Health Highlights

Directory Assistance: Maintaining Reliable Provider Directories for Health Plan Shoppers

Authors: Jonah Frohlich, Managing Director | Kier Wallis, Senior Manager | Keith Nevitt, Senior Analyst

Editor's Note: In the post-Affordable Care Act (ACA) era, many consumers are making health coverage decisions for the first time and in new ways. To inform their decisions, they often turn to provider directories—electronic or printed lists of physicians, hospitals and other healthcare providers in each health insurance carrier's products.

In a new report prepared for the California HealthCare Foundation, summarized below, Manatt Health examines policy, operational, business and technical challenges and solutions to well-functioning, integrated provider directories and how they have been overcome in four states—Colorado, Maryland, New York and Washington. The report details the perspectives and experiences of consumer advocates, carriers, providers, state-based marketplaces (SBMs) and state Medicaid agencies in those states, with the goal of informing policymakers and stakeholders as they seek to improve consumer access to accurate provider directories. To download a free copy of the full report, click here.


Since implementation of the ACA, more consumers are shopping for health insurance through the individual commercial market. Many of these consumers are obtaining insurance for the first time and must navigate a complex coverage market and make important decisions for themselves and for their families based on available information.

Some carriers, state Medicaid agencies and SBMs publish provider directories to inform consumers as they select, enroll in, and use carriers' products. Organizations that offer multiple products across multiple carriers, such as SBMs, may publish integrated provider directories—online databases of carrier and provider data which consumers may search based on a set of criteria, such as provider name and location. Some state Medicaid agencies and SBMs do not publish provider directories but instead point consumers to online provider directories that carriers maintain.

Consumers use provider directories to:

  • Evaluate coverage options to determine whether a healthcare provider they would like to use is in-network and would be covered.
  • Select products based on cost, network size and care options.
  • Identify and locate providers when seeking care.

A March 2015 survey by Consumer Reports National Research Center found that 78% of privately insured Americans used their carriers' online provider directory in the past two years to find doctors, facilities or both.1

Despite the availability of provider directories, it is widely acknowledged that directories often contain inaccuracies. Directory errors may lead consumers to seek care at the wrong address, or worse, consumers may learn that the health insurance product they purchased does not cover a specific provider they want to see or are already seeing, despite being listed in the directory. This is troublesome because consumers may be required to pay significant fees to cover their visits to out-of-network providers.


To determine which states to include in the provider directory study, Manatt took a three-step approach:

1. Manatt conducted research to identify SBMs with functioning, integrated provider directories that were accessible from the marketplace's website and returned search results.

2. Manatt researched carriers and state Medicaid agencies in target states, and conducted a literature review and stakeholder interviews. Manatt interviewed 32 stakeholders representing consumer advocates, SBMs, state Medicaid agencies, regulators, carriers and providers.

3. Manatt and the California HealthCare Foundation convened a small group of stakeholders and subject matter experts to guide the project's approach and provide feedback on key findings.

Highlights of Major Findings

1. Policies, regulations and enforcement

Lack of enforcement of regulatory and contractual requirements creates an environment that does not foster shared accountability.

Developing and maintaining provider directories involves many actors, including carriers and marketplaces, physician practices and clinics, hospitals, independent practice associations (IPAs), hospitals and other institutions. Over time, these actors develop their own processes and requirements for creating and updating the information in the directories.

Manatt found that all carriers, marketplaces and state Medicaid agencies have contractual language requiring accurate and timely provision of provider directory data. These requirements are passed through carriers to medical groups, providers and institutions.

In addition to specifying data requirements, contracts describe penalties or remediation measures if a party fails to comply. Stakeholders report, however, that penalties are generally not enforced, primarily out of concerns for compromising robust provider networks and the mutual interests of state Medicaid agencies, SBMs and carriers to minimize disruption of member services. New York stakeholders were the only interviewees to report enforcement of penalties by the state for failure to maintain accurate directories.

2. Data standards

A lack of uniform data standards and accompanying guidance results in unusable data, especially when data comes from disparate sources.

Research and stakeholder interviews suggest that, in most states, there is minimal coordination or collaboration to standardize and streamline processes that could make directory updates easier and more efficient. In New York, the state and health insurance marketplace are working together to streamline carrier reporting of provider information through a common template accompanied by standards.

Carriers that operate nationally or in multiple states have the challenge of maintaining separate reporting processes for their respective markets in the absence of national or widely accepted industry standards. Several carriers noted that complying with disparate requirements is burdensome and requires significant resources.

3. Data integrity

Efforts to audit, perform quality assurance and verify the accuracy of provider directory data vary widely, with many organizations performing little to no quality review.

