Federal Agencies Issue New COVID-19 Medicare Advantage Notices and Policy Updates

The Department of Health and Human Services (HHS) and the Centers for Medicare and Medicaid Services (CMS) have issued several notices and policy changes to address the COVID-19 pandemic that impact Medicare Advantage Organizations (MAOs). These announcements generally allow for increased flexibility to manage unexpected changes in both the provision of healthcare for COVID-19 patients and for those whose care is otherwise impacted by the pandemic. With these increased flexibilities are also increased opportunities for differing interpretations and resulting enforcement risks.

Emergency Requirements

On March 10, 2020, CMS set forth initial requirements for MAOs and Part D Sponsors during the pandemic.¹ CMS reminded MAOs that under 42 C.F.R. 422.100(m), MAOs must adhere to special requirements during a declared disaster or emergency²:

• Covering Medicare Parts A and B services and supplemental Part C plan benefits at non-contracted facilities subject to 42 C.F.R. § 422.204(b)(3), which requires that facilities have an agreement with CMS to provide services under original Medicare;
• Waiving requirements for gatekeeper referrals where applicable;
• Providing the same cost-sharing for enrollees as if the service had been provided at a plan-contracted facility; and
• Making changes that benefit the enrollee effective immediately without the 30-day notification requirement typically required.

Telehealth Expansion

In the March 10, 2020 CMS Notice, CMS also advised MAOs of various permitted flexibilities available at this time, such as waiving cost-sharing, waiving prior authorization requirements, and waiving various requirements for Part D sponsors. Under these flexibilities, MAOs may waive or reduce cost sharing for enrollees impacted by the COVID-19 outbreak and may waive plan prior-authorization requirements that would apply to COVID-19 tests or services.³

Notably, this includes waiving or reducing cost-sharing for telehealth benefits. MAOs may also extend telehealth services and provide Medicare Part B services through telehealth in any geographic area, including in an enrollee’s home.

CMS followed this release with an April 10, 2020 Notice allowing telehealth data to be used for risk adjustment purposes when the data otherwise meets the criteria for risk adjustment and takes place using an audio and video system that allows for real-time communication.⁴ CMS instructs MAOs to submit diagnoses that meet these criteria in RAPS. For EDPS, MAOs are instructed to submit the data using place of service code “02” for telehealth or use the CPT telehealth modifier “95” with any place of service.

Suspensions of Audits and Data Collection Efforts

CMS has issued numerous releases in the last two weeks suspending various data collection efforts so as not to detract focus and resources from the pandemic. While these releases do not address MAOs’ own internal activities, such as chart retrieval efforts, MAOs should consider suspending such efforts for consistency during the pandemic.

On March 30, 2020, CMS announced a suspension of the contract-level payment year 2015 risk adjustment data validation (RADV) audits.⁵ CMS stated that the Agency is suspending RADV activities and will not commence additional contract-level audits until the COVID-19 emergency has ended. CMS requested that organizations stop soliciting providers for RADV-related medical records as well. CMS noted that the Agency will continue to review medical records that have already been submitted for payment years 2015 and 2014. CMS will provide feedback to organizations through the Central Data Abstraction Tool.

The announcement did not address the CMS national RADV audit or ongoing HHS Office of Inspector General (OIG) RADV audits. However, HHS OIG’s “Message from leadership on minimizing burdens on providers,” released the same day, notes that “Health care organizations that need extensions of OIG deadlines, such as to produce data for an OIG review . . . are encouraged to ask their OIG contact,” as “OIG will work with organizations on a reasonable solution.”⁶

CMS’s March 30, 2020 announcement also included CMS’s reprioritization of Medicare Parts C and D program audits and Programs of All-inclusive Care for the Elderly (PACE) Organization program audits. Instead of conducting these routine program audits, CMS will focus its oversight on investigating complaints regarding infection control concerns relating to COVID-19 and other respiratory illnesses and situations of serious noncompliance in which beneficiaries’ health and safety are at risk.

The same day, CMS released a pre-publication copy of its Policy and Regulatory Revisions in Response to the COVID-19 Public Health Emergency (PHE) Interim Final Rule with comment period.⁷ The Rule addresses the impact of COVID-19 on Part C and Part D quality rating systems including HEDIS, CAHPS, and HOS: (i) eliminating the HEDIS 2020 submission requirements for the 2019 measurement year and similarly requesting that MAOs cease medical record collections, (ii) eliminating the CAHPS 2020 survey data submission requirements, and (iii) announcing a rescheduling of the HOS survey administration to late summer. The Rule also contains CMS’s plans to calculate the related Star Ratings for 2021 and 2022 in light of the pandemic.

