Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

Home Health Agency Alert: The Review Choice Demonstration Project is Moving Forward in Illinois Effective June 1, 2019

April 9, 2019 by  
Filed under Home Health & Hospice

Review Choice Demonstration Project in Illinois(April 9, 2019): This article updates our article of February 19 on the lifting by the Centers for Medicare and Medicaid Services (“CMS”) of the moratorium on the enrollment of new home health agencies in Florida, Illinois, Michigan and Texas, and the announcement by CMS of the implementation of a new five year “Review Choice Demonstration Project” in three of those four states (Florida, Illinois, and Texas) as well as Ohio and North Carolina (with a possible extension to other states within the Palmetto/JM jurisdiction).

At the time of that article, CMS had announced that the project would begin in Illinois, with implementation in the other four states in the near future thereafter.  However, CMS had not specified a “start date” for Illinois because it was awaiting approval by the Office of Management and Budget (“OMB”) at that time.  CMS has now received that approval and has announced implementation in Illinois to begin on June 1, 2019.  All episodes of care beginning on or after that date during the period of the demonstration will be subject to the requirements of the project.

I.  Background of the Review Choice Demonstration Project:

As background, under the Review Choice Demonstration Project, home health agencies in the affected states will initially select from three options to have their claims reviewed:

  • Pre-claim review
  • Post-payment review, or
  • Minimal post-payment review with a 25% reduction.

After each six-month period, agencies with a 90% affirmation or approval rate under one of the first two options, above, will also be able to choose between two additional options.  Each of these options is described in our February 19 article.

II.  Illinois Home Health Agencies are Under the Microscope:

Home health agencies located in Illinois must choose and register for one of the three options, above, between the dates of April 17 and May 16 on a portal established by Palmetto GBA.  Any agency that fails to make a choice during that period will be assigned to the third option and will not be able to change that option during the entire five-year period, and thus will receive a 25% payment reduction during this entire time.

As discussed in our February 19 article, the Review Choice Demonstration is an outgrowth of the Pre-claim Review Demonstration for Home Health Services that had been initially implemented in Illinois and then “paused” and never “restarted.”  However, Illinois agencies that had met the 90% full provisional affirmation rate under that project (based on a minimal 10 request submission between August 2016 and March 2017) will be permitted to begin the Review Choice Demonstration by selecting from any of the options including the additional ones available to agencies with a 90% affirmation or approval rate during a 6-month period.

CMS has established links to both the Palmetto GBA portal described, above, and to an operational guide and Special Open Door Forum Presentation that describes the program at

III.  Is Your Home Health Agency Ready for an Audit?

Our earlier article goes into greater depth in describing the various options.  That article also emphasizes the critical nature of the choice that each agency makes in selecting an option.

Each of the options presents a separate set of risks and benefits as opposed to the others – the one exception being that the third option of a 25% payment denial does not appear to be a viable one for any agency.  Our earlier article also sets out several examples of these risks.  We thus recommend that every agency take the necessary time to consult with knowledgeable individuals, both internal and external, in making this selection during each 6-month period.

Additionally, as stated in that article, we cannot recommend strongly enough that agencies in the affected states have procedures in place to properly document coverage for all the cases that they handle, and also a process to prepare and move documentation through the system quickly and comprehensively.  They also should be updating their compliance and quality assurance programs to respond to these changes.

Liles Parker attorneys have substantial experience working with home health agencies in preparing them for the audit process which is similar to the processes that they will need to follow in responding to the Review Choice Demonstration Project, and in identifying the risks of choosing one option in relation to the others.  A number of our attorneys are also certified coders who have substantial experience in developing a format to justify coverage.  Finally, we have substantial experience working with agencies in developing and updating their compliance plans.

Healthcare LawyerAny person wishing a free consultation in the area should contact Michael Cook, the author and Co-chair of our Health Care Group. Michael can be reached at (202) 298-8750 or

The Physician Payment Sunshine Act is Here — Are you Ready for Full Disclosure?

