logo - Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations.

Stark Self-Referral Prohibitions

January 14, 2021 by  
Filed under

Download PDF

Stark Self-Referral Violations Can Be CostlyThe Ethics in Patient Referrals Act of 1989, 42 U.S.C. § 1395nn, otherwise referred to as “Stark” [1] prohibits a physician from referring Medicare or Medicaid program patients for “designated health services” (DHS) to an entity with which the physician or an immediate family member has a prohibited financial relationship, unless one of the statutory or regulatory exceptions applies. If a patient referral is not for DHS or the referring physician does not have a financial relationship with the individual entity to which he or she refers a patient, then Stark does not apply. Why are Stark self-referral prohibitions necessary?  The government has had a long-standing concern that in the absence of certain safeguards, a physician might refer a patient for certain medical services and / or supplies to an entity in which the physician has a financial interest.  Such referrals may not be medically justified and could result in over-utilization and increased health care costs. The government further believes that improper self-referrals can cloud medical judgement, limit competition  and potentially result in a decrease in the quality of health care services.

I. Stark Self-Referral Prohibitions:

 The following definitions are critical to a comprehensive understanding of the Stark self-referral laws:

Designated Health Services (DHS):  Stark only applies to the following specific medical services, known as Designated health services (DHS).  DHS services currently include:

(a) Clinical laboratory services.

(b) Occupational, speech and physical therapy services.

(c) Radiology services, including MRIs, CAT scans, PET scans, nuclear medicine and ultrasounds.

(d) Radiation therapy services and supplies.

(e) Durable medical equipment and supplies.

(f) Parenteral and enteral nutrients, equipment and supplies.

(g) Prosthetics orthotics, prosthetic devices and supplies.

(h) Home health services.

(i) Outpatient prescription drugs.

(j) Inpatient and outpatient hospital services.

A medical service falling under any of these categories is considered a DHS even if it is bundled with other services or billed as something else.

Financial RelationshipThe term financial relationship includes any ownership or compensation interests that will benefit a physician financially. There are several types of relationships:

 

Compensation

 

Investment and Ownership

DirectDirect Compensation

(A physician receives $50 for each referral he makes to a radiology lab)

Direct ownership

(A physician directly owns or invests in an imaging clinic)

IndirectIndirect Compensation

(A DME company gives an unreasonable amount of test supplies to a physician’s office)

Indirect ownership

(A physician owns shares of a partnership, which owns a hospital, which then owns an imaging clinic)

CompensationThe term compensation (or remuneration) refers to any direct or indirect payment, which essentially covers anything given to the physician for a referral if he or she does not own or invest in the entity.

Ownership:  The term ownership (or investment) refers to a financial link between a physician and an entity, including equity, shares, stocks, bonds, debt, loans or any other type of financial arrangement that an entity secures with its own assets.

Entity: The term entity includes any person or business that provides and/or bills for a DHS, including any solo physician practice, group practice, sole proprietorship, trust, corporation, partnership, foundation, non-profit corporation, limited liability company, unincorporated association or any person or business that arranges to receive payments from a billing entity, with some exceptions.

Physician:  The term physician refers to a doctor capable of making referrals, including:

(a) Doctor of medicine (M.D.).

(b) Doctor of osteopathic medicine (Osteopath).

(c) Doctor of dental surgery or dental medicine (Dentist).

(d) Doctor of podiatric medicine (Podiatrist).

(e) Doctor of optometry (Optometrist).

(f) Doctor of chiropractic medicine (Chiropractor).

Stark does not apply to referrals made by non-physician practitioners, such as a physician’s assistant.

Referral: A referral is any order, request or certification for a DHS made electronically, verbally or in writing. The definition of a referral includes any services performed incident to tests and other medical services established in a plan of care. Additionally, if a physician has direct or indirect control over the referrals made by members of a group practice, then any referrals made to a prohibited entity (e.g., one with whom the controlling physician has a financial relationship) are illegal.

II.  Exceptions to the Stark:

There are a number of narrowly drawn exceptions to Stark that allow referrals where a physician and another provider have a financial relationship. These exceptions are constantly changing and evolving. Because these arrangements need to be carefully structured with appropriate agreements to satisfy an exception, a physician or provider should not, under any circumstances, attempt to address them without the assistance of qualified counsel. Exceptions to the Stark Law include, but are not limited to:

  • Academic medical centers.
  • EPO and other dialysis drugs furnished in connection with ESRD.
  • Eyeglasses and contact lenses.
  • Prepaid plans.
  • Publicly traded securities.
  • Mutual funds.
  • Hospital ownership.
  • Rural providers.
  • Arrangements with hospitals unrelated to designated health services.
  • Charitable donations.
  • Community-wide health information services.
  • Compliance training.
  • Electronic health records items & services.
  • Electronic prescribing items & services.
  • Employment relationships.
  • Equipment rental.
  • Fair market value compensation.
  • Obstetrical malpractice insurance.
  • Office rental.
  • Payments by a physician for items and services.
  • Personal services arrangements.
  • Physician recruitment.
  • Referral services.
  • Retention payments in underserved areas.
  • Risk-sharing arrangements.

Failure to qualify under one of the exceptions to Stark makes a physician referral for DHS to an entity in which the physician has either a financial relationship or compensation arrangement a prohibited referral. Stark is not an intent-based statute.  Sanctions for presenting a claim for a prohibited referral can include penalties and can implicate other Federal statutes used to combat health care fraud (e.g. False Claims Act) if the circumvention scheme or arrangement is shown to involve a physician entity that “knows or should know” that the arrangement or scheme’s principal purpose is to assure referrals by a physician to a particular entity.

III. State Prohibitions Against Self-Referrals:

Many states have laws that are similar to the Federal Stark laws. As a result, a comprehensive Stark self-referral and risk analysis of any arrangement involving a physician who has a financial relationship with a health care entity must also take into account applicable state laws. Even though an arrangement may not implicate or violate the Federal Stark self-referral laws, it could potentially run afoul of state physician self-referral laws.

IV.  Civil Monetary Penalties and Stark Self-Referral Laws:

Stark is a strict liability statute, which means that the government is not required to prove that a provider intended to violate the law before assessing CMPs. Generally, a Stark violation could result in: (a) denial of payment; (b) an obligation to refund any amounts improperly paid; (c) civil monetary penalties; or (d) exclusion from participation in Federal or state health care programs.

(a) Denial of Payment.

The Stark self-referral laws provide that no payment will be made by Medicare or Medicaid for an item or service provided as the result of a prohibited referral. There is an exception to the denial of payment rule, which applies when the entity did not know or have reason to know the identity of the referring physician.  However, this exception is rarely met as it is narrowly interpreted and subject to the claim otherwise meeting all applicable laws and regulations.

(b) Civil Monetary Penalties

For “knowing” violations, Stark imposes CMPs. Any person who presents (or causes to be presented) a claim for service that the person knows or should know resulted from a prohibited referral could be subject to a CMP. Additionally, a knowing violation could result in liability under the False Claims Act.  There are several types of Stark violations that could result in the assessment of CMPs:

  • Presentment of a claim (or causing a claim to be submitted) involving an improper referral. This could result in a CMP of up to $15,000 for each service;

  • Failure to refund amounts received from a prohibited This could result in a CMP of up to $15,000 for each service; and

  • Participation in a “circumvention scheme.” This could result in a CMP of up to $100,000 for each such arrangement or

Additionally, the imposition of CMPs under Stark is subject to the same rules and procedures involved in the assessment of CMPs for other improper conduct. Therefore, those sanctioned under Stark could also be liable for the amount of losses incurred by the government as a result of the prohibited referral or up to three times that much (i.e., treble damages).

(c) Exclusion from Participation in Federal Health Care Programs.

In serious cases of Stark liability, OIG could seek to exclude a provider from participation in federal health benefits program under its permissive exclusion authorities.

V. Stark Self-Referral Violations and the False Claims Act:

A Stark violation could give rise to False Claims Act liability under the following theory: Medicare providers certify in all billing forms, cost reports, enrollment applications and elsewhere that their claims are submitted in conformity with various laws and regulations, including Stark.

Additionally, providers certify such compliance with those laws merely by participating in the Medicare program. If the providers submit claims to Medicare and receive payment for services furnished pursuant to a prohibited referral under Stark, then the claims are considered false for the purposes of the False Claims Act. If the provider knowingly presents a false claim, then he or she may be liable under the False Claims Act for up to three times the amount claimed, as well as significant penalties for each false claim.  For additional information regarding the False Claims Act, please see this link.

VI.  Stark Recommendations:

Compliance Officers are not expected to single-handedly resolve potential Stark violations. Deciding whether or not an arrangement is appropriate under Stark often requires a complex and highly technical legal analysis that may also require high levels of financial understanding and there can also be very serious penalties for Stark violations. As such, most matters implicating the Stark Laws should be addressed with the assistance of qualified counsel. Nonetheless, Compliance Officers are expected to identify and make preliminary evaluations of potential Stark problems and they should be wary of any new arrangements that could put your organization or physician at risk for liability.

After reviewing the practices of your organization, following is a simple test that has been published by the OIG that can be useful in assessing whether a potential Stark violation exists with respect to an existing or a possibly new relationship:

1. Are there referrals from a physician for a “designated health service”? If yes, go to the next question. If no, there is likely no Stark liability.

2.  Does the physician or an immediate family member, have a “financial relationship” with the entity providing the health service at issue?  If yes, go to the next question. If no, there is likely no Stark liability (though you need to scrutinize each relationship very carefully).

3.  Does the financial relationship fit in an exception?   If no, there could very likely be a Stark violation. If yes, there likely is not a Stark violation. In any event, you should contact qualified counsel to ensure that there is no question regarding these issues.

VII.  Stark Self-Disclosure Protocol:

The Stark Law provides that any payments received from services resulting from an improper referral must be refunded and that all such refunds must be made within 60 days of the date the prohibited payments were collected. However, in light of the strict liability provisions of the statute and the fact the government had very little leeway to waive or reduce sanctions and penalties for Stark violations, reporting and repaying Stark violations was problematic.

The Affordable Care Act sought to address this problem by directing the Secretary of HHS to create a self-referral disclosure protocol that would encourage providers to self-report Stark violations and comply with their refund obligation. Responding to this mandate, CMS created a Stark Self Disclosure Protocol that includes a reporting mechanism which provides some benefit (in terms of reduced liability) to providers that participate and self-disclose violations. The steps for participating in the self-disclosure protocol are set out below and a provider must submit the following information relevant to the disclosed matter:

  • Provider information (name, address, identification number(s), etc.);
  • A description of the nature of the matter being disclosed;
  • A statement as to why the disclosing party believes a Stark violation occurred, including a legal analysis of the applicable law(s) and regulation(s);
  • The circumstances under which the disclosed matter was discovered;
  • Any steps taken to prevent the disclosed matter from occurring in the future;
  • A statement as to whether the disclosing party has a past history of such violations;
  • A description of any preexisting compliance program maintained by the disclosing party;
  • A description of notices provided to other applicable government agencies, such as the Securities and Exchange Commission; and
  • A statement as to whether the disclosing party has knowledge that the matter is under inquiry by a government
  • The provider must conduct and submit a detailed financial analysis regarding the alleged violation;
  • The provider must certify that all information disclosed is true and correct and submitted in a good faith effort to resolve any liability exposure under the Stark Law; and
  • The provider must submit electronic copies and hard copies of all information to the Centers for Medicare and Medicaid Services (CMS).

When an entity makes a disclosure under the protocol, CMS must now consider several factors in possibly reducing the amount due for violations, including:

  • The nature and extent of the improper or illegal practice;
  • The timeliness of self-disclosure;
  • The cooperation in providing additional information related to the disclosure;
  • The litigation risk associated with the matter disclosed;
  • The financial position of the disclosing party; and
  • Other factors as the Secretary considers

The self-disclosure protocol may be helpful in reducing potential fines and penalties and in resolving Stark self-referral violations. It can also be useful if the provider is close to the 60-day deadline for identifying and returning an overpayment since obligations involving the 60-day rule are suspended as long as a provider remains in the program. On the other hand, providers that enter the program are in the dark as to whether their disclosure will actually result in decreased liability as there is no governmental recipe or standard procedure that is used in determining reductions. Indeed, as stated on page 6 of CMS’ Voluntary Self-Referral Disclosure Protocol, CMS has no obligation to reduce any amounts due and owing(emphasis added).

Providers who enter the program should also be aware that there are potential downsides to such an action. For example, a self-disclosure might serve as a roadmap to investigators should they seek to locate additional problematic conduct and Medicare contractors may become more interested in your organization rather than the other way around. Moreover, if you agree to settle claims through the self-disclosure protocol, you waive all appeal rights to those claims.

Providers are also cautioned that they may have other, perhaps better, options than entering the Stark Self-Disclosure Program as a means towards resolving potential Stark self-referral violations. There are a number of questions that should be addressed before a provider decides how to resolve violations and it is strongly recommended that they contact legal counsel for additional guidance on this matter.

VIII.  Conclusion:

As previously discussed, Stark is civil in nature. As with the False Claims Act itself, it is not necessary to show specific intent.  The government only need show that by a “preponderance of the evidence” a violation of the Stark statute has occurred.  As a result, it is considerably easier to allege that a Stark violation may give rise to a violation of the False Claims Act.  Additionally, under Stark fitting within an applicable exception is mandatory. As such, a provider will encounter financial exposure if full compliance with an exception is not initially achieved or is not maintained.  Failure to properly meet the requirements for a Stark exception will arguably mean that the statute has been violated, possibly leading to a violation of the False Claims Act.

Stark really highlights why it is so important to have a qualified health lawyer examine your compensation and business arrangements prior to execution.  Does your practice need assistance?  For a free initial consultation, call: 1 (800) 475-1906.

 [1]  The statute is named after its legislative sponsor, Congressman Fortney H. “Pete” Stark.

OIG Provider Self-Disclosure Considerations

December 25, 2020 by  
Filed under

Download PDF

The OIG Provider Self-Disclosure Protocol Provides an Opportunity for a Provider to Resolve Problems Directly with the OIGThe Department of Health and Human Services (HHS), Office of Inspector General (OIG) has historically emphasized the importance of “square dealing” with government supported health care programs and urged health care providers to adopt effective practices and procedures that are designed to promote compliance with applicable statutory and regulatory requirements and detect and prevent fraud. Toward that end, the OIG has stressed the importance of self-policing and the obligations of health care providers to disclose improper conduct and take remedial steps to both repay any amounts owed and prevent future re-occurrences of the wrongful practices.

I. Historical Background of the OIG’s Provider Self-Disclosure Protocol:

In 1995, as part of the joint Department of Justice/ OIG health care fraud enforcement initiative known as “Operation Restore Trust,” the OIG announced the creation of a pilot Voluntary Disclosure Program. The program was limited to five states (New York, Florida, Illinois, Texas and California) and four health care provider types (home health agencies, skilled nursing facilities, durable medical equipment suppliers, hospices and providers were given an opportunity to voluntarily return monies owed and, potentially, receive preferential consideration from the government, albeit without any promises or guarantees. The pilot project ran until 1997 and although only a limited number of eligible providers chose to participate, the value of the program to both well-meaning providers and the government was unmistakable.

II.  Issuance of the OIG’s Provider Self-Disclosure Protocol in 1998:

On October 30, 1998, shortly after the conclusion of the Operation Restore Trust pilot, the OIG announced the creation of a broad Provider Self-Disclosure Protocol that was “open to all health care providers” and “not limited to any particular industry, medical specialty or type of service.” [1] Unlike the pilot program, the Provider Self-Disclosure Protocol was not limited to any particular industry, medical specialty or type of service and providers could seek to participate in the program even if they were already under investigation by OIG or DOJ. The OIG also issued open letters to the health care community in 2006, 2008 and 2009 to provide additional guidance, but in 2013 the OIG issued an Updated Self-Disclosure Protocol to address some of the concerns within the health care legal community and encourage participation in the process.[2]

III.  Issuance of the OIG’s Updated Provider Self-Disclosure Protocol in 2013:

In 2013, the OIG issued an updated version of its Provider Self-Disclosure Protocol.  As the OIG has consistently publicized, the program is intended to give providers an opportunity to voluntarily disclose problematic conduct that resulted in a loss to the government and would likely result in a civil money penalty (or worse) if it was discovered through an investigation or other means.  In return for voluntarily disclosing the conduct, providers that act like good corporate citizens get a discount on the penalty they pay. The protocol is available and intended “to facilitate the resolution of matters that, in the disclosing party’s reasonable assessment, potentially violate Federal criminal, civil or administrative laws for which CMPs are authorized.” Thus, while parties are not required to admit wrongdoing and settlements do not contain typically do not contain admissions, “a disclosing party must acknowledge that the conduct is a potential violation…[and] explicitly identify the laws that were potentially violated.”[3]

IV.  Conduct Ineligible for the Program:

The OIG specifically states that overpayments or errors that do not potentially violate Federal criminal, civil or administrative are not eligible for the Self-Disclosure Protocol. Instead, they should be reported and repaid through the appropriate contractor voluntary refund process. In other words, if after a “reasonable assessment” of the conduct you feel that all you have found is an error or an overpayment that doesn’t potentially violate Federal criminal, civil or administrative laws for which CMPs are authorized, the OIG does not want you (and in all likelihood, you do not want the OIG).

