Introduction

1.1 The Department of Health (Health) has been responsible for compliance by health providers with the requirements of three key public health funding schemes and a health incentive program since 2015.² The 2018–19 combined expenditure of the health schemes and program was $36.6 billion, representing about half of all Australian government expenditure on health.³ The relevant public health funding schemes and incentive program are outlined in Table 1.1.⁴

Table 1.1: Department of Health: health funding schemes and incentive programs

Source: ANAO and Department of Health.

1.2 The relative expenditure on the public health funding schemes and incentive program in 2018–19 can be seen in Figure 1.1.

Figure 1.1: Public health funding schemes and incentive program: expenditure as proportion of total, 2018–19

Source: ANAO.

1.3 Figure 1.2 shows the number of Medicare services and benefits paid (MBS) and the number of prescriptions and government expenditure (PBS) for the last ten years (PIP and CDBS are not shown due to their comparatively minor expenditure).

Figure 1.2: Key statistics, MBS and PBS 2009–10 to 2018–19

Source: ANAO from Department of Health data.⁵

1.4 The Provider Benefits Integrity Division (PBID) in the department is responsible for the health provider compliance program. PBID’s 2019–20 budgeted expenses were $106.1 million, and the estimated average staffing level in the same period was 337. The objective of the health provider compliance program is⁶:

To support the integrity of health benefit claims through prevention, early identification and treatment of incorrect claiming, inappropriate practice, fraud and prohibited practices.

1.5 The Health Insurance Act 1973, National Health Act 1953 and Dental Benefits Act 2008 set out a legislative framework that guides the provision and claiming of services and benefits, and allows for post payment compliance activities to be undertaken, to identify incorrect claiming and recover debts. There has been a range of legislative changes aimed at improving health provider compliance arrangements, and to strengthen debt recovery arrangements as outlined in Table 1.2.

Table 1.2: Health provider compliance: key legislative changes

Source: Australian Parliament House, Parliamentary Business Bills and Legislation, and The Federal Register of Legislation.

1.6 The government’s requirements for fraud control are contained in the 2017 Commonwealth Fraud Control Framework⁷ pursuant to the Public Governance, Performance and Accountability Act 2013 (PGPA Act). The Framework comprises three tiered documents — the fraud rule, fraud policy and fraud guidance. As a non-corporate Commonwealth entity, Health must comply with the fraud rule and the fraud policy. Health assesses health providers’ possible non-provision of a service, or non-supply of a medication, initially as an investigation for possible fraud in accordance with the government’s requirements for fraud control.

Previous ANAO audits

1.7 The ANAO conducted an audit in 2013–14 that examined the effectiveness of then Department of Human Services’ management of Medicare compliance audits.⁸ The audit found that performance had been mixed. Whilst a program of compliance audits and related compliance activities were delivered, helping to reinforce health professionals’ awareness of their compliance obligations, the administration of Medicare compliance audits was found to have a range of shortcomings. Areas identified where Human Services could have improved its administration of Medicare compliance audits included:

• while the department had processes in place to identify risks to the Medicare program, historically it had not routinely undertaken preliminary analysis of emerging risks in a timely way. Consequently, a large number of identified risks had not been substantively analysed to determine whether their treatment should be given priority and factored into Human Services’ compliance planning;
• there were inconsistent approaches within Human Services to calculating debts, with variability in the standards of proof accepted by different compliance officers in calculating debts;
• between 2008–09 and 2012–13, Human Services raised a total of $49.2 million in debts and recovered $18.9 million from Medicare compliance audits. There was a $128.3 million shortfall in the savings achieved by the department, in the form of monies actually recovered, against the target set by a budget initiative — some 87 per cent less than the $147.2 million in expected savings. Since the introduction of the budget measure, the compliance audits performed by the department, including those performed under the department’s enhanced legislative powers, were delivered at a net cost to government;
• Human Services did not develop or implement its proposal to monitor and report on savings and achievements against the budget measure; and
• the department only met its key performance indicator — 2500 completed Medicare audit and review cases per year — once in 2011–12, when it reported completing 2549 Medicare audits and reviews. While the annual target had been agreed by Ministers in the 2008–09 Budget context, during 2012–13 Human Services altered the mix of compliance activities it counted towards the target, by including 500 less onerous ‘targeted feedback letters’, as well as compliance activities directed towards members of the public rather than health professionals. The department subsequently reported completing a total of 2819 Medicare compliance cases in 2012–13, against the revised activity mix. If the additional compliance activities were excluded, the number of Medicare compliance audits and reviews completed in 2012–13 (against the Ministerially agreed target) was 2073. While acknowledging the department’s advice that targeted feedback letters were a valid compliance treatment intended to encourage voluntary compliance, their inclusion resulted in inaccurate performance reporting for the budget measure, as well as inaccurate and inflated internal reporting of its compliance coverage rate.

Rationale for undertaking the audit

1.8 The Health Provider Compliance Program aims to support the integrity of Australia’s publicly subsidised health funding schemes and incentive program (see Table 1.1) by identifying and treating incorrect claiming, inappropriate practice and fraud by health providers. This can include the recovery of funds which have been incorrectly claimed. Given the large volume and value of health providers’ claims, it is important to assess whether Health has an effective approach to the prevention, identification and treatment of incorrect claiming, inappropriate practice and fraud by health care providers and suppliers.

