logo - Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations.

Small Business Administration Releases Express Bridge Loan Pilot Program for COVID-19

Download PDF

Express Bridge Loan Pilot Program COVID-19(March 26, 2020): The Small Business Administration (“SBA”) announced an Express Bridge Loan Pilot Program on March 25, 2020.[1]   The Express Bridge Loans are available to businesses, including health care providers, to provide economic relief for businesses impacted by the Coronavirus Disease (COVID-19) while they await long-term disaster financing.[2]


I.   Background:

The Express Bridge Loan Pilot Program was released by the SBA in October 2017 and was created to supplement the SBA’s ability to grant direct disaster loans.[3]  The program provides “expedited guaranteed bridge loan financing for disaster-related purposes” to any small business that is located in a Presidentially-declared disaster area[4] while the business awaits long-term financing, regardless of whether the long-term financing is sought through the SBA disaster loan program.  The Express Bridge Loan Program includes a “streamlined underwriting process” and is designed to “minimize the burden” of applying for a small business loan.[5]

II.   COVID-19 Expansion of the Express Bridge Loan Program:

The SBA expanded its Express Bridge Loan Program, effective March 25, 2020,[6] to include all small businesses impacted by COVID-19 Emergency Declaration.[7] This proclamation includes all states, U.S. Territories, and the District of Columbia. Express Bridge Loans can be approved for health care providers through March 13, 2021.

Express Bridge Loans may be granted at a maximum amount of $25,000 for a loan term of 7 years.  The maximum allowable interest rate is 6.5% over the Prime rate, regardless of the maturity of the loan.[8] A lender may charge an applicable fee of 2% of the loan amount (or $250), whichever is greater.[9] Lenders are not required to take collateral for Express Bridge Loans. The minimum accepted credit score is a FICO Small Business Scoring Service Score of 130.

a. Who is Eligible for an Express Bridge Loan?

Any small business located in any U.S. state, territory, or the District of Columbia that was operational on March 13, 2020.

b. How Does a Health Care Provider Qualify for an Express Bridge Loan?

A health care provider interested in applying for an Express Bridge Loan must demonstrate that it does not have credit available elsewhere.[10]  This can be achieved by having a lender[11] certify on a Lender’s Application for Loan Guaranty Form (SBA Form 1920) that the provider does not have the ability to obtain some or all of the requested loan amount from a non-Federal source, including from the lender completing the form, without SBA assistance.  The lender must also document that the provider / applicant had an operating business located in a disaster area on March 13, 2020, which was adversely impacted by COVID-19.

The provider / applicant must also complete the SBA 7(a) Borrower Information Form (SBA Form 1919). This form should be submitted to the provider’s lender. The form requires information about each of the applicant’s principals, which includes:

  • Sole proprietors;
  • For a general partnership: all general partners and all limited partners owning 20% or more of the equity of the business; or any partner that is involved in the management of the business;
  • For a corporation: all owners of 20% or more of the corporation, and each officer and director;
  • For limited liability companies: all members owning 20% or more of the company, each officer, director, and managing member;
  • Any person hired by the business to management day-to-day operations (“key employees”); and
  • Any Trustor (if the business is owned by a trust).

A separate SBA Form 1919 should be completed and signed by each of the above principals.[12] Finally, the lender must a signed IRS Form 4506-T to obtain an IRS transcript before it disburses the loan.[13]

C. How Soon Will a Provider Receive an Express Bridge Loan Payment?

The first disbursement of an Express Bridge Loan “should occur” within 45 days of the lender’s receipt of an SBA loan number. Disbursement must occur within 90 days of receipt of an SBA loan number or the loan will be cancelled.[14]  The SBA “endeavors” to provide loan numbers within one business day of receipt of the application (if filed through the SBA’s electronic transmission system, “E-Tran”).

III.   Conclusion:

The Federal Government is working with the SBA to make emergency funds available as quickly as possible to providers affected by COVID-19. Liles Parker attorneys are closely monitoring the available programs and are available to assist health care providers with the loan process and to answer any other concerns in response to this National Emergency.

Ashley Morgan is a Senior Associate at the health law firm, Liles Parker, PLLC.  Ms. Morgan represents health care providers and suppliers around the country in a wide variety of regulatory matters.  These include but are not limited to Medicare revocation, suspension and deactivation actions, prepayment reviews, postpayment claims audits, and State Board licensure matters.  Ms. Morgan is also assisting health care providers and suppliers adversely affected by COVID-19 with the completion and submission of SBA business loans.  For a free consultation regarding your needs, please give Ms. Morgan a call.  She can be reached at (202) 298-8750 or toll-free at 1 (800) 475-1906.

[1] Express Bridge Loan Pilot Program Guide, Small Business Administration, https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[2] COVID-19 SBA Loan Support May be Available for Qualified Health Care Providers, Liles Parker PLLC (Mar. 25, 2020) https://www.lilesparker.com/2020/03/25/covid-19-sba-loan/ (last accessed Mar. 26, 2020).

[3] 82 Fed. Reg. 47958, Express Bridge Loan Pilot Program; Modification of Lending Criteria (Oct. 16, 2017) (codified at 13 CFR Part 120).

[4] Current Declared Disasters, Small Business Administration, https://disasterloan.sba.gov/ela/Declarations (last accessed Mar. 26, 2020).

[5] Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 3, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[6] According to the SBA the expansion of the Express Bridge Loan Program will be published in the Federal Register. Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 3, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[7] This Emergency Declaration was issued by President Trump on March 13, 2020. Donald Trump, Proclamation on Declaring a National Emergency Concerning the Novel Coronavirus Disease (COVID-19) Outbreak, The White House, Mar. 13, 2020, https://www.whitehouse.gov/presidential-actions/proclamation-declaring-national-emergency-concerning-novel-coronavirus-disease-covid-19-outbreak/ (last accessed Mar. 26, 2020).

[8] Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 7-8, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[9] An SBA Form 159 must be completed and signed by the applicant and lender if the lender charges an application fee. Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 11, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[10] 42 C.F.R. § 120.101.

[11] The lender must have an existing banking relationship with the provider/applicant as of the date of the applicable disaster. Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 9, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[12] SBA 7(a) Borrower Information Form, Small Business Administration (SBA Form 1919) (OMB Control No. 3245-0348) (Exp. Date July 31, 2020).

[13] Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 11-12, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

[14] Express Bridge Loan Pilot Program: Program Guide v.2, Small Business Administration, Mar. 25, 2020, p. 12, available at: https://www.sba.gov/document/support–express-bridge-loan-pilot-program-guide (last accessed Mar. 26, 2020).

42 CFR Sec. 424.535(a) Medicare Revocation Actions — Your Medicare Billing Privileges Can be Revoked For a Host of New Reasons. Are You Facing a Medicare Revocation Action? If so, You Must Act Fast to Preserve Your Appeal Rights.

Download PDF

Have Your Medicare Billing Privileges Been Revoked Under 42 CFR Sec. 424.535(a)?

(March 9, 2020):   Last September, the Centers for Medicare and Medicaid Services (CMS) published a Final Rule titled “Medicare, Medicaid, and Children’s Health Insurance Programs; Program Integrity Enhancements to the Provider Enrollment Process.”  The Final Rule under 42 CFR Sec. 424.535(a) was published in order to implement sections 1866(j)(5) and 1902(kk)(3) of the Social Security Act (as amended by the Affordable Care Act).

As we discussed in earlier articles[1], the Final Rule is quite expansive. It implements a wide range of new enrollment, affiliation, revocation and denial authorities.  As a reminder, here’s an overview of the timeline we are concerned with:

  • November 4, 2019: Purported effective date of the expanded revocation bases outlined in the Final Rule. 

  • September 10, 2019: CMS published the Final Rule titled Medicare, Medicaid, and Children’s Health Insurance Programs; Program Integrity Enhancements to the Provider Enrollment Process.” in the Federal Register. [2]  The Final Rule sets out the expanded reasons for revocation or denial of a provider’s or supplier’s billing authority.  

  • March 1, 2016: CMS published a Proposed Rule titled “Medicare, Medicaid, and Children’s Health Insurance Programs; Program Integrity Enhancements to the Provider Enrollment Process.”[3] This Proposed Rule set out the enrollment revocation and denial changes CMS planned to implement in an effort to address long-standing program integrity risks that have previously been exploited in the past.

Within hours of the purported[4] effective date of the Final Rule, CMS Medicare Administrative Contractors (MACs) began issuing revocation letters to participating Medicare providers and suppliers who had been identified as slated to have their Medicare billing privileges revoked (based on one or more of the expanded revocation letters set out in the Final Rule).  This updated article focuses on one aspect of the Final Rule – the expanded Medicare billing privilege revocation authorities now exercised by CMS.

I.   Implementation of Medicare’s Expanded Billing Privilege Revocation Authorities Under 42 CFR Sec. 424.535(a):

Prior to the issuance of the Final Rule, under 42 CFR Sec. 424.535(a), CMS exercised the authority to revoke the Medicare billing privileges of a currently-enrolled provider or supplier (along with any related provider or supplier agreement) based on fourteen reasons.  Under the Final Rule, the number of reasons upon which revocation could be based grew to 22.[5]  Moreover, the scope of several of the original fourteen reasons for revocation was expanded under the Final Rule, primarily due to implementation of new requirements with respect to “Affiliations,” “Disclosable Events,” and “Uncollected Debts.”  Over the last few months, since the expanded bases for revocation have been implemented, we have seen a significant increase in the number of revocation actions being pursued by Medicare MACs around the country. Moreover, as discussed in Section III below, CMS is now typically imposing a 10-year reenrollment bar (rather than the previous 3-year reenrollment bar) when pursuing a revocation action. An overview of the expanded list of reasons upon which a provider’s Medicare billing privileges can be revoked is provided below:

1. Noncompliance. Under 42 CFR Sec. 424.535(a) (1), CMS can revoke Medicare billing privileges if it has determined that a provider or supplier is not in compliance with its enrollment requirements (as set out in the appropriate enrollment application) AND has not submitted an appropriate plan of correction, CMS may revoke the Medicare billing privileges.

2. Provider or supplier conduct. Under 42 CFR Sec. 424.535(a) (2), CMS can revoke Medicare billing privileges if a provider, supplier or any owner, managing employee, delegated official, medical director, supervising physician or other health care personnel of the provider or supplier has been excluded from participation in a Federal health care program OR has been disbarred, suspended, otherwise excluded from participating in any other Federal procurement program. 

3. Felonies.  Under 42 CFR Sec. 424.535(a) (3), CMS can revoke Medicare billing privileges if a provider, supplier or any owner or managing employee was convicted of a Federal or State felony (within the preceding 10 years) that CMS determines is detrimental to the best interests of the Medicare program and its beneficiaries. 

4. False or misleading information. Under 42 CFR Sec. 424.535(a) (4), CMS can revoke Medicare billing privileges if a provider or supplier certified as “true” information on the enrollment application that is misleading or false. As the regulation is quick to point out, the false certification action can also lead to fines and imprisonment. 

5. On-site review. Under 42 CFR Sec. 424.535(a) (5), CMS can revoke Medicare billing privileges if when conducting an “on-site review” at the purported address of the provider or supplier, it finds that the site is no longer operational OR the on-site review shows that the provider has moved and did not update their address appropriately. In recent years, this revocation reason is typically cited when a Unified Program Integrity Contractor (UPIC) conducts an unannounced, on-site visit of a practice, home health agency, hospice or other provider, based on the location listed in PECOS.  If a provider has moved offices and has failed to update CMS Form 855B and the Provider Enrollment, Chain, and Ownership System (PECOS), the CMS contractor will recommend that a provider’s billing privileges be revoked. 

6. Grounds related to provider or supplier screening requirements. Under 42 CFR Sec. 424.535(a) (6),  CMS can revoke the Medicare billing privileges of an institutional provider[6] that fails to submit an application fee or hardship exception request with their Medicare revalidation application.

7. Misuse of billing number.  Under 42 CFR Sec. 424.535(a) (7), CMS can revoke Medicare billing privileges if a provider or supplier knowingly sells to or allows another individual or entity to use its billing number (other than in the case of a valid reassignment of benefits). 

