Medicare Secondary Payer Compliance as a High-Risk Area
Key Points:
- MSP is one of the high-risk areas flagged in OIG Guidance for Hospitals
- Compliance Officers should ensure compliance with MSP
- Examples of MSP risks and enforcement actions
Medicare Secondary Payer (MSP) is under a law created in 1980, that creates a legal requirement where Medicare pays secondโnot firstโfor healthcare services when another insurer is legally responsible for covering the cost (e.g., employer group health plan, auto insurance, workersโ compensation). The objectives of MSP are to (a) help control Medicare spending, (b) ensure Medicare pays only when no other insurer is responsible, and (c) prevent fraud or double payments. The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) oversees compliance with MSP requirements and investigates improper billing or fraud related to MSP claims, ensuring healthcare providers, insurers, and employers comply with MSP. Hospital Compliance Officers should review rules and processes to ensure healthcare providers and payers accurately identify when Medicare is the secondary payer and that billing practices comply with federal regulations. Common MSP risks to check for include: (a) failure to properly identify other insurance during patient intake; (b) billing Medicare first when another payer should be primary; (c) delays or errors in coordination of benefits; (d) noncompliance with Section 111 mandatory reporting; and (e) recovery of Medicare’s conditional payments if settlement occurs with liability insurers. Common causes of enforcement actions include: (1) Billing Medicare first when another payer should have been billed; (2) failing to identify or update MSP status; (3) failing to report settlements, judgments, or awards to CMS; (4) delays or refusals to repay conditional payments; and (5) lack of internal policies to manage MSP compliance.
Examples of MSP enforcement actions include:
- A hospital billed Medicare as the primary payer despite documentation showing a group health plan was responsible, resulting in a DOJ settlement of over $2 million and required corrective actions.
- An insurer failed to report a settlement involving a Medicare beneficiary to CMS, leading to OIG civil monetary penalties for noncompliance with mandatory insurer reporting.
- A law firm failed to ensure Medicare was repaid following a personal injury settlement; CMS recovered its conditional payment, and the law firm was held jointly liable for the repayment plus interest.
For full guidance, refer to the CMS Internet-Only Manual (IOM), Pub. 100-05 โ Medicare Secondary Payer Manual, and the MSP Webpage. For additional information on conducting MSP compliance reviews and identifying key risks, contact [email protected].
