TX and OK Home Health Agencies: Beware of Home Health Compliance Risks

(March 21, 2012):

I.          Home Health Compliance Background:

          Over the past few weeks, several important events and issuances have occurred which should have home health agencies in Texas, Oklahoma and the rest of the country rethinking the adequacy of their existing compliance efforts. While the home health compliance practices of many agencies have long been a concern of the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the Centers for Medicare & Medicaid Services (CMS), the government’s apprehension appears to be at an all-time high.  Last week, HHS-OIG issued yet another report recommending that CMS further tighten its oversight of home health compliance through the implementation of additional sanctions for non-compliant home health agencies.  Notably, HHS-OIG’s report has been issued literally “on the heels” of a significant home health fraud investigation centered in the Dallas, Texas area which was reportedly initiated by Health Integrity, the Zone Program Integrity Contractor (ZPIC) covering Texas and Oklahoma.

II.         HHS-OIG’s Home Health Report of Fraud and Abuse:

        On March 2, 2012, HHS-OIG issued a report entitled, “Intermediate Sanctions for Noncompliant Home Health Agencies” which examined CMS’ ongoing efforts to identify and sanction home health agencies that were non-compliant with Medicare’s applicable conditions of participation. As detailed in the report, CMS (formerly known as the Health Care Financing Administration (HCFA)) was directed in 1987 to develop and implement “intermediate sanctions” against home health providers violating Medicare rules. These sanctions were anticipated to include civil monetary penalties (CMPs), Medicare payment suspension, and even appointment of temporary management of a noncompliant agency. Initially required to implement these sanctions under the Omnibus Budget Reconciliation Act of 1987 (OBRA 1987), CMS issued a Notice of Proposed Rulemaking in 1991, but subsequently withdrew this notice in 2000.

            CMS has stated that it anticipates publishing new proposed rules in September 2012 addressing these “intermediate sanctions.”  Frankly, home health providers and their associates cannot continue down the current path.  While both CMS and HHS-OIG recognize the important role played by home health agencies in the care and treatment of homebound Medicare beneficiaries, the government has made it abundantly clear that participating providers must fully comply with applicable medical necessity, coverage, documentation, coding and billing rules.  Non-compliant providers are being immediately suspended and / or excluded from participating in the Medicare program.  Moreover, health care providers who engage in nefarious activities are being aggressively prosecuted.

III.        Health Integrity’s Audit of Home Health Agencies:

           Since winning the contract in 2009, Health Integrity, the Zone 4 ZPIC covering Texas, Oklahoma, New Mexico and Colorado, has conducted a wide variety of Medicare post-payment audits throughout Zone 4.  To their credit, Health Integrity’s post-payment audits have not been limited to merely large metropolitan areas.  Rather, the ZPIC is in the process of “leaving no stone unturned,” conducting home health compliance audits and reviews throughout Zone 4, regardless of size, revenues and / or location.

            To be clear, Health Integrity’s audits have not been limited to only home health services.  The ZPIC has actively reviewed the operational, coding and billing practices of a wide variety of Part B health care providers in Zone 4.  Nevertheless, the ZPIC does appear to have redoubled its audits of home health compliance for Texas and Oklahoma providers who appear to be outliers through data-mining activities. After reviewing the homebound status of both prior and current patients, clinicians working for Health Integrity have been thoroughly assessing the care and treatment provided by billing home health agencies.  After carefully assessing the medical records forwarded by the home health agency, in many cases Health Integrity has concluded that it is appropriate to seek extrapolated damages based on the Medicare post-payment audit conducted.

IV.        Health Integrity is on the Front Line of Home Health Fraud Identification:

            Despite the fact that most Texas home health agencies are doing their best to operate within the four corners of the law, there are still a number of providers who are continuing to engage in wrongdoing. Texas home health providers recently received significant negative media coverage for fraudulent and abusive billing practices allegedly committed by agencies within their ranks. As you may have heard, just last week a physician and several home health agency “recruiters” in the Dallas-Fort Worth area were indicted in the largest Medicare fraud scheme in history, allegedly totaling nearly $375 million for home health services either not needed or never provided. Additionally, it was noted that over 75 home health agencies to whom referrals were made have also been implicated in the wrongdoing.  Such an enormous scheme only further demonstrates the fact that fraudulent activity in home health services is continuing, despite the fact that most Texas home health providers are well-meaning organizations, trying in good faith to provide medically necessary services to our nation’s most sick and disabled. Nevertheless, such accusations only increase suspicion and scrutiny of the entire home health industry in this region.

            In a separate incident, a news reporter recently had a healthy, yet elderly, woman pose undercover as a potential home health patient when visiting a physician in South Texas.  The reporter noted that the healthy patient was allegedly improperly diagnosed and certified as qualified for home health services. While some providers may be concerned about the use of patients in undercover sting operations such as this, the fact is that improper conduct is occurring, at both the physician referral and the home health agency level, clearly illustrating why law enforcement is concerned that fraud is continuing to occur in this area of practice. In light of these and similar cases, it is clear why Health Integrity appears to be “ramping up” its reviews of home health providers throughout Texas and Oklahoma.

