Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

Dental Practice Audits are on the Rise — Protect your Interests!

October 11, 2016 by  
Filed under Dental Audits & Compliance

Dental practice audits are increasing around the country. Liles Parker can represent your practice!(October 11, 2016): More than 45 million children receive government-funded dental care served under Medicaid and CHIP programs. This equates to approximately 1 out every 3 children in the country.  The dental care provided includes screening services and other preventive, diagnostic, and treatment services that are medically necessary and properly documented. Under the mandatory Early and Periodic Screening, Diagnosis, and Treatment (EPSDT) benefit, children in Medicaid are entitled to dental care at as early an age as necessary, needed for relief of pain and infections, restoration of teeth and maintenance of dental health.”  In light of the growth of these programs it is little wonder that the number of dental practice audits is again on the rise.

 I. Dental Practice Audits are Increasing Each Year:

In 1996, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted.  With the passage of HIPAA, both the U.S. Department of Justice (DOJ) and the Department of Health and Human Services (HHS), Office of Inspector General (OIG) received significant funding to hire prosecutors, investigators, auditors and support staff whose duties are solely focused on the investigation and prosecution of civil and criminal health care fraud violations.  Although the vast majority of health care matters investigated by federal and state law enforcement agencies remain focused on Medicare-reimbursed program areas, over the last five years we have seen a notable increase in the number of Medicaid dental cases investigated by OIG and / or state Medicaid Fraud Control Unit (MFCU) personnel.  It is therefore essential that dentists participating in the Medicaid program take steps TODAY, not after an audit has already been initiated by the government, to conduct an assessment of your medical necessity, documentation, coding, billing and business practices to ensure that your organization is operating within the four corners of the law.

II. What are the Primary Ways that a Dental Practice is Targeted for Audit?

With rare exceptions, “random” audits don’t occur.  If you receive a letter from OIG, your state MFCU or a private dental payor seeking records in connection with an audits, more than likely this request arose due to the one of the following reasons:

  • Predictive Modeling / Data Mining. Most dental audits are the results of data mining. OIG has developed several measures, in consultation with experts at state Medicaid agencies, the Centers for Medicare and Medicaid Services (CMS), the American Dental Association (ADA) ADA, and the American Academy of Pediatric Dentistry (AAPD), to identify providers with billing patterns that are noticeably different than their peers.
  • Complaints.  “Complaints” filed by Medicaid beneficiaries, other dentists, other dental practices (such as competitors), disgruntled current and former employees represent another way that dental practices are targeted..
  • Overpayment Data. This may be based on a dental practice’s “error rate,” the practice’s history of repeated overpayments or similar data.
  • Referrals.  Dental audits and investigations of Medicaid dental fraud are often based on referrals from CMS contractors, state MFCUs, and other law enforcement entities.  Notably, private dental insurance payors are also referring cases to the government.
  • Government Audits. Both the OIG and the GAO regularly issue reports addressing areas of concern.  These reports are often a harbinger of ongoing and future enforcement initiatives.
  • State Dental Licensing Boards. In a number of states, State Dental Boards, and other licensing entities are regularly making audit referrals to CMS.

When conducting a review of Medicaid dental claim utilization data to identify a potential audit target, the factors or measures considered by law enforcement vary from case-to-case.  Some of the common measures examined include:

  • High Payments. Dentists who received extremely high payments per child;
  • Daily Volume. Dentists who rendered an extremely large number of services per day;
  • Number of Individual Patient Services. Dentists who provided an extremely large number of services per child per visit;
  • Number of Patients. Dentists who provided services to an extremely large number of children;
  • High Proportion of a Specific Procedure. Dentists who provided certain selected services to an extremely high proportion of children, i.e., pulpotomies and extractions.
  • Amount of Payments Per Medicaid Patient. Distribution of payments per beneficiary for general dentists with 50 or more Medicaid beneficiaries.

An example of the last bulleted point is illustrated below.  When OIG examined payments made to general dentists with 50 or more Medicaid beneficiaries, they were able to identify dental provider whose reimbursements per Medicaid patient were significantly higher than those of their peers.  As a result, the government considers these dentists to be “outliers” is more likely to initiate an audit of investigation of this provider’s practices to ensure that they comply with applicable rules and regulations.

III.  Specific Problems Identified in Previous OIG Medicaid Dental Practice Audits:

Once an audit is initiated, the government’s medical reviewers will carefully assess your documentation to ensure that it meets all applicable requirements for coverage and payment.  Some of the problems found in previous Medicaid dental practice audits include:

  • Billing Medicaid for unnecessary dental procedures
  • Billing Medicaid for dental procedures that were never performed. When conducting an audit OIG identified billing utilization rates and other documentation irregularities that defied common sense. Several example include:

Example: One dentist and his former employer were unable to produce medical records to support 335 claims totaling $26,657 that were sampled at his practice.

