Recently, the Department of Health and Human Services (“HHS”), Office of the Inspector General (“OIG”), HHS’s Centers for Medicare & Medicaid Services (“CMS”), and Congress have focused attention on the role of managed care in the Medicare and Medicaid programs. Below we describe some key points from OIG’s Strategic Plan: Oversight of Managed Care for Medicare and Medicaid (August 2023) and the increasing scrutiny by OIG, CMS, and Congress of the use of prior authorization by managed care plans.
OIG Strategic Plan Highlights Oversight of MA and Medicaid Managed Care
Managed care is increasingly prevalent in federal health care programs, especially Medicaid managed care and Medicare Advantage. Medicaid managed care organizations (“MCOs”) provide Medicaid benefits to 80% of enrollees in 41 states (including D.C.). Similarly, Medicare Advantage Organizations (“MAOs”) cover more than half of all Medicare-eligible beneficiaries.
OIG recognizes a “dual” role in managed care: while it vows to conduct oversight, it also recognizes that managed care plans are critical to OIG’s fight against Medicare and Medicaid fraud, waste, and abuse.
Walking that line, in the Managed Care Strategic Plan, OIG outlines the unique risks and OIG’s oversight priorities during a four-stage “managed care life cycle” as follows:
- Plan Establishment and Contracting—OIG may review state and CMS contracts, plan benefit design, establishment of the plan service area, and the integrity of plan bids.
- Enrollment—This area includes marketing practices, agent and broker activities, eligibility determinations, and the accuracy and use of enrollment data.
- Payment—OIG may examine risk adjustment, payment accuracy, medical loss ratio, value-based and other alternative payment arrangements, and providers engaged in fee-for-service program fraud and abuse who also contract with managed care plans.
- Services to People—This area includes review of network adequacy, ineligible providers, coverage determinations, whether enrollees receive care consistent with clinical guidelines, and potential fraud schemes that cut across multiple plans and/or federal health care programs.
Many of these focal points highlight areas of repeated scrutiny by CMS, Congress, and even prior OIG reports. For example, the Senate Finance Committee has been pressing CMS for additional oversight of Medicare Advantage marketing practices. Likewise, OIG previously reported that some MAOs denied prior authorization requests despite those requests’ satisfaction of Medicare coverage rules—prompting CMS to implement regulations clarifying that MAOs must comply with national coverage determinations (“NCD”), local coverage determinations (“LCD”), and general coverage and benefit conditions in Medicare unless they are superseded by a law applicable to MAOs. Similarly, CMS recently required more than a dozen states to test their Medicaid redetermination processes to identify and resolve a glitch that conducted the renewal process at the family-level, rather than individually, resulting in improper determinations.
OIG explained that reviewing each stage of the managed care life cycle is intended to advance three goals, each comprised of two objectives:
- Promote access to care for managed care enrollees by: (a) ensuring that managed care plans provide enrollees with access to health care services, including mental health; and (b) ensuring that the care provided is safe, effective, and equitable.
- Provide comprehensive financial oversight by: (a) ensuring payments to MAOs and MCOs are accurate; and (b) identifying and preventing fraud in Medicare Advantage and Medicaid managed care.
- Promote data accuracy and encourage data-driven decisions by: (a) ensuring data are accurate; and (b) encouraging timely collection of complete data.
While announcing “rigorous oversight” of managed care plans, OIG also promises to partner with those same plans aimed at fraud, waste, and abuse:
Effective implementation of this strategy will require OIG to conduct rigorous oversight of managed care plans while also closely coordinating with the same plans to fight fraud, waste, and abuse. OIG must hold Medicare Advantage organizations (MAOs) and managed care organizations (MCOs) accountable. Focused oversight and enforcement targeting plan conduct can hold MAOs and MCOs accountable that game Federal health programs and encourage improved compliance across the industry.
At the same time, OIG must work closely with plans to address health fraud schemes that are increasingly shifting to managed care. OIG recognizes that partnering with plans is key to combating fraud that harms managed care plans, their enrollees, and the Medicare and Medicaid programs. Creating synergy between MAOs, MCOs, OIG and our law enforcement partners, CMS, and State Medicaid agencies is necessary to improve the prevention and detection of health care fraud under managed care.
OIG believes that its Strategic Plan will help OIG partner with plans as well as address key risks in furtherance of each objective, such as such as prior authorization requests in Medicare Advantage, an area of OIG’s current and completed work.
Increasing Scrutiny of Prior Authorization in Federal Health Care Programs
1. Medicare Advantage
As noted above, CMS’s 2024 Medicare Advantage and Part D rulemaking tightened requirements on how MAOs apply prior authorization. CMS also proposed, and, according to CMS Administrator Chiquita Brooks-LaSure, will soon finalize, regulations that would require MAOs and MCOs—as well as health insurance exchange issuers (which are not federal health care programs)—to respond to urgent prior authorization requests within 72 hours and standard requests within 7 days, require annual public reporting of prior authorization metrics, and support electronic processing of prior authorization requests. The regulations have attracted significant interest from Congress because of how they may impact the Congressional Budget Office’s (“CBO”) scoring of the popular, bipartisan Improving Seniors’ Timely Access to Care Act.
