Revenue recognition standard could contribute to health care fraud
The revenue recognition standard that takes effect next year could help health care providers and regulators identify instances of Medicare and Medicaid fraud by subjecting their financial statements to new scrutiny, although in some ways the new rules could also spur some forms of fraud.
The new standard comes at a time when many organizations are still adjusting to Medicare’s new value-based reimbursement program, which holds health providers more accountable for the quality and cost of care they deliver to patients (see Medicare providers face extra pressures under revenue recognition standard).
“I think one of the areas where we think there’s a potential likelihood for fraud is a lot of metrics in the new health care reimbursement world are going to depend on not just financial and contractual terms but also on quality and clinical measures,” said Steven Shill, a partner at BDO USA and national leader of the BDO Center for Healthcare Excellence & Innovation. “Meeting these clinical and quality measures in fact could or would result in bonuses being paid or amounts retroactively being taken back. From the revenue recognition standpoint, understanding these metrics is going to be critical, and we think that’s where there’s a potential for fraud.”
He pointed out that financial people are generally the ones who are going to be addressing accounting and revenue recognition issues, but the new standard could require the involvement of clinical staff at health care providers. “It’s now gone to the next level of requiring both clinical and operational people understanding the underlying terms of the arrangement in order for revenue recognition to take place,” said Shill. “We think that if it’s left in the hands of just financial people, there’s definitely a propensity there for fraud because frankly many financial people wouldn’t know what they were looking at if they didn’t fully understand the clinical and operational metrics.”
The new standard may also take a while for health care organizations to get used to employing. “Another area where we think there’s a propensity for fraud is just given the newness and the lack of understanding of the application of the new revenue recognition literature,” said Shill. “That then becomes a great parking place for other types of fraud.”
BDO recently published an alert about how the Justice Department and the Department of Health and Human Services have been ramping up efforts to crack down on health care fraud, announcing charges in July against more than 400 people in 41 jurisdictions for approximately $1.3 billion in false billings. BDO warned about how the new revenue recognition standard, also known as ASC 606, could heighten the risks for health care organizations and their accountants.
“In the alert we bring the reader’s attention to the fact that we think auditors and accountants are going to have to become very granular in evaluating revenue in these types of situations, and frankly trace all the debits and credits very carefully,” said Shill. “For example, a misapplication of 606 could result in certain overrecognition of revenue, but then use that as an offset for maybe illegal payments, for example, to physicians, which would be a contravention of Stark.”
The Stark laws, named after former Congressman Pete Stark, D-Calif., govern physicians who refer services for Medicare and Medicaid patients to medical facilities in which they have a financial interest.
“We think that the haziness and complexity of the implementation, in conjunction with the complexity of the environment, make it a very fertile ground for committing various types of fraud,” said Shill. “Whether it be an auditor looking at the financial information, a regulator looking at the financial information, or management reviewing the positions being taken by the company, they’re going to have to be very astute and granular in looking at and understanding how this revenue recognition literature has been implemented, and all the ancillary factors that need to be taken into account.”
Auditing firms could find themselves exposed to liability risks if they overlook instances of health care fraud or overpayments, or use of the revenue recognition rules to cover up kickbacks.
“What we’re dealing with is financial reporting fraud, which could lead to issues surrounding the misapplication of the SOX rules, for example, relative to publicly traded companies, as well as fraudulent reporting under SEC regulations, which could lead to significant penalties, fines, imprisonment and litigation for all of those associated,” said Shill.
The underlying complexity of the revenue recognition standard could make fraud and abuse or pure financial fraudulent reporting situations more difficult for auditors to detect, or even cover up such practices completely. In turn, revealing fraudulent financial reporting could uncover fraud and abuse situations within the health care setting. In some cases, fraud and abuse situations could be discovered by chance by outside auditors examining a contract who discover inappropriate financial reporting, BDO pointed out.
“For example, inappropriate revenue recognition or deferral can sometimes be used to cover up the existence of kickbacks for referrals or inappropriate payments to vendors,” said the alert. “Such situations only become evident when auditors break apart the revenue streams and evaluate the contacts under financial accounting rules in accordance with Generally Accepted Accounting Principles (GAAP). This sometimes goes down to the granular level of tracing debits and credits through the general ledger.”
The alert also warns health care organizations to be careful about using non-GAAP measures such as EBITDA because they could put organizations at risk of violating the anti-fraud provisions of the securities laws. Organizations should use non-GAAP metrics cautiously and be sure they’re consistent with SEC guidance and rules.
Venson Wallin, managing director of BDO’s Healthcare Advisory practice, noted that the false claims issue could depend on how the contracts are structured with revenue recognition, especially as it relates to costs, in addition to any type of claims filed with the federal government. The factors could include how health providers are recognizing the revenue they are including in their cost reports, the timing of their insurance claims, and what charges they are including in their claims. In many cases, the errors may be unintentional, due to the complexity of the various rules.
“I’m not saying there is a pervasive fraudulent environment out there,” said Wallin. “I do not believe that to be the case. I do believe there are such complexities that for people who are responsible for creating the bills and doing the coding, the complexity will lend itself to errors. Those errors, if they are filed with the federal government in whatever fashion, be it a cost report, or an actual claim, that’s considered fraudulent. Whether it was intended or not, it’s fraudulent because it’s wrong. Obviously the government, if they find there’s fraudulent activity, depending on the intent and the facts and circumstances, may be less severe on some than on others, depending on whether it really was a human error, but it’s still fraud.”
Health care providers could find themselves facing fines, penalties or worse.
“There’s likely to be penalties and there’s likely to be fines, in some cases potentially imprisonment, depending on the severity,” said Shill. “Certain organizations might find themselves subject to corporate integrity agreements and placed under monitorship, and to add insult to injury, require an independent review organization to be involved in reviewing their processes, including education.”
To avoid such situations, accountants will need to advise their health care clients about the possible risks and the need to be proactive.
“Proactivity means do you understand what is in your data, because the federal government is using a lot of data analytics, and that is making it extremely easy for them to identify outliers,” said Wallin. “There may be a perfectly good reason for it, but you need to understand if you are in fact an outlier and craft a legitimate argument as to why you are. You want to be proactive. You want to be doing quarterly or periodic billing and coding reviews to make sure there’s nothing untoward or misunderstandings or just not understanding how to code, because you want to identify those ahead of time and be the one that self-discloses. If you self-disclose, the fines and penalties are usually less. You can usually avoid a corporate integrity agreement, whereas if you wait until somebody comes up and turns it in to a regulator, then you lose all control over your destiny. But the complexity of the revenue recognition rules adds layers and layers of complexity on top of what was already complex.”
The new accounting rules could perhaps inadvertently help enable some forms of fraud. “They’re taking a complex environment and making it more complex,” said Shill. “For those who are willing to or interested in exploiting the system, now is the perfect storm for them to exploit it, because there’s just a lot of noise out there. We think this is a time when astute investors and management consultants need to pay extra special attention to the environment.”