logo - Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations.

Eight Elements of a Payable Medical Claim

January 9, 2021 by  
Filed under

Download PDF

Today, it is more essential than ever that health care providers take great care when assessing a patient’s clinical needs and determining which care and treatment is medically necessary. Once this decision is made, it is imperative that health care providers submitting claims to governmental and private payors fully understand their obligations under the law and under the terms of their participation contracts, prior to billing a payor for those medical services. Generally, we refer to this process as the “Eight Elements of a Payable Medical Claim.” As set out below, non-hospital health care providers can often use this approach to determine whether specific services billed to Medicare, Medicaid, and/or private payors should be paid. A discussion of the eight elements is provided below.

Element #1 — The Medical Service or Supplies Provided were Medically Necessary:

In addressing this element, a treating health care provider should ask the following question: “Were the medical services or supplies providers medically necessary?”

When considering this question, it is important to keep in mind that the medical necessity is essentially a “standalone” determination, separate from each of the other elements. In other words, a physician may find that a specific course of treatment is medically necessary in light of a patient’s clinical profile and needs. Nevertheless, just because a certain treatment regime is medically necessary does not mean that it will be covered by one or more payors. Over the years, we have seen numerous instances where a physician determined that a course of treatment was medically necessary but it was not covered by Medicare, Medicaid, or a private payor plan.

We believe that this element constitutes the most important question to be answered by a provider. Services which are not medically necessary should never be performed. However, a provider may choose to provide medically necessary services regardless of whether he or she anticipates a payor to find that the care qualifies for coverage and payment.

Element #2 — The Medical Services of Supplies Were Actually Provided:

The second issue addressed is whether the services at issue were actually provided. As you can imagine, regardless of the fact that services ordered were medically necessary, the services must actually be administered in order for those services to be billed and paid. Absent clear, unambiguous evidence that services were provided, they should not be submitted for reimbursement.  Equally important, services must actually be provided at a level of quality consistent with Medicare’s expectations or the expectations of the covering payor.

Element #3 — No Other Statutory Violations Were Committed in Connection with the Medical Services or Supplies Provided:

In other words, were the medical services or supplied provided “tainted” by any statutory or regulatory violation, such as the Stark Law, Federal Anti-Kickback Statute or a False Claims Act violation?  When examining whether a claim is properly payable, you need to remember that even though the medical service at issue may have been medically necessary and qualified for payment, if it is the result of an illegal activity, it will be tainted and will likely not qualify for payment.

Therefore, when you are reviewing a service or claim, you must consider whether there is any indication of possible statutory or regulatory violations. For instance, is there any evidence that the service or claim is linked in any way to a breach of the Federal Anti-Kickback Statute or Stark’s prohibition against improper self-referrals? Similarly, is the service or claim associated with a possible violation of the civil False Claims Act? The bottom line is fairly straight-forward: it is insufficient to merely show that a claim appears to meet the payor’s basic billing rules. Rather, a broad view of the service or claim should be made to better ensure that it is not otherwise non- payable due to a statutory breach.

Element #4 — All Applicable Coverage Requirements are Met:

Traditional Medicare, Medicare Advantage plans, traditional Medicaid, Medicaid Advantage plans and each of the private payor plans all have similar, but in many instances different, coverage requirements.  Therefore, it is essential that when you are auditing a claim, you need to determine whether or not it is covered under the patient’s insurance plan.  You need to keep in mind that a service or claim can be medically necessary yet still not qualify for coverage and payment. Ultimately, every service or claim, regardless of whether the beneficiary is a Medicare, Medicaid, or private plan participant, must be examined to see if it qualifies for coverage.

In making coverage determinations, CMS has interpreted the phrase “reasonable and necessary” to reflect that the item or service in question is safe and effective and not experimental or investigational. [1] CMS stated that the relevant tests for applying these terms are whether the item or service has been proven safe and effective based on authoritative evidence, or alternatively, whether the item or service is generally accepted in the medical community as safe and effective for the condition for which it is used. [2] A device is investigational if it has not been approved by the Food and Drug Administration (FDA) through a premarket approval process or the “510(k) certification process.” [3]

  • National Coverage Determinations.

In its most general form, the Secretary of the U.S. Department of Health and Human Services (HHS) may articulate “reasonable and necessary” standards through formal regulations that have the force and effect of law throughout the administrative process. [4] More specifically, the Secretary may publish a formal administrative ruling in the Federal Register setting forth how Medicare statutes and regulations are to be applied in particular circumstances. [5] These regulations and administrative rulings are binding at all stages of the administrative process. [6]

The first type of formal regulations are publications known as National Coverage Determinations (NCDs). [7] NCDs are national policy statements that grant, limit, or exclude Medicare coverage for a particular item or service and apply nationally to all Medicare beneficiaries who meet the criteria for coverage. [8] More precisely, NCDs are “determination[s] by the Secretary with respect to whether or not a particular item is covered nationally” by Medicare. [9] NCDs “generally outline the conditions for which a service is considered to be covered (or not covered)” and “are usually issued as a program instruction.[10] NCDs are often published detailing how a particular patient population may or may not receive Medicare reimbursement for a covered item or service. [11] Therefore, NCDs relate only to issues of coverage. NCDs do not reflect a determination of the amount of payment made for a particular item or service. [12]

Moreover, any interested party, including beneficiaries, may make an external request for a new NCD. [13] Most of these external requests, however, are made by organizations such as drug, device, or medical product manufacturers or by professional medical organizations, providers, or suppliers. [14] In addition, CMS may make its own internal request if it determines that an NCD is “in the interest of the general health and safety of Medicare beneficiaries.” [15]

Importantly, because of the judicial deference given to the Secretary in making his or her coverage determinations, all requirements set forth within an NCD are binding on coverage determinations made by Medicare Administrative Contractors (MACs) and Administrative Law Judges (ALJs) during the appeals process. [16]

Finally, the Secretary may “further define when and under what circumstances services may be covered (or not covered)” under the reasonable and necessary standard through “coverage provisions” in “interpretive manuals.[17] Manual instructions are often issued in the form of program memoranda, such as the “Medicare Program Integrity Manual.”

  • Local Coverage Determinations.

The Secretary of HHS may also delegate its responsibilities to Medicare contractors under section 1395y(a). [18] Therefore, in the absence of an NCD, MACs are responsible for promulgating their own reasonable and necessary coverage determinations. [19] These determinations are published as Local Coverage Determinations (LCDs). LCDs are defined as “determination[s] by a [contractor] under. . . part B. . . respecting whether or not a particular item or service is covered. . . in accordance with section 1395y(a)(1)(A).” [20] MACs make these coverage determinations by applying the Act and Federal regulations, as well as additional guidance provided by CMS in the form of Rulings, Medical Manual Provisions, and other forms of guidance. [21] In fact, the vast majority of coverage decisions are made at the local level by clinicians who work with the MACs during the claims review process.  CMS’s Medicare Program Integrity Manual (PIM) outlines how LCDs are to be promulgated. Each LCD must reflect local medical practice within the contractor’s jurisdiction and must be supported by substantial medical evidence. [22] MACs develop LCDs by considering medical literature, the advice of medical societies and consultants, public comments, and comments from the Medicare provider community. [23] Like NCDs, an LCD’s coverage guidance on whether an item is medically “reasonable and necessary” means that the item is safe and effective and not experimental or investigational as determined by the FDA approval process. [24] The contractor must also ensure that LCDs are consistent with the Medicare statute, regulations, NCDs, and other applicable Federal guidance. [25] The PIM also requires that contractors engage in a notice and comment process before publishing coverage policies. [26]

Unlike NCDs, ALJs and the Medicare Appeals Council (Appeals Council)—not to be confused with the Medicare Administrative Contractor (MAC)—are not bound by LCDs or CMS program guidance, such as program memoranda and manual instructions. [27] However, they will give substantial deference to these policies if they are applicable to a particular case. [28] This deference is due to interpretations that arise under a “complex and highly technical regulatory program,” where even “the identification and classification of relevant criteria necessarily require significant expertise, and entail the exercise of judgment grounded in policy concerns.” [29] If either an ALJ or the Appeals Council declines to follow a policy in a particular case, the ALJ and/or Appeals Council decision must explain the reasons why the policy was not followed. [30] An ALJ or Appeals Council decision to disregard that policy applies only to the specific claim being considered and does not have precedential effect. [31] Furthermore, an LCD made by one MAC is not binding on the other Medicare contractors across the country. [32]

The Secretary of HHS is also responsible for overseeing the evaluation of new LCDs to determine whether they should be adopted nationally and to what extent can consistency be achieved among LCDs. [33] Because LCDs are established by each individual MACs, variances between LCDs are common. Notably, while assessing common coverage and documentation requirements from one region to another, we have found that the differences between one LCD and another can be significant.  Finally, if there is no NCD or LCD in place, “contractors may make individual claim determinations,” including whether a particular item or service meets the statutory requirement of being “reasonable and necessary.[34]

  • Challenging NCDs and LCDs:

When a beneficiary is confronted with a denied claim and wishes to challenge that denial, the beneficiary has the option of pursuing review through the claims appeal process, seeking review of the applicable LCD or NCD, or both. [35] However, any challenge to an NCD or LCD is distinct from the general Medicare claims appeal process set forth in 42 U.S.C. § 405(g). [36] In fact, challenging these determinations permits an aggrieved beneficiary to seek review of an entire policy or provision rather than just a specific claim denial. [37] Nevertheless, when the LCD review process was created, the existing claims appeal procedures remained unaltered. As a result, a beneficiary who wishes to challenge an NCD or LCD still has access to a de novo review by ALJ or to Federal district court review, if necessary. [38]

When challenging an NCD or LCD, ALJs and the Appeals Council are responsible for reviewing the reasonableness of these determinations under certain guidance. In determining whether LCDs or NCDs are valid, the adjudicator must uphold a challenged policy (or a provision or provisions of a challenged policy) if the findings of fact, interpretations of law, and applications of fact to law by the contractor or CMS are reasonable based on the LCD or NCD record and the relevant record developed before the ALJ or the Appeals Council. [39]  As previously indicated, NCDs are determinations promulgated by the Secretary and are therefore given substantial deference when challenged. Nevertheless, the administrative appeals process affords this same level of deference to LCDs, despite the fact that these determinations are published by independent, private MACs. 42 C.F.R. § 405.1062(a) affirms that ALJs and the Appeals Council are not bound by LCDs or CMS program guidance, such as program memoranda and manual instructions but will also give substantial deference to these policies if they are applicable to a particular case. In doing so, the ALJs or the Appeals Council must apply the same “reasonableness standard” when conducting a challenge to an LCD as it does to an NCD. [40]

What exactly constitutes a “reasonableness standard”? In Subject: NCD Complaint—Intraocular Lens (CMS Ruling 05-01), [41] the Appeals Council acknowledged a complaint challenging an NCD that barred coverage of presbyopia-correcting intraocular lenses (PC-IOL) inserted after cataract surgery. After reviewing the NCD Record and the challenger’s contentions, the Board upheld the validity of the NCD. [42]

The Board outlined its standard of review for an NCD appeal and acknowledged that Section 1869(f)(1)(A)(iii)(I) of the Act limited its review of an NCD “to evaluat[ing] the reasonableness” of the NCD. [43] Section 1869(f)(1)(A)(iii)(III) also provides that the Board “shall defer only to the reasonable findings of fact, reasonable interpretations of law, and reasonable applications of fact to law by the Secretary.” [44] The Board recognized that this reasonableness standard required it to uphold the challenged NCD “if the findings of fact, interpretations of law, and applications of fact to law” by CMS are reasonable based on the NCD record and the relevant record developed before it. [45]

The Board also noted that Federal regulations provide a two-stage process for reviewing a challenged NCD. First, if it found the NCD record to be complete and adequate to support the validity of the NCD, it would issue a decision to uphold the NCD. This would effectively end its review process. On the other hand, if the Board found that the NCD record was incomplete and inadequate to support the validity of the challenged NCD, it would conduct a review process that permitted discovery and evidence submission, as well as a formal hearing, if necessary. [46]

“Policy Articles” are closely related to LCDs, though they are distinct documents. While LCDs contain only the reasonable and necessary language, Policy Articles contain any non-reasonable and necessary language a Medicare contractor wishes to communicate to providers. These Articles essentially provide additional details for coverage requirements and reimbursement procedures. And while Policy Articles are not LCDs, the Appeals Council has recognized a “long-standing practice to afford some deference” to these articles published by the MACs. [47] Ultimately, while challenges to the specific claims denials and challenges to the various coverage determinations follow different administrative appeals processes, the adjudicatory entities all afford the Secretary’s decisions substantial deference due to the complex nature of the Medicare program. As a result, beneficiaries have a significant hurdle in trying to overturn any adverse decision.

To be clear, there is no “silver bullet” that can be used by a provider to avoid the scrutiny of contractors and law enforcement. Every small- and mid-sized provider should expect to be audited. Rather than wait for such an eventuality, your organization should affirmatively review its operations, coding, and billing practices to ensure that its practices fall within the rules.

Element #5 — The Medical Services and Supplies Provided Were Properly and Fully Documented:

It is essential that you pull each and every regulatory issuance, along with any guidance issued by the state, that sets out the documentation requirements associated with a particular service or claim. After auditing thousands of claims, we found that the majority of audited health care providers never fully researched  and  reviewed  applicable  documentation requirements. As clinical reviewers of both Medicare and Medicaid program integrity contractors are quick to state, “If it isn’t documented, it didn’t happen.” When a UPIC or RAC makes this point during a hearing before an Administrative Law Judge (ALJ), this point is quite effective—it is extremely difficult for a provider to prove that a service was provided if there is insufficient documentation of the work conducted in the patient’s medical records. Therefore, research, review, and confirm the precise documentation requirements, then ensure that you take the time to fully and accurately document the work you have performed.

UPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements. While you may very well disagree with their assessments, especially in “medical necessity” determinations (when you file a request for redetermination appeal and later, a request for reconsideration appeal), you will find that your MAC and your Qualified Independent Contractor (QIC) agree with the UPIC’s  denial  decision. Rather than endure significant costs and stress when defending an overpayment assessment, you need to take steps to avoid a denial in the first place.  To that end, health   care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding, and billing processes.

We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff. Nevertheless, using published reports of other cases, you can show your clinicians that UPICs enforce a strict application of Medicare’s documentation and coverage requirements. Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with:

  • Any applicable National Coverage Determinations (NCDs).
  • Any applicable Local Coverage Determinations (LCDs).
  • Any Local Medical Review Policies (LMRPs).
  • The Medicare Policy Benefit Manual (MPBM).
  • The Medicare Program Integrity Manual (MPIM).
  • Any statutory provisions which cover the medical services or supplies provided.
  • Any additional guidance issued by Medicare must also be carefully reviewed.

Element #6 — The Medical Services or Supplies Were Properly Coded:

Unfortunately, even if the foregoing rules have been met, it is quite simple to make a coding mistake, therefore invalidating the claim. The coding rules are both complicated and dynamic, potentially changing from year to year. We recommend that you either engage a qualified third-party billing company to assist you with coding and billing or ensure that your in-house staff members handling these duties are experienced and provided regular opportunities for updated training.

Element #7 — The Medical Services or Supplier Were Properly Billed:

Health care providers must ensure that the services or claims performed fully meet Medicaid and Medicare’s billing rules. Once again, you need to ensure that your staff is properly trained to handle the organization’s billing responsibilities. As you review your billing practices, you should abide by the following: First, “If it doesn’t belong to you, give it back.” Conversely, “If you don’t owe the money, don’t automatically throw in the towel.” One of the attorneys in our firm is regularly asked to speak at provider conventions around the country. For years, he has told providers “If it doesn’t belong to you, give it back.” This simple concept covers a lot of ground when it comes to Medicare overpayments and is the single best policy you can employ as a good corporate citizen.

Element #8 — The Medical Services or Supplies Were Properly Paid:

Remarkably, even if your claims fully meet the first seven elements, that doesn’t necessarily mean that a claim has been properly paid.  Over the past year, we have handled several cases where the claim was properly coded and billed but still resulted in an improper payment amount due to software processing errors or mistakes made by a clearinghouse.  It is therefore imperative that you check to ensure that the reimbursement amounts made by a CMS administrative contractor are correct.

In summary, in order to qualify for payment, a claim must meet each of the eight components set out above.

Handling Deficiencies Should You Determine that a Service was Not a Payable Medical Claim:

The likelihood that your practice or organization will be subjected to a Medicare or Medicaid audit increases every day. As a participating provider in one or more Federal health care programs, you have an affirmative obligation to ensure that your claims are properly documented, coded, and billed. Unfortunately, many providers have never researched and reviewed the proper rules covering the work they provide. When conducting a gap analysis of your organization, a sample of your claims is an important proactive step you can take to help ensure that your current practices are fully compliant with applicable laws and regulations; such analyses do not have to be statistically significant.

Should you identify deficiencies, remedial steps should be taken (immediately) so that future claims will meet all applicable requirements. Keep in mind—any identified overpayments must be repaid promptly to the government in order to avoid possible False Claims Act liability.  For a detailed discussion of your obligation to repay identified overpayments, please see our page titled: “Overpayment Considerations When You Owe Monies to Medicare, Medicaid or a Private Payor Overpayment Monies.”

We strongly recommend that you foster a corporate culture which encourages coding and billing compliance. UPICs, SMRCs and RACs have increased their audit activities dramatically around the country. Your organization’s compliance with Federal and state regulations, coupled with a consistent message to your employees, is essential. Establishing effective internal auditing and monitoring practices can greatly facilitate your organization’s ability to ensure that only a payable medical claim is submitted to government and private payors for payment.

NATIONWIDE REPRESENTATION   Call: 1 (800) 475-1906.

