Medicare Advantage (also known as Medicare Part C) remains a top enforcement priority as evidenced by False Claims Act (FCA) investigations and litigation involving nearly all large Medicare Advantage Organizations (MAOs). As the number of Medicare Advantage enrollees continued to rise in 2023 (they now account for roughly half of all Medicare members), MAOs remained the subject of intense scrutiny by the Department of Justice (DOJ) and the Office of Inspector General for the Department of Health and Human Services (HHS OIG) — a trend that will continue in 2024 and beyond.
DOJ has made its focus on Medicare Advantage clear in public statements. As Deputy Assistant Attorney General Michael D. Granston stated in a press release, “[o]ver half of our nation’s Medicare beneficiaries are now enrolled in Medicare Advantage plans,” and the government pays private insurers “over $450 billion each year” to provide MA beneficiaries’ care. Granston also noted that DOJ intends to “hold accountable those insurers who knowingly seek inflated Medicare payments by manipulating beneficiary diagnoses or any other applicable requirements.”
In addition to engaging in ongoing FCA lawsuits against many of the country’s largest MAOs and their vendors, DOJ also settled two FCA claims against MAOs in 2023, and brought one of the first criminal indictments against a former MAO executive.
The Structure of Risk Adjustment Makes it Ripe for Enforcement
As background, MAOs are private insurers that offer managed care plans to Medicare eligible beneficiaries. CMS pays MAOs a fixed fee for the projected costs to manage member care and provide the health care services that its members may require. These per-member fees are calculated based on the MAO’s annual bid as well as the demographics and health status of the MAO’s members (as captured by diagnoses). The process by which MAOs identify and submit diagnoses to CMS, which adjust the payments per member, is known as “risk adjustment.”
To determine a member’s health status, MAOs collect and submit data, including diagnosis codes, to CMS. MAOs obtain diagnosis codes based on information in the claims submitted by providers, Health Risk Assessments (HRAs), and the review of documentation in a member’s medical records (i.e., chart reviews). CMS then maps certain diagnosis codes into Hierarchical Condition Categories (HCCs) based on similar clinical characteristics and cost implications. Each HCC has a numerical risk factor assigned to it for use in each member’s risk score. MAOs generally receive higher payments for sicker members because the care required for these members is more expensive.
FCA enforcement against MAOs has primarily focused on allegations that MAOs improperly collected and submitted diagnosis codes to CMS when performing risk adjustment activities. While FCA allegations vary by MAO, a large majority fall into a few categories, including adding unsupported diagnosis codes; conducting “one sided” reviews of patient charts to identify codes but not to delete them; developing data mining programs to identify missed diagnosis codes, using addenda to retroactively add diagnoses, or both; using vendors to identify diagnosis codes through in-home assessments; and failing to delete unsupported diagnosis codes.
Active Litigation Will Continue to Shape the Compliance and Enforcement Landscape
Various lawsuits against MAOs — involving allegations like those above — remained in active litigation in 2023, with certain cases moving through discovery and another preparing for summary judgment briefing and potentially a 2024 trial date. DOJ’s theories of liability and the court decisions in these risk adjustment lawsuits will reshape the risk adjustment compliance and enforcement landscape. One criticism of risk adjustment enforcement is that these FCA lawsuits constitute regulation through litigation. MAOs thus should continue to track these ongoing lawsuits to identify areas of enforcement risk in Medicare Advantage.
One such case began in 2020, when DOJ filed an FCA lawsuit against Anthem, alleging that the MAO knowingly failed to delete inaccurate diagnosis codes submitted to CMS for risk adjustment purposes. The case remains in discovery this year in the Southern District of New York. Similarly, the government’s Complaint in Intervention against Kaiser focuses on Kaiser’s use of addenda in medical records. The lawsuit consolidates six individual qui tam cases against the MAO and alleges that Kaiser pressured physicians to create addenda to medical records often months after the patient encounter to retroactively add unsupported diagnoses, and that Kaiser used “data mining” programs to identify missed diagnoses and create the addenda. The case is currently in discovery following denial of Kaiser’s motion to dismiss last year.
DOJ also remains in active litigation this year against a risk adjustment coding vendor, DxID, and its former CEO, who engaged in risk adjustment practices on behalf of an MAO. DOJ alleges that DxID adopted coding policies that did not comply with CMS guidelines, including coding from improper sources, coding conditions for which patients were not treated, and sending addendum to providers months or years after the service occurred. Last January, the court issued its decision granting in part and denying in part DxID’s motion to dismiss. Through 2023, DxID requested numerous extensions of time to file its answer, citing that defendants and the government intended to engage in substantive discussions that may streamline litigation. Barring an additional request for extension, DxID is expected to answer the complaint soon.
At least one case, Poehling v. UnitedHealth Group, Inc. et al., is moving toward the summary judgment phase, with the briefing scheduled to begin in the spring of 2024 and pre-trial conferences in fall 2024. As one of the first Medicare Advantage lawsuits to reach this stage of litigation, the court’s summary judgment decision in this case, and perhaps the verdict following any trial, will undoubtedly shape the Medicare Advantage enforcement landscape as the government’s theories of liability and MAOs defenses are put to the test.
DOJ’s Focus on MAOs Expanded to Criminal Charges
In October 2023, DOJ announced criminal charges against an MAO’s former head of risk adjustment for allegedly falsifying, and causing others to falsify, diagnoses that were submitted to CMS, resulting in millions of dollars in overpayments. While MAOs and their executives have faced intense scrutiny and enforcement under the civil FCA, this is the first time we are aware of criminal charges arising from allegations of fraudulent risk adjustment practices.
DOJ charged Kenia Valle Boza with orchestrating a scheme to submit false and fraudulent information to CMS to increase the amounts that HealthSun Health Plans, Inc. (HealthSun), Valle Boza’s former employer, received for certain members. DOJ alleged that Valle Boza knowingly submitted or caused the submissions of false or fraudulent information about chronic conditions that the MAO’s members did not actually have, and that coders (rather than the patients’ physicians) improperly added diagnosis codes to the members’ health record — using physician credentials — often days or weeks after the physicians saw the member. In other words, the scheme involved updating medical records to make it appear as though the physician made the updates. Valle Boza was charged with one count of conspiracy to commit health care fraud and wire fraud, two counts of wire fraud, and three counts of major fraud against the United States.
This indictment is notable not only because it represents a potential new trend in DOJ’s scrutiny of MAOs and its executives, but also because DOJ declined to prosecute HealthSun because HealthSun self-disclosed the conduct, cooperated with DOJ, undertook remediation, and returned the overpayments it received. DOJ’s declination of charges against HealthSun highlights the potential benefits to MAOs that engage proactively in compliance and, where non-compliance is identified, self-disclose the relevant conduct, cooperate with the government during an investigation, and remediate the issue to prevent non-compliance in the future, as discussed in DOJ and OIG Guidance Emphasizes the Importance of Robust and Dynamic Compliance Programs.
Given that Medicare Advantage remained an enforcement priority last year, and the focus on MAOs will almost certainly remain in 2024 and beyond, MAOs should continue to monitor DOJ enforcement actions, review HHS OIG publications and guidance, and evaluate whether to enhance compliance and other risk adjustment data and protocols to help mitigate their enforcement risk. In addition, because very few FCA lawsuits have reached advance stages of litigation so far, MAOs should be mindful of the active litigation landscape and review future decisions to evaluate risk areas and legal guidance. We will continue to monitor the evolving enforcement actions against MAOs and report on new case developments and settlements.