Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

The FY 2016 Budget Proposes Medicare Appeals Process Reforms

Medicare appeals process changes are on the horizon.

(February 27, 2015):  On February 2, 2015, President Obama released his fiscal year 2016 budget proposal. This latest proposal affects a significant number of Federal health care programs and includes over $1 trillion allocated to the U.S. Department of Health and Human Services (HHS). More than 85 percent of HHS’s budget is devoted to programs that fall under the purview of the Centers for Medicare & Medicaid Services (CMS).  The administration’s primary health care focus is expanding access to care and providing higher quality of care. It attempts to accomplish this goal through a series of budget increases coupled with a greater emphasis on efficient practices. For example, the budget proposes several reforms to the Medicare program that purport to save roughly $423.1 billion over the next 10 years.  Medicare appeals process reforms are among the changes impacted by the 2016 budget.  As discussed later in this article, the RAC audit changes that are anticipated will likely result in an increased likelihood that your health care company may be in the proverbial crosshairs.

I.  Administration Goals:

The FY 21016 budget continues to prioritize cutting waste, fraud, and abuse in the Medicare and Medicaid programs. As outlined in HHS’ budget brief, the President’s proposal includes $201 million in investments in program integrity for FY 2016 and $4.6 billion over ten years. These investments include continuing to fund the full Health Care Fraud and Abuse Control (HCFAC) discretionary cap adjustment, increasing mandatory Medicaid Integrity Program funding, and providing more funding to recovery auditors to undertake more corrective actions that will help reduce improper payments. In total, program integrity investments are estimated to yield roughly $21.7 billion in savings to Medicare and Medicaid over ten years. In addition, the Budget supports efforts to monitor and prevent fraud, waste and abuse in the private health insurance market including the Health Insurance Marketplace

II.  Medicare Appeals Process Reforms:

Health care providers should pay particular attention to the budget proposals that affect the Medicare appeals process, an area that has caused significant frustration over the last several years: Medicare and Medicaid contractors and appeals. In December 2013, the Office of Medicare Hearings and Appeals (OMHA) declared that it would stop assigning administrative law judge (ALJ) appeals. The Medicare appeals system had become severely backlogged with pending appeals, due in large part to a significant increase in Recovery Audit Contractor (RAC) reviews of claims. CMS tried to alleviate this backlog through a RAC Audit “Pause”. This pause would allow RACs to complete their remaining claim audits and allow CMS to continue to refine and improve the RAC audit  Audit Program. Nevertheless, frustration with the arduous Medicare appeals process led three hospitals and the nation’s largest hospital association to sue HHS. In a subsequent effort to address the backlog and resulting delays, CMS presented a global settlement offer to hospitals to resolve certain backlogged claims on during Labor Day 2014.

As part of its ongoing efforts to improve the efficiency of the Medicare appeals system – and to reduce the backlog of appeals awaiting adjudication at OMHA – HHS proposes additional funding, administrative actions, and legislative proposals. For example,

  • $36 million is allocated for CMS to engage in discussion with providers to resolve disputes and additional funding for greater participation in ALJ Hearings at OMHA;
  • $270 million is allocated for OMHA, of which $140 million is in budget authority and $130 million is from legislative proposals. This figure constitutes a $53 million increase from FY 2015.

The Budget also expands adjudicatory capacity in new field offices in order to address the backlog for a number of appeals and maintain the quality and accuracy of its decisions. It also includes a package of legislative proposals that provide new authority and additional funding to address the backlog.  A summary of the Medicare appeals process reforms is as follows:

  • Provide OMHA and Departmental Appeals Board (DAB) Authority to Use Recovery Audit Contractor Collections – this would allow program recoveries to fully fund related appeals at OMHA and the DAB;
  • Establish a Refundable Filing Fee – a refundable, per claim filing fee for providers, suppliers, and State Medicaid agencies, including those acting as a representative of a beneficiary, at each level of Medicare appeal, would be instituted. This filing fee would allow HHS to invest in the appeals system in hopes of improving responsiveness and efficiency. Notably, these fees would be returned to appellants who receive a fully favorable appeal determination;
  • Establish Magistrate Adjudication for Claims with Amount in Controversy Below New ALJ Amount in Controversy Threshold – appealed claims below the federal district court amount in controversy threshold ($1,460 in CY 2015 and updated annually) would be heard by attorney adjudicators. This would allow ALJs to hear claims that are more complex and/or include higher dollar amounts.
  • Expedite Procedures for Claims with No Material Fact in Dispute – OMHA could issue decisions without holding a hearing if there is no material fact in dispute;
  • Increase Minimum Amount in Controversy for Administrative Law Judge Adjudication of Claims to Equal Amount Required for Judicial Review – the minimum amount in controversy required for adjudication by an ALJ would be increased to the Federal Court amount in controversy requirement ($1,460 in 2015). Appeals not reaching the minimum amount in controversy will be adjudicated by a Medicare magistrate;
  • Remand Appeals to the Redetermination Level with the Introduction of New Evidence – appeals where new documentary evidence is submitted at the second level of appeal or above would be remanded down to the first level of review. This could incentivize appellants to include all evidence early in the appeals process and ensure the same record is review and considered at subsequent levels of appeal; and
  • Sample and Consolidate Similar Claims for Administrative Efficiency – the Secretary HHS could adjudicate appeals through the use of sampling and extrapolation techniques. Additionally, the Secretary would be authorized to consolidate appeals into a single administrative appeal at all levels of the Medicare appeals process. Parties who are appealing claims included within an extrapolated overpayment, or consolidated previously, will be required to file one appeal request for any such claims in dispute.

III.  Final Remarks:

HHS insists that these proposal will allow OMHA to alleviate the ongoing backlog of appealed claims within the Medicare appeals system. However, these measures are not addressing one of the most significant problems with the entire process – the contractors themselves. No where in the budgetary proposals has HHS identified measures that would address the problem areas that RACs are historically known to create. For example, RACs are still reimbursed on a contingency fee arrangement. This arrangement create adverse incentives whereby RACs pursue (and generally deny) as many claims as possible. Yet, the contractors are not punished for adverse results that may be later overturned at any one of the appeals levels, in particular at the ALJ stage.

Has your hospital, practice, Home Health Agency, Hospice, DME Company, or PT / OT / ST Clinic been audited by a RAC or Zone Program Integrity Program (ZPIC)? Liles Parker regularly counsels health care providers on how best to proactively prepare for an audit and mitigate audit risks. As long as RACs are incentivized to pursue as many claims as possible, the likelihood of an audit of your practice is not “if” but “when.” If you have any questions or concerns regarding any ongoing – or future – RAC or ZPIC audit, please do not hesitate to give us a call at 1 (800) 475-1906.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with Medicare and Medicaid audits by ZPICs, RACs and specialty contractors. The firm also represents health care providers in connection with HIPAA Omnibus Rule risk assessments, privacy breach matters, State Licensure Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

Texas Physicians — Is There a Defined Physician-Patient Relationship?