Audit approach

Audit objective, criteria and scope

1.9 The audit objective was to assess the effectiveness of the Department of Health’s approach to health provider compliance.

1.10 To form a conclusion against the audit objective, the following high-level criteria were adopted:

• approaches to identify, prioritise and treat non-compliance are appropriate; and
• oversight arrangements for monitoring health provider compliance outcomes are appropriate and inform future compliance approaches.

1.11 The audit did not examine Health’s ‘passive’ compliance activities, such as education, or debt recovery processes.

Factors influencing the audit scope

1.12 A number of factors have influenced the audit scope, including:

• Health advised that health provider compliance and debt recovery activities were suspended on 24 December 2019 in bushfire disaster declared areas, except in instances of serious non-compliance or investigations of fraudulent behaviour. During the audit, on 18 February 2020, the Australian Government activated the Emergency Response Plan for Novel Coronavirus (COVID-19).⁹ From early 2020, health provider compliance and debt recovery activities were nationally suspended to reduce the impact on health providers contributing to Australia’s response to the COVID-19 pandemic. Compliance activities continued where there were instances of serious non-compliance or investigations of fraudulent behaviour. Health further advised that compliance activities have been progressively recommenced throughout the second half of 2020 for all provider groups. In recommencing compliance activities, Health is monitoring and responding to any changes in, or escalation of, the COVID-19 pandemic, including reassessing the potential impact on health providers and adjusting activities as required.¹⁰
• As noted in this report, there have been changes in PBID’s compliance operating model since 2017. This made examination of the compliance model prior to this date of limited relevance. While Health has advised that it has commenced activities to implement a new compliance model from early 2020, the suspension of health provider compliance meant that it was not possible to verify and test the effectiveness of Health’s implementation of the new model.

1.13 As a result of these factors, this audit principally focused on PBID’s 2018–19 activity and reported results.

Audit methodology

1.14 The audit methodology included:

• examination and analysis of departmental records; and
• interviews with relevant departmental staff.

1.15 The audit was open to citizen contributions, and received 30 contributions from a range of health providers, peak bodies and other interested persons.

1.16 The audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of approximately $520,000.

1.17 The team members for this audit were Julian Mallett, Christine Preston, Anne Kent, Erica Sekendy, Samuel Painting, Brendan Gaudry, David Brunoro and Peta Martyn.

2.1 Given the value and scale of the three public health funding schemes and incentive program, it is important that Health’s compliance activities are targeted towards the areas of greatest risk, that non-compliance concerns are appropriately identified and prioritised, and that compliance activities or treatments are undertaken commensurate with the identified risk, required resources and expected returns of this activity.

2.2 To assess Health’s approaches to identifying, prioritising and treating non-compliance, the ANAO planned to examine Health’s compliance model, strategy and procedures for health provider compliance. As Health did not have a compliance strategy, the ANAO based its analysis on:

• criteria sourced from similar ANAO compliance program audits¹¹; and
• Health’s 2018–19 compliance activity and results.

The compliance model

2.3 Compliance programs are a coordinated program of:

• compliance monitoring;
• activities to promote compliance and reduce the risk of inadvertent non-compliance;
• the detection and identification of non-compliance; and
• remedying non-compliance through enforcement activity, including the selection of an appropriate non-compliance treatment.

2.4 To best target compliance activities, many government entities have adopted a model commonly known as the compliance ‘pyramid’ as shown in Figure 2.1.

Figure 2.1: The compliance pyramid

Source: ANAO Report No.41 2016–17, Management of Selected Fraud Prevention and Compliance Budget Measures, reproduction of the then Department of Human Services compliance model.

2.5 The compliance pyramid recognises that amongst the population from which compliance is sought, the majority are willing to comply with the ‘rules’ and only fail to do so inadvertently (for example, if the rules are unclear). For this group of the population, an appropriate ‘treatment’ may be to provide assistance, education, encouragement or guidance on their compliance obligations — or to make the obligations themselves clearer. Further up the pyramid, increasingly smaller proportions of the population may display a greater disinclination to comply and stronger treatments are required to oblige compliance, particularly where there may be a significant financial benefit in not complying. In the smallest proportion of the population, where there may be deliberate (or repeated) non-compliance or fraud, prosecution may be the only appropriate treatment.

2.6 Health has adapted the generic compliance pyramid as shown in Figure 2.1 for the health provider compliance program as shown in Figure 2.2.

Figure 2.2: Health provider compliance model

Source: Department of Health.

2.7 Since responsibility for MBS compliance moved to Health, the health provider compliance operating model and PBID’s procedures had been reviewed and amended on several occasions. A December 2016 report by the Boston Consulting Group¹² resulted in Health introducing a market segment approach to identifying non-compliance. Implementation of this approach began in October 2017 when 66 provider groups were identified by PBID. The number of provider groups was revised by PBID in October 2018 to 92, to be more closely aligned with the way the health industry categorised provider specialities.

2.8 In July 2018, an internal audit noted that PBID designed a methodology for prioritisation and planning of compliance activities that involved the sequential creation of a Provider Group Profile (to be developed over 25 weeks) and a Provider Group Strategy (to be developed over 22 weeks). The internal audit report commented that ‘this planning time is largely comprised of conducting research, analysing data and identifying areas of concern’ and that adoption of the market segment model had led to a disproportionate level of effort in the planning of compliance activity:

…the large amount of lead time and effort in planning may not be proportional to the achievement of compliance objectives and risk mitigation to meet the timeframes expected by key stakeholders.

