As CMS considers recommended changes to the RADV audit process, health plans should take a proactive approach to addressing potential concerns.
Medicare Advantage (MA) Risk Adjustment Data Validation (RADV) audits carry tremendous financial risk for issuers that have resulting errors, which in turn influence the extrapolation formula utilized by the Centers for Medicare & Medicaid Services (CMS). Finance leaders of health plans who are aware of these risks and equip themselves with a strong understanding of the inner workings of the RADV audit are exceptionally well-positioned to safeguard their organizations from the cascading consequences of RADV errors. Recently, leaders from several prominent health plans that had experienced a RADV and risk adjustment vendors were engaged in an extensive interview in an effort to learn how they believe CMS chooses health plans for an RADV audit. The result was a trove of incredibly valuable insights on the perceived themes and trends behind CMS’ selection and the Hierarchical Condition Categories (HCC) selections that drive such an audit.
By leveraging these data, finance leaders and other decision-makers at provider-sponsored and plan-sponsored health plans alike can develop proactive approaches to protecting their organizations during a RADV audit while ensuring the accuracy and thoroughness essential to providing high-quality care.
Study Results
The findings of such interviews can enable health plans to cultivate experience essential to understanding of the extrapolation formula that CMS applies when risk adjustment cannot be supported while also safeguarding the organization’s reputation and image.
In the interview described above, interviewees agreed on a few generally assumed factors driving CMS’s selection of a plan for a RADV audit. Many of the executives interviewed, however, provided perspectives based on their organizations’ unique circumstances. For example, some of the health plans selected had higher-than-average risk scores compared with other issuers, and others had atypical and exceptionally high volumes of prospective risk assessments, and such circumstances provided a strong rationale for why they landed on CMS’s radar. One plan that was chosen three times for RADV audits had engaged recently in a series of mergers and acquisitions.
Other possible reasons CMS was singling out health plans for RADV audits, based on the experience of health plan leaders, were having disproportionate volumes of outlier hierarchical condition categories (HCCs), large member bases, histories of issues with timely submission of common data files such as Risk Adjustment Processing System (RAPS) and Encounter Data Processing Submission (EDPS), little or a complete lack of proactive deletes – which signify when a plan has discovered a claim that was either made in error or unsupported. Plans that had experienced rapid growth due to unique circumstances, such as regional competition dropping out of the market for one reason or another, also were seen as targets for audits.
Once a sufficient amount of data was collected, leaders of two large health plans that had been targeted by CMS for a RADV audit were interviewed to gain insights into how CMS was targeting plans based on diagnoses. The first executives interviewed suggested that CMS might have a particular interest in health plans that were submitting certain HCCs relatively infrequently or that had high Risk Adjustment Factor (RAF) score. In addition, this executive noted that their organization had predominately more claims-driven risk adjustments than those driven by prospective and supplemental work.
Leaders from the second health plan highlighted the composition of their organization’s member base and suggested that their inclusion of members with long inpatient stays—10 days or more—and cross-year inpatient claims played a significant role in their selection. These health plan executives also reported a history of submitting “single source claims” (claims without a second source backing up the diagnosis) and a high number of what are known in the industry as “problematic HCCs”—i.e., HCCs with an average distribution rate of less than 1 percent. These high-risk HCCs include diagnoses such as AIDS (HCC 1), opportunistic infections (HCC 6), metastatic cancer and acute leukemia (HCC 8), and diabetes with acute complications (HCC 17).
Although there is an element of conjecture in all of the health plan leaders’ responses to the questions, these responses also were strongly grounded in reality, because the health plans had actually experienced RADV audits and were in a position, through self-assessment, to discern the factors that had prompted CMS to focus attention on them. Other health plan leaders can use these perspectives as a basis for their own organizational self-assessments, and thereby reduce their risk of being audited.
Strengthening Internal Controls
Whatever the reason for its selection, a health plan should be prepared for the eventuality of an RADV audit.
Health plans should continue to audit their vendors proactively, including prospective and supplemental risk adjustment vendors. They also should assess their own internal controls, with the goal of identifying gaps that should be reinforced as part of a robust pre-RADV strategy. Such gaps often come from the risks that lurk in a health plan’s claim-driven risk adjustments. To reduce expenditures, health plan leaders might consider pooling resources and coordinating internal control reviews with the activities of their internal auditing departments, which already may be conducting risk assessments.
Other precautionary measures, most of which has been passed along from plans that have recently come out of an RADV audit, include the following.
Enhance claim filters currently in place. Health plans should spend more time evaluating the strength of claims received before simply writing them to RAPS and EDPS files. A bit of extra effort here is guaranteed to pay off down the road.
Watch for infrequent HCCs. As previously mentioned, high-risk HCCs that are infrequently submitted will (and should) stick out like a sore thumb to CMS. Health plan leaders should identify and isolate any single-source claims for further review. In general, a patient with a chronic condition should have that diagnosis submitted more than once a year.