Under the proposed rule, Texas physicians must have a defined physician-patient relationship in order to prescibe certain drugs(February 5th, 2015)  The Texas Medical Board recently set forth a proposed rule that would dictate what physicians must do in order to prescribe certain medications or face sanctions. Under the proposed rule, Texas physicians must establish a defined physician-patient relationship in order to prescribe any dangerous drug or controlled substance. This relationship must include, at a minimum, establishing a diagnosis through a physical examination. Importantly, this examination must be performed through a valid face-to-face visit or in-person evaluation.

The face-to-face visit or in-person evaluation does not necessarily have to occur “in person”; physicians may use sufficient medical and technological equipment – such as a two-way, real time video conferencing device – that allows the physician to hear, see, and properly evaluation the patient. Nevertheless, the patient must still be located at an “established medical site”, which does not include the patient’s home.

The defined physician-patient relationship also requires the physician to establish that the patient is, in fact, who they claim to be. The physician must also review a patient’s history and perform a mental status examination before providing an online prescription.

The proposed rule also states that the use of online questionnaires, or questions and answers exchanged through email, electronic text or chat, or telephone evaluation of or consultation with a patient are inadequate to establish a valid physician-patient relationship.

Many states prohibit physicians from prescribing based only upon an online questionnaire. For the Texas Medical Board, they appear to be taking an even firmer position by not allowing an online prescription based upon a relationship enhanced through telephone consultations, emails, or texts.

It remains to be seen whether the Texas Medical Board follows through with the proposed rule. Recently, a Texas Court of Appeals vacated the Board’s disciplinary action against a provider who had prescribed medications to a patient based on physician consults conducted over the phone. The disciplinary action had been based on informal guidance and the court determined that this informal decree constituted a substantive change to the regulations, which would require the Board to follow established rulemaking procedures.  Nevertheless, providers should stay tuned to the Board’s ongoing determination with regards to this matter.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with Medicare, Medicaid and private payor audits.  The Firm also represents health care providers in connection with HIPAA Omnibus Rule risk assessments, privacy breach matters, State Licensure Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

CMS Implements RAC Program Improvements

(January 9th, 2015) Health care providers increasingly complain that the Recovery Audit Program creates numerous administrative and financial burdens for those participating in the federal Medicare program. Providers continue to advocate for numerous changes to the program, especially those that will reduce their burden when dealing with Recovery Audit Contractors (RACs). In response to these concerns, the Centers for Medicare and Medicaid Services (CMS) has implemented a number of RAC program improvements that took effect on December 30, 2014.

 

I. The Recovery Audit Program:

Congress created the RAC as an effort to identify and recover improper Medicare payments paid to health care providers. RACs accomplish this mission by detecting and collecting overpayments made on claims to health care services provided to Medicare beneficiaries, as well as by identifying underpayments to providers. Each RAC is responsible for identifying overpayments and underpayments in a geographically assigned area, which is approximately one quarter of the country. Moreover, RACs are responsible for highlighting common billing errors, trends (recently, for example, improper face-to-face documentation), and other Medicare payment issues to CMS.  After a successful three year demonstration, the program expanded and went national in 2009. RACs have since returned more than $8.9 billion to the Medicare Trust Fund while returning more than $800 million in underpayments to providers.

II. RAC Program Improvements Under the New Recovery Audit Contract:

Health care providers have voiced their concerns over many details of the Recovery Audit Program since its inception. For example, RACs are paid on a “contingency fee” basis. Providers contend that this reimbursement method incentivizes RACs to focus their audits on high-dollar inpatient claims. Furthermore, this payment structure incentivizes the contractors to deny as many claims as possible, with little regard for the accuracy of their denials. The volume of inappropriate denials has subsequently led to widespread delays in the Medicare appeals process. To date, there is at least a two-year delay for appeals to be heard at the Administrative Law Judge (ALJ) level.

While Congressional action may be the most vital tool to improve the Recovery Audit Program, CMS has begun to take measures to listen to provider concerns and feedback. On December 30, 2014, CMS awarded the first national recovery audit contract to Connolly, LLC[1].

The contract pertains to Region 5, which is national in scope and will allow Connolly to audit Medicare claims for Durable Medical Equipment and Home Health and Hospice (DME/HH-H). Since 2006, Connolly has also served as the exclusive RAC for Region C, which covers 17 states and territories in the southern part of the United States.

With this new contract, CMS announced that a number of new changes would take effect in the program.

III. RAC Program Improvements are Intended to Help With Provider Interaction:

CMS believes that the new changes will “result in a more effective and efficient program, by enhanced oversight, reduced provider burden, and more program transparency.”  A significant improvement to the program will limit the look-back period for patient status reviews. Previously, RACs had a three-year look-back period in which to audit claims. Under the changes, CMS will restrict this look-back period to only six months from the date of service for patient status reviews. However, hospitals must submit the claim within three months of the date of service for this to take effect.

Providers also have voiced their concerns regarding the timeframe for RACs to complete a review of a claim. This timeframe forced providers to wait 60 days before being notified of the outcome of their complex reviews. Now, that period has been cut in half – RACs will only have 30 days to complete complex reviews and notify the provider of their findings. This should give providers more immediate feedback on the outcome so that they can assess how to proceed in case of a negative finding.

The changes further the “discussion period” process but with a very significant improvement. RACs had been required to stop the discussion period once they were notified of an appeal by a provider. Under the new changes, RACs must now wait 30 days following their determination, which will allow the provider to request a discussion with the RAC before sending the claim to a Medicare Administrative Contractor for adjustment. This development should allow providers not to be forced to choose between initiating a discussion and an appeal, and they can be assured that modifications to the improper payment determination will be made prior to the claim being sent for adjustment. RACs will also be forced to adhere to a process for confirming receipt of provider correspondence, including discussion requests, within three days of receipt.

CMS has also made adjustments to the RACs’ contingency fee model of payment. Formerly, RACs were paid immediately upon denial and recoupment of the claim. RACs now must wait to be reimbursed their contingency fee until after the second level of appeal has been exhausted. This delay in payment should help assure leery providers that the decision made by the contractor was correct based on Medicare’s statutes, guidelines, coverage determination, regulations, and manuals.

Notably, several of the changes relate to the volume of reviews. These changes should help providers who have felt over-burdened by inpatient status reviews. First, reviews will be diversified across all claim types (e.g. inpatient, outpatient, etc.) so that providers with multiple claim types are not disproportionately impacted by an audit in one claim type. Second, providers unfamiliar to the RAC program will have review limits applied incrementally to allow them to adjust to reviews. Finally, providers with a low level of denial rates will have a lower level of review while providers with high denial rates will have higher ADR limits. Even more, the rates will be adjusted as a provider’s denial rate declines.

