April 2011

Taming the Beast: Reining in Health-care Fraud

Through audits of areas such as dependent eligibility and claims, auditors can help stem losses that wreak havoc on the organization’s bottom line.

Dennis L. McGuffie, CPA
Vice President, Audit Services
Tenet Healthcare Corp.

 For years, a powerful force has been undermining organizations and wreaking havoc on corporate profits. Its monetary damage is immense, exceeding the annual revenue of many Fortune 500 companies and nearly equaling the gross domestic product of Switzerland. And while neither a country nor a company, this growing menace has a significant impact on both — it’s a beast known as U.S. health-care fraud. Losses due to fraud in both public and private health-care spending amount to more than us $60 billion annually, according to a statement made by U.S. Attorney General Eric Holder last year at a National Institutes of Health summit.

By definition, health-care fraud involves deception or misrepresentation that results in an unauthorized benefit. It increases the cost of providing benefits to employees companywide, which in turn increases the overall cost of doing business — regardless of industry. And while only a slight percentage of health-care providers and consumers deliberately engage in fraud, that small amount can raise costs significantly. The increased costs appear in the form of higher premiums and out-of-pocket expenses or reduced benefits or coverage for employees.

The good news is that organizations have numerous tools at their disposal to help combat this problem. Most important, perhaps, are the contributions internal auditors can make and the unique expertise they bring to fraud-fighting efforts. With the right approach and technology tools, auditors can help identify control weaknesses that leave the organization susceptible to health-care fraud and track down potential indicators that such fraud may have occurred or is in progress. Working with management as well as relevant external parties, internal auditors can help battle this loathsome beast and prevent it from devouring organizational assets.

DATA ANALYSIS

Access to the right information is critical to combating health-care fraud. Asking the appropriate questions and carefully sifting through relevant data can reveal potentially fraudulent activity and shed light on abuses that otherwise may not be found.

Much of the needed health-care information often resides with an organization’s health insurance provider or third-party claims administrators (TPAs) — employers should work cooperatively with these parties to obtain an understanding of the details. Specifically, employers should hold regular discussions with their providers or TPAs to collaborate on anti-fraud activities and understand their approach. Providers should share the details of their anti-fraud efforts with organizational management. They should also explain the techniques used to detect fraud and abuse and provide specific examples of potential frauds recently identified.

Companies also have access to claims databases through their insurance provider or their TPA. Analysis should be performed by these parties, and it generally should focus on identifying unusual patterns or trends (see “Health Claims Red Flags,” below), as such findings could signal fraudulent activity in the claims data. But even if the data does not contain indicators of potential fraud, it should still be mined continually to ferret out potential mistakes.

If it’s not already part of a company’s regular human resource (HR) administration process, simply matching employee data with the TPA’s files could also shed light on potential problems. Some employees, for instance, may be in the wrong plan or have the wrong coverage. Moreover, former employees may still be listed
as covered.

DEPENDENT ELIGIBILITY

Another burden on employer health-care budgets can be the cost of providing coverage to employees’ ineligible dependents. While some employees may be defrauding the organization intentionally in this area, others might simply be violating benefit plan requirements unknowingly (see “It’s All So Confusing,” below).

Based on the level of controls built into a company’s benefits enrollment process, ineligible dependents could represent a significant portion of covered participants. One HR consulting firm says that, among its client companies, ineligible dependents comprised 12 percent of participants. At this level, an eligibility audit could potentially result in millions of dollars in savings.

Assess Risk Level

To determine a company’s risk of exposure to ineligible dependents, internal auditors should start with an assessment of the controls built into the benefits enrollment process. If the organization doesn’t require proof of eligibility during the initial enrollment process, the risk of exposure increases. Risk also increases if proof is required upon initial enrollment but not thereafter, such as when covered children reach a certain age.

