The Latest Risk Area for Providers: CMS’ EHR Incentive Program Post-Payment Audits

(January 26, 2012):

1.   Background:

Are Whistleblower Provisions Coming to HIPAA?

(January 25, 2012):

I.   Background

Over the last few years, a number of health care providers and other “covered entities” (both large and small) have been audited and penalized by the government for improper breaches of protected health information. Enforcement actions taken have varied, ranging from mere warnings to criminal prosecution.

II.   HITECH Raises the Bar for Providers

The “Health Information Technology for Economic and Clinical Health Act” (HITECH) contains a number of significant privacy provisions impacting health care providers.  Two of these provisions include:  (1) The initiation of privacy audits by contractors working for the  Department of Health and Human Services (HHS), Office of Civil Rights (OCR); and (2) The sharing of Civil Monetary Penalties assessed in response to an improper breach with the affected patients.

• Privacy Audits

As OCR has announced, the agency has initiated an audit program intended to help ensure that health care providers are complying with the various medical records privacy provisions laid out in the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  To do so, OCR has contracted with several nationally-recognized audit firms for the purpose of auditing health care provider compliance with HIPAA’s privacy provisions.

When will audits begin? According to OCR, the initial audits of provider compliance with HIPAA / HITECH requirements began in November 2011. Once these initial audits are completed, OCR intends to focus the remaining audits on the issues and concerns identified in the contractors’ first preliminary audits. At this time, all audits are anticipated to be completed by December 2012.

If prior “pilot” programs are any indication of how these audits will be handled, we anticipate that OCR will ultimately adopt an ongoing audit HIPAA / HITECH process, tasked with assessing the compliance of health care providers, covered entities and business associates. It is essential that you critically review your current practices – after you have been audited, it will likely be too late to avoid the imposition of penalties.

How will HIPAA / HITECH audits be conducted? According to OCR, organizations selected for audit will be notified by the agency of their selection. At that time, they will be asked to provide “documentation of their privacy and security compliance efforts.” During this pilot period, each of the covered entities audited will receive a site visit. During the site visit, contractor representatives will be required to interview key personnel. The contractors will also review the covered entity’s practices and determine whether their operations fully comply with HIPAA’s / HITECH’s privacy requirements. After completing the site visit, a draft report will be prepared which outlines how the audit was handled, the conclusions that were reached by the contractor and the remedial actions that were taken by the covered entity. The draft report will be shared with the covered entity prior to finalization and the covered entity will have a chance to respond to the contractor’s findings.

• Sharing of Civil Monetary Penalties

In addition to the HIPAA audit protocol discussed above, HITECH includes a seemingly-innocuous section which commands the Secretary HHS to establish a methodology to distribute a percentage of Civil Monetary Penalties to individuals harmed by an improper breach of protected health information or another HIPAA violation. For instance, if a patient’s medical records or other protected health information is inappropriately accessed or divulged to unauthorized persons and the OCR ultimately investigates the violation and assesses Civil Monetary Penalties against a provider or other covered entity in connection with the breach, the harmed patient may be eligible to receive a portion of the penalties collected by the government.

On its surface, such a clause seems reasonable – after all, why not compensate those who have been hurt by a wrongful disclosure or breach? However, this law (and its soon-to-be-created implementing regulations) will likely have extensive repercussions in reporting and enforcement of HIPAA violations. Giving patients a financial incentive to report wrongful disclosures and breaches of their protected health information will likely lead to increased reporting of incidents since harmed patients may now be eligible to share in any penalties collected.  Similar laws which allow private individuals to receive a portion of penalties and other funds recovered, such as the False Claims Act (FCA), have been extremely successful in detecting and deterring fraudulent activity. While HITECH does not create a “private right of action” for HIPAA violations and is substantially different from the FCA, it is important to note that their basic principles are the same. By giving private citizens, with perhaps greater and more immediate knowledge of an issue than the government, a real reason to report a problem, these problems can be more quickly and effectively remedied.

In 1986, when the FCA was overhauled with new provisions that gave private citizens more power and a greater likelihood of collecting money, the FCA’s usage skyrocketed. In what could be a very similar situation, affected individuals with the chance to receive a portion of fines and penalties will be far more likely to aggressively report and pursue these violations. For covered entities (comprising virtually all providers, billers and business associates), this means that implementing effective HIPAA privacy policies should be at the top of your compliance “to-do” list.

III.   How Health Care Providers Should Respond

Among their first steps, health care providers and other covered entities should:

• Ensure that patient protected health information is fully secured and protected.
• Take steps to prevent improper access by authorized parties.
• Ensure that anyone who accessing protected health information is properly logged so that patients can readily obtain an accounting or listing of anyone who has reviewed all or part of their records. This log should also document the purpose for assessing the record.
• Take steps to prevent the access of protected health information by authorized personnel for unauthorized reasons.
• Take steps to better ensure that no protected health information is inappropriately disclosed to third parties.

While the points outlined are essential, they are far from all-inclusive.  It is imperative that you identify qualified counsel to assist you in meeting your HIPAA / HITECH obligations.

Further, when handling protected health information, health care providers must remain mindful of the “minimum necessary” rule.  Health care providers, other covered entities and business associates who handling protected health information must only disclose the minimum information necessary for a requesting entity to properly do its job.

Ultimately, all health care providers, covered entities and business associates should take reasonable steps to help ensure that applicable HIPAA / HITECH provisions are fully met.

Are Your Privacy Practices Fully Compliant? HIPAA Audits are Here

(December 28, 2011)

I.          Introduction:

The Office of Civil Rights (OCR), an agency of the Department of Health and Human Services (HHS), is the central organization responsible for enforcing compliance with the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).  As OCR’s website reflects, the agency:

“. . [I]nvestigates complaints, enforces rights, and promulgates regulations, develops policy and provides technical assistance and public education to ensure understanding of and compliance with non-discrimination and health information privacy laws.”

II.         Development of HIPAA Audits and Protocols:

After witnessing the effectiveness of Medicare contractors in identifying and recovering improper payments, Congress chose to include a similar compliance measure for HIPAA privacy as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009. Under HITECH, HHS and OCR were mandated to create an auditing program designed to help ensure that covered entities and their business associates were meeting HIPAA Security and Privacy Rule requirements.

In response, OCR contracted with a large nationally-recognized government contractor last year to develop and assess several HIPAA auditing methodologies for possible implementation. While that assessment was reportedly completed in August 2010, neither the contractor’s report nor the specific method chosen to conduct the upcoming audits has been publicly disclosed.