Despite the significant need for deliberate and ongoing efforts to ensure data integrity, few carriers, marketplaces or state Medicaid agencies report conducting robust data reviews of quality assurance activities. Almost all marketplaces and some carriers report provider information as they receive it and perform little to no quality checks or data reconciliation. (Some seek to verify data using existing databases but typically do not change data found to be incorrect.) This approach may result in multiple entries for the same provider due to differences in carrier naming conventions (i.e., Dr. John Smith, Dr. J. Smith and Dr. John H. Smith).

A few SBMs and carriers attempt to clean the data, using identifying information, such as the provider's national provider identifier (NPI), address, date of birth or state licensing number to reconcile the disparate information that carriers submitted and create a single record for each provider. Even when data are cleaned and reconciled, however, significant limitations remain, because organizations do not have access to a single source of provider information and may not be able to resolve all provider records successfully.

In addition to data reconciliation, some marketplaces, state Medicaid agencies and carriers make an effort to verify provider information through routine or ad hoc audits. For example, when an issue is reported to a marketplace or state Medicaid agency, it or its vendors may reach out to the provider directly to confirm information and contract status. If the marketplace or agency identifies an inaccuracy with the providers information, it typically works with the carrier to correct the information for the carrier's next data submission rather than correct the information in its systems to reflect a real-time update.

4. Time and resource requirements

Organizations typically rely on time and labor-intensive manual processes to develop and support provider directories.

All of the carrier, marketplace and state Medicaid agency stakeholders interviewed for this project reported investing time and resources in creating and maintaining provider directories. To a large extent, processes and systems rely heavily on manual efforts to verify and update provider data. Many use a combination of manual and electronic processes to collect and publish data. All marketplaces and carriers that were interviewed report contracting with third-party vendors to augment their internal provider directory resources and perform functions that the organizations do not have the capabilities to accomplish in-house.

Stakeholders acknowledge that resource limitations constrain their abilities to improve processes and systems devoted to maintaining provider directories. This is most apparent among marketplaces and states that rely on federal or public funding sources. It is a growing concern as marketplaces transition to becoming self-sustaining in 2016 and beyond.

5. Consumer decision making

Provider directories do not currently serve to effectively engage and inform consumers as they enroll in coverage and seek care.

Even though SBMs were not required to implement provider directories under the ACA, several took the initiative to do so to help consumers as they purchase and enroll in coverage. While there was not consensus regarding the data elements required to create a directory with an adequate level of information to support consumer decision making, stakeholders agree that the following data elements are valuable:

  • Name
  • Address
  • Phone number
  • Open/closed panel (specific to product)
  • Gender
  • Languages spoken by provider and office staff
  • Specialties
  • Accessibility
  • Hours of operation
  • Admitting privileges/affiliations

Some stakeholders also feel that facility information is important, especially to Medicaid populations who may be used to seeking care at a specific clinic rather than with a particular provider.

6. Provider contracting

Confusion exists among providers about contracting and participating in specific carrier products and the requirements and processes needed to update provider data.

Stakeholders reported a general lack of awareness among providers with respect to certain carrier contracting practices, which can result in confusion between providers and members seeking their services. Interviewees pointed to the need to educate providers and their staff about the importance of updating their information and communicating changes to carriers in a timely manner.

Carriers reported using the contracting process, existing network management relationships, newsletters and other marketing opportunities to educate and remind providers about their obligations to update and communicate changes to their information under their contracts. Marketplaces expressed interest in implementing provider-facing portals where providers, after proving their identity, could verify and correct their information.

1Surprise Medical Bills Survey: 2015 Nationally-Representative Online Survey, Consumer Reports, National Research Center, May 5, 2015,

back to top

HHS HIPAA Audits Coming in Early 2016

Authors: Robert Belfort, Partner, Healthcare Industry | Susan Ingargiola, Counsel, Healthcare Industry

Officials in the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) have indicated that OCR will begin a new phase of audits of covered entities' compliance with the Health Insurance Portability and Accountability Act (HIPAA) beginning early next year. OCR announced the audits in a September 23, 2015 response to a report by the HHS Office of the Inspector General (OIG), which criticized OCR for its lack of enforcement of HIPAA.