2.9 As at November 2019, 30 provider profiles (associated with 34 health provider groups) had been developed, and 17 provider strategies approved.

2.10 A December 2019 internal discussion paper noted the internal audit findings and proposed the introduction of a ‘hybrid risk-based’ model to be known as 1CAB in order to ‘reduce development timeframes and advance high risk/value concerns to treatment faster’. Health advised in September 2020 that the 1CAB operating model had been approved and became ‘incrementally operational’ in early 2020.

Estimates of the cost of health provider non-compliance

2.11 Estimating the financial cost of non-compliance can inform the performance and integrity amongst the population from which compliance is sought. Determining levels of willing participation in the population and significant shifts in compliance can guide priority risks, and better inform where to invest compliance resources.

2.12 Table 2.1 shows the estimates of the costs of health provider non-compliance from a number of consultant reports commissioned by Health based on benchmarking with international comparators and applying research methodologies. This shows the potential financial implications range between $366 million and $2.2 billion.

Table 2.1: Estimates of the costs of health provider non-compliance 2018–19

Note a: Calculations are based on $36.6 billion expenditure in 2018–19 on the three health funding schemes and an incentive program.

Note b: Article on Australian Medical Association website, authored by Department of Health (https://ama.com.au/aus med/medicare-compliance%C2%A0-what-providers-need-know).

2.13 The 2016 Analytics in Health Provider Compliance at Department of Health report referred to in Table 2.1 further stated that $600 million per annum in debt recovery and prevention of future non-compliance was ‘realistically achievable’. Health advised that the quantum of the savings identified in the report had not been agreed to as a target by the department or the government, and was dependant on a number of assumptions which had not been realised.¹³ However, Health used the analysis in the Health Provider Compliance Division Strategy and Operating Model Summary report as a basis for further approaches to government to support funding for additional health provider compliance measures.

Health provider non-compliance treatments

2.14 Health applied a range of ‘passive’ or ‘active’ compliance treatments for health provider non-compliance. Health describes its passive treatments in the Guideline – for the application of treatment types, estimated savings and priority scores when developing compliance strategies, as including:

• policy clarification for providers on the appropriate use of particular MBS/PBS items;
• education where initiatives such as ‘education drives’ can assist providers in changing their behaviour; and
• proposing changes to compliance legislation which may lead to improved compliance.

2.15 Active compliance treatment types and the number completed by each type in 2018–19 are shown in Table 2.2.

Table 2.2: Active compliance treatments completed 2018–19

Note a: PRP interventions are carried out by health professional advisers employed by Health. The PRP involves reviewing services provided by practitioners and corporate entities to consider whether there may have been inappropriate practice. Where concerns are not able to be resolved by the department, a delegate of the Chief Executive Medicare may request the Director of Professional Services Review, an independent authority, conduct a review of the provision of services.

Source: ANAO analysis of Department of Health data.

2.16 Health’s operating model and supporting procedures for health provider compliance have changed as a result of it commencing to implement in 2017 a model in response to the Boston Consulting Group report. However, these changes had not been well documented and there was not a compliance strategy that guided how compliance activities were conducted.

Does Health identify potential non-compliance appropriately and use an effective approach to prioritise projects?

2.17 Figure 2.3 shows the PBID compliance process.

Figure 2.3: Provider Benefits Integrity Division process

Source: ANAO analysis.

2.18 In the period of PBID activity examined in 2018–19, from the population of 31 approved compliance projects (see Table 2.4), the majority were developed by data analytics (21 project briefs or 68 per cent). The remaining projects were developed from market segment analysis (nine project briefs or 29 per cent), and one project brief stemmed from tip-off analysis (one project brief or three per cent).

Identification of potential compliance projects

2.19 Compliance Targeting aims to identify ‘areas of concern’ to inform the development of recommendations for compliance activity. Areas of concern may have their genesis through tip-offs¹⁴, but are principally generated as a result of analysis of MBS and PBS claims.

2.20 Compliance Targeting used a number of data models, analytical tools and data visualisation methods¹⁵ to identify anomalies or outliers for further analysis as to whether they indicate potential non-compliance. A technical analysis of these methods was undertaken from September to November 2019. The data models, tools and visualisations were found to be: risk-based and covered the entire population of the providers; supported by appropriate documentation and user guides; and subject to appropriate quality assurance and validation processes. Health also engaged the services of external data analysis providers.¹⁶

2.21 When potential compliance projects¹⁷ have been developed, they are first considered by the Analytics Working Group (AWG).¹⁸ The AWG was established to identify, develop and approve high value analytics-identified case work for progression to the Case Flow Committee (CFC). The AWG’s Terms of Reference state that the purpose is to ‘only progress analysis where suitable treatment is agreed by the working group’.

2.22 Analysis of AWG meeting records from the 19 meetings held from July 2018 to November 2019 identified that 42 project proposals were considered during this period. Nine proposals were recommended for progression to the CFC (21 per cent), 26 proposals were returned to the project owner requiring further work (62 per cent), and seven proposals were agreed to not progress further (17 per cent). In the period examined, the AWG processes therefore refined compliance project proposals.