The program also isn’t available for an opinion as to whether conduct or relationships violate the Anti-Kickback Statute or Stark laws.  The Advisory Opinion process is the proper vehicle for obtaining a formal OIG advisory opinion. Finally, the Provider Self-Disclosure Protocol is not available for disclosures that only involve Stark violations. Those should be reported through the CMS Stark Self-Referral Disclosure Protocol. [4]

V.  Components to be Included in a Self-Disclosure:

Providers present the findings of its internal investigation in the form of a detailed narrative the following information:

  • Basic provider information such as identification number(s)and tax identification number(s), Government payors (including contractors), etc. ;
  • Description of ownership and related entities with organizational charts;
  • Detailed description of the conduct and the individuals or entities involved;
  • Identification of the federal criminal, civil or administrative laws potentially violated and the health care programs affected by the conduct;
  • The corrective actions taken upon discovery of the conduct;
  • Disclosure of any other inquiries relating to a Federal health care programs;
  • The provider’s representative and the individual authorized to enter into a settlement;
  • A certification that the submission is truthful and based on a good faith effort to disclose for the purpose of resolving potential liability. [5]

VI.  Anti-Kickback Statute, Exclusion and False Billing Guidance:

One of the major improvements in the 2013 Update was its addition of specific sections for potential violations of the Anti-Kickback Statute, exclusion regulations and for the submission of false billings:

Disclosures Involving Violations of the Anti-Kickback Statute

  • Disclosing providers include a narrative describing each arrangement and why it potentially violated the Anti-Kickback Statute and, if applicable, the Stark Law.
  • The Self-Disclosure Protocol also lists several examples of the type of information that the OIG finds helpful in assessing and resolving disclosed conduct.
  • Additionally, the OIG reaffirmed that its general approach for resolving potential Anti-Kickback Statute violations is to apply a multiplier to the remuneration conferred by the disclosing party to the entity or individual making the referral.

Disclosures involving Excluded Persons

  • The original guidance made no mention of exclusion related disclosures and the Update provides a detailed disclosure protocol.
  • The Self-Disclosure Protocol contains fairly detailed guidance for calculating single damages involving persons that do not provide directly billable services where none previously existed.

Disclosures Involving False Billings

  • Requires an estimate the financial impact to all government health care programs that considers all affected claims or a statistically valid sample of all claims.
  • Provides guidance on the creating statistically valid samples.

VII.  Potential Benefits of Participating in the Provider Self-Disclosure Protocol:

The OIG identifies the following benefits that can result from participation in the self- disclosure program:

  • The OIG believes that individuals or entities that use the Self-Disclosure Protocol and cooperate during the process deserve to pay a lower multiplier on single damages than would normally be required in resolving a Government-initiated investigation.
  • There is a presumption against requiring integrity agreements where there is a good faith disclosure of potential fraud;
  • Potential for mitigation of exposure under the “60-day rule.”
  • A commitment by the OIG to “working with” those who avail themselves of the Self-Disclosure Protocol in good faith and in full cooperation.

Other potential benefits include:

  • “Good Corporate Citizen” label and potential for an expedited resolution.
  • You are better situated to give positive, balanced impression.
  • Reduced likelihood of the imposition of exclusion or an integrity agreement.
  • Potential benefits under the sentencing guidelines.
  • Reduced likelihood a qui tam (you reported the problem, not a whistleblower).
  • Reducing the need for an outside investigation.
  • Permits a disclosing provider to maintain a greater degree of control, minimize expense and disruption.

VIII. Things to Consider When Deciding Whether or Not to Participate in the Provider Self-Disclosure Protocol:

Whenever faced with the realization that your practice or clinic has engaged in wrongful conduct which has resulted in improper billings to one or more government health care programs, it is important to remember one of life’s first lessons — “If it doesn’t belong to you, give it back.” Here are a few other things to think about:

  • The Provider Self-Disclosure Protocol does not cover errors or mistakes. By participating, what are you saying about the conduct at issue?
  • When you participate, you will be asked to explain why you believe a federal civil, criminal or administrative law has been violated.
  • You are going to be asked to identify the individuals responsible for the improper conduct or practice.
  • You are going to be asked about the corrective measures you have taken and whether any disciplinary action was taken against the individual(s) responsible for the problems now being disclosed.
  • There are no promises or guarantees inherent in the protocol.
  • The OIG cannot waive rights of third parties—other Federal agencies and private payors can still come after your organization for improper claims you may have submitted to their programs.
  • The internal investigation you conducted could serve as a roadmap for prosecutors.
  • Admissions against interest may be used against you.
  • Neither the OIG nor the DOJ is limited to investigating only what you disclosed to the OIG in connection with the program.
  • The investigation may be expanded to other billing areas.
  • Be prepared to share all audit work papers.

IX.  Other Self-Disclosure Options Available to You and Your Organization:

Always remember that the point of the Provider Self-Disclosure Protocol is to create a vehicle for providers to: (1) Disclose problematic conduct, that (2) Resulted in a loss to the government, which (3) Would likely to result in a civil money penalty (or worse) once discovered. In return for the disclosure, providers get a discount on the penalty they pay – but they will still have to pay some amount as a penalty. Therefore, if a reasonable assessment of the conduct under your consideration didn’t violate any rules that warrant a penalty, you can and should, consider other options. After all, the OIG specifically states that errors or overpayments are not eligible for the program.  Alternative disclosure options include:

(1) Contractor Disclosure Programs: All CMS Contractors are required to have provider disclosure programs for overpayments and/or errors. While Contractor programs can also be difficult to navigate, they are generally not as onerous as the OIG’s protocol and, more importantly, there is no expectation of penalties. If appropriate, this if often an excellent option for consideration.

(2) CMS Stark Self-Disclosure Protocol (SSDP): The SSDP is complex protocol that is similar to the OIG’s protocol in that it requires full disclosure of all of the underlying facts and circumstances of the potential violation. Consideration of the SSDP should be made with the full participation of counsel.

(3) Disclosing Directly to the Department of Justice: Under certain limited circumstances, disclosure to the DOJ might be a provider’s best option.   For example, there is a provision under the Federal False Claims Act that allows for a reduction of penalties for providers that self-disclose to the agency. There may also be considerations of criminal law that might suggest this approach. HOWEVER, a provider should never consider taking this approach without the full consultation and participation of counsel.

As the above outline reflects, there are a number of factors to be considered prior to deciding whether or not to participate in the OIG’s Provider Self-Disclosure Protocol.  If you are considering the protocol, we recommend that you first contact qualified health law counsel for assistance.  Liles Parker attorneys include a number of former Federal prosecutors, all of whom served in significant positions at the Department of Justice.  Our attorneys have extensive experience counseling health care clients regarding the benefits and disadvantages of participating in the program.  For a free consultation regarding your case, give us a call. 1 (800) 475-1906.

[1] The 1998 Self-Disclosure Protocol is found at: https://oig.hhs.gov/authorities/docs/selfdisclosure.pdf

[2] The OIG’s Updated Self-Disclosure Protocol can be found at the following link: https://oig.hhs.gov/compliance/self-disclosure-info/files/Provider-Self-Disclosure-Protocol.pdf

[3] 2013 Updated Self-Disclosure, at pg. 3

[4] See, http://www.cms.gov/PhysicianSelfReferral

[5] 2013 Updated Self-Disclosure, at pgs. 5–6.

 

Robert W. Liles, J.D., M.B.A., M.S.

January 25, 2021 by  
Filed under

Download PDF

Robert W. Liles is a Health Law Attorney at Liles Parker. Call 1 (800) 475-1906 for a Free Consultation.
Managing Member
Office: (202) 298-8750
Facsimile: (202) 337-5804
rliles@lilesparker.com

He has been peer rated for high professional achievement in 2020Robert Liles has been rated "AV" by Martindale-HubbellNamed one of "America's Most Honored Lawyers"Robert Liles has been named a "Top-Rated Lawyer for 2020"Robert Liles has been named a "Top Attorney" by AVVO

Robert W. Liles — Practice Concentration and Experience:

Robert W. Liles has worked in regulatory compliance as a Federal prosecutor and as defense counsel, for more than 25 years. This has provided a unique perspective on the challenges faced by clients in highly regulated industries such as health care, banking and finance. Mr. Liles focuses his practice on fraud defense, internal audits, investigations, compliance and regulatory matters. He has represented both individuals and entities in administrative, civil and criminal proceedings.

Mr. Liles first began working in hospital management after receiving both an M.B.A. and an M.S. in Health Care Administration.  After graduating from law school, he was hired as an Assistant United States Attorney (AUSA) in the Southern District of Texas (SDTX) where he primarily handled False Claims Act cases.  He was later promoted to Chief,  Financial Litigation Unit.

Shortly after the passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Mr. Liles was asked to serve as our country’s first National Health Care Fraud Coordinator.He was detailed to Washington, DC and was later promoted to the position of Deputy Director, Legal Programs, for the Executive Office for U.S. Attorneys (EOUSA), a component of the United States Department of Justice (DOJ).  While at EOUSA, he advised Federal prosecutors around the country on civil and criminal fraud statutes, schemes, investigative tools, privacy concerns, and compliance issues. He was instrumental in writing and implementing DOJ guidance on the judicious use of the False Claims Act.  Notably, while a Federal prosecutor, Mr. Liles was asked by the Office of Inspector General (OIG) to travel overseas and train Ukrainian prosecutors and investigators on health care fraud and abuse issues.  Mr. Liles also regularly taught OIG agents and investigators at the Federal Law Enforcement Training Center (FLETC), on Jekyll Island.

Mr. Liles’s health care management education / background and his prior experience as a Federal prosecutor provide a real-world perspective when advising individuals and entities on enforcement and regulatory compliance issues.

Financial / Regulatory Matters Handled:

  • Managed our team in an investigation and document production responding to a subpoena directed to a large, international bank, by the Department of Treasury, Office of Foreign Asset Control (OFAC).
  • Managed our production team’s efforts in responding to a subpoena for documents by the Securities and Exchange Commission (SEC) that was directed to our client, a U.S. bank.
  • Represented bank officer and defended his deposition by the Office of the Comptroller of the Currency (OCC).
  • Represented large international bank in a False Claims Act case.

Health Care Regulatory Matters Handled:

  • Represented multiple health care providers in Medicare revocation cases where CMS had revoked the provider’s billing privileges.
  • Represented licensed health care professionals in State Licensing Board proceedings.
  • Represented multiple entities in connection with UPIC and ZPIC audits, and investigations by OIG.
  • Worked with a variety of providers and suppliers to develop and implement an effective Compliance Plan.  Conducted training for staff on statutory and regulatory requirements to be followed.
  • Reviewed and challenged the validity of the statistical methodology used to extrapolate alleged damages in audit cases of Medicare, Medicaid and private payor medical, home health, DME and dental claims.
  • Directed the internal audit of non-profit corporate operations, policies and procedures to better ensure statutory and regulatory compliance.
  • Conducted internal investigation of alleged malfeasance of corporate employees.  Provided recommendations for the implementation of safeguards to better prevent improper employee conduct.
  • Worked with corporate clients to properly incorporate privacy provisions into the client’s overall effective compliance strategy.
  • Provided assessment and advice to corporate clients on proposed business models, addressing both the prohibition against improper self-referrals, Federal and State Anti-Kickback Act concerns, and violations of False Claims Act provisions.
  • Represented individuals and entities in ongoing litigation under the False Claims Act, addressing concerns raised by DOJ and State prosecutors.
  • Managed large document productions on behalf of corporate clients in response to Grand Jury, DOJ and Federal agency subpoenas. Advised investors and investment companies with respect to health care sector issues and the possible impact of health care fraud enforcement activities.
  • Served as Independent Review Organization (IRO) in connection with multiple Corporate Integrity Agreements (CIAs) between the OIG and Medicare providers.

Education:

  • South Texas College of Law, Houston, Texas (J.D.)
  • Trinity University, San Antonio, Texas (M.S. in Health Care Administration)
  • Trinity University, San Antonio, Texas (Master’s in Business Administration)
  • University of the South, Sewanee, Tennessee (B.A. in Economics)

Certifications:

  • Certified Professional Coder (CPC)
  • Certified Medical Compliance Officer (CMCO)

Professional Affiliations:

  • Member, American Health Lawyers Association
  • Member, National Association of Criminal Defense Lawyers
  • Member, American Association of Professional Coders
  • Member, National Alliance of Medical Auditing Specialists
  • Member, American College of Legal Medicine
  • Member, Christian Trial Lawyers Association
  • Compliance Counsel, American Medical Billing Association
  • Compliance Counsel, American Association of Clinical Endocrinologists
  • Faculty Instructor, Practice Management Institute

Recent Awards:

  • Top Attorneys — Washington, DC (as published in the “Washington Lawyer“)(May 2020).
  • Rated “AV Preeminent” Highest Possible Peer Review Rating in Legal Ability and Ethical Standards (2003 — 2021).
  • Rated “10.0,” AVVO’s Highest Rating for Attorneys. (2021)
  • America’s Most Honored Professionals:  Top 1% (2017-2021
  • ).
  • Top Rated Lawyers in Washington, DC & Baltimore (as Published in the Wall Street Journal — Based on Martindale-Hubbell Ratings)(December 2015).
  • Rated “Super Lawyer” (2020 — 2021).

Federal Admissions:

  • U.S. Supreme Court
  • District of Columbia District Court
  • Maryland District Court
  • Texas Northern District Court
  • Texas Southern District/Bankruptcy Court
  • Texas Western District Court

State Admissions:

  • District of Columbia
  • State of Texas

Presentations and Speaking Engagements (Partial Listing):

