[Federal Register Volume 76, Number 52 (Thursday, March 17, 2011)]
[Proposed Rules]
[Pages 14637-14641]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-6012]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
42 CFR Part 1007
[OIG-1203-P]
State Medicaid Fraud Control Units; Data Mining
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This proposed rule amends a provision in HHS regulations that
prohibits State Medicaid Fraud Control Units (MFCU) from using Federal
matching funds to identify fraud through screening and analyzing State
Medicaid claims data, known as data mining. To support and modernize
MFCU efforts to effectively pursue Medicaid provider fraud, we propose
to permit Federal Financial Participation (FFP) in the costs of defined
data mining activities under specified conditions. In addition, we
propose that MFCUs annually report the costs and results of approved
data mining activities to OIG.
DATES: To ensure consideration, public comments must be delivered to
the address provided below no later than 5 p.m. on May 16, 2011.
ADDRESSES: In commenting, please refer to file code OIG-1203-P. Because
of staff and resource limitations, we cannot accept comments by
facsimile (FAX) transmission.
You may submit comments in one of three ways (please choose only
one of the ways listed):
1. Electronically. You may submit electronic comments on specific
recommendations and proposals through the Federal eRulemaking Portal at
http://www.regulations.gov. (Attachments should be in Microsoft Word,
if possible.)
2. By regular, express, or overnight mail. You may send written
comments to the following address: Office of Inspector General,
Department of Health and Human Services, Attention: OIG-1203-P, Room
5541, Cohen Building, 330 Independence Avenue, SW., Washington, DC
20201. Please allow sufficient time for mailed comments to be received
before the close of the comment period.
3. By hand or courier. If you prefer, you may deliver, by hand or
courier, your written comments before the close of the comment period
to Office of Inspector General, Department of Health and Human
Services, Cohen Building,
[[Page 14638]]
330 Independence Avenue, SW., Washington, DC 20201. Because access to
the interior of the Cohen Building is not readily available to persons
without Federal Government identification, commenters are encouraged to
schedule their delivery with one of our staff members at (202) 619-
1343.
For information on viewing public comments, please see the
SUPPLEMENTARY INFORMATION section.
FOR FURTHER INFORMATION CONTACT: Richard Stern, Department of Health &
Human Services, Office of Inspector General, (202) 619-0480.
SUPPLEMENTARY INFORMATION:
Inspection of Public Comments: All comments received before the end
of the comment period are available for viewing by the public,
including any personally identifiable or confidential business
information that is included in a comment. All comments will be posted
on http://www.regulations.gov as soon as possible after they have been
received. Comments received timely will also be available for public
inspection as they are received, generally beginning approximately 3
weeks after publication of a document, at Office of Inspector General,
Department of Health and Human Services, Cohen Building, 330
Independence Avenue, SW., Washington, DC 20201, Monday through Friday
of each week from 10 a.m. to 5 p.m. To schedule an appointment to view
public comments, phone (202) 619-1368.
I. Background
In 1977, the Medicare-Medicaid Anti-Fraud and Abuse Amendments
(Pub. L. 95-142) were enacted to strengthen the capability of the
Government to detect, prosecute, and punish fraudulent activities under
the Medicare and Medicaid programs. Section 17(a) of the statute
amended section 1903(a) of the Social Security Act (the Act) to provide
for Federal participation in the costs attributable to establishing and
operating an MFCU. The requirements for operating an MFCU appear at
section 1903(q) of the Act. Regulations implementing the MFCU authority
appear at 42 CFR part 1007 and were promulgated in 1978.
Section 1903(a)(6) of the Act requires the Secretary of Health and
Human Services (the Secretary) to pay FFP to a State for MFCU costs
``found necessary by the Secretary for the elimination of fraud in the
provision and administration of medical assistance provided under the
State plan.'' Under the section, States receive 90 percent FFP for an
initial 3 year period for the costs of establishing and operating a
MFCU, including the costs of training, and 75 percent FFP thereafter.
Presently, all States with MFCUs receive FFP at a 75 percent rate.
General administrative costs of operating a State Medicaid program are
reimbursed at a rate of 50 percent, although enhanced FFP rates are
available for other activities, including those associated with
Medicaid management information systems (MMIS).
To increase MFCU effectiveness in eliminating Medicaid fraud, we
propose to modify an existing prohibition on the payment of FFP for
activities generally known as ``data mining.'' We discuss the reasons
for this proposed modification below.