2.23 Recommended compliance projects are submitted to the CFC in the form of project briefs. The CFC’s Terms of Reference state PBID is the ‘decision-making body that provides strategic oversight and direction for the case flow in the division to ensure the seamless flow of cases from Compliance [Targeting] Branch to Compliance Operations Branch’. The CFC is chaired by the PBID First Assistant Secretary, and comprises all of the division’s Senior Executive Service officers, a number of Directors from each branch, and a Senior Medical Advisor.

2.24 Analysis of CFC meeting records from the 12 meetings held in 2018–19, and analysis of PBID data, identified 31 project briefs that were endorsed for action in the period. The 31 project briefs that were endorsed for action in 2018–19 are shown in Table 2.4.¹⁹

2.25 In addition to an absence of priority areas being identified in a compliance strategy, project briefs did not include information about the relative project priority to other compliance projects. Further, there was no evidence that PBID had undertaken a risk analysis across the four public health funding schemes and incentive program population to inform decisions about where best to focus its efforts and resources. Focusing compliance and enforcement activity on areas of higher risk ensures that resources are targeted to the areas requiring the most attention. This is particularly relevant where an entity has insufficient resources to undertake compliance treatment of all instances of suspected non-compliance.

2.26 A risk-based approach also provides the flexibility for compliance programs to adapt to changes. Risks are assessed differently over time as external and internal events occur, context and knowledge change, and new risks emerge, while pre-existing risks may change or cease to be present. Ongoing monitoring of compliance program risks ensures that the compliance strategy remains current and well targeted.

2.27 The ‘market segment’ approach sought to gain a detailed knowledge of the characteristics of provider groups and Health developed and implemented business rules and weightings to prioritise different specialist sub-groups. In December 2019, the CFC considered a paper that proposed a ‘hybrid risk-based approach’, recognising that while it remained ‘critical to understand what is happening at provider group levels, it is recommended that [the] approach to risk analysis continue to evolve’. The outcome was the 1CAB model that Health advised became incrementally operational in early 2020 (see paragraph 2.10).²⁰

Identifying expected savings from compliance projects

2.28 Apart from recovering funds which should not have been paid, PBID’s work is to change the behaviour of non-compliant providers with the aim of reducing the number of payments which were incorrect, or should not have been paid (on the basis that prevention is preferable to enforcement). In developing proposals to treat potential non-compliance, both ‘direct’ and ‘indirect’ savings are therefore considered.

2.29 Direct savings are defined as ‘the potential dollar value of non-compliance expected to be recovered from providers due to identified incorrect payments’ and indirect savings are ‘potential savings resulting from a provider’s change in future claiming behaviour as a result of compliance intervention’. Direct savings are payments which have already been made which should be recovered if a provider is found to have claimed incorrectly.

2.30 The formulae used to calculate savings depending on the treatment type selected are shown in Table 2.3.

Table 2.3: Formulae used to calculate potential savings

Note a: Health advised that exceptions apply to this rule where items are claimed that are not provided for in the supporting legislation. In these instances, 100 per cent of the claimed item amount is used in the direct savings calculation.

Note b: This calculation is based on PRP outcomes from Business Approaches in 2014–15. In that year, five per cent of PRPs resulted in repayment orders averaging $77,350 per case. A further five per cent of PRP cases submitted a voluntary acknowledgement (the provider volunteered that they made an incorrect claim either before, or as a result of, compliance activity), averaging $13,666 per case.

Note c: This figure was adopted based on outcomes from PRP interventions in 2016–17.

Source: Department of Health.

2.31 The formulae shown in Table 2.3 applied at the time the 31 project briefs were endorsed for action in 2018–19, with 18 of the project briefs applying the formulae. In the remaining 13 projects, one project brief noted the formulae did not apply in the treatment type recommended (investigation), and the relevant formulae were not applied in the remaining 12 project briefs (with four briefs detailing the reason why the formulae had not been applied and why another methodology had been used). More prevalent patterns of CFC approval of project briefs that did not consistently apply the formulae to calculate potential savings was observed in projects with recommended treatment type of:

• audit: where five of the 11 projects (45 per cent) did not calculate indirect savings, with the direct savings in these projects calculated to range from $0.3 million to $3.7 million; and
• PRP: where three of the 18 projects (17 per cent) did not calculate direct savings, with the indirect savings in these projects calculated to range from $2.0 million to $4.2 million.

2.32 Health advised that the basis for estimating potential behavioural savings was reviewed in 2019 and the formulae were superseded in 2020, with a new approach using completed case data over three financial years from 2016–17.

2.33 Table 2.4 details the estimated savings included in the 2018–19 approved compliance project briefs totalled $90.8 million.

Are Health’s actions to treat non-compliance proportionate?

2.34 Determining the appropriate enforcement activity where non-compliance is identified minimises the burden on those providers who are voluntarily compliant, and ensures that enforcement action is proportionate and undertaken only when necessary. The proportionality of compliance activities or treatments was examined to see if they were commensurate with the hierarchy of compliance treatment types, required resources and expected returns of the activity.

2.35 Table 2.4 shows a summary of the 31 project briefs that were approved by CFC for compliance action in 2018–19. In order to preserve confidentiality, a reference number has been assigned to each brief.

