As managed care organizations and insurance companies (collectively, “insurers”) face increased regulation under the Affordable Care Act (ACA),[i] they are attempting to shift insurance-related compliance obligations to providers. These obligations are sometimes contained in provider agreements as “flow-down” provisions derived from state or federal law. But insurers often seek to impose obligations that either exceed the scope of “flow-down” provisions or that are not legally required. Acceptance of insurance-related compliance obligations create additional financial risks for providers. In this article, we focus on one type of obligation increasingly sought by insurers offering qualified health plans (QHPs) on the new health insurance exchanges (Exchanges or Marketplaces): certification of risk adjustment data.
The ACA’s risk adjustment program is designed to correct for the uneven distribution of healthy and unhealthy individuals that can occur among health plans on the individual and small group market. For the program to function as Congress intended, insurers must provide the government with accurate and complete data concerning the risk profile of their enrollees. This data is then used to determine whether the insurer must pay risk adjustment contributions or will receive risk adjustment payments under the program. Risk adjustment data comes from enrollee diagnoses contained in encounter data forms and paid claim forms as well as more general demographic data contained in enrollment data. Providers supply much of the data that insurers must provide to the government, although insurers control how they test and use that data. Insurers are increasingly asking providers to certify the accuracy of data provided in encounter data forms and claims. As insurers attempt to shift the risks associated with the certification of inaccurate risk adjustment data to providers, providers should understand the compliance obligations and legal risks involved with providing such certifications.
I. Risk Adjustment Program – Data Requirements
The ACA provides for the establishment of three premium stabilization programs. The risk adjustment program, which is set forth in section 1343 of the ACA, 42 U.S.C. § 18063, is designed to correct for the uneven distribution of high- and low-risk enrollees between plans. The other two premium stabilization programs—the transitional reinsurance program (ACA § 1341, 42 U.S.C. § 18061) and the temporary risk corridors program (ACA § 1342, 42 U.S.C. § 18062) — are only scheduled to operate for the first three years of the Exchanges and are designed to further correct for adverse selection and inaccurate premium rating in the non-group and small group markets. Currently, HHS is administering all three programs in most of the country, but states may elect to administer their reinsurance and risk adjustment programs themselves.
The risk adjustment program corrects for the uneven distribution of enrollees between plans and is based on a comparison of plans’ actuarial risks. A plan’s actuarial risk reflects the actual distribution of risk among its enrollees and the expected health care expenditures associated with these enrollees’ care under the plan’s cost-sharing design. Determining a plan’s actuarial risk requires assessing the risk profile of each insured based on their age, sex, diagnoses, and plan metal tier. By way of example, a 62-year-old female enrolled in a silver plan (risk score 0.798) who is diagnosed with diabetes with chronic complications (risk score 1.12) and stroke (1.12) would have a total risk score of 6.133. Once aggregated across all enrollees, this cumulative enrollee risk score is combined with other plan-specific and local data to determine risk adjustment contributions or payments.
Ultimately, low actuarial risk plans (i.e., plans with healthier than average covered populations) and plans that fail to report risk adjustment data will make risk adjustment contributions, while high actuarial risk plans (i.e., plans with sicker than average covered populations) will receive risk adjustment payments. By focusing on actuarial risk rather than claims payments, the risk adjustment program rewards plans that effectively manage the care of high-risk enrollees. Only QHPs and non-grandfathered non-group and small group plans participate in the risk adjustment program.
Because a plan’s failure to report risk adjustment data will result in plan liabilities in the form of risk adjustment contributions, plans are incentivized to participate in the program. Furthermore, the omission of relevant diagnoses produces a lower risk score, depressing risk adjustment payments or increasing risk adjustment contributions. Therefore, plans are further incentivized to ensure that all enrollee diagnoses are documented and reflected in risk adjustment calculations. On the other hand, if data overstates enrollee risk scores, the plan may receive an overpayment under the program.
