Raul G. Ordonez (raul.ordonez@jhsmiami.org) is Director, Compliance in the Office of Compliance and Ethics at Jackson Health System, Miami, FL.
With the passage of the Medicare Access to Care and CHIP Reauthorization Act of 2015 (MACRA), Congress set out to transform the US clinician compensation structure from a system that rewards providers for the volume of patients treated to a system that is “outcome-focused, patient-centered, and resource-effective.”[1]
For many, the passage of MACRA signaled the arrival of the forthcoming shift in US healthcare to an emphasis on value. Beginning in 2017, qualifying providers were required to participate in either an Advanced Alternative Payment Model (APM) or in the Merit-Based Incentive Payment System (MIPS). Both programs involve the submission of data relating to value-based treatment activities in return for incentive payments. Starting in 2019, CMS will begin to make the incentive payments resulting from providers’ year 2017 submissions. Now that providers will begin receiving payment from CMS related to these programs, it is as good a time as ever to consider the compliance risk associated. This article will provide an overview of the Quality Payment Program, explore the prospect of regulatory enforcement relating to the program, and consider best practices to help ensure compliance.
What is the Quality Payment Program (QPP)
MACRA requires qualifying providers to participate in either an Advanced APM or the MIPS program. These two tracks are what constitute the Quality Payment Program (QPP). An Advanced APM is a payment model developed by CMS in partnership with the clinical community whereby providers can enroll and receive incentives for delivering high-quality care that is cost efficient.[2] Advanced APMs may be designed to address specific clinical conditions, care episodes, or populations. Examples of APMs include the Shared Savings Program, patient-centered medical home models, the Oncology Care Model, and the Comprehensive Care for Joint Replacement Model. As of 2017, providers who participate in an Advanced APM and meet certain thresholds are eligible to receive a 5% bonus payment every year.
Meanwhile, qualifying providers who choose not to participate in an APM must participate in MIPS, which combined elements of three already-existing programs: the Physician Quality Reporting System (PQRS), the Physician Value-based Payment Modifier (VM) and the Medicare Electronic Health Record (EHR) Incentive Program for Eligible Professionals (also known as Meaningful Use). Specifically, providers submit data for four separate program categories: Quality, Promoting Interoperability, MIPS Improvement Activities, and cost.[3]
From the various performance measures, providers have the option to choose among Quality measures on which to submit data, and beginning in 2019, the Quality measures will account for 45% of the total MIPS score. Examples of Quality measures include screening for influenza immunization, breast cancer screening, colorectal cancer screening, body mass index (BMI) screening and follow-up, and falls risk assessment.
The second category, Promoting Interoperability (formerly operating as Meaningful Use), accounts for 25% of the total score and incentivizes use of the EHR to allow patients to access their own data and empower clinicians to share patient information with one another.
The third category, MIPS Improvement Activities, accounts for 15% of the total MIPS score and includes measures that assess improvement of care processes, increase patient participation in care, encourage patient and clinician collaboration, and promote increased patient access. Examples of Improvement Activities include care transition documentation practice improvements, advance care planning, and annual registration in the Prescription Drug Monitoring Program.
The final category is cost, which unlike the other three categories, does not require providers to submit any additional data. Each provider’s cost score is calculated by CMS entirely using that providers’ claims data and will be increased to account for 15% of the total MIPS score in 2019, up from just 10% the year before. Through the cost measure, CMS rewards those clinicians who provide care efficiently. Starting in 2019, qualifying providers not participating in an Advanced APM will be eligible to gain or lose 7% of their Medicare reimbursement based upon their performance in MIPS, up from 5% in 2018 and 4% in 2017.
Prospect of regulatory enforcement
Having considered the QPP’s basic structure, it is useful to contemplate whether regulatory enforcement is likely. Given the total cost of QPP and the recent history of the Meaningful Use program, it is foreseeable that the QPP could be the subject of future government audits. For the 2019 performance year, CMS forecasts lump sum APM incentive payments to amount between $600 and $800 million dollars. Likewise, while the total MIPS payment adjustments are required to be budget neutral (i.e., positive adjustments must equal negative adjustments), the program includes an additional $500 million in positive payment adjustments for providers who perform exceptionally well and surpass a certain threshold in their final MIPS score.[4]
The bonus for exceptional performance is not budget neutral and, therefore, will not be off-set by negative payment adjustments to providers who underperform. As such, as currently structured, between the Advanced APMs and MIPS bonus payments, the QPP costs the federal government well over $1 billion per year, a considerable sum that the government may target for fraudulent certifications by participating providers.