Liles Parker attorneys and staff have extensive experience conducting assessments of medical claims and supplies  Our attorneys are both seasoned health care lawyers AND have undergone special training and education so that they could become Certified Professional Coders (CPCs), Certified Medical Reimbursement Specialists (CMRSs) and / or Certified Medical Compliance Officers (CMCOs).  Questions?  For a free consultation, give us a call.  We can be reached at:  1 (800) 475-1906.

[1] See 54 Fed. Reg. 4302, 4304 (Jan. 30, 1989); see also United States ex. rel. Colquitt v. Abbott Labs., 2012 WL 1081453, 29 (N.D. Tex. March 30, 2012); 42 C.F.R. §411.15(o).

[2] See 60 Fed. Reg. 48417-01 (Sept. 19, 1995).

[3] In the case of medical devices, under the § 510(k) certification process, a manufacturer must submit to the FDA a premarket notification submission, commonly known as a 510(k) notice, before a device may be introduced into interstate commerce. See 21 U.S.C. § 360(k); 21 C.F.R. § 807.81 (2010 For additional information on the FDA § 510(k) certification process, see:

https://www.fda.gov/medicaldevices/productsandmedicalprocedures/deviceapprovalsandclearances/510kclearances/

[4] See Willowood of Great Barrington, Inc. v. Sebelius, 638 F.Supp. 2d 98, 105 (D. Mass. 2009); 42 U.S.C. §§ 1395ff(a)(1), 1395hh.

[5] See 42 C.F.R. §401.108.

[6] See 42 C.F.R. §§401.108(c), 405.1063.

[7] See 42 U.S.C. §1395ff(f)(1)(B); See also 42 C.F.R. §§400.202, 405.1060.

[8] See 68 Fed. Reg. 55,634-01 at 6354 (Sept. 26, 2003).

[9] 42 U.S.C. §1395ff(f)(1)(B).

[10] Medicare Program Integrity Manual, Ch. 13, § 13.1.1.

[11] 68 Fed. Reg. 55,634 at 55,635.

[12] 42 C.F.R. §405.106 (2005).

[13] See 68 Fed. Reg. at 55,638 (Sept. 26, 2003); see also Section 522 of the Medicare, Medicaid, and SCHIP Benefits Improvement and Protection Act of 2000 (BIPA), Pub. L. No. 106-554, 114 Stat. 2763 app. at 2763A-534 to -543.

[14] Sandra J. Carnahan, Medicare’s Coverage With Study Participation Policy: Clinical Trials Or Tribulations?, 7 Yale J. Health Poly, L. & Ethics 229, 238 (2007).

[15] 68 Fed. Reg. at 55,635-36.

[16] See 42 U.S.C. §1395ff(f)(1)(A); see also 42 C.F.R. §405.211.

[17] Medicare Program Integrity Manual, Ch. 13, §13.1.2.

[18] See 42 U.S.C. §1395h.

[19] See 42 U.S.C. §1395ff(f)(2)(B).

[20] Id.

[21] See 42 C.F.R. §§405.803, 421.200, §405.836.

[22] See 64 Fed. Reg. 22,619, 22,621 (Apr. 27, 1999) (stating that the purpose of local medical review policies is to explain to the public and the medical community “when an item or service will be considered ‘reasonable and necessary’ and thus eligible for coverage under the Medicare statute”); PIM Ch.1, §§2.1.B, 2.3.2.1, 2.3.2.

[23] PIM, supra note 17, at §1.2.

[24] See Abbott Laboratories, at 29.

[25] PIM, supra note 17, at §2.1.B.

[26] See Erringer v. Thompson, 189 F. Supp. 2d 984, 987 (D. Ariz. 2001).

[27] 42 C.F.R. §405.1062.

[28] Id.

[29] Thomas Jefferson Univ. v. Shalala, 512 U.S. 504, 512 (1994).

[30] 42 C.F.R. §405.1062.

[31] Id.

[32] See 65 Fed. Reg. 31124, 31126 (May 16, 2000).

[33] See 42 U.S.C. §1395y(1)(5)(A).

[34] 68 Fed. Reg. 63,693 (Nov. 7, 2003).42 C.F.R. §405.1060(a)(4), (b) – (c) (2005).

[35] See 68 Fed. Reg. 63692, 63693-94 (Nov. 7, 2003)(comparing the claims appeal process and the NCD and LCD review processes).

[36] Bailey v. Mut. of Omaha Ins. Co., 534 F.Supp.2d 43, 47 (D.C. Cir. 2008).

[37] Id.

[38] See 68 Fed. Reg. 63692, 63693; see also 42 U.S.C. §§405(g), 1395ff(b)(setting out these procedures).

[39] Id.

[40] See 42 U.S.C. §405.1062(a).

[41] See Subject: NCD Complaint – Intraocular Lens (CMS Ruling 05-01), DAB No. 2418 (2011).

[42] See id. at 1.

[43] Id. at 2.

[44] Id.

[45] 42 C.F.R. §426.110.

[46] See 42 C.F.R. §§426.525(c), 426.531.

[47] Am. Med. Techs., 2010 WL 2994395, at 4 (claim for supplemental medical insurance benefits (Part B)).

 

Preparing for a UPIC Audit? Examine These Eight Claim Elements

Download PDF

Preparing for a UPIC Audit(Updated January 9, 2021):  Each year, our attorneys and paralegals review and assess literally thousands of Medicare claims which have been audited (and denied) by Unified Program Integrity Contractors (UPICs) and other contractors working for the Centers for Medicare and Medicaid Services (CMS).  Are you preparing for a UPIC audit?  If your Medicare or Medicaid claims haven’t already been audited by a UPIC, chances are that it will eventually happen. As UPIC audits increase during 2021, it is essential that health care providers and suppliers review their processes to better ensure that services and supplies billed to Medicare and Medicare fully comply with applicable coverage, coding and billing requirements.  While defending physicians and other health care providers in UPIC audits and government reviews, we have identified a relatively straight-forward approach for determining whether a particular claim qualifies for coverage and payment.  Generally, we refer to this approach as an examination of the “Eight Elements of a Payable Claim.Notably, this has proven to be extremely helpful tool when developing an effective Compliance Plan for a client.  As set out below, physicians and other non-hospital health care providers can often use this approach to determine whether specific services billed to the Medicare and Medicaid programs.

I.  Assessing Your Claims — Preparing for a UPIC Audit:

A discussion of the eight elements which must be carefully assessed for each and every claim is provided below.  This is especially when you are preparing for a UPIC audit of the medical services or supplies you have billed to the Medicare and Medicaid programs.

Element #1: Medical Necessity — In addressing this element, a treating health care provider should ask the following question: Were the services administered medically necessary?”

Just because a certain treatment regime is medically necessary does not mean that it will be covered by Medicare or Medicaid.  We believe that this element constitutes the most important question to be answered by a provider.  Government payors only cover medically necessary services and supplies.

Element #2: Services Were Provided The second issue addressed is whether the services at issue were actually provided.

As you can imagine, regardless of the fact that services ordered were medically necessary, the services must actually be provided in order for those services to be billed and paid.  When you are preparing for a UPIC audit, as part of your internal auditing and monitoring, should you find instances where you cannot show that a medical service or piece of durable medical equipment was provided, you must return any funds that have been received.  Equally important, medical services must actually be provided at a level of quality consistent with Medicare’s expectations or the expectations of the covering payor.

Element #3 No Statutory Violations Are the services “tainted” by any statutory or regulatory violation, such as the Stark Law, Federal Anti-Kickback or a False Claims Act violation?

Remember, a UPIC is specifically instructed to detect and refer instances of fraud, waste and abuse. [1]  When you are preparing for a UPIC audit, your review of claims should not be limited to merely a review of the documentation.  You need to also examine your organization’s business relationship and business practices.  For example, is there any evidence that the service or supplies are linked in any way to a breach of the Federal Anti-Kickback Statute or Stark’s prohibition against improper self-referrals?  Similarly, is the service or claim associated with a possible violation of the civil False Claims Act? In recent years, we have see an increasing number of cases where otherwise payable claims were tainted due to the fact that the referring or servicing provider was excluded from participation in the Medicare or Medicaid programs. [2]  The bottom line is fairly straight-forward: it is insufficient to merely show that a claim appears to meet the government payor’s basic medical necessity, billing and coding rules. You need to also verify that the way the business was generated or referred was proper and not due to a statutory violation.

Element #4:  Meets all Coverage Rules – Do the services meet Medicare’s coverage requirements?

The next point to be addressed when auditing a claim is to determine whether or not it is covered by Medicare or Medicaid.  It is important to keep in mind that a medical service or supplies can be medically necessary yet still not qualify for coverage and payment.   Ultimately, every service or claim, regardless of whether the beneficiary is a Medicare or a Medicaid plan participant, must be examined to see if it qualifies for coverage.

Element #5Full and Complete Documentation – Have the services rendered been properly and fully documented?

It is essential that you pull each and every regulatory issuance, along with any guidance issued by the state which sets out the documentation requirements associated with a particular service or claim.  After auditing literally thousands of claims, we have found that over a majority of the health care providers we have audited have never fully researched and reviewed applicable  documentation requirements.  As UPIC clinical reviewers of both Medicare and Medicaid claims are quick to state in hearings before an Administrative Law Judge (ALJ), “If it isn’t documented, it didn’t happen.”   When made during an ALJ hearing by a UPIC, this point is quite effective—it is extremely difficult for a provider to prove that a service was provided if there is insufficient documentation of the work conducted in the patient’s medical records.  Therefore, research, review, and confirm the precise documentation requirements to be met, then ensure that you take the time to fully and accurately document the work you have performed.

UPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements.  While you may very well disagree with their assessments, especially in “medical necessity” determinations (when you file a request for redetermination appeal and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) agree with the UPIC’s denial decision.  Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place.  To that end, health care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding, and billing processes.  It is very important that you show your clinicians that UPICs  enforce a strict application of Medicare’s documentation and coverage requirements.

Element #6: Proper Coding – Were the services rendered correctly coded?

Unfortunately, even if the foregoing rules have been met, it is quite simple to make a coding mistake, therefore invalidating the claim.  The coding rules are both complicated and dynamic, potentially changing from year to year.  We recommend that you either engage a qualified third-party billing company to assist you with coding and billing or ensure that your in-house staff members handling these duties are experienced and provided regular opportunities for updated training.

Element #7: Proper Billing Practices – Were the services rendered correctly billed to Medicare?

As a final requirement, health care providers must ensure that the services or claims performed fully meet Medicare or Medicaid;s billing rules.  Once again, you need to ensure that your staff is properly trained to handle the organization’s billing responsibilities. As you review your billing practices, you should abide by the following:  First, “If it doesn’t belong to you, give it back.” [3] Conversely, if you don’t owe the money, don’t automatically throw in the towel.  Discuss these claims with our attorneys to determine if there may be other arguments in support of payment that may be asserted.  

II.  Final Considerations — UPIC Audits:

The likelihood that your practice or organization will be subjected to a Medicare or Medicaid audit is increasing every day.  As a participating provider in one or more Federal health care programs, you have an affirmative obligation to ensure that your claims are properly provided, documented, coded, and billed.  Unfortunately, many health care providers have never researched and reviewed the proper rules covering the care and treatment services they provide.  When conducting a “GAP Analysis” [4] of your organization, a sample of your claims is an important proactive step you can take to help ensure that your current practices are fully compliant with applicable laws and regulations; such analyses do not have to be statistically significant.  Should you identify deficiencies, remedial steps should be taken (immediately) so that future claims for care and treatment will meet all applicable requirements.  Keep in mind—any identified overpayments must be repaid promptly to the government in order to avoid possible False Claims Act liability.

Healthcare LawyerRobert W. Liles represents health care providers in UPIC Medicare and Medicaid audits. In addition, Robert counsels clients on regulatory compliance issues, performs GAP analyses, conducts internal reviews, and trains healthcare professionals on various legal and compliance issues Do you need help preparing for a UPIC audit? Call Robert for a free consultation: 1 (800) 475-1906.


[1] A detailed discussion of the UPIC audit process can be found at the following link.

[2]  For an overview of the impact of an “exclusion” action, please see Paul Wiedenfeld’s article titled “A Provider’s Guide to OIG Exclusions.”

[3] A detailed discussion of a provider’s repayment obligations when an overpayment has been identified can be found at this link.

[4]  For a detailed discussion on how to conduct a “GAP Analysis” of your health care claims, please see our page titled: “How to Conduct a GAP Analysis of Your Health Care Practice.”

There are Seven Compliance Plan Elements – Is Your Healthcare Company Compliant?

Download PDF

Seven Compliance Plan Elements(August 2, 2012): Under the Affordable Care Act (ACA), which was recently upheld by the Supreme Court, the Secretary of the Department of Health and Human Services (currently Kathleen Sebelius) may require that all providers participating in federal health care programs implement an effective compliance plan. While regulations covering this issue have not yet been released, compliance will more than likely be mandatory in the near future. As a result, it is important that your organization begin to implement a compliance plan that will protect your business and comply with the requirements of the law. What, then, are the elements of a compliance plan?

 

I.  Seven Compliance Plan Elements — A Refresher:

The elements of a compliance plan include:

  1. Conducting internal monitoring and auditing;
  2. Implementing compliance and organizational standards;
  3. Designating a Compliance Officer or contact;
  4. Conducting appropriate training and education;
  5. Responding appropriately to detected offenses and developing corrective action;
  6. Developing open lines of communication; and
  7. Enforcing disciplinary standards through well-publicized guidelines.

II.  Internal Monitoring and Auditing:

Before engaging in any of the other steps, except perhaps designating an officer to do all of this work, it is important to conduct a baseline audit of your practice’s current operations so that you can ascertain areas that need improvement, or “risk areas.” The first element of a compliance plan – at least, this initial audit – is known as a “gap analysis” and should be conducted by a qualified individual (either an attorney, experienced compliance professional, or a Certified Medical Compliance Officer). Nevertheless, a single initial audit should not be all you do. Instead, audits should be conducted on an ongoing basis, either at a set date (i.e. annually, bi-annually) or in the event of an identified problem, and preferably both.

III. Implementing Standards:

The second element of a compliance plan is to implement standards that effectively convey to your staff and third-parties your goals and expectations with regard to the business. More specifically, you should have written policies and procedures which inform your staff on their own duties and responsibilities, and how your office will conduct its business operations, and coding and billing functions. Standards may vary from practice to practice, but they should all include a code of conduct, mission statement, and policies that demonstrate your effort and commitment to following the law.

IV.  Designated a Compliance Officer:

As discussed above, one of the first things to do is designate an appropriately-qualified individual to be your compliance officer. While smaller organizations may require the compliance officer to wear multiple hats (such as also being the office manager), larger organizations should dedicate an individual, or even multiple individuals, solely to compliance-related tasks. We recommend the use of either a Certified Medical Compliance Officer or even an outside Compliance Officer (for example, friend of the firm D.K. Everett).

V.  Training your Staff:

You can be as thorough as possible in attempting to remain compliant with applicable laws and rules, but if you staff doesn’t have that same vision and makes a mistake, the entire organization will still likely be held liable. That is why it is so important to provide ongoing, comprehensive training and education to your staff – the third element of a compliance plan. They, ultimately, are the eyes, ears, and hands of your organization, and they need to know their responsibilities not only to your practice, but to the requirements of laws like HIPAA, OSHA, and Stark, and other billing requirements. The method of training may vary, but all training sessions should be documented and signed off on by your employees.

VI. Responding to Detected Offenses:

When something occurs at an office, a natural response may be to cover it up or “fix it and forget it.” The healthcare industry is different. In most cases, covering up a detected problem can lead to severe penalties, up to and including criminal prosecution (i.e. jail time). As a result, the fifth element of a compliance plan – responding to detected offenses – is in many ways what the compliance program is all about. The other elements are there to make sure nothing happens, but if it does, this element guides you in making it right, so that you and/or your practice can limit the future liability of such acts.

VII: Developing Open Lines of Communication:

This element of a compliance plan is all about making sure everyone not only knows the rules, but can report any problems to you so that they can be properly addressed (either by management or corporate counsel). You need to establish effective lines of communication, such as anonymous reporting mechanisms, exit interviews, and an open-door policy, so that you actually find out about any problems and attempt to resolve them. While there are a number of ways to implement these mechanisms, be sure that they will reasonably allow an employee, patient, or family member of a patient to make a complaint or report without the consequences of retribution.

VIII.  Enforcing Disciplinary Standards:

No one likes this, but the final element of a compliance plan is enforcing discipline in your office. Correcting the actions of your staff and colleagues can be difficult and uncomfortable, but it has the potential to save your practice. You need to have written guidelines which set out both prohibited conduct and the penalties for engaging in such conduct. Moreover, you should use a sliding scale of discipline – start with a verbal warning, but become progressively more strict as the number or severity of incidents goes up. This needs to include termination of employment.

IX. Conclusion:

The seven compliance plan elements serve as a framework and a model. They themselves will not form a complete and effective compliance plan, but they will give you sufficient guidance to being working on a plan yourself. In addition, consider using qualified health law attorneys to conduct a gap analysis, implement an effective compliance plan, and/or provide compliance training to your staff. While a compliance plan, and compliance in general, can seem like a burdensome exercise, it is the ultimate insurance policy considering the myriad statutory and regulatory problems a healthcare provider can run into. As the government and private enforcers increase their funding, skills, and sophistication, you need to keep pace to ensure your business will continue to thrive.

Robert LilesHealthcare Lawyer represents providers in Medicare post-payment audits and appeals, and similar appeals under Medicaid. In addition, Robert counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call Robert today at 1 (800) 475-1906.

Regulatory Compliance Issues and Guidance

January 26, 2021 by  
Filed under

Download PDF

Regulatory Compliance is Essential for Your Practice to Stay Out of Trouble!In July 1965, President Lyndon Johnson signed legislation enacting Medicare and Medicaid into law.[1] In doing so, he ushered in a new era of Federal health benefits, the size and corresponding expense of which never could have been anticipated at the time of passage. Over the last fifty years, the various laws, regulations and policies governing the Medicare program have become extraordinarily complex. Today, regulatory compliance is more important than ever.