IV. Enhancing CMS’ Oversight and Implementing Performance Standards:

CMS also increased its oversight over the Recovery Audit Program and instituted several performance standards for the RACs. For example, providers have voiced concerns that the contractors were not penalized for high appeal overturn rates. RACs must now maintain an overturn rate of less than 10% at the first level of appeal. If they don’t, they will be placed on a corrective action plan, including decreasing ADR limits or ceasing certain kinds of reviews until the problem is corrected.

In addition, for automated reviews, RACs must maintain a 95% accuracy rate. If they fail to do so, there will be a progressive reduction in their ADR limits. CMS will also continue to use a validation contractor to assess RAC identifications and will improve the new issue review process to help ensure the accuracy of RAC automated reviews.

V. Final Remarks:

It will be interesting to see if any of the proposed changes have a positive effect on the relationship between Medicare providers and the RACs. However, providers should be aware – these updates and improvements will not go in effect for a particular RAC until a new contract has been awarded. Thus, these changes will only affect those DME / HH-H providers under the jurisdiction of Connolly. CMS did announce that the Region 3 contract would be in place at the end of 2014; however, there is no particular contractor in place at this time. Furthermore, CMS’ website reflects that Regions 1, 2, and 4 will not be awarded new contracts until the summer of 2015.

Nevertheless, Medicare providers will continue to face the ongoing administrative and financial burdens created by RACs. You should be prepared to effectively handle an audit of your claims when – not if – the ADR is made. Despite your best efforts to follow the Medicare statutes, guidelines, and regulations, your organization will be subjected to a prepayment review or a full-blown, post-payment audit. Should you receive a request for records from a RAC, advanced preparation can help ensure your organization’s compliance with applicable documentation, coding and billing requirements. Let us help you prepare for this complicated process. If you are currently dealing with a RAC audit, or would like to know how you can best prepare for one, give us a call today.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care practices around the country in connection with Medicare, Medicaid and private payor audits.  The firm also represents health care providers in connection with HIPAA Omnibus Rule risk assessments, privacy breach matters, State Licensure Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

[1] The contract pertains to Region 5, which is national in scope and will allow Connolly to audit Medicare claims for Durable Medical Equipment and Home Health and Hospice (DME/HH-H). Since 2006, Connolly has also served as the exclusive RAC for Region C, which covers 17 states and territories in the southern part of the United States.

Dental Fraud Investigation Results in $5.05 Million Recovery

Dental Fraud Investigations are Increasing Around the Country.

 (November 10, 2014):  Has your dental practice been the subject of a dental fraud investigation?  Medicaid dental audits are becoming increasingly prevalent throughout the United States.  An Oklahoma-based dental practice has recently agreed to pay $5.05 million in civil claims stemming from allegations that the practice committed Medicaid dental fraud, submitting false claims to Medicaid from January 2005 through September 2010. The Oklahoma practice provides dental care to Medicaid-eligible children through multiple clinics located in a number of states. Each dentist draft visit notes that outlines the services performed on each individual patient. The practice then submits claims for reimbursement to the Oklahoma Health Care Authority (OHCA) based on dentists’ documentation. After OHCA reimburses the practice for those claims, the dentists are then reimbursed a certain percentage.

I.  Dental Practice Submits Claims For Work Never Performed or Coded at Higher Levels:

According to a practice spokesperson, the allegations arose with respect to a dentist who last worked at a dental office in September 2010. Specifically, this dentist has been accused of submitting treatments notes for services that were never performed, which is a clear example of Medicaid dental fraud.  Notably, this individual has already been sentenced to 18 months in Federal prison for fraud in a separate matter. She was released earlier this year but must still pay more than $375,000 in restitution.

II.  Effect of the Dental Fraud Settlement Agreement:

This settlement agreement resolves allegations that the dental practice violated the Federal and State False Claims Acts by submitting false Medicaid claims for dental restorations that were never performed or were billed at a higher rate than allowed. The agreement also releases the practice and its owner from any civil liability in the underlying case. Nevertheless, the practice must still adhere to additional record-keeping, reporting, and compliance requirements.

Settlement agreements such as this have become a useful tool in False Claims Act cases. They allow the government and individual parties to avoid the expense and uncertainty involved in actually litigating a case. Moreover, as seen in this case, prosecuting authorities do not generally make any concessions about the legitimacy of the alleged Medicaid dental fraud.

III.  Conclusion:

Identifying and combating fraud in both the federal Medicare and joint State/Federal Medicaid program has been a high priority for government health care enforcement agencies. Effective enforcement measures help ensure that instance Medicare and Medicaid dental fraud are identified, ensuring that the dollars are provided to care for individuals who truly need assistance.

We continually strive to protect government programs, such as Medicaid, from fraud and abuse by ensuring they are used properly and only by those who are in need and are eligible,” U.S. Attorney Sanford C. Coats said. “This case is a good example of the value of coordination between state and federal law enforcement, as well as the coordinated use of parallel proceedings, to achieve a successful civil and criminal resolution.”

Dental practices can help avoid allegations of fraud, waste, and abuse through the development, implementation and adherence to an effective compliance program. A compliance program can go a long way towards enabling a dental practice to identify potential improper or fraudulent practices before they occur. It is a strategic and vital tool that will assist you in following recognized best practices in the dental industry. Have you implemented a compliance program for your dental practice? If not, you may be placing your organization at significant risk. Give us a call today at and we would be more than happy to assist you in developing an effective compliance program for your dental practice.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with Medicare, Medicaid and private payor audits.  The firm also represents health care providers in connection with HIPAA Omnibus Rule risk assessments, privacy breach matters, State Licensure Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

CMS Has Clarified the HHA Definition of When a Patient is Confined to Home

CMS has clarified the term Confined to Home.(August 26, 2014): On August 1, 2014, the Centers for Medicare & Medicaid Services (CMS) issued Transmittal 192, clarifying their definition of when a home health patient is considered to be Confined to Home as described in the Medicare Benefit Policy Manual. This clarification more accurately articulates the Homebound definition found in the Social Security Act and is intended to prevent confusion and promote greater enforcement of the statute. The homebound clarification discussed in Transmittal 192 takes effect September 2, 2014.  As set out below, it is essential that you meet with your home health staff and referring physicians to better ensure that everyone in the patient care chain fully understands what it means for a patient be Homebound.

I.  Clarifying the Confined to Home / Homebound Definition:

One of the eligibility requirements for Medicare coverage of home health care is that a beneficiary must be certified as “homebound.” The latest transmittal clarifies the definition of Confined to Home in section 60.4.1 of Chapter 15 of the Medicare Benefit Policy Manual (Pub 100-02). Some of the more notable parts of revised Section 60.4.1 is summarized as follows:

For a patient to be eligible to receive covered home health services, the law requires that a physician certify in all cases that the patient is confined to his/her home. For purposes of the statute, an individual shall be considered “confined to the home” (homebound) if the following two criteria are met:

Criteria One:

The patient must either:

  • Because of illness or injury, need the aid of supportive devices such as crutches, canes, wheelchairs, and walkers; the use of special transportation; or the assistance of another person in order to leave their place of residence

OR

  • Have a condition such that leaving his or her home is medically contraindicated.

