OIG Strategic Plan for Oversight of Managed Care

On August 28, 2023, the Department of Health and Human Services (“HHS”) and the Office of the Inspector General (“OIG”) issued a Strategic Plan for Oversight of Managed Care for Medicare and Medicaid¹ (the “Plan”). The Strategic Plan identifies the specific risks of fraud and abuse that OIG plans to prioritize and that Medicare Advantage Organizations (“MAOs”) should address with appropriate compliance safeguards. Although OIG and others have previously highlighted many of the same risk areas, the Plan systematically outlines OIG’s concerns and signals a more proactive and assertive role for OIG in policing managed care. The Plan follows several years of heightened scrutiny by the U.S. Department of Justice (“DOJ”) of the Medicare Advantage space.

The Plan focuses on the phases of an MAO’s performance year to provide a roadmap for understanding the types of conduct that warrant heightened compliance focus:

• Beginning with plan establishment, the OIG warns of problems relating to contract procurement and ongoing CMS data submissions. OIG highlights that providing inaccurate information or failing to adhere to the terms of relevant contracts can render plans ineligible to participate in the Medicare Advantage program and consequently operating when they do not meet the requirements to do so. OIG suggests plans should focus compliance efforts on review of contracts with the state or CMS, plan benefit design, establishment of plan service area, as well as accuracy and integrity of plan bids.
• Throughout enrollment, OIG is focused on plans engaging in aggressive marketing programs through direct contact with enrollees and media campaigns. Simply put, OIG is concerned about patients receiving inaccurate or misleading information. During the enrollment phase of an MAO’s lifecycle, plans also submit demographic information to the government, which if incorrect, can result in incorrect payments. OIG therefore suggests that MAOs focus compliance efforts on marketing, agent or broker activities, eligibility determinations, and accuracy and use of enrollment data.
• With respect to payment from CMS, OIG will closely scrutinize MAOs and contracted provider incentives to misrepresent the health status of enrollees, as well as the plan’s own expenses. OIG suggests MAOs focus compliance efforts on risk adjustment, payment accuracy, medical loss ratio, and the value-based care or other alternative payment mechanisms used by plans, states, and CMS under the managed care programs. OIG will also continue to investigate the overlap in providers engaging in fraud in fee-for-service Medicare and Medicaid that are also providing services in managed care networks.
• When it comes to provision of care, OIG seeks to maintain adequate access to high-quality services. Barriers to care designed to reduce plan medical costs and increase revenue are, in OIG’s view, common and prevent enrollees from receiving necessary services. Particularly given OIG’s historical focus on prior authorization restrictions and organizational readiness, it is not surprising to see the MAOs’ recommendation that compliance efforts focus on network adequacy, identifying ineligible or untrustworthy providers, making accurate coverage determinations, and whether enrollees are receiving care that meets industry-standard clinical guidelines.

The OIG’s and DOJ’s continued scrutiny on fraud and abuse risks in managed care follows ongoing industry discussions on best practices for mitigating False Claims Act risk through compliance safeguards. Particularly following CMS’s proposed rule, it is clear that the agency believes that a lack of compliance infrastructure may constitute reckless disregard. In light of the Plan and ongoing enforcement trends identifying suspect MAO, provider, and vendor conduct, many in the market are shifting to a more proactive approach to monitoring and oversight.

If you have any questions related to this topic, please feel free to contact your usual Ropes & Gray advisor or one of the authors.