OCR is responsible for administering and enforcing the regulations promulgated under HIPAA: the Privacy, Security and Breach Notification rules. Generally, OCR has enforced the rules by investigating complaints and breaches, as well as performing education and outreach to foster compliance. It has historically conducted only a limited number of "compliance reviews" and the OIG has long criticized the agency for not pursuing more aggressive enforcement efforts. In 2011, for example, the OIG released a report indicating that HHS's oversight and enforcement actions were not sufficient to ensure that covered entities effectively implemented the HIPAA Security Rule. The OIG offered similar criticism in two new reports, released last month, entitled "OCR Should Strengthen Its Oversight of Covered Entities' Compliance with the HIPAA Privacy Standards" and "OCR Should Strengthen Its Followup of Breaches of Patient Health Information Reported by Covered Entities."

Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS to periodically audit the compliance of covered entities and their business associates with the Privacy, Security and Breach Notification rules. As required by HITECH, OCR designed, tested and evaluated an audit function as part of a pilot program a few years ago, during which it engaged KPMG to perform pilot compliance audits of covered entities throughout the country.

OCR finished the audits in the first quarter of Fiscal Year 2013 and spent the balance of the year conducting a formal program evaluation. The evaluation concluded in the first quarter of Fiscal Year 2014. According to OCR, the experience from the pilot audit program provided the agency with an enhanced understanding of current privacy and security risks to health information. The evaluation noted strengths of the program design and suggestions for establishing a permanent program. OCR intends to draw on this information when it launches what it is calling "phase 2" of the audits in early 2016.

OIG Criticism

In the OIG report titled "OCR Should Strengthen its Oversight of Covered Entities' Compliance with the HIPAA Privacy Standards," the OIG found that OCR's oversight and enforcement of HIPAA is "primarily reactive; it investigates possible noncompliance primarily in response to complaints." According to the OIG, "in about half of the closed privacy cases, OCR determined that covered entities were noncompliant with at least one privacy standard. In most cases in which OCR made determinations of noncompliance, it requested corrective action from the covered entities. OCR documented corrective action in its case-tracking system for most of these cases; however, OCR did not have complete documentation of corrective actions taken by the covered entities in 26 percent of closed privacy cases." Further, although 71 percent of OCR staff at least sometimes checked whether covered entities had been previously investigated, some rarely or never did so.

In the second OIG report titled "OCR Should Strengthen Its Follow-up of Breaches of Patient Health Information Reported by Covered Entities," the OIG found that "although OCR documented corrective action for most of the closed large-breach cases in which it made determinations of noncompliance, 23 percent of cases had incomplete documentation of corrective actions taken by covered entities. OCR also did not record small-breach information in its case-tracking system, which limits its ability to track and identify covered entities with multiple small breaches."

Among other recommendations, the OIG suggested that OCR engage in the following in an effort to improve its oversight and enforcement of HIPAA:

  • Fully implement a permanent audit program;
  • Enter small-breach information into the Program Information Management System (PIMS) or a searchable database linked to it;
  • Maintain complete documentation in PIMS for corrective action;
  • Develop an efficient method in PIMS to search for and track covered entities that reported breaches;
  • Develop a policy requiring OCR staff to check whether covered entities previously reported prior breaches; and
  • Continue to expand outreach and education efforts to covered entities.

Phase 2 Audits to Begin Early 2016

OCR has indicated that phase 2 of the audit program, which will launch in early 2016, will include a combination of desk reviews of covered entities' HIPAA policies, as well as on-site reviews; it will target specific common areas of noncompliance; and it will include HIPAA business associates. Over the next several months, OCR will update the audit protocols; refine the pool of potential audit subjects; and implement a screening tool to assess size, entity type, and other information about potential audit subjects. OCR also will update PIMS to build capacity to support an internal audit program. OCR noted that while it is moving forward with phase 2 of its audit program, the long-term scope and structure of the audit program will ultimately depend upon the availability and allocation of resources for the program (i.e., OCR's budget allocation).

Preparing for Phase 2 Audits

Covered entities and business associates should begin preparing now for the possibility that they may be audited during phase 2 of the program. Most importantly, covered entities should ensure that they have recently performed a risk analysis, which serves as the basis for all HIPAA security rule compliance.

Covered entities also should ensure that they have identified all of their business associates and that updated business associate agreements are in place with each of them. Business associates should be prepared to demonstrate compliance with the Security Rule, the Breach Notification Rule and the Privacy Rule. Mock internal audits can be conducted to mirror the process OCR is likely to utilize. The OCR audit protocol from the last round of audits provides a good starting point for this exercise.