In March 2010, Congress passed comprehensive health care reform measures intended to make health care more accessible, address a wide variety of insurance company practices, improve the quality of care provided and reduce the likelihood of health care fraud, waste and abuse. [2] Referred to as the Affordable Care Act (ACA), these provisions represent the most sweeping health care coverage legislation since the original passage of Medicare and Medicaid, nearly 50 years ago.  Today, the coverage and payment rules associated with Medicare, Medicaid and other government health plans are extraordinarily complex.  These changes have made regulatory compliance even more challenging.  Need help?  Liles Parker attorneys are well-situated to guide you and your health care practice through the ever-changing regulatory mandates affecting your company. 

Regulatory Compliance Issues Handled by Liles Parker Attorneys:

Eight Elements of a Payable Claim

“Gap” Analyses of Health Care Practices

Compliance Program Development and Implementation

Compliance Training for Clinical and Administrative Staff

“Mock” Audits of Claims and Services

Business Practice Analysis and Issuance of Formal Opinion Letters

Independent Review Organization (IRO) Services

 

NATIONWIDE REPRESENTATION   Call: 1 (800) 475-1906.

Liles Parker attorneys have decades of health law regulatory compliance experience.  We understand your business.  Our health lawyers have undertaken additional training and education to obtain recognition as  Certified Professional Coders (CPCs), Certified Medical Reimbursement Specialists (CMRSs) and / or Certified Medical Compliance Officers (CMCOs).   Do you need health law assistance and advice?  Please call us for a free consultation:  1 (800) 475-1906.

[1] Medicare and Medicaid were passed as part of Titles XVIII and XIX of the Social Security Act.

[2] The Patient Protection and Affordable Care Act (Pub. L. 111-148) was enacted on March 23, 2010. It was subsequently amended by the Health Care and Education Reconciliation Act of 2010. These two pieces of legislation, collectively referred to as the “Affordable Care Act,” constitute the most sweeping change to our health care system in decades.

HIPAA Security Risk Assessments are Essential

Download PDF

HIPAA Security Risk Assessment(September 29, 2014) In the last article, we discussed the importance of conducting HIPAA security risk assessments, as part of your obligations under the HIPAA Security rules. The importance of promptly conducting a risk analysis if it has not yet done cannot be overestimated, as the HHS Office for Civil Rights (OCR) has now announced that they intend to begin the next phase of audits in October 2014. When Covered Entity receives a data request letter from OCR, it will have only two weeks to respond, which will not be enough time to conduct a risk analysis at that point.

In this article we’ll discuss eight elements or considerations that OCR states must be addressed in a risk analysis.

I.  Scope of the Analysis:

In conducting a risk assessment, a health care provider must consider all of the potential risks to electronic protected health information (e-PHI). Covered Entities must consider how all e-PHI in their practice is created, used, stored, and transmitted. Thus, Covered Entities need to consider how they create, receive, access, and transmit e-PHI. This includes removable storage media such as floppy disks, CDs, flash or thumb drives, and smart phones. Covered Entities must also think about telephone calls, emails, faxes, and computer transmissions. Consider how many employees or personnel can access the data and whether those individuals are all on-site or if any are off-site.

II.  Document How Data is Collected, Stored, Maintained and Transmitted:

Covered Entities must identify and document where e-PHI is gathered, received, stored, maintained or transmitted. This can be done through interviews with staff members, a physical walk through of the office or practice location(s), or reviewing documentation.

III.  Identify and Document Potential Risks, Threats and Vulnerabilities:

Covered Entities must document the reasonably anticipated threats to e-PHI. Consider physical, environmental, natural, human and technological threats or risks. Environmental or natural threats should include natural disasters such as tornadoes, floods or earthquakes. Human threats are likely to be some of the greatest concern. These include current employees and contractors, ex-employees and contractors, visitors, and criminals such as thieves and hackers. Technological threats will include any known system vulnerabilities in the billing system or EMR/EHR, for example. Healthcare providers should contact the vendors of these systems to ask about any known vulnerabilities.

IV.  Identify and Evaluate Current Security Measures:

Covered Entities must document what security measures are already in place to guard e-PHI and whether those measures are installed, configured and used correctly. The level and extent of security measures will vary by the type and size of provider. As an example, list any anti-virus or firewall programs. Don’t forget to document physical security measures, such as security and alarm systems.

V.  Determine the Likelihood of the Occurrence of the Threats:

This element requires Covered Entities to consider the probability that the threats listed in step # 3 will occur. This can be done with a quantitative method (such as the percentage probability that a threat will occur) or a qualitative one (such as high, medium, low). A high probability of occurrence means that a threat is “reasonably anticipated” and thus will require a mitigation or protection against the threat occurring. For example, a healthcare provider may determine that there is a high probability of a break-in into the office or clinic. Thus, a mitigation such as an alarm or security system would be an example of a security measure that could be implemented pursuant to step # 4.

VI.  Determine the Potential Impact if a Threat Occurs:

Covered Entities must evaluate the impact that might result from a threat occurring. Again, this can be done using a quantitative or qualitative method. For example, a potential impact of a breach of a Covered Entity’s billing system might be loss of cash flow or cost to replace stolen computer equipment. This might be a high or severe impact. Another example could be unauthorized access to e-PHI by patients or visitors. This impact might be low or medium.

VII.  Determine the Level of Risk:

This step is accomplished by utilizing the data from steps 5 and 6. A very common method of documenting the level of risk is using a HIPAA risk assessment matrix (such as a 3 x 3 matrix) or “heat map”. Those threats or vulnerabilities with higher levels of risk are ones that a Covered Entity should focus on addressing or correcting sooner than those with lower levels of risk.

VIII.  Identify HIPAA Security Risk Assessment Measures and Document the Risk Analysis:

Once the Covered Entity has identified risks and assigned risk levels, it must identify tasks, actions or security measures to address those risks. In identifying security measures, the Covered Entity should consider factors such as effectiveness, requirements of the Covered Entity’ policies and procedures and other legislative or regulatory requirements (for example, state laws). If a Covered Entity identifies a security measure but decides not to implement it, the risk analysis should document why (for example, technologically not feasible, lack of knowledge or equipment, cost prohibitive, etc.)

The Security Rule also requires Covered Entities to document the risk analysis, but does not specify or require any particular format. Thus, the risk analysis can be documented via a report that lists elements # 1 through 7, summarizes the analysis, notes the results of each step, and identifies the security measures.

Two final very important comments. First, the Risk Analysis is NOT the process of implementing measures to address the risks identified. That is the risk management process under HIPAA, which is considered a separate activity. Second, the Risk Analysis is not a “do it once and forget about it” process. The Risk Analysis must be periodically revisited and reviewed to determine if the threats, vulnerabilities, impacts and potential security measures remain the same. A Covered Entity may bring new systems online, may open or close locations, or have major changes in personnel. The re-evaluation of a Covered Entity’s Risk Analysis ideally should occur on an annual basis. A very old and outdated Risk Analysis is basically equivalent to not having a Risk Analysis at all.

Heidi Kocher Healthcare AttorneyHeidi Kocher serves as Counsel for Liles Parker and represents health care providers and suppliers in the Dallas / Fort Worth metropolitan area.  Heidi is an experienced health lawyer and is skilled in assisting clients with transactional projects, compliance issues and in fraud and abuse counseling.  Should you have any questions regarding the HIPAA security risk assessment process, please give Heidi a call.  For a free consultation, call Heidi at: 1 (800) 475-1906.

OIG Exclusion Actions — Mandatory and Permissive Exclusion Authorities

January 6, 2021 by  
Filed under

Download PDF

OIG exclusion actions should be carefully monitored on a monthly basis.The most severe administrative sanctions available under the Social Security Act stems from the authority of the Office of the Inspector General (OIG) of the Department of Health and Human Services (HHS) [1] to “exclude” individuals and entities from participating in Federal health care programs. Indeed, an OIG Exclusion [2] imposed by the OIG is essentially the “nuclear bomb” of administrative sanctions. Excluded individuals and entities are barred from all participation in Federal health care benefit programs, [3] and providers that employ or contract with excluded entities risk the imposition of civil money penalties, and significant overpayment liability. States also have the administrative authority to bar providers from participating in their State Medical Assistance Programs (primarily Medicaid and CHIP). [4] Medicaid Exclusions” [5] are similar to OIG Exclusions in many respects, but there are also important differences. We will discuss the major differences and how they are impacted by Section 6501 of the Affordable Care Act. However, in addition to meeting its regulatory obligations, a rigorous exclusion screening program also provides significant benefits to a provider’s compliance and risk management programs. In fact, in recent guidance from roundtable discussions involving the OIG and industry experts, screening and evaluation of employees was made one of the “Seven Elements of Compliance” in, and of itself. [6]

I.  Scope and Effect of an OIG Exclusion:

OIG Exclusions are administrative actions imposed by the OIG to protect beneficiaries and Federal health care programs by stemming healthcare fraud and abuse. [7] The effect of an OIG Exclusion is extremely broad and intended to prohibit all participation in Federal health care programs by excluded parties. [8] The “payment prohibition” extends to all items or services that are furnished, either directly or indirectly, by an excluded individual or entity, or at the medical direction or on the prescription of an excluded person. [9] Even if a non-excluded provider actually submits a claim, an “indirect claim” is subject to the payment prohibition if an excluded entity directly or indirectly furnished it. [10]

The “payment prohibition” is a complete payment ban applicable to all methods of Federal program reimbursement” regardless of whether it is from an itemized claim, cost report, capitated payment or other bundled payment. It extends beyond direct patient care and includes, for example, services performed by excluded individuals who work for or under an arrangement with a hospital, nursing home, home health agency, or managed care entity where they are separately billed or part of a bundled payment. (See 2013 Special Advisory, at pgs. 6.and 7). Following is a list of services identified by the OIG in the Updated Special Advisory that would be subject to the payment prohibition: 

(1) Management, administrative or any leadership roles; 

(2) Surgical support or other activities that indirectly support care; 

(3) Claims processing and information technology; 

(4) Transportation services including ambulance company dispatchers; 

(5) Selling, delivering or refilling orders for medical devices; 

Even unpaid volunteers can trigger overpayment and CMP liability if the items or services they furnish are not “wholly unrelated to Federal Health Care Programs” and the provider “does not ensure that an appropriate exclusion screening was performed!” [11]

The payment prohibition also extends to providers that furnish items or services on the basis of orders or prescriptions they receive from others. Thus, providers such as laboratories, imaging centers, and pharmacies “should ensure, at the point of service, that the ordering or prescribing physician is not excluded” in order to avoid liability. Similarly, laboratories should ensure that the physicians sending them the order or prescription for services are not excluded. A failure to do so on their part of either would violate the payment prohibition and could result in both overpayments and CMPs. [12]

If an excluded individual or entity submits, or causes to be submitted, a claim during their exclusion period, they are subject to civil money penalty liability under section 1128A(a)(1)(D) of the Social Security Act as well as criminal liability under section 1128B(a)(3). Submitting claims or causing claims to be submitted or payments to be made, for items or services furnished, ordered, or prescribed by an excluded person or entity can serve as the basis for civil money penalties. [13]

II. OIG Exclusion Authorities: Mandatory and Permissive Exclusions 

There are two types of OIG Exclusions – Mandatory and Permissive. Mandatory Exclusions are identified in Sections 1128(a)(1) – 1128(a)(4) of the Social Security Act (SSA), [14] and they are imposed as a result of convictions for program fraud, patient abuse and certain drug offenses. Permissive exclusions, on the other hand, are discretionary and can be imposed for broad range of conduct. These are identified in §1128(b)(1)–§1128(b)(16) and §1156 of the Act. 

Mandatory Exclusions 

Mandatory exclusions be must be imposed for at least five years though they are often imposed for much longer periods if warranted by the underlying facts and circumstances. The Office of Inspector General’s mandatory exclusion authority falls within the following four categories: 

42 C.F.R. § 1128(a)(1): Conviction related to the delivery of an item or services to a Federal or State Health Care Program; [15]

42 C.F.R. § 1128(a)(2): Conviction under State or Federal law relating to neglect or abuse of patient; [16]

42 C.F.R. §  1128(a)(3): Felony conviction relating to health care fraud program (other than Medicare or Medicaid); [17]

42 C.F.R. § 1128(a)(4): Felony conviction under Federal or state law relating to the unlawful manufacture, distribution, prescription, or dispensing of a controlled substance. [18]

The requirement of a “conviction” under sections 1128(a)(1) is broadly defined to include nolo contendere pleas, deferred adjudications and dispositions under first offender programs in any “State, Federal or Local Court,” [19] and it has been held that a deferred prosecution agreement in a local State court for misdemeanor theft was a sufficient basis for the imposition of a mandatory exclusion. [20] It is also noted that State Agencies are required to notify the OIG of any criminal convictions in State or local courts convictions that involve an entity that receives Medicaid reimbursements and are related to the delivery of health care items or services under the program. [21]

Permissive Exclusions 

Permissive exclusions are discretionary and, as set forth below, can be imposed for a wide range of conduct; however, the OIG actually this authority over a fairly narrow range of persons and circumstances. The vast majority of permissive exclusions are based on disciplinary actions taken by State licensing boards pursuant to section 1128(b)(4), and most of those actions (approximately 70%) involve individuals connected to the nursing profession. Physicians accounted for only 9% of the permissive exclusions business owners only accounted for 3%. [22]  The following is a summary of the OIG’s permissive exclusion authorities: 

Conviction relating to fraud. [23] Any individual or entity convicted of misdemeanor fraud, theft, embezzlement, breach of fiduciary duty – or other financial misconduct related to the delivery of a health care item or service may be subject to permissive exclusion by OIG. 

Conviction relating to obstruction of an investigation or audit. [24] Any individual or entity convicted of an offense related to the interference with, or obstruction of, an audit or investigation, may be subject to permissive exclusion by OIG. 

Misdemeanor conviction relating to controlled substance. [25] Any individual or entity convicted of a misdemeanor related to the unlawful prescription, manufacture, or dispensing of a controlled substance, may be subject to permissive exclusion by OIG. 

License revocation or suspension. [26] Any individual or entity whose license has been suspended or revoked by a state licensing authority, has surrendered their license or has otherwise lost their ability to apply for or renew their license, based on an individual’s or entity’s professional competence, professional performance, or financial integrity, may be subject to permissive exclusion by OIG. 

Exclusion or suspension under Federal or state health care program. [27] Any individual or entity excluded, suspended, or otherwise sanctioned under any Federal or state program involving the provision of health care. 

Claims for excessive charges or unnecessary services and failure of certain organizations to furnish medically necessary services. [28] Any individual or entity determined to have submitted (or caused to be submitted) claims for excessive charges or unnecessary services or has furnished services in excess of those medically necessary or services that fail to meet profession standards, are subject to permissive exclusion by OIG. 

Fraud, kickbacks, and other prohibited activities. [29] Any individual or entity that the Secretary (delegated to OIG) determines has committed a certain fraud, kickback, and/or other prohibited activity subject to permissive exclusion by OIG. 

Entities controlled by a sanctioned individual. [30] Any individual or entity that (A)(i) has a direct or indirect ownership or control interest of 5 percent or more in the entity, (A)(ii) who serves as an officer, director, agent, or managing employee of that entity, or (A)(iii) who transfers ownership or a control interest to an immediate family member or a member of the household of the sanctioned person who continues to maintain an interest in the entity. Under (B)(i) through (B)(iii), this category also applies to an individual or entity convicted under subsections 42 U.S. C. § 1320a-7(b)(1), (b)(2) or (b)(3) described above. This category also applies to any individual or entity against whom a civil monetary penalty has been assessed. [31] Finally, this category applies to any individual or entity that has been excluded from participation under a state health care program. [32]

Failure to disclose required information. [33] Any entity that did not fully and accurately make any required disclosure [34] is subject to permissive exclusion by OIG. 

Failure to supply requested information on subcontractors and suppliers.[35] Any entity that fails to supply information requested by the Secretary or an State health care agency (within the time period required) may be subject to permissive exclusion. 

Failure to supply payment information. [36] Any individual or entity furnishing, ordering, referring, or certifying the need for items or services payable by Medicare or a state health care program, that fails to provide the information necessary to determine whether payments are or were due, may be subject to permissive exclusion. 

Failure to grant immediate access. [37] Failing to grant immediate access to a reasonable request by the Secretary to: (A) Determine compliance with conditions of participation or payment; (B) Perform required reviews and surveys; (C) Review records, documents, and data needed to perform their statutory functions; or (D) By a state Medicaid Fraud Control Unit (MFCU) to perform their duties may be subject to a permissive exclusion action. 

Failure to take corrective action. [38] Any hospital that fails to comply substantially with a corrective action may be permissively excluded. 

Default on health education loan or scholarship obligations. [39] Any individual in default on repayments of scholarship obligations or loans in connection with health professions education may be subject to a permissive exclusion action by OIG. 

Individuals controlling a sanctioned entity. [40] Any individual who has direct or indirect ownership or control in a sanctioned entity and who knows or should know of the action constituting the basis for the conviction may be subject to permissive exclusion by OIG. 

Making false statements or misrepresentation of material facts. [41] Any individual or entity that knowingly makes or causes to be made any false statement, omission, or misrepresentation of a material fact in any application, agreement, bid, or contract to participate or enroll as a provider of services or supplier under a Federal health care program, may be subject to permissive exclusion. 