V.         What Steps Can a Home Health Provider Take to Reduce Risk?

          To be clear, there is no proverbial “silver bullet” that can be used by a home health agency to avoid the scrutiny of Health Integrity and / or law enforcement.  Every home health agency in Texas and Oklahoma should expect to be audited.  Rather than wait for such an eventuality, home health agencies should affirmatively review their operations, coding and billing practices to ensure that their practices squarely fall within the rules.  Although not all-inclusive, the following five steps can serve as an excellent starting point when preparing for an audit of your agency’s home health claims:

Recommendation #1:   Don’t assume that your current practices are compliant, check them out! Conduct a “gap” analysis and implement an effective Compliance Plan.  While most, if not all, home health agencies will profess to have a Compliance Plan already in place, the real question is whether the existing plan is “effective,” or merely a sample that was obtained by the agency in the past.  No two home health agencies are alike.  As a first step, a home health provider needs to engage qualified legal counsel to advise the organization on whether the agency is properly operating at a baseline level of compliance.  If not, remedial steps must be taken so that the agency can move forward in a compliant fashion.

As you will recall, Section 6401 of the Affordable Care Act (ACA) (generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title . . . establish a compliance program.”  Although HHS-OIG has not announced the deadline for home health agencies to meet this requirement, it is only a matter of time before all health care providers who choose to participate in the Medicare program must have an effective Compliance Plan in place in order to remain a participating provider.

Recommendation #2:  As you review your claims, you should abide by the following:  First, “If it doesn’t belong to you, give it back.”  Conversely, “If you don’t owe the money, don’t throw in the towel.”  One of the attorneys in our firm is regularly asked to speak at provider conventions around the country.  For years, he has told providers “If it doesn’t belong to you, give it back.”  This simple concept covers a lot of ground when it comes to Medicare overpayments and is the single best policy you can employ as a good corporate citizen.

Recommendation #3:   Don’t merely focus on your claims.  Are your business practices fully compliant with applicable laws and regulations?  Health Integrity and other ZPICs serve an essential role in identifying overpayments and other wrongdoing by health care providers. While an audit will almost always include a request for medical records, you should keep in mind that Health Integrity will not merely be examining your medical documentation.  Should you receive a request for documents, it will probably be broken into two major parts. The first section will likely be focused on business-related records such as the following: 

“Business contracts or agreements with other providers, suppliers, physicians, businesses or individuals in place during a specific period.  Additionally, any verbal agreements must be summarized in writing.

A listing of all current and former employees (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.

• A list of all practice locations, along with their address and phone number.
• Leases.
• Employment agreements.
• Medical Director contracts.” 

One purpose of this section is to assist the ZPIC in identifying potential business practices which may constitute a violation of the Federal Anti-Kickback Statute, Stark Laws and / or the False Claims Act.  Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.

In contrast to the first section of the ZPIC’s request, the second section of the request will usually list the patient records and dates of service to be audited.  The number of dates of service audited differs from case to case.  Regardless of whether the ZPIC requests supporting documentation related to 5 claims or 50 claims, it is essential that you never ignore a request for information.  If additional time is needed to assemble the requested information, call the contractor.  Health Integrity has generally been cooperative with providers needing additional time to gather the records being requested.

Recommendation #4:  Remember learning how to “drive defensively” in high school?  Your documentation practices should be approached in a similar fashion.   When is the last time that you have reviewed the applicable documentation requirements set out in the Medicare Administrative Contractor’s latest Local Coverage Determination guidance covering the services you are providing?  Health Integrity’s auditors are excellent at identifying one or more deficiencies in your documentation. While you may disagree with the ultimate conclusions reached by their clinicians, you should not completely discount their assessments.  Health Integrity’s findings should be carefully analyzed so that any problems with your documentation can be promptly addressed.

Recommendation #5:  Engage qualified legal counsel and clinical experts to assist with your efforts. If your home health agency is audited, we strongly recommend that you engage qualified legal counsel, with experience handling this specific type of case.  Moreover, don’t be afraid to ask for references and to inquire about the anticipated cost of an engagement.  While it is often difficult to estimate legal costs due to the various factors faced when handling a ZPIC audit case, most experienced health lawyers can give you a range of expected legal fees.

VI.        Conclusion:

            While an effective home health Compliance Plan cannot fully shield an organization from risk, the implementation of, and adherence to, an effective plan can greatly assist your home health agency in identifying weaknesses and taking corrective action before an audit occurs.  Now is the time to ensure that your practices are compliant – after an audit occurs, it may be too late.

Liles Parker is a full service health law firm, providing compliance reviews, “gap analyses” and training to home health providers and their staff.  Our attorneys are also experienced in representing home health providers in the administrative appeal of overpayments identified in the post-payment audit process. Should you have any questions, please Robert W. Liles at 1 (800) 475-1906 for a free consultation.

HIPAA Compliance Is Becoming More Important Every Day

(March 19, 2012):

I.          Introduction:

            In recent years, the importance and the necessity of safeguarding Protected Health Information (PHI) (the main goal of HIPAA compliance) has been widely publicized by the Centers for Medicare & Medicaid Services’ (CMS’) Office for Civil Rights (OCR).  The potential adverse effects of HIPAA compliance failures and / or breaches in PHI are not merely limited to invasions of patient privacy and / or identity fraud.  In recent years, improperly disclosed of patient identifying information and associated medical records have been used by wrongdoers to defraud both public health benefits programs (such as Medicare and Medicaid) and private payors. Unfortunately, the full extent of the potential dangers posed by a provider’s failure to maintain HIPAA compliance is only now coming to light.

