Latest OIG Audit of FEHBP Claims Processing; Spoiler Alert - More of the Same
- Christin Deacon
- Jun 17
- 4 min read
What happens when a third-party administrator (TPA) is caught overpaying health claims because its processors failed to follow internal safeguards?
If you’re Blue Cross Blue Shield of South Carolina, you don’t strengthen your controls—you delete them altogether.
That’s one of the most troubling revelations from the recent audit report by the Office of Personnel Management’s Office of Inspector General (OPM OIG), which reviewed BCBS South Carolina’s administration of the Federal Employees Health Benefits Program (FEHBP). The audit covered claims from 2020 through 2022 and examined over $1.2 billion in total plan spend.
And what the OIG found was a breakdown of basic claims management, internal review protocols, and ultimately, a failure to protect the financial interests of the federal government and its employees.
Key Finding #1: Claims Paid at Full Billed Charges Without Required Oversight
One of the most serious issues involved the payment of claims at the full billed charge when the system could not determine an allowed amount—specifically, when deferral codes D7NET or D7002 were triggered. These codes indicate that the system lacks pricing information for a service and require manual pricing intervention, including medical review and management approval before reimbursing at the billed charge.
Here’s what OIG found:
“The Plan’s processors did not properly adjudicate three sample claims with deferral code D7NET. In each of these cases the processors adjudicated the claims to pay at the billed charge and did not receive the required management approval for such reimbursement.”
This was a violation of the Plan’s own desk procedure, FEP005-00004-16, which required manager sign-off in these cases to ensure claims were priced correctly and not overpaid.
But instead of correcting the oversight, the Plan took a far more dangerous step.
“When we brought this to the attention of the Plan, it stated that the policy was ‘outdated,’ stating that ‘It is not feasible for management to review every claim processed at billed charges. Only high dollar claims receive that type of scrutiny.’”
So what did BCBS SC do?
They rewrote the policy—removing the management review requirement entirely. The OIG called this out explicitly:
“This policy update now fosters a greater risk of claims being erroneously reimbursed at billed charges, resulting in the increased likelihood of provider overpayments.”
This is not a correction. It’s a retreat. The Plan was confronted with a failure of compliance, and its response was to eliminate the safeguard rather than enforce it.
Worse yet, the Plan claimed that following the policy would be too difficult. But OIG conducted its own analysis and found that:
“Our review identified 24 unlisted procedure code claim occurrences (for claim lines exceeding $100) having reported allowable amounts equal to billed charges for the three-year scope of our audit.”
Twenty-four. Not hundreds or thousands. Just 24 claims over three years that would’ve required manual management review under the prior policy. As OIG put it:
“The Plan’s position… is untenable.”
And for good reason. The Plan is bound by contract to implement “a robust internal control program” to proactively identify overpayments. Deleting that control to save effort isn’t just lazy—it’s potentially a breach of contract.
Key Finding #2: Modifier Errors and a 29% Claims Processing Error Rate
In a separate finding, the OIG audited how BCBS SC applied procedure code modifiers—which are crucial billing indicators that affect reimbursement amounts, especially when a provider indicates a service was unusually complex, performed with another provider, or part of a bundled group.
Here, the Plan’s internal procedures already existed but were simply not followed. The audit found:
“We identified 11 claim lines (out of 38) paid in error due to processor errors related to procedure code modifiers 22, 62, 51, and other multiple procedure reductions (MPR).”
That’s a 29% error rate—nearly one in three claim lines sampled. The financial impact of the identified errors was $11,575, which the OIG acknowledged was immaterial in the sample, but made clear that the larger risk was systemic:
“Should the high error rate identified in our sample be extrapolated across the universe of approximately 12,500 claim lines, the resulting potential overpayments could be much more significant.”
And the Plan’s response?
They claimed their post-payment quality assurance process, which involves reviewing 15% of manually processed claims, was sufficient to catch these issues.
The OIG disagreed. They cited both the high error rate and the fact that these claims involved manual pricing, which should automatically trigger closer scrutiny. They also emphasized the ongoing need for processor training and targeted quality control efforts to focus on high-risk modifiers.
“Ideally, increased diligence on the part of the Plan in the areas of training and post-processing reviews can help either prevent the errors in the first place or catch them not too long after payment is made, increasing the likelihood of recovery.”
Recommendations and Responses
The OIG made clear recommendations, including:
Reinstate the management approval process for D7NET/D7002 deferral claims.
Increase processor training on procedure code modifiers.
Modify the quality control review process to specifically include high-risk modifiers.
To their credit, the Association (BCBSA) responded that the Plan has implemented all three recommendations. And considering their track record, we should absolutely trust them. (ahem). The fact remains: these safeguards only exist now because of an audit. They weren’t being followed, and in one case, were actively erased.
Why This Matters Beyond the Federal Plan
The audit covered $1.2 billion in plan spend over three years. But this is just one federal program. Most self-funded employers—public and private—don’t have a watchdog like OPM OIG looking over their claims data. Many don’t even have contractual audit rights, or they are restricted in ways that prevent meaningful oversight.
When a TPA decides that internal controls are “too burdensome,” and quietly removes them, who catches it? Who protects the employer? Who makes the recovery?
In this case, it took a federal audit to catch $11,000 in overpayments, expose the deletion of safeguards, and identify a 29% error rate in manual claims.
Now imagine what’s happening at scale, in plans with billions in spend, where no audit is happening at all.
Everyone in Washington keeps talking about rooting out waste, fraud, and abuse.I’ll keep pointing to it—whether they listen or not.
Comentarios