Jason E. Christ, Teresa A. Mason

Download a PDF of this piece

Providers, plans, and vendors that provide services under the Medicare Advantage program, should be aware that the Office of Inspector General (“OIG”) of the U.S. Department of Health and Human Services (“HHS”) is once again focusing its oversight on Part C rules.

The OIG develops and prioritizes its Work Plan through the identification of areas that may pose a significant risk, focusing primarily on fraud, waste and abuse, health care industry compliance, and the exclusion of persons or entities violating the law. The OIG has broad investigative authority to ensure that it is promoting efficiency and mitigating fraud, waste, and abuse of federal government programs.[1]

If violations are detected through the various medical record reviews identified in the OIG’s Work Plan, the OIG has the authority to not only make recommendations to the Centers for Medicare & Medicaid Services (“CMS”) but also issue an administrative subpoena and refer the case to the Department of Justice (“DOJ”).

In June of this year, the OIG announced that it was targeting the “Inappropriate Denial of Services and Payment in Medicare Advantage.” The Work Plan expresses the OIG’s concern that the services and payment are being denied under Medicare Advantage to increase profits for Medicare Advantage organizations (“MAOs”). The Work Plan states that the OIG will be conducting reviews of medical records to determine the extent to which Medicare beneficiaries and providers were denied preauthorization or payment for medically necessary services.[2]

In addition, in October of 2017, the OIG announced that the agency planned to review medical record documentation to determine if the records supported the risk adjustment diagnoses the MAOs submitted to CMS for use in CMS’s risk score calculations. The OIG aims to determine whether the diagnoses are validly submitted and comply with federal regulations.

Inappropriate Denials of Payment or Service

MAOs provide Medicare beneficiaries with services typically covered under traditional Medicare Parts A and B. CMS created Medicare Advantage with the hope of decreasing costs to the Medicare program by taking advantage of efficiencies and cost savings attained by private competitors. However, those cost savings are not to be achieved by withholding medically necessary care to the detriment of the beneficiary or payment to the provider.

CMS contractually requires MAOs to provide and pay for services so long as the service is in a covered benefit category; the service is not specifically excluded from Medicare coverage; and the item or service is “reasonable and necessary” for the diagnosis or treatment of an illness or injury, to improve functioning of a malformed body member, or is a covered preventive service.[3] If an MAO fails to provide or pay for these services, CMS may use its enforcement authority to impose civil monetary penalties (“CMPs”) and sanctions.

In the case of the denial of medically necessary care or payment, CMS can impose a CMP of $25,000 for each violation and up to $10,000 more for each week the deficiency remains uncorrected.[4] Intermediate sanctions include the suspension of the plan’s enrollment of Medicare beneficiaries, suspension of payment, and/or suspension of all marketing activities to Medicare beneficiaries by the plan. For egregious violations, CMS can terminate its contract with the plan.[5]

Risk Adjustment Diagnoses

Payments to MAOs are risk adjusted on the basis of the health status of the beneficiary. MAOs are required to submit risk adjustment data to CMS in accordance with certain federal regulations.[6] Inaccurate diagnoses may cause CMS to pay MAOs improper amounts.[7] CMS estimates that approximately 9.5 percent of payments to MAOs are improper primarily due to the submission of unsupported diagnosis codes to CMS. CMS guidance requires all submitted diagnoses to originate from a face-to-face encounter with an acceptable provider type for an encounter during that given year.[8] CMS also requires providers to comply with ICD-10 Official Coding Guidelines when making a diagnosis determination. The OIG is going to be reviewing risk adjustment codes to determine whether they comport with CMS guidance, and plans, providers, and vendors who serve Medicare Advantage patients should pay very close attention here.

Adverse findings with respect to the submission of risk adjusted diagnosis codes can, in addition to CMPs, also escalate into a potential False Claims Act case. MAOs, as previously explained, are paid more based on the relative health risk of its members. If the code is unsupported and an MAO (and its downstream provider) was paid by CMS for that code, the MAO (and its downstream provider) could be held liable, under a False Claims Act theory, for submitting or causing to be submitted a false claim. In that case, the OIG will likely work with not only CMS but also the DOJ to recover the appropriate overpayment and, depending on the facts, potential penalties. In 2018, the penalty per claim is between $10,957 and $21,916. In addition, the government can recover up to treble baseline damages.

* * *

For additional information about the issues discussed above, please contact the Epstein Becker Green attorney who regularly assists you, or one of the authors of this advisory:

Jason E. Christ
Washington, DC

Teresa A. Mason
Washington, DC


[1] Inspector General Act Amendments of 1988, Pub. L. No. 504, § 101, 102 Stat. 2515 (1988).

[2] Office of Inspector General, U.S. Dept. of Health & Human Servs., Inappropriate Denial of Services and Payment in Medicare Advantage (2018), https://oig.hhs.gov/reports-and-publications/workplan/summary/wp-summary-0000299.asp.

[3] Ctrs. for Medicare & Medicaid Servs., Medicare Managed Care Manual Chapter 4 – Benefits and Beneficiary Protections Sec. 10.2 (2016), https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Downloads/mc86c04.pdf.

[4] Medicare Advantage Program 42 C.F.R. § 422.760.

[5] Medicare Advantage Program 42 C.F.R. § 422.752.

[6] 42 C.F.R § 422.310(b).

[7] S.S.A. § 1853(a)(1)(C).

[8] Ctrs. for Medicare & Medicaid Servs., Medicare Managed Care Manual, Chapter 7: Risk Adjustment.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.