III.  OIG’s Criteria for Imposing Its Permissive Exclusion Authority:

In April 2016, OIG issued updated criteria for assessing and evaluating the imposition of permissive exclusions in health care fraud cases. [42] The update replaced the 1997 Federal Register notice. [43] As discussed above, OIG uses its exclusion authority to protect Federal health care programs from individuals or entities “whose continued participation constitutes a risk to the programs and their beneficiaries.” [44]

OIG articulated several factors it will use to determine where an individual or entity falls on the risk spectrum. At the high end of the spectrum, OIG will pursue exclusion. The OIG named four broad risk categories of factors: (1) Nature and Circumstances of Conduct; (2) Conduct During Investigation; (3) Significant Ameliorative Efforts; and (4) History of Compliance. Some of the highrisk factors that may result in exclusion are summarized below: 

Nature and Circumstances of Conduct: 

(1) Conduct that causes or had the potential to cause an adverse impact to program beneficiaries, recipients, or other patients.

(2) Conduct that is continual, repeated, part of a pattern of wrongdoing, or occurs over a substantial period of time.

(3) Individuals who led or planned the unlawful conduct, or those with managerial or operational control who participated in the conduct 

(4) History of fraud, refusal to enter into a Corporate Integrity Agreement (CIA), previous entrance into a CIA, or breach of a prior CIA.   For additional information regarding the CIA process, please review this article.

Conduct During Investigation:

(1) Obstructing or impeding an audit or investigation. 

(2) Concealing the unlawful conduct from the Government or others. 

(3) Failure to comply with a subpoena within a reasonable time period. 

(4) Adverse licensure action as a result of the conduct or the inability to pay damages, assessments, or penalties to resolve a fraud case. 

History of Compliance:

(1) Absence of a compliance program that incorporates the seven elements of an effective compliance program. 

(2) Existence of a compliance program but no evidence that it was ever followed.

IV.  Exclusion Administrative Procedures: [45]

The OIG can initiate the mandatory exclusion process by sending the party a “Notice of Intent to Exclude” or it can truncate the process by immediately sending a “Notice of Exclusion.” In both processes, the entity is informed of the basis for the proposed exclusion and given an opportunity to respond in writing, but there is no provision for a hearing. While there are limited appeal rights, Mandatory exclusions are not stayed pending the outcome of the appeal. Thus, the OIG immediately posts mandatory exclusions on the LEIE, and it also sends notice of the exclusion to various State and Federal interests including, but not limited to, State licensing boards, medical societies, Medicaid fraud control units, and the National Practitioner Data Bank (NPDB). The permissive exclusion process, unlike the process for mandatory exclusions, provides for discovery and a hearing, and it is stayed pending appeal. 

Exclusions may be appealed to an Administrative Law Judge (ALJ) but they are limited to: whether the OIG had a “basis for the imposition of the sanction;” and, 2) whether the length of the exclusion is unreasonable. Further, the ALJ is prohibited from reviewing either the “exercise of discretion” by the OIG and the underlying factual basis of an exclusion may not be attacked if it was based on a “prior determination” (such as a disciplinary finding). As such, appeals almost never succeed, though appeals as to the length of time are occasionally successful. Denials by the ALJ may be appealed to the Departmental Appeals Board (DAB), and then to a United States District Court. 

V.  Overpayments and Civil Money Penalties:

As we have said, exclusion is the “nuclear bomb” of sanction because any payment made by a Federal health care program for an item or service furnished, ordered, or prescribed, by excluded party is a potential overpayment, and because the OIG may impose Civil Money Penalties (CMPs) against providers that employ or contract with excluded individuals or entities. The payment prohibition, and the resulting employment embargo on excluded entities, are enforced by simply by requiring providers to know the exclusion status of everyone they employ or do business with. A lack of knowledge is no defense as the OIG posts, and monthly updates, a searchable list of all excluded entities on its website (its “List of Excluded Individuals and Entities” (LEIE”)). [46] The only way to ensure the obligation to ensure an exclusion free workforce is to “screen” all employees, vendors and contractors upon hire and monthly thereafter. 

VI.  Exclusion Violations:

In essence, an “exclusion violation” occurs whenever a provider acts in contravention of the “payment prohibition” as defined in 42 C.F.R. § 1001.190. The specific acts which give rise to the OIG’s authority to impose civil money penalties for such violations are listed below:

42 C.F.R. § 1003.200(a)(3) — Knowing presentation of an item or service by an excluded individual or entity 

42 C.F.R. § 1003.200(b)(3) — An excluded party owns or controls 5% or more of an entity, or is an officer or manager.

42 C.F.R. § 1003.200(b)(4) — Employs or contracts with excluded party that he knows, or should know, is excluded.

42 C.F.R. § 1003.200(b)(6) — Orders or prescribes medicine from a person that he knows, or should know, is excluded.

42 C.F.R. § 1003.400(b)(2) — Medicare Contracting Organization (MCO) employs or contracts with an excluded party.

42 C.F.R. § 1003.400(c)(5) — Medicare Advantage or Part D contracting org. employs or contracts with an excluded party.

VII.  Civil Money Penalty Authorities:

The chart below identifies the range of CMPs that can be imposed by the OIG for each type of exclusion violations. In most cases, the OIG has the authority to impose a penalty of up to $10,000 for each individual violation, however, this is increased to $25,000 for violations with respect to Managed Care Organizations, Medicare Advantage Plans and Part D Contractors. [47]

Basis for Civil Money Penalty

Authority for Penalty Amount

    Potential Civil Money Penalty [48]
Presentation of claim for item or service by excluded party. §1003.200(a)(3)
42 C.R.F. §1003.210(a)(1)Up to $10,000 for each individual violation
Excluded party retaining ownership or control. §1003.200(b)(3)45 C.F.R. §1003.210(a)(3)Up to $10,000 per day for each day that the prohibited relationship occurs
Arranges or contracts with an excluded party. §1003.200(b)(4)45 C.F.R. §1003.210(a)(4)Up to $10,000 for each item or service provided or furnished ((separately or non-separately billable)
Orders or prescribes medicine from excluded person. §1003.200(b)(6)45 C.F.R. §1003.210(a)(1)Up to $10,000 for each individual violation
MCO employs or contracts with an excluded party. §1003.400(b)(2)45 C.F.R. §1003.410(a)(1)Up to $25,000 for each individual violation
MA and Part D contracting org. employs or contract with excluded party §1003.400(c)(5)45 C.F.R. §1003.410(a)(1)$25,000 for each individual violation

The bottom line here is simple—a provider cannot employ an individual or entity who has been excluded in practically any capacity without violating the exclusion restrictions. While there is at least one very narrow exception (for certain emergency services), the ban is so complete that it is strongly recommended that providers do not employ or contract with excluded individuals or entities.[49] As the OIG has stated: 

In many instances, the practical effect of an HHS-OIG exclusion is to preclude employment of an excluded individual in any capacity by a health care provider that receives reimbursement, indirectly or directly, from any Federal health care program. [50]

It is not surprising that the OIG focuses on individuals who provide direct care as they are potential risks to both patients and claims, but the variety of the job types that can form the basis of a large penalty is somewhat surprising.

In December 2010, OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider knew or should have knownhad been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. The provider was required to pay $376,432 to resolve these allegations. As Lewis Morris, Former Chief Counsel to the Office of Inspector General stated:

Providers self-disclosing such violations will ultimately pay lower settlement amounts…But in cases initiated by the government — such as this one — providers will, as a matter of course, be required to pay more to resolve the matter.

As Mr. Morris further noted:

This case illustrates yet again that OIG will pursue CMPs when providers have employed an excluded person for the furnishing of items or services paid for by Federal health care programs.

Notably, this particular matter was referred to OIG for investigation by the state Medicaid Fraud Control Unit (MFCU). OIG continues to use the “knew or should have known” standard for exclusion violations to this day.

CHART OF CMPS

Recent enforcement efforts have also focused on the requirement that providers ensure the exclusion status of physicians, pharmacies and labs at the point of service. In other words, if your practice makes a referral to an excluded therapist, you are as responsible as the therapist for any overpayments! This has resulted in a number of settlements with pharmacies based on the employment of excluded pharmacists or excluded support personnel. A pharmacy chain paid $21.5 million in settlement because it had employed a large number of excluded pharmacists in one case; [52] and in another, the Attorney General of New York settled with a pharmacy for $442,000 to resolve allegations that the pharmacy had been fulfilling prescriptions by an excluded physician.

VIII.  Compliance with Federal Exclusion Screening Requirements: How to Avoid Civil Money Penalties and Overpayment Liability:

In order to avoid the risk of overpayment liability and the imposition of CMPs, providers must screen their employees, vendors and contractors in order to ensure that none are excluded. Much of the content in this section relies on the guidance contained in the 2013 Special Advisory, [53] but it also relies on subsequent guidance issued by the OIG, and on Corporate Integrity Agreements (CIAs) that have been imposed by the OIG as part of recent False Claims Act settlements. [54]

IX.  Screening Employees, Vendors and Contractors:

The OIG recommends the following process for providers to use in determining which employees should be screened: 

[R]eview each job category or contractual relationship to determine whether the item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program. If the answer is yes, then the best mechanism for limiting CMP liability is to screen all persons that perform under that contract or that are in that job category. (2013 Special Advisory, at 15-16). 

Unless a provider can identify specific employees that work in separate, identifiable divisions that are wholly unrelated to Federal health care programs, caution dictates against “picking and choosing” who to screen and providers are best served by screening all of their direct employees. Owners, officers, and directors should also be screened. 

With respect to vendors and contractors, the OIG suggests that providers use the same analysis in determining “whether or not to screen contractors, subcontractors, and the employees of contractors” that it uses for its own employee. However, this standard is unrealistic in many circumstances, and providers should focus on those who provide items or services connected to patient care and reimbursement. [55] As the OIG states: 

The CMP authorities in this part, as a general matter, aim to redress fraud on the Federal health care programs by recovering funds, protecting the programs and beneficiaries from untrustworthy providers and suppliers, and deterring improper conduct by others. Accordingly, it is highly relevant if the conduct put beneficiaries at risk of patient harm. [56]

The following contractors and vendors are likely candidates who should be screened: IT providers, ambulance and other transportation service providers, Medical equipment suppliers, food service workers, Lab Technicians, pharmacists, billers and coders, third party billers, staffing agencies and those that they staff. On the other hand, in corporate integrity agreements, the OIG typically excludes from screening vendors whose sole connection to the provider is selling or providing supplies or equipment for which the vendor does not bill. This is a common-sense exception that removes uncertainty with regard to a large class of vendors who provide supplies for which the provider is ultimately reimbursed. The OIG recognizes that some vendors will already be screening, but that proof should be obtained of that activity. The OIG also states that the organization cannot delegate the potential for overpayment liability or CMPs associated with excluded employees. 

Though the OIG concedes that there isn’t a specific regulation as to how often one must screen, it has unequivocally expressed its view providers should screen upon hire and monthly thereafter in to minimize the risk of “potential overpayment and CMP liability.” [57] In addition, the OIG notes that in June, 2008, CMS issued a State Medicaid Director Letter (SMDL #08-003) that provided guidance to Medicaid directors on checking providers and contractors for excluded individuals, [58] and that CMS issued a follow-up directive in 2009 (SMDL #09-001) providing further guidance to the States and, essentially, mandating that screening be done upon hire and monthly thereafter. [59] The OIG also notes that LEIE is updated monthly, and, finally, as a practical matter, removing an excluded employee as soon as possible is the best action a practice can take for business. [60]

The OIG recognizes that providers will sometimes seek to delegate their screening obligation to contractors such as staffing agencies, and in general most providers would benefit from retaining a vendor to perform exclusion screening for them. For most providers it is a cost- effective way of fulfilling their screening obligation and most vendors should agree to screen the various State exclusion lists at little or no additional cost. Having a 3rd party that regularly screens all names can also provide a strong defense as against the imposition of any civil money penalties. [61]

X.  Self-Disclosing Exclusion Violations:

The OIG’s specifically added a new section for self-disclosing exclusion violations when it updated its Self-Disclosure Protocol in May of 2013. [62] The update injected some certainty into the self-disclosure process by providing a simple formula for calculating the “loss” amount where an excluded employee provided non-billable services that contributed to claims – (for example, hospital nurses, administrators, etc.). 

The formula requires providers to (1) calculate the employment costs for the excluded person (including benefits) during the period of employment; (2) determine the provider payor mix; and (3) simply multiply the costs by the Federal percentage of the mix. The result can then be used as a “proxy” for the single damages for “compromising the OIG’s CMP authority,” and since the calculation considers the contribution of the excluded employee during the exclusion period and the extent of the Federal contribution to the organization, it provides a generally proportionate result. [63] However, in matters involving direct billers, the updated protocol does not provide any relief as all submitted claims will be considered overpayments unless a viable defense can be raised. 

XI.  Reinstatement: [64]

Applications may be submitted 90 days prior to the reinstatement date, however, in many permissive exclusions, the reinstatement date is not fixed. For example, if a person is excluded based on a license revocation, he is not eligible for reinstatement until he has regained his license (or an equivalent license in another state); similarly, on OIG Exclusions based on a State health care program exclusion is also linked in length to that action. 42 CFR § 1001.601(b). Once it is determined that a provider is eligible for reinstatement, the OIG will send the provider a number of forms and releases of information to be completed, notarized, and returned. In evaluating reinstatement requests, the OIG considers a number of factors that focus on the risks and benefits to the program and the beneficiaries it serves. 

XII.  Basic Medicaid Exclusion Screening:

In accordance with CMS directives, [65] State Medicaid agencies require enrolled providers to screen their employees and contractors upon hire or when they begin work and monthly thereafter with the OIG’s List of Excluded Individuals and Entities (LEIE) and their own State Exclusion List (if they have one). States agencies can also include additional requirements, and the screening of State specific databases (such as abuse registries) have been added in a number of States. As such, it is very important for compliance officers to check with the rules of the State or States – in which their organization provides Medicaid services. 

In addition to the monthly screening requirement, compliance officers also need to be aware of the expanded requirements that are associated with the enrollment process. 

XIII. Expanded Medicaid Screening Requirements:

Medicaid providers must enroll and re-enroll every 3 5 years (depending on the provider type) in order for the State to determine initial and ongoing eligibility to participate in the program, [66] and as part of the process, providers must disclose their owners (anyone with a 5% interest), officers, directors, agents, managing employees, and any agent of the provider that has contracted with the State Agency. [67] The enrollment and disclosure process is an important part of the overall efforts to ensure that only eligible providers received Medicaid reimbursement, and State Medicaid agencies are specifically authorized to impose screening requirements “in addition to or more stringent than” the ones required by existing regulations. [68]

The implementation of these provisions lies at the heart of the “expanded” screening requirements because most States require, at a minimum, that providers verify and confirm the exclusion status of everyone that is part of their disclosure. This can only be done by screening these persons at the time of enrollment and re-enrollment and considering the breadth of the disclosure,69 this is not an insignificant task. 

As part of the enrollment and disclosure process, a number of States have gone even farther. That is, in addition to the above, a number of States require that providers ensure and verify that none of their employees, vendors and contractors are or ever have been excluded from any Federal or State benefit program! In Texas, for example, prior to enrolling or re-enrolling in Medicaid, providers must conduct an internal review” to confirm that neither the applicant “nor any of its employees, owners, managing partners, or contractors…have been excluded from participation in any program under Title XVIII, XIX, or XXI of the Social Security Act. In addition, providers must certify that they have fulfilled these requirements when signing their enrollment or re-enrollment applications. [70] Similarly, New Jersey requires providers to confirm that none of the providers employees, vendors or contractors have “ever been the subject of any suspension, debarment, disqualification or recovery action involving Medicaid…Medicare… or any other Federally or state-funded health care program.” [71]

XIV. Provider Recommendations:

There are a number of important lessons for health care providers who participate in Federal health benefits programs, regardless of size. These lessons, discussed below, are important as the OIG continues to focus on exclusions. 

  • Screening employees takes time: Screening is a complicated process even for small health care providers. At a minimum, Health care providers and suppliers are required to screen current and prospective employees, as well as any contractors, against the OIG-LEIE and their State Exclusion list (if a Medicaid provider); and depending on your State and your circumstances, your obligation could include several more databases. In addition, your screening requirements associated with enrollment and re-enrollment might be similar to those in Texas and New Jersey and requiring you to check employees and contractors against not only LEIE, but also all other states’ excluded provider lists. The OIG has recognized that providers can choose to contract with another entity to perform their screening, and we recommend it, but in doing so be careful to pick a vendor that gives you confidence that the job has been done well. [72]
  • Proper screening is prudent: In addition to protecting against overpayment and possible civil monetary penalties, the employment or engagement of an excluded party provides additional risks to your patients and the economic well- being of your practice. There is really no good reason to hire or contract with an excluded person or entity. 
  • Regardless of whether there is actual fraud or an overpayment, the employment of excluded individuals is quite serious to the OIG: HHS-OIG won’t hesitate to pursue civil monetary penalties against a provider who employs excluded individuals, despite the fact that no mention is made of any wrongful billings. Regular screenings of employees and contractors should be made to ensure that no employees have been excluded from participation. 
  • The government is serious about self-disclosing problems: To be clear, if you owe money to the government, you must pay it back, and the OIG’s voluntary disclosure protocol was updated to facilitate exclusion disclosures. Thus, the issue to be resolved is not if, but how, to go about returning funds you are not entitled to. Depending on the circumstances, a provider may be better off working with their Medicare Administrative Contractor (MAC) to resolve a problem. In other cases, HHS-OIG’s protocol may be the best option. Every situation is different and should be carefully assessed before action is taken. 
  • Federal and state law enforcement teams are coordinating their actions and findings: We have seen examples of violations being identified by state MFCUs who then contacted the OIG, by Medical Boards who advised a CMS program integrity contractor, and of initiatives by different arms of the OIG. Federal and State coordination is stressed by law enforcement and used to effect. 
  • When entering into contracts, screen your contractors and require that they prove their employees have not been excluded: Rather than focusing solely on employees, look at your contractual business relationships as well, and don’t just take their word! 
  • Ensure that your policy and procedures manual has been updated to include this issue: All employees should be advised that they have an affirmative obligation to tell you if they have been excluded or debarred from a Federal program. 