8. Abuse of billing privileges. Under 42 CFR Sec. 424.535(a) (8), CMS can revoke the Medicare billing privileges of a provider or supplier: 

    • Submits a claim for services that have not been furnished to a specific individual on the date of service. Examples provided under 42 CFR scc. 424.535(a) (8) include situations where beneficiary is deceased, situations where the directly physician or beneficiary is not in the state or country when the serves were allegedly furnished, OR when the equipment necessary for testing is not present when the testing is said to have taken place.
    • Has a pattern or practice of submitting claims that fail to meet Medicare requirements.[7]

9. Failure to report[8]. Under 42 CFR Sec. 424.535(a) (9), can revoke the Medicare billing privileges if a provider or supplier: 

    • Failed to comply with its reporting requirements under 42 CFR Se. 516(d), such as changes in ownership or control, any other changes in enrollment within 90 days, any revocation or suspension of a Federal or State license within 30 days; OR
    • Failed to comply with its reporting requirements under 42 CFR Sec. 33(g)(2), such as changes in ownership, changes of location, changes in general supervision, and adverse legal actions must be reported to the Medicare fee-for-service contractor on the Medicare enrollment application within 30 calendar days of the change. All other changes to the enrollment application must be reported within 90 days. As a recent letter to a provider from CMS contractor Novitas Solutions stated:

 An undeliverable records request sent to the provider’s Medicare 855 correspondence address constitutes a failure to provide CMS access to documentation in violation of 42 U.S. Code Sec. 424.516(1).”  


    •  Failed to comply with its reporting requirements under 42 CFR Sec. 424.57(c)(2), such as changes in information on a provider’s application for billing privileges within 30 days of the change. 

10. Failure to document or provide CMS access to documentation. Under 42 CFR Sec. 424.535(a) (10), CMS can revoke the Medicare billing privileges if a provider or supplier has failed to comply with the documentation or CMS access requirements. Under 42 CFR Sec. 516(f), a provider or supplier is required to maintain documentation for 7 years from the date of services, AND upon the request of CMS or Medicare contractors, provide access to that documentation. 

11. Initial reserve operating funds. Under 42 CFR Sec. 424.535(a) (11), CMS can revoke the Medicare billing privileges of a home health agency if within 30 days of CMS or a Medicare contractor request, the home health agency cannot furnish supporting documentation verifying that the home health agency  meets the initial reserve operating funds requirement found in 42 CFR Sec. 489.28(a). 

12. Other program termination. Under 42 CFR Sec. 424.535(a) (12), CMS can revoke Medicare billing privileges if a provider or supplier is terminated, revoked or otherwise barred from participation in a State Medicaid program or any other Federal health care program. This represents a significant change.

13. Prescribing authority. Under 42 CFR Sec. 424.535(a) (13), CMS can revoke Medicare billing privileges if a physician or other eligible professional’s Drug Enforcement Administration (DEA) Certificate of Registration is revoked or suspended; OR a State licensing body suspends or revokes the ability of a physician or other eligible professional to prescribe drugs.

14. Improper prescribing practices. Under 42 CFR Sec. 424.535(a) (14), CMS can revoke Medicare billing privileges of a physician or other eligible professional if it determines that there has been a pattern or practice of prescribing Part B or Part D drugs that is:

    • Abusive or represents a threat to the health and safety of Medicare beneficiaries or both; OR
    • Fails to meet Medicare requirements.

15. Reserved.

16. Reserved.

17. NEW — Debt referred to the United States Department of Treasury. Under 42 CFR Sec. 424.535(a) (17), CMS can revoke Medicare billing privileges if a provider or supplier has an existing debt that CMS appropriately refers to the United States Department of Treasury.[9]

18. NEW — Revoked under different name, numerical identifier or business identity. Under 42 CFR Sec. 424.535(a) (18) CMS can revoke the Medicare billing privileges if a provider or supplier is currently revoked under a different name, numerical identifier, or business identity, and the applicable reenrollment bar period has not expired. [10]

19. NEW Affiliation that poses an undue risk. Under 42 CFR Sec. 424.535(a) (19), CMS may revoke the Medicare billing privileges if it determines that the provider or supplier has or has had an affiliation under 42 CFR Sec. 424.519 that poses an undue risk of fraud, waste, or abuse to the Medicare program.

20. NEW — Billing from a non-compliant location. Under 42 CFR Sec. 424.535(a) (20), CMS may revoke the Medicare billing privileges of a provider or supplier, even if all of the practice locations associated with a particular enrollment comply with Medicare enrollment requirements, if the provider or supplier billed for services performed at or items furnished from a location that it knew or should have known did not comply with Medicare enrollment requirements.[11]

21. NEW Abusive ordering, certifying, referring, or prescribing of Part A or B services, items or drugs. Under 42 CFR Sec. 424.535(a) (21), CMS may revoke the Medicare billing privileges if it determines that a physician or eligible professional has a pattern or practice of ordering, certifying, referring, or prescribing Medicare Part A or B services, items, or drugs that are abusive, represents a threat to the health and safety of Medicare beneficiaries, or otherwise fails to meet Medicare requirements.[12]

22. NEW — Patient Harm. Under 42 CFR Sec. 424.535(a) (22), CMS may revoke the Medicare billing privileges if it determines that a physician or eligible professional has been subject to prior action from a State oversight board, Federal or State health care program, Independent Review Organization (IRO) determination(s), or any other equivalent governmental body or program that oversees, regulates, or administers the provision of health care with underlying facts reflecting improper physician or other eligible professional conduct that led to patient harm.[13]

As the above expanded list of revocation authorities reflects, CMS now has the express ability to revoke the Medicare billing privileges of a health care provider or supplier for serious violations of law (such as conviction of a felony or patient abuse).  However, it also has the authority to revoke Medicare billing privileges for conduct that may only amounts to an administrative error or mistake by a provider or supplier.  Perhaps even more troubling is the fact that the past or current “affiliations” of a provider or supplier may lead to a revocation action if CMS determines that the affiliation represents an undue risk to the Medicare program or its beneficiaries.

A hundred years ago, the U.S. Supreme Court stated in the case Rock Island Arkansas & Louisiana R. Co v. United States[14]:

Men must turn square corners when they deal with the government

That statement still rings true in today’s world.  Health care providers and suppliers are permitted to apply to participate in the Medicare and Medicaid programs.  Participation isn’t a “right.”  It is a privilege.  When you complete your enrollment paperwork, you expressly agree to comply with the terms of the Form 855 Enrollment Application.  Should you fail to comply with each of the obligations set out in that agreement, CMS reserves the right to revoke your Medicare billing privileges. Now, more than ever, it is essential that you have an effective Compliance Program in place and that you periodically review your practices to ensure that you and your staff are fully complying with applicable Medicare regulatory, statutory and legal requirements.

II.   Length of Time a Provider’s Medicare Billing Privileges May be Revoked Under 42 CFR Sec. 424.535(c):

The Final Rule significantly modified 42 CFR Sec. 424.535(c). This regulatory provision sets out the potential reenrollment bar time limits that may imposed by CMS when initiating a Medicare revocation action.  If this is the first time that a provider’s Medicare billing privileges are being revoked, the minimum reenrollment bar is 1 year, and the maximum reenrollment bar is 10 years.[15]  If CMS determines that a provider attempted to circumvent its existing reenrollment bar by enrolling in Medicare under a different name, numerical identifier or business identity,” the agency can further tack on up to 3 additional years onto the reenrollment bar it has imposed.[16] As a final point in this regard, Moreover, under if a provider or supplier is being revoked from Medicare a second time, CMS may choose to impose a reenrollment bar of up to 20 years.[17]

III.   Responding to a Medicare Revocation Action:

If you receive notice that CMS is intending to revoke your Medicare billing privileges, it is essential that you engage experienced health law counsel to represent you in the appeal process.  This is especially critical given the fact that recent revocation actions initiated by CMS have all sought to impose of reenrollment bar of 10 years, rather than the 3-year bar that was typically imposed prior to November 4, 2019.  Unfortunately, a Medicare revocation action can trigger a number of other secondary adverse actions by law enforcement, private payors and a provider’s State Medical Board. If your Medicare billing privileges are being revoked, please feel free to give us a call for a free consultation.  Liles Parker attorneys have extensive experience representing health care providers around the country in Medicare revocation actions.  We can be reached at:  1 (800) 475-1906.

42 CFR scc. 424.535(a)Robert W. Liles is a former Federal prosecutor and has more than 25 years of health law experience.  Mr. Liles and the other attorneys at Liles Parker have extensive experience representing providers and suppliers in the appeal of proposed Medicare revocation actions. Questions?  Give Robert Liles a call.  For a free consultation, he can be reached at:  1 (800) 475-1906.

[1] September 2019 article titled Medicare, Medicaid and CHIP Enrollment Revocation and Denial Authorities Have Expanded.  What Steps are You Taking to Reduce Your Level of Risk?”

and our December 2017 article titled Revocation of Your Medicare Billing Privileges.”

[2] 84 FT 47794 (September 10, 2019). https://www.govinfo.gov/content/pkg/FR-2019-09-10/pdf/2019-19208.pdf

[3] 81 FR 10720.

[4] We are in currently in the process of challenging the purported effective date of November 4, 2019.  CMS failed to provide the proper notice requirements mandated under the Congressional Review Act.  This failure thereby delays the effective date of the expanded revocation authorities.

[5] Slots have been placed in reserve for revocation reasons number 15 and 16 which would likely be assigned by CMS in the future and would presumably go through the rulemaking process.

[6] Under 42 CFR Sec. 424.502, the term “Institutional Provider” means any provider or supplier that submits a paper Medicare enrollment application using the CMS-855A, CMS-855B (not including physician and nonphysician practitioner organizations), CMS-855S, CMS-20134, or an associated Internet-based PECOS enrollment application.

[7] Under 42 CFR Sec. 424.535(a) (8), when making this determination, CMS considers:

  • The percentage of submitted claims that were denied;
  • The reasons for the denials; whether the provider has a history of final adverse actions (and the nature of these actions;
  • The length of time over which the pattern has continued; how long the provider has been enrolled in Medicare; and
  • Any other information that CMS deems relevant to its determination of whether the provider or supplier has or has not engaged in the pattern or practice identified.

[8] Under 42 CFR Sec. 424.535(a)) (9), when determining whether a revocation under this paragraph is appropriate, CMS considers the following factors:

(i) Whether the data in question was reported.

(ii) If the data was reported, how belatedly.

(iii) The materiality of the data in question.

(iv) Any other information that CMS deems relevant to its determination.

[9] Under 42 CFR Sec. 424.535(a) (17), when determining whether a revocation under this paragraph is appropriate, CMS is supposed to consider:

  • The reason(s) for the failure to fully repay the debt (to the extent this can be determined).
  • Whether the provider or supplier has attempted to repay the debt (to the extent this can be determined).
  • Whether the provider or supplier has responded to CMS’ requests for payment (to the extent this can be determined).
  • Whether the provider or supplier has any history of final adverse actions or Medicare or Medicaid payment suspensions.
  • The amount of the debt. (vi) Any other evidence that CMS deems relevant to its determination.

[10] Under 42 CFR Sec. 424.535(a) (18), when determining whether a provider or supplier is a currently revoked provider or supplier under a different name, numerical identifier, or business identity, CMS investigates the degree of commonality by considering the following factors:

  • Owning and managing employees and organizations (regardless of whether they have been disclosed on the Form CMS–855 application).
  • Geographic location.
  • Provider or supplier type.
  • Business structure.
  • Any evidence indicating that the two parties are similar or that the provider or supplier was created to circumvent the revocation or reenrollment bar.

[11]  Under 42 CFR Sec. 424.535(a) (20), when determining whether and how many of the provider’s or supplier’s enrollments, involving the non-compliant location or other locations, should be revoked, CMS considers the following factors:

  • The reason(s) for and the specific facts behind the location’s noncompliance.
  • The number of additional locations involved.
  • Whether the provider or supplier has any history of final adverse actions or Medicare or Medicaid payment suspensions.
  • The degree of risk that the location’s continuance poses to the Medicare Trust Funds.
  • The length of time that the noncompliant location was non-compliant.
  • The amount that was billed for services performed at or items furnished from the non-compliant location.
  • Any other evidence that CMS deems relevant to its determination.

