Medicare Advantage, the private-sector arm for elderly care, is fast becoming the new battlefront in the fight against health care fraud in the U.S. Here’s why, and what fraud examiners think should be done.

When Cigna launched its “360 Program” in 2012, it described it as a way to identify gaps in care for Medicare Advantage plan members through regular wellness visits. The health insurer said the extra consultations came with no added costs and helped detect health problems earlier on while they were less expensive to treat. They even gave patients gift cards for participating. It all made sense. After all, the strategy fell nicely under the original rubric of Medicare Advantage, a program within the U.S. public health system designed to create greater efficiencies, more choice and lower costs by having private insurers manage health care for elderly Americans. (See “Prevention Pays: $50 Prevention Bonus program for 2018,” Network Insider, Cigna-HealthSpring, Network Insider, Winter 2017.)

But there was more to the 360 Program than met the eye, at least according to the U.S. Department of Justice (DOJ), which in October 2022 joined an earlier whistleblower lawsuit that accused the insurer of using its 360 medical in-house exams conducted by third-party vendors for more nefarious and fraudulent means. Rather than treat patients, the vendors allegedly used the home visits to collect lucrative diagnosis codes so that Cigna could garner higher payments from Medicare. And the company admitted as much in internal communications, according to the lawsuit. In a 2017 company document, Cigna said: “[t]he primary goal of a 360 visit is administrative code capture and not chronic care or acute care management.” (See “Complaint in Intervention of the United States of America, Civil Action No. 3:21-cv-00748,” U.S. District Court, Oct. 14, 2022.)

The way Cigna went about using third-party vendors for this purpose was suspect, according to the DOJ. The health insurer allegedly prohibited the vendors from providing patient treatment or care during home visits — one of the exam options. Instead, nurse practitioners or nonphysician health care providers, with no access to beneficiaries’ full medical histories, spent little time with patients during home visits and relied heavily on responses to self-assessment questionnaires, according to the lawsuit.

The DOJ accuses Cigna of using vendors, who were incapable of properly assessing patients’ health, to establish invalid diagnoses for serious illnesses that it couldn’t have reliably determined in a home setting without extensive diagnostic testing or imaging. The lawsuit claims that Cigna knew that these 360 home visits generated false and invalid diagnoses, but it continued to submit tens of thousands of these invalid codes to the Centers for Medicaid & Medicare Services (CMS), an agency of the U.S. Department of Health & Human Services, because it was profitable. CMS took that data to determine higher risk scores and in turn a bigger payout for the insurer, which allegedly made tens of millions of dollars this way.

“Cigna knew that, under the Medicare Advantage reimbursement system, it would be paid more if its plan members appeared to be sicker,” U.S. Attorney Damian Williams said at the time. “This office is dedicated to holding insurers accountable if they seek to manipulate the system and boost their profits by submitting false information to the government.” (See “United States Files Civil Fraud Lawsuit Against Cigna For Artificially Inflating Its Medicare Advantage Payments,” DOJ, Oct. 17, 2022.)

Cigna isn’t the only U.S. insurer to face a civil fraud lawsuit for allegedly submitting false and invalid patient diagnosis codes to artificially inflate payments received from the Medicare Advantage program. Over the past several years, the DOJ has similarly sued some of the largest health insurers in the country as it turns a spotlight on fraud in this corner of the U.S. national health care system. Aside from Cigna, other U.S. health care giants such as UnitedHealthcare, Humana, Elevance (formerly Anthem) and Kaiser Permanente have found themselves in the DOJ’s crosshairs for fraudulent behavior relating to the Medicare Advantage plan. (See “‘The Cash Monster Was Insatiable’: How Insurers Exploited Medicare for Billions,” by Reed Abelson and Margot Sanger-Katz, The New York Times, The Upshot, Oct. 8, 2022.)

Alleged wrongdoing ranges from the mundane accusation of failing to check the accuracy of diagnosis codes (arguably because deleting them would impact revenues) to more sophisticated schemes using algorithms and data mining. “Sometimes it is inadvertent, sometimes it is on purpose, but at the end of the day it is about making more money and getting reimbursed at a higher rate,” says Kurt Yannelli, CFE, who has sold Medicare Advantage plans to seniors and now works as a trooper in the Pennsylvania State Police’s criminal investigation unit.

The defendants all deny wrongdoing, but the cases mark the latest chapter in the perennial battle against fraud in the U.S. public health system, this time highlighting the potential for financial chicanery among private insurers that provide such coverage in this growing segment of the Medicare system. “If these turn out to be strong cases and the U.S. government wins them, it’s a shot across the bow because fraud among the insurers was never touched upon previously in the Medicare Advantage world,” says Eric Rubenstein, CFE, director of litigation for fraud, waste and abuse at health care advisory company Advize.

