Documents Reveal Secret Legal Battle Over Medicare Overbilling
Federal officials have spent years locked in a secret legal battle with UnitedHealth Group, the nation's biggest Medicare Advantage insurer, after a government audit detected widespread overbilling at one of the company's health plans, newly released records show.
The audit found that Medicare paid too much for nearly half of a sample of patients enrolled at PacifiCare of Washington state, a subsidiary of UnitedHealth Group. The audit was part of a cache of heavily redacted documents released to the Center for Public Integrity through a court order in a Freedom of Information Act lawsuit.
Matt Burns, a UnitedHealth spokesman, declined comment on the audit documents. However, during more than three years of confidential — and previously undisclosed — negotiations, the insurer argued that the audit was unfair and the results were flat out wrong.
The PacifiCare audit offers a rare look at government oversight of the popular and fast growing Medicare Advantage industry. These privately run alternatives to the basic fee-for-service Medicare program treat more than 17 million Americans at a cost topping $150 billion a year.
These audits test the accuracy of a billing tool called a risk score. Medicare uses risk scores to pay health plans higher rates for sicker people and lower rates for those with few medical needs. But federal officials concede that some health plans may overstate how sick their patients are, a practice known as "upcoding" that wastes billions of tax dollars every year. The audits are designed to recover those overcharges.
It is clear that officials at the Centers for Medicare & Medicaid Services knew years ago that risk scores rose much faster among Medicare Advantage plan members than for people who remained on traditional Medicare, a worrisome signal of creeping billing abuse. A major 2009 government study that was not made public suggested some plans "gamed" the system by exaggerating how sick patients were, for instance.
So in June 2008, officials picked five health plans, including PacifiCare of Washington, Inc., for pilot audits. Details on the four other audits appear to have been redacted in records released to the Center for Public Integrity. CMS officials said only that the pilot audits "recovered" $3.4 million.
Under the audit rules, two sets of auditors combed over medical records for 201 patients to confirm they had the illnesses the government had paid to treat. If these conditions are not properly documented in the medical charts, Medicare asks for a refund. By contrast, plans can get credit when underpayments are discovered.
Among the PacifiCare audit findings:
- Medicare paid the wrong amount for 128 of the 201 patients, an error rate of nearly two thirds. Payments were too high for 98 of the patients, too low for 30 of them. In total, the plan was overpaid by $381,776 out of $3,795,527 in payments in 2007.
- One in five medical conditions could not be confirmed, and most of these errors triggered higher payments than justified. CMS officials blacked out large chunks of the audit documents released, including the names of the medical conditions.
- Auditors cited a "lack of sufficient documentation of a diagnosis" most often as the cause for either denying or slashing payments. However, in more than a third of the errors, payment was denied because the medical file was missing the required signature of the doctor who treated the patient.
CMS records show that the audit dragged on for years because officials changed some rules in the middle of the game and set up a lengthy and bureaucratic appeals process for health plans to follow.
CMS shared "preliminary" audit findings with the company in December 2010, but took nearly two years more to present a final version.
In a letter on Aug. 21, 2012, CMS officials said UnitedHealth owed the government $381,776. CMS said that it would deduct the money from upcoming payments to the plan, and reminded the company it could appeal.
Scott Theisen, UnitedHealth Group chief financial officer, filed an appeal in a Sept. 20, 2012, letter. He argued that the audit ample was too small and that the insurer didn't give the company enough time to secure sufficient medical records to justify its billing.
"Thus the amount of the overpayment claimed to be due by CMS cannot be accurate," Theisen wrote.
On March 14, 2014, a CMS hearing officer remanded the case to the agency for further negotiations.
CMS wouldn't say what happened next. In a statement, the agency wrote: "CMS takes seriously program integrity and payment accuracy in Medicare Advantage, and is taking steps to protect taxpayers, Medicare beneficiaries and the Medicare program. CMS is exploring how to make RADV hearing officer decisions public in such a way that safeguards the protected health information of Medicare Advantage enrollees."
Back in 2008, CMS had announced that it would start applying penalties known as "extrapolation," which have been widely used in other types of Medicare fraud investigations.
This meant that the billing error rate found in the sample of 201 patients would be applied to the PacifiCare of Washington plan. That could have dramatically boosted the extrapolation penalty.
But somewhere between 2008 and 2012, officials changed their mind and let Medicare Advantage plans off the hook.
CMS officials have never explained fully why they decided against extrapolating the audit findings.
But a confidential CMS presentation dated March 30, 2011, perhaps offers a clue. One slide estimates payment errors in Medicare Advantage at $13.5 billion for 2010, and notes that health plans "have an incentive to submit more diagnoses" in order to raise their payments.
When CMS sought opinions on the audits in December 2010, the presentation notes, it received more than 500 comments. "These comments express significant resistance to the implementation of the [Risk Adjustment Data Validation] audits and payment recovery based on extrapolated payment error estimates," the presentation states. "Successful payment recovery based on payment error identified in these RADV audits will depend on CMS' ability to address the challenges raised."
One slide said that CMS was "expecting to respond to the comments and finalize the payment error calculation methodology and overall strategy shortly."
As of last month, more than four years later, that still hasn't been done.
The secrecy surrounding Medicare Advantage payments has prompted a stern rebuke from Senate Judiciary Committee Chairman Charles Grassley.
"The public's business ought to be public, with few exceptions. An agency shouldn't withhold internal deliberations unless there's a really good reason for it, like a risk to national security. It seems to me that a discussion of a Medicare overpayment problem and what to do about it ought to be public," the Iowa Republican said in an email.
"What is CMS worried about disclosing and why?" Grassley added.
Last month, Grassley wrote to Attorney General Loretta Lynch and CMS administrator Andrew Slavitt asking how many of the risk score fraud audits had been launched over the past five years and their results.
In a separate letter, Sen. Clare McCaskill, the senior Democrat on the Senate Aging Committee, asked CMS officials what's being done to curb billing fraud and abuse alleged by Medicare Advantage whistleblowers, calling it "an issue that must be investigated further."
Congress authorized the use of risk scores starting in 2004. It's essentially an honor system in which health plan doctors assess every patient's health risks (and thus the associated payments) based on specific medical conditions they have, such as diabetes. Exactly what's permissible under the billing rules, however, remains confusing even to many health plan professionals.
"I think there's really not a very good understanding of how this works," said Holly Cassano, a medical coding consultant in Florida.
This piece comes from the Center for Public Integrity, a nonpartisan, nonprofit investigative news organization. To follow CPI's investigations into Medicare and Medicare Advantage waste, fraud and abuse, go here.
Copyright 2023 NPR. To see more, visit https://www.npr.org.