OIG report finds Medicare Advantage Organizations are missing opportunities to use ordering provider identifiers to protect program integrity
Building on guidance issued last year, the HHS OIG recently released another report about the extent to which Medicare Advantage organizations are including NPIs within encounter data and leveraging these identifiers for program integrity oversight. As unique identifiers, NPI numbers are powerful data points, allowing payers to identify fraud and excluded providers within their networks. The review found that NPI data inclusion and analysis is significantly underutilized, raising concerns about program integrity.
Here are the highlights of the OIG’s full report.
Background: Current Requirements for MA Plans
The Medicare Advantage market continues to grow, with increasingly more responsibility for care of Medicare beneficiaries and program integrity falling to private insurers. In 2020, 40% of all Medicare beneficiaries were enrolled in MA plans.
HHS OIG raises a concern about CMS not currently requiring NPIs to be included in encounter data.“In 2020, OIG found that NPIs for ordering providers continued to be absent from 60% of all MA encounter records for high-risk services.” As encounter data represents a significant source for the agency’s oversight efforts, this missing data suggests the potential for undetected fraud, especially within the high-risk services of DMEPOS, clinical laboratory, imaging, and home health.
The Report's Findings: MAOs Have Room for Improvement
The report’s findings indicate that there are “unrealized opportunities” for MAOs to use ordering NPIs to protect the MA program against fraud and abuse. Requiring NPI inclusion in encounter data would support CMS’s fraud detection efforts.
The lack of ordering NPIs on some MA encounter records hinders program integrity oversight by MAOs.
MAOs may have significant gaps in program integrity oversight due to missing NPIs for ordering providers. According to the report, “Some MAOs indicated that their lack of ordering NPIs creates additional resource burdens and delays for safeguarding MA program integrity.” As one participant pointed out, the NPI needs to be present on the claim in order to make program integrity efforts effective. Relying on SIU teams to manually look up NPIs when triggered by another factor is simply not a scalable process.
NPI analysis is an effective strategy for identifying unusual and fraudulent patterns of ordering and billing for high-risk services. The report noted that MAOs generally do not collect other identifying data (license number, employer ID number, names) about ordering providers either, which could potentially be used for program integrity analyses.
Among MAOs that collect ordering NPIs, most but not all leverage this critical information to safeguard the MA program.
The report found that “Of the MAOs that collected ordering NPIs on any MA encounter records, most (139 of 175) stated that they use these NPIs to perform program integrity activities for at least 1 of the 4 high-risk services.” But the remaining 21% of MAOs is of concern to OIG as this data suggests 1 in 5 MAOs is not following CMS guidance for monitoring to prevent fraud, waste, and abuse.
“In the Medicare Managed Care Manual, CMS states that MAOs must perform effective monitoring to prevent and detect fraud, waste, and abuse, and that they may accomplish this using data analysis. Specifically, CMS recommends that MAOs use data analysis to establish baseline data by which to recognize—among other things—unusual patterns of referrals. Despite this guidance, 21 percent of MAOs that collected ordering NPIs for any of the high-risk services (36 of 175) did not perform program integrity oversight that used these NPIs.”
Most MAOs that collect ordering NPIs do not validate them against CMS’s NPI registry.
A valid NPI number is a basic element of Medicare eligibility for providers. However, MAO practices around NPI validation have even more opportunities for improvement. The report states “Most MAOs do not verify that the ordering NPI is in CMS’s NPI registry when they receive an MA encounter record for a high-risk service.” When an NPI from an ordering provider is present, 3 out of 4 MAOs do not validate that NPI against the NPI registry.
Potentially paying out claims for providers that do not have active NPIs is certainly a program integrity gap for any applicable payer, especially as it pertains to high-risk services.
NPI validation during the claim processing workflow (and on an ongoing basis for all participating and non-contracted providers) can help identify fraudulent claims and safeguard MA program integrity.
OIG Recommendations for CMS and MAOs
HHS OIG continues to request CMS to require NPIs on encounter records, which could have a significant downstream impact on payer organizations. CMS is currently exploring this possibility. OIG is also requesting that CMS implement “reject edits” for encounter data that is missing NPI numbers.
OIG also recommends that MAOs perform program integrity oversight using ordering NPIs and is recommending CMS increase education, oversight, and enforcement of this data inclusion. OIG suggested CMS create a toolkit of best practices and benefits of this analysis, and add this topic to Compliance Program Effectiveness audits.
Currently, when NPI is present on encounter data, CMS screens the NPI against NPPES and the CMS Preclusion List. MAOs can conduct this same screening through automated solutions like ProviderTrust’s Provider Network Monitoring—thereby identifying invalid and fraudulent providers much earlier in the process and better safeguarding program integrity.
Smarter Provider Network Monitoring from ProviderTrust
Protecting program integrity is a critical responsibility of MAOs. But these processes must be scalable and sustainable to be effective. Get more out of your provider network monitoring by partnering with ProviderTrust for audit-ready insights into each provider’s status for OIG exclusions, healthcare licenses, Preclusion List, Medicare Opt-Out, and more.
Our Provider Network Monitoring solution empowers you to protect program integrity more effectively without growing your teams.
