Several sessions addressed these hot topics:

Medicaid Compliance-The Medicaid integrity Program: What Does This New Federal/State Partnership Mean to Your Hospital? by Joanne B. Erde, Partner, Duane Morris and David Frank, Director, Medicaid Integrity Program, CMS

Legal & Regulatory-New ZPICs and How DOJ Uses Aberrations in Claims Data to Develop Leads in Case Development by Kirk Ogrosky, Deputy Chief and Peggy Sposato, Senior Healthcare Program Analyst, Fraud Section, Criminal Division, U.S. Department of Justice

Auditing & Monitoring-Leveraging Available Data, Your Desktop Software, and Other Specialized Tools for Enhanced Compliance Program Administration, Auditing & Monitoring, Jan Coughlin, Director Corporate Compliance Program & Privacy Officer and Glen Mueller, Vice President, Chief Audit, Compliance & Information Security Executive, Scripps Health


Below are some highlights of the outlines of each session, including links to the handouts of the presentations:


Tuesday, 04/28/09, 11:00-12:00

Medicaid Compliance-The Medicaid integrity Program: What Does This New Federal/State Partnership Mean to Your Hospital?


Joanne B. Erde, Partner, Duane Morris; David Frank, Director, Medicaid Integrity Program, CMS


1)      Deficit Reduction Act of 2005 (DRA)

a)      Section 6034 of the DRA created the Medicaid Integrity Program at § 1936 of the Social Security Act (SSA)(42 U.S.C. § 1396u-6).

b)      Signed into law in February 2006.

c)      Created first federal program to conduct Medicaid provider audits.

d)      Provided new funding, staff for Centers for Medicare & Medicaid Services (CMS).

e)      CMS created the Medicaid Integrity Group (MIG) to implement the Medicaid Integrity Program.

2)      Two main lines of business

a)       Conduct post-payment audits of providers and, where appropriate, identify overpayments.

b)      Provide support and assistance to states in relation to issues involving provider fraud, waste, and abuse.

3)      Partnership with States

a)      Medicaid Integrity Program’s purpose is to support, not supplant, program integrity efforts of the states.

b)      MIG has utilized an Advisory Committee. States have played, and will continue to play an integral role in this Committee — and they will continue to play an important role in the implementation of the Medicaid Integrity Program.

4)      Organization of the Medicaid Integrity Group

a)      Office of Group Director: oversees overall implementation of Medicaid Integrity Program.

b)      Division of Medicaid Integrity Contracting (DMIC): oversees procurements, evaluation and oversight of MICs.

c)      Division of Fraud Research & Detection (DFRD): oversees data-mining strategies.

d)      Division of Field Operations (DFO): has staff members in CMS regional offices in New York, Chicago, Atlanta, Dallas, and San Francisco.

i)        Conducts management reviews of state program integrity operations.

5)      Provides support, assistance to states concerning Medicaid program integrity issues.

6)      Contracts for the Performance of Medicaid Integrity Program

a)      Key Medicaid Integrity Contractor (MIC) Activities:

i)        reviewing of Medicaid claims to see whether potentially inappropriate payments or fraud may have occurred (Review MICs);

ii)       auditing Medicaid claims and identify overpayments (Audit MICs); and

iii)     educating state Medicaid program integrity employees, Medicaid providers, beneficiaries, and others concerning payment integrity and quality-of care issues (Education MICs).

7)      Objectives of MICs

a)      Ensure that paid claims were:

i)        for services provided and properly documented;

ii)       for services billed properly, using correct and appropriate procedure codes;

b)      for covered services; and

c)      paid according to federal and state laws, regulations, and policies.

8)      Review MICs

a)      Analyze Medicaid claims data to identify high-risk areas and potential vulnerabilities

b)      Provide leads to the Audit MICs, which conduct audits.

c)      Use data-driven approach to ensure focused efforts on truly aberrant billing practices.

d)      Utilize computer algorithms to analyze Medicaid claims data for aberrancies.


i)        Services after death

ii)       Duplicate claims

iii)     Unbundling

iv)     Outpatient claims during inpatient stay

9)      Audit MICs

a)      Conduct post-payment audits of Medicaid providers.

b)      Combination of desk audits and field audits.

c)      Fee-for-service and cost report audits now; later to add managed care audits.

d)      Will identify overpayments, but will not be involved in collection of these.

e)      CMS collects federal share of overpayment from the states. States pursue collection of overpayment from providers, according to state law. Providers will utilize state adjudication process to challenge overpayment.

