HHS OIG Issue Brief · December 2017 · OEI-12-16-00500 Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid Personal Care Services Key Takeaways: This issue brief highlights the involvement of State Medicaid Fraud Control Units (MFCUs or Units) in pursuing fraud and  During fiscal years (FYs) beneficiary abuse in Medicaid personal care services (PCS). 2012–2015, cases regarding fraud in Personal Care Services Medicaid personal care services (PCS) were PCS consist of services supporting activities of daily living, a substantial and growing such as bathing, dressing, light housework, meal preparation, percentage of Medicaid and transportation.1 PCS providers provide this assistance to Fraud Control Unit (MFCU) the elderly, people with disabilities, and individuals with cases and outcomes. chronic or temporary health conditions so that they can remain  MFCUs have made in their homes and communities.2 recommendations to Medicaid PCS are typically provided by PCS attendants in address vulnerabilities in the PCS program. a home or community-based setting (often in a beneficiary’s private residence), but may also be provided in an assisted  MFCUs lack the Federal living facility or other congregate (group) setting. Although funding authority to pursue there are no Federal qualification requirements, such as abuse or neglect of minimum training or education requirements, States must beneficiaries that occurs in beneficiaries’ homes—the develop their own qualifications or requirements for PCS location where PCS are providers.3 With this being the case, PCS provider often provided. qualification requirements may vary significantly from State to State. Generally, PCS are delivered through one of two models: agency-directed PCS or self-directed PCS. With agency-directed PCS, agencies hire and train attendants to provide PCS to eligible beneficiaries.4 With self-directed PCS, beneficiaries hire and supervise their own PCS providers. PCS are offered as either an optional benefit through a Medicaid State plan or through various demonstration projects and waiver programs in all States, including the District of Columbia. PCS expenditures generally increased between FYs 2012 and 2015. In FY 2015 (the most recent year for which data were available), Federal and State Medicaid spending on PCS totaled approximately $13.3 billion. This represented an increase of 21 percent compared to FY 2012, when Medicaid expenditures for PCS totaled about $10.9 billion.5 Medicaid Fraud Control Units MFCUs are entities in State government that investigate and prosecute (1) Medicaid provider fraud that occurs in any care setting and (2) patient abuse or neglect that occurs either in Medicaid-funded health care facilities or in board and care facilities.6 Currently, 49 States and the District of Columbia (States) operate MFCUs. The Office of Inspector General (OIG) collaborates with the MFCUs on fraud cases, awards Federal matching funds to each MFCU through a MFCU grant, and provides program oversight. MFCUs investigate and prosecute the broad variety of health care providers and other providers who serve Medicaid beneficiaries, including PCS providers and attendants. RESULTS During the review period, PCS fraud cases were a substantial and growing percentage of MFCU cases and outcomes In FY 2015, fraud cases involving PCS providers or attendants constituted 12 percent of total investigations. With regard to criminal outcomes, fraud cases involving PCS providers or attendants constituted an even larger percentage from FY 2012 through FY 2015; 38 percent of indictments and 34 percent of convictions involved PCS providers or attendants. Because PCS attendants are not required to be directly enrolled as Medicaid providers in most States, there is no precise information on the number of PCS attendants who participate in the Medicaid program. However, PCS providers are 1 of over 80 provider types investigated by the MFCUs and represented $13 billion out of $524 billion total Medicaid expenditures during FY 2015. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 2 Moreover, MFCU casework involving PCS saw large increases during our 4-year review period. During that time, the number of MFCUs’ fraud indictments of PCS providers or attendants increased 56 percent and convictions increased 33 percent.7 MFCUs have made recommendations to assist States in strengthening PCS oversight Many MFCUs reported to OIG that they made recommendations to State Medicaid agencies to strengthen PCS program safeguards.8 However, Units generally reported that State Medicaid agencies had implemented their recommendations only minimally. MFCUs recommended that State Medicaid agencies enroll or register PCS attendants or assign each attendant a unique identifier Some Units reported to OIG that they recommended to their State Medicaid agencies that the agencies enroll PCS attendants as Medicaid providers or include PCS attendants in a provider registry so as to assign a unique provider identification number to PCS attendants to include on claims for reimbursement. Some Units reported that the lack of enrollment or registration of PCS attendants into the Medicaid program is a program integrity challenge. Specifically, Units reported that in some States, PCS attendants are not required to enroll in the Medicaid program or register as Medicaid providers. As a result, PCS attendants are not assigned individual provider identification numbers. MFCUs reported that the inability to identify individual PCS attendants inhibits the ability to identify fraudulent providers. MFCUs reported that without provider enrollment or registries that assign unique identifiers to PCS attendants, it is difficult to monitor the billing of individual