Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

The Dangers of Billing Payors for the Services of a Non-Credentialed Dentist / Non-Participating Dentist

Non-Credentialed Dentist(August 17, 2019):  Over the last year, we have seen a significant increase in the number of Medicaid and private insurance audits of dental claims. A common trigger for these audits included instances in which a practice improperly billed for the services of a non-credentialed dentist while using the identification number of a credentialed provider.  When we discussed this billing audit issue with our dental clients, many were surprised to learn that this practice was improper. Unfortunately, billing for services performed by another dentist using your National Provider Identifier (NPI) can result in a wide range of adverse actions against you and your practice.  This article examines this issue and discusses the potential fallout of engaging in this type of conduct.

I.  What is “Credentialing” and Why is it Important?

The credentialing processes utilized by insurance companies serve as a payor’s first line of defense and are intended to protect patients, help ensure the quality of care being provided, and safeguard the financial integrity of the insurance plan. The Joint Commission describes “Credentialing” as:

“[t]he process of obtaining, verifying, and assessing the qualifications of a practitioner to provide care or services in or for a health care organization. Credentials are documented evidence of licensure, education, training, experience, or other qualifications.”[1]

It is important to keep in mind that the specific credentialing requirements and procedures used vary from one payor to another. For example, dentists who wish to enroll in their State Medicaid Program are typically required to complete multiple credentialing applications.

  • State Medicaid Programs require that each dental practice obtain a provider number; and
  • Each dentist who will be performing dental services on Medicaid patients must be individually credentialed and admitted as a participating provider; and
  • After being admitted as a participating provider in a State Medicaid Program, a dentist must still complete separate credentialing applications in order to become a participating provider in the various Medicaid Managed Care programs that may be available in your state.

II.  What’s the Worst that Can Happen if You Improperly Bill the Services Of a Non-Credentialed Dentist / Non-Participating Dentist Under the Billing Number of a Credentialed Dentist / Participating Dentist?

Let’s consider the following common hypothetical situation: suppose you own a growing dental practice that provides dental care and treatment services to both adults and children.  You are a participating provider in the State Medicaid Program and also participate in a number of Medicaid Managed Care and private payor plans.  You recently hired a new dentist to help with your ever-growing patient caseload.  Although you are fully credentialed by each of the government and private payor insurance plans, your new dentist is still in the process of completing her credentialing applications, and you have been told that it may take 90 days (or even longer) for Medicaid, Medicaid Managed Care and private payors to review and approve the new dentist’s credentialing application.  How are you expected to bill for the dental services provided by your newly hired dentist? Can you bill for the services of a non-credentialed dentist using your provider number?  As we will discuss below, the improper billing of dental services performed by a non-credentialed provider under the provider number of a credentialed dentist can lead to administrative, civil and even criminal liability.

Administrative Sanctions:  At a minimum, if you improperly bill the dental services of a non-credentialed dentist under the name and provider number of a credentialed dentist, you should expect the payor to take the position that each of the improperly billed claims constitute an overpayment that must be repaid to the insurance company.  Unfortunately, in many of the cases we have seen and / or defended, the government and private payors have imposed additional sanctions.  In some instances, where the claims at issue have been covered by Medicaid or Medicaid Managed Care, the Department of Health and Services, Office of Inspector General (OIG) pursued Civil Monetary Penalties against the provider.  We have also defended clients in cases where the payor had terminated the provider’s participation in the payor plan and / or filed a complaint against the dentist with the State Board of Dental Examiners.   Examples of cases where administrative sanctions have been imposed are set out below:

  • Indiana. $125,446 in Civil Monetary Penalties Assessed.  An Indiana dental practice was assessed significant penalties by the Department of Health and Services, Office of Inspector General (OIG) as a result of alleged improper billing practices.   The government alleged that the dental practice submitted claims to the state Medicaid program for dental services that were performed by non-credentialed dentists under the names of dentists who were credentialed with Indiana Medicaid.

  • Massachusetts. $841,120 in Civil Monetary Penalties Assessed. In this case, a Massachusetts-based dental school was alleged to have submitted claims to Medicare[2] for dental services that were provided by non-credentialed dentists.  Additionally, the OIG claimed that the level of dental service billed was not supported by the associated dental records and documentation.

  • Multiple States. Disciplinary Licensure Actions are Pending – Multiple State Boards of Dental Examiners.    We have been (and are currently) involved in multiple matters where Medicaid Managed Care and / or private payor insurance plans have filed complaints with State Dental Boards against dentists for allegedly submitting false or fraudulent claims to the insurance company.  Notably, the improper conduct alleged has consistently included allegations that the dental practice submitted the claims of dental services performed by non-credentialed dentists under the names and NPIs of dentists who were properly credentialed in a particular plan.

Civil Sanctions — False Claims Act Liability.  Most of the cases brought under the False Claims Act[3] against Medicare and Medicaid participating providers in connection with the improper billing of services by a non-credentialed provider involved medical, rather than dental services.  Nevertheless, this remains a significant risk for dental practices that bill Medicaid and Medicaid Managed Care plans.  Two examples of False Claims Act cases that were brought against Medicare providers for the wrongful billing of services performed by non-credentialed physicians are set out below:[4]

  • $500,000 Settlement Under the False Claims Act.  In a case in  the Western District of Oklahoma, a licensed physician allowed an uncredentialed practitioner to use his NPI to bill Medicare for Evaluation & Management (E/M) physical therapy services that the licensed physician did not personally perform or supervise. The government brought an action against the physician under the civil False Claims Act. The defendant had to pay $500,000 to settle the case.

  •  $859,500 Settlement Under the False Claims Act. In this case, a well-respected state university health science center filed a self-disclosure with the OIG for submitting claims to Medicare using the NPIs of multiple physicians who did not render or supervise the services at issue.  The university health science center was forced to pay $859,500 to the government to settle alleged violations of the False Claims Act.

Criminal Sanctions:  In a worst-case scenario, Federal prosecutors may take the position that the wrongful billing of dental services by a non-credentialed provider under the name and provider number of a credentialed provider constitutes health care fraud.  In the case discussed below, a licensed dentist was prosecuted for engaging in various health care fraud schemes.  One of the counts in the prosecution included the dentist’s alleged “fraudulent” submission of services performed by a non-credentialed dentist.  To be clear, we have not seen any Federal prosecutions which were based solely on this specific type of illegal conduct.  Nevertheless, it is clear that if a dentist is alleged to have engaged in a broader scope of fraudulent conduct, prosecutors will not hesitate to include these types of false claims in an Information or Indictment against the physician.

  • Defendant Ordered to Pay $956,448 in Restitution and Sentenced to 33 Months in Jail.  In a recent criminal prosecution (June 2019) in the Middle District of Tennessee, a licensed dentist and his former practice administrator were charged with Conspiracy to Commit Health Care Fraud.  The government further alleged that the defendant dentist “took steps to conceal the fraud by discouraging employees from questioning billing practices” and “instructing employees to lie if questioned by insurance companies.”Ultimately, the defendant dentist pled guilty to the charges and was sentenced to 33 months in Federal prison.  He was also ordered to pay $956,448.00 in restitution.According to the Information filed against the defendant dentist, the defendant engaged in various acts of fraud against the Delta Dental, Cigna, TennCare and DentaQuest programs, including:  (1)  Billing for dental services that were not completed or performed at all;  (2)  Falsifying dates of service to appear to comply with benefit programs’ timeframe and preauthorization requirements;  (3)  Falsifying claims to appear that services had been rendered by a benefits program credentialed dentist; 

III.  When Can Non-Credentialed / Non-Participating Dentists Properly Bill Under the Name and Number of a Participating Dentist?

Not surprisingly, Medicare, Medicaid and private payors have all established their own rules governing when, and if, a non-credentialed dentist can properly bill under a credentialed physician’s name and billing number.  In this section, we examine three of the most common scenarios in which a provider can bill for the dental services performed by a non-credentialed dentist:

Locum Tenens / Substitute Dentist.  The term “locum tenens” is a Latin phrase that means one holding a place.”[5]  It is used to describe an independent contractor dentist or medical doctor who has been hired to temporarily take the place of a staff dentist or medical doctor who is absent due to illness, pregnancy, vacation or continuing dental education courses. It is also sometimes used to fill vacancies when a dental practice is short-staffed.  The rules governing the proper billing of dental services performed by a locum tenens dentist often vary from payor to payor. For instance:

  • Medicare Locum Tenens / Substitute Dentist Rules.[6] As set out under Section 1842(b)(6)(D) of the Social Security Act, a physician may receive Medicare payment for physician[7] services (and for services performed incident to such physician services) that are performed by another physician on behalf of the billing physician if the billing physician is unavailable to provide the services, and the services are furnished pursuant to an arrangement that is either:  (1) Informal and reciprocal, or (2) Involves per diem or other fee-for-time compensation for such services.

In addition, the services must not be provided by the substitute physician over a continuous period of more than 60 days unless the billing physician is called or ordered to active duty as a member of a reserve component of the Armed Forces.  Since the definition of “physician” includes both a Doctor of Dental Medicine and a Doctor of Dental Surgery (see Footnote 7), it can be argued that a Medicare-participating dentist would also qualify for the coverage of this rule

  • Medicaid Locum Tenens / Substitute Dentist Rules. In Texas, “a locum tenens arrangement is not allowed for dentists”[8] under the Texas Medicaid dental program.[9] However, under Texas Administrative Code (TAC) rules §354.1121 and §354.1221, it is permissible to bill for Medicaid dental services performed by substitute dentists as long as certain requirements are met.[10] The approach taken by a state’s Medicaid program with respect to the billing of locum tenens dentists and / or substitute dentists can vary from state to state.

  • Private Payor Locum Tenens / Substitute Dentist Rules. The requirements to bill a private payor plan for the services of a locum tenens or substitute dentist may vary widely depending on the individual plan.  It is therefore important to research the billing rules that apply under each private payor contract.

“Incident to” Billing of Dentist Services.  At the outset, it is important to recognize that there is virtually no Medicare, Medicaid or private insurer guidance discussing whether the “incident to” billing of dental services that are performed by a non-credentialed dentist is permitted (assuming, of course, that the requirements of incident to billing have been fully met).  Despite the absence of written guidance in this regard, based on the way the incident to rule has been applied to physicians, an argument can be made that the concept also applies to dentists.

For example, Medicare has no rules which prohibit a non-participating physician who serves as auxiliary personnel to a participating physician from providing incident to services to the patient. In addition, Medicare does not preclude the supervising, participating physician from billing for incident to services performed by a non-participating physician as long as: (a) the services are reasonable, necessary and otherwise meet all of Medicare’s incident to requirements;[11] (b) the non-enrolled physician is properly licensed by the state; and (c) the incident to services comply with any applicable state law requirements.

Given that the definition of “physician” pertains to both a Doctor of Dental Medicine and a Doctor of Dental Surgery, one could argue that the incident to rules apply to dental services as well as general medical services.  Unfortunately, such an exception would only apply to dental services that qualify for coverage and payment by Medicare.

Medicaid, Medicaid Managed Care and private payor insurance plans have consistently opposed the applicability of incident to billing to dental services, even though nothing in their participation agreements mentions such billing practices.

IV.  Reducing Your Level of Risk:

There are several steps that your dental practice can take to better comply with the credentialing and billing requirements that have been established by the Medicare, Medicaid, Medicaid Managed Care and private payor insurance programs.  These include:

  • Plan ahead by starting the credentialing process as soon as possible when a new dentist joins the practice.
  • Restrict non-credentialed dentists from performing dental services on patients covered under a payor plan that requires credentialing.
  • Until new hires are credentialed, have them limit their services to self-pay patients or other services that do not require credentialing.
  • Read your enrollment applications and their associated payor contracts. What are the credentialing requirements that must be met?
  • Does the insurance payor recognize incident to billing of dental services? Some private payor plans expressly prohibit the use of incident to billing.  If that is the case, and a provider knowingly billing for services performed by a non-credentialed provider under the name and NPI of a credentialed provider, the insurance company may argue that the provider has committed health care fraud.  

Robert W. Liles Healthcare AttorneyRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent dentists, dental practices and other health care providers around the country in connection with Medicare, Medicaid and private payor dental claims audits.  We also represent dentists in connection with State Dental Board complaints and investigations.  Are your dental claims or services currently being audited or under investigation?  We can help.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

 

 [1] See https://www.jointcommission.org/assets/1/6/AHC_who_what_when_and_where_credentialing_booklet.pdf

[2] Although traditional Medicare Part A does not cover most dental care treatment services, it may cover certain dental procedures that are necessary for an otherwise covered service to be completed.  For instance, a Medicare patient may obtain coverage for certain dental work in connection with jaw surgery.  Additionally, several Medicare Advantage plans now cover routine vision and dental procedures.

[3] 31 U.S.C. § 3729-3733. The Federal civil False Claims Act is the primary civil enforcement tool used to combat fraud against the United States.  The False Claims Act imposes civil monetary penalties and treble damages on any person who knowingly submits, or causes to be submitted, a false claim to the government for payment.

[4] It is important to note that the two cited False Claims Act cases involved the submission of claims to the Medicare program. In these cases, the government noted that the improperly billed services were not performed or supervised by the credentialed provider under whom the service was billed.  This language reflects the exemption that if Medicare’s “Incident To” requirements are otherwise met, the services of non-credentialed physician can, in fact, be billed under the name of the supervising, credentialed physician.

[5] The Concise Oxford English Dictionary (Eleventh Edition).

[6] Please note, Medicare no longer uses the term “locum tenens” when referring solely fee-for-time compensation arrangements.  Under Section 16006 of the 21st Century Cures Act, the term “locum tenens arrangements” is now used to refer to both fee-for-compensation arrangements and reciprocal billing arrangements.

[7] As set out on CMS’s website, the definition of “Physician” includes the following:

“For the purposes of Open Payments, a “physician” is any of the following types of professionals that are legally authorized by the state to practice, regardless of whether they are Medicare, Medicaid, or Children’s health Insurance Program (CHIP) providers:

  • Doctors of Medicine or Osteopathic Medicine
  • Doctors of Dental Medicine or Dental Surgery
  • Doctors of Podiatric Medicine
  • Doctors of Optometry
  • Chiropractors

Note: Medical residents are excluded from the definition of physicians for the purpose of this program.”

https://www.cms.gov/OpenPayments/About/Glossary-and-Acronyms.html.

[8] https://hhs.texas.gov/about-hhs/communications-events/news/2017/11/services-rendered-a-substitute-dentist-may-be-billed-tmhp-utilizing-modifier-u5-effective-january-1.

[9] Notably, that is not the case when it comes to medical doctors.  Texas Medicaid does permit locum tenens arrangements for physicians.  As set out under Section 9.2.2 of the Texas Medicaid Provider Procedures Manual, “Physicians may bill for the service of a substitute physician who sees clients in the billing physician’s practice under either a reciprocal or locum tenens arrangement.”  A complete rendition of Section 9.2.2 can be found at:

http://www.tmhp.com/Manuals_HTML1/TMPPM/Archive/2016/Vol2_Medical_Specialists_and_Physicians_Services_Handbook.24.083.html.

[10] These requirements include, but are not limited to:

“Dentists who take a leave of absence for no more than 90 days may bill for the services of a substitute dentist who renders services on an occasional basis when the primary dentist is unavailable to provide services. Services must be rendered at the practice location of the dentist who has taken the leave of absence. A locum tenens arrangement is not allowed for dentists.

This arrangement will be limited to no more than 90 consecutive days. Under this temporary basis, the primary dentist (who is the billing agent dentist) may not submit a claim for services furnished by a substitute dentist to address long-term vacancies in a dental practice. The billing agent dentist may submit claims for the services of a substitute dentist for longer than 90 consecutive days if the dentist has been called or ordered to active duty as a member of a reserve component of the Armed Forces. Medicaid and CSHCN accepts claims from the billing agent dentist for services provided by the substitute dentist for the duration of the billing agent dentist’s active duty as a member of a reserve component of the Armed Forces.

Providers billing for services provided by a substitute dentist must bill with modifier U5 in Block 19 of the American Dental Association (ADA) claim form.

The billing agent dentist may recover no more than the actual administrative cost of submitting the claim on behalf of the substitute dentist. This cost is not reimbursable by Medicaid or CSHCN.

The billing agent dentist must bill substitute dentist services on a different claim form from his or her own services. The billing agent dentist services cannot be billed on the same claim form as substitute dentist services.

The substitute dentist must be licensed to practice in the state of Texas, must be enrolled in Texas Medicaid, and must not be on the Texas Medicaid provider exclusion list.

The dentist who is temporarily absent from the practice must be indicated on the claim as the billing agent dentist, and his or her name, address, and National Provider Identifier (NPI) must appear in Blocks 53, 54, and 56 of the ADA claim form.