III.        Timeframe of Initial HIPAA Audits:

In July and August 2011, OCR and the contractor worked to develop their initial audit protocols and the standards they would assess provider compliance against. A national accounting firm was selected to conduct these HIPAA audits in September, 2011. Initially, they are expected to only examine a few providers in order to test the audit protocols and standards which have been developed. Once the accounting contractor documents its initial observations, OCR will work with the contractors to modify the protocols, as necessary.  This is expected to occur during the first quarter of 2012. Starting in May 2012, the remaining initial HIPAA audits are anticipated to be conducted.

Importantly, neither OCR nor its contractors have indicated that there are any limits in terms of the size and / or types of providers to be audited.  Physicians, practice groups, home health agencies and other small to mid-sized providers should not expect audits to solely be conducted on hospitals and other large institutional providers. At this time, all providers are eligible to be subject to audit. Furthermore, you can expect that once the HIPAA audit demonstration project is completed, Congress will more than likely make it permanent and expand the scope of the audit program.

IV.        Recommendations for Effective HIPAA Compliance:

If you have not already done so, now is the time to ensure that your practice remains fully compliant with HIPAA and HITECH requirements. Auditors will primarily be looking for compliance with the HIPAA Privacy and Security Rules.  You should also expect them to examine the security of your electronic transmissions and physical security safeguards.  Additional areas of inquiry are likely to include whether business associate relationships are being properly handled and whether or not providers are fully documenting each person who accesses a medical record so that patients may be given an accurate accounting of such information.

All providers, regardless of size, should have an effective HIPAA privacy policy as part of their overall Compliance Program.  As with other compliance measures, it should be specifically tailored to address the needs of your organization, along with any unique risks faced by your practice.  A “sample” policy downloaded from the Internet, unfortunately, will not suffice. When developing a HIPAA privacy policy, be sure to keep in mind the four “scalability” factors set out in the Code of Federal Regulations in analyzing a provider’s compliance with the Security Rule:

• The size, complexity, and capabilities of the covered entity;
• The covered entity’s technical infrastructure, hardware, and software security capabilities;
• The cost of security measures; and
• The probability and criticality of potential risks to electronic protected health information. 45 CFR 164.306(b)(2).

While small providers may desire to only implement the “basic” requirements, they must be careful to ensure that each of the Privacy Rule’s provisions are fully met.  All providers, regardless of size, must utilize reasonable safeguards to protect paper, electronic and oral transmissions of protected health information.

Liles Parker attorneys have extensive experience in compliance matters, including HIPAA privacy requirements. Our team can assist your practice with gap analyses, mock audits and other reviews designed to help you better comply with applicable statutory and regulatory requirements. For a free consultation, call us today at 1 (800) 475-1906.

CERT Audits are Serious – Don’t Take them Lightly

(November 23, 2011):

I.             What is a CERT Audit?

The “Comprehensive Error Rate Testing” (CERT) program was implemented as a mechanism for the Centers for Medicare and Medicaid Services (CMS) to assess whether their Medicare Administrative Contractors (MACs) are properly paying claims.  In other words, is a particular MAC failing to identify and deny improper claims?  Alternatively, is the MAC denying claims which do, in fact, qualify for coverage and payment? Essentially, the CERT program serves as an integral management tool for CMS as well as an important feedback mechanism for the MACs. When problem areas are identified, they can be actively addressed by a wide variety of Medicare contractors with audit responsibilities.  Notably, several of the MACs around the country have been aggressively reasserting their roles in the corrective action process.

Essentially, MACs write the checks on behalf of CMS.  As a result, they play an extraordinarily important role in the Medicare reimbursement process. Therefore, when a CERT auditor finds that a MAC has been incorrectly reimbursing providers for claims which may not qualify for coverage, it is very important that the MAC immediately address this system-level deficiency.

II.            Recent Actions Taken by MACs in Response to CERT Audit Findings.

In response to certain CERT audit findings, one MAC recently sent notification to providers of Evaluation and Management (E/M) services explaining that new “stringent corrective actions” will be taken to address some of the more common claims errors identified by the CERT auditors when conducting their reviews of MAC payment practices.  As recent correspondence to a provider reflects, MACs are taking the results of CERT audits quite seriously, and are expanding their program integrity efforts.  As one MAC recently wrote, the contractor stands ready to:

• Suspend a provider if that provider has “too many” payment errors (it does not state how many is “too many”);
• “[R]efer every physician” to that region’s ZPIC if those providers continue to bill for services which may constitute payment errors;
• “[R]efer every physician” to the ZPIC if there is a pattern of past payment errors; and,
• “[C]onduct prepayment reviews” of future claims, up to 100% of a provider’s claims.

To be clear, none of these potential corrective actions represent new authorities.  Nevertheless, the fact that MACs are now reasserting these points is reflective of CMS’ ongoing concerns regarding the prevalence of improper claims.  Indirectly, CMS is making it crystal clear that as the initial recipient and screener of Medicare claims submitted by providers for payment, MACs play an essential role in screening out improper claims and bad providers.  As Medicare’s primary gatekeepers, MACs are responsible for identifying both improper claims and providers who may be engaged in abusive and / or fraudulent practices.

III.           What Should You Do if You Are Notified of a CERT Audit?

Should you receive a CERT audit request for documents from a CERT Documentation Contractor (CDC), it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  Nevertheless, it is imperative that you take a CERT audit request quite seriously.  At the end of the day, it will be you, not the MAC, who is responsible for any overpayments identified as a result of the audit. Moreover, bad results on a CERT audit may lead to further auditing in the future.

IV.          What Actions Should a Compliance Officer Take to Being Audited?

As an organization, if you are subjected to a CERT audit, the “horse is already out of the barn,” so to speak.  Your goal is to review and monitor your organization’s coding, billing and utilization practices on an ongoing basis so that improper claims are never submitted to your MAC in the first place.   In most cases, you can check your MAC’s website to determine if their CERT auditor has already identified certain areas of concern. For instance, one MAC recently reported that out of 508 errors identified in a CERT audit of certain Medicare claims, the contractor found that:

• 311 errors were due to “insufficient documentation.”  Notably, a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
• 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
• 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
• 10 errors were due to “invasive procedures that were assessed to be without medically necessity.”
• 9 errors were due to an “incorrect procedure code” used when billing the service.
• 6 errors were the result of “billing for services that were not rendered.”
• 2 errors were due to “other errors.”
• 1 error was due to an “incorrect discharge code being used.”