Table 2.4: Summary of 2018–19 Case Flow Committee approved projects

Source: ANAO analysis of Department of Health data.

2.36 Table 2.4 shows that the proportion of compliance activity treatment types approved in the period was largely consistent with Health’s hierarchy of compliance treatment types (see Table 2.2) with greater use of targeted letters (76.4 pe r cent), equivalent application of audits and PRPs (13.4 per cent and 10.1 per cent respectively); and lowest use of investigations (0.1 per cent).

2.37 Targeted letters are used for minor non-compliance (see Figure 2.2 and Table 2.2), while investigations are reserved for serious and intentional misuse and possible fraud. Concurrently applying the same scale from a light touch to more intensive compliance responses, would result in a targeted letter campaign being more administratively efficient, less resource-intensive and therefore lower cost, and an investigation being more resource-intensive and therefore higher cost. The proportion of cases found to be non-compliant would also be higher in more intensive compliance response, with a tied relationship between compliance activity costs versus outcome.

2.38 The proportionality of the savings estimated to be achieved, against the hierarchy of treatment types is detailed in Table 2.5. This shows the total estimated savings (including direct and indirect savings) according to the recommended treatment type, from the 31 project briefs approved in 2018–19.

Table 2.5: 2018–19 approved project briefs: estimated total savings by treatment type

Notes: One project was not included in this analysis as the brief recommended multiple treatment types but did not provide a breakdown of the estimated expected savings for each treatment type. As a result, the total figures in this table are not equal to those in Table 2.4. The total number of projects with treatment types exceeds the number of project briefs (31). This is due to 21 briefs recommending a single treatment type, seven briefs recommending the use of two treatment types and two briefs recommending the use of three treatment types.

Source: ANAO analysis of Department of Health data.

2.39 Noting the limitations observed in Health’s consistent application of the methodology to calculate potential savings in the 31 project briefs (as discussed in paragraph 2.31), the relative amount of the estimated total savings for cases using targeted letters, audits and PRP are broadly consistent, where the estimated savings per case are greater for the more resource-intensive treatment types. However, the estimated total saving for the single project (comprising two cases) using investigation as a treatment type was not commensurate with the most resource-intensive compliance approach.²¹

2.40 Analysis of whether enforcement action is proportionate and effectively targets those providers whose claiming is non-compliant is detailed in Table 2.6. This shows the number of 2018–19 approved project briefs with completed cases as of 30 June 2020, by treatment type and the proportion found to be non-compliant. The methodology used by Health to calculate the non-compliance rate is discussed further at paragraph 3.15 to 3.22.

Table 2.6: 2018–19 approved project briefs: completed cases by treatment type

Note a: This table only includes completed compliance cases by treatment type that were included in compliance projects that were approved in 2018–19. Case completion data has been drawn from the 2018–19 and 2019–20 periods to include in the table. The figures in this table differ from those in Table 3.3, due to Table 3.3 including all compliance cases by treatment type that were completed in the 2018–19 period, as calculated by Health, including cases that originated from tip-offs (see footnote 15) and projects approved in different periods.

Source: ANAO analysis of Department of Health data.

2.41 Health did not estimate or monitor the cost of its compliance activities and consequently cannot determine if resources are targeted to the areas requiring the most attention (or to manage particular risks), or calculate the net return on the investment in compliance activities.

3.1 The Public Governance Performance and Accountability Act 2013 (PGPA Act) provides the basis for the Commonwealth performance framework, which allows an assessment of entities’ progress against their purpose. The PGPA Act requires that performance information should demonstrate the extent to which a Commonwealth entity is meeting its purposes through the activities it undertakes. Alignment across the elements of the Commonwealth performance framework is intended to improve the line of sight between the use of public resources and the results achieved by entities.

3.2 The ANAO examined Health’s monitoring of the performance framework for the health provider compliance program, reporting of program performance and whether lessons learned from the compliance activities result in program improvements.

Does Health monitor whether the expected outcomes of the compliance program are being achieved?

3.3 In each of the four budgets since 2016–17, the Health provider compliance program has received additional funds for compliance activity through budget measures, with a government expectation that the provision of additional funds would lead to additional compliance savings. The additional funds were provided to strengthen Health’s compliance and debt recovery powers to support the government’s objectives of ensuring the integrity of Medicare and protecting patients from inappropriate practice, which often results in sub-optimal health outcomes. Details of the four budget measures are shown in Table 3.1.

Table 3.1: Health Provider Compliance Program: budget measures 2016–17 to 2019–20

Note a: Savings estimates associated with these measures were not announced.

Source: Budget Papers, Portfolio Budget Statements.

Health’s reporting against targets and program performance outcomes

3.4 The range of external and internal reporting of the health provider compliance program performance outcomes is examined below.

External reporting of compliance program outcomes

3.5 The Commonwealth Performance Framework — a key element of the resource management framework that governs the use and management of public resources within the Commonwealth public sector — ‘aims to improve the line of sight between what was intended and what was delivered’. The role of key publications in the framework is as follows:

• Portfolio Budget Statements (PBS), released in May simultaneously with the budget (the primary financial planning document for entities);
• Corporate Plans, released by 31 August each year (the primary non-financial planning document for entities); and
• Annual Reports, released by 31 October each following year (incorporating the audited financial statements and the Annual Performance Statements of entities, which report respectively on the financial and non-financial results achieved by entities).