Coding, capitation and classifications

To understand the DOJ’s fraud accusations, it helps first to examine how the U.S. government reimburses private insurers. Under Medicare Advantage programs, insurers (or plans) agree to assume the liability and risks of beneficiaries’ health expenses and in exchange the CMS pays the insurers a monthly, per person (or capitated) amount. The CMS pays the plans according to a base rate determined by the insurer’s bid for the business and whether it’s above or below a benchmark rate set by the federal government. If it’s above, a plan gets the benchmark rate and can charge enrollees a premium to make up the difference. If it’s below, which most bids are, the plan gets a rebate, which it’s then required to use to lower costs and provide extra coverage. (See “Understanding Medicare Advantage Payment & Policy Recommendations,” Better Medicare Alliance, September 2018.)

But what’s important is the extra layer of payments the insurers receive through the so-called risk-adjustment scores that the CMS calculate to account for the costs of sicker patients. The insurer and the doctors in its network supply the CMS with International Classification of Disease (ICD) codes based on diagnosis data. The CMS then takes that information, plus geographic information and other data, to create a numbered risk score (sometimes called Risk Adjustment Factor or RAF) using a model called hierarchical condition category (HCC) that estimates future health care costs per patient. For example, a person with cancer will get a higher number than a person who has some hypertension, qualifying the insurer for a higher payment amount for the sicker patient. But a patient who has had cancer and recovered with no need for treatment shouldn’t bump up risk scores for that year. Each year the process starts anew. (See “Hierarchical Condition Category Coding,” AAFP; “Medicare risk adjustment,” foresee Medical; and “Managed Care Fraud,” Whistleblower Law Collaborative.)

The idea is that the CMS ensures payments cover the costs of the beneficiaries most in need and in theory stop the insurance companies from profiting by just enrolling the healthiest Americans. The system is more akin to what the health industry calls value-based care, which is supposed to encourage higher quality care through bundled services and smarter spending. (See “Evaluating Medicare Advantage Value-Based Contracts,” American Medical Association, 2019.)

In contrast, traditional Medicare has typically worked on a fee-for-service (FFS) basis, where a doctor will bill Medicare for separate, unbundled services, such as an office visit or specific medical procedures. Doctors use current procedural terminology (CPT) and other codes to bill for a particular medical or surgical service rendered. Critics say this payment system incentivizes physicians to “upcode” — offer as many treatments and services as possible to garner more fees, often in fraudulent ways. And the U.S. Congress has endeavored to change this, most recently through an abstrusely titled piece of 2015 legislation called Medicare Access and CHIP Reauthorization Act (MACRA), designed to reward physicians for the quality rather than the amount of health care they provide. (See “What Is CPT®?” AAPC, Dec. 15, 2021; “Upcoding — Health care and Medicare Fraud,” Whistleblowers International, 2022; and “What Are MACRA and MIPs?” by Max Freedman, Business News Daily, updated June 29, 2022.)

“Traditionally health care fraud has been linked to the (upcoding) of CPT codes,” says Jacqueline Bloink, CFE, who runs a health care compliance consulting firm. “For example, maybe a doctor is billing as if they performed the service in an ambulatory surgical center when they really did it in their office. There is a place-of-service code, and the ambulatory surgical center pays more money than the office-based setting.”

Cast against FFS, Medicare Advantage’s reimbursement system certainly has its merits. One lump payment per year with the dollar amount dependent on the severity of the diagnosis arguably eliminates the temptations to commit the type of fraud that comes with traditional per-service Medicare payments. And, as Bloink points out, it’s arguably also easier to substantiate whether the ICD codes submitted are correct or not. An investigator, for example, can simply look at chart notes, lab results and prescriptions sent to pharmacies to see if a person has diabetes and is being treated for it.

This may be why the focus on insurers committing fraud in Medicare Advantage — apart from some scandals around aggressive marketing tactics — has been until recently largely off U.S. agencies’ radar screens. 

“For some reason the U.S. government thought there wouldn’t be a lot of fraud in Medicare Advantage,” says Mary Beach, CFE, senior director for program integrity at Evolent Health. She says the CMS’s Medicare Managed Care Manual only includes a couple of paragraphs on special investigative units (SIUs) and provider investigations.

Rubenstein, who started his career as a senior special agent for the U.S. Department of Health and Human Services Office of Inspector General, has a similar take.