For questions about HIPAA's audit program or for help ensuring that your organization is prepared for an audit, contact Robert Belfort at 212.830.7270 or Susan Ingargiola at 212.790.4639. Both are based in Manatt's New York City office.

back to top

Kissing Camels: Court Ruling Highlights Antitrust Perils for Affiliates in Joint Ventures

Authors: Ashley Antler, Associate, Healthcare Industry | Shoshana Speiser, Associate, Litigation

On August 28, 2015, relying on limited and arguably ambiguous evidence, a Colorado federal district court upheld the antitrust conspiracy and monopolization claims made by Kissing Camels Surgery Center, LLC and three other ambulatory surgery centers (ASCs) against two health systems, several health insurers, a competing ASC, and a trade association.1 This case highlights that independent legal entities affiliated through a joint venture may face unexpected antitrust risks as a result of their affiliates' actions.

Kissing Camels: An Overview of the Antitrust Claims

Plaintiff ASCs perform outpatient surgical procedures and treatments in non-hospital environments. Defendant Centura Health Corporation (Centura) operates numerous hospitals and ASCs as joint ventures with private physicians. The other defendants include Colorado Ambulatory Surgery Center Association Inc. (CASCA), a trade association; several health insurers; Audubon Ambulatory Surgery Center LLC, a joint venture with Centura (which subsequently settled with plaintiffs); and another health system. The parties operate in Denver and Colorado Springs, Colorado.

The plaintiff ASCs alleged Centura and another health system (against which plaintiffs have dismissed their claims) conspired to reduce competition for ambulatory surgical services by refusing to do business with the plaintiff ASCs and by exercising their market power to pressure physicians and several insurers not to do business with the plaintiff ASCs. CASCA allegedly participated in this scheme by holding strategy meetings at which the conspiratorial objectives were discussed and excluding the plaintiff ASCs from these discussions.

Centura moved for summary judgment, arguing that the plaintiff ASCs presented insufficient evidence to support their claims. The court denied the motion for summary judgment, finding sufficient evidence of both the conspiracy and monopolization claims to proceed to trial.

With respect to the conspiracy claim, the plaintiff ASCs alleged that the defendants viewed them as a competitive threat and colluded to put them out of business, thereby restraining trade in the relevant Colorado markets for ambulatory surgical services. The plaintiff ASCs presented evidence of:

  • A meeting between the chief executive officers of Centura and another health system regarding concerns about new ASCs in Colorado, but not indicating that Centura agreed to take action against the plaintiffs; and
  • Handwritten notes taken during a meeting of insurer and CASCA representatives referencing concerns about "bad ASC's"2 along with possible solutions. No Centura representatives were present at this meeting, but an Audubon representative attended.

In addition, the plaintiffs provided corroborating deposition testimony from the note taker at the meeting of insurer and CASCA representatives. The note taker explained that he understood the insurers present were asked to investigate ways to alter the ASCs' billing practices, an issue which also had been discussed during a prior conference call between the insurer and CASCA representatives.

The Court agreed with Centura that the first piece of evidence alone was insufficient to establish a conspiracy. However, the Court found that a reasonable jury could infer an agreement pursuant to which insurers would take action against the plaintiffs from the notes expressing concerns about "bad ASC's." Notably, the Court rejected Centura's absence from this meeting as a defense to any wrongdoing in light of two-year-old documents indicating that Audubon may have previously acted on Centura's behalf.

On the monopolization claim, the plaintiff ASCs alleged that defendants conspired to monopolize the Colorado Springs market for outpatient surgical procedures. Centura argued that because its market share was only 4.3% for ambulatory surgery patient visits and it only had 16.4% of the operating rooms used for such surgeries, this fell short of Centura having "dangerous probability" of achieving the monopoly power to control prices or exclude competition. The Court, however, determined that a reasonable jury could find Centura and Audubon were acting as affiliates whose market shares should therefore be combined. The Court determined that Centura's and Audubon's combined market share of 62% was sufficient to infer they would have enough market power to control prices or exclude competition.

In further support of their monopolization claim, the plaintiff ASCs argued that Centura engaged in conduct to exclude them from the relevant ambulatory surgery market. For example, the plaintiff ASCs cite to evidence that Centura cancelled a hospital transfer agreement with Kissing Camels because it saw Kissing Camels as a competitive threat to Audubon.

Centura argued, and the Court conceded, that the antitrust laws do not require Centura to deal with a competitor. Nonetheless, the Court found that the plaintiffs' evidence could support a finding that Centura's actions were intended to exclude the plaintiffs from the market. As a result, the Court ruled that summary judgment on the monopolization claim was inappropriate.

Lessons for Parties to Joint Ventures

This case highlights the antitrust risks that may arise as a result of association with joint venture affiliates. In this case, the Court determined that Audubon's actions could be imputed to Centura, even though the parties were two legally distinct entities and Centura had been absent from the meeting at which suspicious notes were recorded. That determination was based on two-year-old emails in which Centura expressed interest in Audubon acting on its behalf regarding its competitive concerns about the plaintiff ASCs. While acknowledging that these emails were "far from definitive," the Court rejected Centura's argument that such evidence was too ambiguous to permit the claims to proceed to trial.

