Colorado’s pioneering healthcare provider fee program for Medicaid is “overall” in compliance with state and federal laws, but an audit has found an over-reliance on self-reported data, over-estimates of fees resulting in over-payments by hospitals, and over-access to data which will require tighter controls.

In 2009 Colorado created its revolutionary healthcare provider fee program, which has since been adopted, in some form, by almost every state. Under the program, Colorado expanded its coverage of individuals under Medicaid by charging providers a fee based on an estimate of the population they would eventually serve. In return, the provider receives federal matching reimbursement that originates from the U.S. Centers of Medicare and Medicaid Services (CMS). The program is a win for the state, because it does not require a significant expenditure from the state, and also for the provider, who receives partial reimbursement for patients who in the past would be written off as bad debt.

This week the state auditor released an audit of the program that identified numerous policies and procedures that posed high risk for abuse and even fraud. The report contained numerous recommendations, all of which were agreed to by the Colorado Department of Health Care Policy and Financing, which manages the provider fee program.

In its report, the State Auditor issued the following findings:

Over-reliance on self-reported data.

The audit found that the provider fee program relied almost solely on data provided by providers which the auditors determine is a “high-risk source,” primarily because the data is not always reported accurately. To make its point, the auditor revealed that state Medicaid authorities made a mistake of more than $400,000 over the provision in the program that ”required hospitals to report the number of Medicaid patient days associated with the hospital’s ‘Distinct Psychiatric Unit,’” the audit report states. One hospital reported 2,141 patient days for which it received $428,200. The hospital, however, did not have a “distinct psychiatric unit.” According to the audit, this was not a fraud, but an error, but it was an error that “went undetected” by state Medicaid authorities.

The audit also found that data reported by hospitals was also inconsistent, especially when compared to other data sources such as Medicare reports. Auditor selected 10 hospitals and compared their respective reports to Medicare and to the Medicaid provider fee program. The auditor found that for specific data points the reports varied by as much as 10 percent.

The auditor made the following recommendations, all of which the Department of Health Care Policy and Financing pledged to implement by the end of 2013:

  • Establishing data collection methods to obtain hospital data for the Hospital Provider Fee Model that are based on existing, reliable data sources where possible. The Department should consider gathering data directly, whenever possible, from the most recently available Medicare cost reports rather than requiring hospitals to self-report data in the Hospital Provider Survey.
  • Developing clear, consistent requirements for the data sources and methodologies hospitals must use to complete the Hospital Provider Survey.
  • Requiring hospitals to maintain supporting documentation for the data points reported in the Hospital Provider Survey.
  • Developing and implementing policies and procedures for an annual, risk-based review, to determine the accuracy and reliability of the self-reported data in the Hospital Provider Survey. The Department should also establish and implement procedures to take follow-up action with hospitals on data points in question, including, but not limited to, adjustments to future fees and payments for errors.

Collecting Excess Hospital Provider Fees.

The Department of Health Care Policy and Financing ”collected significantly more in hospital provider fees than it needed to fund the Program during the first two … years,” the auditors found, the result of overestimates by the department. According to auditors, the state collected almost $40 million too much for the first two years of the program and the third year which just completed was on track to more than double that amount.

To correct the over-collection of fees, the auditor recommended the following, which the Department of Health Care Policy and Financing agreed to implement by the end of the first quarter in 2013:

  • The Department should provide quarterly updates to [its] Advisory Board comparing model estimates for the expansion populations to the actual program expenditures for the expansion populations.
  • The Advisory Board should review the expansion population expenditures quarterly and, if necessary, make recommendations to the Department and Office of the Colorado State Auditor and the Medical Services Board about the need to revise the Hospital Provider Fee Model to ensure the amount collected for expansion populations more accurately reflects the expansion population costs, and if necessary consider mid-year adjustments to fees in the event it appears that the Department will significantly overcollect in a given year.

IT controls on data.

Auditors found that the department does not security controls in place to prevent potential tampering with the Provider Fee Model spreadsheet which calculates reimbursements.

The auditors made two recommendations:

  • Restricting access to the Provider Fee Model spreadsheet to only those users who have a business need to access it.
  • Developing a method to track changes in the Provider Fee Model spreadsheet that allows the Department to document the history of changes made in the spreadsheet over time.

The department agreed to implement the former by next month, and the latter by the end of December 2013.