II.         Breaches in HIPAA Compliance and PHI Leaks Can Potentially Be Used as a Weapon:      

            Diabetes in the United States has been labeled an “epidemic”. An estimated 26 million Americans are thought to have the disease while another 57 million are in a “pre-diabetic” stage. The Centers for Disease Control has stated that more than a third of all American adults have or are close to having this condition. Luckily, the disease can usually be controlled through doses of medication, such as synthetic insulin.

            In many cases, a patient may have an insulin pump installed subcutaneously, which can monitor the patient’s blood sugar levels and supply additional insulin as needed. However, too much insulin can be deadly, causing hypoglycemia, unconsciousness and eventually death.

But here’s where it gets really scary: researchers at a well-known computer and internet anti-virus company recently hacked into an insulin pump remotely, and were able to direct the device to deliver a likely fatal dose of insulin to a “dummy” pancreas. From 300 feet away, the company’s hacker was reportedly able to wirelessly overcome the device’s minimal security features and forced the pump to emit a lethal dosage.[1]  Breaches in HIPAA compliance are now, for the first time, poentially deadly.  Health care providers must take all reasonable measures to reduce the chances of a breach.

              While there have been no reports of any actual or malicious hacking of insulin pumps, the anti-virus company and others, including researchers at the Massachusetts Institute of Technology (MIT), are trying to caution device manufacturers that such a threat is real. Even the Department of Homeland Security is realizing the gravity of the problem, working with device manufacturers to ensure the security of medical devices.  HIPAA compliance is here to stay — and the potential adverse impact of a breach is now potentially more serious than ever before.

            While a provider or supplier might not be able to stop a hacker from gaining access to a patient’s medical device, this possibility only further reinforces the fact that patient privacy and security, as set out in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), really matters.  And HIPAA compliance is only growing in importance as new technologies are developed and skills associated with these technologies are refined and expanded.

            To be clear, we recognize that this company’s reported demonstration of a PHI security breach is an extreme example. Nevertheless, HIPAA compliance is becoming more important both socially and legally. Patients rely on their providers to secure and protect their private health information not only from those that would use such information for improper purposes, but from the general public altogether, under the theory that private health information is just that: private.

III.        What is on the Horizon for Health Care Providers in HIPAA Compliance?

            Regardless of your personal views about the necessity of privacy protection, HIPAA compliance will likely be a permanent fixture of the health care industry and is now a legal requirement that must be taken seriously. While HIPAA took a number of years to develop, the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA), represents a significant broadening of privacy protections and greatly enhances the power of the Federal government to enforce these privacy laws. While HITECH’s implementing regulations have not yet been released (although we anticipate their release in mid-to-late 2012), HITECH substantially amends HIPAA’s protections. Not only does HITECH allow for harmed individuals to receive a portion of any penalties and fees the Federal government recovers as a result of a HIPAA violation (which we believe will substantially increase the number of HIPAA complaints filed), the amended law also calls for the implementation of HIPAA compliance auditing.

            HIPAA audits, conducted by nationally-recognized private auditing firms contracted with the Federal government, were started in the middle of last year, and the audit protocols based on the initial results are currently being reviewed and revised. Once this is done, the scope of these audits will likely increase, expanding to every covered entity, regardless of size. Moreover, while the focus of these HIPAA compliance audits is on the implementation of electronic security measures, expect these auditors to be trained in identifying all possible types of HIPAA violations, covering both the Security and Privacy Rules. Keep in mind that while the Security Rule is “scalable” depending on the size and complexity of your organization, the Privacy Rule does not have that flexibility.

IV.        What Should Providers be Doing to Minimize the Risk of a Breach?

            Now, more than ever, it is essential that health care providers review their privacy practices and operations to better ensure that the organization’s actions fully comply with the applicable privacy rules and regulations.  While we recognize that achieving perfect compliance will be difficult for some organizations, the government expects all providers, regardless of size, to adhere to the privacy rules.

            In addition to your current efforts, we strongly recommend that providers immediately assess their policies and practices related to electronic data protection.  As records of care and treatment transition to an all-electronic format, the associated dangers of a breach are likely to increase.  Health care providers and their staff should understand and appreciate the risks patients face in treatment and other health care operations. Without sophisticated security protections, the risk of breach to patient data is extremely high, and one that can cost your practice greatly. Update your HIPAA compliance policies and practices now, before an audit or even worse – a serious breach – occurs.  Should you feel overwhelmed, engage a qualified firm to both train your staff and conduct an internal review of your privacy practices.

Liles Parker is a full service law firm with experience in regulatory health compliance. We provide practitioners with effective compliance plan implementation and compliance training. In addition, our attorneys are skilled at conducting internal reviews and mock audits of health information privacy policies and practices.  For a free consultation, please call Robert W. Liles today at 1 (800) 475-1906.

TrailBlazer Loses MAC Bid Protest

(March 6, 2012):

I.      Overview and Commentary:

Unfortunately, it is true — TrailBlazer Health Enterprises LLC (TrailBlazer), the current Medicare Administrative Contractor (MAC) for Texas, Oklahoma, New Mexico and Colorado, has announced that it has lost its MAC contract with the Centers for Medicare & Medicaid Services (CMS).