For the purposes of this proposed rule, we are using the term
``data mining'' to refer specifically to the practice of electronically
sorting Medicaid claims through statistical models and intelligent
technologies to uncover patterns and relationships contained within the
Medicaid claims activity and history to identify aberrant utilization
and billing practices that are potentially fraudulent.
Routine program monitoring activities, including data mining, are
conducted through analysis of Medicaid data and have historically been
the responsibility of each State Medicaid agency. This practice places
the sole burden of identifying potentially fraudulent practices based
on this type of analysis on the State Medicaid agencies and requires
the MFCUs to remain highly dependent on referrals from State Medicaid
agencies and other external sources.
While MFCUs may have access to Medicaid data, which currently may
be used for the purposes of individual case development, they do not
have the authority to claim FFP to conduct data mining to identify
potential Medicaid fraud and, therefore, are limited to relying on
referrals from State Medicaid agencies based on the State agencies'
analysis methods, tools, and techniques. Many MFCUs work actively with
a variety of State agencies and private referral sources, such as
individual providers and private citizens, to identify possible fraud
or cases of patient abuse and neglect and to undertake detection
activities.
We believe that amending the existing regulation to permit FFP in
data mining activities will be an efficient use of available resources.
At the Federal level, analysis of claims data has increased OIG's
effectiveness in deploying law enforcement resources and proactively
identifying suspected fraud. Using data analysis, Medicare Fraud Strike
Forces operated by HHS and the U.S. Department of Justice have
identified seven ``hot spots'' based on high indicators of fraud
against the Medicare program. The Strike Forces analyze Medicare data
to identify unexplained high-billing levels in concentrated areas so
that interagency teams can target emerging or migrating schemes along
with chronic fraud. By using data mining and other law enforcement
tools to efficiently focus Federal law enforcement activities, Medicare
Fraud Strike Force efforts have resulted in hundreds of criminal
charges, convictions and more than $355 million in court-ordered
restitutions, fines and penalties for fraud against the Medicare
program since 2007. We could not attribute these results directly to
use of data mining and data analysis techniques alone. Moreover, we
would not expect individual State MFCUs to produce results comparable
to the combined efforts of HHS and DOJ in a high priority national
Medicare investigative and prosecutorial effort. However, we anticipate
that data mining by MFCUs at the State level could enhance the MFCU's
ability to counter new and existing fraud schemes by more effectively
identifying early fraud indicators. In addition, data mining would
equip MFCUs with more modern tools that have been shown at the Federal
level to help increase the numbers of credible investigative leads,
pursue recoveries, and detect emerging fraud and abuse schemes and
trends.
The 1978 publication of the final rule now codified in 42 CFR part
1007 addressed in some detail the relationship between the MFCUs and
the State Medicaid agency. In response to a comment that MFCUs should
be responsible for the ``investigation of non-fraudulent program
abuse,'' the preamble to the final rule noted that functions such as
``claims processing, utilization control and other reviews or
analysis'' are already subject to incentive funding as part of the
mechanized claims processing systems operated by the State Medicaid
agency (43 FR 32078, 32080-32081 (July 24, 1978)). The preamble stated
that ``there is no indication that Congress intended an overlap of
funding for such matters'' (43 FR 32081). Data mining is one such
function that may be conducted as part of the State Medicaid agency's
mechanized claims processing system and is subject to Federal
reimbursement received by State Medicaid agencies.
Since issuance of the 1978 rule, tools and methods for identifying
aberrant patterns in claims data have advanced significantly and become
more widely available. At the same time, health care
[[Page 14639]]
fraud schemes have become more sophisticated. Use of data mining
technology is a strategy that is routinely used by law enforcement
agencies to identify billing patterns and provider linkages that may
have been previously undetected with traditional methods of claims
review. We believe that allowing MFCUs the ability to receive funding
for use of sophisticated data mining technology would allow them to
marshal their resources more effectively and take full advantage of
their expertise in detecting and investigating Medicaid fraud. It would
also allow the MFCUs to operate without relying solely on individual
case referrals from a Medicaid program integrity unit or from other
sources.
``Review contractors'' selected by the CMS Medicaid Integrity Group
also may perform data mining as part of their activities. Therefore,
MFCUs that receive approval to conduct data mining as part of their
respective memorandums of understanding would need to coordinate their
activities both with State Medicaid agencies and the review
contractors. All review contractors already operate under a ``Joint
Operating Agreement'' with each of the States in which they are
operating. Review contractors are also required to share with MFCUs, as
well as with other interested law enforcement or oversight agencies,
the algorithms they are using and the identity of any targets that are
identified as a result of their data mining activities.