If the patient meets one of the Criteria One conditions, then the patient must ALSO meet two additional requirements in Criteria Two below:

Criteria Two:

  • There must exist a normal inability to leave home;

AND

  • Leaving home must require a considerable and taxing effort.

This clarification more accurately articulates the homebound definition found at Sections 1814(a) and 1835(a) of the Social Security Act. It also brings the Manual guidance in line with the 2012 Home Health Prospective Payment System final rule that was published on November 4, 2011 (76 FR 68599-68600).

Additionally, CMS has removed vague terms such as “generally speaking” from the definition to ensure clear and specific requirements. According to CMS, these changes will prevent confusion, promote a clearer enforcement of the statute, and provided more definitive guidance to home health agencies in order to foster compliance.

II.  Final Remarks:

All home health agencies should carefully review Transmittal 192 and the updated Medicare Benefit Policy Manual language. More importantly, home health agencies should educate every member in their clinical staff on the update to ensure strict compliance.

Lately, CMS has been quite active in its efforts to ensure that home health agencies are fully compliant with the Face-to-Face requirements. Nevertheless, agencies must not forget the importance of ensuring that a beneficiary is certified as homebound. This is a requirement that must be met for Medicare coverage! As a result, this clarification should assist help home health agencies in their own audit process and provide clearer guidance to both home health agencies and CMS auditors in the future.

CMS auditors will not relent in their efforts to ensure that Medicare funds are appropriately paid and that home health agencies are meeting the strict requirements for Medicare reimbursement. If you have recently experienced an audit of your records by a Medicare contractor, effective legal counsel is an effective resource that you cannot afford to dismiss. Moreover, implementing an effective compliance plan will more effectively ensure that your compliance efforts meet statutory requirements when – not if – an audit is conducted in your facility. If you need assistance with these two issues, give us a call today and we would be more than happy to assist you.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by RACs, ZPICs and other CMS-engaged specialty contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call 1 (800) 475-1906

OIG Finds Nursing Homes Not Reporting Patient Abuse and Neglect

Nursing Homes Aren't Reporting Patient Abuse and Neglect

(August 21, 2014):  Nursing facilities are required and expected to report any and all allegations of patient abuse or neglect to ensure patient safety. A recent study of their records by the Department of Health and Human Services’ Office of Inspector General (OIG) has found that a number of these facilities have not been fully compliant with this requirement.  Many of these facilities likely lack adequate systems designed to safeguard against this problem.  As discussed below, it is more important than ever that nursing homes develop and implement an effective compliance program that will facilitate the reporting of patient abuse and neglect allegations.

 

I.  Policies and Procedures For Reporting Allegations of Patient Abuse or Neglect:

The elderly population in the United States is projected to more than double from 40.2 million in 2010 to 88.5 million in 2050. Many of these individuals will likely end up residing in a nursing facility. It is important that these facilities understand that resident welfare must be a primary concern.

To ensure resident safety, Federal regulations require that nursing facilities develop and implement written policies related to reporting allegations of abuse, neglect, mistreatment, injuries of unknown source, and misappropriation of resident property[1]. Regulations also require that nursing facilities develop and implement written policies and procedures that prohibit abuse or neglect. [2]

Any and all allegations of abuse or neglect in a nursing facility must be reported to the facility administrator or designee, as well as to the State survey and certification agency, within 24 hours.[3] If an allegation merits an investigation, the results of that investigation must be reported to the same authorities within 5 working days.[4]

Nursing facilities must also notify owners, operators, employees, managers, agents, or contractors of nursing facilities (covered individuals) annually of their obligation to report reasonable suspicions of crimes committed against a resident of that facility.[5]

II.  What the OIG Study Found with Respect to Patient Abuse and Neglect Allegations:

OIG performed its study in two parts. The first part included:

  • Review of sampled nursing facilities’ policies related to reporting allegations of abuse or neglect,
  • Review of sampled nursing facilities’ policies related to reasonable suspicions of crimes, and
  • Survey of administrators from those sampled facilities

The second part then included an examination of a random sample of allegations of abuse or neglect identified from the sampled nursing facilities, and a review of documentation related to those sampled allegations.

Again, nursing facilities are both required and expected to report any and all allegations of abuse or neglect to ensure resident safety. The findings of the OIG report indicate that not all of them are following mandatory Federal regulations.

The OIG report found that 85% of nursing facilities reported at least one allegation of abuse or neglect to OIG in 2012. Patient abuse[6] was the most common type of allegation made, making up just over 50% of all allegations. Shockingly, nursing facilities identified that 40% of all allegations of abuse or neglect involved employee to resident abuse.

The OIG report also determined that only 76% of nursing facilities maintained policies that address both Federal regulations for reporting both allegations of abuse or neglect and investigation results. As you recall, both of these policies are required by Federal regulations.

Additionally, 61% of nursing facilities had documentation supporting the facilities’ compliance with Federal regulations that require nursing facilities to both annually notify covered individuals (i.e., owners, operators, employees, managers, agents, or contractors of nursing facilities) of their obligation to report to the appropriate entities any reasonable suspicion of crime, as well as to clearly post a notice specifying employees’ rights to file a complaint.

Lastly, 53% of allegations of abuse or neglect and the subsequent investigation results were reported, as Federally required. 63% of these allegations of abuse or neglect were reported immediately to the nursing facility administrator or designee and the State survey agency, as required. Moreover, the subsequent investigation results for 63% of allegations of abuse or neglect were reported to the appropriate individuals within 5 working days, as required.

III.  Patient Abuse and Neglect Reporting Recommendations:

With the elderly population in the US significantly increasing over the next several decades, elder abuse or neglect is likely to increase as well. Nursing facilities must ensure that the quality of care and safety for this age group is a priority.

Based on its findings, OIG made three recommendations to the Centers for Medicare & Medicaid Services (CMS). Specifically OIG recommended that nursing facilities:

Maintain policies related to reporting allegations of abuse or neglect;

Notify covered individuals of their obligation to report reasonable suspicions of crimes;

Report allegations of abuse or neglect and investigation results in a timely manner and to the appropriate individuals, as required. CMS concurred with all three of our recommendations.

Notably, CMS concurred with all three of the OIG recommendations.

IV.  Final Remarks:

The results of this latest OIG study are slightly disheartening. As noted above, the elderly population in the United States is projected to double over the next several decades. A majority of these persons are likely to end up living in a nursing facility. However, the elderly are already vulnerable to instances of abuse or neglect. Therefore, it is imperative that nursing facilities make elder care and well-being a priority in their day-to-day operations.