The impact of the recent TrailBlazer announcement hit most of us like an episode of “Ripley’s Believe it or Not.”  For most Texas, Oklahoma, New Mexico and Colorado health care providers, TrailBlazer is the only Medicare contractor they have ever known.  Over the years, they have succeeded where some other contractors around the country have often failed — they were able to build a professional partnership with health care providers.  Moreover, these providers learned that they could rely on TrailBlazer’s counsel.  Were they perfect?  Far from it.  Nevertheless, at the end of the day, we believe that TrailBlazer will be sorely missed.  Good luck to all of our friends (and sometimes opponents) at TrailBlazer.  We will miss your professionalism and good cheer.  

II.     Here’s What Happened:

Originally requesting solicitation for the A/B MAC Jurisdiction H in March of 2011, CMS subsequently awarded the contract for this jurisdiction to Highmark Medicare Services, Inc. (HMS) several months later. Because TrailBlazer had held this contract for a number of years prior to CMS’ bid solicitation, it vigorously protested the award of the contract and filed a formal protest with the Government Accountability Office (GAO) initially in August  2011, amending the protest in November and December 2011.

However, TrailBlazer announced on Thursday, March 1, 2012, that the bid protest had been reviewed and denied by the GAO, upholding the initial decision by CMS. As a result, HMS and TrailBlazer will soon begin the process to transition HMS into the MAC role.  According to TrailBlazer, the companies will work together over the summer of 2012 to ensure a smooth transition for Medicare beneficiaries and providers alike. Subsequently, HMS will be responsible for processing both Part A and Part B Medicare claims in this region.

III.    Effect on Texas, Oklahoma, New Mexico and Colorado Providers:

 The transition to HMS may have significant effects, both positive and negative, on providers in Region H. Initially, it has been our experience that transitions from one contractor to another have never been entirely smooth, though TrailBlazer claims it will work closely with HMS to do so. Providers in the middle of administrative appeals of Medicare post-payment audits, or those participating in extended repayment plans (ERPs), may find that HMS does not have sufficient administrative information or controls to ensure that all information or payments are accounted appropriately. In similar situations, such as the switch from CIGNA Government Services to Palmetto GBA in North Carolina, the transition was far from smooth, with several of our clients experiencing problems when the change-over took place.  Moreover, contacts that providers have developed at TrailBlazer over the last decade may no longer be available once Highmark takes control of the region. It may be difficult to establish relationships with new counterparts at HMS. As this process moves forward, providers should consider contacting their TrailBlazer contacts and asking for the name and future contact information of HMS employees who will be taking over similar job responsibilities, when it becomes available.

 Despite the inevitable confusion inherent in any switch of this size and compexity, HMS and their staff are highly experienced and well-suited to take over TrailBlazer’s responsibilities.  The organization has a long history of effective and efficient claims processing. Having said that, we strongly recommend that you keep a close eye out for any new Local Coverage Determinations (LCDs) that may be issued by HMS.  Although the basic rules are typically the same, it is not at all uncommon for their to be differences from contractor to contractor when it comes down to the highly specific documentation requirements applied.   It is imperative that you conduct a claims review once the transition is underway to help determine whether you will need to make any changes in your documentation and / or procedural practices in order to fully meet HMS’ expectations.

Liles Parker is a full service health law firm with offices in Washington D.C., Texas, and Louisiana. Our attorneys apply decades of focused experience when representing clients and are skilled in reviewing LCDs and other coverage guidance. In addition, we assist health care providers with Medicare appeals, implementation of extended repayment plans, compliance training and reviews, and other important health law activities. For a complimentary consultation, please call Robert W. Liles at: 1 (800) 475-1906.

OMHA Changes ALJ Hearing Case System

(March 2, 2012):  [From ALJAppeal.com] - Likely recognizing the enormous disparity in Administrative Law Judge (ALJ) hearing workloads for its various Field Offices, the Office of Medicare Hearings and Appeals (OMHA) recently switched to a Central Docketing System for all pending and new appeals. Under this new system, all ALJ hearing requests will be sent to OMHA’s Central Office in Cleveland, OH. Each ALJ appeal will subsequently be assigned to one of the Field Offices – Irvine,  CA, Miami, FL or Arlington, VA – or to ALJs in the Central Office. Despite assigning appeals to different offices, OMHA is not breaking these appeals into their component parts – individual claims -  so “big box” cases will still be handled during one ALJ hearing.

While each appeal will likely be assigned to an office randomly, OMHA will likely base these assignments on current workloads at each of its offices. Therefore, a provider in Texas, Oklahoma  or Louisiana, who would previously have always gone before an ALJ in the Miami Field Office, may end up at an ALJ hearing in any of OMHA’s four offices. While this may be disconcerting at first, the typical ALJ hearing is conducted by phone or video-teleconference nowadays, meaning that the ALJ’s location doesn’t substantially affect how a case is handled. While it may be more difficult to ascertain the procedural habits of a single ALJ (such as in what order to present information or how formal each ALJ hearing session is), an experienced health lawyer will still be able to ably represent your interests since appeals and hearings are generally handled in the same fashion,

In any event, regardless of whether the assigned ALJ is in Cleveland, OH, Arlington, VA, or in one of the other Field Offices, you should seriously consider retaining qualified legal counsel.  In recent years, representatives of the Zone Program Integrity Contractor (ZPIC), the Medicare Administrative Contractor (MAC) and / or the Qualified Independent Contractor (QIC) are frequently choosing to participate in ALJ hearings, arguing why the claims at issue should not be paid (and effectively supporting the results of their earlier ZPIC audit).  Although the proceeding is technically “non-adversarial,” ALJ hearings can become quite contentious.  An experienced lawyer can assist you in understanding the process so that you may more effectviely present your arguments in support of payment.  As new rules and administrative guidance comes out regarding the Medicare post-payment audit appeals process, check back with us for more information.