Finally, on April 13, 2020, CMS announced the suspension of the majority of 2020 Data Validation of 2019 Part C and D reporting requirements data.⁸ CMS recommended that all data validation activities occur remotely during the pandemic.

Enforcement Considerations

The guidance and waivers issued by HHS and CMS to date create potential enforcement risk as these materials are applied. These concerns arise in the application of existing laws and regulatory schemes, the creation of new enforcement task forces and authorities, and the interpretation of these new pronouncements.

For example, in the aforementioned March 10, 2020 memorandum, CMS stated that expanded cost-sharing and telehealth flexibilities could satisfy the safe harbor to the Federal anti-kickback statute:

• “CMS consulted with the HHS Office of Inspector General (OIG) and HHS OIG advised that should an [sic] Medicare Advantage Organization choose to voluntarily waive or reduce enrollee cost-sharing, as approved by CMS herein, such waivers or reductions would satisfy the safe harbor to the Federal anti-kickback statute set forth at 42 CFR 1001.952(l).”
• “CMS consulted with the HHS OIG and HHS OIG advised that should a Medicare Advantage Organization choose to expand coverage of telehealth benefits, as approved by CMS herein, such additional coverage would satisfy the safe harbor to the Federal anti-kickback statute set forth at 42 CFR 1001.952(l).”

Compliance with all CMS guidance, however, will be essential to ensure that the programs fit within existing safe harbors.⁹ Telehealth visits, due to their remote nature, also raise the potential for future False Claims Act allegations, such as allegations that the visits did not in fact take place or meet CMS’s requirements for risk adjustment. MAOs should consider issuing clear guidance to providers regarding what is acceptable for telehealth visits and how such visits should be documented and submitted to the MAOs.

Additionally, both the Department of Justice (DOJ) and HHS have announced task forces related to COVID-19-related issues,¹⁰ and significant activity is expected from both of these groups. While these releases are primarily focused on provider misconduct at the moment, one immediate risk for MAOs is that the enforcement agencies (and potentially Congressional oversight bodies) will expect MAO oversight of providers consistent with these federal agency goals, while MAOs nonetheless maintain access to health care consistent with emergency regulatory requirements.

While MAOs have not yet been the focus of any COVID-19 enforcement announcements, MAOs remain highly regulated entities and regular subjects of government enforcement actions and inquiries. MAOs should evaluate potential mitigation steps to take during the pandemic to better position themselves for the inevitable enforcement activities that will arise, such as maintaining consistent and clear messaging to internal parties and external partners, maintaining open communication with regulators and documenting instructions not released through formal channels, and evaluating processes and process changes to address the pandemic to ensure internal consistency.

¹ Memorandum from CMS to all MAOs, Part D Sponsors, and Medicare-Medicaid Plans, Information Related to Coronavirus Disease 2019 - COVID-19 (Mar. 10, 2020), https://www.cms.gov/files/document/hpms-memo-covid-information-plans.pdf.

² One triggering event for the application of these special requirements is a declaration from the Governor. On March 10, 2020, eight states had made such declarations. At this time, all states and territories have declared a state of emergency or public health emergency. Coronavirus: What You Need to Know, NAT’L GOVERNORS ASS’N, https://www.nga.org/coronavirus/#memos (last visited Apr. 15, 2020). Per the CMS Notice, these special requirements are in effect until the date specified in the Governor’s declaration or for 30 days if no date is specified in the declaration.

³ Additionally, when the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) was signed into law on March 27, 2020, the Medicare Advantage program benefits were amended to include COVID-19 testing, vaccines and their administration. See 42 USC 1395w-22(a)(1)(B). These new benefits mirror those provided to Medicare recipients and include vaccine coverage even though a vaccine is not yet available.

⁴ Memorandum from CMS to all Medicare Advantage, Cost, PACE and Demonstration Organizations, Applicability of diagnoses from telehealth services for risk adjustment (April 10, 2020), https://www.cms.gov/files/document/applicability-diagnoses-telehealth-services-risk-adjustment-4102020.pdf.

⁵ Memorandum from CMS to all MAOs, Part D Sponsors, Medicare-Medicaid Plans, and all Programs of All-Inclusive Care for the Elderly (PACE) Organizations, Reprioritization of PACE, Medicare Parts C and D Programs, and Risk Adjustment Data Validation Audit Activities (Mar. 30, 2020), https://www.cms.gov/files/document/covid-19-programauditsradv-memo.pdf. On March 28, 2020, CMS separately announced through HPMS that CMS will be delaying the start of the data validation (DV) of the 2019 Part C and Part D Reporting Requirements data scheduled to begin on Wednesday, April 1, 2020.