Compliance Officers can take these “general” risk areas, add them to the “practice-specific” risk areas already noted, and take special note of these concerns when conducting internal reviews. The only way to avoid the scrutiny of Medicare’s various administrative contractors (MACs, ZPICs, RACs and CERT auditors) is to avoid payment errors altogether.  While no provider is perfect, the development, implementation and adherence to an effective Compliance Plan can significantly reduce the number of improper claims submitted by a provider to a MAC for reimbursement.

V.            What Actions Should a Compliance Officer Take After Receiving a CERT Audit Letter?

As Compliance Officer, upon receipt of a CERT audit request, you should carefully review the request and take steps to assemble a complete set of medical records and other supporting documentation related to the specific claims at issue.  It is important not only to make sure that your documentation is complete when sending in records to a CERT contractor, but to make sure that compliance is a daily part of your practice. Ensuring that your documentation is appropriate and accurately documents both medical necessity and the level of services performed can greatly assist you in avoiding trouble down the road.

Now, more than ever, it is important that you have an effective Compliance Plan in place.  Your Compliance Plan should explicitly set out your organization’s policies about how to correctly assess the need for, and document the services provided to a Medicare beneficiary. Otherwise, as demonstrated by the tough stance being taken by the MAC discussed above, CERT audits and other Medicare post-payment audits could raise serious problems for your practice.

Liles Parker attorneys represent health care providers in CERT, MAC, ZPIC and RAC audits and investigations.  Our attorneys have extensive compliance experience and can conduct “gap” analyses designed to place your practice or clinic on solid regulatory footing.  To speak with one of our attorneys, call 1 (800) 475-1906 for a free consultation today. 

CMS’ New “Physician Compare” Website to Report on Provider Performance

(November 15, 2011) Last year, the Centers for Medicare and Medicaid Services (CMS) launched the “Physician Compare” website, a site which allows beneficiaries to research their health care providers. The Affordable Care Act (commonly referred to as “Health Care Reform”) mandated that CMS launch such a website and that it implement physician performance metrics on the site no later than January 1, 2013.  In theory, “Physician Compare” will serve as an invaluable tool for researching Medicare providers in any locality, even allowing for specific criteria searches such as languages spoken, group practice locations, education history, hospital associations and whether a provider accepts the Medicare-approved amount as payment in full on all claims (obviously patients are still responsible for any copayments and deductibles which might be due).  Moreover, by including information from the Physician Quality Reporting System (PQRS), “Physician Compare” has been designed to encourage health care professionals to enhance and improve the quality of care they provide to Medicare beneficiaries.

Since its inception, the “Physician Compare” website has raised  a number of concerns for some health care providers.  Clerical mistakes from the Medicare Provider Enrollment, Chain, and Ownership System (PECOS) could be duplicated on the site, resulting in health professionals not showing up in locality searches.  It could also result in misinformation about current staff members and incorrect Medicare participation status being listed on the website.

Currently, the ”Physician Compare” website only states whether a physician “successfully participated” in the PQRS, but soon the site will be expanded to include actual performance results from the program, ensuring a higher level of scrutiny in physician evaluations.

Why is this important to you?  As a health care provider, your reputation is one of the most important aspects of your business. With this in mind, it is more important than ever to maintain a positive image and relationship with both your patients and the government.  While you can never completely eliminate mistakes, you can work to reduce the likelihood that mistakes may occur.  Compliance initiatives designed to ensure correct information reporting with Medicare, quality documentation and accurate coding and billing serve as an important first step to combating future errors.

Conducting Mock Audits: Goals and Techniques

(November 15, 2011) Recently, health care providers have grown more weary of government audits, malpractice issues, peer review and other actions which may create a legal nightmare for a provider. Understandably, most providers have redoubled their efforts to achieve better compliance with the numerous statutory and regulatory requirements with which they must follow. Drafting and implementing an effective compliance plan, conducting a gap analysis and training your staff on compliance issues are essential steps toward the peace of mind compliance can bring. But the question remains — how do you know when you’ve done enough?

In the end, the answer is that you can never do enough to completely eliminate all the risks, but you can minimize those risks and limit your possible exposure through the implementation of, and adherance to, an effective compliance plan. Mock audits can be used as a way of “testing” your compliance initiatives. In a mock audit, an individual or team acts as a government agency or contractor (such as the OIG, a ZPIC, RAC or MAC), and visits the practice or facility unannounced.  The mock auditor would pull a random set of records to conduct a documentation analysis (often including both medical records and business arrangement records). Once the records are pulled, an analysis of the relevant findings is completed. These results would then be discussed with practice management so that the relevant strengths and potential areas of concern can be addressed.

The goal is to test both your staff’s reaction to the exercise, as well as their understanding of what may be expected in a real audit. Moreover, the documentation analysis may be invaluable, revealing weak points in the facility’s documentation activities.  You may also learn that some of your forms (such as your Encounter Form) are defective. Finally, you will likely learn more about the various training needs of your staff.  A mock audit may also ferret out problems that management didn’t know or didn’t realize existed.  You may learn that a business arrangement or relationship is questionable or that your staff has been relying on the wrong LCD or other guidance when documenting and billing for services.  Fundamental problems such as illegibility and missing signatures may also be identified.  In any event, the results of a mock audit can be used by the practice to bolster and support its compliance initiatives.

Sound like a good idea?  Before you embark on a mock audit, you should contact your attorney and discuss any privilege issues which may exist.  As a final point, keep in mind that should you identify an overpayment, it must be returned to the government within 60 days of identification and reconciliation.  Otherwise, the overpayment could constitute a violation of the False Claims Act.

Liles Parker attorneys and staff are experienced handling gap analyses and mock audits.  Should you have any questions about conducting a mock audit or would like to learn more about having Liles Parker attorneys assist your practice, please call us at 1 (800) 475-1906 for a free consultation today.

Health Integrity’s Audit of Texas and Oklahoma Home Health Agencies are on the Rise — Do You an Effective Compliance Plan in Place?

(August 14, 2011):   

I.          Overview:  Over last few years, the government’s reliance on private contractors to both identify overpayments and potential instances of fraud has greatly increased.  Health Integrity is the Zone Program Integrity Contractor (ZPIC) awarded the contract for Zone 4 (Texas, Oklahoma, Colorado and New Mexico) by the  Centers for Medicare and Medicaid Services (CMS).