In a similar vein, the Court combined the affiliated parties' market shares to find that the total share was sufficient to infer a dangerous probability of achieving monopoly power. The Court rejected Centura's argument that the market shares should not be combined, because there was no evidence that Centura controlled Audubon.

The Court's ruling in Kissing Camels shows that parties to a joint venture may be responsible for consequences not only of their joint actions, but also of their affiliates' seemingly independent actions toward mutual competitors. The ruling also underscores that joint venture affiliates must be mindful that all evidence of prior interactions, including but not limited to written correspondence, may generate antitrust risks. As this case demonstrates, even one ambiguous handwritten note could play an important role in preventing antitrust claims from being summarily dismissed by a court, and become fodder for prolonged and expensive litigation.

1Kissing Camels Surgery Ctr., LLC v. Centura Health Corp., No. 12-cv-3012 (D. Col. Aug. 28, 2015).

2Handwritten notes from that follow-up meeting state, "Bad ASC's haven't shown where huge revenue is coming from…They feel the ball is in our court *** strategy → *** can the flow of $ stop on our end."

back to top

The FCA and Overpayments: "Kane" Creates New Risks for Healthcare Providers

Authors: Jacqueline Wolff, Partner, Co-Chair, Corporate Investigations and White Collar Defense Group | Arunabha Bhoumik, Partner, Co-Chair, False Claims Act (FCA) Group

Editor's Note: Healthcare providers that treat Medicare and Medicaid patients regularly face the quandary of what to do when there's the possibility they may have been overpaid by the government for their services. Since 2010, the law has been clear that providers are required to pay back overpayments within 60 days of being identified or risk liability under the False Claims Act (FCA). 31 U.S.C. § 3729 et seq.

What is not clear is when the 60-day period starts. Does it begin when the provider learns of a possible overpayment—or only when the provider has confirmed an overpayment? How much time, money and energy must the provider spend investigating the overpayment? And how promptly must the provider complete the investigation?

In a recent case of first impression, U.S. ex rel. Kane v. Continuum Health Partners, No. 11 Civ. 2325, 2015 WL 4619686 (S.D.N.Y. Aug. 3, 2015),1 Judge Edgardo Ramos directly addressed these issues. By taking an expansive view of what constitutes "identification" of an overpayment, Kane has significantly expanded the scope of potential FCA liability for healthcare providers. In a new article in the New York Law Journal, summarized below, Manatt examines the Kane ruling—and the risks that it creates. Click here to read the full article.


Statutory Background

Enacted during the Civil War, the False Claims Act, 31 U.S.C. § 3729 et seq, allows the government or private whistleblowers (called relators) to sue to recover monies wrongfully paid out due to fraudulent claims. In 1986, Congress amended the FCA, adding the so-called "reverse false claims" provision, imposing liability on a party who affirmatively "made or used a false record or statement" to avoid paying money to the government.

In 2009, Congress passed the Fraud Enforcement and Recovery Act (FERA), which, among other things, strengthened the "reverse false claims" provision, making parties liable under the FCA if they "knowingly conceal" or "knowingly and improperly" avoid or decrease an obligation to pay the government." 31 U.S.C. §3729(b) (1) (A). As part of the Patient Protection and Affordable Care Act (ACA), Congress added a provision in 2010 requiring healthcare providers who receive an overpayment to "report and return" the overpayment in 60 days. Providers who knowingly conceal or improperly retain payments beyond 60 days may be liable under the FCA.

Background on Kane

Kane began innocently when a third-party's computer glitch caused three Continuum hospitals to be paid for Medicaid claims that should not have been submitted. The overpayments were identified in September 2010, and the glitch was fixed in December 2010.

According to the complaint, based on a request from management, the relator, Robert Kane, wrote an email on February 4, 2011, attaching a spreadsheet of approximately 900 claims potentially affected by the glitch. There is no dispute the list was over-inclusive. About half the claims were never paid. Kane was terminated four days after the email.

The complaint further alleges that Continuum "did nothing further" to investigate the potential overpayments or bring them to the attention of the New York State Comptroller. Instead, in April 2011, Continuum began reimbursing New York State for overpayments identified by the Comptroller. 2015 WL 4619686 at *17. Continuum completed reimbursing New York in March 2013, after the U.S. Attorney issued a Civil Investigative Demand regarding the overpayments.