[12] Under 42 CFR Sec. 424.535(a) (21), when making its determination as to whether such a pattern or practice exists, CMS considers the following factors:

(i) Whether the physician’s or eligible professional’s diagnoses support the orders, certifications, referrals or prescriptions in question.

(ii) Whether there are instances where the necessary evaluation of the patient for whom the service, item or drug was ordered, certified, referred, or prescribed could not have occurred (for example, the patient  was deceased or out of state at the time of the alleged office visit).

(iii) The number and type(s) of disciplinary actions taken against the physician or eligible professional by the licensing body or medical board for the state or states in which he or she practices, and the reason(s) for the action(s).

(iv) Whether the physician or eligible professional has any history of final adverse action (as that term is defined in Sec. 424.502).

(v) The length of time over which the pattern or practice has continued.

(vi) How long the physician or eligible professional has been enrolled in Medicare.

(vii) The number and type(s) of malpractice suits that have been filed against the physician or eligible professional related to ordering, certifying, referring or prescribing that have resulted in a final judgment against the physician or eligible professional or in which the physician or eligible professional has paid a settlement to the plaintiff(s) (to the extent this can be determined).

(viii) Whether any State Medicaid program or any other public or private health insurance program has restricted, suspended, revoked, or terminated the physician’s or eligible professional’s ability to practice medicine, and the reason(s) for any such restriction, suspension, revocation, or termination.

[13] Under 42 CFR Sec. 424.535(a) (21), when determining whether a revocation is appropriate, CMS considers the following factors:

(A) The nature of the patient harm.

(B) The nature of the physician’s or other eligible professional’s conduct.

(C) The number and type(s) of sanctions or disciplinary actions that have been imposed against the physician or other eligible professional by the State oversight board, IRO, Federal or State health care program, or any other equivalent governmental body or program that oversees, regulates, or administers the provision of health care. Such actions include, but are not limited to in scope or degree:

(1) License restriction(s) pertaining to certain procedures or practices.

(2) Required compliance appearances before State medical board members.

(3) License restriction(s) regarding the ability to treat certain types of patients (for example, cannot be alone with members of a different gender after a sexual offense charge).

(4) Administrative or monetary penalties.

(5) Formal reprimand(s).

(D) If applicable, the nature of the IRO determination(s).

(E) The number of patients impacted by the physician’s or other eligible professional’s conduct and the degree of harm thereto or impact upon.

[14] 254 U.S. 141, 143 (1920).

[15] 42 CFR Sec. 424.535(c)(1)(i).

[16] 42 CFR Sec. 424.535(c)(2)(i).

[17] 42 CFR Sec. 424.535(c)(3),

Overview of Dental Claims Audits and Investigations by Medicaid and Private Payors in 2019

Download PDF

Audits of Dental Claims and Dental Fraud Investigations are Increasing.(March 4, 2020):  Many dentists and dental practices around the country are glad that 2019 is behind us.  Last year was a banner year for law enforcement investigators and administrative auditors of dental claims.  Federal and State prosecutors around the country actively pursued both civil and criminal cases against individual dentists for a variety of offenses.  Notably, a number of the defendants prosecuted by the government were first identified as engaged in wrongdoing by Unified Program Integrity Contractors (UPICs) conducting Medicaid dental claims audits and private payor Special Investigative Units (SIUs) reviewing dental claims submitted by a practice for payment.  In this article, we examine the administrative, civil and criminal cases that were brought against dentists in 2019 in order to identify the conduct that led to the imposition of overpayments, the imposition of civil penalties by the government, and in some instances, the criminal prosecution of dentists for various violations of law.

I.   Administrative Dental Claims Audits Expanded in 2019:

  • Medicaid Claims Audits.

Almost a decade ago, the enactment of the Affordable Care Act[1] made it possible for state Medicaid programs to greatly increased their eligibility criteria and the scope of services offered to program beneficiaries. While eligible child enrollees were already receiving dental benefits, in many states, the number of adults qualifying for Medicaid dental benefits doubled. Not surprisingly, as Medicaid dental services have grown, the costs associated with these benefits also greatly expanded.  In response, Federal and State authorities have steadily devoted ever increasing resources to the audit and investigation of improper dental business, coding and billing practices.

The Centers for Medicare and Medicaid Services (CMS) has engaged a number of third-party, UPIC contractors (such as Qlarent, AdvanceMed, the CoventBridge Group, and SafeGuard Services LLC) to perform program integrity audits of Medicaid dental claims around the country.  It is important to keep in mind that UPICs are expressly required to refer suspected cases of fraud and abuse to law enforcement for further investigation and possible prosecution.  UPICs are also required to recommend the revocation of participating providers and suppliers that are non-compliant with Medicare regulations and policies.

Notably, several large private dental management companies, such as DentaQuest and Delta Dental also currently serve as dental plan administrators for various state Medicaid Advantage dental plans around the country.[2]  SIUs at DentaQuest, Delta Dental and other dental plan administrators have implemented a number of measures to identify and investigate instances of suspected fraud or improper dental billing practices.

  • DentaQuest, Delta Dental and Other Private Payor Dental Audits.

DentaQuest, Delta Dental and a number of other payors serve as administrators for private dental plans and various employer-sponsored dental insurance policies around the country.  In 2019,  private dental payors greatly expanded the scope and frequency of audits conducted by their SIUs.  Additionally, these private dental payors greatly increased their use of “prepayment review” and “payment hold” actions, both of which can adversely impact a dental practice’s cash flow and possibly cripple a practice’s ability to operate.

II.   Common Reasons for Denial Cited in Administrative Dental Audits by UPICs, DentaQuest and Delta Dental:

In 2019, the following reasons for denial were commonly cited by UPICs, DentaQuest and Delta Dental in audits we handled:

    • Failure to sign progress notes (either electronically or by hand). At first glance, you may feel that the failure to electronically-sign a dental progress note is a mere technical deficiency. Unfortunately, that isn’t necessarily the case, CMS contractors (such as UPICs) are actively denying dental claims if the associated progress note has not been signed by the rendering dentist. As set out in the Medicaid Program Integrity Manual[3] reflects, unsigned entries (referring to electronic and handwritten), shall be excluded from consideration when performing [a] medical review.”  Similarly, in several of the private dental payors cases that we handled, the payors denied claims that were not supported by signed progress notes and / or orders.  As a final point in this regard, please keep in mind that most State Dental Practice Acts include specific requirements mandating that progress notes, orders and treatment records be signed by the licensed dental professional who performed the service.
    • Billing for dental services not rendered. Unfortunately, this reason for denial has been a recurring theme cited by UPICs and SIUs alike when auditing dental records and claims for many years.  For example, recent private payor audits conducted have alleged that multiple instances were found where dentists billed for periodontal services (CDT Code D4331 – periodontal scaling and root planing) that were not performed based on the auditor’s review of the patient dental treatment records and radiographs in the fileSimilarly, insufficient documentation has been cited when denying these services based on failure to establish medical necessity. In these instances, the auditors noted that in order to diagnose and treat periodontal disease, dated pre-operative diagnostic quality radiographs and pre-operative periodontal charting is needed. Without these, periodontal disease cannot be properly diagnosed and periodontal scaling and root planing should not be conducted.
    • Misrepresentation of a non-covered service. In some respects, this improper practice is nothing more than another form of “billing for services not rendered. Simply put, in the recent cases we have seen where this has occurred, a dentist or dental practice has either purposely or erroneously characterized a non-covered dental service as a covered service. Keep in mind, the definition of a non-covered service varies from policy to policy. Additionally, the list of non-covered services under a specific policy may change from year-to-year. In any event, it is important that dental providers regularly check to ensure that the services being provided qualify for coverage and payment.
    • Misrepresentation of the provider of the dental service. This type of billing error is still commonly found in both dental and medical practices around the country. In the cases we have seen, “fraud” wasn’t the reason for the underlying misrepresentation on the ADA Claims form. In most instances, it was merely a matter of a credentialing delay. In other cases, dental practices appeared to believe that they were permitted to bill for the services under a concept similar to Medicare’s “Incident-To” ruleAlthough we have not seen a dental misrepresentation case of this type referred for criminal prosecution, it is important to remember that the ADA Dental Claims form is being electronically submitted to the health plan for payment.  Depending on the facts, an aggressive prosecutor could argue that such conduct constitutes were fraud. 18 U.S.C. §1343.
    • Unlicensed individuals found to have performed dental procedures. Generally speaking, we have seen two categories of cases where this has occurred. In the first example, a licensed professional failed to renew his Because of this administrative error, the dentist inadvertently performed dental procedures while his license had lapsed.  In the second example, a dental assistant or dental hygienist was found to have performed one or more dental procedures that were outside of their scope of practice. Both of these examples typically lead to claims denials.  They may also result in complaints to the State Dental Board.
    • Routine failure to collect the patient’s full payment or share of cost without notifying the carrier. Is your dental practice consistently collecting co-payments and deductibles that may be owed by a covered beneficiary?  In the case of non-government administered plan, the unsupported waiver of these amounts may constitute a breach of contract. However, if the dental plan is Federally funded, such a failure may constitute a violation of the Anti-Kickback Statute.
    • Misreporting dates to circumvent calendar year maximums or time limitations. The misreporting of dates in an effort to evade calendar year maximums and / or time limitations may constitute a violation of one or more State and Federal fraud statutes.
    • Failure to properly document support for medical necessity. Properly documenting medical necessity continues to be a problem. Over the last year, our reviews have found that there was often little detail provided to support medical necessity of pediatric dental treatments provided. For example, prophylaxis was typically provided because it was medically required. Although dental notes often indicated that plaque was visible, the notes often failed to  specify any areas of build-up. Also, the level of decay was typically not included to support services such as fillings and crowns.
    • Missing dental treatment plans / consent forms. Completed dental treatment plans and consent forms have frequently been found to be missing from patient dental records. The dental treatment plans that were included were typically signed by the pediatric dental patient’s parent, but the signatures were often not dated. Signatures should be dated and these dates should correspond with the date listed as the date of authorization noted on the claim form. Many of the dates of authorization for the “signatures on file” on the claim form were after the date of service, which is an error cited in recent audits.  

 Have you received a request for dental records from a government or private payor?  Take care.  You don’t want to inadvertently turn an administrative or civil audit into a criminal case.  Dental records, progress notes, x-rays and other documents must be signed and dated by the health care provider at the time the services are rendered or conducted.  In conducting your review, did you find that the claims documentation is legible and complete?  If not, change your practices now.  Wholesale efforts to go back and supplement incomplete documentation may constitute obstruction of justice if incorrectly handled.  Never make changes to a patient’s documentation or dental records without first discussing the issues presented with legal counsel so that you can ensure that a third party reviewing the updated records will not be misled as to the nature of the changes or revisions AND when the changes or revisions were made

In other words, your records must accurately show when changes, corrections or additions were made to the patient’s dental records.  Late entries to a record must be dated as such.  More than likely, government and private payor auditors will give very little (if any) credit to late entries or supplemental records unless the service being supplemental was recently performed.   The falsification of information in a patient’s dental record (or in other records presented to the government, its agents or private payor auditors) can constitute a criminal violation and could lead to much bigger troubles for you and your dental practice than a mere overpayment.

III.   Civil Investigations / False Claims Act Dental Cases Brought in 2019:

Last fiscal year, the Federal government won or negotiated over $3 billion in judgments and settlements under the civil False Claims Act. Of the $3 billion in settlements and judgments recovered by the Department of Justice this past fiscal year, $2.6 billion involved the health care industry. It is worth noting that these recoveries only reflect Federal funds, millions of dollars more were also recovered for State Medicaid programs.   Despite the fact that literally billions of dollars were recovered from health care providers and suppliers using the False Claims Act, very few of the settlements and judgments were related to dentists, dental practices and / or dental management companies.  Examples of False Claims Act dental recoveries made in 2019 include:

    • December 2019. In this case, the government alleged that from 2014 through 2015, the defendant dentist presented claims to the State Medicaid program for dental services that were never provided.  Connecticut’s Superior Court ordered the defendant to pay treble damages, along with a civil penalty of $1.5 million.
    • March 2019. In this case dental fraud case, after reviewing a sample of patient dental records, the State Attorney General’s Office found that a dental practice has defrauded the State Medicaid program.  To resolve the allegations, the defendant dentists agreed to pay $1 million under the State False Claims Act and agreed to be voluntarily excluded from participating in the Medicare and Medicaid programs.

