Pharmacy Fraud, Part Two

Pharmacy auditors and fraud examiners for insurance companies and pharmacy benefit managers battle multi-million dollar fraud schemes that affect all of us. Learn how they construct their anti-fraud programs, specific procedures they use to develop their cases, and laws they deal with that could hinder their work.

Shirley was suspicious. As a “prior authorization (PA) representative” for a pharmacy benefit management (PBM) company, Shirley evaluates the dispensing of certain drugs based on patient history, payer requirements, and other criteria. She’s trained to be skeptical, so when a pharmacy called to request a PA for Synagis, an expensive medication prescribed almost exclusively for premature babies, she put a red flag on it and sent it upstairs. Good thing she did.

The claim was ultimately denied through the PA process because it wasn’t medically necessary based on the provided diagnosis code. But the pharmacy played an end-run and resubmitted the claim later with a different diagnosis code as though it were new. The claim still required a PA and this time it was approved.

But Shirley wasn’t satisfied. She tracked the submissions, documented the pattern, and gave it to her supervisor. The supervisor forwarded the info to the PBM’s Special Investigative Unit, which quickly built a strong multi-million dollar fraud case that was referred to federal and state authorities.

Shortly after the PBM hired Shirley (her name has been changed for this case) the company trained her to identify and handle pharmacy fraud. Programs like this are mandatory if PBM fraud examiners are going to be able to fight pharmacy fraud.

CREATING A FOUNDATION FOR COMBATING PHARMACY FRAUD 

Part one of this two-part article, in the May/June issue, described in detail the drain on the health-care system created by fraud in general and prescription fraud in particular. We also discussed several industry factors that cause pharmacy fraud plus the efforts to uncover and deter it.

We presented two pharmacy fraud cases that demonstrate how we can use modern investigative and analytical procedures to identify fraud committed by pharmacies against third-party payers of prescription claims.

In part two, we’ll explore the essential elements for building and maintaining a successful program to battle pharmacy fraud, specific procedures a fraud examiner can use to develop a pharmacy fraud case, and legislative actions that might unintentionally hinder these efforts.

CORPORATE CULTURE AND COMMUNICATION 

Whether a company manages its own prescription benefit for covered beneficiaries or contracts with a PBM for those services, it’s essential that both vertical and horizontal lines of communication be maintained between the program integrity department’s special investigations unit’s (SIU) fraud examiners and investigators, and senior management to ensure the corporation’s decision makers are aware of key accomplishments and potential risk associated with special investigations.

Additionally, the SIU must regularly communicate with other company stakeholders including departments responsible for claims processing, account management, call centers and plan payers – all sources of valuable tips.

GOOD CONTRACTING 

Contracts between PBMs/payers and their network pharmacies must contain sufficient requirements to allow for thorough, effective audits and investigations. Contracts should, at a minimum:

• require pharmacy staff to cooperate fully with audits;
• allow audits to proceed with or without notice – an essential element when there’s suspicion of fraud and concern that evidence might be created or destroyed after notification of and prior to an audit;
• give the auditor full access to all supporting documentation including invoices, patient signature logs, etc; and
• allow the PBM, or the payer (such as large insurance companies, state-run Medicaid units, etc.) in cases of payer-owned networks, to withhold funds and/or terminate the contract quickly should the pharmacy be uncooperative during an audit or if significant errors are discovered and aren’t satisfactorily explained through documentation following the audit.

FINDING PHARMACY FRAUD 

Data Mining 

Any firm or department responsible for auditing a payer’s prescription claims obviously should include a dedicated team of highly trained, experienced personnel. Necessary sophisticated computer software programs will identify claims appearing to be overpaid and identify pharmacies with aberrant billing patterns. A fraud examiner can identify aberrant billing patterns simply by pulling summary data for those elements identified as red flags – potential indicators of fraudulent billing patterns.

After a fraud examiner gathers the data, she can manipulate it easily using several software platforms, including Microsoft Access or Excel, to compute each element’s statistical data (average, mean, standard deviation, etc.). Each pharmacy’s variance from the norm can be computed for those data elements. Some of the more common elements analyzed for prescription claims data include:

• total amount paid;
• average ingredient cost (above or below normal might indicate a problem);
• average number of claims per member per month or year;
• claim reversal rates (above or below normal may indicate a problem); and
• percentage of claims for DEA schedule drugs, especially schedule II drugs.