3.6 In each of these documents, entities report on their activities and performance on an outcome and program basis against performance criteria and targets/measures. In the 2018–19 period, Program 4.7 Health Benefit Compliance (ensuring the integrity of health provider claiming)²² formed part of the department’s Outcome 4.²³

3.7 The performance criteria and targets/measures for Program 4.7 have changed three times since Health assumed responsibility for MBS compliance:

• in 2016–17, the criterion was to complete audits and reviews of health providers:
  • including general audits, practitioner reviews and criminal investigations (2500)
  • focussed on high risk/complex compliance issues (500).
• in 2017–18, the criterion was to improve health provider compliance through a contemporary program that utilises advanced analytics and behavioural economics to identify irregular payments and behaviours, measured through:
  • value of debts recovered ($15.6 million)
  • behavioural change from activities from prior years ($13.0 million).
• from 2018–19, the criterion was to:
  • deliver a quality health provider compliance program that prevents non-compliance where possible and ensures audits and reviews are targeted effectively to those providers whose claiming is non-compliant, so that the following proportions of audits and reviews that are undertaken by the Department find non-compliance (>90%).

3.8 Health advised that it was appropriate in the context of new budget measures to review the appropriateness of the health provider compliance program performance target. Health considered that the non-compliance rate provides an indication to practitioners and stakeholders if the compliance program is appropriately targeted.

3.9 The details of the performance criterion and the reported results are shown in Table 3.2.

Table 3.2: Program 4.7: performance criterion and reported estimated results 2017–18 and 2018–19

Note a: In the 2017–18 Annual Report, Health reported against the dollar value criterion that applied in the period, stating that it met the target.

Source: Portfolio Budget Statements 2018–19 and 2019–20.

3.10 The Department of Finance’s Developing good performance information Resource Management Guide No. 131²⁴ identifies that performance measures should enable an entity to demonstrate its performance in achieving its purposes or key activities over time. Generally, trends in performance measured on a consistent basis over time will be more informative than standalone or discontinuous measurement of performance.²⁵ Once a program or activity is ongoing, it will generally be appropriate for performance measures to be developed that measure effectiveness or impact and, for activities that are transactional in nature, measures that assess efficiency. There would be benefit in Health maintaining consistency in how the health provider compliance program performance is measured.

3.11 For 2018–19, PBID reported that the proportion of compliance activities that detected non-compliance was 95.4 per cent as shown in Table 3.3.

Table 3.3: Reported non-compliance rate by compliance activity type, 2018–19

Note a: This table includes all compliance cases by treatment type that were completed in the 2018–19 period, as calculated by Health. This includes cases that originated from tip-offs (see footnote 15) and projects (including cases from the 31 project briefs approved by the CFC in 2018–19, and other cases from projects that commenced prior to those approved by CFC in 2018–19). The figures in this table differ from those in Table 2.6, due to Table 2.6 only including completed compliance cases by treatment type that were included in compliance projects that were approved in 2018–19. Table 2.6 also includes case completion data that has been drawn from the 2018–19 and 2019–20 periods to include in the table.

Note b: Health’s inclusion of voluntary acknowledgements in the non-compliance rate calculation is explained and discussed at paragraphs 3.12 to 3.14.

Source: PBID data used to derive reported result.

3.12 Voluntary acknowledgements enable providers to voluntarily correct billing practices and can originate from health provider’s self-reporting that they incorrectly claimed a MBS item, pharmaceutical benefit or dental benefit that they should not have received. A voluntary acknowledgment can also be provided by a health provider in response to compliance activity.

3.13 Health’s internal management reporting recorded a total of 1587 voluntary acknowledgments were completed in 2018–19. A breakdown between voluntary acknowledgements that were self-reported and those that resulting from compliance activities was not provided in the reporting. The majority of voluntary acknowledgements included in Health’s internal management reporting and shown in Table 3.3 were self-reported (1449 cases (92 per cent)), and the remaining 134 cases (eight per cent) were the result of an admission of incorrect claiming as the result of a PRP compliance activity.²⁶

3.14 The majority of voluntary acknowledgements were not categorised or defined as an active compliance treatment (see paragraph 2.15 and Table 2.2), but have been included by Health in the calculation of the number of audits and reviews undertaken to determine the result against the performance measure. Health should review the approach to internally reporting voluntary acknowledgements to provide more information about their source, as well as their inclusion in the non-compliance rate calculation for the performance measure. Health advised that it was developing enhancements to internal management reporting to enable the reporting of the number of voluntary acknowledgments by the source.

3.15 In November 2018, the PBID First Assistant Secretary agreed to the use of an existing methodology to calculate the proportion of compliance activities that were non-compliant to enable measurement and reporting against the new performance indicator for Program 4.7 for the 2018–19 period. For audits, investigations and PRPs, the non-compliance rate calculation is determined by dividing the number of closed cases from the relevant financial year where the provider was found to be non-compliant by the total number of closed cases. For targeted letters and voluntary acknowledgements, only the closed cases from the relevant financial year that were recorded as having a debt recovery amount were used in the calculation, rather than all closed cases.