On April 5, 2011—day 60 after he provided his spreadsheet—Kane filed an FCA case. The United States and New York intervened in June 2014. The government alleged that by failing to investigate the potential overpayments that Kane identified, Continuum delayed repayment for more than two years.

Continuum moved to dismiss, arguing that because Kane's analysis was preliminary, no overpayment had been "identified" for purposes of the ACA. Therefore, the 60-day clock did not begin running. Continuum argued that the 60-day rule could not be reasonably applied where an overpayment had not been definitively ascertained, because of the time needed to investigate. Therefore, because it had no "obligation" to repay New York for claims until it determined with certainty those claims were overpaid, it was not liable under the FCA.

The Ruling

Judge Ramos ruled that Continuum's obligation had been triggered by the awareness of potential overpayments. He rejected Continuum's arguments, holding that "the sixty day clock begins ticking when a provider is put on notice of a potential overpayment, rather than the moment when an overpayment is conclusively ascertained." Id. at *11.

According to Ramos, Continuum's argument was that "identified" means "ascertained with certainty." Ramos ruled that "identified' does not mean "ascertained with certainty." He pointed out that under FERA, an obligation is "an established duty, whether or not fixed, arising…from the retention of an overpayment." Id. at *11 (citing 31 U.S.C. §3729 (b) (3). Ramos further noted that Continuum's argument would create an incentive for providers not to investigate potential overpayments. Id. at *14.

Ramos also rejected Continuum's argument that the time it would take to investigate potential overpayments ordinarily would exceed the 60-day rule, exposing providers to FCA liability, even when they are investigating in good faith. Ramos stated that "prosecutorial discretion would counsel against the institution of enforcement actions aimed at well-intentioned healthcare providers working with reasonable haste to address erroneous overpayments." Id. at *13.

Kane Creates New FCA Risks

Kane creates significant risks for healthcare providers who, given the volume of claims they file, are likely to receive overpayments at some time. Healthcare providers routinely become aware of potential overpayments, for example, through self audits. As a result of Kane, on day 61 of identifying a potential overpayment, the provider is now at risk of an FCA lawsuit.

Nor does the decision's reliance on the good faith of federal prosecutors provide any comfort. Providers cannot rely on prosecutorial discretion to know when it's "OK" not to follow the court's interpretation of a law. Moreover, even if providers could rely on every government attorney's discretion, relators still can bring a weak or unfair FCA case.

Providers can take steps to mitigate the FCA risks that Kane creates. To trigger FCA liability, a provider must knowingly conceal or knowingly and improperly avoid an obligation to pay. Therefore, one option for providers is not only to self-disclose possible overpayments if the government is unaware of them but also to clarify at the outset who is responsible for investigating the overpayments and what a "reasonable" investigation will entail. Providers may even state in the letter that, because they dispute whether any repayment is owed, they believe the 60-day clock is not yet running.

While such steps reduce FCA risk, they don't eliminate it. For that, the Centers for Medicare and Medicaid Services (CMS) would have to address the real-world issues presented when a positive overpayment is noted. Although CMS has issued a proposed guidance on when an overpayment is "identified" with respect to certain Medicare programs, it has not provided guidance in the Medicaid context. Furthermore, CMS announced this year that its final guidance for the Medicare and Medicaid 60-day rule has now been delayed one year. Without more certainty around what triggers the 60-day rule in the Medicaid context, providers remain at the mercy of the whims of individual local Medicaid programs, prosecutors and FCA relators.

1Some of the entities involved in this matter are Manatt clients though Manatt has not represented any clients in this matter.

back to top

Standardizing Health Plan Reporting on Access to Care

Author: Sarah Gettings, Associate, Litigation

Regulators in many states are requiring greater standardization of reporting and transparency of data concerning provider networks and access to care. The increased standardization and transparency means more meaningful plan-to-plan comparisons, including between Affordable Care Act (ACA) and non-ACA plans, will soon be possible. The focus on standardization and transparency is driven, in large part, by an increased demand for low-cost healthcare services due to new consumers entering the market under the ACA. Given plans' increasing use of cost-saving strategies such as tailored networks, regulators are struggling to ensure consumers have adequate access to care.

Plan-to-plan comparisons using access-to-care metrics will undoubtedly impact consumers' choices in the marketplace. Health plans should closely monitor their regulators' efforts and examine which metrics regulators consider most important as indicators of access.

In California, the Department of Managed Health Care (DMHC) is well on its way to standardizing timely access reporting in response to recent state legislation enacted to address concerns about ACA health plans.

Case Study: SB 964 in California

California's DMHC has been working over the past year to implement SB 964, a bill that increases oversight over healthcare service plans in an effort to improve plans' compliance with timely access and provider network adequacy standards. The bill was enacted in late 2014.