Adopt consistent discipline of “self-audits”. These should not be confused with “mock audits” which entail a great deal of replicated reporting responsibilities designed to mirror CMS’s requirements. Instead, these are “simulations” conducted once or twice a year from a much broader vantage point than would be taken during a focused CMS audit. The takeaway here is that a “once and done” auditing approach is simply not enough.
Know the outliers. Understanding how plans perform with regards to outlier HCCs, both regionally and nationally, can provide insight into key areas of concern. Outside actuary support and vendors with their own in-house databases of regional and national HCC prevalence can be extremely valuable assets.
Take an analytic approach to deriving risk points. It is crucial to adopt a logic-driven methodology to identify risk points. The top factors to consider, either in combination or as a standalone assessment, include the following:
- Health plan members with seven or more HCCs
- Members with at least a one-point increase in their RAF scores from the previous year; * Members in the top one-third paid stratum
- Members with a high distribution of HCCs
- Members with “presumed red flags,” CMS’s chief CMS concerns, which include active diagnoses or history of diagnoses such as vascular disease, diabetes with complications, and major depression
Know extrapolation methodology and how it applies to risk adjustments. Understanding how CMS uses RADV performance and financial implications to extrapolate payments is essential to correlating an organization’s approach to risk adjustments with the methodologies that directly affect its bottom line.
By taking some or all of these precautionary steps, health plans stand a good chance of heading off any concerns CMS might raise before they can materialize.
The Once and Done RADV
Years ago, an organization selected for an RADV audit could rest easily once the audit was complete, because the chances of being selected again in the short-term were slim. Those days are over. As the healthcare landscape continues to change and adapt under regulatory pressures, so does CMS’s approach to managing risk.
The audit landscape also is changing. CMS is contemplating idea of expanding the Recovery Audit Contractor (RAC) program and of streamlining audit activity by linking RAC activities with RADV audits. If this plan goes forward, health plan leaders may find it useful that the reasons for selection under RAC are clear and defined. Primarily driven by items with a high propensity of error, RACs focus their efforts on areas that are most likely to produce financial returns.
Also, in contrast to RADVs, RAC auditors go after all provider types and are driven by procedure codes rather than diagnosis codes. The RAC audits also focus to a great extent on level of care and medical necessity, neither of which are concerns during a RADV audit. It also is important to note that RAC audits are ongoing audits—not a singular event like an RADV. Although it is unknown whether CMS will move forward with the plan to wrap RADV audits into the RAC process, one thing is clear: Change is coming. In May 2016, the U.S. Government Accountability Office (GAO) released a critical review of CMS’s auditing process, outlining a series of recommendations to aid CMS in improving their approach to conducting RADVs. The top three recommendations are as follows.
Improve coding intensity calculation. This recommendation can be realized by including only the three most recent years of risk adjustment data, standardizing changes in disease risk scores to account for expected increases in all Medicare Advantage (MA) contracts, developing an accounting method that separates provider submissions from supplemental record review, and including beneficiaries renewed from different contracts under same MA organization during the pair-year period, such as when a member from Medicare Advantage A plan moves to a Medicare Advantage B plan during the same review period.
Modify contract selection for contract-level RADVs. The focus would be on health plans with high rates of improper payments. This change can be effected by selecting contracts with the highest coding intensity score and high rates of unsupported diagnosis in prior contract-level RADV audits (or a combination of both for plans with high enrollment). It should be noted, however, that GAO recommends excluding contracts that have a low coding intensity score.
Improve RADV timeliness. This improvement can be achieved by closely aligning the timeframes to the national RADV, reducing timeframes between plan selection and audit sample notifications, improving record transfer reliability and performance, requiring a defined number of days for the audit, improving the timeliness of the appeals process, and, as mentioned earlier, developing a plan and timeline for incorporating RAC into MA.
CMS already has indicated its willingness to follow these recommendations, so it is only a matter of time before health plans can expect to see these proposed changes brought to fruition.
Doing Risk Right
As CMS enacts the program enhancements prescribed by GAO, the need to engage in a proactive approach to RADV audits will only increase. Proactive organizations can fully prepare themselves for an RADV audit by acknowledging and addressing the internal control gaps that put them at risk that such an audit might find them in noncompliance.
By strategically undertaking these measures, finance leaders of healthcare organizations not only can develop the means to protect their health plans against any fallout from a potential RADV selection and corresponding extrapolations as a result of errors, but also can better position their organizations to quickly adapt to any future changes to the RADV audit process. These measures add up not only to a higher degree of revenue protection and a stronger brand reputation, but also to a better continuum of care for all.
Kim Browning is executive vice president of Cognisight, LLC, Rochester, N.Y.