It's Risky Business: Medicare Risk Adjustment

Industry experts answer questions regarding Medicare Risk Adjustment

Recently, at the Health Care Compliance Association Conference, Dorothy DeAngelis, of Guidehouse Inc., and Lauren N. Haley, of Strategic Health Law, presented to a full audience on the topic of Medicare Risk Adjustment (MRA). Following are some common-theme questions and their responses.

1) What are the key requirements that Managed Care Organizations need to know to be compliant in today’s risk adjustment environment?

Lauren Haley/Dorothy DeAngelis: I think the key requirements to remain compliant in today’s risk adjustment environment are intuitive for most Medicare Managed Care Organizations (MCOs). MCOs should have policies and procedures to ensure that providers accurately report diagnosis codes on encounter data, and maintain medical records that adequately document and support diagnosis coding, including the applicable ICD-9-CM and ICD-10-CM Official Guidelines for Coding and Reporting. This includes working with providers and their coders to educate them on the importance of proper medical record documentation and to help identify where there might be systemic gaps. MCOs should also have internal processes monitor and audit claims data and medical records to validate the diagnoses that have been submitted to CMS to support risk scores. Such processes should include procedures to “look both ways” when reviewing medical records. That means MCOs should not only review medical records to identify diagnosis codes documented in the medical records that have not previously been submitted to support risk scores, but MCOs should also identify and delete diagnosis codes that have been submitted but are not supported in a medical record.

2) What changes to MRA are on the horizon based on the Centers for Medicare & Medicaid Services guidance or the recent wave of False Claims Act cases?

LH/DD: From a regulatory and operational perspective, MCOs should be monitoring the transition from Risk Adjustment Processing System (RAPS) to Encounter Data Processing System (EDS) for risk adjustment purposes. The Centers for Medicare & Medicaid Services (CMS) have been collecting data from both systems to support risk scores, but phasing in EDS by increasing the weight for payment year-over-year. For 2018, EDS risk scores are weighted 15% for payment, and RAPS risk scores were weighted at 85%; the draft Call Letter indicated that CMS plans to increase the EDS weighting in 2019 to 25%. Medicare Advantage Organizations, MAOs should participate in the Medicare Encounter Data User Group Listserv and calls to remain up-to-date on relevant information. In addition, CMS has learned quite a bit related to risk adjustment since the last time Chapter 7 of the Medicare Managed Care Manual, which outlines CMS’s requirements for risk adjustment, was updated in 2014. We anticipate additional guidance related to risk adjustment data validation audits and appeal rights, including information about the fee-for-service adjuster that will apply.

The litigation landscape in risk adjustment and the False Claims Act (FCA) is rapidly evolving. The most significant case we’ve been watching, United States ex rel. Poehling v. UnitedHealth Group, Inc., No 16-08697 MWF (SSx), lost some steam in February 2018 when the Department of Justice elected not to amend its complaint to adequately plead the materiality of attestations that risk adjustment submissions are accurate, complete, and truthful based on “best knowledge, information, and belief.” In an order dated Feb. 12, 2018, United States District Court in the Central District of California dismissed three of six claims against UnitedHealth Group that were based on allegations that UnitedHealth Group knowingly submitted false annual Risk Adjustment Attestations to the Medicare program that were used to make risk adjustment payments. The court held that the government failed to allege that CMS would have refused to make risk adjustment payments if it had known the attestations were false, and provided the DOJ with an opportunity to file a second amended complaint to adequately plead the materiality of the attestations. Without amending the complaint, the primary issue that remains in this case is whether UnitedHealth Group is liable under the FCA for failing to return identified overpayments, the so-called “reverse false claims,” which could subject UnitedHealth Group to the same FCA exposure and risk as the affirmative false claims allegations that were dismissed.

3) What do you see as the largest obstacles that Managed Care Organizations face in ensuring the accuracy and integrity of risk adjustment data being submitted?

LH/DD: The main obstacles we see are often structural. For many years MRA was considered a financial function or a data submission function, without a more multi-disciplined structure and approach to oversight.

Additional obstacles involve the heavy use of and reliance on multiple vendors. Careful consideration of these important contracts and the necessary visibility and audit rights are critical.

4) Who/what department within a plan do you typically see as owning the processes involved in MRA? Are there collaborations or areas of synergy with that you feel are often overlooked? 

LH/DD: Often, we see the MRA functions under Finance or Operations due to the level of impact that it has on these areas. However, that approach can lead to a silo effect with Compliance in terms of monitoring and auditing and overlooked opportunities to involve clinical functions to improve identification of and management of chronic conditions.

5) How should plans incorporate oversight of the Risk Adjustment process into their Compliance Program?

 LH/DD: There are several elements of a compliance program where oversight of risk adjustment processes can and should be incorporated. First and foremost, MCOs should implement policies and procedures that outline the requirements for collecting and submitting diagnosis codes used for payment purposes, including Risk Adjustment. This includes policies and procedures that are designed to ensure that providers accurately report diagnosis codes on encounter data, and maintain medical records that adequately document and support diagnosis coding. In addition, MCOs should develop and provide appropriate training and education with respect to risk adjustment. For example, this includes materials that detail medical record documentation requirements, acceptable provider data sources, obligations to delete diagnosis codes that do not meet risk adjustment submission requirements, and internal mechanisms to report concerns without fear of retaliation. 

Plans should do a thorough analysis of their First Tier, Downstream, and Related entities, and include MRA vendors as applicable. In addition, MCOs should perform operational or transactional level reviews of these entities (e.g., coding vendors).

In addition, risk adjustment processes should be included on almost every MCO’s risk assessment, and included in its auditing and monitoring work plan. As discussed above, MCOs should have robust processes to monitor and audit claims data and medical records to validate the diagnoses that have been submitted to CMS to support risk scores. MCOs should have clear processes for reporting and returning overpayments that are identified through auditing and monitoring efforts.

I would like to extend a big thank you to Dorothy DeAngelis and Lauren Haley for their very informative presentation on Medicare Risk Adjustment. As a Risk Adjustment professional, I commend their clear detailed explanation of the Risk Adjustment program. Their discussion made an extremely complex payment model easy to understand and they provided great tips for those embarking on development of a risk adjustment compliance program.

Nicole Martin, CPC, Manager
Florida Blue Risk Adjustment Physician Education, Prospective Field Chart Review

Back to top