II.         Home Health Agencies are Currently Being Scrutinized:  As home health agencies in Texas and Oklahoma can readily attest, Health Integrity is carefully examining home health claims billed to Medicare.  Home health agencies may be subjected to the following actions by Health Integrity:

• Unannounced site visits – leading to probe samples, statistically relevant samples and other actions. Failure to cooperate can lead to revocation from the Medicare program.  Notably, there are no statutory restrictions preventing contractors from showing up unannounced and requesting to see documentation related to Medicare claims.  Should Health Integrity show up at your home health agency, you will likely find that Health Integrity’s auditors are both to-the-point and professional in their dealings you and your staff.  Our clients have generally found that Health Integrity’s reviewers have researched an agency’s billing practices before they arrive.  When they show up, they will already have a listing of the claims-related records to be pulled.   ZPICs have been known to show up with their own scanner or copier.  This has led to problems for providers later on because they failed to receive a copy from the contractor before they left.  Should a ZPIC ask you to make copies, the contractor will often identify a handful to take with them and ask that you forward the other within a set period.
• Unannounced interview of home health patients and their families – Health Integrity is actively conducting interview of home health patients and their families in an effort to determine whether a patient was truly “homebound” during the claim period(s) at issue.
• Pre-payment audit – the number of home health agencies and other providers placed on pre-payment  review appears to have significantly increased over the last six months
• Post-payment audit – Health Integrity is actively conducting post-payment audits of Texas and Oklahoma home health agencies and are extrapolating alleged damages identified in these post-payment audits.
• Suspension – exercise caution when using Electronic Medical Records EMR) software – some software programs are better than others.  Avoid any program which minimizes the need for individualization and the documentation of patient-specific observations.  As always, it is important that home health agencies properly document the medical necessity of skilled care.  In some instances, ZPICs have expressed concern that the patient records generated appeared to be “cloned.”
• Medicare number revocation – take care if your home health agency is subjected to a site visit.  As a participating provider, you have an obligation to cooperate with the ZPIC’s review. Should you fail to cooperate, a ZPIC can recommend to CMS that your Medicare number be revoked. This is a very real threat and should not be discounted.  This becomes even more complicated if the ZPIC’s representatives go beyond mere claims-related questions and appear to be seeking information which could subject you (in your individual capacity), to possible civil and / or criminal liability.   Remember your obligations as a participating provider but call your attorney.  
• Referral for criminal investigation and prosecution  – ZPICs are actively referring cases to HHS-OIG and DOJ for formal civil and criminal review.

III.        Primary Reasons of an Audit:  We currently represent a number of home health agencies around the country in connection with post-payment audits and the appeal of overpayment assessments levied by Health Integrity and other ZPICs.  Our clients often ask why their home health agency was targeted by the ZPIC for audit.  After handling many of these cases, the following reasons for targeting have been cited by the ZPIC or ultimately learned when handling the case:

• Predictive Modeling / Data Mining –  As Chapter 2, Sec. 2.3 of the MPIM details: “Claims date is the primary source of information to target abuse activities.”  Data mining may have been used to examine a home health agency’s “error rate.”  This would provide the provider’s history of repeated overpayments   or improperly filed claims.  
• Complaints –  These can include “complaints” filed by beneficiaries, physicians, other providers (such as competitors), disgruntled current and former employees.
• Referrals –  ZPIC audits may be generated based on referrals from other CMS contractors (other ZPICs, PSCs, RACs, MACs, QA Staff), State MFCUs, Offices of the U.S. Attorney, or other Federal agencies.  Notably, it appears that private payors are now also referring cases to the government.
• Reports –  HHS-OIG and GAO regularly issue reports addressing areas of concern.
• State Licensing Boards –State Medical Boards, Nursing Boards, Pharmacy Boards and other regulatory entities responsible for handling State licensing responsibilities regularly hear or learn of improper actions by providers.  This information may be shared with one or more Federal agencies and ultimately be referred to the ZPIC handling a certain zone.

IV.        Reducing Your Risk of Audit:  While many home health agencies believe that their Compliance Plan is satisfactory, it has been our observation that many of the plans currently in place are little more than copies taken from a sample off of the internet.  Unfortunately, many providers view Compliance Plans as mere paperwork, rather than as a useful “tool” to be used by the organization on an ongoing basis. When properly constructed, an effective Compliance Plan can both improve the quality of patient care rendered and assist a provider in its efforts to fully comply with applicable statutory and regulatory requirements.  Therefore, it is imperative that you take steps to ensure that your Compliance Plan takes into account each of the unique risks faced by your home health agency.

To be clear, although there are a number of steps you can take to reduce the likelihood of a ZPIC audit, there is no way to entirely eliminate the risk.  Nevertheless, the development, implementation and consistent application of an effective Compliance Plan can greatly reduce an organization’s potential liability.  In many respects, an effective Compliance Plan is similar to a flu shot.  Although a flu shot cannot prevent you from getting sick, it will hopefully reduce the severity of your illness should you catch the flu.  Similarly, if you have implemented and diligently adhered to an effective Compliance Plan, you could still be audited by a ZPIC, a Recovery Audit Contractor (RAC) or by a law enforcement agency, such as the Department of Health and Human Services, Office of Inspector General (HHS-OIG).  However, as a compliant home health agency, an auditor is much more likely to find that your billing practices comply with applicable coverage requirements.

Robert W. Liles is an attorney with Liles Parker, Attorneys & Counselors at Law.  Mr. Liles has extensive experience representing home health agencies and other providers in connection with the appeal of post-payment audits conducted by ZPICs, Program Safeguard Contractors (PSCs) and RACs.  Mr. Liles has conducted “gap analyses” of many provider organizations and has worked with these providers to implement effective Compliance Plans.  Should you find that your organization is being audited, feel free to call give him a call for a complimentary consultation.  He can be reached at: (202) 298-8750.  

The Number of ZPIC Audits Being Conducted are Increasing — Have You Taken Steps to Help Ensure that Your Claims Meet Medicare’s Coverage and Payment Requirements? Ten Steps You Can Take to Improve Your Organization’s Compliance with Medicare’s Rules and Regulations.

(July 24, 2011): Has your Texas Physician Practice, Home Health Agency, Hospice, DME Company or PT / OT / ST Clinic been audited by a Zone Program Integrity Program (ZPIC)?  If not, it may only be a matter of time.  Despite your best efforts to follow Medicare’s directives, your organization may still be identified as an “outlier” by a ZPIC and subjected to a probe review or a full-blown audit.  Should you receive a request for records from a ZPIC, being prepared — in advance of receiving a ZPIC request– can help ensure your organization’s compliance with applicable documentation, coding and billing requirements.  The following recommendations can assist with those efforts:  

Recommendation #1:   If you have not already done so, conduct a “gap” analysis and implement an effective Compliance Plan.  Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes),  it has been our observation that most physician practices and small-to-mid sized provider organizations still do not have a tailored Compliance Plan in place.   To be clear, we recognize that many providers may have copied a draft plan right off of the internet, or may have purchased a sample plan from a vendor.  While they may fully have intended to follow through with personalization of the draft document, in most of the cases we have seen, more pressing events have taken precedence and providers have not had the time or expertise to complete the project.