A fraud examiner can go one step farther by weighing each data element’s relative fraud-indicating capacity and combining each weighted score to get a single comprehensive score. This process provides a rough idea of those pharmacies that might represent the highest fraud risk. Separating each pharmacy into a peer group prior to computing data element averages, standard deviations, and other procedures, further refines this process. Common peer groups for pharmacies include:

• chain pharmacies;
• pharmacy services administrative organizations (PSAOs are organizations that represent and affiliate independent and small chain pharmacy providers as a group. A PSAO typically has authorization from each of its pharmacies to act on the pharmacy’s behalf to provide such services as centralized contracting and payments.);
• urban pharmacies;
• rural pharmacies; and
• specialty pharmacies (such as nursing home pharmacies, compounding pharmacies, etc.).

Another common data-mining technique involves looking for pharmacies with unusual billing patterns for specific drugs with no apparent reason for the billings. A pattern often can be found in pharmacies billing for phantom claims when the medication billed wasn’t dispensed. Although this technique is hit or miss, it can uncover large amounts of fraud when it works.

When a fraud examiner discovers fraud, he should analyze the pharmacy’s billing patterns to determine if anything in the data could have tipped him off sooner. If he identifies a pattern, he should analyze all other pharmacies’ data to determine if there are others with similar billing patterns. If so, he should consider investigating those pharmacies.

Another effective data-mining method is comparing beneficiaries’ medical claims and prescription drug histories to find an abundance of billings for one drug but few or no billings for the other over a long period of time. This type of analysis might require cooperation between multiple service providers, but it can be very effective for identifying pharmacy, member, or physician fraud.

When analyzing data to identify potentially fraudulent billing patterns, it’s important to have a good working knowledge of drugs and their uses. When feasible, a well-rounded investigative staff should include a variety of health-care professionals such as nurses, pharmacists, pharmacy technicians, etc. These individuals might identify fraud based solely on their knowledge of how drugs are commonly prescribed. For example, a recent case in our company included claims for Synagis (the same drug we mention in the opening case), which is normally prescribed for high-risk infants and pediatric patients during the months of September through April to prevent infection due to respiratory syncytial virus. These claims were billed under multiple family members including adults, which caused these claims to be flagged for more intense review. (For other flagging examples, see Case 1 on page 27 in part one of this article in the May/June 2007 issue.)

Although these data-mining techniques barely scratch the surface of the potentially effective procedures available to an experienced fraud examiner, they include some of the basic techniques your claims audit team should be using.

TIP SOLICITATION AND HANDLING 

As with other types of crimes, tips are an important and effective method for identifying pharmacy fraud. (See Case 2 on page 47 in part one of this article in the May/June 2007 issue for a good example of fraud exposed via a tip.) Tips relating to pharmacies most often are received from:

• clients and beneficiaries;
• pharmacy employees or employees of competing pharmacies;
• physicians or other health-care professionals;
• law enforcement personnel; and
• help desk or other internal employees (Internal training programs for these groups can help ensure quality referrals.).

Take full advantage of potential fraud tips by making it easy for potential tipsters to provide information. Fraud tip hot lines and e-mail links on a payer’s Web sites are highly effective avenues for receiving tips.

OTHER METHODS OF IDENTIFYING FRAUD 

Monitor the Internet to identify fraudulent pharmacies through the Office of Inspector General Exclusions List (www.oig.hhs.gov/fraud/exclusions/listofexcluded.html) and through key word searches such as “pharmacist convicted,” “prescription fraud,” “pharmacist fraud,” “pharmacist plead guilty,” etc.

Also study anti-fraud-related Web sites such as the National Health Care Anti-Fraud Association (www.nhcaa.org/), the National Association of Drug Diversion Investigators (www.naddi.org/), the Coalition Against Insurance Fraud (www.insurancefraud.org/), and, of course, the Association of Certified Fraud Examiners (www.ACFE.com).

It’s also important to network with other fraud examiners and follow up on routine audits that uncover suspicious misbilled claims, which could be the tip of the proverbial iceberg.

PROVING THE FRAUD: EXAMINATION PROCEDURES 

Member and Physician Verifications 

After a pharmacy has been identified for potentially fraudulent billing patterns, develop a plan of action based on the case’s facts. A pharmacy might not initially be aware that it has been targeted for investigation because outside parties, including physicians and patients, are often the first contacts for verification or denial of prescriptions billed to the payer. In some cases, fraud examiners contact both physicians and patients for verification. The investigation is then closed unless, among other reasons, collusion between one or more parties is suspected, or there is suspicion that a pharmacy is dispensing gray- or black-market drugs including repackaged samples, or that drugs are being purchased illegally. In these cases, additional procedures such as purchase verifications must be performed. However, in many other cases additional information will arise that will provide grounds for suspicion of potentially fraudulent billing.