 IV.   Criminal Prosecutions of Illegal Dental Business Practices in 2019:

As the case overviews below reflect, both Federal and State prosecutors aggressively prosecuted dentists for their illegal conduct in 2019.  Examples of the criminal prosecutions pursued in dental cases last year include:

    • October 2019.  Virginia.  In this case, a Virginia-licensed dentist was sentenced to nearly eight and a half years in prison for conspiracy to distribute prescription opioids and muscle relaxant pills without a legitimate medical purpose.  The government alleged that the defendant was involved in an elaborate scheme to prescribe opioids such as hydrocodone and oxycodone pills for his personal use and the use of his co-conspirators
    • October 2019. Missouri. Federal prosecutors allege that two dentists at a Missouri dental practice participated in two different schemes to defraud Medicaid.  In the first scheme, patients were allegedly provided a $50 Ortho-Tain mouth pieces designed to straighten teeth but the Medicaid program was then billed $700 for a “speech aid prosthesis.” In the second scheme, federal prosecutors say the dentists provided dentures and other dental services to patients who did not qualify for Medicaid reimbursement and then submitted claims to Medicaid anyway Federal prosecutors say these two schemes netted $885,748.
    • September 2019. Maryland. The dental practice owner (and former dentist) at a Maryland practice agreed to pay over $5.4 million in restitution and nearly $4 million in a forfeiture money judgment after pleading guilty to health care fraud for involvement in a $5 million-plus Medicaid fraud scheme. Authorities said the former dentist (who is currently serving a 16-year sentence for sexual assault of patients), used his dental practices to submit fraudulent claims to D.C. Medicaid for thousands of unprovided provisional crowns, which resulted in around $5.4 million worth of improper payments from the program between August 2012 and February 2016.
    • August 2019. Illinois. An Illinois dentist was indicted on 13 counts of health care and wire fraud after prosecutors say he billed Illinois Medicaid hundreds of thousands of dollars for dental procedures he never performed. The U.S. Attorney’s Office for the Southern District of Illinois stated. In all, it is alleged that Kim collected more than $700,000, which prosecutors want paid back to the state.
    • July 2019. Arkansas.  In the case, an Arkansas dentist received a five-year suspended prison term and was ordered to pay $33,383.05 in restitution, $100,149.15 in damages and $2,500 in fines after pleading guilty to defrauding Medicaid. Authorities said the dentist submitted more than 3,100 fraudulent claims to Medicaid for X-rays and various dental services between September 2015 and December 2017, which resulted in $186,461 worth of improper payments from the program.
    • June 2019. Tennessee.  A Tennessee dentist and practice owner was sentenced to two years and nine months in prison and was ordered to pay $965,448 in restitution after pleading guilty to conspiracy to commit health care fraud for orchestrating a scheme to defraud TennCare and other health care benefit programs. Authorities said the dentist caused the submission of fraudulent claims to TennCare and other health benefit programs for unprovided or incomplete dental work from November 2013 to January 2018.
    • June 2019. California.  A California dentist based out of Los Angeles was sentenced to more than three years in prison for health insurance fraud and was ordered to pay restitution of more than $1.4 million after pleading guilty to submitting fraudulent claims to multiple private insurers for unprovided dental care services.
    • April 2019.  New Jersey.  An unlicensed dentist from New Jersey was convicted in a $2 million fraud case in New York.  The unlicensed dentist was sentenced to two years in prison and ordered to pay restitution of almost $1 million after being convicted for his role in the $2 million health insurance fraud scheme.  Prosecutors allege that the unlicensed dentist worked as a dentist in Manhattan and conspired with others to pay kickbacks to patients and submit fraudulent claims to health insurers for unprovided dental services or services. 

V.   Steps a Dental Practice Can Take to Reduce Regulatory / Statutory Risk:

  • Don’t Ignore a Request for Dental Records from a Medicaid or Private Payor Auditor? 

It has been our experience that a significant portion of all requests for dental records and claims information are either overlooked or ignored by a dental practice.  This error can result in a payor terminating your agreement.   Legal counsel can often intervene on your behalf and obtain an extension of time in which to submit the requested documents. We have seen several cases where a dental practice’s failure to response to the payor’s records request in a timely fashion resulted in the automatic denial of the claims being audited.

  • Implement an Effective Dental Compliance Program.

First and foremost, it is recommended (and if you take Medicaid it is required by law) that you develop and implement an effective Compliance Program.  This would include an aggressive plan to conduct periodic internal audits of your dental claims to ensure that the services have been provided, fully documented, were medically necessary and were coded / billed properly. When was the last time you conducted an internal dental claims audit and examined whether the services you are providing fully reflect medical necessity requirements, are documented to meet the requirements of the payor, and are properly coded and billed? What did you find?  Who conducted the audit, someone from your dental practice, or an outside dental consultant?  Be sure and engage any outside dental consultant through legal counsel.

  • Screen Your Employees, Contractors and Agents Against Available Screening Databases.

Dental providers should screen their applicants, clinical staff, administrative staff, contractors, vendors and agents on a monthly basis.  At this time, there are more than 40 different databases that need to be checked.  These databases include:

(1) List of Excluded Individuals and Entities (LEIE). Maintained by HHS-OIG.
System for Award Management (SAM). Maintained by the General Services Administration.
40 State Medicaid Exclusion Registries. Maintained by either the State Attorney General’s Office or the State Medicaid Fraud Control Unit (MFCU).

Questions regarding your screening obligations?  Call the helpful folks at Exclusion Screening, PLLC with any screening questions.  They can be reached at: 1 (800) 294-0952

  • Call a Qualified Health Law Attorney for Help in Responding to a Dental Audit.

 Hopefully, you won’t face a Medicaid or private payor dental audit in the near future.  If you do, it is essential that you engage qualified legal counsel to guide you through the process.  A knowledgeable, experienced lawyer can interact directly with the payor and work towards a reasonable resolution of the case.  Legal counsel can also provide guidance with respect to payor documentation, coding and billing requirements. Importantly, the Liles Parker attorneys who would represent you and your practice in a dental audit are both experienced health lawyers AND have achieved certification as Certified Medical Reimbursement Specialists (CMRSs) by the American Medical Billing Association (AMBA) and / or Certified Professional Coders (CPCs) by the American Academy of Professional Coders.

Are you facing a dental claims audit or investigation? We can help.  For a free consultation, please call Robert at:  1 (800) 475-1906.

Dental Claims AuditsRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with dental claims audits and investigation.  Is your dental practice being audited? Give us a call.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

[1] Signed into law by President Obama on March 23, 2010.

[2] As Medicaid dental rolls have increased, many states have chosen to engage a third-party to administer their Medicaid dental programs, such as Delta Dental or DentaQuest.  At last count, Delta Dental administers dental programs serving more than 80 million Americans, many of whom are participants in a government-sponsored program.  Similarly, DentaQuest administers dental programs serving over 25 million beneficiaries, most of whom are covered by a government-sponsored program.

[3] Medicaid Program Integrity Manual, 1.7.5 “Medical Review for Program Integrity Purposes.”

Have You Received a Civil Investigative Demand (CID)? How Should a Health Care Provider or Supplier Respond When Receiving a Civil Investigative Demand?

Download PDF

Have you received a Civil Investigative Demand? Call Liles Parker for assistance. 1 (800) 475-1906.(March 3, 2020):  In recent years, Federal prosecutors around the country have increasingly relied on Civil Investigative Demands when investigating civil False Claims Act matters and cases.[1]  It’s easy to see why the government has continued to focus its civil enforcement efforts on alleged violations of the False Claims Act. Let’s look at the numbers — it’s been another banner year for the civil False Claims Act.  According to the Department of Justice (DOJ), the government secured more than $3 billion in settlements and judgments in False Claims Act cases for Fiscal Year ending September 30, 2019.  More than $2.6 billion of this $3 billion is related to health care matters and cases.  As DOJ notes, this is the tenth consecutive year that health care False Claims Act settlements and judgments have exceeded $2 billion.  As these statistics show, health care providers and suppliers are the primary targets of both whistleblower and government-initiated actions under the False Claims Act.[2] To investigate alleged violations of the False Claims Act, Federal prosecutors have been increasingly relying on Civil Investigative Demands as a pre-litigation discovery tool.  This article examines the government’s current use of Civil Investigative Demands in health care False Claims Act matters and cases and discusses the steps you should take if you are the recipient of one of these administrative subpoenas.

I.  What is a Civil Investigative Demand?

A Civil Investigative Demand is a formal administrative subpoena that is issued by an Assistant U.S. Attorney (or a DOJ Civil Division Trial Attorney) in connection with the government’s investigation of a False Claims Act matter or case.  In the context of a government-initiated False Claims Act investigation, this discovery tool by prosecutors to assist them in deciding whether or not to file suit under the statute.[3]  Alternatively, if a False Claims Act case has already been filed by a whistleblower, DOJ prosecutors may choose to issue one or more Civil Investigative Demands to gather additional information that may be necessary to decide whether or not to intervene in the qui tam[4] case that has been filed.  Under 31 U.S.C. § 3729-3733(1)(A)-(D), the government can use a Civil Investigative Demand to require a person:

(A) to produce such documentary material inspection and copying,

(B) to answer in writing written interrogatories with respect to such documentary material or information,

(C) to give oral testimony concerning such documentary material  or information, or

(D) to furnish any combination of such material, answers, or testimony.

 II.  The Evolution of Civil Investigative Demands:

  • False Claims Amendments of 1986.

With the passage of the “False Claims Amendments of 1986,” [5] the Attorney General of the United States was given the authority to issue Civil Investigative Demands in connection with the investigation of civil False Claims Act matters. Unfortunately, this discovery tool was only infrequently utilized by DOJ due to the fact that the Attorney General had to personally authorize a Civil Investigative Demand before it could be issued.  From a practical standpoint, this restriction made it very difficult for line prosecutors to utilize this discovery tool.  In order to do so, an Assistant U.S. Attorney would have to traverse multiple levels of DOJ management in order to even present a Civil Investigative Demand request for the consideration of the Attorney General.  Not surprisingly, only significant, large-dollar loss False Claims Act matters typically made it to this level and resulted in the issuance of a Civil Investigative Demand.

  • Fraud Enforcement and Recovery Act of 2009, P.L.111-21 (FERA).

On May 20, 2009, the “Fraud Enforcement and Recovery Act of 2009”[6] was signed into law by President Obama. Among its provisions, FERA greatly modified the rules under which Civil Investigative Demands could be issued.  Under FERA:

Delegation of Civil Investigative Demand Issuance Authority – Under FERA, the Attorney General can delegate his / her authority to Issue Civil Investigative Demands in False Claims Act matters and cases. In practice, the authority to issue a Civil Investigative Demand has now been delegated to Assistant U.S. Attorneys investigating alleged violations of the False Claims Act.

Sharing of Information Obtained Using a Civil Investigative Demand with a Qui Tam Relator – FERA permitted the Attorney General (or Designee) to share information obtained using a Civil Investigative Demand with a qui tam relator if the Attorney General (or Designee) determines it is necessary to do so as part of any False Claims Act investigation.[7]

The redelegation of authority to issue Civil Investigative Demands from the Attorney General to a designee was immediately met with opposition from a variety of industry groups.  By letter dated July 13, 2009, several dozen national associations and large corporate entities (ranging from the American Hospital Association to Exxon Mobile Corporation), wrote to Attorney General Eric Holder to express their concerns that the redelegation of issuance authority may lead to problems with:

“consistency, coordination, institutional memory, and a variety of other issues that overbroad delegation would raise.”[8]

Ultimately, the Attorney General did, in fact, choose to delegate the authority to issue Civil Investigative Demands to U.S. Attorneys around the country.[9] U.S. Attorneys have further redelegated this authority to Assistant U.S. Attorneys in their offices.