Liles Parker is a full service health law firm with several offices around the country. Representing providers in all stages of Medicare post-payment appeals, including ALJ hearings, our attorneys are well-versed in the administrative appeals process and capable of aggressively handling your case. In addition, we conduct compliance program advising and implementation, as well as mock audits, staff training and health care business transactions. Please call Robert W. Liles at 1 (800) 475-1906 for a complimentary consultation today.

AdvanceMed Brings Prepayment Review to Georgia

AdvanceMed Appears to be Expanding the Number of Prepayment Audits in Georgia:

In the past few weeks, AdvanceMed Corporation, the Zone Program Integrity Contractor (ZPIC) for Regions II and V (covering the Northwestern and Southeastern portions of the United States, respectively), appears to have significantly expanded the number of prepayment audits it is conducting in Georgia.  More specifically, AdvanceMed appears to be focusing on hospices, psychiatric services and pain management, practice areas where problems has been identified by the government in the past.  From calls we have received, it does not appear that only metropolitan area providers are under scrutiny.  Rather, prepayment review audits appear to be occurring throughout the entirety of the State.  To be clear, the government’s increasing use of prepayment review audits is not surprising — it is consistent with their overall efforts to prevent improper coding and billing practices from occuring in the first place.  The Centers for Medicare & Medicaid Services (CMS) are understandably frustratrated with old, tired enforcement tactics which relied on “Pay and Chase” strategies.

How Should a Georgia Health Care Provider Avoid Being Placed on Prepayment Review?

In most cases, health care providers are targeted and placed on prepayment review because of:  (1) data mining has identified the provider as an “outlier,” or (2) a complaint has been filed against the provider.  The best preventative measure you can take is to design and implement an effective Compliance Plan.  As a first step, you should conduct a “Gap Analysis” to determine whether your operations, coding and billing practices fully meet applicable laws, regulations and guidelines.  If not, remedial action must be taken to put the organization back on the right path.  During this process, you will likely learn how your coding and billing practices compare to those of your peers.  Should you find that your practices result in the organization appearing to be an “outlier,” it is essential that you determine how and why your practices differ from those of similarly situated providers.  You may or may not be doing wrong.  If you are handling claims incorrectly, fix them and return any monies owed to the contractor.  If you beleive that your practices are compliant, that’s fine — but you better be prepared to respond to an audit.

Don’t Wait to be Audited – Review Your Practices Now!

Notably, when AdvanceMed places a health care provider on prepayment audit, the claims being scrutinized are likely associated with services performed in the last week or two.  This means that providers currently have the opportunity to assess and potentially correct their documentation practices if deficiencies are identified. We recommend that all Georgia providers examine their medical records and critically determine whether they actually meet the relevant criteria for reimbursement.  Pull applicable Local Coverage Determination (LCD) rules and carefully review the medical necessity, coverage and documentation requirements set out in the contractor’s guidance.  Are your documentation, coding and billing practices compliant?

How Should a Georgia Provider Respond if They Have Already Been Placed on Prepayment Audit?

The prepayment review process can be long, complex and challenging.  Moreover, the lack of a quick payment turnaround can be devastating on a small practice’s cash flow, and similarly inhibit larger entities from effectively navigating the revenue cycle. This problem is only exacerbated by the fact that AdvanceMed, as a ZPIC, is not obligated to return a decision on prepayment review claims to a provider within a specified time frame. Unlike Medicare Administrative Contractors (MACs), who, according to the Medicare Program Integrity Manual  (PIM) Chapter 3, Section 3.3.1.1 F, must make and issue a decision within 60 days of receiving a medical record for prepayment review, ZPICs are not under the same duty to quickly make decisions on claims. The PIM is entirely silent on what the time frame is for ZPICs to conduct prepayment review and issue notification to the concerned provider. This may result in ZPICs, such as AdvanceMed, taking an inordinate amount of time to complete their prepayment audit of your claims.

During this ongoing effort by AdvanceMed, Georgia providers should expect that prepayment review will take 90 – 180 days on average from when AdvanceMed receives the relevant medical records. Moreover, based on average denial rates we have seen in the past, providers should expect that 60 – 75 percent of their claims may be denied by AdvanceMed (although it is not uncommon for us to see denial rates at or approaching 100 percent). Upon denial of these claims, providers then have the right to take these claims through the Medicare administrative appeals process. As some of you may know, this is also a long process which usually culminates in a hearing before an Administrative Law Judge (ALJ). Regardless of your experience in this area, it is important to remember that qualified counsel can greatly assist you in developing and presenting arguments and evidence to the ALJ, as well as ensuring that all supporting documentation is included in the medical record. As AdvanceMed continues its prepayment review initiative in Georgia (and possibly expands this effort into surrounding states), providers should take a second look at their documentation and make sure it passes muster. The time to do this is now, not when AdvanceMed is knocking at your door.