Providers who have not put together a Compliance Plan should immediately do so. As you have likely heard, Section 6401 of the Affordable Care Act (ACA)(generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title. . .establish a compliance program.”   To be clear, at this time, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has not announced deadlines effectuating this requirement.  Nevertheless, it is merely a matter of time until all providers who choose to participate in the Medicare program will be required to have an effective Compliance Plan in place.  

Rather than wait until the last minute, Medicare providers who have not already done so should immediately take steps to implement an effective plan.  As a first step, providers should review each of the regulatory and statutory provisions related to the specific services being billed to Medicare.  Next, providers should compare their actual documentation, coding and billing practices with Medicare’s rules.  Any gaps between the applicable requirements and a provider’s actual practices must immediately be remedied. Additionally, should these gaps represent an overpayment, the Medicare provider must repay the overpayment to the government within 60 days of identification.    

Prior to conducting a gap analysis, we recommend that providers contact their legal counsel for assistance with both the internal review and with the implementation of an effective Compliance Plan.   While no Compliance Plan can prevent an audit, the implementation of an effective plan will greatly improve a provider’s likely adherence to Medicare’s rules and regulations should a ZPIC audit be initiated.  

Recommendation #2:   Don’t ignore a ZPIC’s request for documents[1]. At the outset, it is important to keep in mind that ZPICs play an important role.  In addition to  auditing records for possible overpayments, ZPICs are also responsible for identifying fraudulent providers (and potenitally fraudulent providers) and making referrals to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the U.S. Department of Justice (DOJ) for further action.  Possible actions taken include, but are not limited to: 

• CMS — Administrative action such as suspension or revocation from the Medicare program.
• HHS-OIG – Administrative action such as Civil Monetary Penalty action.  HHS-OIG may also investigate and refer a provider to DOJ for possible civil litigation under the False Claims Act.  Finally, HHS-OIG may investigate and refer a provider to DOJ for criminal prosecution under the Federal Anti-Kickback Act or a host of other statutes.
• DOJ – May investigate and prosecute a provider for civil and / or criminal violations of law. 

Should you receive a request for documents from your ZPIC, in many cases it will broken into two sections.  The first section will likely be focused on business related records such as the following: 

“Business contracts or agreements with other providers, suppliers, physicians,  businesses or individuals in place during a specific period.  Additionally, any verbal agreements must be summarized in writing.

A listing of all current and former employes (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.

• A list of all practice locations, along with their address and phone number.
• Leases.
• Employment agreements.
• Medical Director contracts.” 

The unstated purpose of this portion of the ZPIC’s request is likely to identify potential instances of violations of the Federal Anti-Kickback Statute, Stark and / or the False Claims Act.  Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.

In contrast to the first section of the ZPIC’s request, the second section of the request usually lists the patient records and dates of service to be audited by the ZPIC.  While every case is different, the number of claims requested typically ranges from 8 – 100, depending on whether the ZPIC’s request is a “probe review” or a full-blown audit.  On occasion, we have seen the number of claims sought can range from 150 – 300. 

Never ignore a ZPIC request for records.[2] Importantly, should you fail to respond to the ZPIC’s request, the contractor can recommend to the CMS that your organization be suspended[3] or from participation in the Medicare program.  Depending on the ZPIC’s concerns, the contractor can also recommend that CME pursue a revocation action against your organization.  Should you need more time to the ZPIC’s request for supporting documentation, don’t hesitate to request it. 

Recommendation #3:  Remember learning how to “drive defensively” in high school?  Your documentation practices should be approached in a similar fashion.   ZPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements.  While you may very well disagree with their assessments (especially in “medical necessity” determinations), in all likelihood, when you file a request for redetermination appeal (and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) agree with the ZPIC’s denial decision.  Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place. To that end, health care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding and billing process. 

We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff.  Nevertheless, using published reports of other cases, you can show your clinicians that ZPICs  enforce a strict application of Medicare’s documentation and coverage requirements.  Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with: 

• Any applicable Local Coverage Determinations (LCDs).
• Any Local Medical Review Policies (LMRPs).
• The Medicare Policy Benefit Manual (MPBM).
• The Medicare Program Integrity Manual (MPIM).
• Any statutory provisions which cover the services.
• Any additional guidance issued by Medicare which would apply to these claims.    

It is important that you regularly review the government’s latest concerns and any enforcement actions which have been taken.  Additionally, you should read HHS-OIG’s reports so that you may learn from the mistakes being made by similarly situated providers.  Upon doing so, we recommend that you check the list of “risk areas” in your Compliance Plan and ensure that they reflect both general “risks” and “specific risks” which may be unique to your organization.  Is your organization still in full compliance?  If not, remedial action is likely necessary.  

Recommendation #4:  Retain experienced legal counsel to assist with your efforts. When experiencing symptoms of a cardiac problem, most patients wouldn’t turn over their care to a dermatologist.  Instead, they would seek to be evaluated and treated by a Cardiologist.  Similarly, if you have a health law problem, would it be wise to rely on advice from an attorney specializing in family law?  Ultimately, that’s your call.  While no attorney can guarantee you success — we believe that an experienced health lawyer is well situated to give you advice regarding a Medicare audit or investigation.   Having said that, it is important to recognize that the field of health law is extraordinarily broad.  Should you be audited by a ZPIC or a Recovery Audit Contractor (RAC), don’t hesitate to ask a health lawyer whether they have handled these types of cases before.  If so, how many times have they represented a provider in a ZPIC overpayment case?  When selecting a lawyer, keep in mind that the legal fees charged by an attorney can vary greatly, depending on a variety of factors.  Don’t be shy – ask how much the representation is likely to cost.  While it is often difficult to estimate legal costs due to the various factors faced when handling a ZPIC audit case, most attorneys can give you a range of expected legal fees.  Finally, be sure and ask for references.  Other providers who have been through an administrative appeal case can provide you with invaluable insights into the process.  As a final point, on numerous occasions, our firm has been retained to work with a provider’s existing legal counsel.  We are more than happy to do so and can effectively work with your counsel in a fashion which avoids duplication of efforts yet allows our experience and expertise to be applied to your case. 