“When I was first hired as an agent in 1997, there was the belief that there was no fraud (in what were then Medicare private plans) because the patients are getting the services they need,” Rubenstein says. “It doesn’t matter if the patient sees the doctor one time or a hundred times, the payment was what it was. But as time went by the spotlight has greatly shifted to the payer side, which is where we see the lawsuits with Anthem and Cigna and Kaiser.”

In reality, experts like Mark Starinsky, CFE, were already seeing problems through the use of so-called Adjusted Community Rate Proposals that managed care organizations were using to identify the health services they would provide to Medicare members and the estimated costs. Plans would enroll a patient with a risky diagnosis and then disenroll them once CMS had accepted their proposal, says Starinsky, who used to audit those plans and is now senior product manager of U.S. health care at Shift Technology. (See “U.S. Targets HMO Fraud In Medicare and Medicaid,” by Laurie Mcginley and David S. Cloud, The Wall Street Journal, Oct. 19, 1998 and “Semiannual Report - April 1, 1998 - September 30, 1998,” Department of Health and Human Services, OIG.)

Shifting incentives

In 1997, the U.S. Congress passed the Balanced Budget Act, which among other goals tried to stop insurers from favoring healthy Medicare enrollees over sick ones by providing higher payments for beneficiaries in poor health. (See “The Emerging Role of Private Plans in Medicare,” by Gretchen Jacobson, Journal of the American Society on Aging, Summer 2015.) Incentives shifted. And CMS providing higher compensation for sicker patients tempted health care practitioners to upcode and commit fraud.

“There are good arguments for capitated payments [in Medicare Advantage], but suddenly it’s not so much the providers [the doctors] who are committing fraud through upcoding; now you have profit-motivated insurance companies getting as many capitation fees as they can,” says Samuel May, J.D., CFE, a research specialist at the ACFE and a former investigations consultant at UnitedHealth Group. “You are adding an extra layer of complexity between the doctors and those responsible for oversight.”

The process is vulnerable to fraud not only because it’s complex but the sheer volumes of data — not to mention the multitude of Medicare Advantage plans — can make it easier to miss wrongdoing. According to KFF, a nonprofit organization focused on U.S. health care, 3,834 Medicare Advantage plans were available for enrollment in 2022 — more than any other previous year — with more than 26 million people already enrolled. (See “Medicare Advantage 2022 Spotlight: First Look,” by Meredith Freed, Anthony Damico and Tricia Neuman, KFF, Nov. 2, 2021.)

“When it comes to the validity of the claims data that is fed back to CMS, I think that is probably where there are problems. You are dealing with so much data,” says Beach. “Part of the problem is just the volume of it all, and there are thousands of different Medicare Advantage plans. Just the oversight of that is tremendous.”

Data manipulation

Because large amounts of data are increasingly susceptible to algorithmic manipulation, insurers are allegedly finding creative ways to use technology to bend diagnostic code results in their favor.

In late 2021, the DOJ accused Kaiser Permanente, a California-based managed care consortium, of defrauding Medicare of $1 billion by submitting inaccurate diagnosis codes through the Advantage Plan. The company allegedly used algorithms to data mine and identify high-value codes and “then determined the diagnoses its doctors would need to make to support the [codes] Kaiser wanted to submit for Medicare reimbursement,” according to the court filing. The company allegedly used high-pressure tactics. Doctors’ compensation was allegedly tied to report cards based in part on their responses to data-mining results. And Kaiser allegedly asked those doctors who disagreed with algorithmically induced diagnoses to meet one-on-one with “data quality trainers” and attend mandatory meetings called “coding parties” to reassess their views on diagnostic results, according to court documents. (See “United States ex rel. Osinek v. Permanente Med. Grp.,” casetext, May 5, 2022 and “Kaiser Permanente Defrauded Medicare of $1 Billion, DOJ Alleges,” by Lydia Wheeler, Bloomberg Law, last updated Oct. 26, 2021.)

Other health care providers are also allegedly using data mining to these ends. In 2021, the DOJ alleged that New York-based Independent Health, and an affiliated medical analytics company, DxID, used unsupported risk codes to scam the Medicare Advantage Program. This marked the first civil suit by the U.S. government targeting a data miner for this kind of fraud. [See “The DOJ Says A Data Mining Company Fabricated Medical Diagnoses To Make Money,” by Fred Schulte, NPR, Sept. 14, 2021 and court document, case no 12-CV-0299(S), Sept. 13, 2021.]