However, the study finds that nursing facilities are not taking their Federal obligations as serious as they should. Again, it is Federally mandated that nursing facilities report ANY and ALL instances of patient abuse or neglect, whether that allegation ends up in a subsequent investigation or not. Moreover, these facilities MUST develop and implement written policies and procedures related to preventing and reporting allegations of abuse or neglect.

Unfortunately, not all nursing facilities are doing so. The report indicates that this problem is not limited to small facilities either. Several large nursing facilities are ignoring their obligations as well. To safeguard their interests – and more importantly, to protect their residents – nursing facilities must ensure that they develop and implement the necessary policies and procedures.

How can nursing facilities take this necessary and important step? With an effective compliance plan, of course. An effective compliance plan will not only assist your facility in implementing safeguards to protect your residents from abuse or neglect, it will also protect your facility from other harmful acts. There are numerous administrative, physical, and technical safeguards mandated by HIPAA and other Federal regulations which must be set in place.  One of the most effective steps you can take to facilitate the reporting of patient abuse and neglect allegations is to set up a hotline for the reporting of these types of concerns.  A low-cost compliance hotline option like the one offered at www.compliancehotline.com would greatly improve your nursing home’s ability to stay abreast of these types of problems.

Does your facility currently have an updated compliance plan, one that includes all required policies and procedures? According to the OIG report, you may not. Let us assist you today in taking that first necessary step in developing and implementing an effective compliance plan. 

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS-engaged specialty contractors.  The firm also represents health care providers in the development and implementation of effective compliance programs, privacy breach matters, State Medical Board inquiries and regulatory reviews.  For a free consultation, call Robert at:  1 (800) 475-1906.

[1] 42 CFR § 483.13(c)(2).
[2] Nursing facilities’ policies and procedures prohibiting abuse must address the following seven (7) components: (1) screening; (2) training; (3) prevention; (4) identification; (5) investigation; (6) protection; and (7) reporting/response. § 483.13(c).
[3] § 483.13(c)(2).
[4] § 483.13(c)(4).
[5] 42 USC § 1150B.
[6] “Abuse” is defined as the willful infliction of injury, unreasonable confinement, intimidation, or punishment with resulting physical harm, pain or mental anguish. 42 CFR § 488.301.

CMS Extends HHA Enrollment Moratoria

CMS has extended the HHA enrollment moratoria for new agencies.(August 6, 2014):  The Centers for Medicare & Medicaid Services (CMS) has extended its year-long HHA enrollment moratoria on the enrollment of new home health agencies and ground ambulance suppliers in several major metropolitan areas. Furthermore, CMS has broadened its temporary enrollment moratoria so that it applies not only to Medicare, but also to enrollment in Medicaid and the Children’s Health Insurance Program (CHIP).

This announcement is just the latest maneuver in CMS’ ongoing efforts to prevent and combat fraud, waste, and abuse in these health care programs while safeguarding taxpayer dollars and ensuring patient access to care is not interrupted.

I.  Initial HHA Enrollment Moratoria:

On July 31, 2013, CMS imposed a moratoria[1] on the enrollment of HHAs in Miami-Dade County, Florida, and Cook County, Illinois (Chicago), as well as selected surrounding counties.  The moratoria also included the enrollment of ground ambulance suppliers and providers in the Harris County, Texas (Houston), area and its surrounding counties.  CMS indicated that its purpose for imposing this moratoria was to prevent and combat fraud, waste, and abuse in Medicare, Medicaid, and CHIP.

II.  CMS Extends Initial Moratoria, Includes Additional Counties Nationwide:

As we highlighted previously, CMS extended for six-months that initial enrollment moratoria.  Moreover, the agency also broadened that moratoria to include the enrollment of HHAs in Broward County, Florida (Ft. Lauderdale); Wayne County, Michigan (Detroit); and Dallas County, Texas, and the surrounding counties. Additionally, CMS has set forth a temporary moratorium on the enrollment of new ground ambulance suppliers and providers in the Greater Philadelphia, Pennsylvania area.

III.  CMS Extends Moratoria For An Additional Six Months:

On August 1, 2014, CMS announced that it would extend those moratoria for an additional six months. Again, this temporary moratoria affects the enrollment of new ambulance suppliers and providers and HHAs in specific geographic locations within the greater metropolitan areas in Florida, Illinois, Michigan, Texas, Pennsylvania, and New Jersey.

In extending these enrollment moratoria, CMS states that it considered both qualitative and quantitative factors that suggests a high risk of fraud, waste, or abuse. The agency relied on reports and consultation with the Department of Health and Human Services’ Office of Inspector General and the Department of Justice, both of whom have longstanding experience with ongoing and emerging fraud trends and activities through civil, criminal, and administrative investigations and prosecutions.

IV.  Final Remarks:

This latest moratoria will last for only six months.  However, HHAs and ground ambulance suppliers and providers should recognize that it will likely be extended for an additional six-month period, at the least.  In fact, in our previous assessment following the first extension, we concluded that additional extensions were more than likely. Providers in these affected metropolitan areas – including those surrounding counties, which are outlined here – should take risk into consideration.

Moreover, as noted above, CMS’ temporary enrollment moratoria affects these providers who not only participate in Medicare, but also in the Medicaid and CHIP programs.

Is this latest extension as significant as the first one? Maybe not.  Many of the HHAs and ground ambulance suppliers were caught unaware by the first extension.  One of our attorneys, Jennifer Papapanagiotou, spoke with an authority at the CMS-Dallas Regional Office and that individual reported that over 100 applications in Texas alone had been affected by the first extension. Interestingly, the individual at CMS reported that the CMS-Dallas Regional office had no prior notice of the moratorium and that it is being driven largely by the HEAT task force.

Nevertheless, HHAs and ground ambulance suppliers and providers – which, as noted above, includes that who not only participate in Medicare, but also in the Medicaid and CHIP programs – may not have an excuse any longer.  Our firm has worked with a number of HHAs in the past and we understand the complexities with setting up a new practice or ensuring that your current HHA meets all of the relevant Federal and State regulations. Our firm also has significant experience ensuring that you understand the medical necessity, documentation, coverage, coding and billing requirements applicable to HHA claims.  If you need assistance with dealing with the new CMS moratoria or any HHA compliance issues, give us a call today.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

[1] CMS has the regulatory authority to establish temporary moratoria on the enrollment of certain providers and suppliers pursuant to 42 U.S.C. § 1395cc(j)(7) and 42 CFR § 424.570.

Medicare Lifts Ban on Coverage for Sex Reassignment Surgery

(July 1, 2014):  On Monday, June 2, the Obama administration lifted its 33 year ban on Medicare coverage for Sex Reassignment Surgery (SRS). The decision is being hailed as a major victory for transgender rights. However, the decision does not necessarily mean that Medicare will pay for these operations – only that it could do so.