The substitute dentist’s NPI number must be documented in Block 35 of the ADA claim form. Electronic submissions do not require a provider signature.”

https://hhs.texas.gov/about-hhs/communications-events/news/2017/11/services-rendered-a-substitute-dentist-may-be-billed-tmhp-utilizing-modifier-u5-effective-january-1.

 [11] As discussed in MLM Matters Number: SE0441:

“To qualify as “incident to,” services must be part of your patient’s normal course of treatment, during which a physician personally performed an initial service and remains actively involved in the course of treatment. You do not have to be physically present in the patient’s treatment room while these services are provided, but you must provide direct supervision, that is, you must be present in the office suite to render assistance, if necessary. The patient record should document the essential requirements for incident to service. More specifically, these services must be all of the following:

  • An integral part of the patient’s treatment course;
  • Commonly rendered without charge (included in your physician’s bills);
  • Of a type commonly furnished in a physician’s office or clinic (not in an institutional setting); and
  • An expense to you.”

Additionally, in an office setting:

“In your office, qualifying “incident to” services must be provided by a caregiver whom you directly supervise, and who represents a direct financial expense to you (such as a “W-2” or leased employee, or an independent contractor).

You do not have to be physically present in the treatment room while the service is being provided, but you must be present in the immediate office suite to render assistance if needed. If you are a solo practitioner, you must directly supervise the care. If you are in a group, any physician member of the group may be present in the office to supervise.”

 

 

Genetic Testing Fraud Prosecutions are on the Rise Around the Country. Are Your Genetic Testing Practices Compliant?

Genetic Testing(August 13, 2019):  Over the last year, a number of genetic testing fraud investigations and prosecutions have been initiated by Medicare, Medicaid and TRICARE investigators and auditors.  While the nature of the diagnostic services at issue are cutting edge, the wrongful conduct associated with these cases often involves old school fraud schemes that are easily identified and well known to law enforcement.  This article covers the origins of genetic testing and examines a number of genetic testing fraud cases that have been pursued by Federal prosecutors around the country.  In this article, we also discuss a number of the questions you should be addressing prior to engaging in the marketing, ordering or billing of genetic laboratory testing claims.

I.  Historical Background – The Discovery of DNA:

The discovery of deoxyribonucleic acid (commonly known as DNA) can be traced to the efforts of Swiss chemist Freidrich Miescher in 1869. Over the next 75 years, Miescher and others established the scientific foundation for the groundbreaking molecular work of James Watson and Francis Crick in 1952.  At that time, Watson and Crick first proposed that the DNA molecule was a double-helix structure.  Watson, Crick and their colleague, Maurice Wilkins were subsequently awarded the Nobel Prize in Physiology or Medicine in 1962 “for their discoveries concerning the molecular structure of nucleic acids and its significance for information transfer in living materials.”[1]

Over the next 20 years, scientists continued to research the nature and composition of the DNA molecule.  This ultimately led to the 1990 formation of an international scientific research effort that became known as the “Human Genome Project” (HGP).  The goal of researchers at that time was to identify and sequence more than 3.3 billion base pairs of the human genome.[2]  By 2003, an initial draft of the human genome was completed.  Over the last 16 years, refinements in mapping have continued to be made.  As of June 2019, scientists report that there are still 89 “gaps” that remain to be sequenced.[3]

II.  Practical Applications of Genetic Testing:

The successful mapping of the human genome has led to the development of literally thousands of tests that can now be used to determine whether there is any evidence of chromosomal abnormality that may be used to detect the possibility of illness or disease.  Genetic testing is now commonly used for a number diagnostic and treatment purposes, including, but not limited to the following:

  • Diagnostic Genetic Testing. Genetic testing can be used for diagnostic purposes.  For example, it can be used to verify whether an individual has a diagnosis of cystic fibrosis or other disease that can be confirmed through a search for specific genetic abnormalities.

  • Genetic Carrier Testing. If you have a family history of a specific disease that has been tied to one or more genetic defects, it may be possible to determine whether you are a carrier of this genetic abnormality.  As a carrier, this genetic mutation may be passed along to your children.

  • Predictive Genetic Testing. This type of genetic testing also examines a patient’s family history to determine whether an individual is at a higher of risk of developing certain illnesses and / or diseases.

III.  The Emergence of Direct-to-Consumer Genetic Testing:

As the testing technology improved, the costs of conducting genetic testing procedures continued to drop to the point that it became commercially viable for a number of companies to offer direct-to-consumer test kits.  These kits were heavily marketed and promoted to the public as an effective way to predict an individual’s risk of developing certain illnesses and / diseases.

Allegations of deceptive marketing practices by direct-to-consumer genetic testing companies led to an investigation of these testing companies by the Government Accountability Office (GAO) in 2006.  At that time, GAO found that a number of “egregious examples of deceptive marketing.”  For example, four of the companies examined claimed that their assessment of an individual’s DNA could be used to create personalized supplements to cure diseases.  Two of these companies further claims that their supplements could “repair damaged DNA” or even cure certain diseases.  As the GAO noted, there was no scientific basis for these claims.[4]   As a result of the GAO’s findings, in 2006 the Centers for Disease Control (CDC), in conjunction with the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) issued consumer alerts warning the public to be wary of the claims being made by many of these genetic testing companies.

IV.  Impact of GINA and the ACA on the Use of Genetic Testing:

The development and expansion of genetic testing stoked the fears of many Americans that their specific genetic makeup could be used by health insurers and employers as a screening tool to weed out individuals who may be suffering from (or have the potential to develop) costly illnesses and diseases. To address these concerns, Congress passed the Genetic Information Nondiscrimination Act of 2008 (GINA) to prohibit health insurers and employers from using genetic information when making insurance eligibility and employment decisions.

The genetic testing industry received a further boost with the enactment of the Affordable Care Act (ACA). With the passage of the ACA, insurance payors were barred from denying coverage to patients with most preexisting illnesses and conditions. This effectively opened the door for patients to readily participate in genetic testing without the fear of losing their insurance due to the presence of a preexisting illness or disease.[5]

V.   Medicare Coverage of Specific Genetic Testing Procedures:

While the direct-to-consumer market has been in place for almost 20 years, most insurance payors have yet to issue comprehensive coverage guidance on genetic testing for diagnostic and screening purposes.  In order to qualify for coverage and payment under Medicare, a specific genetic test must meet the predicate requirements set out under 42 C.F.R. § 410.32.  While the Centers for Medicare and Medicaid Services (CMS) has been fairly progressive in approving the coverage of certain genetic tests for diagnostic purposes, it has been slow to authorize the coverage of genetic screening tests. For example, CMS did not finalize coverage of Next Generation Sequencing tests (diagnostic laboratory tests administered to patients with advanced cancer), until March, 2018.[6]  Additionally, Medicare still does not pay for genetic testing in many cases.[7]  Even the common genetic tests for the BRCA1 and BRCA2 gene mutation linked to breast cancer are only covered by Medicare under certain circumstances such as a family history of breast cancer.[8]

VI.  Primary Civil and Criminal Statutes Implicated in Genetic Testing Fraud Schemes:

Depending on the specific improper genetic testing conduct alleged, a variety of civil and / or criminal statutes may be implicated.  In this section, we briefly examine the various conduct that may result in prosecution by Federal law enforcement authorities.  Examples of problematic conduct includes:

42 U.S. Code § 1320a–7a(a)(5)Beneficiary Inducement Provisions.  Under the beneficiary inducement statute, it is a violation of law to offer or provide anything of value to a beneficiary in order to influence the beneficiary to order or receive any item or service that is reimbursed by Medicare or Medicaid.  Violations of these provisions may result in the assessment of significant civil money penalties. Examples of improper beneficiary inducements include:  (1) Gift cards. Giving $100 gift cards to senior citizens covered by Medicare if they sign up to have a “free” DNA swab taken and submitted for genetic testing; (2) Other items of value. Providing a “free” health screening if a senior citizen signs-up for genetic testing and provides their Medicare information.

18 U.S.C. § 1347Health Care Fraud.  Under this statutory provision, it is a criminal violation to defraud any health care program (both governmental and private payor programs) OR to obtain payment by means of false or fraudulent pretenses, representations or promises.  As the language reflects, this health care fraud statute is extraordinarily broad and may encompass a broad range of improper actions and conduct.  Examples of cases brought under this statutory provision include:  (1) Misrepresentation of a non-covered service. In some respects, this improper practice is nothing more than another form of “billing for services not rendered.” Simply put, in the cases we have seen where this has occurred, a genetic testing laboratory was alleged to have purposely billed a non-covered genetic test under the CPT code of a covered laboratory genetic test; (2) Misrepresentation of the ordering physician. This type of billing fraud is fairly common in laboratory testing fraud cases. We have seen cases where the putative ordering physician had never heard of the patient and did not know that his provider number was being improperly used to bill Medicare for genetic tests;  (3) Medically unnecessary services. We have seen multiple cases where the prerequisite requirements to qualify for a Medicare beneficiary to have a certain genetic test performed have not been met.  Moreover, representatives of the laboratory  billing for the genetic testing services were aware that these requirements had not been met.

42 U.S.C. § 1320a-7b(b).  Anti-Kickback Statute. It is against the law to provide something of value in an effort to induce a referral that is covered by a Federal health care benefit program.  Under the Anti-Kickback Statute, transactions aimed at inducing referrals for items or services billed to federal healthcare programs are strictly prohibited.  This criminal statute is, in part, aimed at preventing the overutilization of services and the providing of unnecessary services.  When it comes to genetic testing, ordering physicians, marketing representatives and others who receive kickbacks for referring genetics testing work to a laboratory for processing and billing may be criminally prosecuted.  As a final point, it is important to keep in mind that as a result of the Affordable Care Act, violations of the Anti-Kickback Statute may also be pursued as a violation of the civil False Claims Act.As the statute provides:

“(1) Whoever knowingly and willfully solicits or receives any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind—

(A) in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or

(B) in return for purchasing, leasing, ordering, or arranging for or recommending purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program,

shall be guilty of a felony and upon conviction thereof, shall be fined not more than $100,000 or imprisoned for not more than 10 years, or both.

(2) Whoever knowingly and willfully offers or pays any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind to any person to induce such person—

(A) to refer an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or

(B) to purchase, lease, order, or arrange for or recommend purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program,

shall be guilty of a felony and upon conviction thereof, shall be fined not more than $100,000 or imprisoned for not more than 10 years, or both.[9]

18 U.S.C. § 220(a). Illegal Remunerations for Referrals to Recovery Homes, Clinical Treatment Facilities, and Laboratories. These statutory provisions were enacted in October 2018 as part of the Eliminating Kickbacks in Recovery Act (EKRA).”  EKRA was intended to address patient brokering and other kickback schemes by expanding liability and raising the maximum penalties for kickbacks. Under this statute, the maximum penalties for illegal remunerations paid by recovery homes, clinical treatment facilities, and laboratories in an effort to induce referrals can result in penalties of $200,000 and 20 years of imprisonment per occurrence. To date, none of the publicized prosecutions of genetic testing related kickbacks have been brought under EKRA.  Nevertheless, we anticipate that private payor kickback cases involving genetic testing claims and laboratories will become public as investigations mature and referrals are made to Federal prosecutors around the country.An offense under this provision is described as:

Offense — Except as provided in subsection (b), whoever, with respect to services covered by a health care benefit program, in or affecting interstate or foreign commerce, knowingly and willfully—

(1) solicits or receives any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind, in return for referring a patient or patronage to a recovery home, clinical treatment facility, or laboratory; or

(2) pays or offers any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind—

          (A) to induce a referral of an individual to a recovery home, clinical treatment facility, or laboratory; or

          (B) in exchange for an individual using the services of that recovery home,  clinical treatment facility, or laboratory…”

31 U.S.C. § 3729 (a)(1)(A). Civil False Claims. Under this statutory provision, anyone who “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” is liable to the U.S. Government for civil penalties.[10]  Medicare does not cover “medically unreasonable and unnecessary services” so knowingly billing Medicare for medically unnecessary genetic tests could constitute a violation of the False Claims Act. is legislation under this section.[11]  Several of the cases discussed below were brought by former employees (whistleblowers) with knowledge of the fraud.

42 U.S.C. 1395nn. Ethics in Patient Referrals Act of 1989 (Stark).  Both the initial legislation and subsequent refinements to the law and corresponding regulations are all focused on prohibiting improper physician self-referrals for certain Designated Health Services (DHS) for which Medicare would otherwise pay, to an entity with which the physician or an immediate family member has a financial relationship, unless one of the statutory or regulatory exceptions applies. Importantly, “Clinical Laboratory Services” are listed as DHS.  Under Stark, if a physician (or an immediate family member of such physician) has a financial relationship with clinical laboratory, the physician may not make a referral to the laboratory for the furnishing of services for which payment may be made under the Federal health care programs.  To date, the government has not cited violations of Stark as the basis for prosecuting one or more of the genetic testing fraud cases that have been widely publicized.  Nevertheless, the prohibitions presented under Stark should be considered since laboratory services are a recognized DHS.

VII.  Recent Genetic Testing Fraud Prosecutions:

In recent years, the U.S. Department of Justice (DOJ) has focused increasing resources on the investigation and prosecution of genetic testing related fraud and abuse.  These efforts have resulted in a genetic testing fraud prosecutions.  Some of the recent case pursued by DOJ prosecutors have included:

  • March 2018 Misrepresenting the Nature of a Genetic Test in Order to Get it Covered.  In this case, a California genetic testing company improperly billed TRICARE, FEHBP and Medicaid for services that did not qualify for coverage and payment. To get the claims paid, the company allegedly used an improper code which misrepresented the nature of the services.  To resolve violations of the civil False Claims Act, the genetic testing company agreed to pay $10,635,615.90 to TRICARE and FEHBP.  The company also paid $756,183.00 to the state Medicaid program to resolve similar allegations.
  • December 2018 Genetic Testing Kickback Case. A Vancouver, Washington toxicology and genetic testing lab was sued under the civil False Claims Act and agreed to pay $1,777,738 to settle allegation that it violated the FCA by paying kickbacks to obtain the referral Medicare and TRICARE covered tests from other local laboratories.  As the U.S. Attorney’s Office noted, Paying remuneration to medical providers or provider-owned laboratories in exchange referrals encourages providers to order medically unnecessary services.” 
  • February 2019 Medically Unnecessary Genetic Testing Case. In this case, a San Diego genetic testing company agreed to pay $1.99 million to resolve allegations that the company violated the civil False Claims Act, 31 U.S.C. §§ 3729 et seq.  The government alleged that the genetic testing company submitted claims for genetic tests that were not medically reasonable and necessary because the prostate cancer patients at issue did not have any of the specific risk factors that qualified for the testing. Notably, this case was brought by two former employees of the testing company who filed suit under the whistleblower provisions of the False Claims Act.
  • May 2019 Medically Unnecessary Genetic Testing Case. A health system in Decatur, Texas agreed to pay $431,182.96 to resolve allegations that it violated the civil False Claims Act.  According to the government, the health system submitted false claims to Medicare for payment in connection with the ordering of genetic testing panels for surgical patients that were not medically reasonable or necessary. Notably, the samples taken from surgical patients to be subjected to genetic testing were sent to a lab in Tennessee for processing.   The U.S. Attorney’s Office for the Western District of Tennessee prosecuted the case against the Texas health system.
  • May 2019.  Medically Unnecessary Genetic Testing Case.  In this case, a New Jersey laboratory sales representative pleaded guilty to one count of “Conspiracy to Commit Health Care Fraud.” The defendant obtained access to hundreds of senior citizens through his work with a non-profit organization, The Good Samaritans.  He was able to persuade these senior citizens to submit to genetic testing, despite the fact that no health care professional was involved.  Notably, the defendant reportedly used “fear-based tactics during the presentations, including suggesting the senior citizens would be vulnerable to heart attacks, stroke, cancer and suicide if they did not have the genetic testing.”  To get the genetic tests authorized, the defendant recruited health care providers off of Craigslist and paid them thousands of dollars each month to “sign their names to requisition forms authorizing testing for patients,” despite the fact that the health care providers had never examined or interacted with any of the patients.  The defendant, along with two co-conspirators were reported paid more than $100,000 in commission payments by two laboratories for whom they worked.  The defendant was sentenced to 50 months in prison and ordered to pay restitution of $434,963 and forfeiture of $66,844.
  • June 2019 Genetic Testing Kickback Case.  In this case, a Las Vegas cardiology practice agreed to settle violations of the Anti-Kickback Statute and the civil False Claims Act by agreeing to pay $2.5 million to the government. The government alleged that the cardiology practice referred patients for genetic testing in exchange for kickbacks from the testing laboratories.
  • June 2019 Genetic Testing Kickback Case.  The owner of a Tampa medical marketing company was recently prosecuted and found guilty of conspiracy to pay kickbacks and bribes.  In this case, the defendant was alleged to have paid kickbacks to medical clinics in exchange for the referral of DNA swabs that have been obtained from Medicare beneficiaries. The government further alleged that the medical clinics were directed to collect the DNA of all of their patients, regardless of medical necessity.  The defendant marketing company sent the DNA swabs to a clinical laboratory for genetic testing.  Over the course of the conspiracy, the clinical laboratory billed over $2.2 million to Medicare for genetic testing claims.  The defendant marketing company owner
  • July 2019 Improper Marketing Practices / Ordering Genetic Tests for Patients that Were Never Seen or Treated.   In this case, the Chief Medical Officer physician in Gainesville, Florida, along with two other individuals (non-physicians), have been charged with one count of “Conspiracy to Commit Health Care Fraud.”  The three individuals worked for a company that operated a network of laboratories that performed genetic testing procedures.  According to the government, the two non-physicians are alleged to have contacted a clinical laboratory in New Jersey and proposed sending ten DNA swabs for genetic tests in return for 50% of the Medicare payments received by the laboratory.  The DNA genetic tests reportedly listed the Chief Medical Officer as the “Ordering Physician.”  Moreover, the Chief Medical Officer certified that the tests were medically reasonable and necessary.  Upon investigation, the government has supposedly learned that all 10 of the patients for whom genetic testing was ordered live outside of Florida.  In order to qualify for coverage and payment, the genetic test ordered for one of the patients (who lived in Oklahoma) required that the patient have a personal history of breast cancer.  When interviewed, the patient reported that she had not had cancer and had not advised anyone to the contrary. When asked how she learned about the genetic testing opportunity, the patient reported that she submitted the DNA swab “after seeing an advertisement on Facebook that offered a $100 gift card for people interested in genetic testing.”  She further stated that the DNA swab was not taken at a medical office.  Instead, the swab was reportedly taken in a “plain old office building” by “some random guy.”  The Oklahoma patient has further alleged that she never saw or spoke with a treating physician or with the Chief Medical Officer (who was listed as the Ordering Physician) about the genetic testing.   If convicted, the defendants in this case may be sentenced to a maximum penalty of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense.

