Healthcare Fraud Risk Framework
Healthcare Fraud can take multiple forms. The quintessential Healthcare Fraud schemes include fraudulent billing for services not provided, billing for services provided but were not medically necessary, and services purposefully billed at a higher level than appropriate.
While Healthcare Fraud typically involves a monetary impact, it could also have non-monetary impacts. For instance, patients may be treated with services or products that are unnecessary or even harmful.
To help CMS, the General Accounting Office (GAO) issues a document each year called the “Fraud Risk Framework,” or a similar title. This comprehensive anti-fraud tool is available to CMS to combat fraud in a strategic, rigorous way.
The concepts of fraud and “fraud risk” are separate and distinct. Fraud is the act involving deception that, once found, can be criminally or civilly prosecuted. “Fraud risk,” on the other hand, is the chance that someone might commit fraud if the right circumstances are present. Those circumstances are:
- Motive to commit fraud
- Opportunity to engage in fraudulent activity
- Ability to rationalize the fraudulent behavior
In fact, existence of those three factors (motive, opportunity, and ability to rationalize behavior) is called “fraud triangle.” In other words, people who are not otherwise driven to commit fraud will do so under the right circumstances, i.e., when the “fraud triangle” exists.
While instances of actual Healthcare Fraud demonstrates that a fraud risk exists, a fraud risk may still exist even if the fraud has yet to be identified or has not yet occurred. Suspicious billing patterns or program complexities could feed into the creation of a fraud triangle, that may suggest risk of fraud.
With knowledge of the fraud triangle, the GAO created the Fraud Risk Framework applicable to all agencies.
The Fraud Risk Framework calls on executive branch agencies, like CMS, to first commit to the goal of combatting fraud. Because of the massive amount of taxpayer dollars that go into Medicare and Medicaid, it is not hard to get organizational buy-in on the notion that combatting Medicare Fraud and Medicaid Fraud is a top priority.
Second, an organization should put processes in place that will assess the risk of fraud. For CMS, the GAO framework would call on the agency to use the data at its disposal to identify all risks of fraud, and then prioritize which fraudulent activities require the most attention.
Third, the “design and implement” component requires the agency to create and document a tangible anti-fraud strategy, using the risk profile identified in the second “assess” phase. That is what the GAO means by a “risk-based” anti-fraud strategy. In a relatively recent report, the GAO concluded that CMS has not developed a risk-based anti-fraud strategy, and it should do so.
Fourth and finally, an agency should evaluate outcomes of the anti-fraud strategy and adapt the strategy as needed in order to improve fraud prevention methods. The GAO has found that CMS does have a monitoring and evaluation system in place to satisfy this fourth component of the Fraud Risk Framework. However, those evaluation systems are not effective unless CMS has designed a risk-based anti-fraud strategy to begin with.
In sum, the GAO’s Fraud Risk Framework provides a practical, comprehensive approach to tackle Medicare Fraud and Medicaid Fraud. Thus, one hopes that CMS and HHS-OIG hew closer to the Framework as they do their jobs to preserve our tax dollars.