I.  Medicare Originally Considered Sex Reassignment Surgery to be “Experimental” and Therefore Not Covered:

In 1989, the Department of Health and Human Services (HHS) issued a blanket Medicare ban when it determined that SRS was an “experimental” surgery. This guidance was outlined under HHS’s National Coverage Determination[1] (NCD) titled “140.3, Transsexual Surgery.” Specifically,

Transsexual surgery for sex reassignment of transsexuals is controversial. Because of the lack of well controlled, long term studies of the safety and effectiveness of the surgical procedures and attendant therapies for transsexualism, the treatment is considered experimental. Moreover, there is a high rate of serious complications for these surgical procedures. For these reasons, transsexual surgery is not covered. 

The NCD language was based on a 1981 report from the National Center for Health Care Technology (NCHCT) of the HHS Public Health Service (PHS). The NCHCT forwarded its report to the officials of the Health Care Financing Administration (HCFA), now the Centers for Medicare & Medicaid Services (CMS), recommending “that transsexual surgery not be covered by Medicare at this time.”

II.  Challenging an NCD:

The Department Appeals Board (Board) may review any NCD “[u]pon the filing of a complaint by an aggrieved party.”[2] The aggrieved party must submit a statement “explaining why the NCD record is not complete, or not adequate to support the validity of the NCD under the reasonableness standard” and CMS may submit a response defending the NCD.[3]

The NCD record “consists of any document or material that CMS considered during the development of the NCD” including “medical evidence considered on or before the date the NCD was issued…”[4] The Board then “applies the reasonableness standard to determine whether the NCD record is complete and adequate to support the validity of the NCD.”[5]

If the Board determines that the record is complete and adequate to support the validity of the NCD, the Board will issue “a decision finding the record complete and adequate to support the validity of the NCD…”[6] The review process will then conclude. However, if the Board determines that the record is not complete and adequate to support the validity of the NCD, it will permit “discovery and the taking of evidence” and evaluate the NCD under applicable provisions[7], including conducting a hearing.[8] During an NCD review, the aggrieved party bears the burden of proof and the burden of persuasion for the issues raised in an NCD complaint, and the burden of persuasion is judged by a preponderance of the evidence.[9]

III.  NCD Complaint Filed to Overturn the Exclusion:

The aggrieved party included a 74-year old transgender woman and army veteran from Albuquerque, New Mexico. She filed her initial NCD complaint in March 2013. The following month, the Board notified CMS of this filing and then CMS submitted the NCD record[10] in May 2013. In June 2013, the aggrieved party submitted in a statement as to why the NCD record was not complete or adequate to support the validity of the NCD under the reasonableness standard.

The complaint contended that the bases for the NCD neither “reflect [n]or are supportable by the current state of medical science,” and that the NCD “is not reasonable in light of the current state of scientific and clinical evidence and current medical standards of care.” The complaint asserted that “in the intervening 32 years since PHS/NCHCT studied the issue” of coverage:

(a) dozens of new studies have been conducted that address the methodological limitations of earlier studies and confirm that sex reassignment surgery is a safe and extremely effective treatment for persons with severe gender dysphoria; (b) advancements in surgical techniques have dramatically reduced the risk of complications from sex reassignment surgery and the rates of serious complications from such surgeries are low, and (c) a robust medical consensus has developed among mainstream medical organizations which endorses the treatment standards established by the WPATH [World Professional Association for Transgender Health] Standards of Care [for the Health of Transsexual, Transgender, and Gender-Nonconforming People, Version 7, 13, Int’l J. Transgenderism 1 65 (2011)] and recognizes that sex reassignment surgery is a medically necessary treatment for persons with severe gender dysphoria.

The complaint was supported by the testimony of two expert witnesses – a clinical psychologist and a physician certified by the American Board of Obstetrics and Gynecology – as well as copies of two letters from two other physicians to an ALJ in the HHS Office of Medicare Hearings and Appeals. All of these health care professionals had substantial experience in treating persons with gender identity disorder (GID). In the case of the three physicians, this experience included years of performing some of the procedures involved in SRS. In addition, the clinical psychologist submitted copies of 32 journal publications and other writings cited in her two declarations.

Notably, CMS did not submit a response to these submissions. One could conclude that the agency had no reason to question the aggrieved party’s expert testimony or the experts’ descriptions of the medical and scientific literature submitted by the aggrieved party.

IV.  HHS Acknowledges that Sex Reassignment Surgery is Not Experimental:

HHS reviewed the complaint and made several conclusions. It determined that the record on which the safety concerns in the NCD were based was not complete and adequate. According to HHS, this appeared to stem, in part, from the substantial passage of time since publication of the sources on which the NCHCT relied in recommending that transsexual surgery be excluded. For example, surgical outcomes are far superior now than they were in at the time the NCD was published.

HHS also concluded that the declarations and supporting materials made the record on which the NCD was based was not complete or adequate to support the NCD’s determination that transsexual surgery has not been shown to be effective (i.e., that the surgery is experimental). Seemingly, the medical community today has reached consensus that transsexual or gender reassignment surgery is an effective treatment for persons with a sufficiently severe degree of gender identity disorder (GID) or gender dysphoria, the most common diagnoses for SRS.

HHS also noted that “long-term” follow-up studies published from 2002 to 2010 found that SRS was effective and had low complication rates based on assessing transsexual persons. Moreover, the complaint also cited decisions by US courts of appeals in seven circuits recognizing that GID or gender dysphoria was a serious medical condition.[11]

Based on this evidence, HHS concluded that the NCD record was not complete and adequate to support the validity of NCD 140.3, “Transsexual Surgery.” Therefore, HHS would now proceed to discovery and the taking of evidence.

V.  HHS’s Decision Meant that Sex Reassignment Surgery Could Be Covered Under Medicare:

HHS’ ruling here does not address the ultimate question of whether the NCD, as written, is valid under the reasonableness standard in the statute and regulations. The June 2, 2014 decision merely acknowledges that the procedures are not experimental and could be covered under the Medicare program.

What are some of the implications, at least thus far, of the HHS ruling? For one, Medicare may end up considering surgery as a medically necessary treatment for a diagnosis classified as a mental disorder. As noted above, gender dysphoria is the most common diagnosis given for SRS. Interestingly, it is listed as code 302.85 “Gender identity disorder in adolescents or adults” in ICD-9 and classified under “Neurotic Disorder, Personality Disorders, And Other Nonpsychotic Mental Disorders”. Its ICD 10 code will be F64.1 (with the same description) and is listed as a “Disorder of Adult Personality and Behavior”. If HHS determines that it will pay for surgeries for gender dysphoria, could this lead to coverage for payment for procedures for other mental conditions like Autism?