VIII.  Genetic Testing — Staying Within the Four Corners of the Law:

As Medicare, Medicaid and private payors have expanded their genetic testing coverage policies, the number of laboratories, physicians and marketing companies involved in the procurement and provision of these tests has exploded.  Regrettably, many individuals and companies have moved into the genetic testing space without fully understanding the rules and regulations that must be met before these tests can be ordered, interpreted, billed and paid by Medicare and other payors.  If your business model involves the marketing of genetic testing services, the ordering of genetic tests or the performance of genetic tests, it is essential that you conduct a comprehensive assessment of your business (and, if applicable clinical) practices to ensure that your conduct does not violate the Federal Anti-Kickback Statute, EKRA, Stark, the False Claims Act or a host of other statutory and regulatory requirements that apply to these laboratory testing claims.

If you or your company are involved in the genetic testing industry, the following questions should be considered:

  • Is your marketing company involved with the promotion of genetic testing services?
  • Are you performing marketing services as an employee or as an independent contractor of a clinical laboratory?
  • Are you a physician, nurse practitioner or physician assistant who has been approached and asked to serve as the “ordering physician” of genetic testing services?
  • Are you a physician who has been approached by a marketing company, laboratory or other third party who has offered to pay you to conduct an evaluation (for the purpose of ordering genetic testing) via telemedicine?
  • Has your medical practice been offered a fee (by a clinical laboratory or another third party) for each genetic test (DNA swab) that is taken from the patients seen in your practice?
  • Has a clinical laboratory offered to give a percentage of Medicare, Medicare or private payor revenues generated by genetic testing claims referred to the laboratory by you or your medical practice?

Each of these questions raise a number of complex regulatory questions that must be fully vetted by an experienced health lawyer before you engage is such conduct.

Robert W. Liles Healthcare AttorneyRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent marketing companies, physicians and laboratories around the country in connection with government audits and investigations.  We also advise parties on the regulatory requirements of their current and / or proposed business arrangement, along with the parameters and requirements of the Federal Anti-Kickback Statute and EKRA.  Are your Medicare, Medicaid or private payor genetic testing claims being audited?  We can help.  For a free initial consultation regarding your situation, call Robert at: 1 (800) 475-1906.

 

[1] The Nobel Prize in Physiology or Medicine 1962. NobelPrize.org. Nobel Media AB 2019. Sun. 11 Aug 2019.
[2] https://web.ornl.gov/sci/techresources/Human_Genome/project/index.shtml.
[3] An examination of the remaining gaps in sequencing has been compiled by the Genome Reference Consortium. The Genome Reference Consortium is a coalition of international research institutes that have worked together to map and sequence the human genome.
[4] Direct-to-Consumer Genetic Tests – Misleading Test Results are Further Complicated by Deceptive Marketing and other Questionable Practices.  GAO-10-847T.  Released July 22, 2010.
[5] https://khn.org/news/safe-under-the-aca-patients-with-preexisting-conditions-now-fear-bias/
[6] https://www.cms.gov/newsroom/press-releases/cms-finalizes-coverage-next-generation-sequencing-tests-ensuring-enhanced-access-cancer-patients
[7] https://www.asco.org/practice-guidelines/cancer-care-initiatives/genetics-toolkit/genetic-testing-coverage-reimbursement
[8] Ibid.
[9] https://www.law.cornell.edu/uscode/text/42/1320a-7b
[10] The penalties for violations of the False Claims Act are currently:
Treble damages, plus $11,463 and $22,927 per false claim or statement. (These 2019 estimated amounts reflect the anticipated increase that has not yet been announced by DOJ).
[11] https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/Items-and-Services-Not-Covered-Under-Medicare-Booklet-ICN906765.pdf

Home Health Agency Alert: The Review Choice Demonstration Project start dates for Ohio, Texas, North Carolina and Florida are Around the Corner!

August 7, 2019 by  
Filed under Home Health & Hospice

The Review Choice Demonstration Project starts(August 7, 2019): This article further updates our articles of February 19th and April 9th on the announcement by CMS of the implementation of the new five year “Review Choice Demonstration Project’ in five states – Illinois, Ohio, Texas, North Carolina and Florida, and the start date for the Demonstration Project in Illinois.

 

I. Background of the Review Choice Demonstration Project:

As background, the Review Choice Demonstration Project is an outgrowth of the Pre-Claim Review Demonstration Project that was initiated in Illinois in August 2016 and paused in April 2017.  Instead of continuing the Pre-Claim Review Demonstration, the Centers for Medicare and Medicaid Services (CMS) announced a new initiative – the Review Choice Demonstration Project to be phased in for the five states listed, above.

Under the Review Choice Demonstration Project, agencies in the affected states will initially select from three options to have their home health claims reviewed:

  • Pre-claim review;
  • Post-payment review; or
  • Minimal post-payment review with a 25% reduction.

After each six-month period agencies with a 90% affirmation or approval rate will be able to choose from two additional options that may be preferable depending upon the circumstances of each agency.  Our February 19th article discusses each of these options.

II. Illinois Home Health Claims are Under the Microscope:

The Review Choice Demonstration Project initially began in Illinois on June 1 for all episodes of care beginning on that date. Prior to that date, Illinois agencies were required to make a selection as to the initial option that they chose for this period between April 17 and May 16.

On July 29, 2019, CMS announced that Ohio will be the second State to implement the Review Choice Demonstration Project.  Home health agencies in Ohio will have from August 16th to September 15th to select an option for the first six-month period, which will begin on September 30, 2019 for all episodes of care starting on or after that date.  Any agency that fails to select an option during this period will be assigned to the second option, above – post-payment review.[1]

CMS also announced that it anticipates 60 – 90 days between beginning the Demonstration in the remaining states of Texas, North Carolina and Florida, and will provide 60-days’ notice in advance of the start date.  While the announcement is somewhat unclear as to whether this period will be spread out for each remaining state or that all three will start on the same date, it is clear that agencies in each of those states and Ohio should begin planning now for that implementation if they have not already done so.

CMS has published links to the Palmetto GBA portal for selecting and registering an option during this period as well as a number of additional resources at https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Review-Choice-Demonstration/Review-Choice-Demonstration-for-Home-Health-Services.html.

III.  Planning for Implementation – Especially in Light of PDGM:

Our February 19th article goes into greater depth in explaining the various options.  However, most importantly, both articles emphasize the importance of thinking through which option makes the most sense for your agency.

Each one presents risks and benefits and the correct choice may differ depending upon the agency’s comfort and experience with denials and documentation, as well as operational capability – the one exception being that the third option – a 25% rate reduction, does not appear to be viable for any agency.  Our earlier articles also sets forth several examples of those risks and benefits and while not exhaustive, is meant to focus agencies on the thought process that your agency will want to consider in making this determination.  We thus cannot strongly enough recommend that each agency take the necessary time to consult with knowledgeable individuals both internal and external in making this determination for each 6-month period, and not wait until the last minute to do so.

Of equal, or perhaps greater, importance is the need for agencies in affected states to have procedures in place to prepare and quickly access documentation to properly support coverage for the cases that they take, and to move this documentation through the system quickly, accurately, and comprehensively.  This is especially important given the advent of the Patient- Driven Groupings Model (PDGM) on January 1, 2020.  For example, coding will be a key issue in driving coverage and payment, and “getting it right” in your documentation will be critical.  Also, addressing initial non-affirmation determinations quickly for agencies that select option 1 will be critical.

Finally, agencies should be updating their compliance and quality assurance programs to respond both to the PDGM payment model and to the Review Choice Demonstration Program.

Liles Parker attorneys have substantial experience in advising and working with home health agencies in preparing them for the audit process which is similar to the process that they will need in responding to the Review Choice Demonstration Project, and in identifying the risks of choosing one option in relation to the others.  For example, one of the additional two options available to agencies that score above the 90% affirmation or approval level in options 1 or 2 during a 6-month period may result in the inadvertent development of a statistical sample that can be utilized to broaden the scope of any denials and recovery.  A number of our attorneys are also Certified Professional Coders who have substantial experience in evaluating home health claims documentation. Finally, we have substantial experience in working with home health agencies in developing and updating their compliance plans.

Michael Cook Healthcare AttorneyAny person wishing a free consultation in this area should contact Michael Cook, the author of this article and Co-chair of the Health Care Group.  Michael Cook can be reached at (202) 298-8750 and mcook@lilesparker.com.

 

[1] We would also note that there was a misprint in our article of April 9.  That article inadvertently referenced that Illinois providers failing to make a choice during the initial registration period would be assigned to the third option.  The corrected reference is to the second option.

Home Health Agency Alert: The Review Choice Demonstration Project is Moving Forward in Illinois Effective June 1, 2019

April 9, 2019 by  
Filed under Home Health & Hospice

Review Choice Demonstration Project in Illinois(April 9, 2019): This article updates our article of February 19 on the lifting by the Centers for Medicare and Medicaid Services (“CMS”) of the moratorium on the enrollment of new home health agencies in Florida, Illinois, Michigan and Texas, and the announcement by CMS of the implementation of a new five year “Review Choice Demonstration Project” in three of those four states (Florida, Illinois, and Texas) as well as Ohio and North Carolina (with a possible extension to other states within the Palmetto/JM jurisdiction).

At the time of that article, CMS had announced that the project would begin in Illinois, with implementation in the other four states in the near future thereafter.  However, CMS had not specified a “start date” for Illinois because it was awaiting approval by the Office of Management and Budget (“OMB”) at that time.  CMS has now received that approval and has announced implementation in Illinois to begin on June 1, 2019.  All episodes of care beginning on or after that date during the period of the demonstration will be subject to the requirements of the project.

I.  Background of the Review Choice Demonstration Project:

As background, under the Review Choice Demonstration Project, home health agencies in the affected states will initially select from three options to have their claims reviewed:

  • Pre-claim review
  • Post-payment review, or
  • Minimal post-payment review with a 25% reduction.

After each six-month period, agencies with a 90% affirmation or approval rate under one of the first two options, above, will also be able to choose between two additional options.  Each of these options is described in our February 19 article.

II.  Illinois Home Health Agencies are Under the Microscope:

Home health agencies located in Illinois must choose and register for one of the three options, above, between the dates of April 17 and May 16 on a portal established by Palmetto GBA.  Any agency that fails to make a choice during that period will be assigned to the third option and will not be able to change that option during the entire five-year period, and thus will receive a 25% payment reduction during this entire time.

As discussed in our February 19 article, the Review Choice Demonstration is an outgrowth of the Pre-claim Review Demonstration for Home Health Services that had been initially implemented in Illinois and then “paused” and never “restarted.”  However, Illinois agencies that had met the 90% full provisional affirmation rate under that project (based on a minimal 10 request submission between August 2016 and March 2017) will be permitted to begin the Review Choice Demonstration by selecting from any of the options including the additional ones available to agencies with a 90% affirmation or approval rate during a 6-month period.

CMS has established links to both the Palmetto GBA portal described, above, and to an operational guide and Special Open Door Forum Presentation that describes the program at https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Review-Choice-Demonstration/Review-Choice-Demonstration-for-Home-Health-Services.html.

III.  Is Your Home Health Agency Ready for an Audit?

Our earlier article goes into greater depth in describing the various options.  That article also emphasizes the critical nature of the choice that each agency makes in selecting an option.

Each of the options presents a separate set of risks and benefits as opposed to the others – the one exception being that the third option of a 25% payment denial does not appear to be a viable one for any agency.  Our earlier article also sets out several examples of these risks.  We thus recommend that every agency take the necessary time to consult with knowledgeable individuals, both internal and external, in making this selection during each 6-month period.

Additionally, as stated in that article, we cannot recommend strongly enough that agencies in the affected states have procedures in place to properly document coverage for all the cases that they handle, and also a process to prepare and move documentation through the system quickly and comprehensively.  They also should be updating their compliance and quality assurance programs to respond to these changes.

Liles Parker attorneys have substantial experience working with home health agencies in preparing them for the audit process which is similar to the processes that they will need to follow in responding to the Review Choice Demonstration Project, and in identifying the risks of choosing one option in relation to the others.  A number of our attorneys are also certified coders who have substantial experience in developing a format to justify coverage.  Finally, we have substantial experience working with agencies in developing and updating their compliance plans.

Healthcare LawyerAny person wishing a free consultation in the area should contact Michael Cook, the author and Co-chair of our Health Care Group. Michael can be reached at (202) 298-8750 or mcook@lilesparker.com

Texas Prosecutors are Aggressively Targeting Criminal Home Health Fraud

January 9, 2019 by  
Filed under Home Health & Hospice

Texas prosecutors are aggressively pursuing criminal home health cases(January 9, 2019):  Despite real progress being made with respect to regulatory compliance, home health agencies, their owners, and affiliated health care professionals (such as referring / supervising physicians, therapists and staff) remain under strict government scrutiny. The government’s efforts to investigate and prosecute home health fraud cases have been especially evident in Texas.  In calendar year 2018, a number of home health agencies, owners and affiliated individuals have been indicted, prosecuted and / or sentenced in connection with their improper conduct.  This article examines many of these recent cases and discusses the improper conduct that led to these Texas home health prosecutions.