A 2007 OIG study identified variability among States in the level
of cooperation in identifying cases of potential fraud and in the
number and quality of referrals from State Medicaid agencies to MFCUs
(Suspected Medicaid Fraud Referrals, OEI-07-04-00181, January 2007).
Based on the variability found in this study, we believe that allowing
MFCUs to claim FFP to conduct data mining, performed in cooperation
with the State Medicaid agencies, would reduce such variability and
increase the level of referrals in some States.
We believe that three elements are critical to ensuring the
effective use of data mining by MFCUs. First, we believe that MFCUs and
State Medicaid agencies must fully coordinate the MFCUs' use of data
mining and the identification of possible provider fraud. For example,
MFCUs should not pursue fraud investigations without determining
whether the State Medicaid agency is considering an overpayment or
other administrative action for the same provider. Second, programmatic
changes (for example, changes in billing codes) may result in certain
data appearing aberrant when in fact they are not. In such situations,
MFCU staff conducting data mining would need to rely on the
programmatic knowledge of State Medicaid agency staff to appropriately
identify possible instances of fraud. Third, we believe that MFCU staff
would need to be properly trained in data mining techniques.
For these reasons, we are proposing to include additional language
in 42 CFR section 1007.20 that establishes the following conditions
under which an MFCU may claim FFP in costs of data mining: (1) The MFCU
describes the duration of the data mining activity and the amount of
staff time to be expended; (2) the MFCU identifies the methods of
cooperation between the MFCU and Medicaid agency, and between the MFCU
and review contractors selected by the CMS Medicaid Integrity Group;
and (3) MFCU employees engaged in data mining receive specialized
training in data mining techniques. We are also proposing that the
agreement between the MFCU and Medicaid agency, required under section
1007.9(d) of the regulations, describe how the MFCU will satisfy these
conditions and that OIG, as the oversight agency for the MFCUs, must
approve this part of the agreement. OIG would review and approve
proposed agreements in consultation with CMS. FFP will only be
available to those States that satisfy the conditions at section
1007.20 and receive approval from OIG.
Including the terms of an MFCU's data mining in the existing
agreement with the Medicaid agency would be logical and efficient. Data
mining has been the traditional province of State Medicaid agencies and
depends upon access to data maintained by the Medicaid agencies. Thus,
data mining requires unique coordination of the resources and expertise
of both an MFCU and a State Medicaid agency to avoid duplication and to
leverage each agency's resources. We do not intend that this
coordination, as part of the agreement between the agencies, interfere
with an MFCU's independence or its separate and distinct identity. As
before, a Medicaid agency may not provide ongoing scrutiny or review of
an MFCU's data mining activities and under no circumstances would a
State Medicaid agency be able to prevent or prohibit an MFCU from
initiating, carrying out or completing an investigation or prosecution
that may result from data mining.
We are also proposing to add a provision that requires those MFCUs
approved to claim FFP and engage in data mining to include the
following information in their annual report: Costs associated with
expenditures attributed to data mining activities; the number of cases
generated from those data mining activities; the outcome and status of
those cases; and monetary recoveries resulting from those activities.
This information will be used by OIG in conducting its oversight and
monitoring of the MFCUs.
II. Provisions of the Proposed Regulation
Federal regulations at 42 CFR 1007.19(e)(2) specify that State
MFCUs are prohibited from using Federal matching funds to conduct
``efforts to identify situations in which a question of fraud may
exist, including the screening of claims, analysis of patterns of
practice, or routine verification with recipients of whether services
billed by providers were actually received.'' The prohibition on
Federal matching for ``screening of claims [and] analysis of patterns
of practice'' is commonly interpreted as a prohibition on Federal
matching for the costs of data mining by MFCUs. We propose to amend
section 1007.19(e) to provide for an exception to this general
prohibition on FFP under conditions described in new section 1007.20.
We propose to add a new section 1007.20 that would describe the
conditions under which the Federal share of data mining costs would be
available to MFCUs. We would also amend section 1007.1 (Definitions) by
adding a definition of data mining for the purposes of this rule.
Finally, the proposed rule would amend 42 CFR section 1007.17 (Annual
Report) to include additional reporting requirements by MFCUs to
capture costs associated with expenditures attributed to data mining
activities; the number of cases generated from those data mining
activities; the outcome and status of those cases; and monetary
recoveries resulting from those activities.