The Physician Payment Sunshine Act is here!

(September 9, 2013):  Effective August 1, 2013, the Physician Payment Sunshine Act requires that health care providers participating in federal healthcare programs  report certain payments and other forms of remuneration to the Centers of Medicare and Medicaid Services (CMS).

These reports must specify payments and items of value received from manufacturers of drugs, medical devices, and biologicals covered by the federal healthcare programs. Perhaps most importantly, by September 30, 2014, these disclosures will be made publicly available over the Internet.  In light of these events, it is essential that health care providers fully understand both the purpose and the ultimate impact of the Sunshine Act.

I.  Background of the Physician Payment Sunshine Act:

The Medicare Payment Advisory Commission (MedPAC) is an independent Congressional agency established by the Balanced Budget Act of 1997[1].  Its purpose is to advise the United States Congress on issues affecting the federal Medicare program.  In this capacity, it advises Congress on payments to private health plans that participate in Medicare and provide care under Medicare’s traditional fee-for service program.  MedPac also analyzes access to care, quality of care, and other issues that may arise affecting the federal healthcare program.

In 2009, MedPAC recommended that Congress enact a new regulatory program to make financial reporting and documentation more widely available to the public.  That same year, the Institute of Medicine (IOM), an independent, non-profit non-governmental organization that provides national advice on issues including health care and medicine, also suggested implementing a national disclosure program for payments to health care providers and prescribers.

Given these recommendations, as well as other strong sources of information on conflicts of interest that could potentially affect treatment decisions, Congress proceeded with legislation establishing a national disclosure program and provided the implementing requirements along with it.  Introduced independently, the legislation ultimately failed.  Nevertheless, the Physician Payment Sunshine Act eventually was enacted as Section 6002 of the Patient Protection and Affordable Care Act.[2]  To the healthcare industry, this piece of legislation is otherwise known as “the Physician Payment Sunshine Act” or “OPEN PAYMENTS.”

II.  Purposes of the Physician Payment Sunshine Act:

The Sunshine Act will help shine light on the financial dealings of medical manufacturers and create a more transparent environment with regards to information between healthcare providers and outside interests.  Specifically, the Act will require manufacturers of drugs, medical devices, biological, and medical supplies covered by Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP) to report to CMS payments or other transfers of value they make to physicians and teaching hospitals.

CMS recognizes that relationships among physicians, teaching hospitals, and healthcare manufacturers can contribute to the design and delivery of life-saving drugs and devices. However, payments from manufacturers to physicians and teaching hospitals can also lead to conflicts of interests.  And while financial ties alone do not reflect inappropriate relationships among these entities, CMS strongly believes that the new law is necessary to prevent potential problems.  Thus, the purpose of the Sunshine Act is to:

  • Encourage transparency of reporting financial ties;
  • Reveal the nature and extent of relationships;
  • Prevent inappropriate influence on research, education, and clinical decision-making;
  • Avoid conflicts of interest that can compromise clinical integrity and patient care; and
  • Minimize risk of increased health care costs.

The Sunshine Act will achieve these objectives through three main provisions:

  • First, applicable manufacturers of covered drugs, medical devices, biological products, and medical supplies must report payments and transfers of value to physicians and teaching hospitals to CMS.     
  • Second, applicable manufacturers and group purchasing organizations (GPOs) must report to CMS certain ownership information and investment interests held by physicians and their immediate family members. 
  • Third, applicable GPOs must report to CMS payments or other transfers of value made to physician owners or investors if they held ownership or an investment interest at any point during the reporting year.

CMS will then collect this data annually, aggregate it, and publish it on a public website.  To ensure data accuracy – and to protect their interests – physicians will have a minimum of 45 days to review their reports and challenge any information before it becomes public.  Physicians will also be able to challenge any report that may be false, inaccurate, or misleading.