Recommendation #5:  The administrative appeals process has become quite complicated in recent years.  ZPIC audits can result in alleged overpayments running into the millions of dollars. Moreover, the ZPIC’s overpayment assessment (and the associated “demand” letter sent by a MAC) isn’t usually the end of the story.  While providers often lose at the redetermination and reconsideration levels of appeal, the third level of appeal – before an Administrative Law Judge (ALJ) – is usually your single best opportunity to prevail in an administrative appeals action.  Over the years, our attorneys have argued cases in front of judges out of each of the field offices of the Office of Medicare Hearings and Appeals (OMHA).   While we may not always agree with their decisions, the ALJs in whose courts we have practiced have been professional, fair and more than willing to hear a provider’s arguments in support of payment. 

Should you choose to forego legal counsel and represent yourself in an ALJ hearing, keep in mind that even though these hearings are intended to be “non-adversarial,”  it can feel quite “adversarial“ during the actual hearing.  Furthermore, these proceedings can be quite complicated.  In most large dollar cases, representatives of the ZPIC are participating in the hearing and arguing their position before the ALJ.  ZPIC representatives can include one or more statisticians (if an extrapolation was conducted), a clinician (usually a Registered Nurse who is experienced in conducting medical reviews) and a lawyer.  In a recent Home Health Agency case we handled, this was precisely what occurred.  Frankly, few providers are experienced in presenting their case and in responding to the arguments raised by statisticians, clinicians and lawyers representing a ZPIC.  As a result, it is strongly recommended that the provider consider engaging an experienced and knowledgable attorney. 

Recommendation #6:  When reviewing your claims, you should abide by the following:  First, “If it doesn’t belong to you, give it back.”  Conversely, “If you don’t owe the money, don’t throw in the towel.”  One of the attorneys in our firm is regularly asked to speak at provider conventions around the country.  For years, he has told providers “If it doesn’t belong to you, give it back.”  This simple concept covers a lot of ground when it comes to alleged Medicare overpayments.  Similarly, if the facts and the evidence shows that the claims should have been paid,  think twice before waiving your right to appeal the denial of these claims.  From a practical standpoint, we have heard of  situations where a provider chooses to “just pay the bill” so that the case will quickly be resolved.  Several providers have commented that when dealing with small dollar assessments, it is just easier to pay the alleged overpayment rather than incur the hassle and expense of contesting the contractor’s denial decision.  Although we understand the reasoning behind such a decision, you should keep in mind that every claim which is denied by a ZPIC (and which remains denied) increases a provider’s “error rate.”  If you were a ZPIC, PSC, RAC or MAC contractor, would you choose to audit a provider with a low error rate or a high error rate?  In any event, the bottom line is fairly straight forward.  Should you find that you are not entitled to payment for one or more claims, you must  repay the money to the government as soon as possible (but no later than 60 days after an overpayment has been identified),  regardless of whether the claim is part of an ongoing or recently completed Medicare audit.  If, however, you are audited and you believe that a ZPIC has incorrectly denied one or your claims, you have the right to appeal the denial of these wrongfully denied claims.

Recommendation #7:  Carefully read a ZPIC’s denial decision letter. When you receive a denial decision letter relied upon by a ZPIC, carefully review the notice and determine whether the contractor has specifically addressed the reasons for denial associated with each of the claims at issue.  Every ZPIC is different.  Over the last few months, one of the ZPICs involved in the cases we are handling has been citing only a general reason for denial (such as “not medically necessary”).  Should the ZPIC in your case not provide sufficient information, you will find it difficult, if not impossible, to address any specific reasons your claims have been denied.   Your legal counsel may be able to get the ZPIC to provide additional specificity in connection with their denial reasons.  Alternatively, legal counsel may be able to argue that the ZPIC’s failure to provide specific reasons for denying your claims is a clear violation of your due process rights. 

Recommendation #8:  Don’t forget – shortly after the “demand letter” is sent, any payments you may be expecting may be recouped by your Medicare Administrative Contractor (MAC).   A demand letter from your MAC usually follows a few days  after you receive a ZPIC’s denial decision letter.  While you have 120 days to file a request for redetermination appeal (as outlined in he MAC’s demand letter)[4], should you fail to file the request for redetermination appeal within 30 days of the date of the MAC’s demand letter (not 30 days after receiving the demand letter!), your Medicare payments will be recouped starting on day 41.  Alternatively, a provider may set up an extended repayment program with the MAC so that the alleged overpayment can be repaid through monthly installments.  We strongly recommend that you set this up.  You will then be able to take advantage of the 120 period permited to file a redetermination appeal rather than try and file a poorly prepared set of arguments within the previously discussed 30 day period.  Similar issues (with completely different deadlines) are present at the reconsideration level of appeal — the next level in the administrative appeals process. Once again, these issues can be quite complicated.  We recommend that you discuss available appeals options with your legal counsel. 

Recommendation #9: Foster a corporate culture which encourages compliance.  ZPICs have increased their audit activities dramatically in numerous areas of the country.  South Texas has been especially hard-hit.  Providers in Houston, McAllen, Harlingen, Edinburgh, Laredo, Corpus Christi and Brownsville appear to have experienced a recent surge in audit activity.  Be aware that ZPICs are looking for aberrations in billing patterns and often target providers based on these variations in coding or billing practices.  Compliance with regulations and consistency in your “message” to employees is essential. Establishing good intake and records management procedures, continuing employee education and training efforts, can facilitate the adoption of an ethical, compliant corporate culture.

           And, last but not least,

Recommendation #10:  When drafting a Compliance Plan, providers should include a “Code of Conduct” that is easily understood by all employees.  We believe that a “Code of Conduct” should accurately reflect the belief system an organization has pursued and sincerely intends to follow.   In doing so, an organization can engender a compliant corporate culture.  Over the years, we have seen organizational “Codes of Conduct” which range from a succinctly described phrase to discusions which take up more than a page.

Our favorite “Code of Conduct” (which also happens to be the “Code of Conduct” adopted by our law firm) is used by Cadets at the United States MilitaryAcademy at West Point. Modified for use by health care providers, the “Code of Conduct” reads: 

“Our clinicians and staff will not lie, cheat, steal, or tolerate those who do.”

 

This simple, yet elegant “Code of Conduct” succinctly lays out a provider’s ethical responsibilities, both with respect to Medicare and in their other business dealings.  We recommend that you consider adopting and adhering to this or a similar “Code of Conduct.”

Our attorneys have extensive experience representing Physicians, Clinics, Home Health Agencies, Hospices, DME Companies, Skilled Nursing Facilities, Chiropractors, Pain Medicine Clinics, Rehabilitative Medicine Clinics and other Medicare providers in connection with audits by ZPICs, PSCs, MACs and other contractors.  We also have years of experience assisting providers with “gap” analyses and in implementing an effective Compliance Plan.  Should you have questions about these or other health law issues, please feel free to call us for a complementary consultation.  We can be reached at:  1 (800) 475-1906.  