In summary, practice managers, compliance officers and owners of health care organizations must continually monitor their employees’ exclusion status, not merely check the OIG-LEIE and GSA-SAM lists when an individual is first hired. This compliance task is not the easiest requirement for a compliance officer to meet even for mid and small practices and consideration should be given to engaging a vendor to assist. Further, be aware of all of your screening obligations – State and Federal – and be sure to make screening an integral part of your effective Compliance Program (if it is not already). 

NATIONWIDE REPRESENTATION   Call: 1 (800) 475-1906.

Liles Parker attorneys have extensive knowledge and experience handling OIG exclusion matters and cases. Several of our attorneys held significant positions at DOJ.  In fact, we are the only law firm in the country with two former Federal prosecutors who served as “National Health Care Fraud Coordinator” for the 94 U.S. Attorneys Offices around the country.  We have the skills, knowledge and abilities to help you successfully work through the complicated Medicare exclusion process.  Questions?  For a free consultation, please give us a call:  1 (800) 475-1906.

[1] The authority to exclude was granted to the Secretary of the Department of Health and Human services in the Civil Money Penalties Law (Public Law 97-35, 1981 (as codified at section 1128A of the SSA). The Secretary delegated it to its Office of Inspector General in 1988 (53 Fed. Reg. 12,993 (April 20, 1988)). 

[2] The term “OIG Exclusion” is used as shorthand for an exclusion imposed by the Office of Inspector General pursuant to §1128(a)(1)-(4), (b)(1)-(b)(16) or §1156 of the Social Security Act (SSA). And since Medicare is the largest Federal health care program, the terms “OIG Exclusion” and “Medicare Exclusion” are sometimes used interchangeably. 

[3] The term “Federal health care programs” is defined under Section 1128B(f) of the Social Security Act as: 

(1) any plan or program that provides health benefits, whether directly, through insurance or otherwise, which is funded directly, in whole or in part, by the United States Government (other than the health insurance program under chapter 89 of title 5, United States Code); or 

(2) any State health care program, as defined in section 1128(h). 42 U.S.C. § 1320a-7b(f) (2012). 

[4] 42 C.F.R. § 455.416. (such as exclusions, terminations, debarment and revocations.

[5] The statute speaks in terms of “terminations,” but states refer to such actions under various names including exclusions, terminations, debarment and revocations among others. For the sake of consistency and simplicity, such actions initiated by States will be referred to as “Medicaid Exclusions.” 

[6] See Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017). 

[7] Inspector General June Gibbs Brown, in the press release for the 1999 Special Advisory. 

[8] The OIG has twice published guidance of the effect of an OIG Exclusion. A Special Advisory Bulletin on the Effects of Exclusion from Federal Health Care Programs” was issued September 2, 1999 and an “Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs” was issued May 8, 2013.  

[9] 42 C.F.R. 1001.1901(b), 42 C.F.R. § 1001.10. 

[10] 42 C.F.R. § 1001.10. Definitional changes were made to direct and indirect claims pursuant to rulemaking authority granted to the OIG in the MMA and the ACA; See also, OIG Advisory Opinion No. 18-01 at 5 (Feb. 20, 2018). 

[11] 2013 OIG Special Advisory, at 11-12, 16; see also Advisory Opinion No. 18-01). 

[12] 2013 OIG Special Advisory, at pg. 8. 

[13] 42 CFR 1001.1901(b)(4). 

[14] 42 U.S.C. § 1320a-7(a)(1)-(4). 

[15] See 42 U.S.C. § 1320a-7(a)(1). 

[16] See 42 U.S.C. § 1320a-7(a)(2).  For an interesting case where the OIG recently excluded an individual under this provision, please see our article titled “A Disruptive Conduct Conviction Can Result in a Medicare Exclusion.”

[17] See 42 U.S.C. § 1320a-7(a)(3). 

[18] Which took place after August 21, 1966 (the effective date of HIPAA), see 42 U.S. C. § 1320a-7(a)(4). 

[19] See, §§ 1128(i)(1) – (i)(4) of the Social Security Act. 

[20] Department of Health and Human Service, Departmental Appeals Board Civil Remedies Division, Okwilagwe v. The Inspector General, Docket No. C-13-322, Decision No. CR2920, September 6, 2013 

[21] §1002.230 

[22] These calculations are based on exclusions imposed between 2013 – 2017 as contained in the OIG’s LEIE. 

[23] See 42 U.S.C. § 1320a-7(b)(1). 

[24] See 42 U.S.C. § 1320a-7(b)(2). 

[25] See 42 U.S.C. § 1320a-7(b)(3). 

[26] See 42 U.S.C. § 1320a-7(b)(4). 

[27] See 42 U.S.C. § 1320a-7(b)(5). 

[28] See 42 U.S.C. § 1320a-7(b)(6). 

[29] See 42 U.S.C. § 1320a-7(b)(7). 

[31] See 42 U.S.C. § 1320a–7(b)(8)(B)(ii). 

[32] See 42 U.S.C. § 1320a–7(b)(8)(B)(iii). 

[33] See 42 U.S.C. § 1320a–7(b)(9). 

[34] One example of a required disclosure would include the identity of a sanctioned individual who holds an ownership or control interest in an entity. 

[35] See 42 U.S.C. § 1320a–7(b)(10). 

[36] See 42 U.S.C. § 1320a–7(b)(11). 

[37] See 42 U.S.C. § 1320a–7(b)(12). 

[38] See 42 U.S.C. § 1320a–7(b)(13). 

[39] See 42 U.S.C. § 1320a–7(b)(14). 

[40] See 42 U.S.C. § 1320a–7(b)(15). 

[41] See 42 U.S.C. § 1320a–7(b). 

[42] See U.S. DEP’T OF HEALTH & HUMAN SERVS.: OFFICE OF INSPECTOR GEN., Criteria for Implementing 1128(b)(7) 

Exclusion Authority (Apr. 18, 2016). 

[43] See 62 Fed. Reg. 67,392 (Dec. 24, 1997). 

[44] See U.S. DEP’T OF HEALTH & HUMAN SERVS.: OFFICE OF INSPECTOR GEN., Criteria for Implementing 1128(b)(7) 

Exclusion Authority (Apr. 18, 2016). 

[45] The appeals process is governed by 42 C.F.R. §§ 1001.2001- 1001.2007. 

[46] Which can be found at https://oig.hhs.gov/exclusions/exclusions_list.asp 

[47] This is a listing of the CMP authorities related to exclusion violations. A complete listing of the OIGs CMP authorities can be found on the OIG’s website or at 42 C.F.R. § 1003.210. 

[48] The penalty amounts for CMPs are increased and updated annually and are published at 45 C.F.R. §102. 

[49] OIG provided guidance that explains the circumstances under which an excluded person may be employed by or contract with, a provider and the provider would not be subject to CMP liability: (1) if Federal health care programs do not directly or indirectly pay for the items or services being provided by the excluded individual; and (2) if a provider employs or contracts with an excluded person to furnish items or services solely to non-Federal health care program beneficiaries. See id. at 12. 

[50] Press Release, Department of Health & Human Servs.: Office of Inspector Gen., Special Advisory Bulletin Outlines Effects of Exclusion from Federal Health Care Programs (Sept. 28, 1999) (stating that, “CMPs of up to $10,000 for each item or service furnished by the excluded individual or entity and listed on a claim submitted for Federal program reimbursement, as well as an assessment of up to three times the amount claimed and program exclusion may be imposed”). 

[51] The table cited is intended to be a demonstrative sample of settlements. Exclusion civil money penalty cases are reported and published on the OIG website.  

[52] Cases referenced herein have been reported and published on OIG’s website. 

[53] The updated Bulletin was issued, in part, to provide guidance “on the scope and frequency of screening employees and contractors” See 2013 Special Advisory at 1. 

[54] CIAs are imposed by the OIG in lieu of their imposing administrative remedies in cases involving FCA investigations. As such, requirements in them are sometimes concrete examples of OIG interpretations and expectations and therefore they can be useful as “guidance.” 

[55] See 2013 Updated Special Advisory at 16. 

[56] 81 Fed. Reg. 88, 334 (Dec. 7, 2016). 

[57] 2013 Special Advisory at 15). 

[58] See, https://downloads.cms.gov/cmsgov/archived-downloads/SMDL/downloads/SMD061208.pdf 

[59] See https://downloads.cms.gov/cmsgov/archived-downloads/SMDL/downloads/SMD011609.pdf 

[60] In addition to meeting its regulatory obligations, a proper exclusion screening program can also provide significant benefits to compliance and risk management programs. See HCCA, Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017), available at https://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG- Resource-Guide.pdf. 

[61] Though it will not provide a defense against overpayment liability. 

[62] See OIG’s Provider Self-Disclosure Protocol (April 17, 2013). 

[63] The result is generally proportionate to the violation because the loss increases in proportion to the employment of the excluded employee, the amount of salary paid to that person and the payor mix of the entity. For example, the loss involving an excluded nursing aide which was discovered soon after hire by a provider with a 25% Federal payor mix would be minimal in comparison to an excluded administrator or management employee who worked for a provider with a 75% Federal payor mix for a period of months or possibly even years before discovery. 

[64] The reinstatement process is found in C.F.R. § 1001.3001 – .3005. 

[65] This is in accordance with CMS directives SMDL 09-001, issued 1/16/09 and SMDL 08-003, issued 6/12/08. Both directives included in Chapter 17 of the Medicaid Program Integrity Manual, issued 9/23/11. Though the Manual is being revised, it is still available on the internet as of 3/11/19, at https://www.cms.gov/Regulations-and- Guidance/Guidance/Manuals/downloads/mpi115c17.pdf 

[66] See, Subpart E- Provider Screening and Enrollment, generally, 42 CFR §§ 455.410, 455.414. 

[67] See, Subpart B – Disclosure of Information by Providers and Fiscal Agents, 42 CFR § 455.100, et seq 

[68] 42 CFR § 455.452 

[69] For example, § 455 defines Managing employee as: a general manager, business manager, administrator, director or other individual who exercises operational or managerial control over or who directly or indirectly conducts the day- to-day operation of an institution organization or agency, § 455. 

[70] See, Texas Administrative Code § 352.5; Texas Medicaid Provider Agreement, Section IX. 

[71] See, New Jersey Provider Agreement. 

[72] See Updated: Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs, U.S. DEPT OF HEALTH & HUMAN SERVS.: OFFICE OF INSPECTOR GEN., at 14 (May 8, 2013). 

 

 

Misprision of a Felony – 18 U.S.C. § 4

December 22, 2020 by  
Filed under

Download PDF

Have you been charged with misprisoner of a felony? Call 202-298-8750.Out of the thousands of Federal criminal laws currently in effect, there are handful of rarely cited offenses that have been “resurrected” so to speak, by the government in health care fraud and other white-collar prosecutions.  One of these criminal laws is the “Misprision of a Felony” statute. This law has a long and storied history, dating back to 1555 under English common law.[1]  Since that time, English jurists have recognized the duty to raise the ‘hue and cry’ and report felonies to the authorities.”[2]  While still in place, the statute has effectively been relegated to the dustbin of history in England where violations of the offense are now rarely prosecuted.

I. Enactment of Misprision of a Felony Statute in the United States:

Adopting our own version of this criminal common law, the first Congress passed a Misprision of a Felony Statute in 1780.[3]  Over the last 200 years, this Federal statute has remained on the books and has been amended several times.[4]  Today, the Misprision of a Felony statute is codified at 18 U.S.C. § 4 and provides that:

“Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years, or both.”  (emphasis added).

While it would be incorrect to suggest that violations of this offense are commonly charged by Federal prosecutors, we have seen a number of recent health care fraud and other white collar cases where Misprision of a Felony is either included in an indictment or ultimately used to entice a defendant to plead guilty in a case.  A more detailed discussion of the current use and prosecution of Misprision of a Felony offenses is provided below.

II. Are You Required to “Snitch” on Someone Who Commits a Felony?

At the outset, we should first recognize what Misprision of a Felony does not require.  You are not required to “snitch” or turn in the perpetrator of a felony crime as long as you were not involved in the crime and took action to conceal it.  For example, if you overheard a physician tell a third party that he was performing and billing insurance payors for medically unnecessary services AND you took no action to conceal the felonious conduct, you would likely not have an affirmative obligation to report what you heard to Federal authorities.  I qualified the previous statement in recognition of the fact that although your failure to report the physician’s actions to Federal authorities would not expose you to criminal liability, if you are a licensed health care professional, you have an affirmative duty to report the physician’s conduct to the State Medical Board.  For instance, in Texas, should you fail to report another licensee’s continuing threat to the public welfare,” you are subject to discipline by the Texas Medical Board.  Additional categories of individuals who may have an affirmative obligation to report felonious conduct include elected officials.

III. How is the Misprision of a Felony Statute Being Applied Today?

While there are various from circuit to circuit, the Nine Circuit recently issued an opinion[5] which sets the elements that must be shown to sustain a conviction in a Misprision of a Felony prosecution, it must be proven beyond a reasonable doubt that:

(1) The principal . . . committed and completed the felony alleged;

(2) The defendant had full knowledge of that fact;

(3) The defendant failed to notify the authorities of the principal’s actions; and

(4) The defendant took affirmative steps to conceal the crime of the principal.

Notably, the Ninth Circuit also clarified that with respect to the knowledge element, the government:

“. . . must prove not only that the defendant knew the principal engaged in conduct that satisfies the essential elements of the underlying felony, but also that the defendant knew that the conduct was a felony.  (emphasis added).[6]

How would a defendant know whether a principal’s conduct constitutes a felony?  The Ninth Circuit panel held that the government must prove the defendant knew the underlying offense was punishable by death or more than one year in prison. [7]  The jury instructions [8] issued by the Ninth Circuit illustrate what has to be shown by prosecutors when pursuing a violation of 18 U.S.C. § 4:

MISPRISION OF A FELONY (18 U.S.C. § 4)

“The defendant is charged in [Count _ of] the indictment with misprision of felony in violation of Section 4 of Title 18 of the United States Code. In order for the defendant to be found guilty of that crime, the government must prove each of the following elements beyond a reasonable doubt:

First, a Federal felony was committed, as charged in [Count _ of] the indictment;

Second, the defendant had knowledge of the commission of that felony;

Third, the defendant had knowledge that the conduct was a Federal felony;

Fourth, the defendant failed to notify a Federal authority as soon as possible; and 

Fifth, the defendant did an affirmative act, as alleged, to conceal the crime.

A felony is a crime punishable by a term of imprisonment of more than one year.

Mere failure to report a Federal felony is not a crime. The defendant must also commit some affirmative act designed to conceal the fact that a Federal felony has been committed. See United States v. Olson, 856 F.3d 1216 (9th Cir. 2017).”

IV.  Recent Prosecutions of Misprision of a Felony Offenses:

Although Misprision of a Felony charges are still relatively infrequent, we have been seeing this statute utilized as a charging instrument in a number of recent health care fraud prosecutions.  The “concealment” element is the lynchpin needed for the government to effectively prosecute these offenses.  In the context of health care fraud case, examples of concealment might include:  (1) false certifications, (2) false statements to investigators, (3) obstructing a Federal audit (which is a criminal offense in and of itself).   Two recent cases charging offenses of this statute are described below:

Northern District of TexasIn this case, the defendant (a physician) supervised nurse practitioners for in-home patients.  The defendant was reportedly unaware that that a co-worker had been previously convicted of healthcare-related fraud and had no medical training.  In July 2016, the defendant physician observed a patient list for patients and visits that he did not perform. He asked about these patients. But did not report the violations to authorities.  He subsequently admitted that he knew the conduct was illegal and that another individual used his unauthorized signature to bill Medicare and pleaded guilty to Misprision of a Felony.  Unfortunately, the record doesn’t document the affirmative act of concealment needed to prove this offense.  Presumably, it may have occurred if he approved the billing of the claims and knowing that his signature had been used without his authorization.  The defendant is facing 3 years of incarceration.

Central District of CaliforniaIn this case, a physician (who purchased a hospital) was prosecuted for his involvement in a massive health care fraud case where sham contracts were used to conceal illegal kickback payments to physicians who funneled spinal surgeries to his hospital. According to the government, the kickback activities were already taking place when the defendant physician bought the hospital.  After the purchase, once the physician-owner became that illegal kickback payments were being made, he authorized the continued use of the sham contracts. The defendant subsequently pleaded guilty to a single count criminal information charging him with misprision of a felony.

V. Defending Charges of Misprision of a Felony:

The facts in every Misprision of a Felony case are different.  As such, you need to engage an experienced, skilled litigator to determine how to best construct your defense.  Possible defenses include, but are not limited to:

(a) Fifth Amendment Privilege Against Self-Incrimination. Under the Fifth Amendment to the Constitution, you cannot “be compelled in any criminal case to be a witness against himself.”  Therefore, you can’t be convicted of Misprision of a Felony if you choose not to testify or make a statement because you think it might incriminate you and result in your prosecution.

(b) The Conduct at Issue Does Not Qualify as “Concealment.” Depending on the facts, you may be able to show that your conduct did not rise to the level of constituting concealment.

(c) You Were Unaware that the Associated Offense was a Felony. Can you show that you were unaware that the associated offense was a felony?  Did you think that it was a misdemeanor and was not subject to a year or more in jail?

(d) Is Pleading to a Charge of Misprision of a Felony in Your Best Interests? Depending on your conduct and your role in the associated offense, it may be in your best interests to try and plead to a violation of 18 U.S.C. § 4.  When faced with charges of 18 U.S.C. § 1347, [9]  42 U.S.C. § 1320a–7b(b) [10] or a host of other, more egregious charges, it may be in your best interests for your legal counsel to try and see if Misprision of a Felony is a viably plea alternative.  Unlike many other felony statutes, you are face imprisonment of up to 3 years, a fine or both.