Turning the spotlight on insurer fraud

Governmental and medical experts are increasingly sounding the alarm about this type of fraud, and the DOJ says it has made investigating and litigating wrongdoing in the Medicare Advantage Program, also known as Medicare Part C, a top priority as more whistleblower cases come to light. (See “DOJ and OIG ramp up enforcement of risk adjustment coding: 5 compliance tips for providers,” by Nicole Jobe and Catherine Feorene, Thompson Coburn LLP, Jan. 27, 2022; “Medicare Advantage Upcoding, Overpayments Require Attention,” by Paul N. Van de Water, Center on Budget and Policy Priorities, off the charts, Oct. 30, 2018; and “The Coming Explosion Of Medicare Advantage Fraud And Penalties,” by David Lareau, Forbes, Innovation, Aug. 19, 2022.)

“The government has increased its oversight in this area and that will continue to happen,” says Starinsky, a former senior auditor for the U.S. Department of Health and Human Services Office of Inspector General. (See “Justice Department’s False Claims Act Settlements and Judgments Exceed $5.6 Billion in Fiscal Year 2021,” DOJ, Feb. 1, 2022 and “Petition for a writ of certiorari,” U.S. Supreme Court, Feb. 2, 2022.)

The DOJ has enjoyed some successes. In 2021, Sutter Health agreed to pay $90 million to settle allegations that it had knowingly submitted unsupported diagnosis codes and failed to correct them. Data mining and high-pressure tactics also allegedly played an important role in this case. (See “Sutter Health and Affiliates to Pay $90 Million to Settle False Claims Act Allegations of Mischarging the Medicare Advantage Program,” DOJ, Aug. 30, 2021 and court documents, March 4, 2019.)

But it isn’t always easy to prove fraud, and many cases are still stuck in the courts as insurers fight back against what they think is unjust punishment for honest mistakes and incorrect claims in diagnosis coding. They also argue that the U.S. government employs a double standard between audits in traditional Medicare and the Advantage plan. UnitedHealthcare, the biggest private insurer in the U.S., fought legal arguments against the way it used diagnostic coding for years before the U.S. Supreme Court rejected its appeal last year. (See “Supreme Court declines to hear UnitedHealth’s lawsuit on Medicare Advantage overpayments rule,” by Robert King, Fierce Healthcare, Payers, June 22, 2022.)

That case stems from UnitedHealthcare’s 2016 challenge to the so-called overpayment rule that required plans to refund reimbursements to CMS within 60 days if the diagnosis lacked the support of medical records. It said the rule violated “actuarial equivalence” by allowing supported and unsupported codes in traditional Medicare while only permitting supported codes when calculating risk scores in Medicare Advantage. This came as the DOJ joined two whistleblower cases against UnitedHealthcare, accusing it among other things of ignoring invalid diagnosis codes to avoid returning overpayments. (See “DOJ files official complaint in Medicare Advantage fraud case against UnitedHealth,” by Leslie Small, Fierce Healthcare, May 3, 2017 and “UnitedHealthcare loses Medicare Advantage overpayment suit,” by Rebecca Pifer, HealthcareDive, Aug. 16, 2021.)

“We very rarely get to call anything fraud in health care because actually proving intent to commit criminal fraud is very hard,” says May. “So, unless they are super egregious cases involving horrific amounts of money, it usually stays at waste and abuse where there is a negotiation about how much they are going to pay back.”

Big money

Still, if large amounts of government money are any gauge for potential fraud and worth the attention of fraud examiners, the Medicare Advantage program fits the bill. The program now accounts for $427 billion, or 55%, of total federal Medicare spending (net of premiums), according to KFF. That’s set to grow to more than $850 billion if estimates by the U.S. Congressional Budget Office are correct. (See “Baseline Projections.”) It’s also worth noting that Medicare Advantage is fast becoming the dominant health care option among elderly Americans reliant on the country’s national health services. According to KFF, 28 million people, or 48% of the 58.6 million of Medicare beneficiaries, were enrolled in Medicare Advantage in 2022. (See the chart below.) That marks a steep upward participation rate since 2007, when just 19% of Medicare beneficiaries had signed up for the program. (See “Medicare Advantage in 2022: Enrollment Update and Key Trends,” by Meredith Freed, Jeannie Fuglesten Biniek, Anthony Damico and Tricia Neuman, KFF, Aug. 25, 2022.)

This growth comes on the back of what some critics see as dodgy, if not fraudulent, sales tactics to get seniors signed up with the plan, provoking the ire of politicians who think the incentives driving insurers involved in Medicare are all wrong. (See “Pocan, Khanna Introduce Bill to Strengthen Medicare, Define Alternative Plans, U.S. Representative Mark Pocan,” press release, Oct. 13, 2022 and “Medicare Advantage has a marketing problem,” by Victoria Knight, Axios, Sept. 8, 2022.)