Liles Parker is a full service law firm with attorneys experienced in representing providers in Medicare postpayment audits and counseling providers on prepayment audit strategy. Moreover, our firm is skilled at conducting mock audits, compliance reviews and internal audits and investigations to ensure compliance with applicable laws and regulations. For a free 30 minute consultation about your case, please feel free to call us at 1 (800) 475-1906.

The Physician Payment Sunshine Rules

(February 2, 2012):  Last week, the Centers for Medicare & Medicaid Services (CMS) closed its public comment period regarding proposed regulations for what is being called the Physician Payment Sunshine Rules. Generally, these rules require drug and device manufacturers to report payments, in cash or otherwise, to physicians. CMS is then authorized to publish these disclosures on a website for the public to review when researching and choosing their physicians. While a number of requirements and/or informal guidance may already limit or otherwise affect payment to physicians by drug and device manufacturers (for instance, the PhRMA Code), these new rules will require nearly every payment to physicians in this context be publicly reported and available. This may present new challenges for physicians, manufacturers and their interactions and relationships.

I.   The Physician Payment Sunshine Law:

Implementing Section 6002 of the Affordable Care Act, Transparency Reports and Reporting of Physician Ownership or Investment Interests, the law requires that drug or biologic manufacturers, device or medical supply manufacturers and group purchasing organizations submit information regarding any payments to physicians on an annual basis. These payments include not only cash, but also gifts, consulting fees, research activities, speaking fees, meals and travel expenses. The reporting requirements mandate that a drug or device manufacturer or GPO must disclose all payments to physicians greater than $10 if such amounts do not exceed $100 per year. If payments to a specific physician are greater than $100, the manufacturer or GPO must report every payment to the physician, even those less than $10. These are very low dollar requirements, and will substantially affect the reporting requirements for nearly every manufacturer or GPO in the country. Under the proposed law, nearly every meal with a physician will require disclosure.

II.   Effect on Physicians:

While manufacturers and GPOs are responsible for actually reporting amounts paid, the Physician Payment Sunshine rules do not affect their business and business practices as much as it will likely affect physicians. Specifically, the law is intended to give the public complete transparency in a provider’s relationships, thus allowing the public to discern whether a physician is making a medical decision based on any factors other than what is best for the patient. In essence, it is taking the intent of Stark and Anti-Kickback laws – to ensure that medical decisions by a physician are made solely in the best interest of the patient – and requiring that any financial interests of a physician be publicly disclosed (even if such interests do not violate the Stark and Anti-Kickback laws). While the law requires compliance by manufacturers and GPOs, it primarily affects the reputation of physicians. As such, physicians and their associates should understand the ins and outs of the proposed rules, so that they can better protect both the reputation of the physician as well as the integrity of the practice as a whole.

III.   Penalties for Failure to Report:

Under the Physician Payment Sunshine law, CMS can assess fines in two situations. The proposed rules state that a manufacturer or GPO that unknowingly fails to report payment or other consideration given to a physician may be liable for $1,000 to $10,000 per violation, not to exceed $150,000 per year. On the other hand, a knowing failure to report payment may subject a company to $10,000 to $100,000 in penalties, capped at $1,000,000 per year. To enforce the law, CMS and the Office of Inspector General (OIG) have reserved the authority to “audit, evaluate, or inspect” applicable entities for compliance. In addition, CMS has mandated that device and drug manufacturers and GPOs maintain documentation of payments made to physicians for at least five years from the date in which the applicable data was made available on CMS’ disclosure website.

IV.   What if the Reported Information is Wrong?

One issue that may concern many physicians is the inaccurate reporting of information. While manufacturers and GPOs have the duty and the authority to report payment information to CMS, the information reported can only substantially impact physicians. As such, if information is incorrectly reported to CMS, a physician may be improperly associated with a certain drug, device or company, and such association may harm the integrity of that physician’s practice. CMS has taken a “hands-off” approach on this issue, leaving it to the involved parties to “resolve disputes about the information reported.” It is also proposing that “if the dispute cannot be resolved, the transaction will be noted as disputed, and both amounts will be published.” Such an approach will likely only confuse patients researching their physicians and negatively impact the integrity of a physician practice.

The new law can present complex problems for physicians and device and drug manufacturers alike. Liles Parker can handle dispute resolution between parties, reporting and appeals of agency decisions. Moreover, Liles Parker attorneys are experienced in assisting providers with implementation of compliance initiatives and other compliance activities to make sure that problems are addressed before they arise. For more information or a free consultation, please do not hesitate to call us.  Please call Robert W. Liles, Esq. at: 1 (800) 475-1906.

CMS Issues Proposed Rules About Returning Medicare Overpayments

(February 22, 2012):  Late last week, the Centers for Medicare & Medicaid Services (CMS) released an important proposed rule in the Federal Register that could dramatically affect all healthcare providers, 3rd party billers and other entities involved in the healthcare industry. The proposed rule, interpreting language set out in Section 6402(a) of the Affordable Care Act, entitled “Reporting and Returning of Overpayments”, creates substantial burdens on healthcare providers. Specifically, there are three proposed rules that providers need to understand.