VI.  Final Remarks:

Again, the latest move by HHS does not necessarily mean that Medicare will pay for SRS procedures. Nevertheless, the fact that the Agency has removed the restriction on SRS as an “experimental” procedure is still a considerable step. Regardless of any restrictions that Medicare may place on SRS procedures, this could be seen as a substantial updated in CMS’s policies of considering mental health disorders as true diseases that may require surgery and not just counseling services or medication. For those interested, stand by to see if HHS eventually promulgates an actual NDC or coverage policy for SRS.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call  1 (800) 475-1906.

[1] An NCD is “a determination by the Secretary [of HHS] with respect to whether or not a particular item or service is covered nationally under [title XVIII (Medicare)].” Social Security Act (the Act) § 1869(f)(1)(B) (42 U.S.C. § 1395ff(f)(1)(B)). NCDs are issued by CMS, apply nationally, and are binding at all levels of administrative review pf Medicare claims. 42 C.F.R. § 405.1060.

[2] Section 1869(f)(1) of the Act.

[3] 42 C.F.R. § 426.525(a), (b).

[4] 42 C.F.R. § 426.518(a).

[5] 42 C.F.R. § 426.525(c)(1).

[6] 42 C.F.R. § 426.525(c)(2).

[7] of 42 C.F.R. Part 426.

[8] 42 C.F.R. §§ 426.525(c)(3), 426.531(a).

[9] 42 C.F.R. § 426.330.

[10] The NCD record included: a May 6, 1981 NCHCT memorandum recommending “that transsexual surgery not be covered by Medicare at this time”; the 1981 NCHCT report; notes from a May 11, 1982 HCFA Physicians Panel meeting recommending against referring the American Civil Liberties Union (ACLU) submissions to PHS, where the ACLU disagreed with HCFA’s non-coverage policy, “on the basis that it does not contain information about new clinical studies or other medical and scientific evidence sufficiently substantive to justify reopening the previous PHS assessment.”; and a copy of the 1989 Federal Register notice publishing the NCD language (minus four pages) and an undated page from the HCFA coverage issues manual. 54 Fed. Reg. 34,555-612; NCD Record at 11, 76-129.

[11] See, e.g., De’lonta v. Johnson, 708 F.3d 520, 522-23 (4th Cir. 2013) (stating that sex or gender reassignment surgery is an accepted, effective, medically-indicated treatment for GID, and that the surgery is not experimental or cosmetic and that the WPATH Standards of Care “are the generally accepted protocols for the treatment of GID.”).

Miscoded Evaluation and Management Services Cost Medicare $6.7 Billion

Evaluation and Management Services are being audited by ZPICs (June 25, 2014)  Officials at the Department of Health and Human Services, Office of Inspector General (OIG) recently examined medical records from 2010 for claims related to evaluation and management services (E/M services). The results are astounding. OIG determined that Medicare inappropriately paid $6.7 BILLION for E/M services that year due to claims that were incorrectly coded and/or lacking the necessary documentation. In total, over half of the claims for E/M services submitted in 2010 had incorrect codes or lacked the necessary documentation.

 

I. Coding and Documentation Requirements for Evaluation and Management Services:

E/M services are visits performed by physicians and nonphysician practitioners to assess and manage a beneficiary’s health. These services are divided into different categories known as “visit types” that reflect the type of service, the place of service, and the patient’s status. Most visit types are further divided into three to five levels, which correspond to the complexity of a visit and the Current Procedural Terminology (CPT) codes for billing purposes.

The level of an E/M service for CPT coding is determined by seven components: patient history, physical examination, medical decision-making, counseling, coordination of care, the nature of the patient’s presenting problem(s), and time. The first three components are important in determining the correct code for the E/M service. Higher level codes for a visit type indicates increased complexity of the E/M service. More importantly, it corresponds to higher reimbursement rates.

In order to be reimbursed for E/M services, the services must be medically reasonable and necessary. The services must also meet the individual requirements of the CPT code that is used on the claim. However, if services are billed at a higher level than were actually performed, the medical necessity requirement is not met. Providers must therefore ensure that the claims they submit to Medicare accurately reflect the E/M services provided and are billed at the appropriate level.

Physicians’ documentation is also an important part of the reimbursement process. The documentation must support the medical necessity and appropriateness, as well as the level, of the E/M service. In order to accurately reflect this, the medical record documentation must be clear and concise. The records should reflect the care the patient received as well as the relevant facts, findings, and observations about the patient’s history. Moreover, Medicare requires that the services be authenticated, either through a handwritten or electronic signature. If the medical record fails to include a proper attestation, CMS concludes that the claim is insufficiently documented.

II. Physicians Increase their Billing of High Level Codes, Leading to Higher Payment Amounts:

In 2012, an OIG report analyzed E/M services (all visit types) from 2001 to 2010 and noted that physicians had been increasing their billing of higher level codes. This process would obviously yield higher reimbursement amounts. Additionally, the Centers for Medicare and Medicaid (CMS) has determined that E/M services are 50% more likely to be incorrectly paid compared to other Part B services. These improper payments are more likely to result from errors in coding and/or insufficient documentation.

OIG then conducted a medical record review of a random sample of Part B claims for E/M services from 2010. In this review, OIG stratified claims from physicians who consistently billed higher level codes for E/M services and claims from other physicians. The first group of claims came from “high-coding physicians”. They comprised a sample from 828,646 claims billed by physicians with a history of high-coded claims. These high-coding physicians represented the top 1% of their primary specialties and billed at the two highest level codes (4 and 5) for E/M services at least 95% of the time. The second and larger group – claims from other physicians – included nearly 369 million claims from doctors without a history of high coding.  OIG then had certified professional coders review the claims determine whether the E/M service documented in the medical record for each sample claim was correctly coded and/or sufficiently documented.

III. Medicare Inappropriately Paid $6.7 Billion for Evaluation and Management Claims that were Incorrectly Coded and/or Lacked Necessary Documentation:

The results of OIG’s report are disturbing. Notably, Medicare paid approximately $32.3 billion for E/M services in 2010. However, 21% of this figure corresponded to claims for E/M services that were improperly paid. In total, OIG found that Medicare inappropriately paid $6.7 billion for claims for E/M services in 2010 that were incorrectly coded and/or lacking documentation.

Specifically, OIG determined that 42% of claims for E/M services in 2010 were incorrectly coded, whether the claims were upcoded or downcoded . The upcoded claims represented $4.6 billion in overpayments whereas Medicare underpaid providers approximately $1.8 billion in downcoded claims.  Furthermore, 19% of E/M claims lacked the necessary documentation. This includes 12% of the claims that were insufficiently documented, whereby Medicare made $2.6 billion in overpayments. On the other hand, 7% of the claims were undocumented and these represented $2 billion in overpayments.