NATIONWIDE REPRESENTATION

For a Free Consultation, Call: 1 (800) 475-1906

Are you currently under investigation?  Are you facing an indictment? Several Liles Parker attorneys have held significant positions at the U.S. Department of Justice.  Our team of former Federal prosecutors will aggressively represent your interests and work to safeguard your liberty.  We represent health care providers, suppliers and other white collar defendants nationwide.  We can be reached at:  1 (800) 475-1906. 

[1]  Sir William Staunford gave the offense its name, considering it to be similar to the offense of concealment of a felony, as provided in a 1555 statute dealing with the Misprision of Treason.

[2] Branzburg v. Hayes, 408 U.S. 665, 696 (1972) quoting Blackstone’s Commentaries on the Laws of England. Book the Fourth – Chapter the Ninth: Of Misprisions and Contempts, Affecting the King and Government.  As the original version in Blackstone’s Commentaries stated:
MISPRISION of felony is alfo the concealment of a felony which a man knows, but never affented to; for, if he affented, this makes him either principal, or acceffory.”
[3] Act of April 30, 1790, Ch. 9, §6, 1 Stat. 113.

[4] Most states have also enacted a version of the Misprision of a Felony statute.  It is typically more restrictive and harder to prosecute than the Federal statute.  Only a handful of states ever prosecute these offenses.

[5] United States v. Olson, No. 15-30022 (9th Cir. 2017)

[7] Ibid, page 2.

[8] Id.

[9] Manual of Model Criminal Jury Instructions – For the District Courts of the Ninth Circuit. (Last Updated 09/2019)(P. 219)

[10] Violations of the Health Care Fraud Statute can result in fines of up to $250,000, imprisonment of not more than 10 years, or both.

[11] Violations of the Anti-Kickback Statute can result in fines of not more than $100,000, imprisoned of not more than 10 years, or both.

Read more

DOJ is Aggressively Investigating Allegations of Wrongdoing Related to COVID-19 Fraud and the Current National Emergency

Download PDF

DOJ is aggressively prosecuting instances of COVID-19 fraud and related wrongdoing.(March 27, 2019):  We live in trying times.  As the coronavirus disease (COVID-19) has spread both globally and throughout the United States, the government has taken a number of steps to address the current pandemic.  On March 13, 2020, President Donald Trump officially declared that the COVID-19 outbreak constitutes a national emergency.[1]  Within 72 hours of the issuance of President Trump’s declaration,  William Barr, the Attorney General of the United States, determined it was necessary to issue a memorandum to the 94 U.S. Attorney’s Offices around the country stressing the fact that Department of Justice (DOJ) prosecutors must remain diligent in their efforts to detect, investigate and prosecute wrongdoing related to the COVID-19 crisis.  This article examines the various COVID-19 fraud concerns that DOJ has already raised and sets out steps you can take to reduce your level of regulatory risk.

I.   Overview of DOJ Guidance of COVID-19 Fraud and Related Wrongdoing:

As mentioned above, on March 16, 2020, the Attorney General issued guidance[2] to the 94 U.S. Attorney’s Office around the country noting that it is essential that the justice system remain functioning throughout the national emergency.  It is also worth noting that U.S. Attorney’s Offices has been directed to prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.”

Less than a week after issuing this initial guidance, the DOJ announced on Sunday, March 22, 2020, that it had filed its first enforcement action in the Western District of Texas related to COVID-19 fraud.  As set out in the Civil Complaint filed by the government, the defendants have been alleged to have engaged in a “wire fraud scheme seeking to profit from the confusion and widespread fear surrounding COVID-19” through the company’s sale of World Health Organization (WHO) vaccine kits.  As the government notes, at this time, there are no legitimate COVID-19 vaccines and the WHO is not distributing such a vaccine.  As Assistant Attorney General Jody Hunt of the Department of Justice’s Civil Division stated at the time:

“The Department of Justice will not tolerate criminal exploitation of this national emergency for personal gain . . . We will use every resource at the government’s disposal to act quickly to shut down these most despicable of scammers, whether they are defrauding consumers, committing identity theft, or delivering malware.”[3]

Even more recently, on March 25, 2020, the U.S. Attorney’s Office for the Central District of California announced that it had filed a criminal complaint against an individual who allegedly solicited investments in a company that was marketing pills that would prevent coronavirus infections.  The defendant’s company was also supposedly marketing an injectable cure for individuals battling COVID-19. The complaint charges the individual with a single count of attempted wire fraud. [9]

II.   Specific Guidance Issued by Deputy Attorney Rosen on COVID-19 Fraud:

Shortly thereafter, on March 25, 2020, Deputy Attorney General, Jeffrey A. Rosen issued guidance titled “Department of Justice Enforcement Actions Related to COVID-19.” [4]  As the guidance notes, there are a number of specific statutory authorities that Federal prosecutors may find applies to assert if COVID-19 fraud or wrongdoing is identified.  These statutory authorities include, but are not limited to:

Federal Statutory Authority 
15 U.S.C. § 1 — Trusts, etc. in Restraint of Trade Illegal; Penalty
15 U.S.C. § 2 – Monopolizing Trade a Felony; Penalty
15 U.S.C. § 14 – Sale etc., on Agreement not to Use Goods of Competitor
15 U.S.C. § 1263 Prohibited Acts (Introduction of Misbranded or Banned Hazardous Substances into Interstate Commerce)
15 U.S.C. § 2068 – Prohibited Acts (Sale, Manufacture, Distribution or Import of a Consumer Product or other Product that is not in Conformity with Consumer-Product-Safety Regulations)
18 U.S.C. § 175Prohibitions with Respect to Biological Weapons
18 U.S.C. § 875 — Interstate Communications
18 U.S.C. § 876 – Mailing Threatening Communications
18 U.S.C. § 1030Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1038 — False Information and Hoaxes
18 U.S.C. § 1040 — Fraud in Connection with Major Disasters and Emergencies
18 U.S.C. § 1341 – Frauds and Swindles (Mail Fraud)
18 U.S.C. § 1343 – Fraud by Wire, Radio or Television (Wire Fraud)
18 U.S.C. § 1347 — Healthcare Fraud
18 U.S.C. § 1349 — Conspiracy to Commit Fraud
18 U.S.C. §§ 1028-1028A — Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information (Identification Fraud and Aggravated Identity Theft)
18 U.S.C. § 2320 –Trafficking in Counterfeit Goods
18 U.S.C. § 2332a — Use of Weapons of Mass Destruction
21 U.S.C. § 333 — Violation of the Food, Drug, and Cosmetic Act

Specific examples of possible COVID-19 fraud schemes that might be perpetrated were set out in Deputy Attorney General Rosen’s memorandum.  These examples included:

  • Robocalls making fraudulent offers to sell respirator masks with no intent of delivery. 18 U.S.C. § 1343 (Wire Fraud). The crime of “wire fraud” occurs when someone voluntarily and intentionally uses makes an interstate telephone call or another electronic communication (such as e-mail) in furtherance of a fraud scheme. Notably, the elements of wire fraud are very similar to those of mail fraud statute except that it speaks of communications transmitted by wire.
  • Fake COVID-19-related apps and websites that install malware or ransomware. 18 U.S.C. § 1343 (Wire Fraud) or 18 U.S.C. § 1030 (Computer Fraud). The crime of wire fraud is described above.  The crime of computer fraud occurs when someone knowingly causes the transmission of a “program, information, code or command” and intentionally damages (without authorization) a protected computer.   
  • Phishing emails asking for money or presenting malware. 18 U.S.C. § 1030 (Computer Fraud). One of the forms of computer fraud is set out above. Additional examples are also discussed under 18 U.S.C. § 1030.[5]  
  • Social media scams fraudulently seeking donations or claiming to provide stimulus funds if the recipient enters his or her bank account number. 18 U.S.C. §§ 1028-1028A (Identity Theft) or 18 U.S.C. § 1343 (Wire Fraud).  Notably, the government has extensive experience prosecuting individuals and entities who are alleged to have set up fake charities and have effectively taken advantage of a national disaster or tragedy.  The perpetrators of this type of fraud are almost always caught and the courts have levied heavy jail sentences and fines on bad actors found guilty of engaging in this type of wrongdoing.
  • Sales of fake testing kits, cures, “immunity” pills, and protective equipment. 21 U.S.C. 333 (Introduction of Misbranded or Adulterated Drug or Device Into Interstate Commerce) or 15 U.S.C. § 2068 (Violation of the Consumer Product Safety Act). Federal prosecutors and regulators for the Food and Drug Administration (FDA) handle these types of cases on an ongoing basis and are experienced in shutting down fraudsters hawking fake cures and treatments.
  • Fraudulent offers for free COVID-19 testing in order to obtain Medicare beneficiary information that is used to submit false medical claims for unrelated, unnecessary, or fictitious testing or services. 18 U.S.C. §§ 1028-1028A (Identification Fraud and Aggravated Identity Theft)This type of fraud has been occurring law before the inception of the COVID-19 fraud cases we are now seeing.  Most recently, Medicare beneficiary information has been misused by a number of telemarketing companies and durable medical equipment companies.  Federal prosecutors are currently in the middle of several prosecutions involving this type of conduct. 
  • Prescription drug schemes involving the submission of medical claims for unnecessary antiretroviral treatments or other drugs that are marketed as purported cures for COVID19. 18 U.S.C. § 1347 (Healthcare Fraud) or 15 U.S.C. § 2068 (Violation of the Consumer Product Safety Act). These common schemes are now being seen in connection with COVID-19 fraud cases around the country.  Health care providers should exercise caution before entering into business relationships with laboratories, pharmacies  and other ancillary service providers who are marketing purported cures or treatment regimens for COVID-19.
  • Robberies of patients departing from hospitals or doctor offices. 18 U.S.C. § 2118 (Robberies and Burglaries Involving Controlled Substances). Although not discussed in Deputy Attorney General Rosen’s memorandum, it is a Federal crime to take, or attempt to take, by force or violence or by intimidation, any quantity of a controlled substance from any person (including a patient) on the business premises or property of a person registered with the Drug Enforcement Administration.  In addition, to this Federal statute, there are a host of robbery statutes that would implicated under State law. 
  • Threats of violence against mayors and other public officials. 18 U.S.C. § 875 (Interstate Communications) or 18 U.S.C. § 876 (Mailing Threatening Communications). Using the internet to convey an interstate threat of violence or injury to any person would be a crime under 18 U.S.C. § 875.  Similarly, using the mails to threaten someone with violence or injury would be a crime under 18 U.S.C. § 876.  
  • Threats to intentionally infect other people. 18 U.S.C. § 2332a (Use of Weapons of Mass Destruction). Of the examples discussed in Deputy Attorney General Rosen’s guidance, this is perhaps the most interesting.  As the memorandum reflects, Federal prosecutors may view “Threats or attempts to use COVID-19 as a weapon against Americans”  as a violation of 18 U.S.C. § 2332a since COVID-19 arguably meets the statutory definition of a “biological agent” [6]and therefore could implicate our country’s terrorism-related statutes.

III.   Reducing Your Level of Regulatory Risk During the Current National Emergency:

Although the health, societal and business impact of the current COVID-19 emergency is unprecedented (at least in our lifetime), the fact that bad actors will readily take advantage of this situation is to be expected.  In fact, with the exception of the terroristic threat conduct discussed above, the types of wrongdoing encountered in COVID-19 fraud cases is pretty run-of-the-mill.  In addition to the concerns raised in Deputy Attorney General Rosen’s memorandum, several additional areas of risk to be considered by health care providers and suppliers include the following:

  • Exercise Due Diligence Before Accepting the Assertions of Medicare Coverage by a Vendor’s Sales Representative. There are a wide variety of medical devices and pharmaceutical products that have not been properly vetted through the FDA approval process in order to qualify for coverage and payment by Medicare.  Don’t assume that sales pitches asserting that a medical device or pharmaceutical product is correct.   In recent years, we have represented multiple providers who were talked into buying expensive equipment and other products based on a sales representatives promises that the item or service to be billed qualifies for Medicare coverage and payment.  In once case we handled, when our client was audited, the company that sold the medical device at issue had long since gone out of business and had been sued by other providers for misrepresenting that the services performed with the medical device could be properly billed to Medicare.
  • Take Care if You Seek a Bank or Small Business Administration (SBA) Loan as a Result of the COVID-19 Crisis. In an effort to help businesses deal with the current national emergency, the government has streamlined the SBA loan process for small businesses. Two recent articles[7]covering these developments have been placed on our website.  Should you decide to seek a bank or SBA backed business loan, you must exercise care when completing these applications.  While the documentation and approval timeframes may have been simplified, should you make a misstatement on the application or fail to disclose relevant information, your actions may constitute a crime.
  • Government Waivers of Certain Requirements (Such as those Associated with Telehealth / Telemedicine Services) are Always Limited. To its credit, the Centers for Medicare and Medicare Services (CMS) have been quick to address many of the patient access, diagnostic and treatment concerns expressed by health care providers and patients alike that have arisen because of the current COVID-19 outbreak.  For example, CMS maintains a list of services that are normally furnished in-person that it will now permit providers to furnish by Medicare telehealth.  As CMS wrote in recent guidance[8] it issued on March 17, 2020:  “Under the emergency declaration and waivers, these services may be provided to patients by professionals regardless of patient location.”  Don’t assume that the relaxation of Medicare’s telehealth / telemedicine rules are an indication that this area is no longer under extreme scrutiny by law enforcement and by CMS program integrity contractors such as Unified Program Integrity Contractors (UPICs).  Once our country has effectively dealt with the current national emergency, government investigators and CMS contractors will undoubtedly resume their review and audit of these historically-problematic claims.  For a more detailed discussion of the government’s enforcement efforts in this regard, please see our article from February 17, 2020, titled “Telemedicine Audits of Evaluations by Referring Physicians are Increasing.”

While CMS is continuing to identify additional ways that it can better facilitate the provision of patient care, health care providers need to remember that specific waivers recently approved by CMS are likely to be short-term in nature.  More importantly, all other coverage and payment requirements remain in effect.  First and foremost, were the services medically necessary?  Were the services properly documented (in accordance with CMS, State Medical Board and Industry Standards)?  Were the services properly coded and billed?  And finally, was the reimbursement you received accurate?

Once the current national emergency is over, health care providers and suppliers should expect to see significant upswings in program integrity audits by Unified Program Integrity Contractors (UPICs), Supplemental Medical Review Contractors (SMRCs) and Comprehensive Error Rate Testing (CERT) contractors.  As this health crisis continues, it is also important to keep in mind that State and Federal law enforcement agencies are actively soliciting reports of COVID-19 fraud and other related wrongdoing.  Attorney General Barr has urged the public to report any and all COVID-19 fraud schemes that are identified to the National Center for Disaster Fraud (NCDF) hotline.  As a result, it is imperative that you continue to ensure that your regulatory compliance efforts are both ongoing and up-to-date (in terms of your obligations under the law).

Have you received a document request from the OIG, a UPIC, a SMRC or another CMS contractor?  Are you currently facing a government audit or investigation of your claims billed to Medicare, Medicaid or another Federal health benefit program?  Call us for a free consultation.  We can be reached at: (202) 298-8750 or toll-free 1 (800) 475-1906.

Robert W. LilesRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with claims audits and investigation.  Is your health care practice, home health agency or hospice being audited? Give us a call.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

[1] Proclamation on Declaring a National Emergency Concerning the Novel Coronavirus Disease (COVID-19) Outbreak,”dated March 13, 2020.  A copy of the declaration can be found the following link.

[2] DOJ’s Memorandum, “COVID-19 – Department of Justice Priorities,” March 16, 2020.  A copy can be found at the following link.

[3] A copy of DOJ’s Press Release is available at this link.

[4] DOJ’s Memorandum, “Department of Justice Enforcement Actions Related to COVIF-19,” March 24, 2020. A copy can be found at the following link.

[5] 18 U.S.C. § 1030 (Fraud and Related Activity in Connection with Computers). A link to the statute can be found here.

[6] See 18 U.S.C. § 175.

[7] Our article titled Small Business Administration Releases Express Bridge Loan Pilot Program for COVID-19,” dated March 26, 2020, can be found here.   An earlier article titled “COVID-19 SBA Loan Support May be Available for Qualified Health Care Providers,” dated March 25, 2020, can be found here.

[8] CMS guidance titled “Medicare Telehealth Frequently Asked Questions (FAQs),” dated March 17, 2020, can be found here.

[9]  A copy of the Press Release can be found here.

Coronavirus Update – HHS & CMS Guidance, Directives and Waivers with Respect to Telemedicine, Provider Enrollment Regulations, Claim Appeals, the Suspension of Non-Emergency Survey Inspections, Nursing Homes, Home Health Agencies, Dialysis Facilities and DME Suppliers.

Download PDF

UPDATED (March 17, 2020): CMS just announced a waiver of certain telehealth coverage requirements so that Medicare beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility. The article below has been updated to address these key takeaways.

(March 16, 2020): On March 13, 2020, President Trump declared a National Emergency[1] related to the current Coronavirus / COVID-19 outbreak. The declaration gives Secretary Alex Azar of the US Department of Health & Human Services (HHS) the power to waive certain Federal requirements in Medicare, Medicaid and CHIP in order to address the outbreak. The President’s declaration was preceded by Secretary Azar’s determination on January 31, 2020[2] that a public health emergency exists.  Since these pronouncements, Liles Parker attorneys have received numerous calls asking for clarification on these waivers and other guidance from HHS and the Centers for Medicare and Medicaid Services (CMS).  Our clients have also asked that we provide a listing of useful links and other available resources.