I. Texas Home Health Prosecutions in Calendar Year 2018:

Several significant home health fraud cases were investigated and prosecuted by the Department of Justice (DOJ) in Texas during 2018. These cases included, but were not limited to the following:

  • Southern District of Texas. December 2018.  In this case, the owner of a home health agency allegedly paid marketers and group home owners for Medicare beneficiary information which he used to bill Medicare and Medicaid for home health services that were either not provided or did not qualify for coverage and payment.  The government also alleged that the defendant owner personally falsified home health patient assessment forms to make the beneficiaries appear sicker on paper to receive higher reimbursement rates from Medicare,”and that he instructed agency employees to falsify home health certifications and forge physician signatures. A jury found the defendant guilty and he was sentenced to 109 months in prison. The defendant was also ordered to pay $3.5 million in restitution to the Medicare program.
  • Northern District of Texas. October 2018. Two owners and the administrator of a home health agency were convicted in this prosecution of various health care fraud violations after a six-day trial. The owners were convicted of conspiracy to commit health care fraud, and one of the owners and the administrator were convicted of two counts of making a false statement in connection with a health care benefit program. At trial, evidence was presented that both of the home health agency owners had previously been excluded from participating in federal health benefit programs. The government alleged that the administrator concealed the fact that the home health agency owners were excluded parties. The government further alleged that the administrator signed false documents indicating that a third person was the owner of the agency and that no one associated with the home health agency had been excluded from participating in federal health benefits programs such as Medicare and Medicaid.  Federal prosecutors were also able to show that the home health agency had billed the Medicare and Medicaid programs more than $3.7 million to which it was not entitled because the agency was owned by excluded parties. The defendants have not been sentenced as of the date of this publication.
  • Northern District of Texas. October 2018.  In this case, a licensed vocational nurse who was also the part-owner of a home health agency was sentenced to 120 months in prison for her role in the fraudulent submission of home health claims to Medicare for payment. The former part-owner and supervising physician at a physician house call company was also sentenced to 42 months in prison for his role in the fraud. Two additional home health agency employees were also convicted for their roles in the fraud. At trial,the government produced evidence that the supervising physician certified the medical necessity of home health services for a number of patients who had never been seen,and that the physician billed Medicare for over $1.6 millionin medically unnecessary home health certifications and physician home visits.
  • Southern District of Texas. October 2018. A patient recruiter was sentenced to 108 months in prison today for her role in a $3.6 million home health Medicare fraud scheme in this health care fraud case. At trial, the government submitted evidence to prove that the defendant patient recruiter sold personal patient information to a home health agency which it then used to bill the Medicare and Medicaid program for services that were either not medically need or were never even providedNotably, the patient recruiter paid Medicare beneficiaries, doctors, physical therapy companies and others for the paperwork and Medicare beneficiary information and services needed to facilitate the fraud.  Finally, to hide the fraud, the patient recruiter tried to make it look like she was paid an hourly wage and the marketing services she was providing were legal and proper.
  • Southern District of Texas. June 2018.  The part-owner of a home health agency, who also served as the agency’s Director of Nursing, was indicted in this prosecution for conspiracy to commit health care fraud.  The government has alleged that the defendant, along with an unnamed group of co-conspirators, paid physicians to falsely certify the medical necessity of home health services for Medicare beneficiaries.  The defendant and the unnamed group of conspirators are also charged with paying patient recruiters for referring Medicare patients to the home health agency.  The government has also filed a criminal forfeiture count in the indictment in which it claims that more than $16 million is subject to forfeiture.
  • Southern District of Texas. June 2018.  The owner of a Harris County home health agency was indicted by a Federal Grand Jury for Conspiracy to Defraud the United States, paying and Receiving Health Care Kickbacks, and substantive violations of the Federal Anti-Kickback Statute. Specifically, the government has alleged that the defendant owner and a number of co-conspirators paid kickbacks to several patient recruiters in exchange for referring Medicare beneficiaries to the owner’s home health agency. The government also alleges that the defendant owner and his co-conspirators paid kickbacks to a number of physicians in exchange for their certification of Medicare-required paperwork, and that they paid Medicare patients for their Medicare information in order to bill the Medicare program for home health services.  The case is set for trial in 2019, and the government also has included a criminal forfeiture count in the indictment, seeking the forfeiture of at least $1.2 million
  • Eastern District of Texas. June 2018.  In this case, the owner of a Missouri City, Texas home health agency, was indicted for conspiracy to violate the Federal Anti-Kickback Statute and f or violations of the Aiding and Abetting statutory requirements. The defendant and a co-conspirator patient recruiter are alleged to have paid cash amounts ranging from approximately $1,600 to $2,900 to Medicare beneficiaries to sign up for home health services with the defendant’s home health agency. The matter is set for trial later this year.
  • Southern District of Texas. May 2018. After a three-day trial, a Federal jury found a patient recruiter for a Texas home health agency guilty for her role in a $3.6 million Medicare fraud case. The patient recruiter was found guilty of one count of conspiracy to commit health care, five counts of health care fraud, and one count of conspiracy to pay health care kickbacks.  At trial, evidence was introduced that showed that the defendant and her co-conspirators submitted claims to Medicare for home health services that were not medically necessary and, in some case, were not provided. According to the government, the patient recruiter paid beneficiaries, doctors, physical therapy companies, and others for the paperwork, Medicare beneficiary information, and services needed to facilitate the fraud.”
  • Southern District of Texas. January 2018.  In this final case, a Texas mayor (a licensed physician and Medical Director) and three owners of a number of home health and hospice providers services, were indicted for their roles in an alleged $150 million health care fraud and money laundering scheme. The government has alleged that the owners caused kickbacks and bribes to be paid to the defendant physician (and other physicians) who served as Medicare Directors for their home health agency in exchange for falsely certifying that Medicare patients qualified for services. The defendant owners are alleged to have fraudulently kept patients on hospice services for years when such care was not medically appropriate.  A number of the defendants are also alleged to have made a false statement to the FBI and / or obstructed justice by producing false and fictitious records to a Federal Grand Jury.

II. What Lessons Can be Learned from these Home Health Prosecutions?

At the outset, it is important to note that none of the home health fraud prosecutions discussed above were based on differing professional assessments of the Medicare beneficiaries’ clinical condition or on a battle between medical experts over the medical necessity of home health services.  Instead, Texas prosecutors focused on illegal payments in the form of kickbacks and bribes by home health owners and operators in exchange for the referral of Medicare patients, falsification of certifications or statements, and/or for acquisition of beneficiary information. In other words, the Federal criminal cases being brought against home health owners, operators and affiliated physicians were based on the parties’ fraudulent conduct, not on the quality of care provided or the medical necessity of the home health services. Several fundamental lessons to be learned based on these cases include:

Lesson #1:  Sooner or later, improper Medicare claims practices and criminal wrongdoing WILL be identified by law enforcement or one of the contractors working for the Centers for Medicare and Medicaid Services (CMS). 

Since first passing the Medicare and Medicaid programs in 1965, the government has been compiling utilization, coding, and billing data related to the services billed to Federal and State health benefit programs.  CMS shares access to this information with a number of private claims processing and / or program integrity contractors.[1]  These entities are required (as part of their contractual obligations to CMS), to conduct data mining analyses of provider and supplier coding, billing and utilization practices.  While criminal conduct may escape discovery in the short run, it is essential for home health agencies, their owners, patient recruiters and affiliated physicians to recognize that there is a strong likelihood that the government will ultimately find out about the wrongdoing.

Lesson #2: Don’t pay kickbacks. . . ever. You will eventually be caught.

The Anti-Kickback Statute became a felony in 1977.[2]  Under the Anti-Kickback Statute, it is a criminal violation to offer, pay, solicit or receive anything of value to induce referrals or generate referrals reimbursed by Federal health care programs.[3]The Department of Health and Humans Services, Office of Inspector General (OIG) first publicized the agency’s concerns regarding home health related kickbacks in a “1995 Special Fraud Alert.”[4]  At that time, the OIG identified the following business practices as improper and potential violations of the Anti-Kickback Statute:

“Payment of a fee to a physician for each plan of care certified by the physician on behalf of the home health agency. 

Disguising referral fees as salaries by paying referring physicians for services not rendered, or in excess of fair market value for services rendered.

Offering free services to beneficiaries, including transportation and meals, if they agree to switch home health providers.

Providing hospitals with discharge planners, home care coordinators, or home care liaisons in order to induce referrals.Providing free services, such as 24-hour nursing coverage to retirement homes or adult congregate living facilities in return for home health referrals.

Subcontracting with retirement homes or adult congregate living facilities for the provision of home health services to induce the facility to make referrals to the agency.”  

Most of the Texas home health prosecutions pursued by DOJ prosecutors in 2018 involved illegal kickback conduct that the government first identified its 1995 Special Fraud Alert.  Despite the fact that more than twenty years have elapsed, a number of home health agency owners, operators, marketing personnel and referring physicians have continued to engage in illegal kickback activities.

Lesson #3: Don’t play games. Efforts to deceive the government or obstruct an investigation will only compound your problems.

In the criminal cases outlined in Section II above, a number of the defendants engaged in deceitful conduct. Several examples of the deceitful conduct included:

“A home health agency owner was alleged to have falsified home health patient assessment forms. 

A home health agency owner was alleged to have instructed home health staff to falsify physician signatures.   

A home health agency administrator was alleged to have signed false documents indicating that a third-party owned the agency and that no excluded parties were associated with the agency, when in fact, the true owners had been excluded from participation in the Medicare program.  

Defendants were also alleged to have made a false statement to the FBI and / or obstructed justice by producing false and fictitious records to a Federal Grand Jury.”

There are several Federal statutes that are implicated by this type of deceitful conduct.[5]  Statutory provisions that may be implicated (depending on the facts), include, but are not limited to:

Fraud and False Statements (18 U.S.C. § 1001). It is illegal for any person, in connection with any matter before any branch of the federal government or any federal agency, to do any of the following: (1) falsify or conceal a material fact; (2) make any material misrepresentations; or (3) make or use any false document knowing that such document contains a material falsehood. 

False Statements Involving Health Care Programs (18 U.S.C. § 1035).  It is unlawful for any person to, in any matter involving a health care benefit program and in connection with the delivery of or payment for health care services, knowingly: (1) falsify or conceal a material fact; (2) make a material misrepresentation; or (3) use a document knowing that it contains a material misrepresentation.

Health Care Fraud (18 U.S.C. § 1347).  It is unlawful for any person to knowingly: (1) defraud any health care benefit program; or (2) obtain by false pretenses any money or property owned or under the control of a health care benefit program. 

Obstruction of a Criminal Investigation into Health Care Offenses (18 U.S.C. § 1518).  It is unlawful to prevent, obstruct, or delay the communication of information relating to a federal health care offense to a criminal investigator. 

False Statements Involving Federal Health Care Programs (42 U.S.C. § 1320a–7b(a)). It is unlawful for any person to: (1) knowingly make a false statement in an application for benefits or payment under a federal health care program; (2) knowingly make a false statement for use in determining rights to benefits or payment under a federal health care program; (3) knowingly conceals or fails to disclose any event affecting one’s eligibility for benefits or payment under a federal health care program; (4) knowingly use the benefits or payment of another under a federal health care program for some reason other than their intended purpose; (5) knowingly present a claim for a physician’s service under a federal health care program where the person presenting the claim knows the service provider was not a licensed physician; or (6) knowingly assist another in disposing or transferring of assets such that he or she will be eligible for benefits under a federal health care program. 

Violations of these statutes are often uncovered during the course of administrative audits by CMS program integrity contractors. These types of violations may also arise in connection with patient complaints and whistleblower cases.

Lesson #4:  Medical Director agreements — it all comes down to the nature of the business relationship. 

Both parties need to recognize the importance of conducting due diligence before entering into a contract with a Medical Director.  Does the home health agency have an effective Compliance Program in place? Has either the home health agency or the physician being considered for a Medical Director position been the subject of an adverse action by Medicare, Medicaid, or a private payor?  To paraphrase the Greek philosopher Aesop, “You are judged by the company that you keep.”

When reviewing Medical Director agreements, government prosecutors and investigators are trained to conduct a critical assessment of these business relationships.  Are the terms of the Medical Director agreement consistent with Fair Market Value principles?  Has the Medical Director properly documented the services he or she provided and properly recorded the amount of time being spent in the performance of his or her Medical Director duties?  How many patient referrals are generated by your Medical Directors?  In a perfect world, a home health agency would not receive any patient referrals from the agency’s Medical Director.  To the extent that an agency’s Medical Director does, in fact, make a significant number of referrals to the agency for home health services, the government will understandably wonder whether the referrals being made are in exchange, in whole or in part, for the monies being paid to the physician under the Medical Director agreement.

Lesson #5:  Do you employ sales or marketing personnel? Regardless of whether you refer to a position as a Community Outreach Coordinator, a Marketing Specialist or a Physician Liaison, the government will still carefully review how these individuals are compensated, and the actual duties that are being performed.    

Marketing activities that may constitute ordinary business courtesies if extended to an actual or potential referral source in another industry, are often illegal in the context of Federal health care programs. Home health agencies that employ or contract with individuals to conduct marketing services on behalf of the agency need to ensure that the services being performed do not violate the Federal Anti-Kickback Statute or, if applicable, a state’s bribery law or all-payor statute.  Compensation agreements that reward a marketing individual based on the number of patient referrals generated are especially problematic.

III.  Conclusion:

The likelihood that your home health agency will be subjected to a Medicare or Medicaid audit or investigation increases every day.  As a participating provider in one or more Federal health care programs, providers have an affirmative obligation to ensure that your claims are properly documented, coded, and billed.  Additionally, providers must ensure that otherwise payable home health service claims have not been “tainted” by any statutory or regulatory violation of the Stark laws, the Federal Anti-Kickback Statute or the False Claims Act. When examining whether a claim is “payable,” a provider needs to remember that even though the medical service at issue may have been medically necessary and qualified for payment, if it is the result of an illegal activity, it will be tainted and will likely not qualify for payment. Unfortunately, many providers have never researched or reviewed the proper rules covering the work they provide.  If you have questions?  Give us a call.  Liles Parker attorneys have extensive experience representing home health providers around the country in connection with Medicare audits and investigations.

Robert Liles Healthcare LawyerRobert W. Liles, J.D., M.B.A., M.S., serves as Managing Partner at the health law firm Liles Parker, PLLC.  Liles Parker attorneys represent home health and hospice agencies around the country in connection with Medicare and Medicaid audits and investigations of home health and hospice services.  Has your agency received an administrative request or a subpoena for records?  Give us a call.  We can help. For a free consultation, please call: 1 (800) 475-1906.

[1] CMS works with claims processing contractors (Medicare Administrative Contractors (MACs)), and program integrity contractors (such as Recovery Audit Contractors (RACs), Supplemental Medical Review Contractors (SMRCs) and Uniform Program Integrity Contractors (UPICs) to identify overpayments and instances of potential fraud which may be referred to law enforcement authorities for investigation and prosecution.

[2] 42 U.S.C. 1320a-7b(b). The Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977 (Public Law 95-142), made violations of the Anti-Kickback Statute a felony. It also made those who offered remuneration for referrals and those who received them subject to various penalties.

[3] Under 42 U.S.C. 1320a-7b(f),a “Federal health care program” is defined as:

“(1) any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government (other than the health insurance program under chapter 89 of title 5); or

(2) any State health care program, as defined in section 1320a-7(h) of this title.”

[4] Federal Register, August 10, 1996 (Volume 60, Number 154). A copy of this Special Fraud Alert can also be found on OIG’s website.

[5] For each of the criminal statutes identified below, there are corresponding regulations which would authorize the imposition of Civil Money Penalties by the Health and Human Services, Office of Inspector General (HHS/OIG), see, 42 U.S.C. 1320a-7a(a).

Audits of Telehealth Services are Increasing. Do Your Telehealth Services Meet Applicable Requirements?

Audits of Telehealth Services are Increasing(December 21, 2018): The use of “telehealth” technologies to diagnose and treat patients can be used to address provider shortages, improve patient access to otherwise unavailable specialized services, reduces costs, and provides an effective way to monitor the status of patients from long distances.  The many benefits of telehealth have been readily recognized by health care providers, payors and most importantly, patients. Unfortunately, the expanded use of telehealth services hasn’t gone as smoothly as hoped.  In recent years, a number of investigations brought by federal and state regulators have identified telehealth cases involving significant overpayments, violations of the False Claims Act and instances of criminal conduct.  This article examines the current enforcement landscape facing telehealth providers and discusses ways that a provider can better meet its obligations under the law and reduce a telehealth provider’s level of regulatory risk. 

I. “Telehealth” versus “Telemedicine”:

The Health Resources Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services (HHS), has defined the term “telehealth” as the:

“[U]se of electronic communication and information technologies to provide or support long-distance clinical health care, patient professional health-related education, public health, and health administration.”[1]

The most common technologies used to provide telehealth services include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.

Telehealth is different from telemedicine because it refers to a broader scope of remote healthcare services than telemedicine. While telemedicine refers specifically to remote clinical services, telehealth can refer to remote non-clinical services, such as provider training, administrative meetings, and continuing medical education, in addition to clinical services.

II. Background of Medicare Telehealth Coverage Requirements:

The Balanced Budget ACT of 1997 (BBA) mandated that Medicare cover certain Fee-For-Service (FFS) payments for “telehealth” services beginning in 1999.  The BBA also provided for the  funding of telehealth demonstration projects. Initially, covered telehealth services were limited to only those provided to Medicare beneficiaries in health professional shortage areas (HPSAs).  Additionally, the legislation mandated that Medicare practitioners be with the patient (and function as a “telepresenter”) when the telehealth consultation was conducted.  Not surprisingly, these restrictions were viewed as practically unworkable by health care providers and patients alike. Subsequent legislation under the Benefits Improvement and Protection Act of 2000 (BIPA) amended portions of the BBA and expanded Medicare‘s telehealth payment rules.

The list of telehealth services that may qualify for coverage under Medicare are released each year through the annual physician fee schedule rulemaking process. As a general rule, Medicare Part B will pay for covered telehealth services[2] when they are furnished by an interactive telecommunications system[3], as long as the following requirements are met:

(1) The physician or practitioner at the distant site must be licensed to furnish the service under State law. The physician or practitioner at the distant site who is licensed under State law to furnish a covered telehealth services described in this section may bill, and receive payment for, the service when it is delivered via a telecommunications system.

