Health Plan Bill Reviews are not Audits and are Required to Fulfill Fiduciary Duties
By: Tia Goss Sawhney, DrPH, FSA, MAAA
Good business management requires that business executives routinely review large invoices (aka, bills) and ask questions. No one challenges an executive’s right to do so.
Likewise, self-funded health plan fiduciaries should routinely review large health insurance claims (aka, bills) and ask questions. Their attempts to do so, however, are often thwarted by third party administrators (TPAs) or networks who assert that plan fiduciaries don’t have the right to “audit” claims. TPAs and networks will point-blank refuse to share the data necessary to review claims, either pre-payment or post-payment.
The TPAs and networks are wrong. Plan fiduciaries have the affirmative duty to guard plan assets by reviewing large claims, and the law requires that TPAs and networks share the data necessary for claim reviews, including prepayment.
Affirmative Duty
Most self-funded health plans are governed by ERISA.[1] ERISA imposes fiduciary duties upon all persons or entities who exercise discretionary control or authority over plan management or plan assets – aka, all plan executives. Plan fiduciaries have affirmative duties to run plans solely in the interest of participants and to act prudently to protect plan assets.[2]
These affirmative duties require that plan fiduciaries maintain continuous vigilance over plan assets and monitor hired service providers. For example, plan fiduciaries cannot carefully select a bill-payment vendor, such as a TPA, and thereafter simply trust that large bills are being paid properly. The need for ongoing vigilance by ERISA fiduciaries has been affirmed by recent lawsuits brought by employees against their employers for breach of fiduciary duties.[3]
Bill Reviews are Not Audits
A business executive who reviews an invoice is not performing an audit. Likewise, a routine claim review by a plan fiduciary (or their designee), is not an audit.
An audit is a systematic review of data, conducted by independent audit professionals, often for the purpose of generating general conclusions. An audit starts with a written plan, follows pre-selected and often legally prescribed or otherwise codified standards, and ends with a report.
- An auditor must be independent from the normative business, or plan, operations. Many auditors are external to the audited organization. Internal auditors typically report directly to an organization’s board of directors to maintain independence from the executive team.[4]
- Codified standards include Generally Accepted Auditing Standards (GAAS),[5] Generally Accepted Government Auditing Standards (GAGAS),[6] the IAA Global Internal Audit Standards,[7] and the NAIC Health Carrier Claim Audit Guidelines Model Act.[8]
- General conclusions include conclusions such as “the company’s financial statements have been appropriately prepared”, “claims were accurately paid 98% of the time”, “the XYZ process is weak and needs to be improved”.[9]
Business executives and the plan fiduciaries who review bills are just doing their jobs. They are not performing audits.
Claims Review Data Must be Shared
Historically, TPAs and networks have refused to share payment data with self-funded plans on the grounds that the network contracts with providers were confidential and proprietary. This excuse is no longer valid. Under the “No Gag Clauses” provisions of the Consolidated Appropriations Act of 2021, self-funded plans are entitled to access “on a per claim basis — i) financial information, such as the allowed amount, or any other claim-related financial obligations included in the provider contract; (ii) provider information, including name and clinical designation; (iii) service codes; or (iv) any other data element included in claim or encounter transactions.”[10]
Conclusion
Fiduciary duty is more than an abstract legal concept. Fiduciaries who do not protect the interests of the plan and the plan participants may be personally liable to restore any losses to the plan, or to restore any profits made through improper use of plan assets.[11]
If your self-funded health plan does not have existing processes for reviewing claim payments and asking questions, particularly for large claims, now is the time to develop the processes. Highlight Health will help you.
Footnotes and Citations
[1] ERISA is a codification of common law. While plans sponsored by government entities and churches are not governed by ERISA, the common law fiduciary duties still apply. States and other entities may also impose codified duties upon non-ERISA plans.
[2] Fiduciary Responsibilities | U.S. Department of Labor
[3] Two Recent ERISA Lawsuits Illustrate the Importance of Vigilant Benefit Plan Management | Bell Nunnally & Martin LLP , UnitedHealth agrees to $69M settlement in lawsuit over 401(k) plan | Becker’s
[4] The role of internal audit in ensuring strong corporate governance
[5] Generally Accepted Auditing Standards: A Comprehensive Overview | AuditBoard
[6] Yellow Book: Government Auditing Standards | U.S. GAO
[7] Complete Global Internal Audit Standards
[8] https://content.naic.org/sites/default/files/model-law-state-page-32.pdf
[9] Forensic audits may look for “what went wrong” in a very specific situation and do not necessarily reach general conclusions. For example, a firm may hire a forensic auditor to investigate suspected embezzlement.