SB 964's purpose was to address worries over provider networks for Medi-Cal plans and plans sold over the state's health insurance exchange, Covered California. In particular, the bill's sponsors pointed to media reports of lack of access for Covered California enrollees, and enrollees' confusion over networks and benefit design. The broadly worded bill, however, impacts various lines of business and has already impacted plans' timely access reporting, notwithstanding its focus on Medi-Cal and Covered California.

California's Timely Access Regulations

Prior to SB 964's enactment, California's accessibility reporting requirements were not standardized, leading some observers to criticize their effectiveness.

California's timely access regulations are relatively new. In 2010, the DMHC adopted Rule 1300.67.2.2, which requires health plans to design and implement monitoring systems to measure the accessibility and availability of contracted providers.1 It requires plans to have written quality assurance systems and procedures in place to ensure their provider networks are sufficient and that enrollees have timely access to covered healthcare services.2 Under Rule 1300.67.2.2, timely access is not defined based on clinical outcomes. Rather, access is determined by reference to time-elapse standards such as appointment wait times.

Importantly, Rule 1300.67.2.2 does not mandate any particular methodology or procedure for reporting compliance with these timely access standards. As a result, health plans have used different metrics and different approaches over the last few years, making plan-to-plan comparisons nearly impossible.

DMHC Director Shelley Rouillard has reported that measuring timely access has been challenging without standardized reporting.3 During a public presentation earlier this year, Ms. Rouillard said the DMHC has been working closely with health plans since 2010 to tweak the reporting mechanisms so the department can compare how plans perform against each other.4 According to Ms. Rouillard, it has been a "slow process" to determine how best to standardize reporting.

SB 964 Requires Standardization

SB 964 formalizes the standardization process by specifying the data health plans must disclose in annual reports on network adequacy and by requiring the development of standardized reporting on timely access. Also, it makes standardization a priority. Under the bill, DMHC has five years to adopt a standardized reporting methodology for timely access.

During the debate on SB 964, Covered California was a strenuous proponent of standardization, recommending that regulators require health plans to use a common template, common analytics, and coordinated product and network filings with cross-plan comparisons.5 The DMHC is now coordinating with Covered California, so health plans can use the same network templates for their timely access filing and Covered California quarterly network reporting.6

In the short term, the bill created a glut of new work for the DMHC.7 In the long term, however, standardization may streamline its reviews. The DMHC has already adopted two standardized methodologies under SB 964 and is actively working to improve its reporting process.8

The DMHC's reporting methodologies will certainly change over the next few years as the regulator works out the kinks. But plans' compliance with timely access standards will eventually be made publicly available on the Office of Patient Advocate's annual report cards.9 Many dispute whether California's timely access standards are an accurate or useful measure of access to care in the first place, but plans may soon find consumers comparing products based on these standards.


The move toward standardization of health plan reporting means that plan-to-plan comparisons are becoming possible. Health plans would be wise to consider access to care reporting not only as a regulatory issue but also as a marketing concern. Depending on disclosure requirements, plan-to-plan comparisons based on access-to-care metrics could serve as a significant competitive advantage (or disadvantage) in the health insurance marketplace.

1Cal. Code Regs. § 1300.67.2.2(c)-(d).


3Presentation by DMHC Director, Shelley Rouillard, at UCLA Health Forum (Jan. 28, 2015) ("Jan. 28, 2015 Rouillard Presentation") ("Measuring timely access is really really challenging, as anyone here will attest to. When the regulation was passed, there wasn't a set methodology that the department told the plans—you need to do this. And over the last few years, we've been working with the plans and trying to tweak the requirements for reporting compliance, but it's been a slow process. And without a standardized methodology, we can't really compare how plans perform against each other, and that was one of the goals of having a timely access law to begin with.")


5California Legislative Information, SB-964 Health care coverage (2013-2014), available at

6Department of Managed Health Care, Timely Access Network Reporting General Instructions, available at

7Jan. 28, 2015 Rouillard Presentation (explaining that under SB 964, the DMHC must review networks by plan, by product line, by county—which amounts to a total of over 3,000 network reviews in 2015 alone).

8Department of Managed Health Care, Submit Health Plan Filings and Reporting, available at

9Jan. 28, 2015 Rouillard Presentation ("Eventually, the plans' compliance with timely access will appear on the annual report card that the Office of the Patient Advocate puts out each year.").

back to top

New Webinar: Register Today for "The Connected Patient: Using Digital Health in Care Management."

Join Us October 26 from 1:00 – 2:00 p.m. ET.