Based on the level of risk identified, auditors, in conjunction with HR, can select one of several approaches to the next phase of their review: 

• Low Risk: Offer employees an amnesty period. The organization should remind employees of the benefit plan requirements and let them know that a review of eligibility will be performed. They should be given a reasonable amount of time to adjust their coverage as necessary without any repercussions — sometimes this alone can result in a significant level of compliance.
• Medium Risk: Require eligibility certification. In addition to the steps associated with low risk, the organization should require employees to complete an affidavit that certifies all of their covered dependents are eligible under the benefit plan requirements.
• High Risk: Audit employee eligibility. The audit department should perform a full eligibility audit after the organization completes the steps associated with low and medium risk situations.

Regardless of the scope of procedures the organization intends to deploy, it should be sure to communicate clearly, and as far in advance as possible. Employees should be informed that the audit may benefit them, as the company could be paying insurance premiums, health-care claims, and other costs for ineligible dependents. Hence, the costs for all employees and dependents who are legitimately covered may be higher than they should be.

Logistical Considerations

If a full eligibility audit is conducted, the parameters for remediation of coverage issues should be established up front. Employees should be informed, for example, if the organization expects them to repay past costs associated with dependents determined to be ineligible. Moreover, project parameters should describe the types of records required to document dependent status — for spouses, this may include a copy of a marriage license and the front page of a recent federal tax return featuring the spouse’s name; for children, a birth certificate showing the name of the employee as a parent may be required.

Internal auditors should consider segmenting the project into multiple parts, especially if the organization employs a large number of people. Based on the results of a pilot, they can determine the frequency and scope of future audits. The auditors can begin with a sample of employees, targeting the situations that tend to create the most confusion (see “It’s All So Confusing,” below).

Auditors should ensure that employees are allowed sufficient time to track down copies of required documentation and consider sending out a reminder halfway before the due date. They should also ensure the organization provides an appeals process for employees who do not respond with complete information or feel they should be allowed to explain their circumstances further, offering a chance to reinstate dependents.

PRIVACY CONCERNS

When performing their data analysis and eligibility reviews, internal auditors should consider supplementing the project with an evaluation of privacy and security controls geared toward preventing inadvertent or inappropriate access to — or disclosure of — employees’ confidential information. They should begin by meeting with the local security administrator to discuss security administration processes over HR and employee benefits. Key areas to evaluate include role-based security profiles for all users (employees and contractors), password and access controls over applicable systems, and logs monitoring user access activity.

AWARENESS

Employee awareness can be the best fraud prevention tool available. Auditors in every industry should learn more about health-care fraud and its effect on their business and pursue opportunities to educate employees on the cost drivers and the impact of fraud on their company. If the organization’s compliance program includes employee training and distribution of periodic updates, this would be a logical place to integrate employee awareness messaging.

At a minimum, internal auditors should be sure that any new employee orientation sessions cover basic health-care benefits guidance: 

• Don’t provide personal health coverage information to strangers.
• If you are uncertain why a third party is requesting certain personal information, contact your local benefits administrator.
• Don’t loan an insurance card to anyone not listed on the card as a covered individual.
• Familiarize yourself with the conditions under which health coverage is being extended to you and your dependents.

Given the complexities of health benefits administration, an organization almost cannot provide too much information to its employees about their coverage. Taking the guesswork out of the administration process can result in lower costs and happier employees in the long run.

KEEPING THE BEAST AT BAY

According to estimates in Behind The Numbers: Medical Cost Trends for 2011, a recent report by PricewaterhouseCoopers’ Health Research Institute, employers can expect to pay as much as 9 percent more for their workers’ health-care costs in 2011 compared to 2010. Moreover, the baby boomer generation is aging, leading to a workforce with more costly medical conditions. Although long-term benefits may be expected from U.S. health-care reform, in the short term most employers will be required to expand coverage offerings for employees and their dependents, thereby increasing costs. All of these factors point to an opportunity for health-care fraud to continue growing and, consequently, for internal auditors to play an important role in keeping this relentless beast at bay.