Posted by Kimberly Zeoli , Partner, Governance, Regulatory & Risk Services Practice, Deloitte & Touche LLP on April 16, 2015.
Recent news articles talk about how Medicare payment data won’t stay pent up in the databases of providers and federal agencies. For example, it was recently reported that Medicare will publish physician-payment data yearly. This information is finding its way into the spotlight as news organizations and other groups aggressively seek to understand more about how Medicare dollars flow to healthcare providers.
The heightened curiosity surrounding Medicare payment data should prompt healthcare organizations to ask important questions about what they are billing and why they are billing it. On one hand, organizations with many physicians on staff should understand that high volumes or potential anomalies in payment data aren’t necessarily a sign of impropriety. On the other hand, these organizations should become serious about understanding the implications of detailed Medicare payment data and other relevant information available in the public realm. While there are many considerations that organizations will need to evaluate, below highlights four key points for organizations to know now.
- Know what information is out there. Medicare payments to medical providers have been in the media spotlight since 2012. Data was first released in April 2014 after a legal effort by The Wall Street Journal. But do you know specifically which aspects of the data are available? Do you know what other forms of data are potentially up for public inspection, such as, information from drug and device manufacturers and group purchasing organizations about their financial relationships with physicians and hospitals on the Centers for Medicare and Medicaid Services (CMS) Open Payments website? (see, http://cms.gov/openpayments (last visited April 10, 2015)) Do you know what is out there in the social media realm? For example, career community websites that contain employee reviews with negative ratings/comments related to corporate ethics and compliance can provide a glimpse into where potential whistleblowers may exist. Doctor review websites that contain negative ratings/comments from patients or family members about their satisfaction level with medical directors or medical staff can members provide insight into where quality of care or other relevant compliance issues may exist. Knowing what’s publicly available now, what could be made publicly available in the future, and what’s currently not available can help you determine how the data might affect your organization. Take the time to find out what’s out there, and know the forms in which it may come. Additionally, don’t expect to see your organization’s name amid the piles of data. The data may only include the physician name, city, state, and practice area but not necessarily their group practice or company name.
- Know how others can use the information. The media (from traditional reporters to bloggers) is one key group to consider, as well as, advocacy groups. And of course, regulators are another key group. Understand how data about your billing can be interpreted by these groups. What might look suspect to them might actually be an indication of success for your organization. For example, your organization might have the best urologist in the nation, with every Medicare patient clamoring to see that provider. But the Medicare payment data surrounding that fact can strike some as being out of the ordinary. Data outliers happen. Billing issues happen. And those examples may stick out in an examination of the data or information that is publicly available. Regardless of who might be interested in your data, be prepared to explain and defend your business practices.
- Know what you are going to do about it. When out-of-the-ordinary data surfaces, examine it critically. Is there any merit to a data outlier? Is the data accurate? Are you prepared to respond to queries about it? The challenge here is one of managing risk. Is there something about the data that should be a point of concern for your organization? Make an organized effort to understand your data to determine whether something about the data can expose your organization to risk—something that can make your organization a target. Have a plan that helps you get ahead of the questions and any potential controversy—whether justified or not. Know also that proactively addressing potential compliance problems can provide an opportunity to avoid some adverse consequences. Every organization should invest wisely in establishing and maintaining an effective corporate compliance program that can stand up to high-tech standards of the 21st century.
- Know where you may need help. Understanding the scope of the publicly available information—and what it implies as it makes its way to the public domain—is not necessarily a simple task. Your organization may need to bring in focused expertise to collect, navigate, and evaluate the data for accuracy and risk exposure. Additionally, you’ll want to make sure you have the right strategies in place to pull in legal and communication assistance to respond to problems and remediate them. Having a strategic mix of internal and external partners focused on this task can give your organization a head-start in dealing with potential challenges that may arise including negative publicity or government investigations, to name a few.
Governance, Regulatory & Risk Services Practice
Deloitte & Touche LLP