Moreover, to anticipate how the QPP may become the subject of federal government enforcement efforts, one need not look any further than one of the legacy programs that ultimately became MIPS—Meaningful Use. The OIG included Meaningful Use incentive payments as an item in the 2017 OIG Work Plan.[5] In its subsequent report, the OIG estimated that CMS inappropriately paid $729,424,395 in incentive payments to providers who did not meet the program requirements, because the providers did not maintain support for their attestations.[6] Per the report, because CMS conducted minimal documentation reviews of provider self-attestations, the program was vulnerable for abuse. The OIG recommended that CMS continue to audit the Meaningful Use program in order to recover the estimated sum resulting from inappropriate payments.
Seeing as the Meaningful Use program ultimately became the Promoting Interoperability component of MIPS, it is reasonable to suspect that the government may focus its audit and recovery efforts on the incentive payments that already occurred as a result of the Meaningful Use program as well as those that will begin to occur through QPP. In fact, in a follow-up review of QPP, the OIG cited the need for CMS to develop a comprehensive program integrity plan for the QPP and reiterated concerns regarding inaccurate data submission by providers. CMS responded that it was already developing an oversight plan for QPP data.[7] All in all, fraud risk associated with QPP is a well-documented subject of OIG and CMS concern, and more intensive auditing appears likely.
Practical steps
Having established that fraud relating to QPP will likely continue to develop as an enforcement priority, there are a variety of practices that providers and organizations can take to prepare themselves. The most notable enforcement action related to the Meaningful Use program to date was the $155 million DOJ settlement with EHR software company, eClinicalWorks, in May of 2017.[8] The settlement resolved allegations that the company falsely certified HHS-mandated requirements necessary for its clients to comply with Meaningful Use. Among other allegations, the government contended that due to the deficiencies in its software, the company caused the submission of false claims by its clients.
Notably, CMS elected not to pursue action against eClinicalWorks’ clients (the providers) despite them having attested to and submitted inaccurate information. In that case, the government chose to pursue action only against eClinicalWorks, because in its estimation, the providers acted in good faith. Although providers should not assume immunity from similar occurrences in the future, the eClinicalWorks case underscores the importance of providers maintaining certification letters from their EHR vendors that their software is in compliance with CMS standards. In the event the software is not built to CMS standards, maintenance of the certification letters may serve to prove good faith.
Another important control step is validation. For each MIPS measure submitted, providers should make a good faith effort to validate the reported information. In other words, if the software system reports that a certain number of patient encounters met a particular quality measure, for example, the provider should audit a sample of those medical charts to confirm that the system is accurately reporting the results for that measure. Larger organizations with many providers may need to set aside more time and more resources for the validations. Moreover, after validating the soon-to-be submitted information, providers should save the individual medical records used for the validation to serve as evidence of due diligence in the event of an audit. Similarly, for each reported measure, providers should consider memorializing a written explanation of how the measure was met and provide this in the event of an audit.
Compliance programs for larger organizations may need to first identify who in the organization is responsible for the data submission and validation process. The process may likely be managed by the IT department. According to the 2017 QPP Final Rule, providers must retain their records for possible auditing up to 10 years after the performance period.[9] As such, organizations should consider documenting the QPP submission and validation process in a policy and ensuring that responsible parties are continually trained and educated regarding their roles. Given how common employee turnover is in any organization, it is imperative that proper organizational standards for data submission and record maintenance be followed and preserved. Organizations may even want to create a QPP committee and include IT; clinician leadership; and the finance, quality, and compliance departments, among others. Updating stakeholders on the financial impact and quality components of the program, the committee can also serve to regularly update the compliance officer on data submission and validation efforts.
Lastly, compliance departments should consider auditing the organization’s validation process or engaging an outside auditor to ensure that the submitted information is actually validated regularly and accurately.
Conclusion
Through the QPP, the federal government aspires to transform the clinician compensation process through a system of incentives and penalties. However, those incentives are premised upon the submission of accurate information by participating providers. The Meaningful Use program and recent OIG reports make clear that the federal government has identified fraudulent data submission for unwarranted incentive payments as a considerable risk. Providers should prepare themselves to verify the accuracy of the data they submit to the QPP.
Takeaways
-
The Medicare Quality Payment Program (QPP) allows participating providers to earn bonus payments from CMS in return for the submission of specific data.
-
Provider submission of inaccurate data may result in improper payment.
-
Recent government commentary and Meaningful Use enforcement point to QPP as a potential enforcement priority for years to come.
-
Providers should take steps to prospectively validate submitted data.
-
Compliance programs should audit their organization’s internal controls to ensure accurate data submission.