Why the Government Wants You to Embrace Data Analytics

We hear a lot about data analytics and compliance programs today and rightfully so. The compliance profession and programs have moved past the early days of completely random audits and monitoring. As the government utilizes data analytics to drill down and find the most significant areas of concern, so should compliance professionals.

Expectations to Use Data

The U.S. Department of Justice, in a guidance document on evaluating compliance programs, asks questions that clearly demonstrate the expectation that compliance program should be using data in their efforts. Some of the evaluative questions include:

    • Relating to risk assessments: “Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions?”
    • Relating to data resources and access: “Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions?”  “Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?”
    • Relating to control testing: “…what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake?”

Example: Opioid enforcement and data

Anyone who monitors enforcement announcements knows that it is only rarely that a week goes by without some announcement or press release of government enforcement against a healthcare provider as it relates to the opioid epidemic.  For example, earlier this year a physician was indicted for conspiring to illegally distribute prescription drugs and other opioid-related charges. The case was investigated through the U.S. Department of Justice’s Opioid Fraud Abuse and Detection Unit, an initiative created by Attorney General Sessions, that uses data to target and prosecute individuals that are contributing to the nation’s opioid crisis. The indictment alleges that the physician authorized electronic prescriptions for Schedule II controlled substances, which were issued under the doctor’s DEA license and without a medical evaluation by him. During the conspiracy, the physician prescribed more than 574,604 dosage units of Schedule II controlled substances, with a conservative street value of more than 17 million dollars. This type of activity was brought to light through data analytics.

But how can a compliance officer in a private organization proceed to use data analytics in a comparable way? HHS OIG (Office of Inspector General) has developed two toolkits that provide detailed steps for using prescription drug claims data to analyze patients' opioid levels to identify certain patients at risk of opioid misuse or overdose. The toolkits include computer programming code to help the compliance community do some of their own internal monitoring. For more information on these publicly available tools, visit the OIG’s website.

Example: Billing Data Analytics

In Iowa, a doctor was sentenced to federal prison and will pay more than $315,000 to resolve False Claims Act allegations relating to billing for services at nursing facilities.

In many False Claims Act cases, the issues are brought to light by a whistleblower. However, this case came about from an affirmative investigation by the government which included data analytics.

The False Claims Act allegations included claims he submitted for routine visits for nursing facility residents at the highest level of the codes available for such services, a practice known as “upcoding.” The government’s investigation indicated that the doctor was billing over 93% of his nursing home visits to Medicare under the most intensive and expensive claim code.

This physician was a clear outlier when compared to others in the same area. Being an outlier in and of itself does not mean the coding is inappropriate, however, it should be something that grabs the attention of a compliance professional and further investigation might be warranted.

Compliance programs should be analyzing and monitoring their own organization’s billing data. They should be relying on individuals with expertise in the coding field to assess definitions of code and their likelihood to be reported at certain frequencies. These activities are some of the most primary and fundamental uses of data analytics.

Randomly selecting claims for review is one method which is better than doing no auditing at all. However, the OIG has also written, “Another method is to identify risk areas or potential billing vulnerabilities. The codes associated with these risk areas may become the universe of claims/ services from which to select the sample.”

What Does the Future Hold?

It is highly likely that data analytics, as a core component of a compliance program, will increase in importance and priority. Christi Grimm, the HHS Inspector General, recently shared important insight about the future of data in healthcare compliance in her keynote address given at the HCCA’s recent Compliance Institute. She stated, “At OIG we are harnessing data and technology to detect and respond quickly to emerging fraud schemes. For instance, we recently uncovered a scheme where laboratories were billing Medicare for expensive, unnecessary, and sometimes unprovided genetic tests. On average, these tests can cost Medicare around $1,500 each. The alleged fraud in this takedown is $1.4 billion, and higher.”

And in concluding her speech, she put the onus on us, as compliance professionals, to use data to bring about change. She stated, “At OIG, we can write the guidance or provide the data. But it is up to compliance professionals, attorneys, auditors, and executives to turn those words or data into action and into tangible improvements for patients and providers across your organizations.”

We have our marching orders as it relates to data analytics.


Download this blog as a PDF, click the button below.

Download the PDF

Questions or Comments?