As a result of President Trump’s declaration of a national emergency, HHS now has broad authority to make temporary adjustments including:

  1. Applying flexibilities that are already available under normal business rules;
  2. Waiver or modification of policy or procedural norms by the Administrator of the Center for Medicare and Medicaid Services (CMS) under his or her authority; and
  3. Waiver or modification of certain Medicare requirements pursuant to waiver authority under § 1135 of the Social Security Act.

As of March 16, 2020, CMS has issued the following guidance, directives and waivers, specifically with regard to the coronavirus outbreak. We recommend providers carefully review the HHS, CMS and/or CDC guidance specific to each service, discipline or facility type for complete details.

I.   Impact of the Coronavirus on Telehealth / Telemedicine Regulations:

The Coronavirus Preparedness and Response Supplemental Appropriations Act of 2020[3] signed by President Trump on March 6, 2020 included a specific provision addressing Medicare coverage and telehealth services. HB 6074 grants certain powers to the Secretary of Health and Human Services to waive some of the telehealth coverage requirements under the Medicare program. Unfortunately, the new law requires Secretary Azar to issue a waiver addressing any temporary changes to current Medicare telehealth coverage requirements. As of the publication of this article, a waiver has not been released, although CMS Administrator Seema Verma indicated during her remarks on March 13, 2020,[4] that more information would be forthcoming very soon. H.B. 6074 permits Secretary Azar to relax telehealth coverage requirements for all services CMS has approved to be provided via telemedicine as follows:

  • To relax the originating site requirements to include patient homes;
  • To waive the rural HPSA/non-MSA county geographic location requirement so that patients in any geographic location can receive covered telemedicine services; and,
  • To permit phone only telehealth services so long as the phone used has audio and video capabilities (i.e., most smartphones).

The law imposes certain restrictions, even under a waiver from Secretary Azar. Importantly, the relaxed coverage requirements would only extend to services provided by a physician or practitioner (or another physician or practitioner in that provider’s group practice) to an established patient, meaning an individual the provider has seen during the 3-year period before a telehealth service is furnished. We will update this article when a specific waiver is issued.

UPDATE (3/17/2020): CMS just announced a waiver of certain telehealth coverage requirements so that Medicare beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility. Here are the key takeaways from this important announcement:

  • Effective for services starting March 6, 2020 and for the duration of the COVID-19 Public Health Emergency, Medicare will make payment for Medicare telehealth services furnished to patients in broader circumstances.
  • These visits are considered the same as in-person visits and are paid at the same rate as regular, in-person visits.
  • Starting March 6, 2020 and for the duration of the COVID-19 Public Health Emergency, Medicare will make payment for professional services furnished to beneficiaries in all areas of the country in all settings.
  • While they must generally travel to or be located in certain types of originating sites such as a physician’s office, skilled nursing facility or hospital for the visit, effective for services starting March 6, 2020 and for the duration of the COVID-19 Public Health Emergency, Medicare will make payment for Medicare telehealth services furnished to beneficiaries in any healthcare facility and in their home.
  • The Medicare coinsurance and deductible would generally apply to these services. However, the HHS Office of Inspector General (OIG) is providing flexibility for healthcare providers to reduce or waive cost-sharing for telehealth visits paid by federal healthcare programs.
  • To the extent the 1135 waiver requires an established relationship, HHS will not conduct audits to ensure that such a prior relationship existed for claims submitted during this public health emergency.
  • HHS’ Office of Civil Rights will exercise enforcement discretion and waive penalties for HIPAA violations against health care providers that serve patients in good faith through everyday communications technologies, such as FaceTime or Skype, during the COVID-19 nationwide public health emergency.[18]

Note that the waiver does not restrict coverage to patients with coronavirus or symptoms of coronavirus. Any service that a provider can safely deliver via telemedicine and is on CMS’ list of approved telemedicine services[19] will be permitted under the new waiver. This waiver of Medicare program and HIPAA requirements will last for the duration of the COVID-19 Public Health Emergency. We do recommend that you check with your State licensing board to verify state requirements for telemedicine if you are unfamiliar with what is permitted in your state. Liles Parker has advised numerous clients with regard to telemedicine services.

In the meantime, CMS has reminded providers of the following options to provide covered non-face to face services to Medicare patients:

  • Medicare pays for “virtual check-ins” for patients to connect with their doctors without going to the doctor’s office. These brief, virtual check-in services are for patients with an established relationship with a physician or certain practitioners where the communication is not related to a medical visit within the previous 7 days and does not lead to a medical visit within the next 24 hours (or soonest appointment available). The patient must verbally consent to using virtual check-ins and the consent must be documented in the medical record prior to the patient using the service. The Medicare coinsurance and deductible would apply to these services. Doctors and certain practitioners may bill for these virtual check-in services furnished through several communication technology modalities, such as telephone (HCPCS code G2012) or captured video or image (HCPCS code G2010).
  • Medicare also pays for patients to communicate with their doctors without going to the doctor’s office using online patient portals. The individual communications, like the virtual check ins, must be initiated by the patient; however, practitioners may educate beneficiaries on the availability of this kind of service prior to patient initiation. The communications can occur over a 7-day period. The services may be billed using CPT codes 99421-99423 and HCPCS codes G2061-G206, as applicable. The Medicare coinsurance and deductible would apply to these services.
  • In addition, Medicare beneficiaries living in rural areas may use telehealth technology to have full visits with their physicians. The patient must be present at an approved telehealth originating site and must receive services using a real-time audio and video communication system at the site to communicate with a remotely located doctor or certain other types of practitioners. Medicare pays for many medical visits through this telehealth benefit. The Medicare coinsurance and deductible would apply to these services. For additional information on this benefit, please see CMS’s Telehealth resource page [5] for additional details and requirements.
  • Medicare Advantage Plans were given the authority to expand their telehealth coverage through enhanced benefit packages last year, but coverage still varies from plan to plan. CMS also issued a waiver on March 10, 2020 permitting (but not requiring) Medicare Advantage Plans to expand access to certain telehealth services. We recommend checking with the plans with which you contract for specific details or contact Liles Parker for assistance.
  • Many State Medicaid programs already cover telehealth/telemedicine services provided to patients in their homes. Liles Parker can assist in determining what your State Medicaid program covers.

II.   Impact of the Coronavirus on Medicare Provider Enrollment Regulations:

CMS has issued a blanket waiver related to provider enrollment requirements[6] to do the following:

  • Establish a toll-free hotline for non-certified Part B suppliers, physicians and nonphysician; practitioners to enroll and receive temporary Medicare billing privileges;
  • Waive the following screening requirements:
    • Application Fee – 42 C.F.R § 424.514
    • Criminal background checks associated with FCBC – 42 C.F.R § 424.518
    • Site visits – 42 C.F.R § 424.517
  • Postpone all revalidation actions;
  • Allow licensed providers to render services outside of their state of enrollment; and,
  • Expedite any pending or new applications from providers.

Liles Parker provides assistance to all types of providers seeking to enroll in the Medicare program.

III.   Impact of the Coronavirus on Medicare Claim Appeals:

CMS has issued a blanket waiver applicable to fee-for-service Medicare, Medicare Advantage and Medicare Part D claim appeals.[7]  The blanket waiver provides for the following relief:

  • Extensions to file an appeal
  • Waiving timeliness for requests for additional information to adjudicate the appeal;
  • Processing the appeal even with incomplete Appointment of Representation forms but communicating only to the beneficiary;
  • Processing requests for appeal that don’t meet the required elements using information that is available.
  • Utilizing all flexibilities available in the appeal process as if good cause requirements are satisfied.

IV.   Suspension of Non-Emergency Survey Inspections Due to Coronavirus:

On March 4, 2020, CMS issued a Memorandum[8] advising that it is temporarily suspending non-emergency survey inspections, allowing providers to focus on the most current serious health and safety threats, like infectious diseases and abuse. Specifically, survey activity is limited to the following (in Priority Order):

  • All immediate jeopardy complaints (cases that represents a situation in which entity noncompliance has placed the health and safety of recipients in its care at risk for serious injury, serious harm, serious impairment or death or harm) and allegations of abuse and neglect;
  • Complaints alleging infection control concerns, including facilities with potential COVID-19 or other respiratory illnesses;
  • Statutorily required recertification surveys (Nursing Home, Home Health, Hospice, and ICF/IID facilities);
  • Any re-visits necessary to resolve current enforcement actions;
  • Initial certifications;
  • Surveys of facilities/hospitals that have a history of infection control deficiencies at the immediate jeopardy level in the last three years;
  • Surveys of facilities/hospitals/dialysis centers that have a history of infection control deficiencies at lower levels than immediate jeopardy.

CMS is maintaining a website[9] with consolidated guidance to surveyors related to coronavirus and infection control in hospitals, nursing homes, hospices, home health, and dialysis facilities.

V.   Nursing Homes:

CMS issued a revised Memorandum[10] on March 13, 2020 with specific guidance to nursing homes, including:

  • Directing nursing homes to temporarily restrict all visitors and nonessential personnel with a few exceptions such as end-of-life situations, and to cancel all communal dining and group activities.
  • Screening their staff and outside healthcare providers using CDC guidelines for restricting access to health care workers.
  • Notifying their local health department if a resident is suspected of having COVID-19. Facilities that can follow the infection prevention and control practices recommended by CDC may or may not need to transfer the patient, depending on the severity of the patient’s symptoms. If a resident must be transferred to a hospital, careful coordination with EMS and the receiving facility must be performed, including placing a facemask on the patient during transfer.
  • Accepting patients diagnosed with COVID-19 and still under Transmission-Based Precautions for COVID-19 as long as the facility can follow CDC guidance;
  • Accepting patients who are not diagnosed with COVID-19 from hospitals or other locations where a case of COVID-19 was/is present; and,
  • Obligations to maintain appropriate PPE and alcohol-based hand rub supply levels, while assuring facilities they will not be cited by surveyors so long as they can demonstrate they are having difficulty obtaining the supplies for reasons outside their control. Nursing homes are advised to contact with their local and state public health agency to notify them of any shortage, follow national guidelines for optimizing their current supply, and identify the next best option to care for their residents.

CMS also exercised its authority to waive certain coverage requirements for skilled nursing services on March 13, 2020, including the following:

  • CMS is waiving the 3-day prior hospitalization for coverage of a skilled nursing facility (SNF) stay for those people who need to be transferred as a result of the coronavirus emergency. In addition, for certain beneficiaries who recently exhausted their SNF benefits, it authorizes renewed SNF coverage without first having to start a new benefit period.
  • Second, CMS is waiving 42 CFR 483.20 to provide relief to SNFs on the timeframe requirements for Minimum Data Set assessments and transmission.

VI.   Home Health Agencies:

CMS has issued a blanket waiver[11] to provide relief to home health agencies (HHAs) on the timeframes related to OASIS Transmission. The waiver also allows Medicare Administrative Contractors to extend the auto-cancellation date of Requests for Anticipated Payment (RAPs) during emergencies. Please consult with your home health MAC for specific guidance.

Additionally, on March 10, 2020, CMS issued guidance [12] on addressing potential and confirmed COVID-19 cases and mitigating transmission including screening, treatment, and transfer to higher level care (when appropriate).

VII.   Hospitals:

On March 4, 2020, CMS issued guidance[13] regarding infection control and prevention related to COVID-19 cases.  In addition, CMS has issued blanket waivers applicable to hospitals[14] addressing a number of issues.[17] Some of the most significant include:

  • CMS is waiving the requirements that Critical Access Hospitals limit the number of beds to 25, and that the length of stay be limited to 96 hours.
  • CMS is waiving requirements to allow acute care hospitals to house acute care inpatients in excluded distinct part units, where the distinct part unit’s beds are appropriate for acute care inpatient.
  • CMS is waiving to allow acute care hospitals with excluded distinct part inpatient psychiatric units that, as a result of a disaster or emergency, need to relocate inpatients from the excluded distinct part psychiatric unit to an acute care bed and unit.
  • CMS is waiving requirements to allow acute care hospitals with excluded distinct part inpatient Rehabilitation units that, as a result of a disaster or emergency, need to relocate inpatients from the excluded distinct part rehabilitation unit to an acute care bed and unit.

VIII.   Coronavirus Related Waivers Issued by CMS to DME Suppliers:

A blanket waiver[15] has been issued by CMS as of March 13, 2020 to address lost, destroyed, irreparably damaged or otherwise unusable Durable Medical Equipment (DME).  DME Medicare Administrative Contractors (MACs) will have the flexibility to waive replacement requirements such that the face-to-face requirement, a new physician’s order, and new medical necessity documentation are not required. Suppliers must still include a narrative description on the claim explaining the reason why the equipment must be replaced and are reminded to maintain documentation indicating that the DMEPOS was lost, destroyed, irreparably damaged or otherwise rendered unusable or unavailable as a result of the emergency. Please check your DME MAC website for more information or contact Liles Parker for assistance.

IX.   Dialysis Facilities:

On March 10, 2020, CMS issued guidance[16] addressing potential and confirmed COVID-19 cases and mitigating transmission including screening, treatment, and transfer to higher level care (when appropriate).

X.   Conclusion:

Liles Parker attorneys and staff are closely monitoring HHS, CMS and CDC guidance and will update this article as new information becomes available. Please contact us with questions or for assistance with your response to this unprecedented National Emergency.

Jennifer Papapanagiotou is a Partner at Liles Parker, Attorneys & Clients at Law.  She has decades of experience representing health care providers and suppliers around the country in connection with a wide range of regulatory actions.  Questions regarding the impact of recent coronavirus guidance on your organization?  Call Jennifer for a free consultation.  She can be reached at:  1 (800) 465-1906.

[1] Proclamation on Declaring a National Emergency Concerning the Novel Coronavirus Disease (COVID-19) Outbreak, Issued on March 13, 2020.  A link to the declaration can be found here.

[2] Determination that a Public Health Emergency Exists, issued by Secretary Azar on January 31, 2020.  A link to the determination can be found here.

[3] ‘‘Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020.”  H.B. 6074

[4] Emergency Declaration Press Call Remarks by CMS Administrator Seema Verma, delivered March 13, 2020.  A link to the remarks can be found here.

[1] Medicare Telemedicine Health Care Provider Fact Sheet, dated March 17, 2020, can be found here. Frequently Asked Questions expanding on the fact sheet and giving more details on implementation can be found here.

[2] HHS’s Office of Civil Rights is maintaining a website with more information on this topic here.

[3] You can find CMS’ list of approved telemedicine services here.

[5] CMS’s telehealth resource page can be found here.  

[6] COVID-19 Emergency Declaration Health Care Providers Fact Sheet, dated March 13, 2020, can be found here. Provider enrollment waivers of certain requirements are outlined in the guidance.

[7] Ibid. Waivers to the administrative claims appeals process are outlined on page 3 of the document.

[8] Memorandum titled “Suspension of Survet Activities,” dated March 4, 2020.  A copy of the Memorandum can be found here.

[9] CMS guidance titled “Updates for State Surveyors and Accrediting Organizations” can be found here.  

[10]CMS Memorandum titled Guidance for Infection Control and Prevention of Coronavirus Disease 2019 (COVID-19) in Nursing Homes (REVISED),” can be found here.

[11] COVID-19 Emergency Declaration Health Care Providers Fact Sheet, dated March 13, 2020, can be found here.   Home health agency guidance is on page 3 of the Fact Sheet.

[12] CMS Memorandum titled Guidance for Infection Control and Prevention Concerning Coronavirus Disease 2019 (COVID-19) in Home Health Agencies (HHAs), was issued on March 10, 2020, and can be found here.

[13] CMS Memorandum titled Guidance for Infection Control and Prevention Concerning Coronavirus Disease (COVID-19): FAQs and Considerations for Patient Triage, Placement and Hospital Discharge,” dated March 4, 2020, can be found here.  

[14] COVID-19 Emergency Declaration Health Care Providers Fact Sheet, dated March 13, 2020, can be found here.   Hospital guidance is on pages 1-3 of the Fact Sheet.

[15]COVID-19 Emergency Declaration Health Care Providers Fact Sheet, dated March 13, 2020, can be found here.   DME related guidance is on page 1 of the Fact Sheet.

[16] CMS issued guidance on March 10, 2020

[17]  Medicare Telemedicine Health Care Provider Fact Sheet, dated March 17, 2020, can be found here. Frequently Asked Questions expanding on the fact sheet and giving more details on implementation can be found here. 

[18] HHS’s Office of Civil Rights is maintaining a website with more information on this topic here.

[19] You can find CMS’ list of approved telemedicine services here.

[20]

SIU Dental Audit Reviews by DentaQuest, Delta Dental and Cigna Can Ultimately Lead to Criminal Prosecution and Imprisonment.  Are Your Dental Office’s Medical Necessity, Documentation, Coding and Billing Practices Compliant?

October 16, 2019 by  
Filed under Dental Audits & Compliance

Download PDF

Dental Claims Audits are Ongoing(October 16, 2019):  A Federal District Court Judge recently sentenced a Murfreesboro, TN dentist to prison and ordered that he pay restitution to TennCare (Tennessee’s Medicaid program).  Regrettably, the types of improper billing practices cited by the government in the criminal Information filed against the defendant dentist aren’t that uncommon.  This recent prosecution serves as an excellent case study of why it is essential that dentists and dental practices take steps to ensure that their medical necessity, documentation, coding and billing practices fully comply with applicable regulatory requirements and contractual obligations.  In addition to reviewing the types of improper conduct that led to the government’s criminal pursuit of the defendants in this case, this article examines how a Special Investigations Unit dental audit (SIU dental audit) by auditors and investigators at DentQuest, Delta Dental and Cigna can ultimately lead to a referral to State or Federal law enforcement officials.  Once a referral is made, you and your dental practice may be subject to criminal investigation and prosecution.