f)        No contingency contracts for the identification of overpayments.

g)      As appropriate, will make fraud referrals to the HHS Office of Inspector General, which, in turn, will send the referrals to the state Medicaid Fraud Control Unit (MFCU).

h)      MIG will coordinate with states, law enforcement, and Medicare contractors to avoid duplication of effort.

i)        MIG will allow state Medicaid agencies multiple opportunities to provide input/feedback on preliminary audit findings before they are finalized.

j)        MIG will also allow providers an opportunity to review and comment upon preliminary audit findings.

k)      Also see Medicaid Integrity Program provider audit “Fact Sheet”:

10)  Who are the MICs?

a)      Review MICs:

i)        ACS Healthcare Analytics

ii)       AdvanceMed Corporation (AdvanceMed)

iii)     IMS Government Solutions

iv)     SafeGuard Services

v)      Thomson Reuters

b)      Audit MICs:

i)        Booz Allen Hamilton (Booz)

ii)       Fox & Associates

iii)     Health Integrity

iv)     Health Management Systems (HMS)

v)      IPRO

11)  MIC Procurement Awards

a)      April 2008: CMS awarded 1st Review and Audit MIC task orders for CMS Regions III and IV.*

i)        Review MIC task order went to Thomson Reuters.

b)      Audit MIC task order went to Booz.

i)        Region III: DC, DE, MD, PA, VA, WV

c)      Region IV: AL, FL, GA, KY, MS, NC, SC, TN

d)      In September 2008, CMS awarded 2nd Review and Audit MIC task orders, covering CMS Regions VI and VIII.*

i)        Review MIC task order went to AdvanceMed.

ii)       Audit MIC task order went to HMS.

(1)   Region VI: AR, LA, NM, OK, TX

(2)   Region VIII: CO, MT, ND, SD, UT, WY

12)  Education MICs

a)      Purpose is to educate Medicaid providers, beneficiaries, and others concerning payment integrity and quality-of-care issues.

b)      September 2008: CMS made award of umbrella contract to Information Experts and Strategic Health Solutions.

c)      First task order expected to be awarded in spring 2009.

13)  Support and Assistance to States

a)      State Medicaid program integrity reviews.

b)      Technical assistance to Medicaid agencies on program integrity issues.

c)      State Medicaid Director letters

i)        January 2009 letter on provider exclusions, obligations to warn providers to screen employees:

d)      June 2008 letter on provider exclusions, states’ obligations to screen providers:

e)      Best practices guides.

i)        Guide to state Medicaid program integrity offices on relationships with MFCUs:

ii)       Guides/information for states, providers concerning the federal tamper-resistant prescription law (SSA Section 1903(i)(23), 42 U.S.C. § 1936b(i)(23)):

iii)     Medicaid Integrity Institute: free training for state Medicaid program integrity employees, officials on various program integrity subjects. Trained 400 students in FY 2008; expect to train 700 in FY 2009.

14)  CMS Web Site


look for section on “Medicaid Integrity Program,” which includes links to Reports to Congress and comprehensive five-year plan.

b) has links to Medicaid Integrity Program’s annual Reports to Congress, five-year plan, and various documents for state government officials.

15)  MIG Contact Information

Centers for Medicare & Medicaid Services

Medicaid Integrity Group

7500 Security Boulevard

M.S. B2-15-24

Baltimore, MD 21244


Tuesday, 04/28/09, 1:30-2:30


Legal & Regulatory-New ZPICs and How DOJ Uses Aberrations in Claims Data to Develop Leads in Case Development


Kirk Ogrosky, Deputy Chief

Peggy Sposato, Senior Healthcare Program Analyst

Fraud Section, Criminal Division

U.S. Department of Justice




1)      Get Into the Zone

a)      Zones based on MAC jurisdictions

b)      Five Key Zones:

i)        Florida, California, Texas, Michigan, and New York

ii)       Key zones align with Program Integrity field offices

iii)     Fast response to fraud and administrative actions

iv)     Reduce emphasis on fraud referrals

v)      Coordinate with law enforcement to assure fraud referrals and active investigations are working together

c)      Two Other Zones:

i)        24 states with lower incidence of fraud

ii)       Continue using PSC processes

2)      Zone Benefits

a)      By analyzing providers across all benefit categories hope to increase efficiency in detection and elimination of fraud, waste and abuse.

b)      Reduce cost through economies of scale by consolidating contractor management

c)      Increase efficiency by utilizing uniform data and information technology requirements

d)      Streamline CMS costs

e)      Better coordination and less resources required for the States

f)        Increased security for health information with coordinated analysis across all benefit claims categories

3)      Zone Opportunities to Reduce Fraud

a)      By having access to all benefit categories, ZPICs can assure that Medicare patients are getting services that make sense.

b)      Physician evaluation with a diagnosis that matches all other services, items, and tests.

c)      ZPICs can focus on stopping payments for facially invalid services like HIV infusion, Unneeded Home Healthcare, and DME.

d)      ZPICs can take responsibility for ceasing facially bogus claims across all benefit categories.