It’s important at this stage for a fraud examiner to keep an open mind or she might waste valuable time and resources. For example, if requests for physician verification result in one or more denials, there could be an explanation that doesn’t involve true fraud. The request might have been sent to the wrong physician because the pharmacy incorrectly billed one or more physician identification numbers – most commonly a Drug Enforcement Agency or Medicaid Provider number. Unfortunately, this is a very common problem with pharmacy billing; it occurs on approximately 6 percent to 10 percent of all prescription claims. At this point, a fraud examiner could perform a routine desk audit or request copies of prescriptions for a mix of claims not limited to the suspect claims to avoid tipping off the target pharmacy about the actual goal of the audit.

The primary purpose of the audit is to determine whether the prescriptions in question were submitted with the physician identification numbers on the hard copy prescriptions, which will help determine the next steps. If the physician identification numbers are incorrect, the correct physicians must be contacted and asked to validate the prescriptions. Carefully note if the physician identification numbers were submitted as documented on the prescription hard copies and then plan the next phase of the investigation. In these cases, common documentation includes photocopies or digital photos of the front and back of each questionable hard copy prescription. (If state law precludes reproduction of prescription hard copies – such as in New York State – a fraud examiner’s copious notes will have to suffice.)

ON-SITE AUDITS 

After a fraud examiner has effectively exhausted pre-pharmacy contacts and pre-on-site audit options, it’s time to consider an on-site audit. An on-site visit is usually appropriate except in special cases such as when all pharmacy records have been seized by law enforcement. They will normally grant requests for records if a fraud examiner understands and agrees not to jeopardize a potential legal action against the pharmacy. Improper actions could include mishandling records or attempts to recoup funds from the pharmacy without the express approval of law enforcement officials in charge of the investigation.

A fraud examiner must decide whether to give a pharmacy advance notice of an impending audit or simply show up. But to protect the integrity of audit findings, the possibility of unannounced audits must have been stated in a pharmacy contract. (Also, a growing number of states’ laws mandate particular notification requirements on pharmacy audits, although some might make exceptions in cases of suspected fraud. Be aware of, and abide by, the laws in the state in which the audit will be performed.)

If the pharmacy doesn’t stipulate that it must be notified, it’s generally not a good idea to give it advance notice of an on-site audit because if fraud is occurring, the staff, obviously, might have the opportunity and motivation to destroy, hide, create, or otherwise alter records. However, the risk in not giving notice is the pharmacy refusing a fraud examiner access to desired records by claiming a lack of adequate staffing.

It could be acceptable to give a pharmacy advance notice of a routine audit to avoid tipping it off that it’s under investigation, and then perform a fraud audit onsite. It could also be acceptable to provide notice of an audit if the pharmacy is already aware of the investigation or if suspicious activity can’t be covered up such as when the fraudster(s) have billed for many non-existent phantom claims and the primary source of evidence is supplier purchase records.

One way to provide advance notice but reduce the possibility of tipping off a pharmacy is to coordinate the audit with the field auditor responsible for other routine on-site audits in the area. Word of scheduled audits usually gets around to surrounding pharmacies; a targeted pharmacy is less likely to panic if it knows that others in the area are also being audited. However, we’ve seen a few rare instances in which a suspect pharmacy’s records were mysteriously stolen or destroyed by fire or flood. In one extreme case, the pharmacist even claimed the records were swallowed up in an earthquake! Given all of these considerations, decide in each individual case whether to give notice of an audit.

In addition to reviewing records during an on-site audit, a fraud examiner should record the amount of foot traffic, telephone activity, amount of shelf stock, and anything else that might later be useful in the investigative process. A common thread among pharmacies committing fraud is that their percentage of prescription hard copies from phoned-in physician requests tends to be far greater than their peers. This can add weight to a fraud examiner’s suspicions if he is on-site for several hours and the pharmacy phone rarely rings.

Another potential on-site problem occurs when a fraud examiner is delivered the records from a different room. Sometimes pharmacy workers will change records, reprint them, and try to pass them off as originals. Warm records right off the printer are a dead giveaway as are records printed with ink that smears when rubbed (a.k.a. the thumb test). A fraud examiner should insist on viewing the records as they are pulled.

PURCHASE VERIFICATIONS 

In certain situations, verifying drug purchases might be the most effective technique for proving a case of pharmacy fraud. The pharmacy should be required to provide a list of all drug sources including inventory purchases and transfers from other pharmacies and to sign a statement that it has disclosed all the sources. It should then be required to have its suppliers produce a summary statement of all purchases during the requested time frame and to send that documentation directly to a fraud examiner. This procedure is more efficient, reliable, and accurate than performing an on-site invoice audit, which is prone to human error and subject to claims of missed records. However, any documents produced by the pharmacy or sent to the pharmacy first by its suppliers should be considered suspect and not accepted.

These following situations illustrate common circumstances for the appropriate use of a purchase verification process.