I.  SIU Dental Audit Reviews by DentaQuest, Delta Dental and Cigna Can Result in a Referral to State or Federal Law Enforcement Officials:

In this case, a Tennessee licensed dentist reportedly owned a dental practice with three locations in Murfreesboro, TN and a single location in Lebanon, TN.   The dental practice treated patients that were covered by private-payor dental plans and Medicaid.  Payors billed by the dental practice included, but were not necessarily limited to:  DentaQuest (DentaQuest served as the administrator to the TennCare program – Tennessee’s Medicaid program), Delta Dental and Cigna.[1]  Starting in late 2014, a number of payors initiated an SIU dental audit of the defendant’s multi-location dental practice.  These included:

December 2014. DentaQuest SIU Dental Audit.   In late 2014, DentaQuest conducted an audit of select 2013 and 2014 claims submitted to the Medicaid payor plan by the practice.  After reviewing the claims, DentiQuest alleged that the practice claiming was:

    • Billing for crowns at an unusually high rate; and
    • Impermissibly billing DentaQuest for services provided by non-credentialed dentists.

Importantly, the defendant was allegedly advised of these allegations both during and after the DentaQuest audit.

December 2016 Delta SIU Dental Audit.  Delta Dental conducted an audit of 2015 and 2016 claims submitted to the payor for coverage and payment. At the conclusion of the dental claims audit, Delta Dental alleged that the dental practice:

    • Billed for dental services during the period January 2015 through May 2016 that were allegedly not provided.

Both during and after the Delta Dental audit, the defendant dentist and his office manager were allegedly advised of the allegation that the practice had billed the payor for services that were not provided.

August 2016 Tennessee Bureau of Investigation Probe.  In August 2016, the defendant dentist and his office manager reportedly learned that the Tennessee Board of Investigation had initiated an investigation of the dental practice’s billing conduct.  Despite the fact that the defendants supposedly learned of the State’s ongoing investigation, they allegedly:

    • Directed employees to continue to bill for work that had not been performed.

As the summary findings of these dental claims audits reflect, the defendant dentist and the practice administrator were repeatedly advised by dental plan sponsors that a number of medical necessity, coding and documentation deficiencies had been identified.  Despite the fact that the defendants were allegedly put on actual notice of these improper coding and billing practices, the practice appears not to have taken remedial steps to correct the conduct.

II.  Overview of the Fraudulent Dental Billing Conduct Alleged by the Government:

The criminal Information filed against the defendant dentist outlines a number of documentation and billing practices that allegedly resulted in the submission of false and fraudulent dental claims to the DentaQuest (TennCare Medicaid), Delta Dental and Cigna payor plans. Not surprisingly, the types of improper conduct that the government chose to criminally prosecute are far from uncommon.  In fact, many of the dental audits we have defended on behalf of dental practices around the country have involved at least one of the documentation, coding and / or billing problems that ultimately led to the criminal referral in this case.  As both government and private payor SIU dental audit representatives will readily attest, when it comes to dental claims fraud, the old adage “. . . there is nothing new under the sun” certainly applies.[2] The types of improper conduct alleged by the government are outlined below:

Summary of Allegation

Conduct Cited by the Government

Billing for Services Not Rendered.The government alleged that the defendants submitted false and fraudulent claims to health care benefit programs for dental work that had not been completed.
Falsifying Dates of Service.  The government alleged that the defendants falsified the dates of service to make it appear as though the dental service was rendered within the timeframe required by a health care benefit program or after preauthorization was obtained from a health care benefit program so that the dental claims would be paid.
Falsifying the Identity of the Individual Who Rendered the Dental Services.The government alleged that the defendants falsified claims to make it appear as though the services had been rendered by a dentist who was credentialed to treat patients at a particular practice location, when in fact the services had been provided by a non-credentialed dentist or at a different practice location.[3]
Falsifying Dental Records.The government alleged that the defendants falsified supporting documentation and records, such as x-rays, in order to have the claims paid.
Engaging in Upcoding.The government alleged that the defendants added false language to the claim narratives to make it appear as though the practice had provided more expensive services than the services that were actually provided.
Obstruction.The government alleged that the defendants falsified took steps to conceal the fraud, including:  (1) Disciplining or firing employees who asked questions about whether the billing practices were correct or legal, (2) Instructing practice employees to tell patients and representatives from insurance companies that if the practice had billed for work that had not been done, it was simply a billing error and would be corrected, when, in fact, it was the routine practice of the organization.
False Statements / Obstruction.The government alleged that the defendants falsified took steps to make it appear as though the practice administrator was solely responsible for the fraudulent billing practices at the practice and that the defendant dentist was supposedly unaware of the fraudulent billing practices, when in fact, both individuals knew about the conduct and caused the practice to submit false and fraudulent claims.

 III.  Criminal Charges Brought Against the Defendant Dentist and Disposition of the Case:

The defendant dentist in this case entered into a plea bargain with the Federal government and agreed to waive his right to an Indictment.  As the pleadings in this case reflect, in November 2018, the defendant dentist was charged in a criminal Information with one count of criminal conspiracy under 18 USC § 1349.[4]   In June 2019, the defendant dentist was sentenced to almost three years in prison and ordered to pay almost one million dollars in restitution to the TennCare Medicaid program.[5]

How can you and your dental practice avoid engaging in the types of improper conduct identified by the government in this case? As a first step, your practice needs to develop, implement and adhere to the both the letter and the spirit of an effective compliance program.  An overview of the compliance program process is set out below.

IV.  Every Dental Practice Must Develop and Implement an Effective Compliance Program:

As you will recall, the Department of Health & Human Services (HHS), Office of Inspector General (OIG), issued voluntary Compliance Guidance for Individual and Small Group Physician Practices” almost 20 years ago, in 2000.[6]  As the seven element compliance guidance reflects, the term “physician” is defined to include “a doctor of dental surgery or dental medicine.” [7] With the passage of the Affordable Care Act[8]  in 2010, dental practices and other health care providers participating in Federal health benefits programs were now required to establish a compliance program as a condition of their enrollment in the Medicare, Medicaid, and Children’s Health Insurance Program (CHIP) payor plans.  Under § 6401(b)(5) of the statute:

“Subtitle E—Medicare, Medicaid, and CHIP Program Integrity Provisions

SEC. 6401. PROVIDER SCREENING AND OTHER ENROLLMENT REQUIREMENTS UNDER MEDICARE, MEDICAID, AND CHIP.

Sec. 6401(a)(7):  COMPLIANCE PROGRAMS.—On or after the date of implementation determined by the Secretary under subparagraph (C), a provider of medical or other items or services or supplier within a particular industry sector or category shall, as a condition of enrollment in the program under this title [Medicare], title XIX [Medicaid], or title XXI [CHIP], establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category.

. . . .

Sec. 6401(b)(5):  COMPLIANCE PROGRAMS.—The State requires providers and suppliers under the State plan or under a waiver of the plan to establish, in accordance with the requirements of section 1866(j)(7), a compliance program that contains the core elements established under subparagraph (B) of that section 1866(j)(7) for providers or suppliers within a particular industry or category.”  (emphasis added).

From a practical standpoint, dental practices have been slow to make the transition from a “voluntary” to a “mandatory” approach towards compliance. In January 2017, the OIG and compliance professionals of the Health Care Compliance Association (HCCA) met and made modifications to the original seven elements identified in the 2000 compliance program guidance.  The seven elements were modified to include the following:

  1. Standards, Policies, and Procedures.
  2. Compliance Program Administration.
  3. Screening and Evaluation of Employees, Physicians, Vendors and other Agents. 
  4. Communication, Education, and Training on Compliance Issues. 
  5. Monitoring, Auditing, and Internal Reporting Systems. 
  6. Discipline for Non?Compliance.
  7. Investigations and Remedial Measures.[9]

 If the defendants had properly developed, implemented and diligently worked to follow an effective dental practice compliance program, it is highly unlikely that the deficiencies identified by the government would have occurred (assuming, of course, that the defendants would have worked to comply with applicable statutory and regulatory requirements).

V.  The Possible Impact of an SIU Dental Audit on Your Dental Practice:

Assuming that your dental practice does not participate in the Medicare program[10] (but does participate in the Medicaid program), a wide variety of audit entities may show up at your door to perform an unannounced audit or send you a written notice of audit.  Audit entities that may initiate a review of your dental claims include:

Your Dental Practice May be Audits by Medicaid UPICs, Medicaid RACs, State Medicaid Fraud Control Units (MFCUs) and Private Payor Special Investigation Units (SIUs).

It is important to keep in mind that many of these audit entities have overlapping areas of responsibility.  As a result, it is entirely possible that one audit entity (for instance, a Unified Program Integrity Contractor (UPIC)) may decide to look at your 2015 Medicaid dental claims, while a completely different entity (such as Medicaid Recovery Audit Contractor (Medicaid RAC)) could audit your 2016 Medicaid dental claims.  For instance:

  • UPIC / Medicaid RAC Audits. On the government side, your dental practice’s Medicaid claims may be audited by a UPIC or a Medicaid RAC working for the Centers for Medicare and Medicaid Services (CMS).

 

  • State MFCU Audits. Since the Medicaid program is jointly funded by the Federal and State governments, your Medicaid claims may also be audited by your State’s Medicaid Fraud Control Unit (MFCU).

 

  • Audits by a Private Company Administrator of the Medicaid Program. If a private payor plan (such as DentaQuest) is serving as the administrator of the State Medicaid program, the private payor Special Investigations Unit (SIU) may initiate an audit of your Medicaid claims

 

  • Private Payor Audits. To the extent that your dental practice is a participating provider in one or more private dental payor plans, each of these private payor plans has an in-house SIU that is tasked with identifying and taking appropriate administrative action against providers and suppliers engaged in improper conduct. If a SIU identifies conduct that it believes may constitute fraud, it may choose to make a referral to law enforcement for further investigation and possible criminal prosecution.

In the case discussed above, the Special Investigation Units (SIU) of DentQuest, Delta Dental and Cigna initiated audits of the dental practice’s claims.   A private payor’s SIU is typically comprised of health care auditors and investigators, many of whom previously worked for Federal or State law enforcement agencies.  If evidence of wrongdoing is found by the SIU, the private payor may decide to take an administrative action, such as place a dental provider on prepayment review or terminate a dental provider from their payor program.  To the extent that an alleged overpayment is identified by the SIU, it may send a demand letter to a dental provider.  This ultimately could lead to the initiation of a collection action in civil court by the private payor.  In a worst case scenario, if an SIU agent identifies evidence of actual fraud (as opposed to conduct that is indicative of a mistake, error or an accident), the unit may choose to make a referral to the government for further investigation and possible criminal prosecution.

As set out in the background discussion (Section I), the dental practice in the instant case underwent several audits over a fairly short period of time.  The audits conducted included reviews by DentaQuest (as the administrator for TennCare’s Medicaid dental program), Delta Dental and Cigna.  The Tennessee Bureau of Investigation subsequently initiated its own investigation of the dental office’s billing practices.  After concluding their reviews, a criminal referral was made to the U.S. Attorney’s Office.  Federal prosecutors then initiated criminal proceedings against the dentist practice owner and the practice administrator.

VI.  Responding to a DentaQuest Audit, Delta Dental Audit or Cigna Audit of Your Dental Claims:

The government does not expect you to be perfect with respect to your documentation, coding and billing practices.  Nevertheless, the government does expect you to take reasonable steps to prevent the occurrence of improper billing practices. The development and implementation of an effective compliance program is an integral part of your dental practice’s program integrity efforts.  Unfortunately, even if you diligently work to stay within the four corners of the law, mistakes will still be made and your dental claims will still be subject to audit by a State Medicaid program, DentaQuest, Delta Dental, Cigna and other dental payors.  How should you respond if you are audited by a government or private payor?

  • Call an Experienced Health Lawyer for Assistance. Effectively responding to a government or private payor audit of your dental claims is essential if you hope to reduce the possible adverse effects of an audit.  An experienced health lawyer can walk you through the process and interact directly with the payor to seek an extension of the deadline to submit dental records and advise you on the documentation, coding and billing requirements that are required by a given payor.  Notably, the Liles Parker attorneys who would represent you and your practice in a dental audit are both experienced health lawyers AND have achieved certification as Certified Medical Reimbursement Specialists (CMRSs) by the American Medical Billing Association (AMBA) and / or Certified Professional Coders (CPCs) by the American Academy of Professional Coders.

 

  • Don’t ignore a SIU dental audit of your claims. It has been our experience that approximately 20% of all dental audit requests are either ignored by a dental practice or were set aside for later review and then got lost in the ever-growing pile of administrative correspondence received by a dental practice.  Don’t allow this to happen.  Most payors will give a dental practice a deadline to submit any responsive, supporting dental records.  This submission deadline can be as little as a few days to as much as 30 days.  If the payor does not receive the requested records by the deadline, it will automatically deny the dental claims.

 

  • Are there indications that the government or private payor intends to try and extrapolate damages? If a payor describes the group of dental medical records requested as a “statistically relevant sample” or uses similar descriptive terminology, call your legal counsel.  While not typically seen in private payor audits, we have seen numerous instances where a private payor has attempted to extrapolate any damages identified in connection with their audit.  Depending on applicable law and the terms of your contract with the payor, your legal counsel may be able to get the extrapolation dismissed.  If the payor does, in fact, have the authority to extrapolate damages, Liles Parker attorneys will often work with a statistical expert to conduct a preliminary assessment of whether or not the sample selected is, in fact, a sample that is representative of the universe of dental claims at issue.

 

  • Assemble the dental records requested. Take the time to assess the specific claims at issue and the supporting documentation in each file.  Are there additional places (e.g., files in storage) where additional supporting documentation may be kept?  If the documentation appears to be incomplete, you may be able to supplement the records with an affidavit. Are there any referring or ancillary providers that might have supporting documentation (e.g., referrals or orders from another dental professional, laboratory or X-ray test result)?

 

  • Retain duplicates of any information that you submit to the SIU dental auditor. Should you choose to go it alone and not be represented by legal counsel, you need to make sure that you secure a complete copy of the documentation sent to the payor.  It should be kept separate from your working files.  Should an appeal prove necessary, you will need to know the information on which the payor based its denial decision.

 

  • Don’t turn an administrative or civil audit into a criminal case. Dental records, progress notes, x-rays and other documents must be signed and dated by the health care provider at the time the services are rendered or conducted.  In conducting your review, did you find that the claims documentation is legible and complete?  If not, change your practices now.  Wholesale efforts to go back and supplement incomplete documentation may constitute obstruction of justice if incorrectly handled.  Never make changes to a patient’s documentation or dental records without first discussing the issues presented with legal counsel so that you can ensure that a third party reviewing the updated records will not be misled as to the nature of the changes or revisions AND when the changes or revisions were made.  In other words, your records must accurately show when changes, corrections or additions were made to the patient’s dental records.  Late entries to a record must be dated as such.  More than likely, government and private payor auditors will give very little (if any) credit to late entries or supplemental records unless the service being supplemental was recently performed.   The falsification of information in a patient’s dental record (or in other records presented to the government, its agents or private payor auditors) can constitute a criminal violation and could lead to much bigger troubles for you and your dental practice than a mere overpayment.

Private payor SIUs are an important source of referrals for State and Federal prosecutors. Your compliance with a payor’s medical necessity, documentation, coding and billing requirements will be carefully reviewed by a SIU if your dental claims are subjected to an audit by the payor’s anti-fraud unit.  If evidence of criminal fraud is identified, there is real possibility that your conduct will be referred to the government for further investigation and possible prosecution.  Your adoption and implementation of an effective compliance program will greatly reduce your level of risk.  Liles Parker attorneys have extensive experience working with dental practices around the country to develop and implement an effective compliance program.  Part of this process includes the performance of a “GAP Analysis” to determine whether the practices current practices are consistent with applicable regulatory and contractual requirements.  If deficiencies are identified, remedial steps can then be taken to bring the practice back into compliance.

Robert W. Liles Healthcare LawyerIs your dental practice being audited by DentaQuest, Delta Dental or Cigna?  If so, give us a call.  We can help.  A number of Liles Parker attorneys are experienced defending dental practices in Medicaid and private payor audits.  Moreover, these attorneys are both experienced health lawyers AND Certified Professional Coders (CPCs).  For a free consultation, please give us a call:  1 (800) 475-1906.

 

[1] Each of these plans qualify as “health care benefit programs” as defined by 18 USC § 24(b).

[2] Ecclesiastes 1:9 reads, in part “What has been is what will be, and what has been done will be done again. There is nothing new under the sun.”

[3] Are Your Providers Properly Credentialed with Each Payor?  How long does it take for the payor to credential a new dentist?  Once a new dentist is approved, will the payor cover dental claims back to the submission date of credentialing package?   We are seeing a huge rise in the number of overpayments based on failure to credential.  A detailed discussion of this credentialing issue is discussed in an article entitled: The Dangers of Billing Payors for the Services of a Non-Credentialed Dentist / Non-Participating Dentist.”

[4] Under the Fifth Amendment of the Constitution, a criminal defendant in a Federal case has a constitutional right to be indicted by a Grand Jury.  An Information is typically used by the government when a defendant voluntarily pleads guilty (typically after entering into plea bargain negotiations with the government).

[5] Notably, the defendant practice administrator has not entered a guilty plea and is scheduled to be tried in December 2019.

[6] 65 Fed. Reg. 59434. (October 5, 2000).

[7] 65 Fed. Reg. 59434, 59435.

[8] A copy of the Affordable Care Act can be found at the following link:  https://www.govinfo.gov/content/pkg/PLAW-111publ148/pdf/PLAW-111publ148.pdf

[9]See Measuring Compliance Program Effectiveness – A Resource Guide.” 

[10] Generally speaking, traditional Medicare does not cover most routine dental care procedures, such as cleanings, fillings, tooth extractions, dentures, or other common dental procedures. Under certain circumstances, Medicare Part A may cover dental services that are needed in connection with the provision of a covered Part A service (e.g. an operation your jaw).  Additionally, some Medicare Advantage are now starting to cover a limited scope of routine dental procedures.

Next Page »