III.  Can Information Obtained Through a Civil Investigative Demand be Shared with Criminal Prosecutors?

The short answer is “Yes,” documentary materials, answers to interrogatories and transcripts of oral testimony obtained under a Civil Investigative Demand can be shared with criminal prosecutors.   In fact, all of the information gathered through a Civil Investigative Demand can be used for “official use” in “furtherance of a Department of Justice investigation or prosecution of a case.”[10]

A common concern expressed by defendants in a case is that perhaps the government is using the civil investigative process (such as the issuance of a Civil Investigative Demand) as a “stalking horse” to obtain information, answers to interrogatories and civil testimony in a case that would be unavailable (or not easily obtainable) if the case were pursued criminally.  Unless a defendant is able to show that a civil action has been brought solely to obtain evidence for a criminal prosecution, courts have not been sympathetic to the stalking horse argument.[11]

For additional guidance on the risks presented when dealing with parallel civil and criminal investigations, you may wish to review our article titled A Civil Investigative Demand Issued to You or Your Medical Practice is Serious Business. Understand Your Level of Risk Before Responding to the Government’s Investigation.”

IV.  How Should a Health Care Provider or Supplier Respond When Receiving a Civil Investigative Demand?

Upon receipt of a Civil Investigative Demand, you should immediately contact experienced legal counsel to guide you in your response.  When selecting legal counsel, it is essential that that ensure that the attorney representing you is both experienced and knowledgeable with respect to the use of the Civil Investigative Demands and the government’s use of the False Claims Act.  For example, is the attorney a former Assistant U.S. Attorney?  Is the attorney an experienced False Claims Act lawyer?  Has the attorney recently represented physicians and other health care providers in responding to a Civil Investigative Demand? Does the attorney have experience managing large, complex document productions in a cost-effective fashion? Has the attorney provided a thorough explanation of the subpoena response process?  Once you have selected a qualified, experienced attorney to represent your interests, legal counsel will likely take the following actions:

  • Instruct you to refrain from engaging in any document destruction activities until the full scope of the government’s inquiry can be determined. You want to avoid taking any action that could be misconstrued as obstruction of justice.
  • Carefully review the specifications of the Civil Investigative Demand and work with you to determine where responsive documents, electronic records and other materials may be located.
  • Contact the issuing Assistant U.S. Attorney and obtain an extension (if necessary) so that you can comply with the government’s requests. Your legal counsel may also be successful in getting the government to narrow the scope of documents being sought and may be able to learn how the government views your role (and potential exposure) in the current False Claims Act case. For instance, does the government view you as a target,   a subject or a witness of their investigation. 
  • Conduct a privileged, internal review of your business arrangements, medical records, coding and billing practices (the nature of the internal review will depend in large part on the focus of the government’s investigation as reflected by the specification of the Civil Investigative Demand). To the extent that you do, in fact, have a problem, your attorney will likely want to obtain a clear picture of the nature and scope of any overpayment or improper conduct so that remedial action can be taken.
  • Depending on the internal review findings, is there potential criminal exposure in this case?

Liles Parker attorneys have extensive experience representing health care providers and suppliers in government audits and investigations. Several of our attorneys are former prosecutors and are highly experienced handling False Claims Act matters and cases.  If you are the recipient of a Civil Investigative demand it is imperative that you immediately contact qualified, experienced counsel to represent you when responding to this administrative subpoena.  For a free consultation, please give us a call at:  1 (800) 475-1906.

Civil Investigative Demand Robert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with False Claims Act issues and investigations.  Are you the recipient of a Civil Investigative Demand?  If so, we can help.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

[1] 31 U.S.C. § 3729-3733.

[2] Notably, most of these False Claims Act recoveries were generated by whistleblower actions.  A total of 633 new whistleblower cases were filed in FY 2019.  In contrast, the government filed 146 new False Claims Act cases in FY 2019 (where no whistleblower was involved).

[3] A Civil Investigative Demand can only be issued by a Federal prosecutor prior to the government filing of a False Claims Act case or making a decision whether to intervene or not intervene in a case.  After a case is filed or an election is made, the government may only utilize traditional civil litigation discovery tools.

[4] In a “Qui Tam” action, a private party, referred to as a “Relator” (or more commonly as a “Whistleblower”) files a case under the civil False Claims Act on behalf of the government.  If a qui tam action is successful, the Relator can receive up to 25% of the recovery (in an intervened case) or up to 30% of the recovery (in a non-intervened case).

[5] Public Law 99-562, 100 Stat. 3153 (October 27, 1986), reprinted in, 10A USCCAN (December 1986). A copy of the False Claims Act Amendments of 1986 can be found at: https://www.govinfo.gov/content/pkg/STATUTE-100/pdf/STATUTE-100-Pg3153.pdf

[6] Public Law 111-21, 123 Stat. 1616 (May 20, 2009).  A copy of the Fraud Enforcement and Recovery Act of 2009 can be found at: https://www.congress.gov/bill/111th-congress/senate-bill/386/text

[7] Prior to the passage of FERA, the Attorney General was only able to share information obtained using a Civil Investigation Demand after obtaining authorization to do so from a U.S. District Court, after showing “substantial need” that the sharing of the information was in “furtherance of its statutory duties.”

[8] Letter from associations and industry representatives to Attorney Eric Holder, dated July 13, 2009.  https://www.nacdl.org/getattachment/746c7dca-6386-4e47-a980-717132ee21e0/cidscoalitionletter.pdf

[9] 28 C.F.R. Part 0, Subpart Y and Appendix.  https://www.law.cornell.edu/cfr/text/28/appendix-to_subpart_Y_of_part_0

[10] 31 U.S.C. § 3733(l)(8).

[11] See United States v. Kordel, 397 U.S. 1, 11 (1970).  Also see United States v. Stringer, No. 06-30100 (9th Cir. Apr. 4, 2008). In the Stringer case, the 9th Circuit reversed a lower court decision to dismiss a criminal indictment based on the government’s alleged violation of the defendant’s due process rights resulting from improper behavior when conducting a parallel civil / criminal investigation.

The PSAVE Pilot Program: Should You Self-Audit Your Medicare Claims?

Download PDF

PSAVE Pilot Program(April 2, 2018):  Our nation’s demographics are changing.  In less than 20 years, it is estimated that for the first time in country’s history, the number of individuals over the age of 65 will exceed the number of children.[1] These increases are already being seen in our rapidly expanding Medicare healthcare benefit program.  At last estimate, Medicare Administrative Contractors (MACs) processed an estimated 1.2 billion claims on behalf of America’s seniors.[2]  As the Medicare program has grown, the Centers for Medicare and Medicaid Services (CMS) has employed a variety of different claims audit mechanisms to better ensure that the Medicare Trust Fund is protected from waste, fraud and abuse.  The Provider Self-Audit Validation and Extrapolation (PSAVE) pilot program is among the agency’s most recent efforts to protect the integrity of the Medicare program.  An overview of the PSAVE pilot program is set out below.

I. Providers and Suppliers Currently Subject to the PSAVE Pilot Program:

In November 2017, Noridian Healthcare Solutions LLC (Noridian), the MAC for Jurisdiction F, and CMS launched a pilot Medicare claims self-auditing program. Jurisdiction F is comprised of Alaska, Arizona, Idaho, Montana, North Dakota, Oregon, South Dakota, Utah, Washington, and Wyoming.[3] When announced, the program was touted as a way to provide long term educational benefits to Medicare providers, while also granting “immunity” from further audit of Medicare claims by both the provider’s MAC and from the Recovery Auditor (RA) contractor assigned to the provider. Is your practice likely to receive an “invitation” to conduct a self-audit of its claims?  Let examine the pilot program in more detail to find out:

II. Why Was Your Practice Invited to Participate in the PSAVE Pilot Program?

While Noridian claims that the PSAVE pilot program is open to almost any Medicare Part B healthcare provider, invitations to participate where not sent out to all of the Medicare participating providers in Jurisdiction F. Instead, data analytics were used to identify providers with abnormal billing or coding practices, based on the audit findings of  Comprehensive Error Rate Testing (CERT) postpayment review data.  Initially focusing on only a limited number of medical specialties, providers with irregular billing patterns  were first chosen by Noridian to “test” the PSAVE pilot self-auditing program. Primarily relying on sophisticated data mining techniques, Noridian has identified certain Part B providers with questionable billing practices and invited them to participate in the PSAVE pilot program.[4]  If your practice was invited to participate in this pilot self-auditing program, this practice is an outlier and will likely be subjected to an audit, whether it chooses to participate in the PSAVE pilot program or not.

III. How Does the PSAVE Pilot Program Work?

At the outset, it is important to keep in mind that if your practice was invited to participate in the PSAVE pilot program, your billing practices have been found to be aberrant by a CERT contractor.  As an outlier, your practice’s Medicare claims for reimbursement have been targeted for audit.

Potential PSAVE pilot program participants were sent (or will be sent as the program expands) a notification letter by Noridian which included a sample listing of claims that the MAC has identified for inclusion in your self-audit.  In addition to the claims listing, Noridian’s letter also specified the specific elements that it expected each provider to review in connection with the claims.  Importantly, Noridian’s notification letter also included an “Appeals Waiver” form that it required participating providers to sign prior to being admitted into the pilot program.

• In exchange for participating in the PSAVE pilot program, Noridian notes that any claims covered by the audit would be immune from subsequent review and audit by the MAC and / or a Recovery Auditor.

• If a provider agreed with the terms of the PSAVE process, the provider was required to return the executed Appeals Waiver form to Noridian and assemble all of the documentation related to the “Education Sample” of claims listed in the MAC’s letter. Importantly, the sample chosen by Noridian was meant to represent a statistically-relevant sample of the provider’s universe of claims previously paid by the Medicare contractor.

• Upon receipt of the signed Appeals Waiver form, a 90-day period for the provider to review the Medicare claims at issue began.

• Prior to conducting the self-audit, Noridian required that each provider participate in a webinar on how the Education Sample of claims was to be reviewed.

• Participating providers then conducted the self-audit. The provider’s findings (and the associated documentation) would then be submitted to Noridian for validation. It is important to note that the validation review may result in additional overpayments identified that may have been missed by the provider when the self-audit was conducted.

• After validating the self-audit findings, Noridian would then determine whether it was appropriate to extrapolate the identified overpayment to the universe OR merely base an overpayment on the sample of claims reviewed. It has our experience that Medicare contractors have the latitude not to extrapolate an overpayment if a provider’s overall error rate is below a certain level (typically less than 10%).

• After extrapolating the overpayment identified, Noridian would then send the provider a letter identifying the overall amount of any extrapolated overpayment that may be owed.

• The provider would then be required to repay the identified overpayment within a timeframe set out in Noridian’s notice letter.

IV. Benefits of Participation in the PSAVE Pilot Program:

Perhaps the greatest benefit of participating in the PSAVE pilot program is the fact that you are in charge and you are directly involved in the claims audit process.  As the audit progresses, you will be aware of any problems that may arise with your claims. In simplified terms, self-audits provide you with a significant degree of control over the process.  Nevertheless, just because you may exercise a significant degree of control over the audit process does not mean that you will be able to control the outcome of the audit. As with other self-audit / self-reporting programs administered by CMS and the Office of Inspector General (OIG), a provider’s voluntary participation in the PSAVE pilot program allows a provider to present its view of the claims in the best possible light while positioning itself as a “Good Corporate Citizen.”

 V. PSAVE Pilot Program Risk Issues:

While proponents of the PSAVE pilot program are quick to point out the educational value of participating in the program, a provider should exercise care before deciding to sigh-onto the program. For example, the Appeals Waiver signed can leave a provider vulnerable at the conclusion of the program, as there is no mechanism of contesting the overpayments that may be identified as owed by Noridian. To make matters worse, the validation review is a blind sample, meaning that the provider will not be fully aware of any potential claims errors until after the validation review has been completed by the MAC.   In some cases, Noridian may be willing to permit a provider to submit additional documentation before the MAC concludes its review of the documentation.  Since the right to file an administrative appeal of any Medicare overpayment has already been waived,  a provider is assuming a significant risk when participating in the PSAVE pilot program.