According to HHS-OIG, More than Half of All Power Wheelchairs Claims Paid by Medicare are Improper — An Effective Compliance Plan Can Greatly Improve a DME’s Efforts to Conform with Medicare’s Documentation and Coverage Rules.

(July 16, 2011):  Despite continuing efforts by many Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) companies to address and remedy long-standing compliance risks, the Department of Health and Human Services, Office of Inspector General (HHS-OIG), reported this month that more than one-half of the billings for power wheelchairs by Durable Medical Equipment (DME) suppliers were improper during the period audited.

I.          Scope of the Problem:

            As HHS-OIG’s July 2011 report details, approximately 61% of the power wheelchairs billed to Medicare during the period reviewed were either medically unnecessary or lacked sufficient documentation for HHS-OIG to determine medical necessity.   Collectively, these improper billings accounted for $95 million of the $189 million paid by Medicare for power wheelchairs.

II.         Types of Problems Noted:

              In reviewing these Medicare power wheelchair claims, HHS-OIG conducted a random sample of 375 claims.  HHS-OIG’s review included both standard and complex wheelchairs.  Based on records submitted by DME suppliers, HHS-OIG found that:

• 9% of all power wheelchairs were medically unnecessary
• 52% had claims with insufficient documentation to determine medical necessity.

             A number of specific problems are outlined in HHS-OIG’s July 2001 report.  Two of the most significant concerns included:

• Some Medicare patients received power wheelchairs when only a manual wheelchair, cane, or walker was needed.
• Many of the claims were for power wheelchairs appeared to be justified and medically necessary based on suppliers’ records. However, when HHS-OIG examined the corresponding ordering physicians’ records, most of these same power wheelchairs were found to be either:
  • Medically unnecessary, or
  • Insufficiently documented, or
  • Undocumented.

              Essentially, the suppliers’ records were either unsupported, or, in some cases, were contradicted by the related ordering physicians’ medical documentation.

III.     Summary of HHS-OIG’s Findings:

              HHS-OIG’s July 2011 report is especially significant in light of the fact that the agency previously issued two prior reports based on the same sample of power wheelchairs.  While the earlier reports noted that there significant coding and documentation requirements, this recent report focuses on supplier compliance deficiencies.  Summarizing its findings among the three reports, HHS-OIG noted that 80% of the power wheelchair claims sampled did not meet Medicare’s documentation and / or coverage requirements. HHS-OIG concluded its report by saying:

“Although CMS has taken steps since 2007 to decrease errors among suppliers of power wheelchairs and other DME, Medicare has paid significantly more in recent years for power wheelchairs than it did in 2007. These increases may indicate that CMS continues to pay for power wheelchairs that are not medically necessary and/or have claims that do not meet documentation requirements.”

IV.        Practical Impact of HHS-OIG’s Findings:

              As a participating provider, power wheelchair suppliers have an obligation to ensure that their claims fully comply with Medicare’s coverage and billing requirements.  Unfortunately, as HHS-OIG’s report reflects, most of the power wheelchair claims paid by Medicare have not met these requirements.

            From a practical standpoint, HHS-OIG’s findings are not new – both physicians prescribing power wheelchairs and the suppliers of this equipment have repeatedly failed to either meet Medicare’s documentation requirements or show that this equipment is medical necessity for the care of the patient and that less expensive assistive devices (such as a cane, walker or manual wheelchair) are insufficient to meet the patients’ medical needs.  As a result, these claims have been regularly examined by various government law enforcement agencies (e.g. HHS-OIG, the Federal Bureau of Investigation and the U.S. Department of Justice) and CMS’ contractors (e.g. Zone Program Integrity Contractors (ZPICs), and DME Medicare Administrative Contractors (DME MACs)).  With the release of this report, suppliers will likely find their practices under yet additional scrutiny.

            Both physicians who prescribe power wheelchairs and DMEPOS suppliers who fill these prescriptions must ensure that their practices fully comply with applicable statutory and regulatory requirements.  As discussed below, the completion of a“gap analysis“ is an essential element of an effective Compliance Plan.

V.         Conducting a Gap Analysis:

             From a compliance standpoint, unless they have recently done so, all power wheelchair suppliers should immediately conduct a gap analysis to determine whether their practices fully comply with applicable statutory and regulatory requirements. Gap analyses are routinely used in practically every industry to assist Compliance Officers and others in identifying corrective actions that need to be taken in order to bring an entity’s practices to an acceptable baseline of compliant operations.  Gap analyses conducted by health care providers must analyze two aspects of their practices in order to ensure compliance.  These include:

Requirement #1:  A review of their documentation, coding and billing practices.  Additionally, the evidence must reflect that the power wheelchair billed was medically necessary and appropriate.

Requirement #2: A review of the supplier’s business practices to ensure that the supplier is not committing violations of the Federal Anti-Kickback, Stark or other statutory enforcement requirements.

             This article focuses on the first set of requirements set out above.

            Every gap analysis begins with a review of applicable statutory and regulatory provisions.  Additionally, suppliers must assess Medicare’s latest guidance covering documentation, coding and billing requirements.  In addition to issuances by CMS, Local Coverage Determinations (LCD’s), Local Medical Review Policies (LMRP’s) must be reviewed so that specific regional directives are also identified.

            Upon completing an analysis of the regulatory landscape, suppliers must next conduct a baseline assessment of its existing documentation, coding and billing practices. At this point in the process, a supplier can compare its practices with the government’s requirements. This process is often referred to as a “gap” analysis. In this fashion, a supplier is able to use this performance measurement tool to determine the extent to which action must be taken to bring the supplier’s practices up to the desired level of compliance.

VI.        CMS’ Power Wheelchair Requirements:

             As an initial starting point, power wheelchair suppliers should examine the “Face-to-Face Examination Checklist” that has been issued by CMS in MLM Matters Number SE1112.  As the guidance reflects, Power Wheelchairs are one of several devices collectively classified as “Power Mobility Devices” which qualify for coverage under Medicare Part B.

             CMS has defined “Power Mobility Devices” as covered items of DME which include a Power Wheelchair or a Power Operated Vehicle (POV) that a beneficiary uses in the home. Effective May 5, 2005, CMS revised its national coverage policy to create a new class of DME.  This new class of equipment was identified as “Mobility Assistive Equipment” (MAE), which included a continuum of technology–  from canes to power wheelchairs.