A fraud examiner has access to a large percentage of a pharmacy’s claims data. This could happen when the pharmacy’s records have been seized or when law enforcement has subpoenaed billing records from the pharmacy’s primary third-party payers such as PBMs and Medicaid. This could also occur when a single third-party payer is the pharmacy’s primary payer, as is often the case in low-income areas with many Medicaid recipients or when a large employer dominates an area and a PBM processes its claims.

To estimate the percentage of a pharmacy’s claims represented by a third-party payer, divide the number of new prescriptions in a given date range by the difference between the beginning and end of the range of new prescription numbers. For example, if a payer paid 5,000 new claims (not refills) in the past year and its new prescription claim numbers begin with 00120010 and end with 00130010, you could reasonably estimate that they’ve paid for approximately 50 percent of a pharmacy’s claims. This is important because the higher the percentage of a pharmacy’s claims represented by a single payer, the more likely that a purchase verification audit will result in stronger evidence supporting allegations of many types of common pharmacy fraud schemes. In this example, a pharmacy submitting phantom claims or using gray- or black-market drugs (from physician samples, illicit repurchases from patients, stolen drugs, etc.) wouldn’t have to be nearly as greedy as it would if the payer only represented five percent of its business.

An expensive but uncommon drug is billed in much larger quantities than a pharmacy’s peer group. This can be an especially accurate indicator of fraud if there’s no logical explanation for the unusual billing pattern such as when a pharmacy is located near the office of a physician whose specialty calls for the drug in question (such as chemotherapy). Even if a single payer represents only a small percentage of the pharmacy’s business, it might be worth performing a purchase verification audit of the most frequently billed drugs and any uncommon but expensive drugs.

WRAPPING UP THE CASE 

Case Files 

At some point, usually under subpoena, a fraud examiner will likely be required to provide records to law enforcement officials. For this reason alone it’s critical that an investigation file be as complete and well organized as possible including auditors’ notes, photocopies, etc. Because fraud cases are often very complicated, flow charts and diagrams outlining the suspected activity might also be important in helping law enforcement understand the fraud scheme – a critical element for prosecuting the case. It’s also important for custody purposes that the records be stored in a secure area such as a locked file cabinet under a fraud examiner’s control.

TO REPORT OR NOT TO REPORT, THAT’S THE QUESTION 

After a case is considered complete from a fraud examiner’s point of view, she must decide if the collected evidence supports the conclusion that fraud has been committed. If not, audit recoveries might remain to be collected, follow-up action to be scheduled, or pharmacy education to occur but basically the investigation has ended. However, if a fraud examiner suspects fraud, she must decide the law enforcement agency to which he wants to report the case. At this point, an experienced fraud examiner’s knowledge and contact network often proves invaluable. The law enforcement agency will describe the next steps.

LEGISLATIVE ACTIONS 

States are taking positive steps to stem health-care fraud, but another trend has emerged: pharmacy lobbying groups are successfully pushing laws through state legislatures, which contain restrictions to severely hamper an investigator’s ability to identify and prove pharmacy fraud. For example, Louisiana recently enacted HB 1468/Act 290, which places severe limitations on the amount of time a payer may audit claims with no exception for fraudulent claims. The state of Texas also has audit-related restrictions in its “Prompt Pay” law as does Georgia in its “Pharmacy Bill of Rights.” Unlike Louisiana, however, the Texas and Georgia laws include exceptions for cases involving fraud.

If a payer does business in a state that’s considering such restrictions, it’s important for a company to work with the state legislature, its PBM, if applicable, and any trade groups with which the company might be affiliated to prevent the legislation from being passed with fraud-friendly provisions intact.

EVERYONE FIGHTS PHARMACY FRAUD 

No one can argue credibly that pharmacy fraud isn’t a significant problem in the United States today. Working together, however, the various stakeholders – patients, health-care professionals, insurers, PBMs, and law enforcement agencies – can reduce the prevalence of fraud and make prescription coverage more affordable for everyone.

To our readers: In August of 2004, the Office of the New York State Attorney General announced a lawsuit against Express Scripts Inc., the firm employing this article’s authors. The state’s complaint alleges certain breaches of contract and violations of civil law in connection with Express Scripts’ management of the prescription drug plan for the State of New York and its employees. As of publication time, this case was still pending. This article’s authors haven’t been named in this lawsuit. – ed.   

Dwayne Luby, MBA, CFE, CPA, AHFI, is senior director of network audit and program integrity at Express Scripts Inc. Dan Geiger, MBA, CFE, AHFI, is director of network program integrity at Express Scripts Inc. Andrea Lopez, MSM, AHFI, is senior manager of network program integrity at Express Scripts Inc.   

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.