(2) Under 42 C.F.R. § 410.78(b)(2), the following providers qualify as a practitioner at the distant site:”

(i) A physician as described in 42 C.F.R. § 410.20.

(ii) A physician assistant as described in 42 C.F.R. § 410.74.

(iii) A nurse practitioner as described in 42 C.F.R. § 410.75.

(iv) A clinical nurse specialist as described in 42 C.F.R. § 410.76.

(v) A nurse-midwife as described in 42 C.F.R. § 410.77.

(vi) A clinical psychologist as described in 42 C.F.R. § 410.72.

(vii) A clinical social worker as described in 42 C.F.R. § 410.73.

(viii) A registered dietitian or nutrition professional as described in 42 C.F.R. § 410.134.

(ix) A certified nurse anesthetist as described in 42 C.F.R. § 410.69.

Please note, as set out under 42 C.F.R. § 410.78(e)(1), clinical psychologists and clinical social workers cannot bill Medicare for medical evaluation and management services. They may only bill and receive payment for individual psychotherapy via a telecommunications system.

Additionally, as provided under 42 C.F.R. § 410.78(e)(2), physician visits required under 42 C.F.R. § 483.40(c)[4] may not be furnished as telehealth services.

(3) The telehealth services are furnished to a beneficiary at an originating site.”[5] Under 42 C.F.R. § 410.78(b)(3), an originating site includes one of the following:

(i) The office of a physician or practitioner

(ii) A critical access hospital (as described in section 1861(mm)(1) of the Social Security Act).

(iii) A rural health clinic (as described in section 1861(aa)(2) of the Social Security Act).

(iv) A Federally qualified health center (as defined in section 1861(aa)(4) of the Social Security Act).

(v) A hospital (as defined in section 1861(e) of the Social Security Act).

(vi) A hospital-based or critical access hospital-based renal dialysis center (including satellites).

(vii) A skilled nursing facility (as defined in section 1819(a) of the Social Security Act).

(viii) A community mental health center (as defined in section 1861(ff)(3)(B) of the Social Security Act).

 (4) As required out under 42 C.F.R. § 410.78(b)(3), to qualify as an originating site, the location must also be:

(i) Located in a health professional shortage area (HPSA), as defined under section 332(a)(1)(A) of the Public Health Service Act (42 U.S.C. 254e(a)(1)(A)), that is either outside of a Metropolitan Statistical Area (MSA) as of December 31st of the preceding calendar year or within a rural census tract of an MSA as determined by the Office of Rural Health Policy of the Health Resources and Services Administration as of December 31st of the preceding calendar year, or

(ii) Located in a county that is not included in a Metropolitan Statistical Area as defined in section 1886(d)(2)(D) of the Act as of December 31st of the preceding year, or

(iii) An entity participating in a Federal telemedicine demonstration project that has been approved by, or receive funding from, the Secretary as of December 31, 2000, regardless of its geographic location.

 (5) The medical examination of the patient is under the control of the physician or practitioner at the distant site.  Additionally, as set out under 42 C.F.R. § 410.78(c), a telepresenter is not required as a condition of payment unless it is determined to be medically necessary by the physician or practitioner at the distant site.

Simply put, to qualify under Medicare as covered telehealth services, providers must take ensure that each element of the telehealth services comply fit within the restrictions set out above.  

III.  Medicaid Telehealth Services:

As with the case of Medicare, state Medicaid telehealth guidelines require that all qualified practitioners providing telehealth services meet the requirements of their State Practice Act.  With respect to the coverage and payment of telehealth services, the Medicaid programs of 49 states and the District of Columbia currently pay for live video telehealth services as long as jurisdiction specific requirements have been met. For example, as long as all applicable requirements are met, Texas Medicaid will pay for live video and for store-and-forward telehealth services[6] (in certain circumstances).  In Texas, Medicaid also covers home telemonitoring as long as certain conditions are met.  It is important that you conduct a careful review of your state’s requirements and restrictions before assuming that your state’s Medicaid program will cover telehealth services.    

IV. Private Payor Coverage of Telehealth Services:

Over the last decade, considerable progress has been made with respect to the coverage and payment of telehealth services by private payors.  This is due, in large part, to the passage of various private payor parity laws.  At last count, 39 states and the District of Columbia have enacted such laws.[7]  Private payor parity laws vary from one jurisdiction to another.  While some states laws focus on the types of specialty services qualify for telehealth coverage, other states have also enacted laws that require payers to treat telehealth-delivered care the same way as in-person care with respect to reimbursement.

V. OIG Telehealth Report Findings:

As the telehealth services industry has grown, regulatory compliance concerns have also increased.  Both governmental and private payors have identified a number of program integrity risks that require ongoing monitoring and assessment.  In recent years, the OIG has included a number of telehealth-related projects as part of their Work Plan. Most recently, the OIG identified the use of unauthorized telehealth originating site as areas of deficiency in its recent report titled “CMS Paid Practitioners for Telehealth Services that Did Not Meet Medicare Requirements.”[8] As reflected in the OIG’s report, after reviewing a sample of 100 claims:

  • 24 claims were unallowable because the beneficiaries received services at nonrural originating sites,
  • 7 claims were billed by ineligible institutional providers,
  • 3 claims were for services provided to beneficiaries at unauthorized originating sites,
  • 2 claims were for services provided by an unallowable means of communication,
  • 1 claim was for a noncovered service, and
  • 1 claim was for services provided by a physician located outside the United States.[9]

Collectively, 31 out of 100 claims (31%) of the telehealth claims examined by the OIG did not meet Medicare’s requirements for coverage and payment.

VI. Telehealth Fraud Cases:

The following cases are illustrative of the various types of telehealth fraud cases that are being identified, investigated and prosecuted around the country:

(2018):  Tennessee.  The government recently charged four individuals and seven companies with fraud for their involvement in an alleged fraud scheme that resulting in almost $1 billion in claims being submitted to insurance payors.[10]  The government has alleged that a defendant telemedicine company had their employees call and impersonate medical professionals in order to obtain information from patients.  The telemedicine company then contacted local physicians and falsely advised them that an electronic consultation was ready for their review.  The prescribing physicians were led to believe that a licensed health professional (not merely a telemedicine company employee) had examined the patient’s medical history and that the patients had requested the drug at issue.   The case is ongoing.

(2018):  California.  In this case, seven defendants have been charged with fraud for their roles in a massive “sham” telemedicine scheme that defrauded TRICARE out of an estimated $65 million. The defendants included a nurse practitioner, a physician and two chiropractors, among others. In this case, it was alleged that one or more individuals recruited and paid Marines and the defendants to fill prescriptions for specialty medications (filled by co-conspirator pharmacies) that resulted in fraudulent and / or tainted claims being submitted to TRICARE for payment.  This case remains ongoing.

(2018):  Florida.  In this case, a Florida compounding pharmacy paid the government $350,000 to settle allegations that it violated the federal False Claims Act when it filled prescriptions that did not meet TRICARE’s telemedicine coverage requirements.  When investigating the case, agents for the Defense Criminal Investigative Service (DCIS) found that pharmacy representatives made unsolicited calls to TRICARE beneficiaries, provided medically unnecessary compound medications to beneficiaries, and knowingly filled prescriptions from doctors who did not meet or properly consult with TRICARE beneficiaries.”

(2017):  Florida. In this case, a Florida compounding pharmacy and its owner agreed to pay the government $170,000 for violations of the federal False Claims Act.   The government alleged that the defendants knowingly submitted claims to TRICARE for compounded medications that did not qualify for coverage and payment because they the prescriptions were not issued pursuant to a valid physician-patient relationship. Instead, the prescriptions were issued after brief calls were conducted between the prescribing physician and the TRICARE beneficiary.   The telephone calls made did not meet applicable telehealth coverage requirements.  Notably, prosecutors also alleged that the prescriptions for compounded medications were not medically necessary AND were tainted because of kickbacks paid to marketers.

(2016):  Connecticut.  In this case, a Connecticut psychiatrist and his practice were sued by a whistleblower under the federal Civil Claims Act for improper submitting telehealth claims to Medicare for payment.  As the government found, the psychiatrist provided psychiatric services over the phone to Medicare beneficiaries that did not meet Medicare’s coverage requirements.  More specifically, treating a patient over the phone does not meet Medicare’s requirements that the services be provided using an interactive audio and video communications system that permits real-time communications between the physician and the Medicare beneficiary. Additionally, the Medicare patients receiving the telehealth services did not live in a HPSA nor meet any of the other requirements under 42 C.F.R. § 410.78(b)(3) to properly qualify as an originating site. To resolve the false claims allegations, the defendants paid the government $36,704.

(2016):  Florida.  In this complex case, multiple defendants (including a physician, a physician’s assistant, a pharmacist, individuals working for a telemarketing company and related corporate entities) were convicted of various charges arising out of their improper submission of fraudulent, tainted prescription claims to TRICARE for payment and resulting in approximately $5.7 million in payments. The government alleged that the clinicians with prescribing authority were paid kickbacks by the defendant pharmacist to sign prescriptions made out to TRICARE beneficiaries.  In addition to the kickback-tainted prescriptions, it is worth noting that there was no valid provider-patient relationship. Moreover, the prescriptions did not meet TRICARE’s telemedicine coverage requirements.  A number of the defendants have plead guilty to the charges and are awaiting sentencing.

Conclusion:

As the Medicare requirements above reflect, telehealth services are subject to a number of restrictions.  First and foremost, not all services qualify for payments as telehealth services under Medicare’s coverage rules.  Assuming that the telehealth services to be provided do, in fact, qualify for coverage by Medicare, several additional requirements must be met.  For example, the originating site where the Medicare beneficiary is located must qualify as an authorized geographic location.  Is the region being served a rural area that has been designated as a HPSA? The specific location where the beneficiary will be receiving the services (such as a physician’s office) must also fit within Medicare’s narrow list of sites where a beneficiary can receive qualifying telehealth services.  Additionally, the type of practitioner providing the services at the distant site qualify as an eligible provider type under Medicare’s rules. Eligible providers must also meet applicable State Practice Act requirements to provide telehealth services.  For instance, several state legislatures have enacted rules that require practitioners providing telehealth services across state lines to also hold a valid state license where the patient is located. Finally, the telehealth services must be provided through the use of an appropriate interactive telecommunications system.

Are you providing telehealth services?  If so, it is essential that you conduct a comprehensive review of the logistical, documentation, medical necessity, billing and coding requirements that must be met in order for the services to qualify for coverage and payment.  Our attorneys can assist you with these efforts and / or represent you if your telehealth services are audited by Medicare, Medicaid or a private payor.

Robert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with UPIC audits, ZPIC audits, OIG audits and DOJ investigations of Medicare telehealth services.  He also advises health care providers in connection with Medicaid and private payor audits of telehealth services. Are you currently being audited or under investigation?  We can help.  For a free initial consultation regarding your situation, call Robert at:  1 (800) 475-1906.

[1] Telehealth in Rural America, Policy Brief March 2015.  National Advisory Committee on Rural Health and Human Services. 

[2] During Calendar Year (CY) 2018, services that may qualify for coverage as telehealth services under Medicare include:

Service

HCPCS / CPT Code

Telehealth consultations, emergency department or initial inpatient          

HCPCS codes G0425–G0427

Follow-up inpatient telehealth consultations furnished to beneficiaries in hospitals or SNFs

HCPCS codes G0406–G0408

 

Office or other outpatient visits

CPT codes 99201–99215

Subsequent hospital care services, with the limitation of 1 telehealth visit every 3 days

CPT codes 99231–99233

Subsequent nursing facility care services, with the limitation of 1 telehealth visit every 30 days

CPT codes 99307–99310

 

Individual and group kidney disease education services

HCPCS codes G0420 and G0421

Individual and group diabetes self-management training services, with a minimum of 1 hour of in-person instruction to be furnished in the initial year training period to ensure effective injection training

HCPCS codes G0108 and G0109

Individual and group health and behavior assessment and intervention

CPT codes 96150–96154

 

Individual psychotherapy

CPT codes 90832–90834 and 90836–90838

Telehealth Pharmacologic Management

HCPCS code G0459

Psychiatric diagnostic interview examination

 

CPT codes 90791 and 90792

 

End-Stage Renal Disease (ESRD)-related services included in the monthly capitation payment

CPT codes 90951, 90952, 90954, 90955, 90957, 90958, 90960, and 90961

 

End-Stage Renal Disease (ESRD)-related services for home dialysis per full month, for patients younger than 2 years of age to include monitoring for the adequacy of nutrition, assessment of growth and development, and counseling of parents

CPT code 90963

 

End-Stage Renal Disease (ESRD)-related services for home dialysis per full month, for patients 2-11 years of age to include monitoring for the adequacy of nutrition, assessment of growth and development, and counseling of parents

CPT code 90964

 

End-Stage Renal Disease (ESRD)-related services for home dialysis per full month, for patients 12-19 years of age to include monitoring for the adequacy of nutrition, assessment of growth and development, and counseling of parents

 

CPT code 90965

 

End-Stage Renal Disease (ESRD)-related services for home dialysis per full month, for patients 20 years of age and older

CPT code 90966

 

End-Stage Renal Disease (ESRD)-related services for dialysis less than a full month of service, per day; for patients younger than 2 years of age (effective for services furnished on and after January 1, 2017)

CPT code 90967

 

End-Stage Renal Disease (ESRD)-related services for dialysis less than a full month of service, per day; for patients 2-11 years of age (effective for services furnished on and after January 1, 2017)

CPT code 90968

End-Stage Renal Disease (ESRD)-related services for dialysis less than a full month of service, per day; for patients 12-19 years of age (effective for services furnished on and after January 1, 2017)

CPT code 90969

End-Stage Renal Disease (ESRD)-related services for dialysis less than a full month of service, per day; for patients 20 years of age and older (effective for services furnished on and after January 1, 2017)

CPT code 90970

Individual and group medical nutrition therapy

HCPCS code G0270 and CPT codes 97802–97804

Neurobehavioral status examination

CPT code 96116

Smoking cessation services

HCPCS codes G0436 and G0437 and CPT codes 99406 and 99407

Alcohol and/or substance (other than tobacco) abuse structured assessment and intervention services

HCPCS codes G0396 and G0397

Annual alcohol misuse screening, 15 minutes

HCPCS code G0442

Brief face-to-face behavioral counseling for alcohol misuse, 15 minutes

HCPCS code G0443

Annual depression screening, 15 minutes

HCPCS code G0444

High-intensity behavioral counseling to prevent sexually transmitted infection; face-to-face, individual, includes: education, skills training and guidance on how to change sexual behavior; performed semi-annually, 30 minutes

HCPCS code G0445

Annual, face-to-face intensive behavioral therapy for cardiovascular disease, individual, 15 minutes

HCPCS code G0446

Face-to-face behavioral counseling for obesity, 15 minutes

HCPCS code G0447

Transitional care management services with moderate medical decision complexity (face-to-face visit within 14 days of discharge)

CPT code 99495

Transitional care management services with high medical decision complexity (face-to-face visit within 7 days of discharge)

CPT code 99496

Advance Care Planning, 30 minutes (effective for services furnished on and after January 1, 2017)

CPT code 99497

Advance Care Planning, additional 30 minutes (effective for services furnished on and after January 1, 2017)

CPT code 99498

Psychoanalysis

CPT code 90845

Family psychotherapy (without the patient present)

CPT code 90846

Family psychotherapy (conjoint psychotherapy) (with patient present)

CPT code 90847

Prolonged service in the office or other outpatient setting requiring direct patient contact beyond the usual service; first hour

CPT code 99354

Prolonged service in the office or other outpatient setting requiring direct patient contact beyond the usual service; each additional 30 minutes

CPT code 99355

Prolonged service in the inpatient or observation setting requiring unit/floor time beyond the usual service; first hour (list separately in addition to code for inpatient evaluation and management service)

CPT code 99356

Prolonged service in the inpatient or observation setting requiring unit/floor time beyond the usual service; each additional 30 minutes (list separately in addition to code for prolonged service)

CPT code 99357

Annual Wellness Visit, includes a personalized prevention plan of service (PPPS) first visit

HCPCS code G0438

Annual Wellness Visit, includes a personalized prevention plan of service (PPPS) subsequent visit

HCPCS code G0439

Telehealth Consultation, Critical Care, initial, physicians typically spend 60 minutes communicating with the patient and providers via telehealth (effective for services furnished on and after January 1, 2017)

HCPCS code G0508

Telehealth Consultation, Critical Care, subsequent, physicians typically spend 50 minutes communicating with the patient and providers via telehealth (effective for services furnished on and after January 1, 2017)

HCPCS code G0509

Counseling visit to discuss need for lung cancer screening using low dose CT scan (LDCT) (service is for eligibility determination and shared decision making (effective for services furnished on and after January 1, 2018)

HCPCS code G0296

Interactive Complexity Psychiatry Services and Procedures (effective for services furnished on and after January 1, 2018)

CPT code 90785

Health Risk Assessment (effective for services furnished on and after January 1, 2018)

CPT codes 96160 and 96161

Comprehensive assessment of and care planning for patients requiring chronic care management (effective for services furnished on and after January 1, 2018)

HCPCS code G0506

Psychotherapy for crisis (effective for services furnished on and after January 1, 2018)

CPT codes 90839 and 90840

 

 

For ESRD-related services, a physician, NP, PA, or CNS must furnish at least one “hands on” visit (not telehealth) each month to examine the vascular access site.