  • National Webinar, American Medical Billing Association (AMBA) “What’s the Difference Between an OIG Exclusion and a CMS Preclusion?”  (2021).
  • National Webinar, American Medical Billing Association (AMBA). “10 Steps You Can Take to Improve Your Compliance Efforts in 2021″ (2021).
  • National Webinar, Texas Association of Home Care and Hospice (TAHCH).  Problems and Pitfalls With Home Health and Hospice EHR Systems — Address These Software Deficiencies Now, Before it is Too Late!”  (2020).
  • National Webinar, American Medical Billing Association (AMBA).  Compliance Pitfalls With Physician Practice EHR Systems — Deficiencies You Must Address Now!”  (2020).
  • National Webinar, Texas Association of Home Care and Hospice (TAHCH).  “An Overview of the CMS Preclusion List”  (2020).
  • Practice Management Institute, Abilene TX. “Compliance Officer Certification Course” (2020).
  • National Webinar, National Alliance of Medical Auditing Specialists (NAMAS). “Structuring an Effective Compliance Program:  The Ins and Outs of How to Ensure You Are On the Right Track.”  (2020).
  • National Webinar, National Alliance of Medical Auditing Specialists (NAMAS). “I Have an Excluded Employee — What Should I Do?” (2020).
  • G2:  Lab Reimbursement Summit 2019, Charlotte, NC.  “Government Enforcement Efforts Targeting Labs:  Are Your Marketing Practices Compliant with the Law.”  (2019).
  • American Association of Orthopedic Executives (AAOE), Arlington, VA. “Regulatory Enforcement Actions: Compliance Issues Impacting Orthopedics.” (2019).
  • Florida Behavioral Health Conference, Orlando, FL.  “Government Enforcement Efforts Targeting Substance Abuse Treatment Clinics — Are Your Marketing Practices Compliant with EKRA and Other Applicable Laws?”  (2019).
  • National Webinar, American Association of Clinical Endocrinologists. “EKRA, the Anti-Kickback Statute and State All-Payor Laws — Steps Your Endocrinology Practice Should Take to Stay Out of Trouble.”  (2019).
  • West Coast Symposium on Addictive Disorders (WCSAD), La Quita, CA.  “Enforcement and Regulatory Risks Facing CEOs, Managers and Physicians of Addiction Medicine Clinics.” (2019).
  • Annual Conference — American Alliance of Orthopedic Executives (AAOE), Nashville, TN. Regulatory Risk Areas Facing Orthopedic Practices in 2019.”  (2019).
  • Annual Conference, American Association of Professional Coders (AAPC), Las Vegas, NV. Potential Liability of Coders and Billers in a Health Care Fraud Case.” (2019).
  • National Webinar, Liles Parker.  “Top 10 Steps You Can Take to Improve Compliance and Stay Out of Trouble with the Government — Parts 1 and 2.”  (2019).
  • DHR Health — Partnership Meeting, Edinburg, TX.  An Overview of Current Health Care Fraud Enforcement Efforts – Steps You Can Take to Improve Compliance and Stay Out of Trouble.”  (2019).
  • National Webinar, Exclusion Screening, “Exclusions Screening of Vendors and Contractors — Who Should You Screen?”  (2019).
  • National Webinar, American Medical Billing Association (AMBA).  Third-Party Billing Agreements: Does Your Contract Protect Your Interests? Is it in Violation of Federal or State Requirements?” (2019).
  • Endocrine University: American Association of Clinical Endocrinologists (AACE).  Mayo Clinic, Rochester, MN.  “The Business of Medicine.”  (2019).
  • American College of Legal Medicine, 11th Annual Ethical and Legal Aspects of Dentistry, Los Angeles, CA.  Current Audit and Government Enforcement Efforts Against Dentists and Dental Practices.”(2019).
  • National Webinar.  Exclusion Screening. Disclosure Risks When Enrolling in Medicare and Medicaid.”(2019).
  • National Webinar, National Alliance of Medical Auditing Specialists (NAMAS). “2019 OIG Work Plan Update.”  (2019).
  • Annual Conference, Cape Cod Symposium on Addictive Disorders (CCSAD), Hyannis, MA. Enforcement and Regulatory Risks Facing CEOs, Managers and Physicians of Addiction Medicine Clinics.” (2018)
  • Annual Conference (AOA-36), Association of Otolaryngology Administrators, New Orleans, LA, “Health Care Employment Law Update. From Marijuana to Sexual Harassment.” (2018).
  • National Webinar, American College of Clinical Endocrinologists, “Endocrinologist Considerations When Negotiating a New Employment Contract AND When Leaving a Job.” (2018).
  • AAPC Alexandria, VA Chapter Conference, “Regulatory and Enforcement Risks to be Addressed by Professional Coders.”  (2018).
  • Annual Conference, American College Health Association, Washington, DC, “Workplace Violence in College Health Care Clinics.” (2018).
  • National Webinar, Exclusion Screening, Top Regulatory and Billing Risks Facing Dentists and Dental Practices.” (2018).
  • Quality & Compliance Conference, Home Care Alliance of Massachusetts, Worchester, MA, “ADRs, Prepayment Reviews, Post-Payment Audits and Suspensions – Navigating Medicare’s Administrative Appeal Process.” (2018).
  • Annual Retreat, Washington, DC, “The Criminalization of Pain. The Investigation and Prosecution of Physicians, Nurse Practitioners and Dentists based on Their Opioid Prescribing Practices.” (2018).
  • National Webinar, Exclusion Screening, “History and Current Status of Health Care Regulatory Enforcement Efforts.” (2018).
  • Endocrine University, American Association of Clinical Endocrinologists, Rochester, MN, “The Business of Medicine.”  (2018).
  • Annual Conference, American College of Legal Medicine, Charleston, SC, Top Regulatory and Billing Risks Facing Dentists and Dental Practices.(2018). 
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando, FL, “Enforcement Efforts for 2018: What You Can Do to Prepare for the Upcoming Changes in Laws & Statutes.” (2017).
  • Annual Conference (AOA-35) , Association of Otolaryngology Administrators, Las Vegas, NV, “Emergency Preparedness and Workplace Violence.” (2017).
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando FL, “History & Current Status of Healthcare Compliance Requirements.” (2017).
  • National Conference, American Medical Billing Association, Las Vegas, NV, “Vital Billing Contract Terms for Billers and Health Care Providers.” (2017).
  • National Conference, The Business of Pain Medicine, “IPM Compliance.” (2017).
  • National Webinar, American Association of Healthcare Administrative Management, “Effective Compliance Plans — How is Law Enforcement Evaluating Your Efforts?” (2017).
  • New Directions in Home Care & Hospice Conference, Dixon Healthcare Solutions, Las Vegas NV, “New Developments in Regulatory and Judiciary Enforcement of Home Health Agencies.” (2017).
  • National Webinar, American Medical Billing Association, “Employer Scrutiny and Screening for Current and New Employees and Providers.” (2017).
  • National Webinar, Texas Association for Home Care and Hospice, “Employer Scrutiny and Screening for Current and New Employees and Providers.” (2017).
  • Annual Conference, West Virginia State Medical Association, Charleston WV, “Employment Law and the Medical Practice. What are the Risks Facing Your Practice.”  (2017).
  • Annual Conference, West Virginia State Medical Association, Charleston WV, “ADRs, Prepayment Reviews, Postpayment Audits, Suspensions and Revocations – The Impact of these Administrative Enforcement Tools on a Physician Practice.” (2017).
  • National Webinar, Texas Association for Home Care and Hospice, “Reading the Tea Leaves – What are the Top Ten Risks Your Home Health Agency will Face in 2016.” (2016).
  • National Webinar, Texas Association for Home Care and Hospice, “Employer Scrutiny and Screening for Current and New Employees and Providers” (2016).
  • National Webinar, Texas Association for Home Care and Hospice, “Pre-Claim Reviews – Is Your Agency Prepared?” (2016).
  • National Conference, Practice Management Institute, Las Vegas NV, “Compliance and Ethics in the Medical Practice.” (2016).
  • National Conference, Practice Management Institute, Las Vegas NV, “Workplace Violence in the Medical Practice.” (2016).
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando FL Attorney-Client Privilege: Issues to be Considered by Health Care Providers.”  (2016).
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando FL, “What is Your Liability? As the Auditor and Compliance Officer What Role do You Play in Your Day-to-Day Operations?”  (2016).
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando FL, “Developing a Voluntary Disclosure and Refund Policy.” (2016).
  • National Conference, National Alliance of Medical Auditing Specialists, Orlando FL, “Repercussions and Penalties of Non-Compliance. The Potential Price Tag of Not Having a Compliance Plan.” (2016).
  • National Conference, American Medical Billing Association, Las Vegas NV, “The Liles Report: An Update on Compliance.” (2016).
  • National Conference, Professional Association of Health Care Office Management (PAHCOM), Clearwater Beach FL “Reading the Tea Leaves – How Does 2017 Look for Health Care Providers?” (2016).
  • National Conference, American Medical Billing Association, Las Vegas NV, “Rules for Billers in Compliance.” (2016).
  • National Webinar, National Alliance of Medical Auditing Specialists, “The FY 2017 OIG Work Plan: What Should You Expect.”  (2016).
  • National Conference, Association of Otolaryngology Administrators, Chicago IL, “What are the Top 10 Regulatory Risks Your Practice will Face in the Next Year?” (2016).
  • National Conference, Association of Otolaryngology Administrators, Chicago IL, “Professional Courtesy, Discounts and Waivers – When are they Permissible? When are they Likely Illegals?” (2016).
  • National Webinar, Texas Association for Home Care and Hospice, “Home Health Pre-Claim Demonstration Review Project & New HHS-OIG Home Health Audits on the Horizon.” (2016).
  • National Conference, Practice Management Institute, Las Vegas NV, “Compliance and Ethics in the Medical Practice.” (2016).
  • National Webinar, Practice Management Institute, “Compliance News Update.” (2016).
  • National Webinar, American Medical Billing Association, Third-Party Billing Agreements – Does Your Contract Protect Your Interests?” (2016).
  • National Conference, Practice Management Institute, New Orleans LA, “Compliance and Ethics in the Medical Practice.” (2016).
  • National Conference, Practice Management Institute, New Orleans LA, “HHS-OIG Fraud Efforts & Physician Compensation.” (2016).
  • 16th Annual Health Care Business Summit, MedAssets, Las Vegas NV “Regulatory Risks:  The Anti-Kickback Statute, Stark and the False Claims Act”  (2016).
  • Long Term Care and the Law, American Health Lawyers Association, Orlando FL “Tactical Approaches to Claim Audits and Recovery Risks in Home Health and Hospice”  (2016).
  • 15th Annual National Medical Billing Conference, American Medical Billing Association, Las Vegas NV “Provider Exclusions, HIPAA Changes and Legal Issues with ICD-10” (2015).
  • Cutting Edge Home Health Leadership Summit, Dixon Healthcare Solutions, Maui HI, “Defending Your Medicare and Other Government Claims” (2015).
  • West Virginia State Medical Association — Winter Conference, Charleston WV, “Physician Compliance Challenges – Regulatory Risks Areas to be Considered by Your Practice” (2015).
  • Private Duty Conference, Dixon Healthcare Solutions, Las Vegas NV, “Understanding HIPAA and other Privacy Issues Affecting Your Private Duty Agency” (2015).
  • National Conference, Practice Management Institute, San Antonio TX, “Compliance and the Physician Practice: A Glimpse of the Future” (2015).
  • National Webinar Series, Exclusion Screening “Don’t Forget, The OIG Is Not the Only Game in Town!” (2015).
  • National Webinar Series, American Medical Billing Association, “Using an Overseas Billing Company and /or Using the Cloud to Store Your Data: What are the Risks and Benefits of these Practices?” (2015).
  • Home Health Conference, Dixon Healthcare Solutions, Las Vegas NV, “Employment Law Issues Impacting Home Health Agencies” (2015).
  • Home Health Conference, Dixon Healthcare Solutions, Las Vegas NV “Preparing and Responding to Various Medicare Claims Audits” (2015).
  • Doctor’s at Renaissance Conference Center, Edinburg TX, “South Texas Takedown — How to Stay within the Four Corners of the Law” (2015).
  • APPNA, Arlington VA, “Top 10 Steps You Can Take to Improve Compliance and Stay Out of Trouble with the Government” (2015).
  • Private Duty Conference, Texas Association of Home Care and Hospice, San Antonio TX, “Risky Business. . . Avoiding Legal Pitfalls to Protect Your Business and Bottom Line” (2014).
  • Regulatory Educational Group Services, McAllen TX, “Top 10 Steps You Can Take to Improve Compliance and Stay Out of Trouble with the Government” (2014).
  • NSCHBC Annual Conference – San Juan PR, “Be Careful Before Moving to Cloud Computing: A Contrarian View of the Inevitable” (2014).
  • NAMAS Annual Conference, Ashville NC, “Enhanced Provider Exclusion Rules and the Impact on Your Screening Obligations” (2014).
  • NAMAS Annual Conference, Ashville NC, “When to Disclose – Legal Obligations and Options” (2014).
  • Fall Conference — Jefferson IPA, Dallas TX, “Risky Business: Avoiding Program Integrity Pitfalls Currently Facing Your Health Care Practice” (2014).
  • National Webinar Series, Practice Management Institute, “Human Resource / Employee Relations Risks” (2014).
  • National Webinar Series, American Medical Billing Association, “Identifying Risks and Modifying Your Compliance Plan to Take These Risks Into Account” (2014).
  • Rio Grande Valley Healthcare Fraud and Compliance Conference, McAllen TX, “Overview of Health Care Compliance and Relevant Statutory Provisions Now Facing South Texas Providers” (2013).
  • Physician Practice Conference & Annual Business Meeting, West Virginia Medical Association, Charleston WV, “Red Hot Compliance Update — 2013” (2013).
  • National Conference, Practice Management Institute, New Orleans, LA, “Conducting a Gap Analysis: Turning the Lights On in Your Practice.” (2013).
  • National Webinar Series, American Medical Billing Association, “Social Media Concerns for Providers and Billers” (2012).
  • National Webinar Series, American Medical Billing Association, “HIPAA, HITECH and Emerging Risk Areas for 2012” (2012).
  • Fifth Annual Medical Coding Conference, Coding Con, Orlando FL, “Building an Effective Anesthesia Compliance Program” (2012).
  • Revenue Cycle Management 2011, Decision Health, Atlanta GA, “Responding to Unannounced Audits” (2011).
  • Annual Conference, Practice Management Institute, San Antonio TX, “Federal Compliance Panel Addresses Compliance Risks” (2011).
  • National Webinar Series, Practice Management Institute, “Reading the Tea Leaves — Issues of Concern Covered in HHS-OIG’s 2012 Workplan” 2011.
  • National Webinar Series, American Medical Billing Association, “Returning Overpayments to the Government” (2011).
  • National Webinar Series, Decision Health, “What to do When the Auditor Knocks” (2011).
  • Medical Coding, Billing and National Conference, CodingCon, Las Vegas NV, “Impact of Healthcare Reform on Healthcare Entities” (2011).
  • Annual Conference, American Medical Billing Association, Las Vegas NV, “Third-Party Billing Company Compliance Concerns” (2011).
  • Practice Management Institute, Dallas TX, “Compliance Officer Certification Course” (2011).
  • Practice Management Institute, Las Vegas NV, “Compliance Officer Certification Course” (2011).
  • Practice Management Institute, San Diego CA, “Compliance Officer Certification Course” (2011).
  • Practice Management Institute, Alexandria VA, “Compliance Officer Certification Course” (2011).
  • National Webinar Series, American Medical Billing Association, “Health Care Reform and Third-Party Billers“(2010).
  • South Texas Home Health Conference, The Forum, McAllen TX, “Responding to ZPIC Audits and Investigations” (2010).
  • Annual Conference, Practice Management Institute, San Antonio TX “Medicaid Integrity Contractors: The Newest Challenge Faced by Providers” (2010).
  • Annual Conference, Practice Management Institute, San Antonio TX, “Responding to an Audit by Medicaid Integrity Contractor” (2010).
  • Webinar, Rocky Mountain Chapter – American Medical Billing Association, “Current Issues Facing Third-Party Billing Companies” (2009).
  • Annual Convention, Practice Management Institute, Las Vegas NV, “Medicare Audits: How to Respond to a RAC Review” (2009).
  • 9th Annual AMBA National Conference, Las Vegas NV, “RAC, PSC and ZPIC Audits — How to Respond if Your Practice is Audited” (2009).
  • 21st Annual PAHCOM Conference, Phoenix AZ, “Current Risks Faced by Physician Practices” (2009).
  • National Conference, Practice Management Institute, San Antonio TX, “Responding to PSC and RAC Audits” (2009).
  • Medical Billing and User Conference, CodingCon, Orlando FL, “Issues Facing Third-Party Billing Companies” (2009).
  • National Conference, Practice Management Institute, Las Vegas NV, “A New Breed CMS Auditor: PSCs and RACs” (2008).
  • Regional Conference, Practice Management Institute, Anaheim CA, “A New Breed of CMS Contractors: PSCs and RACs” (2008).
  • Regional Conference, Decision Health, Atlanta GA, “Keynote Speaker: Post-Election Legislative Initiatives” (2008).
  • Regional Conference, Decision Health, Atlanta GA, “Provider-Vendor Relationships: How to Stay on the Right Side of the Red Line” (2008).
  • Fall Health Care Conference, Practice Management Institute, San Antonio TX, “RACs and PSCs: Addressing Audits by CMS Contractors” (2008).
  • Central Illinois Chapter Meeting, American Medical Billing Association, Chicago IL, “Issues Facing Third-Party Companies” (2008).
  • National Conference, American Medical Billing Association, Las Vegas NV, “Issues Facing Third-Party Billing Companies” (2008).
  • Semmelweis Annual Conference, Washington, DC, “History and Current Status of the False Claims Act” (2007).
  • Annual Convention, Medical Association of Billers, Las Vegas, NV, “Compliance Violations and Penalties” (2007).
  • Chapter Conference for Medical Office Professionals, American Medical Billing Association, Largo, MD, “Health Care Fraud: Audits and Investigations” (2007).
  • Semmelweis Society Annual Conference — Washington, DC, “Bad Faith Peer Review Concerns” (2006).
  • Prosecuting Chiropractic Fraud Cases, NCHAA, Harrisburg, PA, “Chiropractic Fraud Issues” (2006).
  • Health Care Fraud Issues Faced by Medical Group Managers, MGMA, Washington, DC, “Health Care Fraud Update” (2006).
  • Annual Conference, American Medical Billing Association, Las Vegas, NV, “Keynote Speaker: Health Care Compliance” (2006).
  • Medical Practice Coding & Compliance Summit, Practice Management Institute, San Antonio TX “Health Care Fraud: Issues and Concerns from a Legal Perspective” (2006).
  • Intensive Session in Trial Advocacy Skills, National Institute of Trial Advocacy, Washington DC, “Trial Advocacy Skills” (2003).
  • Health Privacy, American Academy of Pediatric Dentistry, “HIPAA Privacy: An Essential Element of an Effective Compliance Strategy” (2003).
  • Webinar, Ohio Hospital Association, “Handling Overpayments — Selected Issues and Considerations“(2003).
  • Intensive Session in Trial Advocacy Skills, National Institute of Trial Advocacy, Washington DC, “Trial Advocacy Skills” (2002).
  • Trinity University and the Greater San Antonio Hospital Council, San Antonio TX, “How to Respond to a Federal Investigation of Your Hospital or Medical Practice” (2002).
  • Greater New York Chapter of the American Corporate Counsel Association, New York NY, “How to Respond to a Federal Investigation of Your Company“ (2002).
  • Member Teleconference, Ohio Hospital Association, “New Leadership: What to Expect from DOJ and HHS-OIG” (2001).
  • Health Care Fraud Enforcement Issues and Considerations, Georgia Podiatric Association, Atlanta GA, “2001 Podiatric Coding & Practice Management Summit” (2001).
  • Member Teleconference, Healthcare Financial Management Association, “Health Care Fraud Enforcement Efforts This Year and Beyond“(2001).
  • Annual Meeting: Legislative Update, Academy of Managed Care Pharmacies, San Antonio TX, “Pharmaceutical Legislative Initiatives” (2001).
  • Ukrainian Prosecutors and Interior Ministry of Interior Law Enforcement Officials, Sponsored by the Department of Health and Human Services, Office of Inspector General, Kharkov Ukraine, “Civil and Criminal Health Care Fraud Enforcement” (multiple sessions covering various aspects of this topic)(2000).
  • Evaluator Team Leader Training, Executive Office for U.S. Attorneys, “Priority Prosecution Areas” (2000).
  • ABA Health Care Fraud Conference, “Priority Prosecution Areas” (2000).
  • Midwest Regional Nursing Home Fraud and Abuse Conference, Chicago IL, “Moderator, Nursing Fraud and Abuse Enforcement Panel” (1999).
  • Basic Health Care Fraud Enforcement, Federal Law Enforcement Training Center (FLETC), Glynco GA, “Civil & Criminal Health Care Fraud Statutes” (1999).
  • Advanced Health Care Fraud, National Advocacy Center, Executive Office for U.S. Attorneys, Columbia SC,  “Qui Tams” (1999).
  • National Level Health Care Fraud Working Group, Executive Office for U.S. Attorneys, Columbia SC, “False Claims Act and National Project Developments” (1998)
  • National Civil Chiefs Seminar, National Advocacy Center, Executive Office for U.S. Attorneys, Columbia SC, “Use of the False Claims Act in Civil Health Care Matters” (1998).
  • Basic Affirmative Civil Enforcement Seminar, Executive Office for U.S. Attorneys, Columbia SC, “Use of the False Claims Act” (1998).
  • Texas Statewide Financial Litigation Conference, San Antonio TX, “Health Care Fraud Collection Issues” (1997).
  • Basic Health Care Fraud Prosecution Team Training, Executive Office for U.S. Attorneys, Washington DC, “Investigative Techniques & Issues” (1997).
  • Affirmative Civil Enforcement, Executive Office for U.S. Attorneys, Washington DC, “Role of Auditors & Investigators” (1997).