3.16 The internal minute that set out the performance measure calculation methodology identified challenges with calculating the rate consistently across the five categories given that the different interventions differ in approach and the burden of proof required. It was also acknowledged that including the targeted campaigns cases with a debt recovery amount and excluding the cases without them may also be misleading for reporting in the Annual Report. The minute advised that the non-compliance rate result would be 95.1 per cent as at 31 October 2018 applying the existing methodology, compared to a non-compliance rate result of 21.7 per cent if all cases were included in the calculation. It was recommended and agreed that the methodology used remain in the interim and that a further review be undertaken to determine if an alternative should be considered. Health advised that a review of the methodology has not been conducted as it remains obliged to report against the Portfolio Budget Statements Key Performance Indicator.

3.17 Using PBID data, the ANAO recalculated the non-compliant rate using all completed cases in the 2018–19 period as shown in Table 3.4. Counting the number of cases completed in the period that were recorded by Health as ‘non-compliant’ and the total population of compliance cases recorded as completed to calculate the ‘proportion non-compliant’ across all completed case categories results in 35 per cent. Excluding voluntary acknowledgements from the calculation (see paragraph 3.12) would result in a non-compliance rate result of 27 per cent.

Table 3.4: Recalculated non-compliance rate by compliance activity type, 2018–19, using all completed cases

Note: The reason for the difference in figures in Table 3.3 and Table 3.4 are:

• Targeted Letter and Voluntary Acknowledgements, is because some cases were recorded by PBID as non-compliant, but were not recorded as having a debt recovery amount and were therefore excluded in PBIDs count in Table 3.3. The ANAO has included these cases in Table 3.4.
• Audit cases, is because PBID’s formula used for the calculation of the compliance rate counted one case as a voluntary acknowledgement rather than as an audit in Table 3.3. The ANAO has counted this case as an audit and not a voluntary acknowledgement in Table 3.4.

Source: ANAO analysis of Department of Health data.

3.18 Health defines health provider compliance ‘audits and reviews’ to be:

An audit is an evidence-based assessment of a provider’s compliance with relevant requirements in relation to the payment of a benefit. A review of decision is where an independent decision maker reviews the result of a compliance audit and reconsiders the evidence (or considers new evidence) and confirms, varies or revokes the original decision.²⁷

3.19 Targeted letters are used to encourage providers to review and correct billing practices through voluntary compliance (see Table 2.2), and do not involve a Health official reviewing the result of the compliance activity to confirm, vary or revoke a determination of non-compliance. Targeted letters are not consistent with Health’s definition of an ‘audit or review’ that are included in the performance measure description. Excluding voluntary acknowledgements and targeted letters from the performance measure calculation would result in a non-compliance rate result of 70 per cent.

3.20 The Department of Finance’s Developing good performance information Resource Management Guide No. 131²⁸ identifies that performance statements should provide relevant context to the performance results reported and an analysis of factors that contributed to, or restricted, the delivery of it purposes within the reporting period. The current approach to reporting the program performance target for the Health Provider Compliance Program does not apply an unbiased basis for the measurement and assessment of performance²⁹, because the methodology used to calculate the target does not include all activities completed for the reporting period and selectively excludes some activities that would lower the overall achievement of the target if captured.

3.21 Health receives responses to targeted letters from providers where they make representations that their claiming behaviour is compliant. As discussed in paragraph 3.35, Health has assessed in project closure reports that the non-response rate to targeted letter campaigns was 47.2 per cent, and in 71 per cent of these cases providers acknowledged non-compliance and returned a voluntary acknowledgement.

3.22 Health should review the Health Provider Compliance Program’s external performance reporting in the Annual Report. Consideration should be given to how the department can accurately reflect the results of relevant compliance audit and review activities undertaken in the period, and if performance measures allow for the assessment and reporting of the effectiveness or impact of activities undertaken.

Internal reporting of compliance program outcomes

3.26 Health has committed in successive budget measures to increasing the compliance savings that it will achieve (see Table 3.1). PBID has combined the total value of these commitments and uses these as internal targets against which it reports. The PBID ‘dashboard’ reported on the monitoring and tracking of savings achieved, as well as other metrics such as compliance cases completed, the number of tip-offs approved and number of compliance activities in the ‘pipeline’.

3.27 Behaviour change savings calculations measure the changes to claiming patterns for providers, pharmacists and practices (for PIP payments only) following compliance interventions. A lag in time between completion of a compliance activity and the estimation of behaviour change savings is required in order to measure the impact the activity has had on the claiming pattern. Health’s estimation of behaviour change savings commences a minimum of 12 months following the completion of a compliance project. On this basis, the estimation of behaviour change savings in 2018–19 are based on activities initiated in 2017–18. In September 2020, Health advised the result against the savings targets as shown in Table 3.5.

3.28 Health’s 2018–19 Annual Report records the total cost of Program 4.7 (Health Provider Compliance Program) in 2018–19 was $101.1 million. This means that the net compliance savings in this period were $71.6 million.

Does Health have appropriate mechanisms in place to oversight health provider compliance and do lessons learned from the compliance activities result in program improvements?