 

I.   What Does it Mean to Identify a Medicare Overpayment?

 

First, the proposed regulations define the term “identified.” As you may know, Section 6402(a) mandates that providers and suppliers return identified Medicare and Medicaid overpayments within 60 days of identification. Should a provider fail to return an identified Medicare overpayment within this time frame, they may be liable for False Claims Act (FCA) or Civil Monetary Penalty (CMP) damages and penalties. However, commentators have questioned what the term “identified” really meant. Under the proposed rule, CMS states that an identified Medicare overpayment is one in which the provider has actual knowledge of the Medicare / Medicaid overpayment OR acts in reckless disregard  OR deliberate ignorance of the overpayment. This standard specifically aligns this regulation with the FCA’s knowledge requirements. As a result, providers and suppliers can no longer ignore warning signs (however slight they may be), of potentially improper claims, and must perform a reasonable self-audit to ensure that no overpayment exists. Providers must remember that one of these warning signs includes receiving audit results from a government contractor. In other words, if a provider receives notice of a Medicare post-payment audit or is placed under pre-payment review, this rule arguably creates a duty for that provider to investigate the government’s allegations further. Importantly, because of the possibility of FCA liability, internal audits and investigations should be conducted through counsel, thereby possibly preserving attorney-client privilege for any information uncovered.

II.   Expansion of CMS’ Authority to Reopen Claims:

Second, the regulations propose to expand CMS’ ability to reopen claims to 10 years, in line with the maximum possible statute of limitations for the FCA. CMS and its contractors currently have a 3-tiered system regarding the reopening of paid Medicare and Medicaid claims:

 

Tier 1.  Within 1 year of the paid date, they may open a claim for any reason.

Tier 2.  From 1 year to 4 years, they may open a claim upon establishing “good cause” for the reopening.

Tier3.  After 4 years, claims may only be reopened if there is evidence that they were procured through fraud or similar fault. With the new proposed regulations, CMS’ authority to reopen claims would be greatly expanded. This would, in turn, greatly expand the exposure of providers to substantially bigger audits, possibly covering several years’ worth of claims in a single review.

 

III.   CMS has Also Established an Acceptable Frame for Returning Identified Overpayments:

Third, CMS detailed the specific time frame for returning an overpayment. Specifically, the proposed rule indicates that the 60 day time frame for returning an overpayment begins once “reasonable inquiry” determines that an overpayment does, in fact, exist. However, if there is reason for the provider to investigate a possible overpayment and it ignores or avoids this duty, the 60 day time frame would begin to run once the duty is shunned (as this would constitute deliberate ignorance or reckless disregard). CMS explicitly writes, “failure to make a reasonable inquiry, including failure to conduct such inquiry with all deliberate speed after obtaining the information, could result in the provider knowingly retaining an overpayment because it acted in reckless disregard or deliberate ignorance of whether it received such an overpayment.” In any event, while CMS has clarified the timing of this requirement, it has made clear that providers must take it upon themselves to review claims submissions and promptly return any monies owed to the government.

 

Data Mining Assessment Tools Can Serve as an “Early Warning System” of Possible Problems

(February 8, 2012):  While we all know that many Medicare post-payment audits are often generated as a result of sophisticated data mining analyses, the particular elements of concern which may give rise to a specific provider audit are not always so clear.  Health care providers interested in compliance, should have a fairly accurate idea of how their coding and billing practices “stack up” when compared to the practices of their peers working in the same specialty area.  One question to be addressed is whether your coding and billing practices make you appear as an  “outlier.” If, in fact, you are an outlier, you shouled expect to be audited by the Centers for Medicare and Medicaid Services (CMS) or one of its contractors.  To be clear, just because you are an outlier does not necessarily mean that you are engaging in improper conduct.  Nevertheless, if you are an outlier, we strongly recommend that carefully analyze practices in an effort to identify why your practices differ from those of your peers.  Perhaps you are, in fact, improperly coding or billing for services rendered.  If so, you will need to determine the scope of any overpayment and work with your legal counsel to promptly reimburse the government.  As we have repeatedly advised our clients, “If it isn’t your’s, give it back.” If your practices appear to be correct, what other reasons my explain why your practices differ from those of your peers. 

I.  Tools You Can Use to Assess “Risk”:

While you can’t completely eliminate the risk of an audit, there are several tools that can help your organization determine how your utilization rates compare to those of your peers.  Among these tools is one of our personal favorites – DecisionHealth’s “E/M Bell Curve Data Book,“ which gives a visual overview of the Center for Medicare and Medicaid Services’ (CMS’) Evaluation and Management (E/M) data rates for 59 different specialties. For instance, a general practitioner can look at his established patient office visits (CPT© codes 99211 – 99215) and compare his utilization rates to the national average for the same CPT© codes. This data can be extremely useful in assessing an office’s billing practices and patterns and give confidence to a provider whose rates are similar to the national average.

Another effective tool, especially for non-E/M practices, such as home health agencies and hospices, is the “The Dartmouth Atlas of Health Care,” which provides a variety of data tools to evaluate Medicare spending by county. Not only does this interactive website have average-spending-per-Medicare-beneficiary maps, it also has a tool which allows providers to examine national and state benchmarks for a variety of statistics. These include Medicare reimbursements, hospice, skilled nursing facility, and home health agency utilization rates, surgical procedures and more. Applied correctly, this data can be instrumental in a practice’s self-evaluation and gives providers significant insight into their own billing patterns.