Preparing for a UPIC Audit? Examine These Eight Claim Elements

Download PDF

Preparing for a UPIC Audit(Updated January 9, 2021):  Each year, our attorneys and paralegals review and assess literally thousands of Medicare claims which have been audited (and denied) by Unified Program Integrity Contractors (UPICs) and other contractors working for the Centers for Medicare and Medicaid Services (CMS).  Are you preparing for a UPIC audit?  If your Medicare or Medicaid claims haven’t already been audited by a UPIC, chances are that it will eventually happen. As UPIC audits increase during 2021, it is essential that health care providers and suppliers review their processes to better ensure that services and supplies billed to Medicare and Medicare fully comply with applicable coverage, coding and billing requirements.  While defending physicians and other health care providers in UPIC audits and government reviews, we have identified a relatively straight-forward approach for determining whether a particular claim qualifies for coverage and payment.  Generally, we refer to this approach as an examination of the “Eight Elements of a Payable Claim.Notably, this has proven to be extremely helpful tool when developing an effective Compliance Plan for a client.  As set out below, physicians and other non-hospital health care providers can often use this approach to determine whether specific services billed to the Medicare and Medicaid programs.

I.  Assessing Your Claims — Preparing for a UPIC Audit:

A discussion of the eight elements which must be carefully assessed for each and every claim is provided below.  This is especially when you are preparing for a UPIC audit of the medical services or supplies you have billed to the Medicare and Medicaid programs.

Element #1: Medical Necessity — In addressing this element, a treating health care provider should ask the following question: Were the services administered medically necessary?”

Just because a certain treatment regime is medically necessary does not mean that it will be covered by Medicare or Medicaid.  We believe that this element constitutes the most important question to be answered by a provider.  Government payors only cover medically necessary services and supplies.

Element #2: Services Were Provided The second issue addressed is whether the services at issue were actually provided.

As you can imagine, regardless of the fact that services ordered were medically necessary, the services must actually be provided in order for those services to be billed and paid.  When you are preparing for a UPIC audit, as part of your internal auditing and monitoring, should you find instances where you cannot show that a medical service or piece of durable medical equipment was provided, you must return any funds that have been received.  Equally important, medical services must actually be provided at a level of quality consistent with Medicare’s expectations or the expectations of the covering payor.

Element #3 No Statutory Violations Are the services “tainted” by any statutory or regulatory violation, such as the Stark Law, Federal Anti-Kickback or a False Claims Act violation?

Remember, a UPIC is specifically instructed to detect and refer instances of fraud, waste and abuse. [1]  When you are preparing for a UPIC audit, your review of claims should not be limited to merely a review of the documentation.  You need to also examine your organization’s business relationship and business practices.  For example, is there any evidence that the service or supplies are linked in any way to a breach of the Federal Anti-Kickback Statute or Stark’s prohibition against improper self-referrals?  Similarly, is the service or claim associated with a possible violation of the civil False Claims Act? In recent years, we have see an increasing number of cases where otherwise payable claims were tainted due to the fact that the referring or servicing provider was excluded from participation in the Medicare or Medicaid programs. [2]  The bottom line is fairly straight-forward: it is insufficient to merely show that a claim appears to meet the government payor’s basic medical necessity, billing and coding rules. You need to also verify that the way the business was generated or referred was proper and not due to a statutory violation.

Element #4:  Meets all Coverage Rules – Do the services meet Medicare’s coverage requirements?

The next point to be addressed when auditing a claim is to determine whether or not it is covered by Medicare or Medicaid.  It is important to keep in mind that a medical service or supplies can be medically necessary yet still not qualify for coverage and payment.   Ultimately, every service or claim, regardless of whether the beneficiary is a Medicare or a Medicaid plan participant, must be examined to see if it qualifies for coverage.

Element #5Full and Complete Documentation – Have the services rendered been properly and fully documented?

It is essential that you pull each and every regulatory issuance, along with any guidance issued by the state which sets out the documentation requirements associated with a particular service or claim.  After auditing literally thousands of claims, we have found that over a majority of the health care providers we have audited have never fully researched and reviewed applicable  documentation requirements.  As UPIC clinical reviewers of both Medicare and Medicaid claims are quick to state in hearings before an Administrative Law Judge (ALJ), “If it isn’t documented, it didn’t happen.”   When made during an ALJ hearing by a UPIC, this point is quite effective—it is extremely difficult for a provider to prove that a service was provided if there is insufficient documentation of the work conducted in the patient’s medical records.  Therefore, research, review, and confirm the precise documentation requirements to be met, then ensure that you take the time to fully and accurately document the work you have performed.

UPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements.  While you may very well disagree with their assessments, especially in “medical necessity” determinations (when you file a request for redetermination appeal and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) agree with the UPIC’s denial decision.  Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place.  To that end, health care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding, and billing processes.  It is very important that you show your clinicians that UPICs  enforce a strict application of Medicare’s documentation and coverage requirements.

Element #6: Proper Coding – Were the services rendered correctly coded?

Unfortunately, even if the foregoing rules have been met, it is quite simple to make a coding mistake, therefore invalidating the claim.  The coding rules are both complicated and dynamic, potentially changing from year to year.  We recommend that you either engage a qualified third-party billing company to assist you with coding and billing or ensure that your in-house staff members handling these duties are experienced and provided regular opportunities for updated training.

Element #7: Proper Billing Practices – Were the services rendered correctly billed to Medicare?

As a final requirement, health care providers must ensure that the services or claims performed fully meet Medicare or Medicaid;s billing rules.  Once again, you need to ensure that your staff is properly trained to handle the organization’s billing responsibilities. As you review your billing practices, you should abide by the following:  First, “If it doesn’t belong to you, give it back.” [3] Conversely, if you don’t owe the money, don’t automatically throw in the towel.  Discuss these claims with our attorneys to determine if there may be other arguments in support of payment that may be asserted.  

II.  Final Considerations — UPIC Audits:

The likelihood that your practice or organization will be subjected to a Medicare or Medicaid audit is increasing every day.  As a participating provider in one or more Federal health care programs, you have an affirmative obligation to ensure that your claims are properly provided, documented, coded, and billed.  Unfortunately, many health care providers have never researched and reviewed the proper rules covering the care and treatment services they provide.  When conducting a “GAP Analysis” [4] of your organization, a sample of your claims is an important proactive step you can take to help ensure that your current practices are fully compliant with applicable laws and regulations; such analyses do not have to be statistically significant.  Should you identify deficiencies, remedial steps should be taken (immediately) so that future claims for care and treatment will meet all applicable requirements.  Keep in mind—any identified overpayments must be repaid promptly to the government in order to avoid possible False Claims Act liability.

Healthcare LawyerRobert W. Liles represents health care providers in UPIC Medicare and Medicaid audits. In addition, Robert counsels clients on regulatory compliance issues, performs GAP analyses, conducts internal reviews, and trains healthcare professionals on various legal and compliance issues Do you need help preparing for a UPIC audit? Call Robert for a free consultation: 1 (800) 475-1906.


[1] A detailed discussion of the UPIC audit process can be found at the following link.

[2]  For an overview of the impact of an “exclusion” action, please see Paul Wiedenfeld’s article titled “A Provider’s Guide to OIG Exclusions.”

[3] A detailed discussion of a provider’s repayment obligations when an overpayment has been identified can be found at this link.

[4]  For a detailed discussion on how to conduct a “GAP Analysis” of your health care claims, please see our page titled: “How to Conduct a GAP Analysis of Your Health Care Practice.”

Eight Elements of a Payable Medical Claim

January 9, 2021 by  
Filed under

Download PDF

Today, it is more essential than ever that health care providers take great care when assessing a patient’s clinical needs and determining which care and treatment is medically necessary. Once this decision is made, it is imperative that health care providers submitting claims to governmental and private payors fully understand their obligations under the law and under the terms of their participation contracts, prior to billing a payor for those medical services. Generally, we refer to this process as the “Eight Elements of a Payable Medical Claim.” As set out below, non-hospital health care providers can often use this approach to determine whether specific services billed to Medicare, Medicaid, and/or private payors should be paid. A discussion of the eight elements is provided below.

Element #1 — The Medical Service or Supplies Provided were Medically Necessary:

In addressing this element, a treating health care provider should ask the following question: “Were the medical services or supplies providers medically necessary?”

When considering this question, it is important to keep in mind that the medical necessity is essentially a “standalone” determination, separate from each of the other elements. In other words, a physician may find that a specific course of treatment is medically necessary in light of a patient’s clinical profile and needs. Nevertheless, just because a certain treatment regime is medically necessary does not mean that it will be covered by one or more payors. Over the years, we have seen numerous instances where a physician determined that a course of treatment was medically necessary but it was not covered by Medicare, Medicaid, or a private payor plan.

We believe that this element constitutes the most important question to be answered by a provider. Services which are not medically necessary should never be performed. However, a provider may choose to provide medically necessary services regardless of whether he or she anticipates a payor to find that the care qualifies for coverage and payment.

Element #2 — The Medical Services of Supplies Were Actually Provided:

The second issue addressed is whether the services at issue were actually provided. As you can imagine, regardless of the fact that services ordered were medically necessary, the services must actually be administered in order for those services to be billed and paid. Absent clear, unambiguous evidence that services were provided, they should not be submitted for reimbursement.  Equally important, services must actually be provided at a level of quality consistent with Medicare’s expectations or the expectations of the covering payor.

Element #3 — No Other Statutory Violations Were Committed in Connection with the Medical Services or Supplies Provided:

In other words, were the medical services or supplied provided “tainted” by any statutory or regulatory violation, such as the Stark Law, Federal Anti-Kickback Statute or a False Claims Act violation?  When examining whether a claim is properly payable, you need to remember that even though the medical service at issue may have been medically necessary and qualified for payment, if it is the result of an illegal activity, it will be tainted and will likely not qualify for payment.

Therefore, when you are reviewing a service or claim, you must consider whether there is any indication of possible statutory or regulatory violations. For instance, is there any evidence that the service or claim is linked in any way to a breach of the Federal Anti-Kickback Statute or Stark’s prohibition against improper self-referrals? Similarly, is the service or claim associated with a possible violation of the civil False Claims Act? The bottom line is fairly straight-forward: it is insufficient to merely show that a claim appears to meet the payor’s basic billing rules. Rather, a broad view of the service or claim should be made to better ensure that it is not otherwise non- payable due to a statutory breach.

Element #4 — All Applicable Coverage Requirements are Met:

Traditional Medicare, Medicare Advantage plans, traditional Medicaid, Medicaid Advantage plans and each of the private payor plans all have similar, but in many instances different, coverage requirements.  Therefore, it is essential that when you are auditing a claim, you need to determine whether or not it is covered under the patient’s insurance plan.  You need to keep in mind that a service or claim can be medically necessary yet still not qualify for coverage and payment. Ultimately, every service or claim, regardless of whether the beneficiary is a Medicare, Medicaid, or private plan participant, must be examined to see if it qualifies for coverage.

In making coverage determinations, CMS has interpreted the phrase “reasonable and necessary” to reflect that the item or service in question is safe and effective and not experimental or investigational. [1] CMS stated that the relevant tests for applying these terms are whether the item or service has been proven safe and effective based on authoritative evidence, or alternatively, whether the item or service is generally accepted in the medical community as safe and effective for the condition for which it is used. [2] A device is investigational if it has not been approved by the Food and Drug Administration (FDA) through a premarket approval process or the “510(k) certification process.” [3]

  • National Coverage Determinations.

In its most general form, the Secretary of the U.S. Department of Health and Human Services (HHS) may articulate “reasonable and necessary” standards through formal regulations that have the force and effect of law throughout the administrative process. [4] More specifically, the Secretary may publish a formal administrative ruling in the Federal Register setting forth how Medicare statutes and regulations are to be applied in particular circumstances. [5] These regulations and administrative rulings are binding at all stages of the administrative process. [6]

The first type of formal regulations are publications known as National Coverage Determinations (NCDs). [7] NCDs are national policy statements that grant, limit, or exclude Medicare coverage for a particular item or service and apply nationally to all Medicare beneficiaries who meet the criteria for coverage. [8] More precisely, NCDs are “determination[s] by the Secretary with respect to whether or not a particular item is covered nationally” by Medicare. [9] NCDs “generally outline the conditions for which a service is considered to be covered (or not covered)” and “are usually issued as a program instruction.[10] NCDs are often published detailing how a particular patient population may or may not receive Medicare reimbursement for a covered item or service. [11] Therefore, NCDs relate only to issues of coverage. NCDs do not reflect a determination of the amount of payment made for a particular item or service. [12]

Moreover, any interested party, including beneficiaries, may make an external request for a new NCD. [13] Most of these external requests, however, are made by organizations such as drug, device, or medical product manufacturers or by professional medical organizations, providers, or suppliers. [14] In addition, CMS may make its own internal request if it determines that an NCD is “in the interest of the general health and safety of Medicare beneficiaries.” [15]

Importantly, because of the judicial deference given to the Secretary in making his or her coverage determinations, all requirements set forth within an NCD are binding on coverage determinations made by Medicare Administrative Contractors (MACs) and Administrative Law Judges (ALJs) during the appeals process. [16]

Finally, the Secretary may “further define when and under what circumstances services may be covered (or not covered)” under the reasonable and necessary standard through “coverage provisions” in “interpretive manuals.[17] Manual instructions are often issued in the form of program memoranda, such as the “Medicare Program Integrity Manual.”

  • Local Coverage Determinations.

The Secretary of HHS may also delegate its responsibilities to Medicare contractors under section 1395y(a). [18] Therefore, in the absence of an NCD, MACs are responsible for promulgating their own reasonable and necessary coverage determinations. [19] These determinations are published as Local Coverage Determinations (LCDs). LCDs are defined as “determination[s] by a [contractor] under. . . part B. . . respecting whether or not a particular item or service is covered. . . in accordance with section 1395y(a)(1)(A).” [20] MACs make these coverage determinations by applying the Act and Federal regulations, as well as additional guidance provided by CMS in the form of Rulings, Medical Manual Provisions, and other forms of guidance. [21] In fact, the vast majority of coverage decisions are made at the local level by clinicians who work with the MACs during the claims review process.  CMS’s Medicare Program Integrity Manual (PIM) outlines how LCDs are to be promulgated. Each LCD must reflect local medical practice within the contractor’s jurisdiction and must be supported by substantial medical evidence. [22] MACs develop LCDs by considering medical literature, the advice of medical societies and consultants, public comments, and comments from the Medicare provider community. [23] Like NCDs, an LCD’s coverage guidance on whether an item is medically “reasonable and necessary” means that the item is safe and effective and not experimental or investigational as determined by the FDA approval process. [24] The contractor must also ensure that LCDs are consistent with the Medicare statute, regulations, NCDs, and other applicable Federal guidance. [25] The PIM also requires that contractors engage in a notice and comment process before publishing coverage policies. [26]

Unlike NCDs, ALJs and the Medicare Appeals Council (Appeals Council)—not to be confused with the Medicare Administrative Contractor (MAC)—are not bound by LCDs or CMS program guidance, such as program memoranda and manual instructions. [27] However, they will give substantial deference to these policies if they are applicable to a particular case. [28] This deference is due to interpretations that arise under a “complex and highly technical regulatory program,” where even “the identification and classification of relevant criteria necessarily require significant expertise, and entail the exercise of judgment grounded in policy concerns.” [29] If either an ALJ or the Appeals Council declines to follow a policy in a particular case, the ALJ and/or Appeals Council decision must explain the reasons why the policy was not followed. [30] An ALJ or Appeals Council decision to disregard that policy applies only to the specific claim being considered and does not have precedential effect. [31] Furthermore, an LCD made by one MAC is not binding on the other Medicare contractors across the country. [32]

The Secretary of HHS is also responsible for overseeing the evaluation of new LCDs to determine whether they should be adopted nationally and to what extent can consistency be achieved among LCDs. [33] Because LCDs are established by each individual MACs, variances between LCDs are common. Notably, while assessing common coverage and documentation requirements from one region to another, we have found that the differences between one LCD and another can be significant.  Finally, if there is no NCD or LCD in place, “contractors may make individual claim determinations,” including whether a particular item or service meets the statutory requirement of being “reasonable and necessary.[34]

  • Challenging NCDs and LCDs:

When a beneficiary is confronted with a denied claim and wishes to challenge that denial, the beneficiary has the option of pursuing review through the claims appeal process, seeking review of the applicable LCD or NCD, or both. [35] However, any challenge to an NCD or LCD is distinct from the general Medicare claims appeal process set forth in 42 U.S.C. § 405(g). [36] In fact, challenging these determinations permits an aggrieved beneficiary to seek review of an entire policy or provision rather than just a specific claim denial. [37] Nevertheless, when the LCD review process was created, the existing claims appeal procedures remained unaltered. As a result, a beneficiary who wishes to challenge an NCD or LCD still has access to a de novo review by ALJ or to Federal district court review, if necessary. [38]

When challenging an NCD or LCD, ALJs and the Appeals Council are responsible for reviewing the reasonableness of these determinations under certain guidance. In determining whether LCDs or NCDs are valid, the adjudicator must uphold a challenged policy (or a provision or provisions of a challenged policy) if the findings of fact, interpretations of law, and applications of fact to law by the contractor or CMS are reasonable based on the LCD or NCD record and the relevant record developed before the ALJ or the Appeals Council. [39]  As previously indicated, NCDs are determinations promulgated by the Secretary and are therefore given substantial deference when challenged. Nevertheless, the administrative appeals process affords this same level of deference to LCDs, despite the fact that these determinations are published by independent, private MACs. 42 C.F.R. § 405.1062(a) affirms that ALJs and the Appeals Council are not bound by LCDs or CMS program guidance, such as program memoranda and manual instructions but will also give substantial deference to these policies if they are applicable to a particular case. In doing so, the ALJs or the Appeals Council must apply the same “reasonableness standard” when conducting a challenge to an LCD as it does to an NCD. [40]

What exactly constitutes a “reasonableness standard”? In Subject: NCD Complaint—Intraocular Lens (CMS Ruling 05-01), [41] the Appeals Council acknowledged a complaint challenging an NCD that barred coverage of presbyopia-correcting intraocular lenses (PC-IOL) inserted after cataract surgery. After reviewing the NCD Record and the challenger’s contentions, the Board upheld the validity of the NCD. [42]

The Board outlined its standard of review for an NCD appeal and acknowledged that Section 1869(f)(1)(A)(iii)(I) of the Act limited its review of an NCD “to evaluat[ing] the reasonableness” of the NCD. [43] Section 1869(f)(1)(A)(iii)(III) also provides that the Board “shall defer only to the reasonable findings of fact, reasonable interpretations of law, and reasonable applications of fact to law by the Secretary.” [44] The Board recognized that this reasonableness standard required it to uphold the challenged NCD “if the findings of fact, interpretations of law, and applications of fact to law” by CMS are reasonable based on the NCD record and the relevant record developed before it. [45]

The Board also noted that Federal regulations provide a two-stage process for reviewing a challenged NCD. First, if it found the NCD record to be complete and adequate to support the validity of the NCD, it would issue a decision to uphold the NCD. This would effectively end its review process. On the other hand, if the Board found that the NCD record was incomplete and inadequate to support the validity of the challenged NCD, it would conduct a review process that permitted discovery and evidence submission, as well as a formal hearing, if necessary. [46]

“Policy Articles” are closely related to LCDs, though they are distinct documents. While LCDs contain only the reasonable and necessary language, Policy Articles contain any non-reasonable and necessary language a Medicare contractor wishes to communicate to providers. These Articles essentially provide additional details for coverage requirements and reimbursement procedures. And while Policy Articles are not LCDs, the Appeals Council has recognized a “long-standing practice to afford some deference” to these articles published by the MACs. [47] Ultimately, while challenges to the specific claims denials and challenges to the various coverage determinations follow different administrative appeals processes, the adjudicatory entities all afford the Secretary’s decisions substantial deference due to the complex nature of the Medicare program. As a result, beneficiaries have a significant hurdle in trying to overturn any adverse decision.