III. Regulatory Impact Statement
A. Regulatory Analysis
We have examined the impacts of this proposed rule as required by
Executive Order 12866, the Unfunded Mandates Reform Act of 1995, and
the Regulatory Flexibility Act of 1980 (RFA) (Pub. L. 96-354).
Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and, when regulation is
necessary, to select regulatory approaches that maximize
[[Page 14640]]
net benefits (including potential economic, environmental, public
health, and safety effects; distributive impacts; and equity). A
regulatory impact analysis must be prepared for major rules with
economically significant effects ($100 million or more in any given
year). Since this proposed regulation will not have a significant
effect on program expenditures and as there are no additional
substantive costs to implement the resulting provision, we do not
consider this to be a major rule.
The proposed rule would allow MFCUs to obtain Federal matching
funds to conduct data mining in efforts to detect potential fraudulent
activity. We believe that the aggregate economic impact of this rule
will be minimal and will have no significant effect on the economy or
on Federal or State expenditures. However, since MFCUs have until this
year not conducted data mining, we have only limited information about
costs and benefits at the State level. One State MFCU, Florida,
received approval from the Secretary of Health and Human Services to
conduct data mining as a demonstration project under section 1115 of
the Social Security Act that commenced on August 1, 2010.
Any economic impact from reimbursing State MFCU data mining
activities will likely result in savings of both State and Federal
dollars. For the MFCU community as a whole, the return on investment
from MFCU activities (calculated from the ratio of total reported
dollar value of civil and criminal recoveries to the total dollar value
of Federal and State expenditures for all MFCUs) exceeded 6.0 for the
last 3 available years, Federal Fiscal Years (FYs) 2007, 2008, and
2009. This ratio does not reflect the considerable output of the MFCUs
related to their criminal prosecutions that do not result in monetary
recoveries, including more than 1,200 criminal convictions for each of
FYs 2007, 2008, and 2009.
We anticipate that the return on investment from data mining
activities by the MFCUs will enhance the ability of MFCUs to
effectively target and deploy existing enforcement resources, which is
expected to result in increased numbers of enforcement actions and
recoveries. To the extent that there is any economic impact, that
impact will likely result in savings of Federal and State dollars.
Unfunded Mandates Reform Act
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) (2
U.S.C. 1531-1538) establishes requirements for Federal agencies to
assess the effects of their regulatory actions on State, local, and
tribal governments and the private sector. Under UMRA, before issuing
any rule that may result in costs greater than $110 million to State,
local, or tribal governments, in the aggregate, or to the private
sector, agencies must assess the rule's anticipated costs and benefits.
This proposed rule does not impose any Federal mandates on any State,
local, or tribal government or the private sector within the meaning of
UMRA, and thus, a full analysis under UMRA is not necessary.
Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.)
generally requires an agency to conduct a regulatory flexibility
analysis of any rule subject to notice and comment rulemaking
requirements unless the agency certifies that the rule will not have a
significant economic impact on a substantial number of small entities.
For the purposes of RFA, small entities include small businesses,
certain nonprofit organizations, and small government jurisdictions.
Individuals and States are not included in this definition of a small
entity. This proposed rule would revise regulations that prohibit State
MFCUs from using Federal matching funds to conduct ``efforts to
identify situations in which a question of fraud may exist, including
the screening of claims, analysis of patterns of practice, or routine
verification with recipients of whether services billed by a provider
were actually received.'' These revisions impose no significant
economic impact on a substantial number of small entities. Therefore,
the undersigned certifies that this rule will not have a significant
impact on a substantial number of small entities.
Executive Order 13132
Executive Order 13132 (entitled ``Federalism'') prohibits, to the
extent practicable and permitted by law, an agency from promulgating a
regulation that has federalism implications and either imposes
substantial direct compliance costs on State and local governments and
is not required by statute, or preempts State law, unless the relevant
requirements of section 6 of the Executive Order are met. This rule
does not have federalism implications and does not impose substantial
direct compliance costs on State and local governments or preempt State
law within the meaning of the Executive Order.
B. Paperwork Reduction Act
Under the Paperwork Reduction Act (PRA) of 1995, before a
collection-of-information requirement is submitted to Office of
Management and Budget (OMB) for review and approval, we are required to
provide a 60-day notice in the Federal Register and solicit public
comment. We propose to require that MFCUs report annually on the costs
of data mining and the outcomes of cases identified, including monetary
recoveries. In order to evaluate fairly whether this information
collection should be approved by OMB, section 3506(c)(2)(A) of the PRA
requires that we solicit comment on the following issues:
The need for the information collection and its usefulness
in carrying out the proper functions of our agency;
The accuracy of our estimate of the information collection
burden;
The quality, utility, and clarity of the information to be
collected; and
Recommendations to minimize the information collection
burden on the affected public, including automated collection
techniques.