The Improving Seniors’ Timely Access to Care Act would implement the following changes to prior authorization in Medicare Advantage:
- MAOs must perform real-time, electronic prior authorization for items and services as specified by regulation;
- MAOs must report annually:
- a list of all items and services subject to prior authorization;
- the percentage of prior authorization requests for each item and service initially approved;
- the percentage initially denied and subsequently overturned (broken down by each stage of the appeal process);
- the percentage of denied requests and the percentage of the total number of denials using a decision-support technology or other clinical decision-making tools;
- the average and median hours for deciding a request for prior authorization (excluding requests that lacked sufficient information);
- a list and description of each instance when a plan approved or denied an item or service when a provider deemed it medically necessary to furnish an additional or differing item or service during surgical preop or other invasive procedure;
- a disclosure and description of any decision-support technology or other clinical decision-making tools used in prior authorization decisions; and
- other information as may be required by regulation.
- MAOs must give providers who seek to contract with the plan the list of all items and services subject to prior authorization;
- MAOs must give contracted providers access to the plan’s prior authorization criteria, including an itemized list of what information must be submitted in support of a request (except for proprietary information); and
- MAOs must comply with new regulations intended to ensure prior authorization requirements are transparent, developed in collaboration with providers and supplies, ensure continuity of care for members, that decisions are timely made, and provide members with appeals information when a request for prior authorization is denied.
Although the Improving Seniors’ Timely Access to Care Act had almost 400 co-sponsors across party lines, it was not included in last year’s omnibus because CBO scored it at $16 billion. Reportedly, earlier this year, CBO informally rescored the bill at $10 billion, based on the proposed regulations and other information, and the legislation may be revised to further reduce it.
Congress also is considering “gold card” legislation to exempt qualifying physicians from prior authorization for certain items and services. H.R. 4968, the Getting Over Lengthy Delays in Care as Required by Doctors Act of 2023 (the “GOLD CARD” Act), would exempt physicians from an MAO’s prior authorization requirements if 90% of the physician’s prior authorization requests for the specific item, service, or group of similar services had been approved by the MAO during the prior 12 months. MAOs would be required to notify each physician who qualifies for the exemption of the items and services to which the exemption applies at least 30 days before the start of a new plan year. If an exempt physician requests prior authorization of an exempt item or service, the MAO must notify the physician of the exemption as soon as possible and no later than 24-hours after receipt of the request. The GOLD CARD Act of 2023 was referred to the House Ways and Means and Energy and Commerce Committees for consideration.
2. Medicaid Managed Care
OIG also published a report raising concerns about the rate of prior authorization denials by MCOs, citing limited state oversight. OIG reviewed 115 MCOs and determined that they deny 1 out of every 8 prior authorization requests. 12 MCOs had prior authorization denial rates over 25%. In contrast to CMS oversight of MAO prior authorization denials, OIG found that states do not routinely review prior authorization denials by MCOs. As a result, OIG made the following recommendations to CMS:
- Require States to review the appropriateness of a sample of MCO prior authorization denials regularly;
- Require States to collect data on MCO prior authorization decisions;
- Issue guidance to States on the use of MCO prior authorization data for oversight;
- Require States to implement automatic external medical reviews of upheld MCO prior authorization denials; and
- Work with States on actions to identify and address MCOs that may be issuing inappropriate prior authorization denials.
CMS concurred with the final recommendation, but did not opine on the others.
House Energy and Commerce Committee Ranking Member Frank Pallone, Jr. (D-NJ), however, announced an inquiry into MCO prior authorization denials. Rep. Pallone stated that he would contact each of the MCOs directly “for additional information and questions regarding their prior authorization practices.” On September 28, Rep. Pallone and Senate Finance Committee Chair Ron Wyden (D-OR) sent letters to 7 MCOs requesting documentation to answer several questions, including:
- Does a company require prior authorization for Early and Periodic Screening, Diagnostic and Treatment (EPSDT) services across any of its subsidiary health plans?
- A description of all algorithms, including machine learning and artificial intelligence algorithms, that a company used in prior authorization decisions separated by approvals, partial denials, and full denials for 2018-2022 for any and all MCOs that a company operated within that time frame.
- Information on the rate of appeals by level of appeal and the outcome for Medicaid MCOs and for its Medicare Advantage products.
The letters also request data about benefit determinations and appeals, including the outcomes of external reviews and state fair hearings.
In response to governmental interest, or anticipating regulatory changes, many health insurance issuers have announced revisions to their prior authorization requirements not only for Medicare Advantage and Medicaid managed care, but also in their commercial business. For example, some issuers have removed prior authorization requirements for certain types of testing, surgical procedures, and durable medical equipment. The potential changes to the Mental Health Parity and Addiction Equity Act regulations, which may make using prior authorization more challenging, in addition to potential Congressional action, may inspire more issuers to modify their approach to prior authorization.
Copyright © 2023 Groom Law Group, Chartered. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. With permission, excerpts and links may be used, provided that full and clear credit is given to Groom Law Group, Chartered and www.groom.com with appropriate and specific direction to the original content. For assistance, you may contact us.