To be clear, there is no “silver bullet” that can be used by a provider to avoid the scrutiny of contractors and law enforcement. Every small- and mid-sized provider should expect to be audited. Rather than wait for such an eventuality, your organization should affirmatively review its operations, coding, and billing practices to ensure that its practices fall within the rules.

Element #5 — The Medical Services and Supplies Provided Were Properly and Fully Documented:

It is essential that you pull each and every regulatory issuance, along with any guidance issued by the state, that sets out the documentation requirements associated with a particular service or claim. After auditing thousands of claims, we found that the majority of audited health care providers never fully researched  and  reviewed  applicable  documentation requirements. As clinical reviewers of both Medicare and Medicaid program integrity contractors are quick to state, “If it isn’t documented, it didn’t happen.” When a UPIC or RAC makes this point during a hearing before an Administrative Law Judge (ALJ), this point is quite effective—it is extremely difficult for a provider to prove that a service was provided if there is insufficient documentation of the work conducted in the patient’s medical records. Therefore, research, review, and confirm the precise documentation requirements, then ensure that you take the time to fully and accurately document the work you have performed.

UPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements. While you may very well disagree with their assessments, especially in “medical necessity” determinations (when you file a request for redetermination appeal and later, a request for reconsideration appeal), you will find that your MAC and your Qualified Independent Contractor (QIC) agree with the UPIC’s  denial  decision. Rather than endure significant costs and stress when defending an overpayment assessment, you need to take steps to avoid a denial in the first place.  To that end, health   care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding, and billing processes.

We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff. Nevertheless, using published reports of other cases, you can show your clinicians that UPICs enforce a strict application of Medicare’s documentation and coverage requirements. Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with:

  • Any applicable National Coverage Determinations (NCDs).
  • Any applicable Local Coverage Determinations (LCDs).
  • Any Local Medical Review Policies (LMRPs).
  • The Medicare Policy Benefit Manual (MPBM).
  • The Medicare Program Integrity Manual (MPIM).
  • Any statutory provisions which cover the medical services or supplies provided.
  • Any additional guidance issued by Medicare must also be carefully reviewed.

Element #6 — The Medical Services or Supplies Were Properly Coded:

Unfortunately, even if the foregoing rules have been met, it is quite simple to make a coding mistake, therefore invalidating the claim. The coding rules are both complicated and dynamic, potentially changing from year to year. We recommend that you either engage a qualified third-party billing company to assist you with coding and billing or ensure that your in-house staff members handling these duties are experienced and provided regular opportunities for updated training.

Element #7 — The Medical Services or Supplier Were Properly Billed:

Health care providers must ensure that the services or claims performed fully meet Medicaid and Medicare’s billing rules. Once again, you need to ensure that your staff is properly trained to handle the organization’s billing responsibilities. As you review your billing practices, you should abide by the following: First, “If it doesn’t belong to you, give it back.” Conversely, “If you don’t owe the money, don’t automatically throw in the towel.” One of the attorneys in our firm is regularly asked to speak at provider conventions around the country. For years, he has told providers “If it doesn’t belong to you, give it back.” This simple concept covers a lot of ground when it comes to Medicare overpayments and is the single best policy you can employ as a good corporate citizen.

Element #8 — The Medical Services or Supplies Were Properly Paid:

Remarkably, even if your claims fully meet the first seven elements, that doesn’t necessarily mean that a claim has been properly paid.  Over the past year, we have handled several cases where the claim was properly coded and billed but still resulted in an improper payment amount due to software processing errors or mistakes made by a clearinghouse.  It is therefore imperative that you check to ensure that the reimbursement amounts made by a CMS administrative contractor are correct.

In summary, in order to qualify for payment, a claim must meet each of the eight components set out above.

Handling Deficiencies Should You Determine that a Service was Not a Payable Medical Claim:

The likelihood that your practice or organization will be subjected to a Medicare or Medicaid audit increases every day. As a participating provider in one or more Federal health care programs, you have an affirmative obligation to ensure that your claims are properly documented, coded, and billed. Unfortunately, many providers have never researched and reviewed the proper rules covering the work they provide. When conducting a gap analysis of your organization, a sample of your claims is an important proactive step you can take to help ensure that your current practices are fully compliant with applicable laws and regulations; such analyses do not have to be statistically significant.

Should you identify deficiencies, remedial steps should be taken (immediately) so that future claims will meet all applicable requirements. Keep in mind—any identified overpayments must be repaid promptly to the government in order to avoid possible False Claims Act liability.  For a detailed discussion of your obligation to repay identified overpayments, please see our page titled: “Overpayment Considerations When You Owe Monies to Medicare, Medicaid or a Private Payor Overpayment Monies.”

We strongly recommend that you foster a corporate culture which encourages coding and billing compliance. UPICs, SMRCs and RACs have increased their audit activities dramatically around the country. Your organization’s compliance with Federal and state regulations, coupled with a consistent message to your employees, is essential. Establishing effective internal auditing and monitoring practices can greatly facilitate your organization’s ability to ensure that only a payable medical claim is submitted to government and private payors for payment.

NATIONWIDE REPRESENTATION   Call: 1 (800) 475-1906.

Liles Parker attorneys and staff have extensive experience conducting assessments of medical claims and supplies  Our attorneys are both seasoned health care lawyers AND have undergone special training and education so that they could become Certified Professional Coders (CPCs), Certified Medical Reimbursement Specialists (CMRSs) and / or Certified Medical Compliance Officers (CMCOs).  Questions?  For a free consultation, give us a call.  We can be reached at:  1 (800) 475-1906.

[1] See 54 Fed. Reg. 4302, 4304 (Jan. 30, 1989); see also United States ex. rel. Colquitt v. Abbott Labs., 2012 WL 1081453, 29 (N.D. Tex. March 30, 2012); 42 C.F.R. §411.15(o).

[2] See 60 Fed. Reg. 48417-01 (Sept. 19, 1995).

[3] In the case of medical devices, under the § 510(k) certification process, a manufacturer must submit to the FDA a premarket notification submission, commonly known as a 510(k) notice, before a device may be introduced into interstate commerce. See 21 U.S.C. § 360(k); 21 C.F.R. § 807.81 (2010 For additional information on the FDA § 510(k) certification process, see:

https://www.fda.gov/medicaldevices/productsandmedicalprocedures/deviceapprovalsandclearances/510kclearances/

[4] See Willowood of Great Barrington, Inc. v. Sebelius, 638 F.Supp. 2d 98, 105 (D. Mass. 2009); 42 U.S.C. §§ 1395ff(a)(1), 1395hh.

[5] See 42 C.F.R. §401.108.

[6] See 42 C.F.R. §§401.108(c), 405.1063.

[7] See 42 U.S.C. §1395ff(f)(1)(B); See also 42 C.F.R. §§400.202, 405.1060.

[8] See 68 Fed. Reg. 55,634-01 at 6354 (Sept. 26, 2003).

[9] 42 U.S.C. §1395ff(f)(1)(B).

[10] Medicare Program Integrity Manual, Ch. 13, § 13.1.1.

[11] 68 Fed. Reg. 55,634 at 55,635.

[12] 42 C.F.R. §405.106 (2005).

[13] See 68 Fed. Reg. at 55,638 (Sept. 26, 2003); see also Section 522 of the Medicare, Medicaid, and SCHIP Benefits Improvement and Protection Act of 2000 (BIPA), Pub. L. No. 106-554, 114 Stat. 2763 app. at 2763A-534 to -543.

[14] Sandra J. Carnahan, Medicare’s Coverage With Study Participation Policy: Clinical Trials Or Tribulations?, 7 Yale J. Health Poly, L. & Ethics 229, 238 (2007).

[15] 68 Fed. Reg. at 55,635-36.

[16] See 42 U.S.C. §1395ff(f)(1)(A); see also 42 C.F.R. §405.211.

[17] Medicare Program Integrity Manual, Ch. 13, §13.1.2.

[18] See 42 U.S.C. §1395h.

[19] See 42 U.S.C. §1395ff(f)(2)(B).

[20] Id.

[21] See 42 C.F.R. §§405.803, 421.200, §405.836.

[22] See 64 Fed. Reg. 22,619, 22,621 (Apr. 27, 1999) (stating that the purpose of local medical review policies is to explain to the public and the medical community “when an item or service will be considered ‘reasonable and necessary’ and thus eligible for coverage under the Medicare statute”); PIM Ch.1, §§2.1.B, 2.3.2.1, 2.3.2.

[23] PIM, supra note 17, at §1.2.

[24] See Abbott Laboratories, at 29.

[25] PIM, supra note 17, at §2.1.B.

[26] See Erringer v. Thompson, 189 F. Supp. 2d 984, 987 (D. Ariz. 2001).

[27] 42 C.F.R. §405.1062.

[28] Id.

[29] Thomas Jefferson Univ. v. Shalala, 512 U.S. 504, 512 (1994).

[30] 42 C.F.R. §405.1062.

[31] Id.

[32] See 65 Fed. Reg. 31124, 31126 (May 16, 2000).

[33] See 42 U.S.C. §1395y(1)(5)(A).

[34] 68 Fed. Reg. 63,693 (Nov. 7, 2003).42 C.F.R. §405.1060(a)(4), (b) – (c) (2005).

[35] See 68 Fed. Reg. 63692, 63693-94 (Nov. 7, 2003)(comparing the claims appeal process and the NCD and LCD review processes).

[36] Bailey v. Mut. of Omaha Ins. Co., 534 F.Supp.2d 43, 47 (D.C. Cir. 2008).

[37] Id.

[38] See 68 Fed. Reg. 63692, 63693; see also 42 U.S.C. §§405(g), 1395ff(b)(setting out these procedures).

[39] Id.

[40] See 42 U.S.C. §405.1062(a).

[41] See Subject: NCD Complaint – Intraocular Lens (CMS Ruling 05-01), DAB No. 2418 (2011).

[42] See id. at 1.

[43] Id. at 2.

[44] Id.

[45] 42 C.F.R. §426.110.

[46] See 42 C.F.R. §§426.525(c), 426.531.

[47] Am. Med. Techs., 2010 WL 2994395, at 4 (claim for supplemental medical insurance benefits (Part B)).

 

Health Care Law Representation

January 1, 2021 by  
Filed under

Download PDF

Health Care Law Representation:

Liles Parker attorneys have decades of experience practicing health care law.  Several of our attorneys served as Federal prosecutors and held significant positions at the U.S. Department of Justice.  Our health care transactional and regulatory attorneys have the knowledge and counseling skills necessary to efficiently resolve your health care business issues at the lowest possible level, before they escalate into a more significant problem.  Areas of practice include, but are not limited to:

Claims Audits by UPIC, MAC, CERT and SMRC Contractors:

Private Payor Claims Audits:

Administrative Adverse Actions Against Health Care Providers and Suppliers:

DOJ Investigations and Prosecutions:

OIG Audits, Investigations and Exclusion Actions:

HIPAA Privacy and OSHA Compliance, Audits and Investigations:

State Licensure Board Disciplinary Actions:

NATIONWIDE REPRESENTATION   Call: 1 (800) 475-1906.

Liles Parker attorneys are both seasoned health care lawyers AND have undergone special training and education so that they could become Certified Professional Coders (CPCs), Certified Medical Reimbursement Specialists (CMRSs) and / or Certified Medical Compliance Officers (CMCOs). We handle a full range of health law matters and cases.  Questions?  For a free consultation, give us a call.  We can be reached at:  1 (800) 475-1906.

Liles Parker Attorneys Practice Health Care Law Nationwide. 1 (800) 475-1906

Overpayment Considerations When You Owe Monies to Medicare or Medicaid

December 25, 2020 by  
Filed under

Download PDF

An Overpayment Received by a Program Must be Returned to Medicare and Medicaid professionals. While considerable attention has been paid to the Affordable Care Act (ACA) and its requirement that identified overpayments be promptly repaid to the government, it is important to keep in mind that this repayment obligation was already in place.  In fact, the government has long maintained that providers participating in Federal and State health care programs are required to voluntarily return any overpayments they may have received.  To the extent that a provider has received unearned or undeserved payments due to a mistake (whether by the government or the provider) or some other reason, the provider cannot enrich themselves at the government’s expense.  Are you facing a possible overpayment situation?  Give us a call.  The health care lawyers at Liles Parker are available to help you work through the process.  For a free consultation, please call us at:  1 (800) 475-1906.

I.  Pre-ACA Obligations to Return Overpayments to the Government:

A provider’s affirmative obligation to return monies that belong to the government before the government is even aware that monies are owed is set out in the Office of Inspector General’s (OIG’s) Compliance Program for Third Party Billing Companies which states:

“Failure to repay overpayments within a reasonable period of time could be interpreted as an intentional attempt to conceal the overpayment from the government, thereby establishing an independent basis for a criminal violation.” [1]

This position was upheld in the case of United States v. Yale University School of Medicine, Civil Action No. 3:97CV02023 (Sept. 1998, USDC Connecticut) where the government intervened in a qui tam action based on the failure to repay money owed to the government. In the case, the government ultimately obtained a $1.2 million False Claims Act settlement based on the failure to return credit balances owed to the government.

Finally, a provider could be held criminally liable for the concealment or failure to disclose payments that were not authorized.  As 42 U.S.C. §1320a-7b(a)(3) provides, it is a felony, and can result in fines of up to $100,000 and imprisonment of up to 10 years, if someone:

“having knowledge of the occurrence of any event affecting (A) his initial or continued right to any such benefit or payment, or (B) the initial or continued right to any such benefit or payment of any other individual in whose behalf he has applied for or is receiving such benefit or payment, conceals or fails to disclose such event with an intent fraudulently to secure such benefit or payment either in a greater amount or quantity than is due or when no such benefit or payment is authorized,”

II.  Impact of the Fraud Enforcement and Recovery Act of 2009 (FERA) on Overpayments:

To the extent that the question remained open to some in the industry, it was fully and finally resolved with the passage of the Fraud Enforcement and Recovery Act of 2009 (FERA). FERA was passed to assist health care fraud enforcement efforts and among other things, it expanded the definition of an “obligation” that had to be repaid to the government to include overpayments and it specifically included the “retention of an overpayment” as a possible basis for claims brought under the FCA.

With the passage of FERA, it became quite clear that there was no affirmative act necessary for a provider to become liable under the False Claims Act – knowingly retaining an overpayment resulted in liability, even though the provider may not have made a “false statement” in connection with the overpayment.

III.  Impact of the the Affordable Care Act (ACA) on Overpayments:

The ACA was enacted in 2010. In addition to fundamentally changing the way people are insured and making coverage accessible to previously uninsured people and containing a large number of fraud enforcement provisions, the ACA contained a provision that required health care providers to identify any overpayments they receive and to report and repay them within 60 days of identification.  As 42 U.S.C. 1320a-7k(d) provides:

(d) Reporting and Returning of Overpayments

(1) In General

If a person has received an overpayment, the person shall —

(A) report and return the overpayment to the Secretary, the State, an intermediary, a carrier, or a contractor, as appropriate, at the correct address; and

(B) notify the Secretary, State, intermediary, carrier, or contractor to whom the overpayment was returned in writing of the reason for the overpayment.

(2) Deadline for Reporting and Returning Overpayments. An overpayment must be reported and returned under paragraph (1) by the later of —

(A) the date which is 60 days after the date on which the overpayment was identified; or

(B) the date any corresponding cost report is due, if applicable.

(3) Enforcement. Any overpayment retained by a person after the deadline for reporting and returning the overpayment under paragraph (2) is an obligation (as defined in section 3729(b)(3) of Title 31, United States Code) for purposes of section 3729 of such Title[123]. (emphasis added)

IV.  Issues Likely to Arise When Assessing a Possible Overpayment:

As many providers can readily attest, confirming that an overpayment exists is not always that easy, especially in complex cases where a patient has secondary insurance and/or the number of claims processed (as charges, credits and corrections) may be quite large. Additionally, due to the complexity of Medicare coverage and payment rules, two reasonable individuals may disagree as to whether an overpayment is present. This creates obvious difficulties in the context of identifying overpayments in the first place and, of course, with reporting and repaying them.

Questions for you to consider when assessing whether an overpayment exists include, but are not limited to the following:

  • What is an Overpayment?

