During the 2014 Fédération Internationale de Football Association (FIFA) World Cup Brazil™, 166 goals were scored by 32 qualifying teams in the 64 matches that were played. More than 3.3 million spectators from across the world were in attendance. The games brought in a spectacular $330 million to the local economy in Natal, Brazil in just two weeks.
On May 27, 2015, FIFA made headlines across the world in a different way. According to recent allegations, 14 leaders from the association have accepted kickbacks and bribes that total more than $100 million over the last 25 years. FIFA’s story changed overnight.
When stories of health care fraud and abuse reach the headlines, the case is usually big, large health care systems are often named, and the settlements can be substantial. And, just as in FIFA’s case, the actual violations could have happened years ago. As cautionary tales, these stories can offer big lessons for health care organizations. Don’t commit fraud. Don’t compromise patient safety. Don’t cut corners.
There’s a problem with big cautionary tales: they’re hard to scale to the everyday decisions and situations that make up so much of health care. Fraud isn’t always as big as FIFA’s is claimed to be. It might not always dominate headlines. It might take the form of one employee doing the wrong thing without knowing it or management making an important decision based on outdated information.
Each year, the US Department of Health and Human Services (HHS) and the Department of Justice (DOJ) recover more than $3 billion in improper health care payments. HHS, DOJ, and other federal agencies prevent and monitor fraud by enforcing laws such as the False Claims Act the Anti-Kickback Statute, the Sherman Act, and more.
Consider the following scenarios, each based on real-world risks that the HHS Office of Inspector General (OIG) has warned about:
- A provider practice sole-sources a lab for all its patient testing. In order to retain the contract, the lab waives fees that insurance doesn’t cover. This could be seen by the OIG as a kickback.
- The rent paid by a private medical practice to operate in a hospital turns out to be less than fair market value. This could also be seen as a kickback.
- A hospital network discovers that its new affiliate has unpaid Medicare debt. This could threaten the entire network’s continued participation in Medicare.
While these scenarios may not have the drama of a data breach involving millions of patient records, each could result in serious fraud and abuse violations. More importantly, as outlined in a recent Deloitte Center for Health Solutions report, Health care fraud and abuse enforcement: Relationship scrutiny, many of the unwanted outcomes might be avoided with a strong risk mitigation program.
Informed by analytics, refined by experience, and anchored in actionable knowledge, an effective fraud and abuse risk program can help organizations identify, adjust, communicate and learn.
If applied correctly, analytics can help identify issues before they start. For the sole-source lab in the example above, real-time monitoring of organizational data could have warned the organization that some patients were not being billed for services they received. Managers could start a conversation with the lab about its billing practices, using their understanding of regulatory rules to guide the conversation and using this knowledge to make protocol adjustments to avoid this specific risk.
As another example, the private medical practice that found itself in the rent scenario could be addressed in a similar way. Since the regulatory risk is not new, program administrators could integrate rules into the analytics system to monitor agreements between hospitals and medical practices that rent space within it. Such a system could even integrate updated market rate data from a third party information source to help monitor this risk area.
Finally, for the new affiliate with unpaid Medicare debt, analytics could help to identify such a liability before any agreement is signed. Prior to the deal, analytics can be used in the due diligence process to identify relationships that exist between the two organizations, their stakeholders, vendors and affiliates. In this process, employees and contractors can be screened against lists of those with outstanding Medicare debt and other risk factors.
In each scenario, identifying potential issues through analytics is only part of the solution. Also important is adjusting strategy and tactics to mitigate risk, communicating the risk of fraud and abuse so that all within an organization can watch for it and continual learning to stay ahead of the compliance curve.
Sometimes fraud and abuse can grab headlines and change the game forever. But managing the risk doesn’t have to be dramatic. It isn’t just about avoiding the big things. It’s about using all the tools at the disposal of an organization, including analytics, to address potential issues before they start. Equally important is using what can be learned from past issues, from the evolving regulatory landscape and from the sea of data that health care organizations create to improve readiness.