4)      ZPIC Implementation

a)      February 1, 2009

i)        Zone 4 (Health Integrity) fully operational

ii)       Zone 7 (SGS) fully operational

b)      March 1, 2009

i)        Zone 5 (TBD) becomes fully operational

c)      June 1, 2009

i)        Zone 2 (TBD) becomes fully operational

d)      July 1, 2009

i)        Zone 1 (TBD) becomes fully operational

e)      October 1 — December 1, 2009

i)        Zone 3 (TBD) becomes fully operational

ii)       Zone 6 (TBD) becomes fully operational

5)      How DOJ Uses Aberrations in Claims Data to Develop Leads in Case Development:: Read Your Receipts

a)      Do you read the receipt when you buy an expensive item or service?

i)        Analyzing claims data is our way of reviewing the receipt to make sure it makes sense.  If it does not, then we look closer.

b)      Get into the Zone: Focus on the Virus

i)        HCF is viral: DOJ shifting to a strategy based on recognizing schemes in particular areas of the country.

ii)       Know the schemes in the zones – and by zip codes.

c)      Working with the ZPICS and FBI Intelligence Assessment to identify shifts in schemes.

d)      Assessing Aberrations in Claims and Payments

e)      Real Time Data Access through HHS-OIG-OI.

f)        Deter fraud, waste, and abuse before it occurs by spreading the word.

6)      Deterrence is better than prison.

a)      Prison following prosecution will not stop health care fraud – we must deter crime before it occurs.

b)      Criminal’s Thought Process (PSR):

i)        Probability of Detection;

ii)       Severity of Punishment; and

iii)     Relationship in time of Punishment to Crime.

c)      The most important factor for deterrence is the criminal’s perception of the chances of detection.

d)      In most instances of health care fraud, the first chance you have to detect a crime is when the claim is filed. The more you detect at this level, the more you directly impact the perception of detection.


a)      Health care fraud criminals have developed a perception that there is a low probability of detection

b)      This perception leads to duplication of known profitable fraud schemes. This duplication makes detection through data analysis possible.

c)      Opportunity exists when payers fail to analyze claims data accurately – thus, furthering the belief that the likelihood of detection is low

d)      Within geographic communities, criminal conduct spreads based upon exposure to repeated outcomes – undetected and profitable criminal enterprises look rewarding to others

e)      Law enforcement must address all three areas in order to deter crime: (i) better detection, (ii) more appropriate punishment, and (iii) faster arrest and prosecution.

8)      Medical claims, codes, and modifiers as evidence

a)      Common sense questions:

i)        Who are the patients and providers?

ii)       What are the prevalent diseases and treatments?

iii)     What is medically possible?

iv)     What is medically likely?

v)      What is medically reasonable?

vi)     Reverse questions: impossible, unlikely, and unreasonable

9)      2009 Fraud Trends

a)      Home Healthcare Agencies

b)      DME

c)      Infusion

d)      CORFs

e)      Infusion


a)      ICD-9-CM

i)        250 — Diabetes Mellitus, Insulin Dependent (IDDM)

b)      HHA Plan of Care

i)        Home Health Visits twice a day for insulin injections

ii)       Stated reason being vision, stability and fear of injection

c)      Physician Claims – IDTF

i)        95900-95904 Nerve Conduction Studies

d)      Corresponding DME Claims

i)        A4253 Blood Glucose Test Strips

ii)       A4259 Lancets

iii)     E0607 Blood Glucose Monitor

iv)     A4256 Calibration Solution


a)      Department of Justice – Prospective Juror Polls reveal the following:

i)        20% of Americans say it’s acceptable to defraud insurers;

ii)       40% say it’s okay to exaggerate claims to beat the deductible;

iii)     One-third of doctors say it’s necessary to “game the health care system;” and

iv)     Over one-third of doctors say their patients ask them to help them obtain fraudulent coverage for services.

v)      Remember these perceptions when communicating with the public about fighting fraud

12)  U.S. DOJ Criminal Statistics

a)      Criminal case filings rose 18 percent in FY07 and 14 percent in FY08.

b)      FY08 had the largest number of criminal HCF cases brought by the Department.

c)      Average sentences are rising (FRD average is 48.3 months between March of 07 and Dec. of 08).

d)       Where is this happening: Forty percent of filed criminal cases in FY08 brought in Southern District of Florida (32%) and Central District of California (8%).

e)      38 Districts had one or fewer HCF cases in FY08.

