New Compliance Guidance for Medicare Advantage Organizations

The U.S. Department of Health and Human Services' Office of Inspector General (OIG) has issued new voluntary compliance guidance for Medicare Advantage Organizations (MAOs) for the first time in over 20 years. This Industry Segment-Specific Voluntary Compliance Program Guidance (ICPG) is crafted to help organizations manage compliance risks and enhance adherence to federal regulations. With the expanding scope of Medicare Advantage programs, the guidance seeks alignment with Centers for Medicare & Medicaid Services (CMS) rules, concentrating on compliance standards.

The ICPG highlights several critical areas of risk for MAOs. A major focus is ensuring adequate provider networks so that patient access to necessary services remains unobstructed. MAOs are urged to continuously review networks and update provider directories, thus avoiding the dissemination of inaccurate information to potential enrollees.

Utilization management tools like prior authorization are also scrutinized. The guidance emphasizes making medical necessity decisions based on patient-specific needs instead of generalized data. MAOs should assess claim denials, particularly those overturned on appeal, and examine algorithm-based decision tools to satisfy patient-specific circumstances.

Marketing practices and financial incentives are other focal points. The guidance advises against creating incentives that might encourage inappropriate enrollment practices or misleading marketing. Emphasizing the legal risks, such as violations of the False Claims Act and anti-kickback laws, MAOs are encouraged to oversee third-party marketing entities to maintain truthful communication.

Risk assessment scores from in-home evaluations and chart reviews are under scrutiny due to their payment influence on MAOs. The OIG recommends that these assessments align with medical records, as they are typical audit targets. Additionally, maintaining the data integrity and quality necessary to meet CMS's 5-star quality rating is crucial, as is ensuring contracted providers are not on CMS's Preclusion List.

Internal Controls and Compliance

MAOs are reminded of their ultimate responsibility for CMS contract obligations, even if compliance functions are outsourced to First Tier, Downstream, and Related Entities (FDRs). The guidance suggests conducting risk evaluations prior to third-party engagement and clearly defining compliance responsibilities within FDR contracts.

Leadership and Internal Audits

For vertically integrated MAOs, experienced compliance officers with direct senior leadership access are recommended. Given the potential unfamiliarity of new investors with MA-specific requirements, the guidance advises thorough training on compliance fundamentals. Implementing robust internal controls, conducting ongoing audits, and taking corrective actions are crucial for accuracy in submissions, thereby avoiding penalties under the False Claims Act.