Meanwhile, complex policy debates abound over how best to mend what many see as the fragile financial state of the U.S. public health care system. That includes questions over whether Medicare Advantage’s diagnostic coding system ultimately results in more waste, abuse and fraud despite the benefits of greater choice for its beneficiaries.

Indeed, Medicare Advantage enrollees now have access to close to $2,000 in extra benefits annually, but this comes at an extra cost to the taxpayer and ultimately to those seniors on Medicare who haven’t signed up to the Advantage plan, according to MedPAC, an independent legislative branch agency that provides analysis and policy advice to the U.S. Congress about Medicare. (See “The Medicare Advantage program: Status report and mandated report on dual-eligible special needs plans – Chapter 12,” Report to the Congress: Medicare Payment Policy, MedPAC, March 2022.)

Call for change

In a recent report, MedPAC says that the private plans involved in Medicare Advantage have never produced savings for Medicare due to “deeply flawed” payment rates. The agency is calling for a major overhaul of Medicare Advantage policies that it says have resulted in inflated coding and incomplete data on beneficiaries’ health care encounters. Committee for a Responsible Federal Budget, a nonprofit policy organization, has also questioned how capitated payments incentivize insurers and ultimately up the cost of Medicare. (See “The Medicare Advantage program: Status report and mandated report on dual-eligible special needs plans – Chapter 12,” MedPAC and “Reducing Medicare Advantage Overpayments,” Committee for a Responsible Federal Budget, Feb. 23, 2021.) And politicians have also joined the chorus of voices proposing changes to the system.

[See sidebar: “A call for change”.]

Whistleblowers and other remedies

Many internal whistleblowers have reported fraud in Medicare Advantage cases thanks to the qui tam provision of the False Claims Act that allows those with evidence of fraud against a federal program to sue on behalf of the U.S. government.

“Whistleblowers are going to continue to become an integral part of these cases because the level of information they tend to have is so unique,” says Rubenstein. “If an insurer has rewritten an algorithm to move someone from one category to another, that requires people who understand that technical information and can impart it.”

Aside from advocating for whistleblowers, some are calling for more supervision and frequent audits. Each year, the CMS conducts what are called Medicare Advantage Risk Adjustment Data Validation (RADV) audits to ensure the accuracy of the data used to determine risk-adjusted payments. And new rules for such audits, including the retroactive use of the new methodology to recover payments from audits as far back as 2011, have ignited protests from the insurance industry. But critics say the CMS has been far too meek in its approach. (See “Insurers criticize risk adjustment overhauls for MA plans,” by Jeff Lagasse, Healthcare Finance, Sept. 6, 2022 and “‘The Cash Monster Was Insatiable’: How Insurers Exploited Medicare for Billions,” by Reed Abelson and Margot Sanger-Katz, The New York Times, The Upshot, Oct. 8, 2022.)

Some also wonder if the system requires a rethink about how insurance companies share information and audit their data. In chapters nine and 21 of the Medicare Managed Care Manual, the CMS provides guidelines on audits and what is expected of compliance departments at insurance companies. (See “Managed Care Manual.”) But there remains much scope in how plans manage compliance and the people they hire to keep an eye on any misconduct.

“It then comes down to the culture of the company as to how independent the compliance department is,” says Beach. “Sometimes they hire a compliance officer who has no idea about health care. You would hope that someone is regularly conducting an audit to ensure that the information fed back to the CMS is true and accurate. But Medicare Advantage plans are required to perform claims audits, which are checked against processing guidelines, and these claims audits do not include the validity of the claims information, such as the diagnosis codes.”

Ricky D. Sluder, CFE, is head of health care value engineering for Shift Technology, where he helps develop artificial intelligence software that health-insurance special investigators can use to prevent and detect fraud in reimbursement claims.

“More audits are good as long as regulation requires the plans to provide more transparency in the encounter data (details of a beneficiary’s health and treatment based on ‘encounters’ with physicians),” says Sluder. “Right now, the way encounter data is set up, it doesn’t tell the full story. That sets up auditors for failure, and as a CFE that bothers me because if I don’t have the ability to gather all the facts, how can I be effective?”

Whatever the merits of the Medicare Advantage plans, fraud examiners focused on health care are likely to have their work cut out for them in the years to come.

Paul Kilby is editor-in-chief of Fraud Magazine. Contact him at pkilby@ACFE.com.