Overall, OIG found that 55% of claims for E/M services were incorrectly coded or lacked the necessary documentation for reimbursement.
Additionally, OIG determined that claims from high-coding physicians were more likely to be incorrectly coded or insufficiently documented than claims from other physicians.

IV. Recommendations:

OIG recognized that its findings highlight errors associated with E/M services that must be addressed to properly safeguard the federal Medicare program. Based on the results of its study, OIG made three notable recommendations for CMS:

1. Education physicians on coding and documentation requirements for E/M services;
2. Continue to encourage contractors to review E/M services billed for by high-coding physicians; and
3. Follow-up on claims for E/M services that were paid for in error.

Interestingly, CMS only concurred with the first recommendation. It partially concurred with the third recommendation but did not concur with the second recommendation.

V.  Final Remarks:

The results of this latest OIG report are particularly troublesome. Problems associated with incorrect coding and improper documentation is clearly a widespread problem for E/M claims. In this case, over half of the claims for E/M services were incorrectly coded (whether upcoded or downcoded) or lacked necessary documentation. That is a significant percentage of the $32.3 billion Medicare paid out for E/M services in 2010. Furthermore, the report indicates that the “high-coding physicians” – those with a history of high coding and who are in the top 1% of their primary specialties – are the most likely providers to upcode their claims.

If you are a Medicare provider performing E/M services – especially if you fall into the “high-coding physician” category – what should you do? The most important action you can take is to ensure that your claims accurately reflect the medical necessity requirements for Medicare reimbursement. This includes ensuring that the claims you submit to Medicare accurately reflect the E/M services provided and the billing levels appropriately correspond to those services.

Providers must also confirm that the documentation accurately supports the medical necessity and appropriateness, as well as the level, of the E/M service. The medical records should reflect clear and concise documentation. Physicians must document the care a patient receives, as well as the pertinent facts, findings, and observations about the patient’s history. The record should be complete and legible. It should also include the date and a legible identity of the physician who furnished the E/M service. Moreover, the provider must ensure that the services are authenticated by the author of the record. This may be in the form of a handwritten or electronic signature.

As CMS increases the intensity of its fraud fighting capabilities, providers must be ready for an audit of their claims and medical record documentation. While you may not fall into the “high-coding physician” category, this does not necessarily protect you from an audit. If – and when – you find yourself subject to an audit of your E/M claims, one of the best ways to fight for your reimbursements is through proper legal representation. Please feel free to give us a call today at 1 (800) 475-1906.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call 1 (800) 475-1906.

HIPAA Encryption is the Best Way to Avoid a Violation

HIPAA Encryption is Your Best Defense Against a Breach.(May 29, 2014):  On April 22, 2014, the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) announced that it had entered into resolution agreements with two entities for $1,725,220 and $250,000, respectively, to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The main take away from these settlements? Covered entities and business associates could best protect themselves against future violations through HIPAA encryption procedures.

I.     HIPAA and HITECH Impose Duty to Safeguard Privacy and Security of Patient PHI:

Under the Health Insurance Portability and Accountability Act of 1996[1] (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act[2], covered entities[3] and business associates[4] must safeguard the privacy and security of their patients’ Protected Health Information (PHI). PHI includes any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.[5]

Additionally, in January 2013, HIPAA was updated via the Final Omnibus Rule. These updates not only greatly enhanced a patient’s privacy rights and protections, but it also strengthened the ability of HHS-OCR to vigorously enforce the HIPAA privacy and security protections. For example, covered entities and business associates must review and modify security measures as needed to ensure the continued provision of “reasonable and appropriate” protection of EPHI.[6] Moreover, the impermissible use or disclosure of PHI (i.e. in violation of the HIPAA Privacy Rule) is now presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the PHI has been comprised.[7]

However, while employees of covered entities and business associates regularly use laptops, tablets or other mobile devices to access, store and transmit electronic PHI (EPHI), many of these entities have not implemented effective requisite safeguards to protect this sensitive information. These devices, many of which remain unencrypted, leave EPHI vulnerable to unauthorized access and disclosure. Under these circumstances, a “breach”[8]  has occurred and must be reported.  Furthermore, there are significant civil monetary penalties for security breaches.  In light of these risks, HIPAA encryption is recommended.

II.     Stolen Laptops Without HIPAA Encryption Lead to Settlements:

Unauthorized breaches regularly occur in situations when electronic devices are lost or stolen.  In fact, stolen laptops with unencrypted EPHI have resulted in many recent settlement agreements with HHS-OCR. Just last month, two covered entities agreed to collectively pay HHS-OCR almost $2 million to resolve potential violations of the HIPAA Privacy and Security Rules.

Following the first covered entity’s submission of a breach report indicating that a laptop had been stolen from one of its facilities, HHS-OCR initiated a compliance review. HHS-OCR concluded that the covered entity recognized that lack of HIPAA encryption of electronic devices posed a security risk to patient data. However, it “failed to adequately remediate and manage its identified lack of HIPAA encryption or, alternatively, document why HIPAA encryption was not reasonable and appropriate and implement an equivalent alternative measure to encryption, if reasonable and appropriate.”

As to the other covered entity, HHS-OCR found that it “did not implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI it held, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306 from the compliance date of the Security Rule.”

As part of the resolution agreements with HHS-OCR, both covered entities entered into a corrective action plan where it agreed to provide OCR with an updated risk assessment management plan, updates on the HIPAA encryption status of its devices and equipment, and proof that they had completed security awareness training of their staff.

III.  Final Remarks:

A review of both settlement agreements reveals some interesting findings. Notably, both agreements reflect some degree of compliance with the Security Rule prior to the imposition of a monetary settlement. While covered entities and their business associates should review these settlement agreements; it is important to understand that partial compliance with HIPAA and HITECH is NOT SUFFICIENT. If you are found to be in violation of the Rules, civil monetary fines will be levied on you.

Covered entities and business associates should ensure that they are in FULL COMPLIANCE with the requirements of HIPAA.  You must take steps to immediately conduct a full Security Rule risk assessment and mitigate any identified risks to patient PHI. Do you need help conducting a risk assessment or instituting a full compliance program? We would be more than happy to assist you. Give us a call today.

Remember: if you and your staff are using laptops to access, store and transmit ePHI, OCR has given you the appropriate guidance to safeguard your patients – and YOU: “[…] encryption is your best defense against these incidents.”

Robert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call  1 (800) 475-1906.


[1] Pub.L. 104–191, 110 Stat. 1936.

[2] Enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub.L. 111–5

[3] “Covered entities” generally include health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions. 45 C.F.R. 160.103.

[4] See 45 CFR Sections 160.102 and 160.103.

[5] 45 C.F.R. 164.501.

[6] 45 C.F.R. 164.306(c).

[7] 45 CFR §§ 164.400-414.

[8] See 45 CFR §§ 164.402.

Next Page »