Medicare Advantage Organizations (MAOs) are private health plans that contract with the Centers for Medicare & Medicaid Services (CMS) to provide a menu of health care services similar to those offered under Original Medicare. They pay for the services with monthly fixed payments (capitation) from CMS. The business model for the MAO subjects them to financial, regulatory and patient-safety risks because:
- Revenues for MAOs are fixed, but their costs are not. Using best available data, MAOs compute actuarially the amount of payments to provide the care they are contractually obligated to provide and submit the projected amounts to CMS through a “bidding process.” MAOs do not necessarily receive the amounts in their bids. CMS benchmarks the payments to MAOs geographically, with adjustments for plan performance and health status of the MAO’s enrollees.
- Medicare has a myriad of regulations largely designed to protect beneficiaries, their privacy and well-being, and to define boundaries within which contract sponsors (Sponsors) must perform. MAOs must ensure that their operational staff comply with the defined rules on an ongoing basis so as not to cause beneficiary harm in their standard operating procedures, such as pre-service authorizations for benefits, payments for services rendered, etc. MAOs are under regular monitoring of various sorts by CMS as part of the agency’s oversight responsibilities in administering the Medicare program. Non-compliance can result in civil monetary penalties or even suspension of enrollment in severe cases.
- MAOs enroll eligible beneficiaries across the spectrum of health status related to age or disabling chronic conditions. They must ensure their enrollees’ health risks are appropriately attended to or, at a minimum, their conditions do not deteriorate during their enrollment. For example, enrollees’ frequent admissions to inpatient hospitals (in less than 30 days from discharge) are risks to the MAO’s performance, as is not reducing the enrollees’ risks of falling.
- MAOs typically subcontract healthcare providers to deliver care to their enrollees, including diagnostic tests, drugs and medical equipment. These providers are not employees of the MAO; they are the delegated entities. Oversight of delegated entities, also known as FDRs (first-tier, downstream and related entities), presents risks to the MAO, due to geographical and professional diversities.
- Fraud, waste and abuse probably represents one of the biggest risks to a healthcare organization because of the complexities of health service claims and the monetary amounts involved.
Recognizing the risks addressed above, most MAOs have a Risk Management Team comprised of a Compliance Officer, clinicians and operations specialists who collectively address, assess and manage risks to avoid adversities in all facets of the Medicare program.
The first step in healthcare risk management is to assess potential regulatory and operational risks before they turn into financial risks. Below are some recommended steps to establish a robust risk management program.
- Conduct an annual risk assessment, led by the Compliance Officer, who understands the regulatory obligations impacting the Medicare program.
- Assign risk assessment to the leadership of each functional area of the MAO to identify weaknesses in their respective domains.
- Stratify risks identified in each functional area to prioritize actionable measures for mitigation.
- Document healthcare risk management policies and procedures to ensure alignment of the disparate functional areas within the MAO. For instance, the Information Technology (IT) Department would have secure measures for protected health information (PHI), but the Claims Department personnel also must be vigilant about protecting PHI in plain view of an incoming FAX or in their work stations.
If the task of risk management sounds like a handful, it really is. An objective observer, such as an external consultant with expertise in various operational areas, can uncover some hidden risks or provide a different perspective on the significance of certain risks. Inovaare has a team of specialists and system applications to help MAOs comply with the myriad of Medicare rules and evolving changes in the program as well as operational risks related to beneficiaries, fraud, waste and abuse. If you would like an in-depth discussion on how to meet the challenges of risk management, please call us at 1.408.850.2235. or Contact Us