[3] Under 42 C.F.R. § 410.78(a)(3), the term “interactive telecommunications system” means: 

“[M]ultimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner. Telephones, facsimile machines, and electronic mail systems do not meet the definition of an interactive telecommunications system.”  (emphasis added).

Although the technologies described above do not qualify as interactive telecommunications systems, they still qualify as telehealth services (albeit non-covered telehealth services under Medicare).

[4] 42 C.F.R. § 483.40(c) services that may not be furnished by a physician as telehealth services include behavioral health related rehabilitation services such as physical therapy, speech-language pathology, occupational therapy, and rehabilitative services for mental disorders and intellectual disability, as required in a resident’s comprehensive plan of care.

[5][5][5] An originating site is the location of the qualified eligible Medicare patient when the telehealth service is furnished by a physician or practitioner at the distant site.  Originating sites are paid a fee for hosting the telehealth service.  In 2018, the fee paid to an originating site was $25.76.  Please note, under the Bipartisan Budget Act of 2018, the originating site fee will be paid in certain circumstances.  

[6] The definition of “store-and-forward” telehealth services varies from state to state.  Generally, store-and-forward telehealth services are those where information, images, sound, video, etc., are stored or recorded and later forwarded to another site for clinical evaluation.  In other words, it is not a real-time, live evaluation of a patient by a distant provider.

[7] Center for Connected Health Policy, “State Telehealth Laws & Reimbursement Policies.” (Fall 2018).

[8] A-05-16-00058 (April 2018).

[9] Ibid, page 5.

[10] Of the nearly $1 billion in claims submitted to payors for payment, only $174 million was ultimately paid by the payors.  Nevertheless, federal prosecutors will likely argue that the face value of the claims billed (not necessary paid) is the amount that should be used when calculating the defendants’ potential period of imprisonment under the Sentencing Guidelines.

Home Health Providers Under the Microscope — The Review Choice Demonstration Project is Here

October 4, 2018 by  
Filed under Home Health & Hospice

The Review Choice Demonstration Project (October 4, 2018):  Last week, the Centers for Medicare & Medicaid Services (CMS), confirmed that it intends to initiate the Review Choice Demonstration for Home Health Services project on December 10, 2018.  The Review Choice Demonstration project is slated to initially begin in Illinois. This initiative is the renamed, repackaged version of the prior Pre-Claim Review Demonstration project that was initiated, then placed on hold (due in large part to provider protests), in April 2017.  This article provides an overview of the long and sorted history leading up to the Review Choice Demonstration project.

I. Although Dropping, the Improper Payment Rates for Home Health Services Remain Excessive:

The last few years have been rough on home health providers.  As the government has been quick to note, one of the primary components of the Medicare Fee-for-Service (FFS) improper payment rate has consistently been the excessive level of improper payments made for home health services.  Broken down by fiscal year, the improper payment rates for home health services have included:

Fiscal Year

Report Period

Home Health Improper Payment Rate

FY 2014

July 1, 2012 – June 30, 2013

51.4%

FY 2015

July 1, 2013 – June 30, 2014

59%

FY 2016

July 1, 2014 – June 30, 2015

42%

FY 2017

July 1, 2015 – June 30, 2016

32.3%


Although the improper payment rate for home health services has dropped considerably from FY 2015 to FY 2017, it still constitutes a major portion of the overall Medicare FFS improper payment rate.  During the FY 2017 report period, it is estimated that more than $6.1 billion in improper payments was made by Medicare for home health services.  When reviewing the improperly paid claim lines associated with FY 2017, the Comprehensive Error Rate Testing (CERT) contractor tasked with this project found that more than 89% of the errors were due to documentation deficiencies. 

II. Overview of Corrective Actions and Initiatives Taken by CMS to Address Home Health Documentation Deficiencies:

The FY 2017 CERT contractor findings with respect to documentation have merely further strengthened the government’s long-standing belief that home health providers (and referring physicians), need ongoing education and guidance with respect to the medical necessity, documentation, coverage and payment requirements that must be met.  Over the last few years, CMS and its contractors have implemented a variety of corrective actions intended to address documentation and medical necessity deficiencies that have been identified in connection with Medicare home health claims. Examples of these actions have included Probe and Educate Reviews[1], the initiation of the Pre-Claim Review Project[2], the development of Home Health Plan of Care / Certification and Progress Note Clinical Templates[3], and the establishment of a Home Health Recovery Audit Contractor[4].  CMS also revised the Physician Face-to-Face Narrative Requirement[5] for home health services. Several of these corrective initiatives are discussed in more detail below:

A. Probe and Educate Reviews.

In late 2015, home health Medicare Administrative Contractors (MACs) began pulling five claims sample from each home health agency in their jurisdiction for prepayment review purposes.  The claims subject to review covered episodes of service beginning on or after August 1, 2015.  The purpose of the Probe and Educate Review initiative was to better ensure that home health agencies were fully complying with applicable medical necessity, documentation, certification, coverage and payment requirements.[6] Systemic problems identified by home health MACs through the Probe and Education Review process has included:

  1. Failure to comply with face-to-face requirements. For example, in some cases, the certifying physician signature was missing. In other cases, the encounter notes did not document the elements required to show that the patient was eligible for home health services.
  2. Failure to identify an estimate of time for continued need when recertifying the medical necessity of services.
  3. Failure to fully complete and / or properly complete the initial certification documentation required.
  4. Bailure to timely respond to an Additional Documentation Request (ADR) request from a Medicare contractor in a timely fashion.

B. Pre-Claim Review Demonstration Project.

Section 402(a)(1)(J) of the Social Security Amendments of 1967 authorizes the Secretary, HHS, to:

‘‘develop or demonstrate improved methods for the investigation and prosecution of fraud in the provision of care or services under the health programs established by the Social Security Act (the Act).’’

Using this authority, and inn consideration of the excessively high home improper payment rate for home health services, in June 2016, CMS announced[7] the initiation of a new Pre-claim Review Demonstration project. Theoretically, the demonstration project was not intended to create any new clinical home health documentation requirements. Home health agencies covered by the demonstration project would be required to submit supportive medical documentation to the CMS contractor for review prior to being paid. This approach was intended to help educate providers and better ensure that home health claims qualified for coverage and payment. The demonstration project was also intended to test whether the use of a pre-claim review process would improve the government’s ability to identify, investigate, and prosecute home health fraud. Originally, the demonstration project was scheduled to be put into place in five states. CMS and its contractors planned on rolling out the project over a six-month period: 

  • Illinois: August 1, 2016
  • Florida: October 1, 2016
  • Texas: December 1, 2016
  • Michigan and Massachusetts: January 1, 2017

Two months later, CMS took its first steps towards putting the planned three-year project into place by implementing it in Illinois.  To characterize the implementation as “problematic” would be generous.  From its very start, Illinois home health providers, both large and small, experienced significant problems meeting the reviewer’s documentation requirements, thereby resulting in significant provider payment delays. Bending under political pressure, the planned roll-out in Florida was placed on hold. This effectively delayed implementation in the remaining three states as well.  After several false starts, the initiative was ultimately placed on hold in March 2017.  For a more detailed discussion of the Pre-Claim Demonstration project, please see the following article.  Additional information may also be found here.

C. Home Health Plan of Care / Certification and Progress Note Clinical Templates:

As required under 42 CFR 484.60, Condition of participation: Care planning, coordination of services, and quality of care, Medicare patients are accepted for treatment on the reasonable expectation that a home health agency can meet the patient’s medical, nursing, rehabilitative, and social needs in his or her place of residence. In order to accomplish this:

“Each patient must receive an individualized written plan of care, including any revisions or additions. The individualized plan of care must specify the care and services necessary to meet the patient-specific needs as identified in the comprehensive assessment, including identification of the responsible discipline(s), and the measurable outcomes that the HHA anticipates will occur as a result of implementing and coordinating the plan of care. The individualized plan of care must also specify the patient and caregiver education and training. Services must be furnished in accordance with accepted standards of practice.”

Similarly, 42 CFR 424.22, Requirements for home health services, mandates that a physician certify and recertify a patient’s eligibility for home health services in order to qualify for coverage and payment by Medicare.  Additional certification and recertification requirements are set out under the regulations.

Finally, CMS develop a template Progress Note that could be used by a physician and, when permitted under state law, by a physician assistant, a nurse practitioner, a clinical nurse specialist  and / or a certified nurse midwife to document that home health services are medically necessary and appropriate and to confirm that a Medicare patient is, in fact, homebound.

III. Rise of the Review Choice Demonstration Project:

In consideration of the various challenges encountered when trying to roll-out the Pre-Claim Review Demonstration project, CMS ultimately placed the initiative on hold in April 2017.  It is important to keep in mind that the underlying problem that gave rise to the Pre-Claim Review Demonstration project – an excessively high improper payment rate associated with home health services – was still (and continues to be) a serious program integrity concern. Additionally, it was abundantly apparent that wholesale changes would need to be made if the initiative were to be reintroduced. 

Over the next year, CMS completely reworked its prior initiative in an effort to provide additional flexibility for home health agencies that may be covered by an updated version of the project.   As reflected in the Federal Register, the “new and improved” initiative was named the Review Choice Demonstration project. As with its earlier iteration, the revised version of the demonstration project is intended to:

“help assist in developing improved procedures for the identification, investigation, and prosecution of potential Medicare fraud. The demonstration would help make sure that payments for home health services are appropriate through either pre-claim or postpayment review, thereby working towards the prevention and identification of potential fraud, waste, and abuse; the protection of Medicare Trust Funds from improper payments; and the reduction of Medicare appeals.”

CMS has again proposed that the demonstration project will be implemented in five states. Much to the dismay of Illinois, Florida and Texas home health providers, they are STILL on the list of targeted states.  Michigan and Massachusetts are no longer slated to be part of the demonstration.  In their place, CMS has substituted Ohio and North Carolina.  CMS has stated that the new list of five states are:

“known areas of fraudulent behavior and had either a high home health improper payment rate or a high denial rate during the home health Probe and Educate reviews.”

Notably, CMS has indicated that there is the possibility that the Review Choice Demonstration project may later be expanded to other states in the Palmetto / JM jurisdiction.

As set out in the September 28th Federal Register notice, CMS intended to implement the Review Choice Demonstration project in Illinois on December 10, 2018. 

A. The Review Choice Demonstration Project is Intended to Offer Flexibility to Home Health Providers.

CMS has designed the Review Choice Demonstration project so that home health agencies in affected states have several ways that they may show their “compliance with CMS’ home health policies.”  Options available to home health providers include[8]:

The Review Choice Demonstration Project

 

Robert Liles Healthcare AttorneyRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with UPIC audits, ZPIC audits, OIG audits and DOJ investigations.  Are your transcranial magnetic stimulation claims being audited?  We can help.  For a free initial consultation regarding your situation, call Robert at:  1 (800) 475-1906.

 

[1] https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Medical-Review/Home_Health_Medical_Review_Update.html

[2] https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Pre-Claim-Review-Initiatives/Overview.html

[3] https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/Electronic-Clinical-Templates/Downloads/Home-Health-Services-Plan-of-Care-Certification-Template-Draft-20180709-R20.pdf

[4] https://www.cms.gov/research-statistics-data-and-systems/monitoring-programs/medicare-ffs-compliance-programs/recovery-audit-program/

[5] https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/Electronic-Clinical-Templates/Downloads/Home-Health-Services-F2F-Encounter-Template-Draft-20180709-R20.pdf

https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/Electronic-Clinical-Templates/Downloads/Home-Health-Services-F2F-Encounter-Template-Draft-20180214-R10d.pdf

[6] Additional information regarding the Probe and Educate process is outlined in MLN Matters, MLN Matters ® Number:SE1524.

[7] 81 Fed. Reg. 37598.  June 8, 2016.

[8] 83 Fed. Reg. 48818September 27, 2018.

Is Your Urogynecology, OB/GYN or Multidisciplinary Practice Prepared for a Medicare Biofeedback Claims Audit or a Pelvic Floor Therapy Claims Audit?

Pelvic Floor Therapy Claims(July 12, 2018):  While no medical specialty has completely avoided the scrutiny of law enforcement and government contractors, for the most part, OB/GYNs and Urogynecologists have managed to stay out of the limelight of auditors and investigators tasked with identifying improper billing practices.  Unfortunately, those days appear to be over. Working closely with the staff at the Consolidated Data Analysis Center (CDAC), auditors and investigators at the Department of Health and Human Services (HHS), Office of Inspector General (OIG), have conducted sophisticated data analyses to identify outliers whose billing practices may be an indication of improper billing or fraud.  In recent years, CDAC-supported analyses have led to the successful pursuit of several high-profile Medicare fraud cases against urogynecologist providers and practices for the wrongful billing of biofeedback[1] related claims.  Most recently, the OIG confirmed at the March 2018 Health Care Compliance Association Annual Meeting that biofeedback / pelvic floor therapy claims are currently under review and are an agency enforcement initiative. This article examines the cases that have been brought against providers for the improper billing / fraudulent submission of biofeedback claims for payment, along with steps that your practice should take if your claims are subjected to an audit.

I.  Overview of Biofeedback Therapy:

At the outset, it is important to recognize that the coverage of biofeedback therapy services varies from payor to payor.  Many payors have limited the coverage of biofeedback therapy services to specific conditions and diagnoses.[2]  Generally speaking, biofeedback qualifies for coverage and payment by Medicare when it is used to treat stress and urge incontinence in cognitively intact patients, AS LONG AS the medical documentation shows that “pelvic muscle exercise” training has been attempted and has failed.

Two procedural codes (CPT Code 90901 and CPT Code 90911), are primarily used to code for biofeedback therapy. CPT Code 90901 is a non-specific code that can be used for any modality of biofeedback therapy.  In contrast, CPT Code 90911 is used to bill for Pelvic Floor Therapy training for the treatment of incontinence.

II.  Overview of Pelvic Floor Therapy Training for Urinary Incontinence:

As discussed above, Medicare will only cover biofeedback for the treatment of urinary incontinence when the medical records document that a trial of pelvic muscle exercise training was previously tried and failed.[3]  The Centers for Medicare and Medicaid Services (CMS) has issued National Coverage Determination (NCD) guidance titled “Biofeedback Therapy for the Treatment of Urinary Incontinence (30.1.1).[4]As the guidance notes, biofeedback-assisted pelvic muscle exercise training incorporates the use of an electronic or mechanical device to convey feedback (visual and / or auditory) regarding the muscle tone of a patient’s pelvic floor.  This feedback assists patients with their performance of muscle tone and pelvic muscle exercises.  Notably, CMS has delegated the authority to decide whether or not to cover biofeedback as an initial treatment modality to its contractors.

III.  Recent Pelvic Floor Therapy Claims Enforcement Cases:

  • On July 2, 2018, a Florida-based network of urogynecology practitioners agreed to pay the government $7 million to resolve allegations that network physicians violated the False Claims Act by knowingly billing the Medicare program for services that were inflated or were not provided. More specifically, the government alleged that network physicians performed and improperly billed for lavage treatments and pelvic floor therapy services that were incorrectly appended with a Modifier -25.  A Modifier -25 is intended to reflect the fact that a significant, separately identifiable E/M services was provided by the same physician on the same day as the other procedure at issue (in this case, the lavage and / or pelvic floor therapy services).
  • In June 2018, a California urogynecology practice and its Board-Certified physician entered into a $419,578 settlement agreement with the OIG. The settlement resolves allegations that the physician submitted claims to Medicare for items or services that he “knew or should have known were not provided as claimed or were false or fraudulent.”
  • In February 2018, the Department of Health and Human Services (HHS), Office of Inspector General (OIG) announced an $877,474 settlement with an Arizona practice accused of submitting false and fraudulent pelvic floor therapy claims to the Medicare program for payment.
  • In December 2017, a Virginia-based urogynecology clinic and its Board-Certified physician owner, settled a case with the OIG for $4 million in Civil Monetary Penalties. The OIG also required that the clinic enter into a 3-year Corporate Integrity Agreement which requires that the practice fully comply with a comprehensive set of compliance and regulatory requirements in order to avoid exclusion from the Medicare program.
  • In November 2016, a New Jersey OB/GYN agreed to be excluded from participating in Federal health benefits programs for 20 years as part of his settlement with government. The OB/GYN was also required to pay $25 million to settle False Claims Act allegations.  It was alleged that the OB/GYN submitted thousands of claims for pelvic floor therapy training services to the Medicare and Medicaid programs that were either never provided, or were otherwise false or fraudulent.