Additionally, PSAVE pilot program representations extolling the benefits of immunity from subsequent MAC and RAC audits (limited to the specific claims or extrapolated claims set  covered by the PSAVE audit) is somewhat misleading. The promised immunity from audit does not apply to Unified Program Integrity Contractor (UPIC) / Zone Program Integrity Contactor (ZPIC) audits, which are far more likely than MAC or RA audits for Medicare Part B providers. Moreover, neither CMS nor its contractors (such as Noridian) have the authority to waive liability on behalf of the OIG or the U.S. Department of Justice (DOJ).

VI. Risks Encountered When Opting-Out of the PSAVE Pilot Program:

Should you decide to decline Noridian’s invitation to participate in the PSAVE pilot program, you need to keep in mind that the likelihood of being subjected to a compulsory audit by Noridian, the UPIC / ZPIC or even OIG is quite high.  Your practice’s billing practices have already been identified as problematic.  If targeted in a future non-PSAVE audit, you will lose the ability to conduct a self-audit and any identified overpayment may still be subjected to extrapolation.  Nevertheless, should such an audit lead to unfavorable results, you will still retain the ability to avail yourself of Medicare’s administrative appeal process.  As we have found when appealing an alleged overpayment on behalf of a Part B provider, the ability of a Medicare contractor to correctly conduct a statistical extrapolation of an identified overpayment varies widely from contractor to contractor.  When challenging an overpayment that has been assessed, we regularly challenge the statistical methodology and numerous other errors made by the contractor when it calculated extrapolated damages estimates based on the sample of claims reviewed 

VII.  Conclusion: 

How should you proceed? If your practice is invited to participate in the PSAVE pilot program, you need to carefully consider the risks of choosing to participate in the initiative.  The PSAVE pilot program is merely one of the most recent efforts by CMS to educate providers on their medical necessity, documentation, coding and billing obligations. Although the PSAVE pilot program may advance the agency’s overall goal of reducing Medicare waste, fraud and abuse, there are other more effective, less invasive ways for your practice to integrate and encourage a culture of compliance in your organization.

Adherence to the requirements set out in a well-designed Compliance Program is perhaps a Part B provider’s best approach that can speed up and optimize the proper payment of claims, minimize billing mistakes, and reduce the chances that an audit will be deemed necessary by CMS or one of its program integrity contractors.  The “sampling” of one’s claims on a periodic basis to ensure that the services being billed to the Medicare program qualify for coverage and payment would squarely fall within the “Auditing and Monitoring”  element identified by OIG as one of the seven elements of a provider’s effective Compliance Program.  A “GAP Analysis” of your practice will make it easier to identify any weaknesses in the provision, documentation and submission of your claims for reimbursement by the Medicare program.  If you identify an error when reviewing your claims processes, promptly taking remedial action can often minimize the size and scope of any overpayment that is identified.  The prompt repayment of any overpayments you may have received can also prevent Federal and State auditors from disrupting your practice and conducting their own assessment of your Medicare claims.  Additional risk areas to be considered when reviewing your claims include, but are not limited to:

  • What was the source of the referral for services provided by you or another member of your practice?
  • Do you or another member of your practice provide something of value in exchange for referrals?
  • Do you provide any gifts to patients?
  • Are your employees, agents and / or contractors been screened against all Federal and State lists of excluded parties?
  • Has the proper level of supervision been exercised in connection with each of the claims billed to Medicare?

Robert W. LilesRobert W. Liles Healthcare Attorney, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Robert represents health care providers and suppliers around the country in connection with Medicare audits by UPICs, ZPICs, MACs, SMRCs and other CMS program integrity contractors.  Our firm also represents healthcare providers in connection with Medicare revocation, suspension and exclusion actions. For a free consultation, please call Robert at:  1 (800) 475-1906


[1] https://www.census.gov/library/stories/2018/03/graying-america.html

[2] https://www.hhs.gov/sites/default/files/dab/medicare-appeals-backlog.pdf

[3] https://www.cms.gov/Medicare/Medicare-Contracting/Medicare-Administrative-Contractors/Who-are-the-MACs-A-B-MAC-Jurisdiction-F-JF.html

[4] https://www.csmonitor.com/USA/Society/2017/0530/How-data-crunching-is-cutting-down-on-massive-health-care-fraud

HIPAA Security Risk Assessments are Essential

Download PDF

HIPAA Security Risk Assessment(September 29, 2014) In the last article, we discussed the importance of conducting HIPAA security risk assessments, as part of your obligations under the HIPAA Security rules. The importance of promptly conducting a risk analysis if it has not yet done cannot be overestimated, as the HHS Office for Civil Rights (OCR) has now announced that they intend to begin the next phase of audits in October 2014. When Covered Entity receives a data request letter from OCR, it will have only two weeks to respond, which will not be enough time to conduct a risk analysis at that point.

In this article we’ll discuss eight elements or considerations that OCR states must be addressed in a risk analysis.

I.  Scope of the Analysis:

In conducting a risk assessment, a health care provider must consider all of the potential risks to electronic protected health information (e-PHI). Covered Entities must consider how all e-PHI in their practice is created, used, stored, and transmitted. Thus, Covered Entities need to consider how they create, receive, access, and transmit e-PHI. This includes removable storage media such as floppy disks, CDs, flash or thumb drives, and smart phones. Covered Entities must also think about telephone calls, emails, faxes, and computer transmissions. Consider how many employees or personnel can access the data and whether those individuals are all on-site or if any are off-site.

II.  Document How Data is Collected, Stored, Maintained and Transmitted:

Covered Entities must identify and document where e-PHI is gathered, received, stored, maintained or transmitted. This can be done through interviews with staff members, a physical walk through of the office or practice location(s), or reviewing documentation.

III.  Identify and Document Potential Risks, Threats and Vulnerabilities:

Covered Entities must document the reasonably anticipated threats to e-PHI. Consider physical, environmental, natural, human and technological threats or risks. Environmental or natural threats should include natural disasters such as tornadoes, floods or earthquakes. Human threats are likely to be some of the greatest concern. These include current employees and contractors, ex-employees and contractors, visitors, and criminals such as thieves and hackers. Technological threats will include any known system vulnerabilities in the billing system or EMR/EHR, for example. Healthcare providers should contact the vendors of these systems to ask about any known vulnerabilities.

IV.  Identify and Evaluate Current Security Measures:

Covered Entities must document what security measures are already in place to guard e-PHI and whether those measures are installed, configured and used correctly. The level and extent of security measures will vary by the type and size of provider. As an example, list any anti-virus or firewall programs. Don’t forget to document physical security measures, such as security and alarm systems.

V.  Determine the Likelihood of the Occurrence of the Threats:

This element requires Covered Entities to consider the probability that the threats listed in step # 3 will occur. This can be done with a quantitative method (such as the percentage probability that a threat will occur) or a qualitative one (such as high, medium, low). A high probability of occurrence means that a threat is “reasonably anticipated” and thus will require a mitigation or protection against the threat occurring. For example, a healthcare provider may determine that there is a high probability of a break-in into the office or clinic. Thus, a mitigation such as an alarm or security system would be an example of a security measure that could be implemented pursuant to step # 4.

VI.  Determine the Potential Impact if a Threat Occurs:

Covered Entities must evaluate the impact that might result from a threat occurring. Again, this can be done using a quantitative or qualitative method. For example, a potential impact of a breach of a Covered Entity’s billing system might be loss of cash flow or cost to replace stolen computer equipment. This might be a high or severe impact. Another example could be unauthorized access to e-PHI by patients or visitors. This impact might be low or medium.

VII.  Determine the Level of Risk:

This step is accomplished by utilizing the data from steps 5 and 6. A very common method of documenting the level of risk is using a HIPAA risk assessment matrix (such as a 3 x 3 matrix) or “heat map”. Those threats or vulnerabilities with higher levels of risk are ones that a Covered Entity should focus on addressing or correcting sooner than those with lower levels of risk.

VIII.  Identify HIPAA Security Risk Assessment Measures and Document the Risk Analysis:

Once the Covered Entity has identified risks and assigned risk levels, it must identify tasks, actions or security measures to address those risks. In identifying security measures, the Covered Entity should consider factors such as effectiveness, requirements of the Covered Entity’ policies and procedures and other legislative or regulatory requirements (for example, state laws). If a Covered Entity identifies a security measure but decides not to implement it, the risk analysis should document why (for example, technologically not feasible, lack of knowledge or equipment, cost prohibitive, etc.)

The Security Rule also requires Covered Entities to document the risk analysis, but does not specify or require any particular format. Thus, the risk analysis can be documented via a report that lists elements # 1 through 7, summarizes the analysis, notes the results of each step, and identifies the security measures.

Two final very important comments. First, the Risk Analysis is NOT the process of implementing measures to address the risks identified. That is the risk management process under HIPAA, which is considered a separate activity. Second, the Risk Analysis is not a “do it once and forget about it” process. The Risk Analysis must be periodically revisited and reviewed to determine if the threats, vulnerabilities, impacts and potential security measures remain the same. A Covered Entity may bring new systems online, may open or close locations, or have major changes in personnel. The re-evaluation of a Covered Entity’s Risk Analysis ideally should occur on an annual basis. A very old and outdated Risk Analysis is basically equivalent to not having a Risk Analysis at all.

Heidi Kocher Healthcare AttorneyHeidi Kocher serves as Counsel for Liles Parker and represents health care providers and suppliers in the Dallas / Fort Worth metropolitan area.  Heidi is an experienced health lawyer and is skilled in assisting clients with transactional projects, compliance issues and in fraud and abuse counseling.  Should you have any questions regarding the HIPAA security risk assessment process, please give Heidi a call.  For a free consultation, call Heidi at: 1 (800) 475-1906.

Medicare Revocation Action: Steps for Avoiding and Appealing

Download PDF

A Medicare Revocation Action Can Financially Ruin a Practice(September 16, 2014): Consider the following scenario. You own a durable medical equipment (DME) company that you run out of a leased location in a local office building. Your customers are a mix of privately insured and Medicare/Medicaid beneficiaries. You’ve been in business for about 10 years, but money is tight and you need to reduce expenses. You decide to move your business to your home for the time being. You make all the arrangements to move, and prepare a CMS-Form 855S informing the National Supplier Clearinghouse (NSC) that you are relocating in 10 days. No one helps you fill out the form, no one reviews it for you, and no one goes with you when you take the signed CMS-Form 855S to the local post office in a manila envelope that you have hand addressed to the NSC. Because it’s only a few dollars, you pay for first-class postage for the envelope with the $5 bill you had in your pocket, hand the envelope to the postal clerk and leave.

Fast-forward six weeks…you receive an envelope from the NSC that is forwarded to you from your old business address. The letter inside informs you that Medicare revocation action has been initiated.  Your Medicare DME supplier number is being revoked because a site inspector visited your old address 5 days after you relocated and found the location empty. You frantically call the NSC and ask why you’ve received this letter. They confirm what the letter says. You ask the representative to confirm what the NSC has on file as your location, and the customer service representative reads back your old address. You ask if the NSC has any record of receiving the CMS-Form 855S you sent 10 days before you moved and the representative says it does not.  Cue full on panic…

I.  Appealing a Medicare Revocation Action:

What are your options at this point? The Medicare revocation notice letter says you have the right to seek reconsideration of the termination of your participation. Surely you can send a letter to the appeal address explaining what happened and they’ll stop the termination? Surely they’ll believe you when you say you sent the CMS-Form 855S notifying the NSC of your address change well before it was due (which was within 30 days after you moved since you are a DME provider), and they’ll let you resend it? Surely the NSC will be reasonable?  Sadly, that’s not how Medicare’s rules work. You have to appeal, and you have to do it quickly…within 60 days, or you’ll lose your right to do so. There are two steps to consider at this point…one is optional, and one is mandatory if you want to maintain your appeal rights.

II.  Corrective Action Plans to Address a Medicare Revocation Action:

First, consider filing a corrective action plan (CAP). Federal regulations give most providers the opportunity to do so within 30 days of receiving notice of Medicare revocation. It’s optional, but can sometimes result in a reversal of a termination much quicker than a request for reconsideration. Be forewarned, however, that filing a CAP is NOT the same as filing a request for reconsideration and WON’T preserve your appeal rights.