            A.        Ordering / Treating Physician Requirements.

           Regardless of how they are described, prescribing or ordering physicians are the proverbial “front-line” in the claims process. These physicians are responsible for determining whether a PMD is medically necessary and appropriate.  If so, the physician must:

Provide the power wheelchair supplier with supporting documentation consisting of portions of the medical record essential for supporting the medical necessity for the PMD in the beneficiary’s home. In order to document the need for a PMD there are a few specific statutory requirements that must be met before the ordering physician can issue a written prescription for the equipment: 

“1. An in-person visit between the ordering physician and the beneficiary must occur. This visit must document the decision to prescribe a PMD.  

2. A medical evaluation must be performed by the ordering physician. The evaluation must clearly document the patient’s functional status with attention to conditions affecting the beneficiary’s mobility and their ability to perform activities of daily living within the home. This may be done all or in part by the ordering physician. If all or some of the medical examination is completed by another medical professional, the ordering physician must sign off on the report and incorporate it into their records.  

3. Items 1 and 2 together are referred to as the face-to-face exam. Only after the face-to-face examination is completed may the prescribing physician write the prescription for a PMD. This prescription has seven required elements and is referred to as the seven-element order which must be entered on the prescription only by the physician.  

4. The records of the face-to-face examination and the seven-element order must be forwarded to the PMD supplier within 45 days of the completion of the face-to-face examination. 

5. CMS’ National Coverage Determination requires consideration as to what other items of mobility assistive equipment (MAE), e.g., canes, walkers, manual wheelchair, etc., might be used to resolve the beneficiaries mobility deficits. Information addressing MAE alternatives must be included in the face-to-face medical evaluation.”  (MLM SE 1112, page 2 of 7). 

Once the above requirements have been met, an ordering physician can properly issue a prescription for a PMD.

            B.        Ordering / Treating Physician Requirements.

           As MLM SE 1112 reflects, the following checklist is not to be used as a substitute for a patient’s underlying medical records.  Having said that, the checklist serves as a helpful tool for verifying that an ordering physician’s documentation (as reflected by the patient’s medical records) are both complete and sufficient to meet Medicare’s coverage requirements.  The following information should be fully documented in the patient medical records:

Documentation of “History” Component

The medical record for the patient includes the following history:

_____ Signs/Symptoms that limit ambulation;

_____ Diagnoses that are responsible for these signs/symptoms;

_____ Medications or other treatment for these signs/symptoms;

_____ Progression of ambulation difficulty over time;

_____ Other diagnoses that may relate to ambulatory problems;

_____ How far the patient can ambulate without stopping and with what assistive device, such as a cane or walker;

_____ Pace of ambulation;

_____ History of falls, including frequency, circumstances leading to falls, what ambulatory assistance (cane, walker, wheelchair) is currently used and why it is not sufficient;

_____ What has changed in the patient’s condition that now requires the use of a power mobility device;

_____ Reason for inability to use a manual wheelchair; such as assessment of upper body strength;

_____ Why does the patient need a power wheelchair rather than each level of mobility assistive equipment (a cane, walker, optimally configured manual wheelchair, scooter)?

_____ What are the reasons that the patient should not or could not use a cane, walker, optimally configured manual wheelchair or power operated vehicle (scooter) in the home to satisfy their needs? and

_____ Description of the home setting, including the ability to perform activities of daily living in the home, as well as the ability to utilize the PMD in the home.

Documentation of Examination Component

The physical examination is relevant to the patient’s mobility needs and the medical record for the patient contains:

_____ Weight and Height

_____ Musculoskeletal examination

• Arm and leg strength and range of motion;

_____ Neurological examination

• Gait

• Balance and coordination

• If the patient is capable of walking, the report should include a documented observation of ambulation (with use of cane or walker as appropriate).

VII.       Conclusion:

            DMEPOS suppliers have an obligation to ensure that power wheelchairs billed to Medicare fully meet the program’s documentation, coding and billing requirements. To that end, it important that suppliers carefully examine both their relationships with prescribing suppliers and the documentation of medical necessity associated with any claims billed to Medicare.  Importantly, it isn’t merely a paper-only exercise which requires that you “document” medical necessity – a patient must actually require this type of assistive device.  Therefore, the documentation must accurately reflect a patient’s diagnosis, signs / symptoms and clinical limitations which limit ambulation and necessitate the use of a power wheelchair.

Our attorneys have extensive experience representing health care providers in ZPIC audits of post-payment claims.  Additionally, we can assist with the development and implementation of an effective Compliance Plan.  Should you have questions, please call us for a complimentary initial consultation. Call:  1 (800) 475-1906.

Red Flag Rules Update — Health Care Providers Are Not Covered Under the Rule. Nevertheless, Compliance Officers Should Continue to Review these Issues.

(December 12, 2010):  Under the “Fair and Accurate Credit Transaction Act of 2003,” the Federal Trade Commission (FTC) was required to establish regulations mandating that “creditors” and “financial institutions” develop and implement Identity Theft Prevention Programs.  These programs were aimed at identifying, detecting and responding and, ultimately, preventing identify theft from occurring in connection with “covered accounts” maintained or handled by creditors and financial institutions.  The patterns, practices and / or specific activities which could indicate that identify theft was occurring was referred to by the FTC as “Red Flags.”  The program was therefore commonly known as the “Red Flags Rule.”  Since enacted, the legislation has been widely criticized by health care providers and their professional associations, lawyers, accountants and other professionals who argued that the definition of “creditor” was overly broad and was never intended to cover their work / organizations.  After facing both lawsuits and growing Congressional concerns, the FTC delayed enforcement of the rule so that Congress could consider limiting the scope of the rule.

Both the House and the Senate have recently passed the “Red Flag Program Clarification Act of 2010.”  President Obama is expected to sign the legislation before the end of the year.  As Senator Christopher Dodd commented after the bill was passed, this legislation:

“makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as ‘creditors’ for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don’t offer or maintain accounts that pose a reasonably forseeable risk of identity theft.”

While most health care providers will be thrilled to hear of these changes (few businesses, regardless of type, want to be covered by the Red Flags Rule), it is essential to recognize that identity theft is, in fact, a growing problem.  Therefore, the most prudent course would be for Compliance Officers to incorporate procedures into their Compliance Plan which will help prevent identity theft from taking place.  Moreover, should it occur, your practice should have procedures in place to help minimize any adverse impact from such an occurrence. 

Liles Parker attorneys provide health law advice to health care providers around the country.  Our attorneys have extensive experience working with providers to establish effective Compliance Plans for a wide range of organizations.  Identify theft is yet another risk area to be considered when reviewing and / or revising your Compliance Plan.  Please feel to call us for a free consultation.  We can be reached at 1 (800) 475-1906.         

 

Next Page »