Overall, the goal is to increase patient safety.  “You should know when your doctor has a financial relationship with the companies that manufacture or supply the medicines or medical devices you may need,” said Peter Budetti, M.D. CMS deputy administrator for Program Integrity. “Disclosure of these relationships allows patients to have more informed discussions with their doctors.”  The OPEN PAYMENTS program will act as a national resource for healthcare beneficiaries, consumers, and providers to know more about the relationships among physicians, teaching hospitals, and industry.

III.  Important Dates of the Physician Payment Sunshine Act:

As many organizations encounter problems with the technology and implementation of several complex aspects of the Sunshine Act, it is important to keep in mind several key dates associated with the law:

  • August 1, 2013: The Sunshine Act and its data collection obligations take effect.
  • January 2014: CMS will launch an online portal for physicians to sign-up to receive notice when their financial disclosures will be available for review and correction.
  • By March 31, 2014:  Applicable manufacturers and GPOs making payments or transfers of value to physicians and/or teaching hospitals must report to CMS the required data components that they have collected for August through December 2013.
  • Between June and August 2014: CMS will provide physicians access to their consolidated financial disclosures for the prior calendar year.
  • By September 30, 2014:   CMS will make most of the data provided by physicians’ reports available to the general public online.

IV.  Who Must Report:

Those applicable manufacturers and GPOs covered under the Act must register with CMS during the registration period each year.  Furthermore, the law mandates that applicable manufacturers of at least one covered drug, device, biological, or medical supply must report all payments or other transfers of value provided to covered recipients.  This reporting requirement must be made regardless of whether any particular payment or other transfer of value was actually made in relation to a covered drug, device, biological, or medical supply. CMS has defined “applicable manufacturers” to include those that:

  • Operate in the United States (meaning that they have a physical location within the U.S. or otherwise conduct activities in the U.S., either directly or through a legally-authorized agent); AND either
  • Produce, prepare, propagate, compound, or converse of at least one covered drug, device, biological, or medical supply; OR
  • Operate under common ownership with an applicable manufacturer and provide assistance or support to the applicable manufacturer in the manufacturing, marketing, promotion, sale, or distribution of a covered drug, device, biological, or medical supply

“Covered recipients” comprise physicians (except for those physicians who are bona fide employees of the applicable manufacturer reporting the payment) and teaching hospitals.  While these entities are not required to submit any data for OPEN PAYMENTS, CMS strongly encourages their participation to ensure the accuracy of the data submitted.

Physicians include those legally authorized to practice in professions such as doctors of medicine, osteopathy, dentistry and dental surgery, podiatry, optometry, and chiropractic medicine.

Teaching hospitals include those hospitals that received payment for Medicare direct graduate medical education (GME), inpatient hospital prospective payment system (IPPS) indirect medical education (IME), or psychiatric hospitals IME programs during the last calendar year for which such information is available to CMS.  CMS has published a “teaching hospital list” that contains all hospitals that the agency has recorded as receiving a payment(s) under a Medicare direct GME, IPPS IME, or psychiatric hospital IME program during the latest fiscal year.  This list will act as a vital resource to assist applicable manufacturers in determining if they are required to report payments or other transfers of value made to a hospital.

V.  Physician Payment Sunshine Act Reporting Requirements:

CMS has provided applicable manufacturers with data collection templates to use in reporting and characterizing payments or other transfers of value.  These data collection templates are used for general payment data collection (non-research),  research payment data collection, indirect payments provided to covered recipients through a third party, and ownership and investment interest data collection.

CMS has also clarified various reporting criteria to assist applicable manufacturers in the reporting criteria.  Since manufactures must report payments and “transfers of value” made directly to physicians and teaching hospitals, CMS requires manufacturers to describe how the recipient received the payment.  Manufacturers must clarify whether the payment was made as cash or cash equivalent, in-kind items or services, or stock, stock option(s), or any other ownership interest, dividend, profit, or other return on investment. In addition, manufacturers must explain the nature of the payment or transfer of value. There are 14 possible categories including, for example, consulting fees, grants, research, honoraria, and charitable contributions. In addition to direct payments, manufacturers must report certain payments and transfers of value that are made indirectly to a physician or that are made to a third party as requested by a physician or designated as being made on behalf of the physician.