III. Challenging a Medicare Revocation Action — Reconsideration Requests.

Second, to maintain your appeal rights, you must file an official request for reconsideration within 60 days of receiving a revocation notice letter. Many of our clients elect to file a CAP, and if they don’t receive a decision before the 60 day reconsideration deadline, file the reconsideration also. The good news is that, when we prepare a CAP, it can serve as the foundation for the reconsideration request so that any duplication of effort is minimized.

IV.  Things to Know about CAPs and Reconsideration Requests.

First, a few notes on CAPs. They really aren’t what they sound like in the context of a Medicare revocation appeal. You can’t use a CAP to fix a problem that existed on the effective date of termination. For example, if you moved and didn’t file the necessary CMS Form-855 to tell the Medicare program on time, and were then terminated because a site inspector visited your old location and found you weren’t in business, you can’t use the CAP to fix the fact that you didn’t send the necessary forms on time. CAPs are most effective when a site inspector obviously made a mistake when they visited a location of record, or you can prove with objective evidence that you submitted required paperwork on time.

Let me illustrate…consider a home health agency client that received a revocation letter after a site inspector visited what they were told was the agency’s current practice location. The agency had concrete proof in the form of correspondence from the Medicare contractor that the contractor’s provider enrollment department had its correct address, but for some reason, the database used by the site inspector did not. The agency submitted a CAP that explained the apparent mismatch between the agency’s CMS provider enrollment record and the site inspector’s records and successfully reversed the revocation without ever having to file a request for reconsideration.  Another example might also be useful here. Many providers that receive revocation notices tell us they submitted necessary CMS-Form 855 updates on time, but they can’t provide any proof of delivery to the Medicare enrollment contractor such as Federal Express, UPS or USPS Priority Mail or Certified Mail tracking information. CMS and the provider community have long disagreed about exactly what a provider must do to satisfy its “duty to report” changes to its provider enrollment record. The relevant regulation applicable to our DME provider case described above is found at 42 CFR §424.57(c)(2); that regulation states in part that “. . . [t]he supplier must provide complete and accurate information in response to questions on its application for billing privileges. The supplier must report to CMS any changes in information supplied on the application within 30 days of the change.” (Emphasis added.)

A similar “duty to report” changes in enrollment information exists and is applicable to other providers. Physicians, non-physician practitioners and their organizations are required to report changes of ownership, adverse legal actions and changes in practice location within 30 days, and all other changes to information on their enrollment forms within 90 days. See 42 C.F.R. § 424.516(d). All other providers must report a change of ownership or control, a change of authorized or delegated official, or the revocation or suspension of a Federal or State license or certification within 30 days, and all other changes, including a change in practice location within 90 days. See id. at § 424.516(e).So the question remains…is proof of mailing to the correct Medicare enrollment contractor address enough to meet a provider’s or supplier’s duty to report under the above regulations, or do you also have to prove delivery? Is testimony that something was mailed enough to convince a hearing officer or administrative law judge that the duty to report was met, or must the provider have objective proof of delivery also? The regulations and the accompanying federal register notices promulgating them are silent on what “report” actually means. See, e.g., Potomac Medical Equipment, Inc. v. Centers for Medicare & Medicaid Services, DAB Decision CR3268, p. 8-9 (June 20, 2014). In spite of provider arguments to the contrary and the fact that the regulation does not require providers to submit enrollment applications via trackable mail, recent CMS Departmental Appeals Board decisions have interpreted the duty to report to require objective evidence that an application was delivered to the NSC. See id. In the Potomac case, the ALJ admitted that CMS regulations “do not required providers and suppliers [to] send documents by certified mail . . . .” Id. at p. 9. In the same sentence, the ALJ then states the following: “. . . however, if they fail to do so, they will be deprived of evidence they need to prove NSC received those documents.” Id. In spite of all arguments to the contrary and the admitted ambiguity in the regulations, the decision makers in Medicare revocation appeal cases seem to have found the duty to report to require objective proof of delivery.Based on the above, we all providers should do the following:

  • Send all initial applications and time-sensitive, required updates to your Medicare provider enrollment contractor using a tracked delivery services.  If you have proof of delivery from one of these services, it is much likelier that we will be able to reverse a revocation with a CAP than if you don’t have this proof.
  • Always make a complete copy of everything you submit, along with the outside of the envelope showing the address information or a copy of the completed shipping label.
  • Don’t wait to the last minute. Send your provider enrollment update forms to the contractor early enough so that if they don’t arrive at the contractor’s location when they should, you’ll have the time to re-send them before your deadline expires.
  • Use the buddy system. Have someone on your staff or even a friend review an application with you before you send it, verify that it is signed and dated, watch you make a copy and put the original application in the mailing envelope, review any shipping invoice or mailing envelope for accuracy, and watch you deliver the finished envelope to the mailing service. We know it sounds over the top, but if called on to testify to what happened, having a buddy with a clear and complete recollection of your actions to submit an application or update will go a long way toward convincing a hearing officer or ALJ that what you say happened actually did.

Also, providers should be aware of the evidentiary rules for reconsideration requests and the next level of appeal. A provider can send almost anything along with a written request for reconsideration…documents, photos, witness affidavits, etc. The reconsideration process is intended to allow the provider to make their case to the reconsideration hearing officer in whatever fashion they’d like. Be aware, however, that the rules are entirely different if a provider loses at reconsideration and moves on to the next appeal level.

If a provider loses at reconsideration, they have the option to appeal the decision to an Administrative Law Judge (ALJ) with the Department of Health & Human Services, Departmental Appeals Board (DAB). DAB appeals have specific procedural and evidentiary regulations, one of which states that a provider will not be permitted to submit new documentary evidence at the DAB level of appeal absent a showing of good cause. See 42 C.F.R. § 498.56(e). What this rule means is that a provider can submit all the testimony they like with a DAB appeal, but they generally won’t be permitted to submit any new documents that they didn’t submit at reconsideration. For this reason, it is very important that providers carefully and thoroughly collect and submit all the documents that they think are relevant to their case with their reconsideration request. Assistance for experienced legal counsel with identifying those documents that might be helpful and developing legal arguments that may help your reconsideration request be successful can be invaluable at this stage. Having handled a number of both reconsideration requests and DAB appeals, our Firm is well-equipped to assist providers with identifying critical documents and other evidence and developing effective legal arguments to submit with a reconsideration request.

V.   Revocation and Reimbursement.

When a provider receives a revocation letter, the effective date of revocation may be a few days or weeks later, or may even pre-date it.  Providers need to understand that they won’t receive payment for any services provided to Medicare beneficiaries after the revocation effective date unless they are successful in an appeal.  This can mean a 60 day disruption in payment, a 4 month disruption, a 12 month disruption or a two or three year period where the provider can’t participate in the Medicare program. That can be very challenging to downright impossible for some providers to survive.

When considering your appeal options, keep in mind that CAPs typically are processed in 30 to 60 days after they are submitted. Reconsideration appeal decisions similarly take somewhere between 30 to 60 days after all documents are submitted to the hearing officer by the provider. Finally, DAB appeals typically take 180 days from the date of filing to receive a decision. If a provider were to pursue an appeal all the way through the DAB stage, it is not uncommon for the entire multi-level appeal process to take a year. If successful, the provider’s billing rights are typically reinstated back to the date of revocation.  Be aware, however, that the reinstatement process can often take a month or more.

If a provider chooses not to appeal, they will ordinarily be subjected to a re-enrollment bar of between 1 and 3 years, depending on the reason or reasons for the Medicare revocation action. It is important to take these time frames and the nature of a provider’s business, payor mix, overhead costs, reserves, chances of success and other factors into consideration when deciding whether a CAP, a reconsideration, and if necessary, a DAB appeal makes sense. Because we have handled a number of these cases, Liles Parker can help you weigh your options and make the best decision for your business.

VI.  We Can Help.

The attorneys at Liles Parker have extensive experience handling Medicare revocation appeals at all levels.  If you have received a revocation notice and want help, please contact us. Our goal is to help our clients have the best possible chance of success in any appeal.

Jennifer Papapanagiotou Healthcare AttorneyJennifer Papapanagiotou is a Partner at Liles Parker.  Jennifer has extensive experience representing health care providers and suppliers around the country in Medicare revocation matters and cases.  Should you have any questions regarding these complex issues, please give her a call.  For a free initial consultation, please call Jennifer at:  1(800) 475-1906.

Responding to a Texas Medical Board Complaint

Download PDF

Texas Medical Board complaints are filed against physicians every day.(July 7, 2014): The Texas Medical Board (Board) investigates complaints against physicians, physician assistants, acupuncturists and surgical assistants. A Texas Medical Board complaint can be filed by a patient, a patient’s family or a health care provider. On the average, the Board receives and evaluates over 7,000 complaints each year. The kinds of violations the Texas Medical Board finds from these complaints include inappropriate prescribing, incorrect diagnosis, and medical errors that may have resulted in patient injury.


I.  Is There Jurisdiction Over a Specific Texas Medical Board Complaint?

A Texas Medical Board investigation starts when the Board receives a complaint. After a complaint is received, staff analysts first determine whether the complaint is “jurisdictional,” (whether or not the Board has jurisdiction over the complaint). The Texas Medical Board has jurisdiction over anyone with a Board-issued physician’s license and violations which fall under the Medical Practice Act. Complaints that are non-jurisdictional may be referred to another agency.

II.  Informal Settlement Conference:

If the Texas Medical Board has jurisdiction, an investigation of the complaint begins to see if there is evidence sufficient to support a violation of the Medical Practice Act or the Board’s rules. At this point, the Board generally requests records and information from the physician and checks to see if there are any past complaints against him. A physician should consult with an attorney prior to responding to a notification of a complaint against him and should not respond to a request for records until obtaining legal advice.

If the Board finds there is sufficient evidence of a violation, the case goes to Board’s litigation section for an Informal Settlement Conference (ISC). The ISC process gives the physician an opportunity to respond to the complaint and show that his actions were proper. Prior to the actual conference, the physician is given notice of the allegations and the supporting facts. He may be asked to respond to written questions and is given the opportunity to submit information and evidence to the Board panel for consideration. He will also have the choice to either have the ISC determined solely by way of written information or by making a personal appearance before the Board panel. It is critical that the physician only responds after seeking legal counsel. An attorney may make the request that the conference be determined by written information and can manage further correspondence.

At the conclusion of the ISC, the panel either recommends dismissal of the complaint or finds that a violation occurred. If a violation is found, the panel recommends punishment and/or remedial action. The physician can accept the Texas Medical Board’s findings and proposed actions or request the Board to file a complaint with the State Office of Administrative Hearings.

VII.     Final Remarks:

A Texas Medical Board investigation is a very serious matter that should be dealt with immediately upon notice. If a violation is found, the subject of the complaint faces risks including loss of his license. The process generally takes a long time, and knowing which documents to produce may be challenging. It is highly recommended that an attorney be retained to help. In addition to the investigation and gathering of evidence, counsel can advise the subject of the risks and benefits of a personal appearance ISC as opposed to an ISC based on written submission. This is one of those matters where absence of counsel has an adverse impact on the sanctions imposed in the event of a violation.

Healthcare Attorney

Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Our Firm’s attorneys represent health care providers around the country in connection with both regulatory and transactional legal projects. For a free consultation, call Robert at: 1 (800) 475-1906.

Medicare Lifts Ban on Coverage for Sex Reassignment Surgery

Download PDF

(July 1, 2014):  On Monday, June 2, the Obama administration lifted its 33 year ban on Medicare coverage for Sex Reassignment Surgery (SRS). The decision is being hailed as a major victory for transgender rights. However, the decision does not necessarily mean that Medicare will pay for these operations – only that it could do so.