IV.  Steps to Take Before Your Practice is Audited:

When is the last time you conducted an internal audit of the medical necessity of your claims, the completeness of your documentation and / or the accuracy of your coding and billing practices?  What did you find?

A well-designed Compliance Program can benefit Urogynecology and OB/GYN practices by speeding up and optimizing the proper payment of claims, minimizing billing mistakes, and reducing the chances that an audit will be conducted by law enforcement or one of the many private contractors now working for CMS. The following seven elements that should be addressed in your Compliance Program include:

  1. Implementing written policies, procedures and standards of conduct;
  2. Compliance program administration;
  3. Screening and evaluation of employees, physicians, etc.;
  4. Communication, education and training on compliance;
  5. Monitoring, auditing and internal reporting systems;
  6. Enforcing standards through well-publicized disciplinary guidelines;
  7. Responding promptly to detected offenses and undertaking corrective action;

Urogynecology and OB/GYN practices should also conduct an organization-specific review in order to identify and address any regulatory risks that may be present.  This baseline audit (also commonly referred to as a “GAP Analysis”) can be utilized to identify problems in need of correction and any potential risk areas that should be incorporated into your Compliance Program. As you review your documentation, try and imagine how it would appear to an outside reviewer.  Can a reviewer fully appreciate the patient’s clinical status and the medical necessity of any biofeedback-related therapy services that you have provided?  Compare your E/M services to the 1995 or 1997 E/M Guidelines – have you fully and completely documented the services at issue?

To be clear, both law enforcement and CMS contractors recognize that a provider’s care and treatment practices may differ in one aspect or another from those of their peers. Moreover, those differences can result in billing practices which might make a provider appear to be an “outlier.”  Just because a provider’s coding and billing practices differ from those of their peers (in the same specialty area), does not necessarily mean that the provider’s practices are improper.  Nevertheless, if your utilization or coding / billing practices result in your clinic being identified as outlier, there is higher likelihood that your claims will be audited.

Be sure and engage any outside reviewers through legal counsel.  Keep in mind, this is not a paper exercise.  If legal counsel is not fully engaged and is not supervising the work, it is doubtful that the result of any review will be privileged.  As a final point in this regard, keep in mind that any overpayments identified must be paid back, regardless of whether the results of the internal audit qualify as privileged.

V.  What Are the Risks You Face if Your Biofeedback / Pelvic Floor Therapy Claims are Audited?

Despite any assertions that a Medicare auditor may state to the contrary — there is no such thing as a “Routine Audit.”[5]   

You never realize how bad your documentation is until your urogynecology or OB/GYN claims are audited. Unfortunately, a physician’s documentation practices often become more relaxed as time goes on – especially when the physician’s claims have not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided. Specific risk issues identified in recent cases brought by the OIG and, in some cases, the Department of Justice (DOJ) against urogynecology, OB/GYN, and multidisciplinary practices providing biofeedback-related pelvic floor therapy training services include:

  • Upcoding involving the inappropriate appending of Modifier -25 to a claim payment for a medically unnecessary E/M services  Urogynecologists, OB/GYNs and multidisciplinary physicians should exercise caution when utilizing Modifier -25.  It is important to remember that Modifier -25 has a long and controversial history with respect to Medicare audits and investigations. [6].  In a recent False Claims Act brought by the government, the government alleged that the provider billed the Medicare program for a significant, separately identifiable E/M service, supposedly provided  by the same physician on the same day as lavage and / or pelvic floor therapy services.  The bottom line is simple, if you are billing Modifier -25 in connection with your claims, you should expect to be audited!
  • Failure to provide and document failed pelvic muscle exercise training. Multiple cases brought by the government have denied CPT Code 90911 claims because there was no evidence that prior to trying pelvic floor therapy training, the patient had received a four-week course of failed pelvic muscle exercise training, and the exercise training had failed to remedy the patient’s incontinence issues. CPT Code 90911 audits have regularly found that the required predicate exercise training was not conducted.
  • Failure to properly supervise anorectal manometry diagnostic services. It was alleged that the physician failed to personally supervise the performance of anorectal manometry procedures performed by his medical assistants. Anorectal manometry (CPT Code 91122) testing procedures are used as a diagnostic tool to measure a patient’s anal sphincter pressures. The testing is also used to provide an assessment of a patient’s rectal sensation, rectoanal reflexes, and rectal compliance. When supervising the provision of these services, all of the supervision requirements set forth in 42 C.F.R. § 410.32 regarding diagnostic tests apply.  When billing for services covered by CPT Code 91122, the required Supervision Level is “2.”  In other words, direct supervision requirements apply to services billed under this code. Moreover, under 42 C.F.R. § 410.32, “these diagnostic testing services must be ordered by the physician / nonphysician practitioner who is treating the patient, that is, the physician / nonphysician practitioner who furnishes a consultation or treats a patient for a specific medical problem and who uses the results in the management of the patient’s specific medical problem. Tests not ordered by the physician / nonphysician practitioner who is treating the patient are not reasonable and necessary.”[7]  As a final point, providers should take care to ensure that CPT Code 91122 is not confused with CPT Code 90911.  As LCD 33263 further reflects, “diagnostic testing is not a medically necessary part of physical therapy, rehabilitation, biofeedback, or [an] exercise program.”
  • Billing for services not rendered. There have been multiple instances where law enforcement has alleged that biofeedback / pelvic floor therapy claims were billed to Medicare, when in fact the services were not provided.
  • Billing for therapy services provided by unlicensed and unqualified individuals. The basis for denial is increasingly being cited in audits around the country. It is essential that practices review the applicable LCD requirements to ensure that individuals providing the therapy services meet the qualifications set out in the guidance.  For example, several cases brought by law enforcement have alleged that urogynecology, OB/GYN, and multidisciplinary practices improperly billed for pelvic floor physical therapy services that were provided by an unqualified individual.
  • Failure to properly supervise pelvic floor therapy training services. In one recent case, it was alleged that the physician failed to personally perform or directly supervise pelvic floor therapy services during time periods when he was out of the state or out of the country. Although now superseded, LCD 33631[8] sets out:

“Medicare billable therapy services may be provided by any of the following within their scope of practice and consistent with state and local law: Physician; Non-physician practitioner (NPP) (physician assistants, nurse practitioners, clinical nurse specialists); Qualified physical and occupational therapists, speech language pathologists (for CPT codes G0515 and 97533), and assistants working under the supervision of a qualified therapist; Qualified personnel, with or without a license to practice therapy, who have been educated and trained as therapists and qualify to furnish therapy services only under direct supervision incident to a physician or NPP.” (Emphasis added).

  • Failure to properly document the services provided. Although this reason for denial is among the most frequent we have seen cited in administrative audits, it has also been a component of both Civil Monetary Penalty assessments and False Claims Act cases against urogynecology, OB/GYN, and multidisciplinary practices. Government contractors, the OIG and DOJ often use this deficiency to support their claims that the services billed were not medically necessary.
  • Billing for medically unnecessary services. In multiple instances, defendants were alleged to have provided and billed for diagnostic services that were not reasonable and necessary.
  • Submitted claims for diagnostic services when therapeutic services were provided. For example, in at least one case, the defendants were alleged to have improperly submitted claims for diagnostic electromyography (CPT Code 51784) and diagnostic anorectal manometry (CPT Code 91122) when therapeutic, not diagnostic, services had been provided.
  • Billing for Evaluation & Management services that were never provided.

It is important to keep in mind that if your clinic is audited, the results of the government’s review can lead to:

          An assessment of Civil Monetary Penalties by the OIG;

          Allegations of violations of the False Claims Act by either DOJ or by a whistleblower; and

          Allegations of violations of criminal law.

If your claims are audited, it is essential that you assess your documentation before turning it over to the government.  We typically assess the date of service / claim at issue and submit a comprehensive analysis of the documentation to ascertain whether the claim qualifies for coverage and payment.

VI.  Responding to an Audit:

Should you receive notice of an audit or investigation from a CMS contractor, the OIG or the Department of Justice (DOJ), we strongly recommend that you contact a qualified health care regulatory lawyer before responding to the request.  To be clear, not every CMS contractor audit requires the services of an attorney.  Nevertheless, it is in your best interests to first consult with your attorney.  Every case is different.  The approach you take when responding to an audit will depend, in part, on the claims at issue, the entity conducting the audit and the scope of review.  When we are engaged to handle these audits, several of the steps we take include:

Legal counsel should contact the CMS contractor, the OIG or DOJ and attempt to obtain any additional information regarding the nature and scope of the audit. All requests for medical records and other information must be taken seriously.  You can’t  take the position that a request from a CMS contractor (such as Zone Program Integrity Contractor (ZPIC) or a Uniform Program Integrity Contractor (UPIC)) can be taken less seriously.  Both ZPICs and UPICs are program integrity contractors and will not hesitate to make a referral to OIG or DOJ if evidence of improper billing or fraud is identified.  

We strongly recommend that you limit any direct communications between you and the auditors. Remember, everything you say is evidence.  A quick review of high-profile cases now in the news will confirm that the government won’t hesitate to pursue prosecutions based on obstruction, false statements and similar legal violations other than those based on the substantive claims under review.

Qualified legal counsel should immediately conduct its own assessment of the claims at issue. For instance, in our firm, the attorneys working on your case are also likely to be “Certified Medical Reimbursement Specialist” and / or a “Certified Medical Compliance Officer.”  Make sure that your legal counsel is experienced in assessing the medical necessity, documentation, coding and billing issues in your case.

Work through your counsel to properly and fully respond to a request for documentation.  Always keep a copy of any information shared with the government or its contractors.  Most of the time, you will submit a copy of the medical records requested when responding to the request.  However, in limited instances, a subpoena may require that you turn over the original documents (or send over a mirror image of the electronic records).  If that is the case, be sure and keep a copy!

Legal counsel will try to “get in front of the case.” You need to know about, and prepare to respond to potential problems that the government may raise after reviewing your claims.

VII.  Conclusion:

Don’t wait until you are being audited to review your medical necessity, documentation, coding and billing practices! Urogynecology, OB/GYN, and multidisciplinary practices should take steps now to ensure that an effective Compliance Program is in place and that you and your staff are fully complying with applicable statutory and regulatory requirements.

Robert Liles Healthcare LawyerRobert W. Liles serves as Managing Partner at the health law firm, Liles Parker, Attorneys and Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with ZPIC audits, UPIC audits, OIG audits and DOJ investigations.  For a free initial consultation regarding your situation, call Robert at:  1 (800) 475-1906.

[1] Biofeedback is a mind–body technique that can be used to train individuals how to modify their physiology for the purpose of improving physical, mental, emotional health. Clinical biofeedback can be assist in managing a patient’s symptoms through stress management training and can assist in the re-education of muscles to help address urinary incontinence. For additional information, see Ment Health Fam Med. 2010 Jun; 7(2): 85–91.

[2] In order to qualify for coverage, biofeedback must be rendered by a qualified practitioner in an office or other facility setting. The Centers for Medicare and Medicaid Services (CMS) has reaffirmed its existing national noncoverage policy for home biofeedback devices in the treatment of urinary incontinence.  For additional information in this regard, please see CMS’s guidance dated March 1, 2002, titled Coverage Decision Memorandum for Home Biofeedback for Urinary Incontinence.”  

[3] A failed trial of pelvic muscle exercise training is defined as “no clinically significant improvement in urinary incontinence after completing 4 weeks of an ordered plan of pelvic muscle exercises to increase periurethral muscle strength.”

[4] National Coverage Determination (NCD) for Biofeedback Therapy for the Treatment of Urinary Incontinence (30.1.1),”  (effective July 1, 2001).

[5] Comprehensive Error Rate Testing (CERT) audits are a limited exception to this general rule.  Pursuant to the Improper Payments Information Act of 2002, CMS is required to estimate the improper Medicare fee-for-service payments made to health care providers each year by Medicare Administrative Contractors (MACs). Consistent with this mandate, CMS utilizes the CERT program to estimate the error rate.  Essentially, the purpose of a CERT audit is to verify whether a Medicare Administrative Contractor is properly paying Medicare claims and has effective edits in place to deny (or place in suspense) claims that for one reason or another may not qualify for coverage and payment.

[6] Use of Modifier 25;

[7] This example of the supervision requirements governing CPT Code 91122 services is set out the Local Coverage Determination guidance issued by First Coast Service Options sets out the supervision requirements See “Anorectoral Manometry and EMG of the Urinary and Anal Sphincters” (L33263).  Applies to services performed on or after October 1, 2016.

[8] For example, the supervision requirements governing these services is set out the Local Coverage Determination guidance issued by National Government Services, Inc. See “Outpatient Physical and Occupational Therapy Services,” (L33631). Applies to services performed on or after January 1, 2018.

Is ePHI Encryption Required? The Failure to Properly Protect ePHI Can be Quite Costly

ePHI Encryption(June 27, 2018):  Violations of the Health Insurance Portability and Accountability Act (HIPAA), where a Covered Entity[3] has failed to utilize ePHI encryption can be quite costly. The loss of unencrypted electronic media containing Protected Health Information (PHI)[1] can result in big fines as one Texas medical center has recently learned the hard way.  As a case ruling issued earlier this month reflects, the University of Texas MD Anderson Cancer Center (MD Anderson) was fined $4.3 million for their loss of two unencrypted USB drives and theft of an unencrypted laptop.  This article examines this case in more detail and discusses your obligations to protect electronic PHI (ePHI) from improper disclosure or access by unauthorized persons.

I.  Is ePHI Encryption Required by Covered Entities?

The Department of Health and Human Services (HHS) oversees compliance and enforces HIPAA’s sanctions for noncompliance through its Office for Civil Rights (OCR).  In cases involving possible criminal conduct, the OCR works with the Department of Justice (DOJ).

The HIPAA Omnibus Rule has changed the enforcement provisions.[2] Previously, the agency had discretion in choosing whether to investigate complaints or potential violation in cases where the Agency’s preliminary review reveals a possible violation due to willful neglect.  Now, the agency is required to initiate a formal investigation when a party appears to have exhibited willful neglect.  If an investigation is performed, it may include a review of pertinent policies, procedures, or practices of the Covered Entity and the circumstances of the alleged violation.  Documentation and evidence of compliance are key to ensuring no penalties are assessed by OCR.

Notably, the HIPAA Omnibus Rule modified HIPAA’s Privacy, Security and Enforcement Rules in order to implement the statutory amendments set out under the Health Information Technology for Economic and Clinical Health Act (HITECH).  Under HITECH, a Covered Entity is required to conduct a comprehensive “security risk analysis” of the administrative, physical, technical and operational aspects of your organization.  For each category, the Security Rule establishes both required and addressable implementation specifications.

Implementation specifications that are identified as required must be fulfilled by a Covered Entity.  The failure to implement required specifications will be automatically deemed to be a failure to fully comply with the requirements of the HIPAA Security Rule.  In contrast, specifications that are identified as addressable must only be implemented if, after a risk assessment, the Covered Entity has concluded that compliance with the specification is a reasonable and appropriate security risk safeguard for handling PHI and ePHI.

Contrary to popular belief, Covered Entities are not mandated by law to encrypt ePHI.  As the security risk assessment implementation specification covering encryption is expressly noted as an addressable specification, it is not required.  As 45 C.F.R. §164.312(a)(2)(iv)[4] expressly provides:

 “(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.”

Clear as mud?  If you are still confused as to your obligations, you aren’t alone.  Although you may determine that it would be reasonable for you to NOT encrypt a certain set of ePHI, you need to keep in mind that if there is a potential breach (through loss, theft, negligence, etc.) the OCR will be second-guessing your decision-making in this regard.

II.  The Encryption “Safe Harbor”:

Section 13402 of HITECH extended the privacy provisions of HIPAA by requiring that Covered Entities and their business associates notify affected individuals after discovering breaches of unsecured PHI.[5] Breach, in this case, means the unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of the information.[6] Generally, incidents within the Covered Entity (between employees) or unintentional disclosure to a business associate are not breaches. Thus, if an employee sends an email inappropriately but in good faith containing PHI to a co-worker and neither employee shares it with others, it is not a breach. If the email goes to someone who is not an employee of the entity or a business associate, it may well be.

Furthermore, the breach notification requirements apply only to “unsecured PHI— meaning PHI that is not secured through the use of technology or methodology specified by the Secretary, such as encryption or destruction that renders the paper unusable, unreadable, or indecipherable.[7]  Therefore, if a Covered Entity encrypts information to comply with the Security Rule and subsequently discovers a breach of that information (through loss, theft, accidental delivery to the wrong person, etc.), the Covered Entity is not required to provide notice of the breach.  If the information is protected through a firewall or some other means not approved by the Secretary, then notification would be required for a breach.  To ensure encryption keys are not breached, they should be kept on a separate device from the data to which they apply.