As to the requirements related to ownership interests, the report must indicate the dollar amount invested, the value, and terms of ownership or investment interest, and any payment provided to physician owner or investor. However, certain ownership interests, such as securities that may be purchased on terms generally available to the public and that are listed on a public stock exchange where quotations are published on a daily basis, are not included as reportable ownership interests.

Furthermore, the law outlines which payments or other transfers of value may be excluded from the reporting requirements. For instance, certain certified and accredited continuing medical education (CME) payments are exempt from disclosure, while payments to Physicians in Fellowship training are not.  The law also excludes product samples that are not intended to be sold and are intended for patient use, discounts (including rebates), loans of medical devices for under short-term trial periods, not exceeding 90 days, to permit evaluation of the covered device by the covered recipient, and many more.

Guidelines were also provided for allowances in retracting reports for revision.  In particular, CMS states that GPOs may “retract and resubmit an entire report, submit corrections to a group of records, retract a group of records, or append a group of records that were omitted from the original submission.”   The rule even requires that payments for promotional speaking be included in the reports, which CMS said can be reported as “compensation for services other than consulting” or “honorarium” for the nature of payment category.

VI.  Tracking Assistance:

CMS has provided free mobile applications (“apps”) to help implement the OPEN PAYMENTS program to assist physicians, applicable manufacturers, and applicable GPOs track most of the data necessary to successfully meet the reporting requirements. The mobile apps have been developed to target specific users.  For instance, there will be one mobile app for physicians to help ensure accuracy of information reported about them by manufacturers in the healthcare industry.  There will also be a mobile app for those applicable manufacturers and GPOs to assist them with the accuracy of their required reporting.

While these apps cannot be used to directly interact with CMS systems, CMS contractors, or used directly for data reporting to CMS or its contractors, they will be a vital tool to track transfers of value in real-time, as they occur throughout the year.  Entities covered by the Act will also be able to share user profiles and transfers of value information between physician and industry apps.

VII.  Audits and Penalties:

CMS will audit all submitted data to ensure its accuracy.  Notably, the Sunshine Act provides for statutorily authorized civil monetary penalties for failure to report payments or other transfers of value, or physician ownership or investment interests, including clarification of the instances when the penalties will be imposed.  The penalties against manufacturers or GPOs who fail to comply can be very severe.

Every report submission must meet three requirements: it must be “timely, accurate, and complete.”  If the report fails to fulfill these three conditions, the submitting manufacturer or GPO can incur a civil monetary penalty (CMP) ranging from $1,000 to $10,000 for each payment, transfer of value, or ownership or investment interest not reported, up to a maximum fine of $150,000. In addition, the penalty for each “knowing” failure ranges from $10,000 to $100,000, up to a max of $1,000,000.  Each CMP is aggregated separately, and a manufacturer or GPO could possibly be subject to a maximum penalty of $1,150,000.

VIII.  Costs and Benefits:

CMS forecasts that the changes implemented by this rule will have significant monetary costs, which CMS estimates to be about $269 million in the first year and $180 million annually thereafter.  As of now, monetary benefits are unable to be projected; nevertheless, CMS claims that the non-monetary benefits will be plentiful but difficult to quantify.  One example of a projected non-monetary benefit is increased transparency as to the extent and nature of relationships between physicians, teaching hospitals, and industry manufacturers.  These improvements will permit patients to make better informed decisions when choosing health care professionals and making treatment decisions, as well as deter inappropriate financial relationships which can sometimes lead to increased health care costs.  Additionally, increased transparency about the owners and investors in GPOs will allow purchasers to make better informed decisions and identify potential conflicts of interest with ordering physicians.