I.  Medicare Originally Considered Sex Reassignment Surgery to be “Experimental” and Therefore Not Covered:

In 1989, the Department of Health and Human Services (HHS) issued a blanket Medicare ban when it determined that SRS was an “experimental” surgery. This guidance was outlined under HHS’s National Coverage Determination[1] (NCD) titled “140.3, Transsexual Surgery.” Specifically,

Transsexual surgery for sex reassignment of transsexuals is controversial. Because of the lack of well controlled, long term studies of the safety and effectiveness of the surgical procedures and attendant therapies for transsexualism, the treatment is considered experimental. Moreover, there is a high rate of serious complications for these surgical procedures. For these reasons, transsexual surgery is not covered. 

The NCD language was based on a 1981 report from the National Center for Health Care Technology (NCHCT) of the HHS Public Health Service (PHS). The NCHCT forwarded its report to the officials of the Health Care Financing Administration (HCFA), now the Centers for Medicare & Medicaid Services (CMS), recommending “that transsexual surgery not be covered by Medicare at this time.”

II.  Challenging an NCD:

The Department Appeals Board (Board) may review any NCD “[u]pon the filing of a complaint by an aggrieved party.”[2] The aggrieved party must submit a statement “explaining why the NCD record is not complete, or not adequate to support the validity of the NCD under the reasonableness standard” and CMS may submit a response defending the NCD.[3]

The NCD record “consists of any document or material that CMS considered during the development of the NCD” including “medical evidence considered on or before the date the NCD was issued…”[4] The Board then “applies the reasonableness standard to determine whether the NCD record is complete and adequate to support the validity of the NCD.”[5]

If the Board determines that the record is complete and adequate to support the validity of the NCD, the Board will issue “a decision finding the record complete and adequate to support the validity of the NCD…”[6] The review process will then conclude. However, if the Board determines that the record is not complete and adequate to support the validity of the NCD, it will permit “discovery and the taking of evidence” and evaluate the NCD under applicable provisions[7], including conducting a hearing.[8] During an NCD review, the aggrieved party bears the burden of proof and the burden of persuasion for the issues raised in an NCD complaint, and the burden of persuasion is judged by a preponderance of the evidence.[9]

III.  NCD Complaint Filed to Overturn the Exclusion:

The aggrieved party included a 74-year old transgender woman and army veteran from Albuquerque, New Mexico. She filed her initial NCD complaint in March 2013. The following month, the Board notified CMS of this filing and then CMS submitted the NCD record[10] in May 2013. In June 2013, the aggrieved party submitted in a statement as to why the NCD record was not complete or adequate to support the validity of the NCD under the reasonableness standard.

The complaint contended that the bases for the NCD neither “reflect [n]or are supportable by the current state of medical science,” and that the NCD “is not reasonable in light of the current state of scientific and clinical evidence and current medical standards of care.” The complaint asserted that “in the intervening 32 years since PHS/NCHCT studied the issue” of coverage:

(a) dozens of new studies have been conducted that address the methodological limitations of earlier studies and confirm that sex reassignment surgery is a safe and extremely effective treatment for persons with severe gender dysphoria; (b) advancements in surgical techniques have dramatically reduced the risk of complications from sex reassignment surgery and the rates of serious complications from such surgeries are low, and (c) a robust medical consensus has developed among mainstream medical organizations which endorses the treatment standards established by the WPATH [World Professional Association for Transgender Health] Standards of Care [for the Health of Transsexual, Transgender, and Gender-Nonconforming People, Version 7, 13, Int’l J. Transgenderism 1 65 (2011)] and recognizes that sex reassignment surgery is a medically necessary treatment for persons with severe gender dysphoria.

The complaint was supported by the testimony of two expert witnesses – a clinical psychologist and a physician certified by the American Board of Obstetrics and Gynecology – as well as copies of two letters from two other physicians to an ALJ in the HHS Office of Medicare Hearings and Appeals. All of these health care professionals had substantial experience in treating persons with gender identity disorder (GID). In the case of the three physicians, this experience included years of performing some of the procedures involved in SRS. In addition, the clinical psychologist submitted copies of 32 journal publications and other writings cited in her two declarations.

Notably, CMS did not submit a response to these submissions. One could conclude that the agency had no reason to question the aggrieved party’s expert testimony or the experts’ descriptions of the medical and scientific literature submitted by the aggrieved party.

IV.  HHS Acknowledges that Sex Reassignment Surgery is Not Experimental:

HHS reviewed the complaint and made several conclusions. It determined that the record on which the safety concerns in the NCD were based was not complete and adequate. According to HHS, this appeared to stem, in part, from the substantial passage of time since publication of the sources on which the NCHCT relied in recommending that transsexual surgery be excluded. For example, surgical outcomes are far superior now than they were in at the time the NCD was published.

HHS also concluded that the declarations and supporting materials made the record on which the NCD was based was not complete or adequate to support the NCD’s determination that transsexual surgery has not been shown to be effective (i.e., that the surgery is experimental). Seemingly, the medical community today has reached consensus that transsexual or gender reassignment surgery is an effective treatment for persons with a sufficiently severe degree of gender identity disorder (GID) or gender dysphoria, the most common diagnoses for SRS.

HHS also noted that “long-term” follow-up studies published from 2002 to 2010 found that SRS was effective and had low complication rates based on assessing transsexual persons. Moreover, the complaint also cited decisions by US courts of appeals in seven circuits recognizing that GID or gender dysphoria was a serious medical condition.[11]

Based on this evidence, HHS concluded that the NCD record was not complete and adequate to support the validity of NCD 140.3, “Transsexual Surgery.” Therefore, HHS would now proceed to discovery and the taking of evidence.

V.  HHS’s Decision Meant that Sex Reassignment Surgery Could Be Covered Under Medicare:

HHS’ ruling here does not address the ultimate question of whether the NCD, as written, is valid under the reasonableness standard in the statute and regulations. The June 2, 2014 decision merely acknowledges that the procedures are not experimental and could be covered under the Medicare program.

What are some of the implications, at least thus far, of the HHS ruling? For one, Medicare may end up considering surgery as a medically necessary treatment for a diagnosis classified as a mental disorder. As noted above, gender dysphoria is the most common diagnosis given for SRS. Interestingly, it is listed as code 302.85 “Gender identity disorder in adolescents or adults” in ICD-9 and classified under “Neurotic Disorder, Personality Disorders, And Other Nonpsychotic Mental Disorders”. Its ICD 10 code will be F64.1 (with the same description) and is listed as a “Disorder of Adult Personality and Behavior”. If HHS determines that it will pay for surgeries for gender dysphoria, could this lead to coverage for payment for procedures for other mental conditions like Autism?

VI.  Final Remarks:

Again, the latest move by HHS does not necessarily mean that Medicare will pay for SRS procedures. Nevertheless, the fact that the Agency has removed the restriction on SRS as an “experimental” procedure is still a considerable step. Regardless of any restrictions that Medicare may place on SRS procedures, this could be seen as a substantial updated in CMS’s policies of considering mental health disorders as true diseases that may require surgery and not just counseling services or medication. For those interested, stand by to see if HHS eventually promulgates an actual NDC or coverage policy for SRS.

Health care lawyerRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call  1 (800) 475-1906.

[1] An NCD is “a determination by the Secretary [of HHS] with respect to whether or not a particular item or service is covered nationally under [title XVIII (Medicare)].” Social Security Act (the Act) § 1869(f)(1)(B) (42 U.S.C. § 1395ff(f)(1)(B)). NCDs are issued by CMS, apply nationally, and are binding at all levels of administrative review pf Medicare claims. 42 C.F.R. § 405.1060.

[2] Section 1869(f)(1) of the Act.

[3] 42 C.F.R. § 426.525(a), (b).

[4] 42 C.F.R. § 426.518(a).

[5] 42 C.F.R. § 426.525(c)(1).

[6] 42 C.F.R. § 426.525(c)(2).

[7] of 42 C.F.R. Part 426.

[8] 42 C.F.R. §§ 426.525(c)(3), 426.531(a).

[9] 42 C.F.R. § 426.330.

[10] The NCD record included: a May 6, 1981 NCHCT memorandum recommending “that transsexual surgery not be covered by Medicare at this time”; the 1981 NCHCT report; notes from a May 11, 1982 HCFA Physicians Panel meeting recommending against referring the American Civil Liberties Union (ACLU) submissions to PHS, where the ACLU disagreed with HCFA’s non-coverage policy, “on the basis that it does not contain information about new clinical studies or other medical and scientific evidence sufficiently substantive to justify reopening the previous PHS assessment.”; and a copy of the 1989 Federal Register notice publishing the NCD language (minus four pages) and an undated page from the HCFA coverage issues manual. 54 Fed. Reg. 34,555-612; NCD Record at 11, 76-129.

[11] See, e.g., De’lonta v. Johnson, 708 F.3d 520, 522-23 (4th Cir. 2013) (stating that sex or gender reassignment surgery is an accepted, effective, medically-indicated treatment for GID, and that the surgery is not experimental or cosmetic and that the WPATH Standards of Care “are the generally accepted protocols for the treatment of GID.”).

Texas H.B.300 Imposes a Number of New Medical Privacy Requirements

Download PDF

(June 30, 2014): The federal Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) work in conjunction to safeguard the privacy of patient health information. Concerned that HIPAA and HITECH did not provide enough safeguards for protected health information (PHI), the Texas legislature passed the Texas Medical Records Privacy Act, H.B.300, which went into effect on September 1, 2012. This law contains more stringent regulation than HIPAA and HITECH because it has a more expansive definition of what constitutes a “covered entity.” It also mandates more frequent employee training and increased penalties for violations.

I.  What is a Covered Entity Under Texas Law — H.B. 300:

Generally, HIPAA considers health care plans and health care providers to be “covered entities.” HITECH expanded the definition of a covered entity to include business associates of a health care provider. Under H.B.300, a covered entity is any individual, business, or organization that:

  1. Engages in the practice of assembling, analyzing, using, collecting, evaluating, storing or transmitting PHI;
  2. Comes into possession of PHI;
  3. Obtains or stores PHI; or
  4. Is an employee, agent, or contractor of a person or entity described in numbers 1-3 above if they create, receive, obtain, maintain, use, or transmit PHI.

Additionally under H.B.300, out-of-state companies that use or disclose PHI in Texas are also considered covered entities. This potentially expands covered entity status to law firms, record storage and disposal companies, accounting firms, auditors, and anyone else who comes into contact with PHI.

II.  More Frequent Employee Training Requirement:

Under HIPAA, employee training regarding protection of PHI is only required within a reasonable amount of time after hiring and when there are any material changes in privacy policies. Under the Texas law, each new employee must complete training regarding both federal and state law related to the protection of PHI within 60 days after his hire date, and the training must be repeated at least once every two years.

III.  Electronic Medical Records Requirement:

H.B.300 requires that covered entities provide patients with electronic copies of their electronic health records within 15 business days of the patient’s written request. Under HIPAA, records must be provided within 30 days of a request.

H.B.300 also prohibits the sale of PHI and requires notice to patients regarding the electronic disclosure of PHI.

IV.  Increased Penalties Under H.B.300:

Covered entities that wrongfully disclose a patient’s PHI will face increased civil penalties under H.B.300, in addition to any penalties for violating federal laws. The Texas law allows for penalties ranging from $5,000 to $1.5 million per year. To determine the penalty amount, H.B.300 lists five factors a court may consider: 1) the seriousness of the violation; 2) the entity’s compliance history; 3) the risks of harm to the patient; 4) the amount necessary to deter future violations; and 5) efforts made to correct the violation.

In addition to fines, a licensed Texas individual’s or facility’s violation is subject to investigation and disciplinary proceedings. If there is evidence that the violations of H.B.300 constitute a pattern or practice, the licensing agency the individual or facility operates under may revoke the individual’s or facility’s license.

H.B.300 also increases criminal penalties for identity theft involving PHI. Previously, a person who accessed, read, scanned, stored, or transferred PHI without the consent of an authorized user was subject to a Class B misdemeanor. Now a person committing this same act to access PHI will be subject to a state jail felony.

V.   Final Remarks:

Texas covered entities should take immediate steps to ensure compliance with both federal and state privacy requirements. They can do so by providing customized employee training on state and federal privacy and security requirements and reviewing and updating policies to incorporate the Texas statutory requirements.

Health care LawyerRobert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. The firm also represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  For a free consultation, call Robert at: 1 (800) 475-1906.

Next Page »