attendants to determine which ones may have engaged in fraud or beneficiary abuse or neglect. One Unit identified an additional benefit from enrolling PCS attendants in Medicaid: individuals who enroll may be better informed about Medicaid procedures and requirements, including the consequences for committing fraud. MFCUs recommended that State Medicaid agencies require background checks for PCS attendants Units recommended that their State Medicaid agencies require PCS attendants to receive background checks or other vetting before being allowed to provide services to beneficiaries. Units reported that having only minimal requirements for background checks or vetting for PCS attendants potentially leaves vulnerable beneficiaries at risk—individuals with criminal histories may enter beneficiaries’ private residences to provide PCS and may bill the Medicaid program for these services. For example, if safeguards such as thorough and complete background checks had been in place, they might have kept out of the program a PCS attendant in Arizona who ultimately pleaded guilty to theft and financial exploitation of a vulnerable adult. In 2015, the PCS attendant stole checkbooks, cash, credit cards, and personal items belonging to the beneficiaries for whom she provided care. The PCS agency that had employed the attendant reported that before hiring her, they checked for felony arrests and found none. However, she Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 3 had been arrested multiple times for misdemeanors. The company later learned that she had lost her license as a certified nursing assistant in 2009 for previous incidents dating back to 1999. MFCUs recommended that State Medicaid agencies institute additional documentation requirements for PCS MFCUs recommended that State Medicaid agencies require One Unit explained that PCS attendants to (1) provide detailed or standardized the State Medicaid timesheets or other forms of verification of how many hours agency has minimal in a day were worked, as well as the start and stop times for control over services, does not verify that the services; or (2) require PCS attendants to submit services are provided, or documentation of the PCS provided. Units reported that gauge the quality of the minimal PCS documentation is a program integrity challenge care. because PCS claims data may not contain the identity of the Source: OIG analysis of MFCU PCS attendant(s), the number of hours of PCS that were responses to OIG electronic provided per day, or the time of day during which the questionnaire, 2016. services were provided. As with attendants’ not being enrolled in Medicaid or registered as Medicaid providers, the lack of documentation inhibits the ability to identify fraudulent individuals and services. 9 MFCUs recommended that State Medicaid agencies improve ongoing oversight of PCS providers and the services they deliver to vulnerable populations Units recommended that State Medicaid agencies implement a variety of controls specific to ongoing oversight of PCS providers and the services that they deliver. Units recommended that the State Medicaid agencies (1) require beneficiary case managers to conduct more frequent in-home supervisory visits; (2) require training for PCS attendants; and (3) cross-reference attendant and beneficiary location to ensure that PCS providers do not bill for services while the beneficiary or the attendant is elsewhere. Units reported that the minimal supervision of PCS attendants leaves beneficiaries vulnerable to abuse and neglect. PCS beneficiaries may be especially ill equipped to make a complaint that leads to an investigation or to assist in evidence collection for an investigation. Beneficiaries may suffer from cognitive impairment, be hesitant to provide unfavorable information to authorities, or be unable to confirm that quality services were delivered. Therefore, it is even more important that preventive measures—such as improved oversight of PCS providers— be taken to protect this vulnerable population. MFCUs’ limited funding authority to investigate complaints of beneficiary abuse or neglect constrains their ability to protect beneficiaries receiving PCS services Under current statute, MFCUs may generally not receive Federal funding to investigate and prosecute beneficiary abuse or neglect that occurs in a home- or community-based setting, such as abuse or neglect by a PCS provider in a beneficiary’s home.10 However, MFCUs may investigate such situations of beneficiary abuse or neglect when they arise as part of a fraud Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 4 investigation. Units reported that patient abuse or neglect was involved in less than 6 percent of their PCS fraud investigations, indictments, convictions, and recoveries.11 Approximately 40 percent of Units also reported that this limited Federal funding authority constrains their ability to protect beneficiaries. Given that MFCUs are ineligible to receive Federal funding to pursue abuse or neglect complaints in nonfacility settings, MFCUs generally refer these complaints to other investigative agencies. In total, MFCUs referred 871 complaints of PCS beneficiary abuse or neglect to other investigative agencies during the review period because the MFCUs were ineligible to receive Federal funding to investigate and prosecute these cases themselves. See Exhibit 2 for a list of the investigative agencies to which MFCUs referred complaints of PCS beneficiary abuse or neglect during the review period. Nearly all MFCUs—42 of 50—reported that they are not informed of the outcomes of these cases after they refer the complaints. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 5 Fifteen Units reported to us their belief that their ineligibility to receive Federal funding to pursue allegations of abuse or neglect of PCS beneficiaries in nonfacility settings may affect their ability to protect beneficiaries. As one of these Units stated, if MFCUs’ Federal funding authority for cases of abuse and neglect were expanded to nonfacility settings, these cases would receive the same level of investigative expertise and aggressive prosecution as the other cases handled by the MFCUs. This Unit also expressed its view that there is no State agency better equipped than the MFCU to criminally pursue these types of cases. In May 2017—less than a year after Units reported these concerns to OIG—38 State Attorneys General requested a change in Federal policy to allow MFCUs to use Federal funds to (1) investigate and prosecute abuse and neglect of Medicaid beneficiaries in noninstitutional settings and (2) screen complaints or reports alleging potential patient abuse or neglect in any setting.12 Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 6 CONCLUSION The volume and growth of MFCU investigations and prosecutions of PCS fraud suggest that PCS remain vulnerable to fraud and support the need for greater oversight of Medicaid PCS. To improve PCS program integrity and protect beneficiaries, OIG encourages the Centers for Medicare & Medicaid Services (CMS) to work with State Medicaid agencies to implement the recommendations made by MFCUs outlined in this issue brief. CMS has made efforts to improve PCS program integrity by disseminating information about PCS program vulnerabilities to States and encouraging States to address these weaknesses. However, MFCUs report that States have generally not implemented the specific recommendations that MFCUs made to them for strengthening program integrity. The recommendations that MFCUs made to States align with recommendations that OIG has made previously to CMS. OIG’s June 2016 portfolio titled Personal Care Services: Trends, Vulnerabilities, and Recommendations for Improvement (OIG-12-12-01) summarizes findings from a body of work that OIG has conducted regarding PCS and offers recommendations for improving program oversight.13 These recommendations were further emphasized in an October 2016 OIG investigative advisory that described a few of the many examples of PCS fraud and beneficiary abuse that OIG has identified in its investigations.14 In the portfolio and investigative advisory, OIG recommended—consistent with the recommendations by MFCUs—that CMS make the following improvements:  require States to enroll or register PCS attendants as Medicaid providers or assign each attendant a unique identifier;  institute qualification requirements and screening requirements for PCS providers;  require that PCS claims include the specific date(s) when services were performed and the identity of the rendering PCS providers;  issue operational guidance for beneficiary assessments, plans of care, and supervision of attendants; and  consider whether additional controls are needed to ensure that PCS are allowed under program rules and are provided. OIG continues to support these recommendations. In addition, to protect beneficiaries from abuse and neglect, it is key that Federal funding authority be expanded so that MFCUs can investigate and prosecute cases of patient abuse and neglect in nonfacility settings. This is particularly important given that beneficiaries in nonfacility settings are a vulnerable population who may be unable to supervise and monitor their own PCS providers. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 7 METHODOLOGY The analysis in this data brief is based on data from two sources: (1) data collected from 50 Medicaid Fraud Control Units (MFCUs or Units), and (2) OIG investigative data. MFCU data: We administered electronic questionnaires to all 50 Units. Units responded to the questionnaire in September 2016. We received questionnaire responses from all 50 Units. However, because some MFCUs do not track or maintain some of the data that was requested in the electronic questionnaire, some Units did not respond to all survey questions. Our item nonresponse ranged from 2 to 5 missing responses for some questions. Units that were unable to provide these specific data were excluded from the corresponding calculations. We analyzed all of the questionnaire data for all Units and requested additional data and clarification as needed. We analyzed key numeric indicators, such as the number of PCS referrals, investigations, indictments, convictions, and recoveries for FY 2012 through FY 2015. We also conducted a qualitative review of narrative responses on subjects such as recommendations made to the State Medicaid agency. Additional data and analysis that are not presented in this data brief are available online at https://oig.hhs.gov/oei/reports/oei-12-16-00500.asp. Additional data and analysis include the following data for FYs 2012 through 2015: (1) MFCUs’ investigations, indictments, and convictions regarding PCS fraud; (2) MFCUs’ investigations, indictments, and convictions regarding both PCS fraud and beneficiary abuse or neglect; (3) PCS referrals that MFCUs received; (4) the proportion of PCS referrals that MFCUs received for which they were ineligible to receive Federal funding to investigate; and (5) the number of PCS patient abuse or neglect referrals that MFCUs made to various State agencies. In addition to the survey data that we collected for this data brief, OIG routinely collects statistical information from each of the MFCUs as part of an Annual Statistical Report. The information includes statistics about MFCU investigations, indictments, convictions, civil settlements, and recoveries. For more information, please visit https://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu/. OIG investigative data: We collected data from the investigative component of OIG to identify the extent of joint OIG-MFCU casework on PCS for calendar years 2012 through 2015. Data elements included PCS investigations, convictions, and recoveries that resulted from cases worked jointly by OIG and MFCUs. Limitations The questionnaire data collected from Units were self-reported. We did not independently verify Units’ responses; however, we reviewed responses for consistency and possible data-entry errors. MFCUs do not track or maintain some of the data that the electronic questionnaire requested. Units that were unable to provide specific data were excluded from the corresponding calculations. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 8 Standards This study was conducted in accordance with the Quality Standards for Inspection and Evaluation issued by the Council of the Inspectors General on Integrity and Efficiency. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 9 ACKNOWLEDGMENTS Jordan Clementi and Lyndsay Patty served as team leaders for this study. Office of Evaluation and Inspections staff who provided support include Althea Hosein and Christine Moritz. This report was prepared under the direction of Richard Stern, Director of the Medicaid Fraud Policy and Oversight Division. To obtain additional information concerning this report or to obtain copies, contact the Office of Public Affairs at Public.Affairs@oig.hhs.gov. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 10 ENDNOTES 1 OIG, Personal Care Services: Trends, Vulnerabilities, and Recommendations for Improvement, OIG-12-12-01, November 2012. Accessed at https://oig.hhs.gov/reports-and-publications/portfolio/portfolio-12-12-01.pdf on June 7, 2016. 2 Ibid. 3 For the PCS-related requirements in State plans, see Social Security Act § 1905(a)(24); 42 CFR § 440.167; regarding waivers, see 42 CFR § 441.302(a). 4 The Centers for Medicare & Medicaid Services (CMS), Informational Bulletin: Strengthening Program Integrity in Medicaid Personal Care Services, December 2016. Accessed at https://www.medicaid.gov/federal-policy- guidance/downloads/cib121316.pdf on September 14, 2017. In many States, PCS providers are not required to enroll as Medicaid providers. Therefore, data are currently not available regarding the number of providers in the various PCS-provider categories. 5 Truven Health Analytics, Medicaid Expenditures for Long-Term Services and Supports (LTSS) in FY 2015, April 14, 2017. Accessed at https://www.medicaid.gov/medicaid/ltss/downloads/reports-and- evaluations/ltssexpendituresffy2015final.pdf on August 28, 2017. 6 Section 1903(q)(4)(B) of the Social Security Act defines “board and care facility” as a residential setting that receives payment (regardless of whether such payment is made under the State Medicaid plan) from or on behalf of two or more unrelated adults who reside in such facility, and for whom one or both of the following is provided: (1) nursing care services provided by, or under the supervision of, a registered nurse, licensed practical nurse, or licensed nursing assistant; and (2) a substantial amount of PCS that assist residents with the activities of daily living, including personal hygiene, dressing, bathing, eating, toileting, ambulation, transfer, positioning, self-medication, body care, travel to medical services, essential shopping, meal preparation, laundry, and housework. 7 We did not determine the number of newly opened investigations during our review period. Because of potential overlap in the number of yearly investigations, we cannot determine the percentage of increase during our review period. 8 77 Fed. Reg. 32645 (June 1, 2012). MFCU performance standards state that Units should make statutory, regulatory, or administrative recommendations regarding program integrity issues to the State Medicaid agency when warranted and appropriate. These recommendations may address an array of program integrity issues. 9 MFCU recommendations for additional documentation may be addressed by section 12006 of the 21st Century Cures Act, P.L. No. 114-255 (Dec. 13, 2016). The Act requires electronic visit verification to be used for any Medicaid-funded PCS provided on or after January 1, 2019, for States to maintain full Federal matching funds. With respect to PCS, an electronic visit verification system is a system by which PCS provider visits are electronically verified with respect to (1) the type of service performed; (2) the individual receiving the service; (3) the date of the service; (4) the location of service delivery; (5) the individual providing the service; and (6) the time the service begins and ends. 10 Beneficiary abuse or neglect also includes misappropriation of beneficiary funds. 42 CFR § 1007.11(b)(1). 11 The percentage of MFCU fraud work that also included patient abuse and neglect was 5 percent for investigations in FY 2015, and during the review period it was 6 percent for indictments, 5 percent for convictions, and 5 percent for recoveries. 12 National Association of Attorneys General, Letter to HHS Secretary, May 10, 2017. 13 OIG, Personal Care Services: Trends, Vulnerabilities, and Recommendations for Improvement, OIG-12-12-01, November 2012. Accessed at https://oig.hhs.gov/newsroom/spotlight/2012/portfolio01.asp on June 7, 2016. 14 OIG, Investigative Advisory on Medicaid Fraud and Patient Harm Involving Personal Care Services, October 2016. Accessed at https://oig.hhs.gov/reports-and-publications/portfolio/ia-mpcs2016.pdf on November 24, 2016. Medicaid Fraud Control Units: Investigation and Prosecution of Fraud and Beneficiary Abuse in Medicaid PCS (OEI-12-16-00500) 11