 IX.  Final Thoughts:

Disclosure alone is not sufficient to differentiate beneficial financial relationships from those that create conflict of interests or are otherwise improper.  Moreover, financial ties by themselves do not signify an inappropriate relationship.  Nevertheless, transparency will illuminate the nature and extent of relationships and will hopefully discourage the development of inappropriate ones.  In doing so, it will help prevent the increased and potentially unnecessary health care costs that can arise from such relationships.  It is in this way that the costs of the rule are worth the benefits.

Furthermore, while the penalties may appear to be somewhat extreme, they are only meant to punish those groups with malicious intentions that may have slipped through the cracks in the past.  As to the severity of these penalties, as well as their accumulative nature, the best advice we can give is to become informed about what to watch out for and learn the requirements as they are intended to be understood.  We strongly recommend that you acquire professional legal guidance on these matters to ensure that your understanding is correct and that the reports you plan to submit are appropriate.

Healthcare LawRobert Saltaformaggio is an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker is a boutique health law firm with offices in Washington, DC, Houston, DC, McAllen, DC and Baton Rouge, LA.  Our attorneys represent Physicians, Practice Groups and other health care providers around the country in connection with a full-range of health law statutory and regulatory matters and cases.   For a free consultation on these and other health law issues, give us a call.  We can reached at: 1 (800) 475-1906. 

[1] Pub. L. 105-33.


Are HIPAA Whistleblower Provisions Around the Corner?

Are HIPAA Whistleblower Provisions Around the Corner?(January 25, 2012):  Historically, home health agencies, physicians, clinics and other health care providers have associated the term “whistleblower” with the filing of a FalSe Claims Act case by an insider, former employee or other individual alleging to have direct knowledge of fraudulent billing conduct by a provider.  As health care providers will soon find, individuals harmed by the wrongful breach of their Protected Health Information (PHI) will soon have an opportunity to share in any penalties against by Department of Health and Human Services (HHS), Office of Civil Rights (OCR).  While not technically a “whistleblower” award program, the quasi-HIPAA whistleblower provisions included in recently-passed legislation  may ultimately present many of the same incentives to individuals who are allegedly harmed as a result of a breach of their PHI.

I.   Background of HIPAA Whistleblower Provisions:

Over the last few years, a number of health care providers and other “covered entities” (both large and small) have been audited and penalized by the government for improper breaches of protected health information. Enforcement actions taken have varied, ranging from mere warnings to criminal prosecution.

II.   HITECH Raises the Bar for Providers:

The “Health Information Technology for Economic and Clinical Health Act” (HITECH) contains a number of significant privacy provisions impacting health care providers.  Two of these provisions include:  (1) The initiation of privacy audits by contractors working for the  Department of Health and Human Services (HHS), Office of Civil Rights (OCR); and (2) The sharing of Civil Monetary Penalties assessed in response to an improper breach with the affected patients.

  • Privacy Audits

As OCR has announced, the agency has initiated an audit program intended to help ensure that health care providers are complying with the various medical records privacy provisions laid out in the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  To do so, OCR has contracted with several nationally-recognized audit firms for the purpose of auditing health care provider compliance with HIPAA’s privacy provisions.

When will audits begin? According to OCR, the initial audits of provider compliance with HIPAA / HITECH requirements began in November 2011. Once these initial audits are completed, OCR intends to focus the remaining audits on the issues and concerns identified in the contractors’ first preliminary audits. At this time, all audits are anticipated to be completed by December 2012.

If prior “pilot” programs are any indication of how these audits will be handled, we anticipate that OCR will ultimately adopt an ongoing audit HIPAA / HITECH process, tasked with assessing the compliance of health care providers, covered entities and business associates. It is essential that you critically review your current practices – after you have been audited, it will likely be too late to avoid the imposition of penalties.

