On July 13, 2023 the Office of Audit Services of the Department of Health & Human Services Office of Inspector General (OIG) released the long-awaited audit (A-02-21-01013) of the Health Resources and Services Administration (HRSA) Uninsured Program (UIP) (Audit). The UIP reimbursed providers for provision of COVID-19 testing, treatment, and vaccination services provided to uninsured individuals. While the UIP terminated due to insufficient funding in the spring of 2022, the federal government paid out an enormous sum for UIP claims during and after the program’s operation – approximately $24.5 billion according to the Audit report.
The Audit reviewed whether claims reimbursed through the UIP complied with federal requirements, including the prohibition on patient balance billing (meaning that a patient is billed directly for charges not paid by the insurer), and as we focus on here, the requirement that reimbursement only be made for claims for COVID-19 related services to uninsured individuals.
The Audit report sheds light on the processes employed by HRSA, and its third-party contractor operating the UIP, to verify claim validity before payment. The report describes shortcomings in HRSA and its contractor’s procedures to verify patient insurance status and ensure that claims were for items and services related to COVID-19. Considering recent enforcement actions and allegations related to alleged improper submission of claims to the UIP, the Audit report is timely and informative as providers grapple with their potential liability for claims submitted to the UIP.
In this article, the first in a two-part series on the HRSA UIP and enforcement risks, we break down the Audit’s findings and discuss the implications for providers who submitted claims to the UIP. In part two of this series, to follow shortly, we analyze enforcement actions filed against providers alleging submission of false or fraudulent claims to and paid by the UIP and will provide predictions related to the likely future of enforcement in this area.
HRSA Paid Claims for Patients Who Were Insured
The Audit found that HRSA made payment to providers for testing and treatment services rendered to patients who were not uninsured (and thus were not eligible for payments under the UIP). Specifically, of the 300 patients sampled, HRSA reimbursed UIP claims for testing or treatment provided to 38 patients who had health insurance coverage. (Claims for vaccination services were not included in the Audit.)
To submit claims to the UIP, providers had to attest that they read the program’s terms and conditions and confirmed that patients did not have health insurance. Anecdotally, these authors are aware of various methods employed by providers to verify patient insurance status, including requesting insurance information or an attestation as to insurance status in material given to patients, and utilizing certain third-party tools to verify insurance status through searches of external databases. In part two of this series, we will analyze providers’ potential liability for failure to properly verify patient insurance status before submitting claims to the UIP.
After enrolling with the UIP, providers submitted rosters of patients who received COVID-19 related services to HRSA. Upon receipt, HRSA’s third-party contractor verified health insurance status using internal and external databases.
Despite this effort, OIG found that procedures used to verify insurance status were not effective, meaning payments were incorrectly issued at the expense of the UIP. Specifically, HRSA’s contractor could only verify patient insurance status if providers submitted patient social security numbers. However, providers were not required to submit social security numbers and, as a result, for the vast majority of patients for whom a UIP claim was paid, there was not a social security number associated with their claim. OIG found that in 2020, 2021, and 2022, respectively, 82% (22.6 million of 27.7 million patients), 91% (106.9 million of 117.8 million patients), and 94% (29.8 million of 31.8 million patients) of patients for whom a UIP claim was paid did not include a social security number.
As a result, HRSA’s contractor did not verify insurance status for the vast majority of claims and, according to the OIG, relied solely on the provider’s attestation of the patient’s uninsured status when deciding to pay claims under the UIP. OIG describes these procedures to verify insurance status as “not effective.” Moreover, OIG found that 9 patients in the sample who were determined to have insurance actually had a social security number associated with their claim but, despite this, HRSA’s contractor incorrectly determined that the patients did not have insurance (and the claim was paid by the UIP). OIG attributes this lapse to HRSA (and its contractor’s) failure to ensure that the data used to verify patient insurance status was sufficiently reliable.
HRSA Made Payment for Services Not Related to COVID-19
OIG found that for 22 of the 300 sample patients, HRSA made payments for services that were either not rendered or not related to COVID-19. OIG cites to a few examples, including claims submitted for the cost of treating a patient’s broken ankle rather than only the cost of the COVID-19 test the patient underwent as a pre-surgical procedure.
OIG claims that improper payment was made on these claims because HRSA did not have effective measures to ensure services were related to COVID-19, such as prepayment edits or post payment audits.
Implications for Providers
As we will discuss further in part two of this series, we are aware of cases filed against providers who allegedly submitted improper claims to the UIP. The Audit report foretells that more enforcement is coming. In fact, OIG recommends that HRSA identify additional improper UIP payments, which OIG estimates to equal $783.6 million. HRSA has already implemented a process of assessing whether providers were properly reimbursed under the UIP, including through review of provider procedures regarding identification of insurance coverage.
Providers who participated in the UIP should prepare for potential audits of their claims submitted to the UIP and monitor enforcement developments in this area. Providers who are winding down operations as the PHE sunsets should be particularly careful to maintain their records for future scrutiny.
Foley is here to help you address the short- and long-term impacts in the wake of regulatory changes. We have the resources to help you navigate these and other important legal considerations related to business operations and industry-specific issues. Please reach out to the authors, your Foley relationship partner, or to our Health Care Practice Group with any questions.