III.  The MD Anderson Case:

In the MD Anderson case, the cancer center supposedly lost two unencrypted flash drives and experienced the theft of an unencrypted laptop.  Collectively, the devices were estimated to have contained the PHI of approximately 33,500 patients. The OCR alleged that the cancer center did not comply with regulatory requirements by:

“(1) failing to perform its self-imposed duty to encrypt electronic devices and data storage equipment; and (2) it allowed ePHI to be disclosed. “

Pursuant to 45 C.F.R. pt. 160 and 45 C.F.R. pt. 164, subpts. A, C, D, and E, Covered Entities are generally required to:

“ensure the confidentiality, integrity, and availability of all ePHI that the entities create, receive, maintain, or transmit; protect such information against any reasonably anticipated threats or hazards to its security; protect ePHI against any reasonably anticipated impermissible uses and disclosures; and ensure compliance with these requirements by their workforces.”

While the cancer center had policies and procedures for maintaining the safety of ePHI, it was alleged that they did not implement those as required by 45 C.F.R. § 164.312(a)(1).  MD Anderson argued that they satisfied this regulation because there were technically policies and procedures put in place to allow PHI to be encrypted.  MD Anderson’s procedures for protecting ePHI included:

  1. Password protection of all computers and portable computing devices accessing potentially confidential information;
  2. A requirement that confidential or protected data stored on portable computing devices must be encrypted and backed up to a network server in the event of a disaster or loss of information;
  3. Annual employee training event that provided its employees with training in areas that included ePHI transmission and proper disposal; a prohibition against password sharing; a discussion of password necessity and integrity; an explanation of authorized and proper use of information systems, and training about information security resources.

Unfortunately, MD Anderson’s policies and procedures in this regard were shown to be incompletely or ineffectively implemented. The laptop and two USB drives in question were not encrypted as required by the cancer center’s policies and procedures.  MD Anderson’s attempts to ensure implementation of its ePHI protection policies and procedures were characterized as “half-hearted” by the ALJ handling the case.  MD Anderson was found to have delayed the encryption of devices and, after years, only proceeded slowly with the implementation of the encryption policy claiming financial issues were to blame.

The laptop in question was being used by a telecommuting employee as work computer and it was neither encrypted nor password protected. The laptop was stolen from the home of the employee and the ePHI was vulnerable although no breeches in the security of the patients concerned in the PHI resulted.  The first USB concerned was lost by a trainee while on an employee shuttle bus. The second USB was lost by a visiting researcher.

The OCR considered the theft of the laptop and the losses of the USB flash drives to be unlawful disclosures of ePHI because these actions constituted the “release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.”

IV.  Defenses Raised by MD Anderson:

In its defense, the cancer center raised a number of arguments before the ALJ, several of which are outlined below.

  • As a State Entity, MD Anderson is Not a “Person” as Defined Under HIPAA.  In addition to arguing that the Secretary, HHS had acted beyond the authority of the position, MD Anderson also argued that as an entity of the State of Texas, it did not constitute a “person” and was therefore not covered under HIPAA.  The ALJ disagreed.
  • The Penalties Assessed by the Secretary Were Excessive.  Secondly, MD Anderson argued that any penalties assessed should be capped at $100,000 per year.  The cancer center also cited 45 C.F.R. § 160.546(b) and asked that the ALJ reduce the assessed penalties to below the statutory cap.  Notably, the ALJ refused to lower the penalties imposed by the Secretary, HHS, claiming that doing so would “constitute an end run around the Secretary’s intent as expressed in the regulation.”[8] The ALJ also cited 45 CFR 160.408 which allows aggravating factors such as the general pursuit of justice to dictate fine amounts.  Additionally, MD Anderson also claimed that the high penalties imposed were a violation of the excessive fines provision outlined in the 8th Amendment.  Not surprisingly, the ALJ responded that it did not have the authority to consider the constitutionality of the ruling.  Each of MD Anderson’s arguments were addressed in the ALJ’s decision.
  • The Theft and Loss of Devices Do Not Constitute a “Disclosure” Under HIPAA. MD Anderson further argued that stolen or lost property cannot constitute a “disclosure” of sensitive material mainly because there is no evidence the PHI was viewed by anyone. However, the mere fact that the PHI was compromised and rendered vulnerable to viewing by an unauthorized person was deemed enough to constitute a disclosure in violation of HIPAA. Finally, the cancer center argued that the behavior of the individuals who lost USB drives was unsanctioned along with the actions of the thief.  Therefore, there was no basis to hold MD Anderson responsible for these unauthorized acts.  Not surprisingly, the ALJ disagreed, holding that although the employees may have disobeyed MD Anderson’s policies, the actions of transporting the data were within the scope of their official duties.
  • The OCR Has Failed to Apply HIPAA’s Regulations Consistently.  Among concern by the Texas Cancer Center that their key arguments were not seriously considered, there was also concern that the OCR’s enforcement of HIPAA regulations is not transparent or consistent[9]. With the Texas Cancer Center’s fine being the 4th largest ever upheld, there seems to be merit to the claim that regulations are not being consistently or fairly enforced. For example, in a 2010 case involving Rite Aid, the large national drug store chain agreed to pay $1 million to settle HIPAA privacy violations after several of its pharmacies were videotaped disposing of prescription pill bottle labels which contained identifying information into dumpsters with public access[10]. It seems odd when comparing the two cases that one of the nation’s largest drug store chains was fined less than one quarter of the amount of fines assessed against MD Anderson for the violations discussed above.

V.  Next Steps for MD Anderson:

MD Anderson Cancer Center has expressed plans to appeal the ALJ’s ruling[11]. The cancer center feels not only that the $4.3 million in fines is too much but that the ruling does not take into account the policy and procedure the center had already created. At the end of the day, however, it isn’t the availability of a mechanism to keep ePHI safe that matters but that strong efforts are made to ensure ePHI is actually being protected. Failing to carry out policy and procedure can bring serious fines.

VI.  Steps You Can Take to Comply with Your Obligations Under HIPAA and HITECH:

  • Compliance Officer. Appoint a Compliance Officer for your organization.
  • Breach Insurance. Review your options for purchasing insurance to cover any damages and penalties that may result from an unintentional breach or unauthorized disclosure.
  • Notice of Privacy Practices. Ensure that an updated Notice of Privacy Practices is in place.
  • Patient Consent Form. Ensure that an appropriate “Patient Consent Form” is in place.
  • Business Associate Agreements. Ensure that an appropriate “Business Associate Agreement” is in place with each of the outside entities with whom you use or disclose PHI. Additionally, check with your business associates and verify that they understand their obligations and will only provide any subcontractors access to your ePHI with your permission. Will you require that your business associate obtain breach insurance?
  • Policies and Procedures. Review and update all of your policies and procedures required to meet your obligations under HIPAA and HITECH to comply with the law and implement safeguards to protect the integrity of the individually identifiable health information under your control:
    • Privacy Rule;
    • Security Rule;
    • Enforcement Rule;
    • As mandated in connection with your Security Risk Analysis;
    • Other policies and procedures needed to address risks involving social media, using your own cell phones, telecommuting, etc.
  • ePHI Encryption. Review your operational practices to ensure that ePHI is encrypted to prevent improper use or disclosure. Although encryption may not be mandated, it is essential if you are trying to reduce your organization’s level of risk.
  • Backup Procedures.  Review your backup procedures and ensure that in the event of a disaster or other unforeseen event, a complete encrypted copy of your patient’s ePHI is safely maintained.
  • Security Risk Analysis. Perform / update the Security Risk Analysis of your organization and assess any outstanding specifications that still need to be met. Additionally, review the risks and vulnerabilities of a potential breach and / or the wrongful disclosure of ePHI.
  • Employee Training. Ensure that all of your staff is trained on their obligations to comply with HIPAA’s requirements under the law.  Furthermore, ensure that all new members of your staff are trained on their obligations under the law within 30 days of entering on duty.
  • Minimum Necessary. Review your use and disclosure practices to ensure that the minimum necessary standard is being met.
  • Breach Response Plan. Develop a breach response plan (including, but not limited to breach notification when needed, analysis of the cause of the breach, remedial steps and any additional staff training that may be needed), to better ensure that your organization can effectively respond to a breach incident.

Robert W. Liles Healthcare Attorney Robert W. Liles serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Is your organization dealing with a potential HIPAA breach or unauthorized disclosure?  For a free initial consultation, contact Robert or one of the other attorneys at Liles Parker.  1 (800) 475-1906.

 

[1] The term “Protected Health Information” (PHI) covers individually identifiable health information that is transmitted by electronic media, maintained in electronic media or transmitted or maintained in any other form or medium. The rules do not include “de-identified information,” individually identifiable information where all 18 identifiers have been removed.  Such information can be used without restriction or patient authorization. The following table describes the identifiers that must be removed in order to qualify as de-identified information.

18 Individual Identifiers
1Names10Account numbers
2All geographic subdivisions smaller than a state, except for the initial three digits of a ZIP code if the geographic unit formed by combining all ZIP Codes with the same 3 digits contains more than 20,000 people. 

11

 Certificate or license numbers
3 

All elements of dates, except year, and all ages over 89 or elements indicative of such age

12Vehicle identifiers or serial numbers, including license plates
4Telephone numbers13Device identifiers and serial numbers
5Fax numbers14URLs
6E-mail addresses15IP addresses
7Social Security numbers16Biometric identifiers, like voice and fingerprints
8Medical record numbers17Fullface photography or comparable images
9 

Health plan beneficiary numbers

 

18 

Any other unique, identifying number, characteristic, or code, excepted as permitted for re-identification in the Privacy Rule

 

[2] 78 Fed. Reg 5566 (Jan. 25, 2013), available at https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf (last accessed June 2018).
[3] A “Covered Entity” is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a standard transaction
[4] 45 C.F.R. §164.312(a)(2)(iv). https://www.gpo.gov/fdsys/pkg/CFR-2010-title45-vol1/pdf/CFR-2010-title45-vol1-sec164-312.pdf
[5] For additional information, see the Breach Notification Final Rule Update, available at
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/finalruleupdate.html (last accessed April 2018).
[6] 45 C.F.R. § 164.404.
[7] 45 C.F.R. § 164.402.
[8] https://www.hhs.gov/sites/default/files/alj-cr5111.pdf
[9] https://www.beckershospitalreview.com/cybersecurity/md-anderson-slapped-with-4-3m-penalty-for-hipaa-violations.html
[10] https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/rite-aid/index.html
[11] http://www.modernhealthcare.com/article/20180619/NEWS/180619897

 

CMS has Confirmed the Coverage of Personal Care Services by Medicare Advantage Plans Starting 2019

Personal Care / Home Care Services will be Covered by Medicare Advantage in 2019.(June 26, 2018):  The coverage of personal care services by Medicare has been advocated by advocacy groups for many years.  As we reported last April, the Centers for Medicare and Medicaid Services (CMS) announced in its Final Call Letter for bids from plans that participate in the Medicare Advantage program (MA) for 2019.  In that Bid Letter, CMS announced that MA plans would be permitted to cover as supplemental benefits, certain types of health-related services even if the primary purpose of those services is daily maintenance.  Previously, CMS had considered an item or service to be primarily health related “…if the primary purpose of the service is to prevent, cure or diminish an illness or injury,” but not if the primary purpose is simply daily maintenance. As I noted in that article, that will change beginning in 2019.

 

I.  CMS Has Confirmed the Coverage of Personal Care Services by Medicare Advantage Plans in 2019:

At the time that I wrote that article, we posited that it was likely, but not made clear, that plans would be able to cover personal care services under the revised standards for supplemental benefits.  However, that appears to have now been confirmed that the new definition covers these services. In a speech that she made in May of this year at a conference presented at CMS Headquarters, Seema Verma, the Administrator of CMS stated:

For the first time ever, Medicare Advantage beneficiaries can access significant new flexibility for additional benefits that can help them live healthier, more independent lives. [MA] plans can offer benefits [beginning in 2019] that compensate for physical impairments, diminish the impact of injuries or health conditions, or reduced avoidable emergency room utilization.  This means Medicare Advantage beneficiaries will be provided adult day care services, respite care for caregivers, and in-home assistance with activities like bathing and managing medications.  Additionally, Medicare Advantage beneficiaries will have access to safety devices to better prevent injury in the home ….”[1]

Also at the conference, two CMS employees made a presentation the slide deck for which listed as examples of supplemental benefits that plans will now be able to cover in 2019, “Adult Day Care Services, Home-Based Palliative Care, In-Home Support Services, Transportation for Non-Emergent Medical Services, and Home & Bathroom Safety Devices and Modifications.”  That same slide deck describes the type of In-Home Support Services that MA plans will be able to cover as:

In-home support services performed by a personal care attendant or by another individual that is providing these services consistent with state requirements in order to assist individuals with disabilities and/or medical conditions with performing ADLs and IADLs as necessary to compensate for physical impairments, ameliorate the functional/psychological impact of or health conditions, or reduce avoidable emergency and healthcare utilization.  Services must be performed by individuals licensed by the state to provide personal care services, or in a manner that is otherwise consistent with state requirements.[2]

Thus, it is clear that MA plans will now be authorized to cover personal care services in the home beginning in January 2019, if they so choose.  The slide show presentation also specifies as requirements that the services: (a) must be medically appropriate; (b) must focus directly on an enrollee’s health care needs; (c) must be recommended by a physician or licensed medical professional as part of a care plan if not directly provided by one; must not be used primarily for comfort, general use, or other non-medical reasons; and (d) must not include items or services used to induce enrollment.[3]

II. NEXT STEPS FOR YOUR AGENCY:

Agencies and other providers that wish to provide these services to plan beneficiaries in 2019 should already have been speaking with the appropriate people at the MA plans that provide coverage in their service areas about covering these services in 2019, and should be speaking with the plans regarding their interest and requirements for becoming participating providers of these services.  If the plans are not covering these services in 2019, these agencies should be developing and presenting data that demonstrate cost-effectiveness of these programs, e.g.in preventing or reducing ER and hospital utilization, in order to convince the plans to cover these services in 2020 and thereafter.

Additionally, as I pointed out in our April article on the topic, the Bipartisan Budget Act of 2018 expands even further the supplemental benefits that MA plans may provide in 2020 and thereafter, to cover services that address certain social determinants that we now are discovering to be related to health.  Agencies should be tracking the progress of implementation of this provision as CMS begins to provide additional guidance on implementation, and also should begin speaking with their MA plans and developing data that support coverage of certain of these services that they wish to provide.

Finally, MA plans will expect providers of home and personal care that wish to be participating providers to have developed and implemented an effective compliance plan.  This will be especially critical given some of the compliance issues that have arisen in the past, of which they almost certainly will be aware.  In this regard, MA plans will almost certainly require that providers have a system for tracking their aides, which will also be required under state Medicaid programs in the future.

III. CONCLUSION:

This article should be read in conjunction with the April article which goes into a bit more depth on the issues in the prior section.  CMS has now confirmed that MA plans will be afforded the opportunity to cover home and personal care services beginning in 2019.  Michael Cook and other Liles Parker attorneys have extensive experience in assisting clients throughout the health care industry, including home and personal care and home health agencies, in responding to new government and payor initiatives, and in establishing and maintaining an effective compliance program.  Anyone seeking a copy of either the speech by Seema Verma or the slide deck should contact Michael at the contact information provided, below.

Michael Cook Healthcare Attorney Michael Cook is a Partner and Co-chair of the Health Care Group at Liles Parker PLLC.  Mr. Cook has extensive experience in representing providers and suppliers of all types, including home and personal, and home health, agencies in regulatory, compliance, policy, and business matters throughout the country.  Mr. Cook also serves on the Board of the agency that advises Virginia’s Medicaid program. Anyone interested in discussing the material presented in this article should contact Michael Cook at 202-298-8750 or mcook@lilesparker.com.  

[1] Speech: Remarks by Administrator Seema Verma at the Medicare Advantage and Prescription Drug Plan Spring Conference (As prepared for delivery – May 9, 2018).

[2] Slide deck, Medicare Advantage Benefit Flexibility (Supplemental Benefits and Uniformity) presented by Heather Kilbourne, Division of Policy, Analysis, and Planning, Medicare Drug and Health Plan Contract Administration Group, Center for Medicare, CMS and Brandy Alston, Division of Policy, Analysis, and Planning, Medicare Drug and Health Plan Contract Administration Group, Center for Medicare, CMS.

[3] Id.  These requirements should not present a burden to home care agencies that participate in Medicaid given that many, if not all, states place similar requirements on personal or home care providers under that program.

Next Page »