Requiring Part D plan sponsors to report fraud activity would fix one of the program's many gaps

A week ago, Shantanu Agrawal, M.D., deputy administrator and director for the Center for Program Integrity at the Centers for Medicare & Medicaid Services (CMS), sat in front of the House Subcommittee on Oversight and Investigations and calmly juggled a barrage of questions from representatives who wondered, sometimes aggressively, why CMS isn't doing more to prevent fraud within the Medicare Part D program.

Agrawal stuck to his script. He repeatedly pointed to the rule finalized last year that requires Part D prescribers to enroll in Medicare, and subsequently allows the agency to revoke that status for providers with abusive prescribing habits. He lamented the challenges the large program faces in coordinating fraud prevention efforts. When asked why CMS has not implemented nine outstanding Part D recommendations identified by the Office of Inspector General (OIG), he deflected, saying that CMS "largely agrees," but that the OIG's directives--some of which have been in place since 2006--require a "multifaceted" approach that requires "many levels of implementation."

There are two recommendations that don't, and they both involve reporting by Part D plan sponsors. The OIG recommends plan sponsors 1) report fraud and abuse to CMS and/or Medicare Drug Integrity Contractors (MEDIC), and 2) report data on inquiries and corrective actions related to fraud and abuse.

These aren't new issues by any stretch of the imagination. A 2009 OIG report indicated that MEDICs lacked necessary data to investigate fraud and abuse, and remained unaware of potential fraud schemes because plan sponsors reported incidents voluntarily. Six years later, CMS is haunted by the same problems.

Assistant Inspector General of Evaluation and Inspections at the OIG Ann Maxwell seemed understandably exasperated by the lack of sponsor reporting.

"We cannot arrest our way out of this problem," she said at the hearing, referencing the recent nationwide fraud bust of 243 individuals. "We have to strengthen our defenses."

She went on to acknowledge that Part D sponsors serve as the "first line of defense" in recording and capturing potential fraud, waste and abuse. The massive elephant in the room, however, is the fact that CMS is largely left in the dark when it comes to how those sponsors are managing fraud. Except, instead of ignoring the elephant, everyone is staring dumbly in its direction.

For his part, Agarwal seemed to agree that Part D sponsors are critical since they are the ones actually paying the claims. But when asked what CMS is doing to improve the 35 percent of plan sponsors that currently report fraud data only voluntarily, he was less succinct, vaguely noting that the agency was working toward a better system.

The system he is referencing is PLATO (predictive learning analytics tracking outcome). Granted, this is a new system, implemented at the end of 2014 and designed as avenue for Part D sponsors to share information about suspicious providers with CMS and other plan sponsors. Agarwal argued that PLATO is beginning to offer information regarding what information is considered useful to plan sponsors.

That may be true, but the undeniable fact remains that until CMS shifts away from a voluntary approach and requires plan sponsors to report fraud data, every line of defense remains compromised. Without knowing what sponsors are doing to detect and prevent fraud, CMS is unable to situate itself as the second line of defense, and the OIG will continue to compulsively bang its head against a wall holding a crumpled-up list of ignored recommendations.

Toward the end of the hearing, Agarwal offered a glimpse at why mandatory reporting is such a contentious issue. It seems plan sponsors are weary of reporting fraud activity out of privacy concerns, so CMS has allowed them to report as a de-identified source. Essentially, fraud actions are reported anonymously.

You can probably guess the ways in which anonymous reporting hinders oversight. Time and time again, predictive analytics have been identified as the new wave for fraud enforcement, a pleasant departure from the pay-and-chase model. However, the predictive analytics approach is only as good as the data you feed it. To that end, CMS is forced to subside on a paltry 35 percent voluntary reporting rate. Keep in mind, that's a reporting rate that declined from 40 percent and 37 percent during the previous two years.

Why that number isn't 100 percent is baffling. Until plan sponsors are required to report fraud activity to the organization that funds the part D program, any chance at a robust predictive analytics program will never get off the ground.

To be clear, this is just one of many problems identified in the Part D program, in which fraud prevention and oversight has been so convoluted and mismanaged that it's hard to point the finger in just one direction. It's true that some plan sponsors respond to "encouragement" from CMS, but many don't. CMS audits from 2013 show 94 percent of plan sponsors have weaknesses in their compliance programs addressing fraud, waste and abuse, according a report from the GAO. The audit also revealed a lack of evidence that plan sponsors were conducting reasonable inquiries of potential fraud in a timely manner, or ensuring corrective actions were taken in response to fraud.  

Voluntary reporting puts the entire Part D plan in an unreasonably and unnecessarily vulnerable position. Requiring—rather than simply encouraging—plan sponsors to report suspected fraud would be a simple and effective way to ensure CMS at least has the data it needs to take action.

Whether or not CMS actually takes action is another issue altogether. Sometimes when the boat is sinking, you just have to fix one leak at a time. - Evan (@HealthPayer