Under Sec. 6402 of the ACA / 42 U.S.C. 1320a-7k(d)(4), the term “overpayment” means any funds that a person receives or retains under subchapter XVIII or XIX [Medicare and Medicaid programs] to which the person after applicable reconciliation, is not entitled under such subchapter.  (emphasis added).

  • When is an Overpayment Identified?

Unfortunately, the ACA does not define or describe when an overpayment is “identified.”  The views of providers and third-party billing companies could vary greatly on this issue.  Nevertheless, when it appears that an overpayment may exist (even if the amount has not been determined), we recommend that providers and billers:

(1) Diligently work to identify the nature and scope of an overpayment.

(2) Avoidance and / or refusing to research and clarify the nature and scope of an overpayment will be negatively viewed by the government and could increase the likelihood of a qui tam.

  • What Types of Actions Might Constitute an Identified Overpayment?

We recommend that providers and third-party billing companies should be on the lookout for a variety of events which could signify that an overpayment is present.  Examples include:

(1) A routine audit discloses full payment by a beneficiary’s primary and secondary payor for the same claim.

(2) A clinic learns that one of their employees or providers has been excluded from participation in Medicare.

(3) An anonymous employee alleges that claims are being improperly billed.

(4) A patient calls and states that she never received a certain service.

  • What is a Provider Obligated to do When an Overpayment is Identified?

Pursuant to 42 U.S.C. 1320a-7k(d)(1)(A) and (B), once an overpayment is identified, a provider is obligated by law to “Report and return the overpayment to the Secretary, the   State, an intermediary, a carrier, or a contractor, as appropriate, at the correct address; and . . . Notify the Secretary, State, intermediary, carrier, or contractor to whom the overpayment was returned in writing of the reason for the overpayment.

  • What is a Third-Party Billing Company Obligated to do When an Overpayment is Identified?

The liability of third-party billers with respect to the knowing retention of an overpayment is not expressly covered under the Affordable Care Act.  Nevertheless, they would still face liability under FERA, which provides:

Any person who. . .knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the government is liable. . .”   31 U.S.C. §3720(a)(1)(G). 

The bottom line is clear – third-party billing companies must actively work with their clients to promptly repay any overpayments identified.

  • When Must an Overpayment be Reported and Returned?

Once identified, providers are required to report and refund an overpayment to the government within 60 days of the date on which the overpayment was identified or the date any corresponding cost report is due, if applicable.  While the statute remains unchanged, CMS subsequently clarified that it did not consider an overpayment to have been “identified” under the 60-day rule until a provider has or should have, through “reasonable diligence,” quantified the overpayment.  CMS has further stated that reasonable diligence can be “demonstrated through the timely, good faith investigation of credible information, which is at most 6 months from receipt of the credible information, except in extraordinary circumstances.”  In other words, if you can show that you exercised reasonable diligence in your efforts to quantify how much is owed, you could take up to 6 months, plus 60 additional days, to report and return an overpayment.  [2]

V.  Additional Issues to be Considered After an Overpayment has Been Identified:

Once an overpayment has been identified, there are a number of other issues to be considered by providers and third-party billers.

(1) Co-payments must be returned to beneficiaries. Once you have returned any monies owed to the government, any associated co-payments paid by beneficiaries must also be returned.  (See 42 C.F.R. § 489.41).

(2)  Was the overpayment an isolated event or merely an indication of a larger problem? Was the error or other action that caused the problem an isolated event?  If not, you likely have an obligation to repay other similar errors from prior periods. The Final Rule for the reporting and returning of overpayments established a 6-year lookback period for the reporting and returning of monies that are owed to the goverment. See 42 CFR 401.305(f).

(3)  What is the appropriate mechanism to return an identified overpayment Although most overpayments are appropriately returned directly to your Medicare contractor, there are instances where you may want to handle the disclosure and return of funds differently. We recommend you engage qualified health care legal counsel to assist you in determining the appropriate mechanism to return identified overpayments. Possible options for returning an overpayment include:

  • Medicare Administrative Contractor (MAC). In most cases, routine overpayments should be reported and returned to the MAC responsible for processing your Medicare claims. Each MAC has developed a form for the reporting of overpayments. All MACs will require that you provide the specific (1) claim numbers at issue, (2) the reason for the overpayment, and (3) the method of repayment (by check or recoupment).
  • HHS, Office of Inspector General (OIG). The OIG has published a “Provider Self-Disclosure Protocol.”  Notably, it is not intended to cover mere accidents or mistakes and is not intended to cover Stark violations.
  • Centers for Medicare and Medicaid Services (CMS). CMS has now published a Stark self-disclosure protocol, referred to as the “CMS Voluntary Self-Referral Disclosure Protocol” (SRDP). Under the SRDP, providers of services and suppliers can self-disclose actual or potential violations of the physician self-referral statute.
  • Department of Justice (DOJ). Under certain circumstances, you may find it beneficial to contact DOJ directly.  For instance, prompt disclosures of violations of the False Claims Act can limit a provider’s potential damages.

VI.  Conclusion:

Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes), it has been our observation that most physician practices and third-party billers still do not have a tailored Compliance Plan in place.   In an effort to reduce the likelihood of an overpayment, we recommend that you draft and / or an effective Compliance Plan.   Moreover, to the extent that you have not already done so, you should conduct a “GAP Analysis.” [3]  If deficiencies are identified, correct them and repay any monies that may be owed.

[1] 63 Fed. Reg. 70138 (Dec. 18, 1998).

[2] 81 Fed. Reg. 7654, 7662 (Feb. 12, 2016).

[3] For a discussion of the GAP Analysis process, we recommend you review our article titled “How to Conduct a GAP Analysis of Your Health Care Practice.”

Genetic Testing Fraud Prosecutions are on the Rise Around the Country. Are Your Genetic Testing Practices Compliant?

Download PDF

Genetic Testing(August 13, 2019):  Over the last year, a number of genetic testing fraud investigations and prosecutions have been initiated by Medicare, Medicaid and TRICARE investigators and auditors.  While the nature of the diagnostic services at issue are cutting edge, the wrongful conduct associated with these cases often involves old school fraud schemes that are easily identified and well known to law enforcement.  This article covers the origins of genetic testing and examines a number of genetic testing fraud cases that have been pursued by Federal prosecutors around the country.  In this article, we also discuss a number of the questions you should be addressing prior to engaging in the marketing, ordering or billing of genetic laboratory testing claims.

I.  Historical Background – The Discovery of DNA:

The discovery of deoxyribonucleic acid (commonly known as DNA) can be traced to the efforts of Swiss chemist Freidrich Miescher in 1869. Over the next 75 years, Miescher and others established the scientific foundation for the groundbreaking molecular work of James Watson and Francis Crick in 1952.  At that time, Watson and Crick first proposed that the DNA molecule was a double-helix structure.  Watson, Crick and their colleague, Maurice Wilkins were subsequently awarded the Nobel Prize in Physiology or Medicine in 1962 “for their discoveries concerning the molecular structure of nucleic acids and its significance for information transfer in living materials.”[1]

Over the next 20 years, scientists continued to research the nature and composition of the DNA molecule.  This ultimately led to the 1990 formation of an international scientific research effort that became known as the “Human Genome Project” (HGP).  The goal of researchers at that time was to identify and sequence more than 3.3 billion base pairs of the human genome.[2]  By 2003, an initial draft of the human genome was completed.  Over the last 16 years, refinements in mapping have continued to be made.  As of June 2019, scientists report that there are still 89 “gaps” that remain to be sequenced.[3]

II.  Practical Applications of Genetic Testing:

The successful mapping of the human genome has led to the development of literally thousands of tests that can now be used to determine whether there is any evidence of chromosomal abnormality that may be used to detect the possibility of illness or disease.  Genetic testing is now commonly used for a number diagnostic and treatment purposes, including, but not limited to the following:

  • Diagnostic Genetic Testing. Genetic testing can be used for diagnostic purposes.  For example, it can be used to verify whether an individual has a diagnosis of cystic fibrosis or other disease that can be confirmed through a search for specific genetic abnormalities.

  • Genetic Carrier Testing. If you have a family history of a specific disease that has been tied to one or more genetic defects, it may be possible to determine whether you are a carrier of this genetic abnormality.  As a carrier, this genetic mutation may be passed along to your children.

  • Predictive Genetic Testing. This type of genetic testing also examines a patient’s family history to determine whether an individual is at a higher of risk of developing certain illnesses and / or diseases.

III.  The Emergence of Direct-to-Consumer Genetic Testing:

As the testing technology improved, the costs of conducting genetic testing procedures continued to drop to the point that it became commercially viable for a number of companies to offer direct-to-consumer test kits.  These kits were heavily marketed and promoted to the public as an effective way to predict an individual’s risk of developing certain illnesses and / diseases.

Allegations of deceptive marketing practices by direct-to-consumer genetic testing companies led to an investigation of these testing companies by the Government Accountability Office (GAO) in 2006.  At that time, GAO found that a number of “egregious examples of deceptive marketing.”  For example, four of the companies examined claimed that their assessment of an individual’s DNA could be used to create personalized supplements to cure diseases.  Two of these companies further claims that their supplements could “repair damaged DNA” or even cure certain diseases.  As the GAO noted, there was no scientific basis for these claims.[4]   As a result of the GAO’s findings, in 2006 the Centers for Disease Control (CDC), in conjunction with the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) issued consumer alerts warning the public to be wary of the claims being made by many of these genetic testing companies.

IV.  Impact of GINA and the ACA on the Use of Genetic Testing:

The development and expansion of genetic testing stoked the fears of many Americans that their specific genetic makeup could be used by health insurers and employers as a screening tool to weed out individuals who may be suffering from (or have the potential to develop) costly illnesses and diseases. To address these concerns, Congress passed the Genetic Information Nondiscrimination Act of 2008 (GINA) to prohibit health insurers and employers from using genetic information when making insurance eligibility and employment decisions.

The genetic testing industry received a further boost with the enactment of the Affordable Care Act (ACA). With the passage of the ACA, insurance payors were barred from denying coverage to patients with most preexisting illnesses and conditions. This effectively opened the door for patients to readily participate in genetic testing without the fear of losing their insurance due to the presence of a preexisting illness or disease.[5]

V.   Medicare Coverage of Specific Genetic Testing Procedures:

While the direct-to-consumer market has been in place for almost 20 years, most insurance payors have yet to issue comprehensive coverage guidance on genetic testing for diagnostic and screening purposes.  In order to qualify for coverage and payment under Medicare, a specific genetic test must meet the predicate requirements set out under 42 C.F.R. § 410.32.  While the Centers for Medicare and Medicaid Services (CMS) has been fairly progressive in approving the coverage of certain genetic tests for diagnostic purposes, it has been slow to authorize the coverage of genetic screening tests. For example, CMS did not finalize coverage of Next Generation Sequencing tests (diagnostic laboratory tests administered to patients with advanced cancer), until March, 2018.[6]  Additionally, Medicare still does not pay for genetic testing in many cases.[7]  Even the common genetic tests for the BRCA1 and BRCA2 gene mutation linked to breast cancer are only covered by Medicare under certain circumstances such as a family history of breast cancer.[8]

VI.  Primary Civil and Criminal Statutes Implicated in Genetic Testing Fraud Schemes:

Depending on the specific improper genetic testing conduct alleged, a variety of civil and / or criminal statutes may be implicated.  In this section, we briefly examine the various conduct that may result in prosecution by Federal law enforcement authorities.  Examples of problematic conduct includes:

42 U.S. Code § 1320a–7a(a)(5)Beneficiary Inducement Provisions.  Under the beneficiary inducement statute, it is a violation of law to offer or provide anything of value to a beneficiary in order to influence the beneficiary to order or receive any item or service that is reimbursed by Medicare or Medicaid.  Violations of these provisions may result in the assessment of significant civil money penalties. Examples of improper beneficiary inducements include:  (1) Gift cards. Giving $100 gift cards to senior citizens covered by Medicare if they sign up to have a “free” DNA swab taken and submitted for genetic testing; (2) Other items of value. Providing a “free” health screening if a senior citizen signs-up for genetic testing and provides their Medicare information.

18 U.S.C. § 1347Health Care Fraud.  Under this statutory provision, it is a criminal violation to defraud any health care program (both governmental and private payor programs) OR to obtain payment by means of false or fraudulent pretenses, representations or promises.  As the language reflects, this health care fraud statute is extraordinarily broad and may encompass a broad range of improper actions and conduct.  Examples of cases brought under this statutory provision include:  (1) Misrepresentation of a non-covered service. In some respects, this improper practice is nothing more than another form of “billing for services not rendered.” Simply put, in the cases we have seen where this has occurred, a genetic testing laboratory was alleged to have purposely billed a non-covered genetic test under the CPT code of a covered laboratory genetic test; (2) Misrepresentation of the ordering physician. This type of billing fraud is fairly common in laboratory testing fraud cases. We have seen cases where the putative ordering physician had never heard of the patient and did not know that his provider number was being improperly used to bill Medicare for genetic tests;  (3) Medically unnecessary services. We have seen multiple cases where the prerequisite requirements to qualify for a Medicare beneficiary to have a certain genetic test performed have not been met.  Moreover, representatives of the laboratory  billing for the genetic testing services were aware that these requirements had not been met.

42 U.S.C. § 1320a-7b(b).  Anti-Kickback Statute. It is against the law to provide something of value in an effort to induce a referral that is covered by a Federal health care benefit program.  Under the Anti-Kickback Statute, transactions aimed at inducing referrals for items or services billed to federal healthcare programs are strictly prohibited.  This criminal statute is, in part, aimed at preventing the overutilization of services and the providing of unnecessary services.  When it comes to genetic testing, ordering physicians, marketing representatives and others who receive kickbacks for referring genetics testing work to a laboratory for processing and billing may be criminally prosecuted.  As a final point, it is important to keep in mind that as a result of the Affordable Care Act, violations of the Anti-Kickback Statute may also be pursued as a violation of the civil False Claims Act.As the statute provides:

“(1) Whoever knowingly and willfully solicits or receives any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind—

(A) in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or

(B) in return for purchasing, leasing, ordering, or arranging for or recommending purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program,

shall be guilty of a felony and upon conviction thereof, shall be fined not more than $100,000 or imprisoned for not more than 10 years, or both.

(2) Whoever knowingly and willfully offers or pays any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind to any person to induce such person—

(A) to refer an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or

(B) to purchase, lease, order, or arrange for or recommend purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program,

shall be guilty of a felony and upon conviction thereof, shall be fined not more than $100,000 or imprisoned for not more than 10 years, or both.[9]

18 U.S.C. § 220(a). Illegal Remunerations for Referrals to Recovery Homes, Clinical Treatment Facilities, and Laboratories. These statutory provisions were enacted in October 2018 as part of the Eliminating Kickbacks in Recovery Act (EKRA).”  EKRA was intended to address patient brokering and other kickback schemes by expanding liability and raising the maximum penalties for kickbacks. Under this statute, the maximum penalties for illegal remunerations paid by recovery homes, clinical treatment facilities, and laboratories in an effort to induce referrals can result in penalties of $200,000 and 20 years of imprisonment per occurrence. To date, none of the publicized prosecutions of genetic testing related kickbacks have been brought under EKRA.  Nevertheless, we anticipate that private payor kickback cases involving genetic testing claims and laboratories will become public as investigations mature and referrals are made to Federal prosecutors around the country.An offense under this provision is described as:

Offense — Except as provided in subsection (b), whoever, with respect to services covered by a health care benefit program, in or affecting interstate or foreign commerce, knowingly and willfully—

(1) solicits or receives any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind, in return for referring a patient or patronage to a recovery home, clinical treatment facility, or laboratory; or

(2) pays or offers any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind—

          (A) to induce a referral of an individual to a recovery home, clinical treatment facility, or laboratory; or

          (B) in exchange for an individual using the services of that recovery home,  clinical treatment facility, or laboratory…”

31 U.S.C. § 3729 (a)(1)(A). Civil False Claims. Under this statutory provision, anyone who “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” is liable to the U.S. Government for civil penalties.[10]  Medicare does not cover “medically unreasonable and unnecessary services” so knowingly billing Medicare for medically unnecessary genetic tests could constitute a violation of the False Claims Act. is legislation under this section.[11]  Several of the cases discussed below were brought by former employees (whistleblowers) with knowledge of the fraud.

42 U.S.C. 1395nn. Ethics in Patient Referrals Act of 1989 (Stark).  Both the initial legislation and subsequent refinements to the law and corresponding regulations are all focused on prohibiting improper physician self-referrals for certain Designated Health Services (DHS) for which Medicare would otherwise pay, to an entity with which the physician or an immediate family member has a financial relationship, unless one of the statutory or regulatory exceptions applies. Importantly, “Clinical Laboratory Services” are listed as DHS.  Under Stark, if a physician (or an immediate family member of such physician) has a financial relationship with clinical laboratory, the physician may not make a referral to the laboratory for the furnishing of services for which payment may be made under the Federal health care programs.  To date, the government has not cited violations of Stark as the basis for prosecuting one or more of the genetic testing fraud cases that have been widely publicized.  Nevertheless, the prohibitions presented under Stark should be considered since laboratory services are a recognized DHS.