How will HIPAA / HITECH audits be conducted? According to OCR, organizations selected for audit will be notified by the agency of their selection. At that time, they will be asked to provide “documentation of their privacy and security compliance efforts.” During this pilot period, each of the covered entities audited will receive a site visit. During the site visit, contractor representatives will be required to interview key personnel. The contractors will also review the covered entity’s practices and determine whether their operations fully comply with HIPAA’s / HITECH’s privacy requirements. After completing the site visit, a draft report will be prepared which outlines how the audit was handled, the conclusions that were reached by the contractor and the remedial actions that were taken by the covered entity. The draft report will be shared with the covered entity prior to finalization and the covered entity will have a chance to respond to the contractor’s findings.

  • Sharing of Civil Monetary Penalties

In addition to the HIPAA audit protocol discussed above, HITECH includes a seemingly-innocuous section which commands the Secretary HHS to establish a methodology to distribute a percentage of Civil Monetary Penalties to individuals harmed by an improper breach of protected health information or another HIPAA violation. For instance, if a patient’s medical records or other protected health information is inappropriately accessed or divulged to unauthorized persons and the OCR ultimately investigates the violation and assesses Civil Monetary Penalties against a provider or other covered entity in connection with the breach, the harmed patient may be eligible to receive a portion of the penalties collected by the government.

On its surface, such a clause seems reasonable – after all, why not compensate those who have been hurt by a wrongful disclosure or breach? However, this law (and its soon-to-be-created implementing regulations) will likely have extensive repercussions in reporting and enforcement of HIPAA violations. Giving patients a financial incentive to report wrongful disclosures and breaches of their protected health information will likely lead to increased reporting of incidents since harmed patients may now be eligible to share in any penalties collected.  Similar laws which allow private individuals to receive a portion of penalties and other funds recovered, such as the False Claims Act (FCA), have been extremely successful in detecting and deterring fraudulent activity. While HITECH does not create a “private right of action” for HIPAA violations and is substantially different from the FCA, it is important to note that their basic principles are the same. By giving private citizens, with perhaps greater and more immediate knowledge of an issue than the government, a real reason to report a problem, these problems can be more quickly and effectively remedied.

In 1986, when the FCA was overhauled with new provisions that gave private citizens more power and a greater likelihood of collecting money, the FCA’s usage skyrocketed. In what could be a very similar situation, affected individuals with the chance to receive a portion of fines and penalties will be far more likely to aggressively report and pursue these violations. For covered entities (comprising virtually all providers, billers and business associates), this means that implementing effective HIPAA privacy policies should be at the top of your compliance “to-do” list.

III.   How Health Care Providers Should Respond:

Among their first steps, health care providers and other covered entities should:

  • Ensure that patient protected health information is fully secured and protected.
  • Take steps to prevent improper access by authorized parties.
  • Ensure that anyone who accessing protected health information is properly logged so that patients can readily obtain an accounting or listing of anyone who has reviewed all or part of their records. This log should also document the purpose for assessing the record.
  • Take steps to prevent the access of protected health information by authorized personnel for unauthorized reasons.
  • Take steps to better ensure that no protected health information is inappropriately disclosed to third parties.

While the points outlined are essential, they are far from all-inclusive.  It is imperative that you identify qualified counsel to assist you in meeting your HIPAA / HITECH obligations.

Further, when handling protected health information, health care providers must remain mindful of the “minimum necessary” rule.  Health care providers, other covered entities and business associates who handling protected health information must only disclose the minimum information necessary for a requesting entity to properly do its job.

Ultimately, all health care providers, covered entities and business associates should take reasonable steps to help ensure that applicable HIPAA / HITECH provisions are fully met.

Healthcare LawyerRobert W. Liles and other health law attorneys at Liles Parker PLLC are skilled in counseling health care providers, billers and other covered entities in HIPAA compliance and other compliance-related issues. We can help you implement an effective Compliance Plan, conduct gap analyses and internal audits.  Furthermore, we can train your staff on staying compliant with federal regulations, including but not limited to, HIPAA / HITECH mandates, OSHA requirements, coding / billing regulations and more. For a free consultation, please call Robert at 1 (800) 475-1906.