To combat this overpayment and underpayment risk, where HHS administers the program, it imposes data validation and auditing requirements on plans, and requires that plans submit or make available risk adjustment data for additional HHS audits. The failure to adhere to these requirements may result in civil monetary penalties under 45 C.F.R. section 153.740. For the first two years of the program, HHS will refine its data validation process based on its observation experience. In subsequent years, payments and charges will be adjusted based on error rates. However, HHS specifically noted that “other remedies, such as prosecution under the False Claims Act, may be applicable to insurers not in compliance with the risk adjustment program requirements.”[ii]
II. The Providers’ Role
HHS has acknowledged that insurers to some extent “depend on providers, suppliers, physicians, and other practitioners” to submit risk adjustment data (particularly diagnoses) to insurers.[iii] Accordingly, the regulations explicitly permit, but do not require, an insurer to include data submission requirements in provider agreements:
An insurer that offers risk adjustment covered plans may include in its contract with a provider . . . provisions that require such contractor’s submission of complete and accurate risk adjustment data in the manner and timeframe established by the State, or HHS on behalf of the State. These provisions may include financial penalties for failure to submit complete, timely, or accurate data.[iv]
But plans and providers remain free to negotiate whether, and if so to what extent, to have risk adjustment data terms and conditions in their managed care agreements. This includes negotiating any additional compensation that the plan may have to pay the provider for the added work and risk entailed, should the provider agree to aggregate, prepare, certify, or otherwise handle such data.
Providers face increasing pressure from insurers to accept obligations with regard to risk adjustment data. At times, a plan might incorrectly contend that the risk adjustment provision is legally mandated, and therefore, legally non-negotiable. In other cases, a plan may seek to amend an existing contract to include such obligations, often asserting that the amendment is legally required, although no such requirement exists. We also have become aware of situations in which insurers have asserted that providers are legally required to certify data, even when the provider has no such obligation under the applicable managed care agreement. These activities attempt to shift responsibility for risk adjustment data to the provider level, often without the offer of additional compensation to cover the labor and risks involved.
Where providers undertake activities involving risk adjustment data, they may encounter potentially significant risks. HHS has explicitly stated that, in addition to insurer-focused enforcement remedies set forth at 45 C.F.R. section 153.740(a), additional remedies “may be available through other Federal statutes, such as the False Claims Act, as well.”[v] Because a provider’s knowingly false certification of risk adjustment data (including the certification of such data with reckless disregard for its accuracy and validity) may constitute a false certification actionable under the False Claims Act, we recommend that providers proceed with caution before undertaking any risk adjustment certification activities. In addition, we also advise that providers carefully review any risk adjustment data provisions in their existing managed care agreements, and in any proposed provisions, to fully understand the risks and compensation.
III. Conclusion and Outlook
As insurers confront growing compliance obligations under state and federal law, they are increasingly likely to attempt to shift or share their risks with providers wherever possible. In some cases, insurers are required by a State-Based Exchange to include certain language in their managed care agreements. In addition, insurers of QHPs offered on Federally Facilitated Exchanges are subject to certain contracting requirements for delegated and downstream entities, which may include participating providers. However, we have frequently seen insurers go beyond the scope of these legal requirements and attempt to impose additional or more expansive obligations on participating providers. In the case of providers’ risk adjustment data obligations, we do not believe that federal or state law mandates the inclusion of such obligations in provider agreements at this time.
We therefore recommend that providers carefully review proposed managed care agreements and amendments thereto and consult with counsel, particularly where they are being asked to undertake additional or atypical obligations. Because of the rapidity of legal changes for QHPs, it is particularly important that any agreement that might cover individual and small group products be analyzed and evaluated for unnecessary legal obligations and other areas of risk. While managed care negotiations concerning QHP participation often occur under perceived time constraints, we believe that the speed at which QHP legal requirements are evolving and the novelty of various health care reform programs necessitate careful consideration and review.
For additional information or assistance please contact Katrina Pagonis or David Vernon in San Francisco at 415.875.8500; John Hellow or Glenn Solomon in Los Angeles at 310.551.8111; or James Segroves or Ariana Ornelas in Washington, D.C. at 202.580.7700.
[i] The Patient Protection and Affordable Care Act of 2010, 124 Stat. 119 (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010, 124 Stat. 1029 (Pub. L. 111-152).
[ii] 78 Fed. Reg. 15410, 15438 (Mar. 11, 2013).
[iii] 77 Fed. Reg. 17220, 17241 (Mar. 23, 2012).
[iv] 45 C.F.R. § 153.610(c).
[v] 79 Fed. Reg. 13744, 13771 (Mar. 11, 2014).