'A giant unknown': What the alleged $2B Medicare catheter fraud scheme means for ACOs

Seven durable medical equipment companies cost the Medicare system $2 billion in payments, the National Association of ACOs (NAACOS) told the federal government in recent months. But it's unclear just how problematic that will be for accountable care organizations.

The association's allegations come from a review of two billing codes for Medicare claims data from the Centers for Medicare & Medicaid Services (CMS) Virtual Research Data Center. They say urinary catheter payments to beneficiaries accounted for $153 million in 2021 before surging to $2.1 billion in 2023. Catheter spending by DMEs increased by 15.5% as false claims were filed around the country.

These payments could financially impact ACOs, potentially cutting into the groups' hard-earned savings and affecting benchmarking calculations for future years.

"NAACOS members began alerting us in December to suspicious amounts of billings for catheters," said NAACOS President and CEO Clif Gaus in a statement shared with Fierce Healthcare. "ACOs are a second pair of eyes and probably the first to know outside of government that this is occurring."

Clif Gaus
Clif Gaus (LinkedIn)

After alerting federal authorities, NAACOS felt they needed to push the envelope when the problem persisted. Last week, major news publications broke the story, though states had begun warning beneficiaries of potential fraud months earlier, and local news outlets had started to uncover elements of the scandal.

Now, providers are worried about a broken insurance fraud reporting process and the impacts data breaches have on a national scale. And experts are concerned this could be just the tip of the iceberg.

The Office of Inspector General (OIG) for the Department of Health and Human Services has not revealed whether there is an ongoing investigation, citing internal agency policy.

Timeline shapes up

In July, CMS announced more than 600,000 beneficiaries had their personal information exposed in a data breach consisting of sensitive healthcare information. Irregularities were spotted and brought forward by contractor Maximus Federal Services, which subsequently took the third party MOVEit file transfer application offline.

States quickly started to warn its residents of likely Medicare fraud. The Oklahoma Insurance Department pointed to rising cases of COVID-19 test kits and catheter kits fraud in August. Highmark Health in Pittsburgh warned of fraudulent claims for urinary catheters and glucose monitors. The Hawaii Department of Health issued a similar warning.

By November, CMS admitted 330,000 additional individuals' personally identifiable information was impacted by the July data breach. The agency offered free credit monitoring and new Medicare cards and numbers when necessary.

Illinois Senior Medicare Patrol Director Travis Trumitch said its office hotline began receiving tips from individual Medicare beneficiaries in early December.

He said these Medicare scams usually work by capturing Medicare numbers and private information through a data breach or on the dark web.

Typically, observant beneficiaries will see incorrect Medicare summary notices and payments from outside states. His department sends reports off to the OIG. That same month, member organizations alerted NAACOS of strange billing activity.

In nearly all 50 states, catheter payment growth has skyrocketed. Over half of U.S. states saw an increase in Medicare fee-for-service DME catheter payments of 500% or more from 2022 to 2023. Yet the majority of payments can be attributed back to just seven companies—three companies in New York and one each in Texas, Florida, Connecticut and Kentucky— NAACOS reported.

Jason Jobes
Jason Jobes (LinkedIn)

"I suspect what you see is that, depending on the magnitude of the breach by state, it could have influenced the magnitude of the financial impact by state as well," said Jason Jobes, senior vice president of solutions for consulting organization Norwood Staffing.

"No claim system can tell whether a stolen or misused identity was used to get the claim paid or whether it took place through a real face-to-face visit," explained Jeff Leston, president of healthcare processing solutions company Castlestone Advisors.

ACOs could be in trouble, but how much?

Catheters, in some ways, are an easy vessel for fraudulent Medicare activity. Because of the product's low cost, it attracts less attention than other high-ticket items attracting more attention. OIG even recommended to CMS to lower payment rates for urinary catheters in August 2022.

All told, the estimated $2 billion figure still represents just one-tenth of one percent of CMS' annual spend, said Jobes, noting claims were often in the neighborhood of $3,000 to $4,000.

"This is less than a penny off of every transaction," he explained.

Some say the feds have not done enough to prevent or stop the systemic abuse. After all, the story was brought to the forefront months later, not by government officials but by NAACOS on behalf of its worried members.

"I think it should have been noticed more, just the volume of it," said Leston, "That's a red flag right there, and that is not difficult to get."

Regardless, ACOs face existential threats when Medicare fraud runs rampant. If every ACOs lost $1 million in funds due to these claims, that's nearly $500 million in savings that could be irretrievable and no longer investable in people, tech or services that patients need. Current year cash impacts aside, the claims could skew performance levels and negatively impact future year benchmarking.