VII.  Recent Genetic Testing Fraud Prosecutions:

In recent years, the U.S. Department of Justice (DOJ) has focused increasing resources on the investigation and prosecution of genetic testing related fraud and abuse.  These efforts have resulted in a genetic testing fraud prosecutions.  Some of the recent case pursued by DOJ prosecutors have included:

  • March 2018 Misrepresenting the Nature of a Genetic Test in Order to Get it Covered.  In this case, a California genetic testing company improperly billed TRICARE, FEHBP and Medicaid for services that did not qualify for coverage and payment. To get the claims paid, the company allegedly used an improper code which misrepresented the nature of the services.  To resolve violations of the civil False Claims Act, the genetic testing company agreed to pay $10,635,615.90 to TRICARE and FEHBP.  The company also paid $756,183.00 to the state Medicaid program to resolve similar allegations.
  • December 2018 Genetic Testing Kickback Case. A Vancouver, Washington toxicology and genetic testing lab was sued under the civil False Claims Act and agreed to pay $1,777,738 to settle allegation that it violated the FCA by paying kickbacks to obtain the referral Medicare and TRICARE covered tests from other local laboratories.  As the U.S. Attorney’s Office noted, Paying remuneration to medical providers or provider-owned laboratories in exchange referrals encourages providers to order medically unnecessary services.” 
  • February 2019 Medically Unnecessary Genetic Testing Case. In this case, a San Diego genetic testing company agreed to pay $1.99 million to resolve allegations that the company violated the civil False Claims Act, 31 U.S.C. §§ 3729 et seq.  The government alleged that the genetic testing company submitted claims for genetic tests that were not medically reasonable and necessary because the prostate cancer patients at issue did not have any of the specific risk factors that qualified for the testing. Notably, this case was brought by two former employees of the testing company who filed suit under the whistleblower provisions of the False Claims Act.
  • May 2019 Medically Unnecessary Genetic Testing Case. A health system in Decatur, Texas agreed to pay $431,182.96 to resolve allegations that it violated the civil False Claims Act.  According to the government, the health system submitted false claims to Medicare for payment in connection with the ordering of genetic testing panels for surgical patients that were not medically reasonable or necessary. Notably, the samples taken from surgical patients to be subjected to genetic testing were sent to a lab in Tennessee for processing.   The U.S. Attorney’s Office for the Western District of Tennessee prosecuted the case against the Texas health system.
  • May 2019.  Medically Unnecessary Genetic Testing Case.  In this case, a New Jersey laboratory sales representative pleaded guilty to one count of “Conspiracy to Commit Health Care Fraud.” The defendant obtained access to hundreds of senior citizens through his work with a non-profit organization, The Good Samaritans.  He was able to persuade these senior citizens to submit to genetic testing, despite the fact that no health care professional was involved.  Notably, the defendant reportedly used “fear-based tactics during the presentations, including suggesting the senior citizens would be vulnerable to heart attacks, stroke, cancer and suicide if they did not have the genetic testing.”  To get the genetic tests authorized, the defendant recruited health care providers off of Craigslist and paid them thousands of dollars each month to “sign their names to requisition forms authorizing testing for patients,” despite the fact that the health care providers had never examined or interacted with any of the patients.  The defendant, along with two co-conspirators were reported paid more than $100,000 in commission payments by two laboratories for whom they worked.  The defendant was sentenced to 50 months in prison and ordered to pay restitution of $434,963 and forfeiture of $66,844.
  • June 2019 Genetic Testing Kickback Case.  In this case, a Las Vegas cardiology practice agreed to settle violations of the Anti-Kickback Statute and the civil False Claims Act by agreeing to pay $2.5 million to the government. The government alleged that the cardiology practice referred patients for genetic testing in exchange for kickbacks from the testing laboratories.
  • June 2019 Genetic Testing Kickback Case.  The owner of a Tampa medical marketing company was recently prosecuted and found guilty of conspiracy to pay kickbacks and bribes.  In this case, the defendant was alleged to have paid kickbacks to medical clinics in exchange for the referral of DNA swabs that have been obtained from Medicare beneficiaries. The government further alleged that the medical clinics were directed to collect the DNA of all of their patients, regardless of medical necessity.  The defendant marketing company sent the DNA swabs to a clinical laboratory for genetic testing.  Over the course of the conspiracy, the clinical laboratory billed over $2.2 million to Medicare for genetic testing claims.  The defendant marketing company owner
  • July 2019 Improper Marketing Practices / Ordering Genetic Tests for Patients that Were Never Seen or Treated.   In this case, the Chief Medical Officer physician in Gainesville, Florida, along with two other individuals (non-physicians), have been charged with one count of “Conspiracy to Commit Health Care Fraud.”  The three individuals worked for a company that operated a network of laboratories that performed genetic testing procedures.  According to the government, the two non-physicians are alleged to have contacted a clinical laboratory in New Jersey and proposed sending ten DNA swabs for genetic tests in return for 50% of the Medicare payments received by the laboratory.  The DNA genetic tests reportedly listed the Chief Medical Officer as the “Ordering Physician.”  Moreover, the Chief Medical Officer certified that the tests were medically reasonable and necessary.  Upon investigation, the government has supposedly learned that all 10 of the patients for whom genetic testing was ordered live outside of Florida.  In order to qualify for coverage and payment, the genetic test ordered for one of the patients (who lived in Oklahoma) required that the patient have a personal history of breast cancer.  When interviewed, the patient reported that she had not had cancer and had not advised anyone to the contrary. When asked how she learned about the genetic testing opportunity, the patient reported that she submitted the DNA swab “after seeing an advertisement on Facebook that offered a $100 gift card for people interested in genetic testing.”  She further stated that the DNA swab was not taken at a medical office.  Instead, the swab was reportedly taken in a “plain old office building” by “some random guy.”  The Oklahoma patient has further alleged that she never saw or spoke with a treating physician or with the Chief Medical Officer (who was listed as the Ordering Physician) about the genetic testing.   If convicted, the defendants in this case may be sentenced to a maximum penalty of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense.

VIII.  Genetic Testing — Staying Within the Four Corners of the Law:

As Medicare, Medicaid and private payors have expanded their genetic testing coverage policies, the number of laboratories, physicians and marketing companies involved in the procurement and provision of these tests has exploded.  Regrettably, many individuals and companies have moved into the genetic testing space without fully understanding the rules and regulations that must be met before these tests can be ordered, interpreted, billed and paid by Medicare and other payors.  If your business model involves the marketing of genetic testing services, the ordering of genetic tests or the performance of genetic tests, it is essential that you conduct a comprehensive assessment of your business (and, if applicable clinical) practices to ensure that your conduct does not violate the Federal Anti-Kickback Statute, EKRA, Stark, the False Claims Act or a host of other statutory and regulatory requirements that apply to these laboratory testing claims.

If you or your company are involved in the genetic testing industry, the following questions should be considered:

  • Is your marketing company involved with the promotion of genetic testing services?
  • Are you performing marketing services as an employee or as an independent contractor of a clinical laboratory?
  • Are you a physician, nurse practitioner or physician assistant who has been approached and asked to serve as the “ordering physician” of genetic testing services?
  • Are you a physician who has been approached by a marketing company, laboratory or other third party who has offered to pay you to conduct an evaluation (for the purpose of ordering genetic testing) via telemedicine?
  • Has your medical practice been offered a fee (by a clinical laboratory or another third party) for each genetic test (DNA swab) that is taken from the patients seen in your practice?
  • Has a clinical laboratory offered to give a percentage of Medicare, Medicare or private payor revenues generated by genetic testing claims referred to the laboratory by you or your medical practice?

Each of these questions raise a number of complex regulatory questions that must be fully vetted by an experienced health lawyer before you engage is such conduct.

Robert W. Liles Healthcare AttorneyRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent marketing companies, physicians and laboratories around the country in connection with government audits and investigations.  We also advise parties on the regulatory requirements of their current and / or proposed business arrangement, along with the parameters and requirements of the Federal Anti-Kickback Statute and EKRA.  Are your Medicare, Medicaid or private payor genetic testing claims being audited?  We can help.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

 

[1] The Nobel Prize in Physiology or Medicine 1962. NobelPrize.org. Nobel Media AB 2019. Sun. 11 Aug 2019.
[2] https://web.ornl.gov/sci/techresources/Human_Genome/project/index.shtml.
[3] An examination of the remaining gaps in sequencing has been compiled by the Genome Reference Consortium. The Genome Reference Consortium is a coalition of international research institutes that have worked together to map and sequence the human genome.
[4] Direct-to-Consumer Genetic Tests – Misleading Test Results are Further Complicated by Deceptive Marketing and other Questionable Practices.  GAO-10-847T.  Released July 22, 2010.
[5] https://khn.org/news/safe-under-the-aca-patients-with-preexisting-conditions-now-fear-bias/
[6] https://www.cms.gov/newsroom/press-releases/cms-finalizes-coverage-next-generation-sequencing-tests-ensuring-enhanced-access-cancer-patients
[7] https://www.asco.org/practice-guidelines/cancer-care-initiatives/genetics-toolkit/genetic-testing-coverage-reimbursement
[8] Ibid.
[9] https://www.law.cornell.edu/uscode/text/42/1320a-7b
[10] The penalties for violations of the False Claims Act are currently:
Treble damages, plus $11,463 and $22,927 per false claim or statement. (These 2019 estimated amounts reflect the anticipated increase that has not yet been announced by DOJ).
[11] https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/Items-and-Services-Not-Covered-Under-Medicare-Booklet-ICN906765.pdf

Health Care Compliance Program Development, Review & Implementation

July 18, 2014 by  
Filed under

Download PDF

Compliance Program Development is Mandatory for all Medicare / Medicaid Providers and Suppliers(July 18, 2014): Over the last decade, Compliance Programs have become an essential part of the way large and mid-sized health care providers conduct business.  In recent years, small health care providers have followed suit, and Compliance Program development, review and implementation has become a priority if the provider intends on staying within the four corners of the law.  Compliance Programs aimed at reducing, preventing, and deterring fraudulent and improper conduct are at the forefront of the health care industry’s goals.  These programs can also help providers avoid costly litigation and streamline their business operations.  While the federal government presents basic procedural and structural guidance for compliance programs, the Department of Health and Human Services, Office of Inspector General’s (OIG’s) guidelines do not represent a “one size fits all” compliance program which can be readily adopted by all providers.  There is no ‘‘one size fits all’’ compliance program, especially when it comes to small and mid-sized provider entities.

II.   Benefits of a Compliance Program:

Regardless of the nature of your health care organization, “quality patient care” likely remains at the top of the list of goals you are trying to achieve.  An organization’s focus on patient care can be enhanced by the adoption of an effective compliance program.[1] For example, the increased accuracy of your medical documentation that may result from your efforts to remain compliant, can actually assist in enhancing the quality of patient care your organization is providing.  Virtually all health care providers can realize a variety of benefits by implementing a compliance program.  These benefits include:

  • Proactive approach. A compliance program is a proactive way to make sure that your company is meeting all of its statutory and regulatory obligations.
  • Evidence of good faith A a compliance program can serve as evidence of a good faith effort to comply with the law should your practice becomes the subject of an investigation.
  • Sentencing guidelines. In the event of criminal prosecution, the existence of a Compliance Plan is favorably considered under the Sentencing Guidelines.            

III.  The Compliance Program Development Process:

The following seven steps are typically followed when a health care provider or supplier initiates compliance program development.  It is important to keep in mind that the extent to which an organization chooses to implement these compliance measures will vary from provider to provider.   HHS-OIG does not expect every organization to implement each aspect of these seven components to the same extent.   Rather, compliance programs and their associated  plans are “scalable.” -“Compliance Program Guidance for Party Medical Billing Companies” covers a number of important program integrity concerns that are applicable to virtually all health care providers and suppliers, not merely the third-party billing companies with whom they work.

If your organization is small-to-mid sized, you may find it difficult to fully cover each and every aspect of the seven components discussed below. However, in most instances, both providers and suppliers can effectively implement each component in one fashion or another.  The seven basic components include:

Step One: Conducting internal monitoring and auditing through the performance of periodic audits:

An effective compliance program can also speed and optimize the payment of a practice’s claims and reduce the likelihood of an Anti-Kickback or Stark violation.  A successful compliance initiative begins with a critical evaluation of an organization’s current and past practices.  The evaluation process is normally two-pronged.  Not only are a provider’s policies and procedures evaluated to better ensure accuracy and relevance, but the actual practices derived from those policies and procedures must also be considered. Are employees properly carrying out their compliance duties and responsibilities? Through an internal audit, a provider may ascertain what problem areas exist and focus its compliance efforts on those areas. There are two general types of reviews that can be performed as part of this evaluation:

Standards and Procedures Review — Each organization should designate an individual, usually the Compliance Officer (see below), to periodically review the policies and procedures of the organization and revise them if necessary. This review should consider both the current state of the law (taking into account any new regulations or changes to regulations) and the completeness of the policies and procedures. If the individual determines that the policies and procedures are ineffective or outdated, these policies and procedures should be updated to reflect any necessary changes in statutes and/or regulations.

Claims Submission Audit — The appointed individual should also evaluate a sample of bills and medical records for compliance with applicable coding, billing, and documentation requirements. Other employees may be helpful in this process as well, include billing personnel (or third-party billers) and medical personnel, such as registered nurses or physicians (especially if they actually performed the services being evaluated). The provider also needs to decide whether to review claims retrospectively or concurrently with claims submissions. A provider’s self-audits can be used to determine whether claims have been accurately coded and properly reflect the services provided (as documented in the medical records).  A self-audit can also assist a provider in verifying whether the care and treatment services administered were reasonable, necessary and qualified for coverage and payment.

When conducting a self-audit,  it is often a challenge to determine whether your documentation practices are fully meeting a payer’s expectations in terms of completeness and the scope of its content.  It is often quite helpful to review whether a specific payor has issued any guidance in this regard.  For example, when documenting Evaluation and Management (E/M) claims, a physician or physician extender should review and apply the guidance set out under the 1995 or 1997 Health Care Financing Administration (HCFA) E/M Guidelines (such as a Medicare contractor or an Administrative Law Judge (ALJ)) would conduct a review.  This approach can be quite helpful identifying any weaknesses and/or potential problems with a provider’s documentation, coding and or billing practices.

A “GAP analysis” (sometimes referred to as a “baseline audit”) examines the claims documentation, coding, billing and submission process, from patient intake through claim payment or denial.  A careful examination of a provider’s practices can be invaluable in identifying any actions that can contribute to an organization’s failure to fully comply with the law.  This process can also assist a provider in identifying employee training and education needs.

In auditing your facility’s records, establish a consistent methodology for selecting and examining records.  This method will then serve to expedite and improve future audits.

There are many ways to conduct a baseline audit. One way involves assessing claims for services submitted in the three months following the implementation of new education and training programs. This will provide a benchmark to evaluate the efficacy of future programs.

Following the baseline audit, a periodic audit should be conducted at least annually to ensure compliance with the organization’s policies and procedures. Optimally, the organization should select and review a randomly selected number of medical records to ensure compliance without an overwhelming administrative burden.[1] Although there is no set formula to how many medical records should be reviewed, a basic guide is five or more medical records per federal payor (i.e., Medicare, Medicaid), or five to ten medical records per physician or other billing provider. Most provider organizations receive reimbursement from a number of different payors, so a provider must ensure that its auditing and monitoring processes review claims from each applicable federal payor. Of course, the larger the sample size, the more confident the provider can be in the accuracy of the results.

Should significant problems be identified through the audit process, a provider should determine whether a focused review on the problem areas be conducted on a more frequent basis. When results of the audit reveal problems that require additional employee or provider education or training, the provider will need to analyze if and how these areas can to be incorporated into the provider’s training program. An organization may also assess potential risk areas by reviewing its individualized potential billing vulnerabilities. The codes associated with these risk areas may become the universal pool of claims from which a sample is selected. The employees conducting the audit should then evaluate this sample to determine if the billed codes were accurately ordered, performed, and reasonable and necessary for the treatment of the patient.

An especially important component of an effective compliance program is an appropriate response to any problems identified through the audit. The specific action a provider takes should depend on the circumstances presented by each situation. In some cases, the only necessary response may be to return identified overpayments back to the proper payor. In other situations, the provider may need to bring in a coding/billing expert for consultation regarding the appropriate steps to take. It is a good idea to develop a system for responding to problems identified. Keep in mind, however, that no single solution will be applicable in every instance for every problem. The Compliance Officer should use his or her training, skills, common sense and judgment in determining what needs to be done to best protect the interests of the organization.

Step Two: Implementing compliance and organizational standards through the development of written standards and procedures:

Upon completion of an initial audit and identification of entity-specific risk areas, you should begin to develop policies, standards, and procedures to address the identified areas.  The actual written policies are arguably the most important element of an effective Compliance Plan.  Implementation and enforcement of a standardized set of policies and procedures will establish firm internal control on risk areas which may otherwise result in fraud or billing errors.

A Compliance Plan with written policies and procedures is helpful for the operation of any organization, regardless of size, type or capability.  The notion of scalability again comes into play, along with an expectation that a larger health care provider or supplier will be expected to have a more comprehensive set of policies and procedures in place, while smaller providers will may only have just those policies that are mandated under various statutes, along with any specific guidance that has been drafted to address identified problem areas.

There are several standard steps to developing policies and procedures, including:

(1) Developing a written policies and procedures manual;

(2) Updating all medical and clinical forms used by the organization to ensure that they facilitate clear and   appropriate documentation of services provided by the provider. 

(3) Identifying relevant clinical protocols, pathways, and treatment guidelines used by the provider. 

When implementing this step, health care providers suppliers should develop a resource manual from “open-source” or public and governmental databases.  Relevant statutes, regulations, and medical guidance covering the services your organization provides should first be assembled.  A binder containing an organization’s policies, procedures, important statutory information (such as Stark laws), CMS directives and guidance, Medicare contractor coverage guidance (LCDs), and important program integrity information published by HHS-OIG (such as Special Fraud Alerts, Advisory Opinions, etc.) must be consistently updated and available to all employees in an easily accessible location.

 During their initial training and orientation, new employees should be educated on the provider’s policies and procedures and made aware of their duties, obligations and responsibilities to comply with all applicable statutory and regulatory requirements.  Current employees should be informed of any changes, modifications, or additions to an organization’s policies and procedures as soon as possible after implementation so that they may remain aware of any changes which occur.

  • General Risk Areas Impacting all Health Care Providers and Suppliers.

