actors. Let them know you’ll be watching.
- Increased volume of laboratory testing
While SIUs should be prepared for an influx of claims for coronavirus testing (CPT® 87635- Infectious agent detection by nucleic acid (DNA or RNA); severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) (Coronavirus disease [COVID-19]), amplified probe technique), this testing may not be where fraud originates.
Predatory providers are already collecting members’ personal information through offers of free coronavirus testing. They will likely use that information to bill false or unnecessary tests unrelated to the coronavirus. The HHS Office of Inspector General recently issued an alert warning Medicare beneficiaries about scams perpetrated through social media, telemarketing or door-to-door solicitation.[v] We’ve seen variations on this theme in the past, with offers of free genetic testing at health fairs or via telemarketing efforts.[vi] The free coronavirus testing being offered is the latest twist on an old scheme.
What can you do? SIUs should perform data analytics and look for recent spikes in laboratory testing billed by providers. To detect possible scams, SIUs can drill into the data to identify members with addresses clustered in the same geographic area, look for identical testing codes billed for numerous members on the same dates of service, or simply isolate providers whose volume has increased disproportionately compared to their peers.
- Telemarketing scams
While the Telephone Consumer Protection Act generally prohibits what are known as “robo-calls” to consumers without prior permission, the current pandemic qualifies as an emergency under the Act. This allows healthcare providers to send automated calls and texts.[vii] The current exception applies only in limited circumstances and it doesn’t allow for marketing products or services that may help people in a time of emergency. Despite this, unscrupulous providers are likely to take advantage of the current situation for telemarketing schemes. Recall that in 2019, the federal government pressed charges in a nationwide orthopedic brace scam which was perpetrated through telemarketers and television/radio ads.[viii] This was one of the largest fraud schemes to date.
What can you do? One way to detect scams is by analyzing claim data for high volumes of claims from an ordering physician with no history of treating the patient in prior medical claims.
- Prescription fills/refills
Effective January 27, 2020, the COVID-19 crisis constitutes a nationwide public health emergency.[ix] Several states have existing or newly-enacted guidance that allows pharmacists to issue an emergency supply of medications without a prescription during a public health emergency. This is done in situations when the prescribing practitioner is not promptly available to authorize it. Typically, other requirements must also be met. Each state has different guidance. It is important to note, however, that prior refill limitations may not apply in the current environment.
In addition, while controlled substance prescriptions must generally be preceded by an in-person medical evaluation, the Controlled Substances Act allows for exception during times of public health emergencies. This means a telemedicine visit may now replace the in-person evaluation, provided that certain criteria are met.[x]
What can you do? During this pandemic, SIUs performing analytics for prescriptions without a corresponding office visit must be wary of increased false positives. It may also be prudent for payers to work with their restricted recipient/member lock-in program or other internal care management program to monitor known drug-seeking members’ prescription activity more closely during the current crisis. Just as unscrupulous providers may take advantage of relaxed regulations, some members may do the same.
- Waived cost sharing confusion (telehealth)
On March 17, 2020, the Office of Inspector General – Health and Human Services issued a policy statement allowing prospective immunity to telehealth providers from the anti-kickback provisions, if cost-sharing amounts are waived or reduced during the outbreak.[xi] Telehealth visits do not need to be related to COVID-19 testing or treatment. The immunity applies to all telehealth services during this exception period.
While this was an important step to protect the most vulnerable from potential exposure to the virus, this exception is unprecedented. It is important to note that commercial plans and state Medicaid programs may have other cost-sharing obligations separate from the Federal Anti-Kickback regulations. While this is not a new scheme, it’s a new consideration for SIUs in light of the current situation.
What can you do? Individual payers would be wise to consult with their Legal and Compliance Department to clarify the impact of this temporary immunity. Further clarification is also needed regarding the impact on services ordered or prescribed during telehealth visits. Consider educating providers about the limitations of the immunity. This may discourage individuals from taking advantage of the situation and then claiming ignorance.
- Telehealth expansion
To ensure access to care, states have been moving quickly to amend existing telehealth regulations, with some simply waiving existing requirements through disaster declarations.[xii] Similarly, the federal government has already expanded telehealth benefits under Medicare.[xiii] The accelerated timeline for these changes has two major impacts for SIUs.
What can you do? First, investigative personnel must be prepared for higher volumes of post-pay audits and reviews related to telehealth services. To brush up on telehealth billing and documentation requirements, check out the American Medical Association (AMA) Special Coding Advice for the COVID-19 emergency.[xiv] Consider providing SIU staff with an in-service on telehealth billing requirements.
Second, SIUs should be prepared for fraudsters who will inevitably bill for telehealth services never performed. As with other schemes, a good first step is to rely on existing detection methods for identifying providers. Look for providers with no prior history of treating the patient or those listing a diagnosis which doesn’t show up in past patient claims. This will result in many false positives, since some patients will seek first-time care via telehealth during the crisis. However, you can use this list as a starting point, and then rank providers by paid amounts and claim volumes to focus your efforts. Perform the usual outlier detection and monitor for “impossible days” or too many claims per date of service. After the crisis calms down, payers may also benefit from performing random sample audits of telehealth claims on a post-pay basis. Expanded member verification efforts (like those mentioned under item 5), which include verification of questionable telehealth claims, could aid in detecting potential fraud or abuse within this fast-growing service area.
That wraps up our top ten list for new COVID-19 related healthcare fraud risks and schemes. We’d love to hear about other emerging schemes that you are seeing in your region and what you are doing to prepare.
For now, be safe, be well, and be alert for new scams.