But it's unclear when, or if, CMS stepped in and cut off payment claims by escrowing funds, said a NAACOS spokesperson.

"Given the size and scope of this activity, most ACOs would either have their savings wiped out or forced to pay shared losses if these claims were counted as ACO expenditures," the spokesperson added. "We're asking that CMS remove these claims from their accounting, much like they did for COVID-related claims during the public health emergency. ACOs shouldn't be punished for fraud."

"That's a giant unknown," Jobes said, when asked whether he expects ACOs to be on the hook for other parties' fraud.

Next steps are unsure

CMS did not confirm or deny the existence of an ongoing investigation either, though it told Fierce Healthcare "that does not mean actions are not being taken behind the scenes" against suspicious parties. The agency added that it applies advanced data analytics to detect and prevent fraudulent activities, including stopping payments from being made, and has updated abusive billing regulations.

"It is important to note that beneficiaries have no financial responsibility for paying for fraudulent claims," said a CMS spokesperson in an email. "CMS closely monitors provider billing behaviors and reviews every complaint to determine if further action is necessary. Depending on the circumstances, this may include (but is not limited to) beneficiary and provider/supplier interviews and medical record reviews. Billing analytics and beneficiary calls allow CMS to proactively identify and investigate potential vulnerabilities associated with program integrity issues."

Notably, CMS said "any potential fraud figures mentioned may not be accurate" because even if a claim might show up publicly as paid, "money doesn't go out the door" if a provider or supplier is on an internal suspension list. The agency stresses it works closely with the OIG and the Department of Justice to recommend criminal and civil charges to providers as well as work to recover funds.

Jobes is optimistic the agency's perceived inaction is just the feds doing their due diligence to catch all wrongful parties and that funds are, in fact, getting placed in escrow.

"I don't know if they were setting a trap," he said. "That would be a logical thing to me. 'Oh, let's see how many of these claims will be paid.' What I will say is some of the DME companies saw a spike in the claims that were paid and then all of a sudden that volume crashed. So I'm inclined to believe CMS may have noticed something and then ultimately stopped paying."

Leston is more skeptical. An entrepreneurial background, his career began in financial services. He has since pivoted to healthcare fraud prevention and detection, advising Congress and advocating for a series of bills including the Fighting Fraud and Protecting Senior Care Act, which passed the House in 2018 but stalled in the Senate. The legislation would have implemented a pilot program that uses smart card technology to tackle Medicare fraud.

Jeff Leston
Jeff Leston (LinkedIn)

His company created a healthcare-specific ID card to be used onsite in a doctor's office at the point of payment, just like a traditional credit card. The product, currently utilized only by self-insured clients and unions, is designed to root out fraud instantly, like how credit cards and banks can spot potential fraud in under a second. He says this point of payment technology would help Medicare and Medicaid prevent fraud in many cases, including catheters, because there would be in-person authorization for any claim. A transaction could not get approved several states away.

"As long as I have an insurance number, I can submit a claim and the chances are good it'll get paid," he said of the current system.

Leston believes the government and health insurers are not serious about preventing fraud, as lobbyists at the time helped scuttled the legislation, and financial disincentives exist to scare off good policy.

Solutions desired

Watchers of this space question how Medicare fraud, which is common, can be stopped in the future.

For smaller ACOs, Jobes worries they don't have the infrastructure and actuarial expertise in place to thwart bad actors. These organizations could stand to lose the most from instances of fraud. He said vendors in the space can help ACOs with the cost aspect of claims to aggressively seek out wrongdoing, though it can be expensive. He says he recommends ACOs look at utilization and cost for each CPT code, comparing it to year-over-year variability.

"I will say that if you look at the False Claims Act as it relates to risk adjustment, there have been organizations who have kind of turned a blind eye to that side of the house," he added.

NAACOS wants the OIG to pay closer attention to fraud reports it receives from ACOs, and it wants to work with CMS to improve the reporting process, a spokesperson said. Despite the troubles ACOs faced in this ordeal, the association says this is why ACOs are so valuable, as fraud detection is more identifiable. NAACOS is also pushing for improved communication between Medicare administrative contractors. Beyond that, it seeks more provider participation and advocates for extending the alternative payment model incentive.

"What I worry about is that the pendulum swings too far and legitimate claims then begin to be held for unnecessary administrative burden," said Jobes. "I do worry that if CMS tightens the screws too much, cash flow for providers are adversely impacted. It's a double-edged sword."

Diabetic supplies and skin grafting utilization has also caught the attention of NAACOS. Could this same situation be happening right now with other products?

"It's up to ACOs to have a lot of trust in the system," he continued. "And I think that trust may have eroded with the lack of transparency on this issue. Heck, urinary catheters could just be spot No. 1."