In order to develop an effective, relevant set of policies and procedures, a provider should conduct a review of any errors that have occurred and problem areas that have been previously been identified in provider organizations similar to yours.  There are four primary general risk areas which affect most health care providers.  These general risk areas include but are not limited to:

  • Coding, billing, and claims submission;
  • Reasonable and medically necessary services;
  • Documentation; and
  • Improper inducements, kickbacks, and self-referrals.

General risk areas should be taken into account by most health care providers and suppliers when developing and implementing an effective compliance plan that is reflective of that organization’s needs.  As statutes are amended and regulatory requirements are revised, these areas of concern should be updated to take any new mandates into account.

  •  Specific Risk Areas Faced by Health Care Providers of Your Specialty, and Your Organization in Particular.

In contrast to the general risk areas discussed above, there are a number of risks that may be somewhat unique to your organization.  These entity-specific risks may be driven by the fact that your organization performs specialized care and treatment services, engages in business practices that are highly regulated or has a prior history of program integrity violations that now places the organization under the proverbial microscope by federal or state law enforcement or regulatory officials.

  • Retention of Records.

Your organization’s policies and procedures should include guidance covering the proper storage and retention of medical, business, and compliance records.  Medical record retention is especially important, due to both actual health care needs and possible audits and investigations for which this documentation will support the provider’s billing.  For business and compliance purposes, such as financial statements or employee training dates, you may want to keep a binder of the relevant information for easy access.  The compliance documents you may want to retain include records related to educational activities, internal investigations and internal audit results.  However, you need to weigh risk versus reward.  On the one hand, HHS-OIG recommends keeping all of these documents to demonstrate proper compliance activities and efforts should your entity ever be questioned on compliance.  On the other hand, should there be negative findings from your internal investigations without prompt and appropriate corrective action (e.g., terminations or major changes in vendor relations), these records may serve as a roadmap in a future government investigation.

Your policies and procedures should provide for a records retention system and associated protocols.  This includes establishing guidelines covering the creation, distribution, storage, and destruction of records (particularly medical records).  Providers should pay particular attention to the privacy requirements under both federal and state law when establishing these protocols.

Organization’s should also document an entity’s efforts to comply with applicable federal health care program requirements.  For instance, if you seek guidance from your Medicare Administrative Contractor (MAC) on the issue of records retention, you should keep all records related to your request and any written or verbal responses from the MAC, or that no response was ever received.  Should the MAC respond with additional guidance or clarification, you should document how your office is modifying its approach to the provision of services and when those changes go into effect.  This is important if your organization intends to rely on these responses for future decision-making or billing purposes.

CMS has issued guidance in regard to the retention of medical records stating that providers are required to retain documentation for six years from the date of its creation or the date when it was last in effect, whichever is later.  However, there have been instances in which CMS has requested medical records dating back ten years from the date of creation or when it was last in effect.  Providers should make sure that medical records are accurately written, promptly completed, readily accessible, properly filed, and retained.

In short, it is in the provider’s best interest, regardless of size, to have procedures in place related to document retention.  The following record retention guidelines may be helpful:

  • Policies should outline the amount of time each type of record should be retained (federal and state statutes, generally set at six years or six years from the date of majority for minors, should be consulted for specific time frames, if applicable);
  • Medical records (if in the possession of the provider) should be secured against loss, destruction, unauthorized access or reproduction, corruption, or damage;
  • Policies and procedures should indicate the proper disposition of records should the entity be closed or sold; and
  • Using a system of author identification and record maintenance that ensures integrity of the authentication is a good practice as it protects the security of all record entries.

 Step Three: Designation of a Compliance Officer

Before completing any audits or identifying risk areas, one member of the staff should be responsible for compliance-related activities, including developing a corrective action plan and enforcing adherence as necessary.  This person is known as the Compliance Officer, regardless of other clinical or ministerial duties they may also have.  In a typical institutional provider’s compliance program, there is a full-time Compliance Officer responsible for overseeing the implementation, establishment, and enforcement of the compliance program.  However, in a smaller organization, resources may be constrained so that an Office Manager or other employee may also be in charge of compliance functions.  In smaller organizations, compliance responsibilities are often coupled with those of Privacy Office and/or Security Officer.  However you choose to apportion these duties, you should ensure that the following duties are assigned:

  • Overseeing and monitoring the implementation of the compliance program;
  • Establishing methods, such as audits, to improve the practice’s efficiency and quality and to reduce the practice’s vulnerability and exposure to fraud, waste, and abuse;
  • Periodically revising the compliance program after reviewing changes or additions to law, needs of the practice, and requirements of federal and private payors;
  • Developing, coordinating, and leading a training program focused on the mission and objectives of the practice, and ensuring that training materials are appropriate and readily available;
  • Screening new and existing employees and independent contractors against federal exclusion databases to ensure they are authorized to participate in activities involving federal health care programs;
  • Investigating reports and allegations regarding possible unethical or inappropriate business practices; and
  • Monitoring subsequent corrective action and/or compliance.

Your organization needs to assess its own circumstances and determine what best suits its compliance needs and risks.

Step Four: Conducting Appropriate Training and Education:

Education and training are critical to the success of a compliance program.  Without the provider’s employees understanding how and why to comply with the established program, many compliance goals will go unrealized.  Your training program should be tailored to the size, needs and specialty of the organization.  There are three basic steps for setting up a training regimen:

  • Determining who needs training and in what areas (e.g., coding and billing or documentation requirements);
  • Determining the best types of training for the organization’s needs (e.g., seminars, in-service training, or other programs); and
  • Determining when and how often training is needed and how much training each employee should receive.

Training may be accomplished through several methods, including training sessions (such as on-site training, compliance meetings, or outside seminars), distribution of guidance and newsletters,or a centrally placed bulletin board.  Regardless of the training method used, a provider should make sure that appropriate education is effectively communicated and that employees understand their role in health care compliance.

  • Compliance Training.

Compliance training should be administered both upon an employee’s initial association with an organization and periodically for employees already employed.  This training should involve the provider’s Compliance Plan, its policies and procedures, and the underlying statutory and regulatory requirements.  You may want to include:

  • The importance of the compliance program and how it operates;
  • The consequences, both for the organization and employee, of violating the policies and procedures set forth in the program; and
  • The role of each employee in the proper functioning of the compliance program.

Compliance training should have two main purposes: to let each employee know that compliance is a condition of their continued employment and to train each employee on how to perform their designated jobs and duties in accordance with the program and the underlying law.  The training should emphasize that violating the compliance program may subject the employee to disciplinary measures, up to and including termination.  New employees should be trained as soon as possible after their starting date; all employees should receive training at least on an annual basis (and more often if necessary).

  • Coding and Billing Training.

Coding and billing training may also be necessary if your staff includes medical coders and billers.  In many instances, a billing provider may conduct his or her coding independently, and as such, should be trained on proper coding levels and other guidance.  If the provider employs coders or billers, they too should be trained on proper procedure.  Additionally, if your organization uses a third-party billing company, be sure to ask whether they conduct training on billing and coding issues .  It is in the provider’s best interest to ensure that employees or business associates who are directly involved with billing receive extensive training specific to the organization’s specialty and risk areas.  Examples of items that could be covered in coding and billing training include:

  • Coding requirements;
  • Claim development and submission processes;
  • Signing a form for a billing provider without the provider’s authorization;
  • Proper documentation of services rendered;
  • Proper billing policies and procedures and submission of accurate bills for all services or items rendered; and
  • The legal sanctions for submitting deliberately false claims or recklessly billing.
  • Format of the Training Program.

Training may be conducted either in-house or by a third-party, such as a consultant or attorney.  Instead of utilizing internal programs and in-service sessions, outside seminars may be useful for training purposes.  Consider asking your MAC for training (they may provide specialty-wide training programs through local associations).

If the provider uses a third-party billing company, you should ensure that documentation is complete so that claims submitted on the organization’s behalf accurately reflect the services provided.  If not, these areas should be covered in training.  In addition to training, you should purchase and maintain current reference sources for your coders and billers, including CPT, ICD-9 or 10 and Healthcare Procedure Coding System (HCPCS) code books (in addition to MAC interpretations of those manuals) and make them available to all employees involved in billing.  Moreover, you may put billing/coding and compliance training together.  All seminars or in-service training sessions may integrate core provider values, such as mission statements, compliance protocols and goals, into their curriculum.

  • Continuing Education on Compliance Issues.

At a minimum, employees should be trained annually on billing/coding compliance guidance.  However, there is no formula for determining how often to conduct training.  This should be based on the provider’s practical experience and overall employee compliance with policies and procedures.  Should you find that violations are occurring—more frequent training should be conducted.

Step Five: Responding To Detected Offenses and Developing Corrective Action Initiatives:

When a problem is detected, the next step is to develop and implement a corrective action plan.  Violations of the Compliance Plan or underlying federal or state law threaten the provider’s reputation and expose it to potential audits, investigations and penalties.  Consequently, when receiving reports or indications of likely noncompliance, it is the duty of the Compliance Officer to investigate the allegation and determine what, if any, violations have occurred.  The Compliance Officer must then work to resolve the problem and take other action as appropriate.  If a serious violation is identified, possible steps may include a corrective action plan,the return of any overpayments, disclosure to federal payors,and/or a referral to law enforcement authorities.  However, before taking any of these steps, consult your legal counsel for advice and guidance on the appropriate action to take.  Regardless, you should ensure that the rights of your organization and the employees are protected.

Your organization may develop its own set of warning signs, including changes to the number or type of claims denials, or patient complaints about billing.  However, policy non-compliance should be determined on a case-by-case basis.  An organization should seek advice from its legal counsel to determine the extent of the entity’s liability and to plan an appropriate course of action.

For potential criminal violations, an entity may want to include procedures for referral or disclosure to the appropriate authorities (often discussing the circumstances with legal counsel).  For mere overpayments, the organization should have procedures for identification and remittance of improper payments.

The Compliance Plan should include procedures for an investigation of all reports of detected violations.  A provider cannot ignore possible fraudulent activity.  In fact, this undermines the very purpose of the compliance program.  Moreover, your policies and procedures should have protocols to ensure that repeat or compounded violations do not occur.  This may include employee retraining or termination, or other appropriate responses to detected risk areas.  Should a violation occur and it is not detected promptly through the policies and procedures of the Compliance Plan, you should modify the plan accordingly.  You should consider what flaws in the plan missed the violation or why the violation occurred in the first place.  Regardless of rationale, it is important to review and update your Compliance Plan periodically.

Step Six: Developing Open Lines of Communication

Providers must maintain open lines of communication.  This will help prevent communication mix-ups and may help explain how mistakes occurred in the first place.  Because each employee is involved, at least to some degree, in a successful compliance program, communication about the goals, requirements, and expectations of a plan is necessary.  Communication may be maintained through several mediums, including e-mail messages, bulletin board postings, daily or weekly staff meetings, and educational sessions.  Moreover, an “open door” policy for the Compliance Officer and an anonymous tip line may foster greater communication, even regarding negative occurrences.

The “open door” policy should be enacted among billing providers, compliance personnel, and employees.  This policy can be implemented together with informal techniques, including notices, notes, and informal verbal guidance.  A system for meaningful and open communication requires that:

  • Employees must report conduct that a reasonable person would, in good faith, believe is erroneous or fraudulent;
  • The development of procedures to promptly process reports of erroneous or fraudulent conduct;
  • If a third-party billing company is used, communication between your organization and the Compliance Officer or contact at the billing company.  Communication may include any possible concerns, teamwork on internal audits, training needs or modifications, changes to applicable law and other operational or compliance matters;
  • The utilization of anonymous reporting methods, such as hotlines or suggestion boxes, which allow employees to report on suspected improper activity; and
  • Provisions in your policies and procedures that the organization will not utilize any retribution against employees who in good faith report suspected erroneous or fraudulent activities.

Protecting anonymity may not always be feasible.  However, all employees should know who to contact in compliance matters and should be able to report compliance issues without fear of retribution.  While your organization should strive to protect the anonymity of a reporting employee, you also need to stress that there may be a point where it is impossible to protect the employee’s identity any further.

Step Seven: Enforcing Disciplinary Standards through Well-Publicized Guidelines:

Finally, employees must understand the consequences of failing to adhere to their organization’s policies and procedures.  An effective Compliance Program includes procedures for enforcing and disciplining employees who violate the provider’s policies.  Provisions for enforcement and discipline are necessary to add credibility and reliability to the compliance program.

Disciplinary mechanisms must be consistently and appropriately enforced.  At the same time, the organization’s disciplinary procedures should be flexible enough to allow for mitigating or aggravating circumstances.  The procedures might also require that individuals who fail to report violations or actively cover up violations of the Compliance Program be subject to discipline. Disciplinary actions should be promulgated to employees and included in training sessions both for new employees and at annual training sessions intended to update all employees. As Compliance Officer, you should document any findings of non-compliance by including:

  • The date of incident;
  • The name of the reporting party;
  • The name of the person responsible for taking action; and
  • Any follow-up or remedial action taken.

IV.  Assessing an Effective Compliance Program:

The purpose of a Compliance Program is to avoid inactivity until an auditor shows up or a violation occurs.  Rather, the goal is active compliance, which can be achieved by following the policies and procedures defined in your Compliance Program on a daily basis.  This will streamline your organization’s business operations, reduce the likelihood of statutory violations, help to mitigate any damages resulting from a breach, and serve as evidence that your organization is doing its best to fully comply with applicable rules and regulations.  When compliance begins a part of the daily culture of your organization, you will achieve the maximum results and rewards.

Robert W. Liles defends health care providers in Medicare auditsRobert W. Liles, JD, MS, MBA serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law. Robert represents health care professionals of all sizes around the country in connection with a full range of Medicare, Medicaid and private payor audits, investigations and fraud cases.  He also licensed professionals dentists in the defense of state board disciplinary actions. For a complimentary consultation, please call Robert at: 1 (800) 475-1906.

[1] While Compliance Programs were initially “voluntary,” they are now required by law if a provider or supplier participates in the Medicare and / or Medicaid program.

[2]Ethics Resource Center, Federal Sentencing Guidelines: Federal Policy, available at http://www.ethics.

org/resource/federal-sentencing-guidelines (December 31, 2005) (last accessed August 15, 2012).

[3]This is because they may result in a sentence based on facts not proven beyond a reasonable doubt to a jury, which would violate the Sixth Amendment.  See United States v. Booker, 543 U.S. 220 (2005); 125 S. Ct. 738; 160 L. Ed. 2d 621.

[4] Rita v. United States, 551 U.S. 338 (2007); 127 S. Ct. 2456.

[5]RAT-STATS, a simple computer program, is used by federal agencies and Medicare/Medicaid contractors to develop statistically relevant random samples.  You should utilize the same software for internal audits.  It is available free at: http://oig.hhs.gov/organization/oas/ratstats.asp.

 

 

Michael Cook and Lester Johnson Named Health Law Practice Group Leaders

November 3, 2011 by  
Filed under Firm News

Download PDF

(November 3, 2011): Liles Parker is proud to announce that Michael Cook, Esq. and Lester “Les” Johnson, Esq., have been named co-leaders for the firm’s health law practice group. The firm has grown significantly since its inception in late 2006, having successfully represented over one hundred clients in various health law, Medicare appeal, compliance and business transaction matters. We have recently opened our fourth office in Baton Rouge, LA, where Les serves as Supervising Attorney. We are excited to continue to provide high-quality representation to our clients and to expand our array of legal services.

As co-leaders, Michael and Les are tasked with the responsibility to guide the health law practice group’s research and marketing initiatives, assist with client contacts and representation, coordinate the group’s legal focus and otherwise work closely with the Managing Members regarding health law matters.

Healthcare Attorney

Michael had over three decades of experience successfully representing both the government and private health care providers in health care matters and has an in-depth understanding of regulatory affairs and health care reform. He worked at the Department of Health and Human Services for many years before moving into private practice, where he advised national health care providers, including long-term acute care (LTAC) facilities and other nursing facilities. Michael has represented clients in such areas as reimbursement counseling and disputes under the Medicare and Medicaid programs, audits, litigation, fraud and abuse counseling, investigations and compliance issues (including development of compliance programs), network development and managed care contracting for post acute entities, preparation of comments and negotiations on significant rulemaking actions, serving as regulatory counsel in complex and significant transactions and acquisitions, crisis management situations, survey and enforcement, licensing and certificate of need, quality improvement, patient care, and privacy issues.

In addition, Michael has lectured extensively to a variety of industry groups, such as the American Health Lawyers Association, the Healthcare Financial Management Association, the American Health Care Association, the American Association of Homes and Services for the Aging, the National Subacute Care Association, the Assisted Living Federation of America, the American Hospital Association, the American College of Health Care Administrators, the American Medical Directors Association, the National Association for the Support of Long Term Care on a variety of health law topics.

Les has significant experience assisting clients navigate the regulatory, compliance and business issues facing health care providers. Les’s practice areas include handling Medicare & Medicaid appeals, health program participation and compliance, Stark and Anti-kickback Statute compliance, state self-referral prohibitions and other regulatory issues a client may face. He assists clients with operational and business issues involving hospital/medical staff relations, licensure and credentialing, health care contracting issues, mergers and acquisitions, antitrust concerns, joint ventures, and practice formation and restructuring.

Moreover, Les lectures frequently on regulatory compliance, fraud & abuse, and business issues facing health care providers. He was named a 2006 Health Care Hero by New Orleans City Business Magazine, and was also recognized by the Gillis Long Poverty Law Center for his work to help open the Lower 9th Ward Health Clinic, a free clinic opened in early 2006 in New Orleans’ flood-ravaged Lower 9th Ward neighborhood.

Please help us in congratulating Michael and Les. Should you have any questions regarding health law issues, Michael and Les can both be reached at our toll-free number, 1 (800) 475-1906. Call today for a free consultation.

Next Page »