Oversight mechanisms

3.29 The functional structure of PBID in the period examined over 2018–19 is shown in Figure 2.3. The department’s intranet also shows that the division’s governance framework includes a Divisional Executive Meeting (DEM) (meeting weekly) and a Divisional Leadership Group (DLG) (meeting monthly). The intranet records the purpose of as these groups, with the DEM’s role being to ‘consider high level strategic, policy, operational and risk matters’ and the DLG’s as ‘to provide a body where a range of strategic, leadership and operational matters may be considered’. There was no evidence that these bodies have formal terms of reference. The Case Flow Committee (CFC) is also referred to as part of PBID’s governance framework, although the Analytics Working Group (AWG) was not.

3.30 At the compliance project management level, a Compliance Project Governance document was endorsed by the DEM in January 2018. This document details the key steps in the development, management, and evaluation of compliance projects within PBID, including approvals and ownership. The document was process-oriented in nature and did not outline the oversight or governance arrangements for the Health Provider Compliance Program. Several elements of this framework have also now been superseded.

3.31 A July 2018 internal audit of the Health Provider Compliance program noted:

‘….it would be prudent to develop a matrix or map of the key interrelationships, dependencies and critical success pathways at the whole of program level. This will avoid a situation where ‘silos’ can develop where busy sub-programs tend to concentrate on their own requirements without sufficient consideration of the program as a whole. These risks are exacerbated in an environment where the program is rapidly ramping up its capacity and capability.’

3.32 At the time of audit, there was no current compliance program governance framework in place that outlined the roles of the different compliance branches, the interrelationships between them, and the various decision points in the compliance process. Health advised that with the implementation of the new operating model, PBID will have a clear documented framework which outlines the governance processes applied across the Division.

Reports on lessons learned and outcomes from compliance project activity

3.33 As discussed at paragraph 3.26, a PBID ‘dashboard’ monitored and tracked metrics such as compliance cases completed, the number of tip-offs approved and number of compliance activities in the ‘pipeline’. Internal compliance monitoring and reporting was largely at the program and case level, with the exception of a master list maintained by PBID for the purpose of supporting Case Flow Committee processes. PBID reports which summarise compliance project outcomes for 2018–19 (as distinct from program outcomes which are discussed at paragraph 3.4 above), comprised a total of 12 reports (ten project closure reports, and two project performance assessments).

Project Closure Reports

3.34 Project closure reports are prepared for projects where the selected treatment was targeted letters. Health advised that as PRP and Investigations focus on individual provider’s behaviours and actions, records of these compliance outcomes are maintained in case management notes and recordkeeping folders. Project closure reports only assess direct savings (see paragraph 2.29) as they are completed three months after letters were sent out, which was an insufficient amount of time for changes in providers’ future claiming behaviour to become apparent. Of the ten project closure reports, one was noted as not being expected to achieve direct savings because the project assessed the eligibility of the selected providers to claim a Practice Incentive Program (PIP) (see Table 1.1) payment in the future. This project closure report has been excluded from the analysis. Results of the analysis of the outcomes from the remaining nine project closure reports is shown in Table 3.6.

Table 3.6: Project closure reports 2018–19: results

Note: Each project has multiple cases (with each case representing a single provider or practice). The number of cases in the nine projects varied from 52 to 1155.

As noted at Table 3.3, a voluntary acknowledgement is where a provider acknowledges they claimed incorrectly for benefits and other payments made.

Source: ANAO analysis of PBID data.

3.35 Analysis of the nine reports completed in the period indicated:

• a wide range of outcomes in terms of debts raised, varying between ten per cent and almost 800 per cent of the estimated direct savings³⁰, with the total debts raised exceeding the total of the estimate of direct savings;
• almost half of providers did not respond to the targeted letters they received. In eight of the nine cases, the report stated that contacting ‘non-responders’ was ‘out of scope’ of the project³¹; and
• 999 out of 1,405 of providers who did respond (71 per cent), acknowledged non-compliance and returned a voluntary acknowledgement, with the largest single repayment being $264,266. This may indicate that PBID’s selection of providers for treatment was effective.

3.36 The nine project closure reports contained ‘lessons learned’, or recommendations, or both, but there was no evidence that these were routinely or systematically captured as part of a feedback loop to inform future compliance activity.

Project Performance Assessments

3.37 As noted at paragraph 3.30 above, a Compliance Project Governance document was endorsed by the DEM in January 2018. The document identifies the completion of a project performance assessment as one of seven stages of a compliance project which must be completed prior to a project being closed. The requirement for a project performance assessment to be completed had existed for more than two years, however PBID advised in March 2020 that only two PPAs had ever been completed. The limited number of project performance assessment reports completed by PBID in 2018–19 meant that it was not possible to conduct reliable analysis on the usefulness of the reports in informing future compliance activity.

3.38 When a project based compliance model is applied, summarising and reporting on compliance project outcomes is useful to continually strengthen the compliance approach. Analysing the outcomes of compliance projects to determine the impact and quality of the original compliance activity proposal is a useful basis to inform continuous improvement activities. Continuous improvement is expected to be an ongoing, long-term approach to improving processes that support and implement changes to make compliance activities of a better quality, more cost-effective and result in improved outcomes.

3.39 Health advised that the 1CAB operating model evaluation function includes two points of review for projects endorsed by CFC. The first point of review will focus on process evaluation shortly after a project is endorsed, providing an opportunity for timely feedback. Twelve to 15 months after the project is completed, a further impact evaluation will be completed, including consideration of whether the project achieved the expected direct and indirect savings.

Appendix 1 Entity response