13)  Rate of Fraud

a)      GAO ((10%)) and NHCAA ((3%)) estimates.

b)      Estimates do not account for regional variations.

c)      Variations by sector.

d)      Risk of resource availability.

e)      Prepare for increased rate of fraud by sector – analyze aberrations in claims data.

f)        CHOWs and SARs.

14)  To date there have been no referrals to DOJ from the RACs—they would anticipate that this phenomenon will change moving forward.


Auditing & Monitoring-Leveraging Available Data, Your Desktop Software, and Other Specialized Tools for Enhanced Compliance Program Administration, Auditing & Monitoring


Jan Coughlin, Director Corporate Compliance Program & Privacy Officer

Glen Mueller, Vice President, Chief Audit, Compliance & Information Security Executive


Scripps Health




1)      Presentation Objectives

a)      Share ideas on software tools and techniques that can help us become more effective in addressing the significant challenges we face everyday as Compliance Officers by better leveraging the use of technologies

b)      Learn from other Compliance and Auditing subject matter experts in the room

c)      Provide one or two ideas that each of you can take back to your organization and implement

2)      Leveraging the Use of Information Technologies

We plan to discuss leveraging the use of information technologies in three areas:

a)      Compliance Department Administration

b)      Organizational Compliance Program Related

Activities that are Technology Driven

c)      Data Mining and Data Analysis for More Effective

3)      Compliance Auditing and Monitoring

4)      Compliance Program Administration

“We need to maximize the use of Technologies in Each of 8 Key Elements of our Compliance Programs”









5)      Leveraging the Use of Information Technologies (Within the Compliance Department)

Compliance Department Administration (Examples)

a)      Compliance Issues/ Investigations Tracking Database

b)      Audit Reports/Compliance Meeting Actions

c)      Follow-up Database

d)      Compliance Program Education- Tracking database and/or On-line education – modules and/or tracking completion

e)      On-line Subscription Services and Listserves

f)        On-line web-based survey tools

g)      OIG-RATS-STATS Statistical Sampling Software

h)      Compliance staff with user access to key compliance related information systems

i)        General Compliance Metrics/ Dashboard Information for Governance

j)        Contract administration for Compliance Program areas of responsibility (BAA’s, Physician Contracts)

k)      Compliance Auditing and Risk Assessment Knowledge Bases

6)      Leveraging the Use of Information Technologies (organizational)

Organizational Compliance Related Activities (Examples):

a)      Billing Claims Scrubbing Software, Pre-Claims Submission

b)      Coding Department – Coding Accuracy Software Aids

c)      On-line Coding Education and Proficiency Testing Tools

d)      On-line Completion of Conflict of Interest Disclosures

e)      Automated Annual Signing of Confidentiality Agreement linked to Performance Evaluations

f)        ABN Software

g)      Laptop and USB Encryption Tools and Monitoring

h)      Confidential Data Leakage Detection/ Prevention Software Tools

i)        Data in Motion- Monitoring of emails, FTP, and other

j)        Patient Privacy- Applications Monitoring of User Access to patient records

7)      Data Mining and Data Analysis for More Effective Compliance Auditing and Monitoring

a)      Data analytical tools can facilitate 100% review of all transactions, rather than samples.

b)      The number of records that can be imported and analyzed is limited only to your hardware capabilities. You can analyze over 1 million records on high end PC.

c)      A sophisticated data analytical program such as ACL has “built-in” commands, functions, and filtering capabilities that enable rapid insights into data and potential issues.

d)      Data Analysis Techniques:

i)        SUMMARIZE – to count records for each distinct value of selected character or date fields and subtotal numeric fields for each of these distinct values.

ii)       STRATIFY – to count the number of records falling into specified intervals (strata) of numeric field or expression values, as well as to subtotal one or more fields for each stratum.