⁶ Available at https://oig.hhs.gov/coronavirus/letter-grimm-03302020.asp.

⁷ Available at federalregister.gov/d/2020-06990.

⁸ Memorandum from CMS to all Medicare Advantage Organizations, Part D Sponsors, and Medicare-Medicaid Plans, Important Information on 2020 Data Validation of Medicare Part C and Part D Reporting Requirements Data (April 13, 2020).

⁹ CMS’s stance on cost-sharing and telehealth flexibilities is consistent with a recent trend in expanding the anti-kickback statute safe harbors. On October 9, 2019 HHS OIG published a notice of proposed rulemaking that seeks to increase the safe harbors available under the anti-kickback statute as part of HHS’s efforts to “reduce regulatory barriers and accelerate the transformation of the healthcare system into one that better pays for value and promotes care coordination.” HHS Office of Inspector General Fact Sheet: Notice of Proposed Rulemaking OIG-0936-AA10-P, US Dep’t of Health and Human Services Office of Inspector General (October 2019), https://oig.hhs.gov/authorities/docs/2019/CoordinatedCare_FactSheet_October2019.pdf.

¹⁰ On March 16, 2020, Attorney General William Barr issued a memorandum to all United States Attorneys directing them “to prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.” Memorandum from Att’y General William Barr to all United States Attorneys, COVID-19 — Department of Justice Priorities (Mar. 16, 2020), https://www.justice.gov/ag/page/file/1258676/download. Attorney General Barr’s missive specifically mentioned reports of people “selling fake cures for COVID-19 online,” phishing emails purporting to be from the World Health Organization or Centers for Disease Control and Prevention, and malware inserted into mobile apps designed to track the spread of the virus. Id. A week later, Deputy Attorney General Jeffrey Rosen issued a memorandum discussing the kinds of schemes that have been reported and recommending statutes under which US Attorneys should prosecute. Memorandum from Deputy Att’y General Jeffrey Rosen to All Heads of Law Enforcement Components, Heads of Litigating Divisions, and United States Attorneys, Department of Justice Enforcement Actions Related to COVID-19 (Mar. 24, 2020), https://www.justice.gov/file/1262771/download. These include (1) fraudulently offering COVID-19 testing to obtain Medicare beneficiary information and submit false medical claims and (2) submitting medical claims for unnecessary treatments or drugs purported to cure COVID-19. Id. Nevertheless, the tone of the memo indicated that DOJ is focusing on the perpetrators of the fraud, such as opportunists or providers, not the insurance organizations who might unwittingly process their claims. The same day Deputy Attorney General Rosen issued his memorandum, Attorney General Barr announced the creation of the Department of Justice COVID-19 Hoarding and Price Gouging Task Force. Memorandum from Att’y General William Barr to Memorandum for All Heads of Department Components and Law Enforcement Agencies, Department of Justice COVID-19 Hoarding and Price Gouging Task Force, US Dep’t of Justice (Mar. 24, 2020), https://www.justice.gov/file/1262776/download. A few US Attorney’s Offices have also created their own COVID-19 task forces in conjunction with state and local law enforcement. See, e.g., US Attorney Announces Multi-Agency Group to Investigate and Prosecute COVID-19 Fraud, US Dep’t of Justice US Attorney’s Office Middle District of Florida (Mar. 30, 2020), https://www.justice.gov/usao-mdfl/pr/us-attorney-announces-multi-agency-group-investigate-and-prosecute-covid-19-fraud. Separately, HHS OIG posted a fraud alert on its website that also warned about COVID-19 testing schemes. COVID-19 Fraud, US Dep’t of Health and Human Services Office of Inspector General (Mar. 23, 2020), https://oig.hhs.gov/coronavirus/fraud-alert-covid19.asp?utm_source=web&utm_medium=web&utm_campaign=covid19-fraud-alert. However, the office appears to be deferring pandemic-related enforcement to DOJ and encouraging victims to report fraud to the DOJ’s National Center for Disaster Fraud. A Message from HHS OIG Leadership on COVID-19 Fraud, US Dep’t of Health and Human Services Office of Inspector General (Mar. 23, 2020), https://oig.hhs.gov/coronavirus/letter-grimm-03232020.asp.