HRSA Uninsured Program Covid-19 Services: OIG Audit Finds HRSA Paid for Claims that did not Comply with Federal Requirements

On July 13, 2023 the Office of Audit Services of the Department of Health & Human Services Office of Inspector General (OIG) released the long-awaited audit (A-02-21-01013) of the Health Resources and Services Administration (HRSA) Uninsured Program (UIP) (Audit). The UIP reimbursed providers for provision of COVID-19 testing, treatment, and vaccination services provided to uninsured individuals. While the UIP terminated due to insufficient funding in the spring of 2022, the federal government paid out an enormous sum for UIP claims during and after the program’s operation – approximately $24.5 billion according to the Audit report.

The Audit reviewed whether claims reimbursed through the UIP complied with federal requirements, including the prohibition on patient balance billing (meaning that a patient is billed directly for charges not paid by the insurer), and as we focus on here, the requirement that reimbursement only be made for claims for COVID-19 related services to uninsured individuals.

The Audit report sheds light on the processes employed by HRSA, and its third-party contractor operating the UIP, to verify claim validity before payment. The report describes shortcomings in HRSA and its contractor’s procedures to verify patient insurance status and ensure that claims were for items and services related to COVID-19. Considering recent enforcement actions and allegations related to alleged improper submission of claims to the UIP, the Audit report is timely and informative as providers grapple with their potential liability for claims submitted to the UIP.

In this article, the first in a two-part series on the HRSA UIP and enforcement risks, we break down the Audit’s findings and discuss the implications for providers who submitted claims to the UIP. In part two of this series, to follow shortly, we analyze enforcement actions filed against providers alleging submission of false or fraudulent claims to and paid by the UIP and will provide predictions related to the likely future of enforcement in this area.

HRSA Paid Claims for Patients Who Were Insured

The Audit found that HRSA made payment to providers for testing and treatment services rendered to patients who were not uninsured (and thus were not eligible for payments under the UIP). Specifically, of the 300 patients sampled, HRSA reimbursed UIP claims for testing or treatment provided to 38 patients who had health insurance coverage. (Claims for vaccination services were not included in the Audit.)

To submit claims to the UIP, providers had to attest that they read the program’s terms and conditions and confirmed that patients did not have health insurance. Anecdotally, these authors are aware of various methods employed by providers to verify patient insurance status, including requesting insurance information or an attestation as to insurance status in material given to patients, and utilizing certain third-party tools to verify insurance status through searches of external databases. In part two of this series, we will analyze providers’ potential liability for failure to properly verify patient insurance status before submitting claims to the UIP.

After enrolling with the UIP, providers submitted rosters of patients who received COVID-19 related services to HRSA. Upon receipt, HRSA’s third-party contractor verified health insurance status using internal and external databases.

Despite this effort, OIG found that procedures used to verify insurance status were not effective, meaning payments were incorrectly issued at the expense of the UIP. Specifically, HRSA’s contractor could only verify patient insurance status if providers submitted patient social security numbers. However, providers were not required to submit social security numbers and, as a result, for the vast majority of patients for whom a UIP claim was paid, there was not a social security number associated with their claim. OIG found that in 2020, 2021, and 2022, respectively, 82% (22.6 million of 27.7 million patients), 91% (106.9 million of 117.8 million patients), and 94% (29.8 million of 31.8 million patients) of patients for whom a UIP claim was paid did not include a social security number.

As a result, HRSA’s contractor did not verify insurance status for the vast majority of claims and, according to the OIG, relied solely on the provider’s attestation of the patient’s uninsured status when deciding to pay claims under the UIP. OIG describes these procedures to verify insurance status as “not effective.” Moreover, OIG found that 9 patients in the sample who were determined to have insurance actually had a social security number associated with their claim but, despite this, HRSA’s contractor incorrectly determined that the patients did not have insurance (and the claim was paid by the UIP). OIG attributes this lapse to HRSA (and its contractor’s) failure to ensure that the data used to verify patient insurance status was sufficiently reliable.

HRSA Made Payment for Services Not Related to COVID-19

OIG found that for 22 of the 300 sample patients, HRSA made payments for services that were either not rendered or not related to COVID-19. OIG cites to a few examples, including claims submitted for the cost of treating a patient’s broken ankle rather than only the cost of the COVID-19 test the patient underwent as a pre-surgical procedure.

OIG claims that improper payment was made on these claims because HRSA did not have effective measures to ensure services were related to COVID-19, such as prepayment edits or post payment audits.

Implications for Providers

As we will discuss further in part two of this series, we are aware of cases filed against providers who allegedly submitted improper claims to the UIP. The Audit report foretells that more enforcement is coming. In fact, OIG recommends that HRSA identify additional improper UIP payments, which OIG estimates to equal $783.6 million. HRSA has already implemented a process of assessing whether providers were properly reimbursed under the UIP, including through review of provider procedures regarding identification of insurance coverage.

Providers who participated in the UIP should prepare for potential audits of their claims submitted to the UIP and monitor enforcement developments in this area. Providers who are winding down operations as the PHE sunsets should be particularly careful to maintain their records for future scrutiny.

Foley is here to help you address the short- and long-term impacts in the wake of regulatory changes. We have the resources to help you navigate these and other important legal considerations related to business operations and industry-specific issues. Please reach out to the authors, your Foley relationship partner, or to our Health Care Practice Group with any questions.

Disclaimer

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.