Fueled by multiple federal funding programs to catalyze health reform, Medicaid programs are increasingly driving unprecedented delivery system transformation. Game-changing initiatives such as the Delivery System Reform Incentive Payment (DSRIP) program and Health Homes are changing how providers care for Medicaid populations—and how they are paid for their services. Working with their community partners, providers have begun to develop a variety of innovative care management models. And the reinvention of care delivery is just beginning. State Innovation Waivers—slated to go into effect on January 1, 2017—will lead to even greater exploration of new approaches for providing care and improving outcomes.

In a new webinar, "The Connected Patient: Using Digital Health in Care Management," Manatt Health will explore how these emerging models can become a framework for using telehealth and other digital technologies to help improve the health of Medicaid populations, reduce overall hospital admissions and support accurate reporting of quality metrics. The session will share real-world examples from states already implementing care innovations.

During the program, you will:

  • Review policies and programs driving Medicaid delivery system transformation.
  • Explore examples of emerging innovative care models.
  • Discuss how providers and payers are working together toward multipayer delivery system transformation.
  • Understand how new care management models are reducing disease progression and managing complex chronic conditions more effectively in high-risk Medicaid and uninsured populations.
  • Examine how new care management approaches are driving opportunities for introducing telehealth and other digital innovations to improve care outcomes and quality.
  • Discover the health IT, organizational and financial considerations supporting the integration of connected health solutions into emerging care management approaches.
  • Benefit from "lessons learned" to help healthcare stakeholders and technology vendors overcome common barriers to adopting connected health solutions in care management programs.

Digital health is transforming care delivery around the world. The global digital health market is expected to reach $233.3 billion by 2020.* How does the digital health revolution translate into improved outcomes for Medicaid populations? With Medicaid the single largest payer for healthcare in every state, that's a critical question. Get the answer at "The Connected Patient: Using Digital Health in Care Management."



back to top

New Webinar: Register Now for "Fraud and Abuse 2016: Game-Changing Trends and Cases (and How to Protect Your Organization)"

Join Us November 10 from 2:00 – 3:30 p.m. ET. Click Here to Sign Up Free—and Earn CLE.

In 2014, the Department of Justice recovered $2.3 billion from healthcare fraud, marking the fifth straight year the Department recovered more than $2 billion from cases involving false claims against federal healthcare programs, such as Medicare, Medicaid and TRICARE. From January 2009 through the end of the 2014 fiscal year, the Department used the False Claims Act (FCA) to recover $14.5 billion in federal healthcare dollars. And these amounts reflect federal dollars only. In many of these cases, the DOJ was instrumental in recovering additional billions of dollars for consumers and states.

Clearly, every segment of the healthcare industry is enduring greater levels of scrutiny. While the focus has historically been on pharmaceutical and medical device manufacturers, surgeons, insurers and long-term care facilities, other segments now are finding themselves in the crosshairs. For example, cases involving hospitals resulted in $333 million in settlements and judgments in 2014.

In "Fraud and Abuse 2016," a new webinar for Bloomberg BNA, Manatt examines the growing use of FCA as an enforcement tool and other enforcement trends—including the use of increasingly aggressive techniques, such as video surveillance and wiretaps, making the healthcare landscape more perilous than ever in history. During the program, participants will:

  • Track the growth in FCA recoveries—and what's anticipated in the months to come.
  • Look at the new healthcare stakeholders facing FCA cases—and the types of violations being investigated for each segment.
  • Gain an understanding of FCA definitions, provisions and penalties.
  • Explore the key FCA cases that are remapping the fraud and abuse landscape—and the decisions to watch for in 2016.
  • Examine the latest enforcement trends, including the use of predictive modeling, videotaping, wire and securities fraud and more.
  • Learn the enhanced provisions that are increasingly common in Corporate Integrity Agreements (CIA).
  • Discover how the ACA raised the stakes.
  • Hear the new rules and incentives around whistleblowers.
  • Find out how to build compliance programs that protect your organization in today's stringent and complex enforcement environment.
  • Gain guidance on how to respond effectively, if a government investigation happens.

Don't miss this chance to learn both how to avoid FCA actions—and what to do if the government does come calling. Click here to register free, and earn CLE. Even if you can't make the November 10 airing, register now, and we'll send you a link to view the program at your convenience, on demand.


  • Arunabha Bhoumik, Partner, Co-Chair, FCA Group
  • Jacqueline Wolff, Partner, Co-Chair, Corporate Investigations and White Collar Defense Group
  • Robert Hussar, Counsel, Healthcare Industry

back to top



pursuant to New York DR 2-101(f)

© 2023 Manatt, Phelps & Phillips, LLP.

All rights reserved