MEDICAID PRESCRIPTION UPDATE:
Developing an Effective Response to Fraud and CMS Guidelines
With Medicaid costs spiraling upward and U.S. prescription fraud estimated at more than $5 billion annually, it’s welcome news that Congress enacted legislation to assure that Medicaid outpatient prescriptions are written on tamper-resistant pads.
However, when the bill passed in May, many people were left scratching their heads. Just what was meant by “tamper-resistant” and was it possible to meet an October 1, 2007 deadline?
The Centers for Medicare and Medicaid Services (CMS) and State Medicaid Directors sought Standard Register’s counsel. Having worked with several states in establishing effective secure prescription programs, Standard Register offered them valuable insights on how prescription fraud is initiated and what security technologies and processes are available today to secure written prescriptions against fraud.
On August 17, the CMS issued guidance to State Medicaid Directors that gave them the latitude to use a two-phase approach to meeting new tamper-resistant requirements.
We interviewed Dan Thaxton, a nationally recognized authority on document security and author of the white paper, “Defining Tamper Resistant Prescriptions,” to learn more about deterring prescription fraud and meeting CMS guidelines.
What’s your assessment of the CMS’ guideline for tamper resistance?
The guideline is a step in the right direction, but a very small one. With the requirement to have only one industry-recognized security feature integrated into the prescription to prevent copying, modification or counterfeiting, it will be very easy for prescribers to comply with the October 1, 2007 deadline. However, having a single security feature on a prescription is not going to be an effective deterrent against fraud. Even the October 1, 2008 requirement to have three industry-recognized security features integrated into prescription pads is a minimal approach.
I understand why the CMS went in this direction. They were concerned organizations would have difficulty designing and deploying compliant prescriptions within the time available. However, criminals are always looking for your vulnerabilities and the current program minimums leave many. Think of your prescription as a four-door car. This year, you have to lock ONE of your doors to comply. Next year, you must lock three. And requiring only a single “industry-recognized feature” for each of the three forms of attack noted still leaves each defense under-protected. Continuing to use the car example, it’s like requiring that doors be locked but still allowing their windows to be left open! Just how secure is this “locked” car?
What level of security are you suggesting to deter prescription fraud?
There are a broad range of security technologies available today that can be integrated into a prescription to provide higher levels of security. The most effective deterrent to prescription fraud is a program that integrates multiple layers of security features to prevent copying, modifying and counterfeiting. It also needs to incorporate processes to discourage theft and unauthorized people from falsely issuing a prescription. Those are two critical areas that the CMS guideline does not address; it focused on the prescription pad, itself, in response to the language of the legislation.
That sounds expensive. Why should I implement anything beyond the CMS guideline?
The case for establishing a more aggressive standard for tamper resistance is compelling when you see how fraud losses have been reduced in states that have already integrated higher levels of security into their prescription program. The state of New York, for example, reported reduced fraudulent prescriptions by $18 million in the first month of its implementation and more than $68 million in the first six months of the program! This $68 million is more than just dollar savings. It represents a significant impact upon drug abuse and associated criminal behavior. Borrowing a phrase I overheard at a recent Medicaid conference, well-secured prescriptions “take back from the greedy and give to the needy!”
While the CMS guideline was intentionally measured and modest in its reach, it does acknowledge that other states have stricter controls. Moreover, the CMS encourage states to pursue more rigorous levels of protection. Any organization the chooses to meet the minimal standards of the guideline may find themselves having to redesign their prescription again when their states enact their own requirements for tamper-resistant prescriptions.
By the way, I wouldn’t assume that a secure prescription is going to be more expensive. We have one of the most secure prescription solutions available in the market. Yet, I know of inferior products that are more expensi ve.
How could I be confident that any prescription I design today is going to meet future requirements mandated by my state?
I can’t speak to what other prescription manufacturers are providing or their capability to innovate. However, I can tell you that the organizations we’ve worked with to integrate a comprehensive set of security features into their prescriptions were confident that whatever definition the CMS or their own states issued, they would be compliant. Events have unfolded in just that manner.
Can you be more specific about available technologies and what steps I need to take to create a more secure prescription program?
Yes, but it’s a complex topic better addressed in another forum. To that end, I’ve written a white paper that will provide prescribers with a comprehensive understanding of document fraud, available technologies and considerations for developing a robust prescription solution that can effectively deter fraud. We’ll make it available to all who want it.
Download white paper here. Or, contact us now for immediate assistance in meeting CMS guidelines.
|