Under the PRA, the time, effort, and financial resources necessary
to meet the information collection requirements referenced in this
section are to be considered. We explicitly seek, and will consider,
public comment on our assumptions as they relate to the PRA
requirements summarized in this section. Comments on these information
collection activities should be sent to the following address within 60
days following the Federal Register publication of this proposed rule:
OIG Desk Officer, Office of Management and Budget, Room 10235, New
Executive Office Building, 725 17th Street, NW., Washington, DC 20053.
IV. Public Inspection of Comments and Response to Comments
Comments will be available for public inspection beginning May 16,
2011, in Room 5541, Office of External Affairs, Office of Inspector
General, at 330 Independence Avenue, SW., Washington, DC 20201, from
Monday through Friday of each week (Federal holidays excepted) between
the hours of 10 a.m. and 5 p.m., (202) 619-1368.
Because of the large number of items of correspondence we normally
receive on Federal Register documents published for comment, we are not
able to acknowledge or respond to them individually. We will consider
all comments we receive by the date and time specified in the DATES
section of this preamble, and will respond to the comments in the
preamble of the final rule.
[[Page 14641]]
List of Subjects in 42 CFR Part 1007
Administrative practice and procedure, Fraud, Grant programs--
health, Medicaid, Reporting and recordkeeping requirements.
Accordingly, 42 CFR part 1007 is proposed to be amended as set
forth below:
PART 1007--[AMENDED]
1. Revise the authority citation to part 1007 to read as follows:
Authority: 42 U.S.C. 1396b(a)(6), 1396b(b)(3), 1396b(q), and
1302.
2. In Sec. 1007.1, add in alphabetical order the definition for
``data mining'' to read as follows:
Sec. 1007.1 Definitions.
* * * * *
Data mining is defined as the practice of electronically sorting
Medicaid claims through statistical models and intelligent technologies
to uncover patterns and relationships contained within the Medicaid
claims activity and history to identify aberrant utilization and
billing practices that are potentially fraudulent.
* * * * *
3. In Sec. 1007.17, add paragraph (i) to read as follows:
Sec. 1007.17 Annual report.
* * * * *
(i) All costs expended that year attributed to data mining
activities under Sec. 1007.20; the number of cases generated from
those data mining activities; the outcome and status of those cases,
including the expected and actual monetary recoveries (both Federal and
non-Federal share); and any other relevant indicia of return on
investment from such activities.
* * * * *
4. In Sec. 1007.19, revise paragraph (e)(2) to read as follows:
Sec. 1007.19 Federal financial participation (FFP).
* * * * *
(e) * * *
(2) Routine verification with recipients of whether services billed
by providers were actually received, or, except as provided in section
1007.20, efforts to identify situations in which a question of fraud
may exist, including the screening of claims and analysis of patterns
of practice that involve data mining as defined in section 1007.1;
* * * * *
5. Add Sec. 1007.20 to read as follows:
Sec. 1007.20 Conditions under which data mining is permissible and
approval by HHS Office of Inspector General.
(a) Notwithstanding Sec. 1007.19(e)(2), a unit may engage in data
mining and receive Federal Financial Participation only under the three
following conditions:
(1) The activity has a defined duration and staff time devoted to
the activity is described;
(2) The MFCU identifies the methods of cooperation between the MFCU
and State Medicaid agency as well as a primary point of contact for
data mining at the two agencies; and
(3) MFCU employees engaged in data mining receive specialized
training in data mining techniques.
(b) The MFCU shall describe how it will comply with each of the
conditions described in paragraph (a) of this section as part of the
agreement required by Sec. 1007.9(d).
(c) The Office of Inspector General, Department of Health and Human
Services, in consultation with the Centers for Medicare & Medicaid
Services, approves in advance the provisions of the agreement as
defined in paragraph (b) of this section.
Dated: May 14, 2010.
Daniel R. Levinson,
Inspector General.
Dated: October 15, 2010.
Kathleen Sebelius,
Secretary, Department of Health and Human Services.
Editorial Note: This document was received in the Office of the
Federal Register on March 10, 2011.
[FR Doc. 2011-6012 Filed 3-16-11; 8:45 am]
BILLING CODE 4152-01-P