iii)     CROSS-TABULATE – to analyze character fields by setting them in rows and columns. By cross-tabulating character fields, you can produce various summaries, explore areas of interest, and subtotal numeric fields.

iv)     DUPS OR GAPS – “Dups” detects whether key fields contain duplicate records AND “Gaps” detect gaps in the sequence of key fields.

v)      RELATE TABLES – to combine data from two or more tables as if it existed in a single table. You can add fields from related tables to a view or use the Extract command to create a new table of related fields. The “Primary” table just needs additional fields.

vi)     JOIN TABLES – to combine fields from two tables into a third table. A separate table is needed requiring fields from two separate tables.

vii)   EXTRACT – to extract selected records or fields from the current table and copy them to a different table.

viii)  EXPORT – to export data to another application (spreadsheets, databases, etc.).

e)      Other Features & Functionality of Data Analytical Tools:

i)        FILTERING

ii)       AGING

iii)     SAMPLING


8)      Valuable Sources of Compliance Related Data

Revenue Cycle Information/ Data (with focus on government payers)

a)      Medicare/Medicaid percentage of total revenue by department or service area

b)      Medicare QIO PEPPER Reports

c)      Coding accuracy statistics and trends

d)      Utilization reports by DRG and CPT codes and By Payor

e)      Physician billing – Medicare Development Letters

f)        Physician billing- Workload RVUs per visit

g)      Physician billing- Frequency Distributions of CPT Utilization

h)      Results of reviews by Medicare or other government reviewers

i)        Internal or external audits reports

j)        Other external reviews

i)        Consultants reports

ii)       Feasibility studies

iii)     Independent auditor’s (CPA Firm) annual management letter

k)      Quality Reporting data and metrics

l)        Patient Complaints volume and nature

m)    Patient and Employee Safety Occurrence Reporting

n)      Compliance Hotline calls by type, location, and substantiated vs unsubstantiated

o)      Patient / Physician / Employee Satisfaction Surveys

p)      Survey results from Joint Commission, CMS or State Regulatory Agencies

9)      Incorporate Data Analytics into Your Planning & Scoping Phase of All Compliance Audits & Reviews

a)      “Example of Frequency Distribution Analysis”: Obtain data directly from key information systems and databases.

i)        Facilitates efficient and effective review of 100% of transactions for time period.

ii)       Understand key data elements of population (i.e. Medicare Credit Balances) to provide for accurate analysis of business area and identify items that may represent risks or vulnerabilities

iii)     Direct system access by Compliance Department staff to the transactions Master File or Data warehouse facilitates quick and easy review of transactions.

b)      “Example of Frequency Distribution Analysis”: Utilize Data Analytical Techniques to Analyze and Provide Insights into 100% of Transactions

i)        Develop a frequency distribution of all “activity” during the period to determine the dollar “spread” of transactions in defined ranges by amount and age.

ii)       The frequency distribution can be used to determine the level of testing and “coverage” amount for sampling as it provides a strong overview of the entire population. You can better recognize most the significant transactions and immediately focus your testing and validation efforts. Note: Analytical procedures can therefore be used as the basis for planning and scoping compliance reviews PRIOR TO REQUESTING SUPPORTING DOCUMENTATION FROM PROCESS OWNERS!

10)  Utilize Data Analytical Tools to Facilitate Continuous Auditing & Monitoring

a)      Scripps Health Audit and Compliance Services (ACS) is developing a “Continuous Auditing and Fraud Detection” Program for Scripps Health to supplement traditional compliance and internal audit activities and to provide more timely address business risks which could have a significant impact on the organization.

b)      Continuous Auditing is the periodic or regularly scheduled performance of various review techniques (automated or manually performed) designed to detect unusual activity; monitor key privacy, financial, and security controls; test compliance with regulatory requirements and identify and mitigate other business risks, before they have a significant adverse impact on the organization.

c)      Examples of Continuous Compliance Auditing/ Monitoring:

i)        Emails with SSN’s or PHI blocked by email gateway filters

ii)       Medicare Credit Balances

iii)     Coding Software Edits by coder/ physician/ location

iv)     Nightly List of All Terminated Employees (exit interviews/ retaliation)

v)      Claims Scrubber Reports and metrics

vi)     Monthly checks of OIG/GSA Exclusion Lists

vii)   Transaction or event “alerts” based upon compliance criteria

viii)  Routine reports from timekeeping system

ix)     Physician Medicare Development Letters – Types and Volume

Share This Article