II.      Know Your Appeal Rights:

Unfortunately, staying compliant with Medicare rules and regulations and avoiding audit can be a constant and ever-evolving challenge. Even with the best tools, physicians, group practices, clinics, home health agencies and other providers may still find themselves subject to Medicare post-payment and / or pre-payment audit by a Zone Program Integrity Contractor (ZPIC) or by another one of CMS’ contractors.  ZPICs, Recovery Audit Contractors (RACs) and other Medicare-contractors reviewers are highly knowledgeable and skilled at what they do.  They are experienced in handling audits and are quite good at identifying deficiencies in your documentation, regardless of how minor those deficiencies might be.  While it is essential to understand your obligations as a Medicare participant, it is equally important to understanding how and why practices get audited.  Moreover, it is also necessary to know how to appeal an adverse determination that you sincerely feel is unwarranted.

Déjà Vu – RAC Prepayment Reviews Are Back!

I.    Overview:

Late last week, the Centers for Medicare and Medicaid Services (CMS) announced that prepayment reviews by Recovery Audit Contractors (RACs) would begin (again) on or after June 1, 2012.  As we previously discussed, CMS had originally delayed the program amid significant provider concerns about its operation.

II.   Background:

RACs have long served an important role in detecting and recovering both Part A and Part B overpayments since the program began in 2005. Utilizing both automatic review edits and complex medical reviews to identify a multitude of claims errors, RACs have greatly assisted the government in its efforts to protect the integrity of the Medicare Trust Fund.  As you know, RACs are paid on a contingency basis, based on the amount of improper payments (either overpayments or underpayments) each RAC identifies and actual recovers. Despite harsh criticism from the provider community, RACs have been successful in their audit and recovery tasks, prompting the Federal government to expand their authority to review claims.

III.   RAC Prepayment Review Demonstration:

Initially announced on November 15, 2011, CMS’ RAC Prepayment Review Demonstration Project was slated to start in 11 states on January 1, 2012, including Florida, California, Mississippi, Texas, New York, Louisiana, Illinois, Pennsylvania, Ohio, North Carolina and Missouri. Through the project, CMS was hoping to ensure that Medicare claims reimbursed by the government were medically necessary and met coding and billing criteria before such claims were paid. Due, at least in part, to significant concerns from providers and hospitals about the substantial administrative burden such review would cause, CMS announced last month that it was indefinitely delaying the RAC Prepayment Review Demonstration Project. As we noted when CMS first announced this delay, while providers may have considered this postponement a victory, CMS still has numerous other contractors actively performing prepayment review audits each day around the country. At the end of the day, the issue really isn’t whether CMS is going to instruct its contractors to conduct prepayment reviews, it really comes down to whether providers are properly meeting applicable medical necessarily, coverage, documentation, coding and billing requirements.

IV.   Impact of Being Placed on Prepayment Review:

As you may know, there is no prepayment review administrative appeals process. As a result, providers placed on prepayment review have little recourse to reverse the decision, and often remain on review for four to six months (although we have seen reviews lasting up to a year) or until the provider is able to show their Medicare Administrative Contractor (MAC) that the services billed meet medical necessity, coverage and documentation requirements. Importantly, this determination is entirely based on the respective MAC’s subjective view of the propriety of a provider’s claims.

It is important to note that prepayment review audits can prove disastrous for providers and hospitals who mainly treat Medicare beneficiaries. Prepayment review effective delays payment for several months, even assuming that the MAC finds the provider’s claims are payable. Often times, providers must also take many of these claims through the administrative appeals process, adding another one to two years before payment is made (again assuming that an Administrative Law Judge finds the claims payable).

V.   Avoiding Prepayment Review:

With RAC prepayment reviews on their way, providers may consider investing in the time and energy now to make sure their claims meet applicable payment requirements. While there is no “silver bullet” to completely eliminate the risk of prepayment audit, a number of preemptive steps exist to reduce the likelihood of such an occurrence. You should consider conducting a “gap analysis” of your practice, and in so doing, you will learn whether your billed services, and associated documentation, meet medical necessity and coverage requirements. You may also review your utilization rates of certain procedures and compare these rates to those of your local, regional and national peers. In all, you need to identify the regulatory benchmarks applicable to your practice, identify where you fail to meet these benchmarks, consider the manner and method to rectify these deficiencies, and add proper procedures and additional risk areas to your Compliance Plan. Such efforts now can leave you in an excellent position to respond to any billing questions by RACs or other Medicare contractors. While RAC prepayment reviews are just another type of audit in a long list of concerns for providers, don’t underestimate the ability of these RACs to identity errors and deny payment.

VI.   Reading the Tea Leaves:

CMS’ rekindled RAC prepayment review program is slated to begin again on June 1, 2012.  With the reimplementation of this project, CMS moves yet another step away from its “pay-and-chase” model.  Among its many advantages, the prepayment review approach greatly reduces the likelihood that the claims being paid by the government are improper. We believe that the scope of RAC and ZPIC prepayment reviews will continue to grow in the near future and will represent a key component of the government’s fraud prevention efforts in years to come.

Liles Parker attorneys have extensive experience conducting “gap analyses” and conducting compliance reviews for health care providers of all types. In addition, our attorneys are skilled in assisting providers who have been placed on prepayment review or subjected to post-payment audit. For more information, please call us today for a complimentary consultation.  We can be reached at: 1 (800) 475-1906.

CMS is Now Actively Auditing Providers Who Took EHR Incentive Program Funds

(January 26, 2012):

1.   Background:

« Previous Page — Next Page »