Example: One dentist stated that he can complete a filling procedure in 30 seconds.

Example: Two dentists billed for four or more fillings on one tooth or for two types of fillings on the same surface of the same tooth.

Example: One dentist submitted almost identical claims for eight recipients, billing for three or more surface restorations on the same 11 teeth during one office visit for each of the eight recipients.

  • Billing Medicaid for substandard work. Submitting claims for reimbursement under another dentist’s Medicaid provider number.
  • Billing Medicaid for multiple cleanings within a six-month period.
  • Too many or too few X-rays. In some cases, the x-rays have been taken incorrectly, taken by employees not licensed to operate the x-ray machine, and/or unreadable or even blank.
  • Inappropriate Medicaid billings for dental restorations.

Example: On 37 occasions, four dentists administered 25 or more fillings to one recipient during a single office visit.

  • Inappropriate use of protective stabilization devices. For instance, using a “papoose board” to immobilize the children, regardless of whether or not restraint was necessary.
  • Unnecessary pulpotomies.
  • Altering dates or entering false information on patient charts.
  • Paying kickbacks for referrals of Medicaid patients.
  • Billing for services performed by unlicensed or uncertified employees.

IV. Private Payor Dental Fraud Enforcement Actions:

It is importance to keep in mind that the government is also aggressively investigating and prosecuting cases where dental professionals are alleged to have defrauded a non-government funded, private insurance company.  Pursuant to 18 U.S.C. § 1347, an individual will be found liable for health care fraud if they meet the following definition of:

Whoever knowingly and willfully executes, or attempts to execute, a scheme or artifice to:

(1) Defraud any health care benefit program; or
(2) Obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program, in connection with the delivery of or payment for health care benefits, items, or services, shall be fined under this title or imprisoned not more than 10 years, or both. If the violation results in serious bodily injury (as defined in section 1365 of this title), such person shall be fined under this title or imprisoned not more than 20 years, or both; and if the violation results in death, such person shall be fined under this title, or imprisoned for any term of years or for life, or both.

In addition, criminal penalties for false claims are also available pursuant to 18 U.S.C. § 287, which allows for punishment of up to five years in prison and a fine calculated under the United States Sentencing Guidelines. Hence, health care enforcement authorities have many tools to utilize when seeking to punish healthcare providers. Dentists that are participating in a state Medicaid dental program must ensure that both their operational and documentation practices are reviewed so that entities processing and examining their patient treatment records can readily ascertain why certain care and treatment claims were submitted.

V. Steps Your Dental Practice MUST Take to Better Ensure Regulatory Compliance:

As a first step, we strongly recommend that you review your state Medicaid and private insurance participation agreements and / or enrollment application.  In all likelihood, you are required to have an effective Compliance Program in place.  For instance, the Texas Medicaid Provider Enrollment Application, prospective Texas Medicaid providers must attest to its Compliance Program Requirement. Under this condition, a provider must verify that in accordance with requirement TAC 352.5(b)(11), the provider has a Compliance Program containing the core elements as established by the Secretary of Health and Human Services referenced in §1866(j)(8) of the Social Security Act (42 U.S.C. §1395cc(j)(8)), as applicable. Does this section look familiar to you? A Texas Medicaid provider must affirmatively attest that he or she has a compliance plan in place prior to submitting his or application for enrollment. However, your dentist client may have simply checked the box “yes” without even realizing what a Compliance Program is or what is required under this section. If your dental practice is audited, one of the first documents requested by OIG and / or a MFCU may be a copy of your Compliance documents.  If you cannot produce them and it is alleged that you falsified your application you may be in serious trouble.

VI. Conclusion:

Dentists participating in their respective state’s Medicaid program must routinely review their practice and documentation procedures. Furthermore, all Medicaid dentists should have an effective Compliance Plan within their practice to reduce the number of audits by Medicaid contractors and become less of a target by MFCUs.  Current dental cases our attorneys are handling include:

  • False Claims Act litigation.

  • Drafting and implementation of an effective Compliance Program.

  • Performance of a “GAP Analysis.”

  • Representation in Medicaid related audits.

  • Representation in private payor audits.

Please let me know if we can assist you or your dental practice in these or other areas of dental law.  Moreover, should you require assistance with drafting a Compliance Plan for your dental practice or have any questions, call us to discuss how we can help with your compliance efforts.

Robert W. Liles represents dentists in dental practice audits.Robert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Our attorneys represent dentists and dental practices around the country in connection with Medicaid / private payor audits and compliance matters. Our firm also represents dental providers in connection with federal and state regulatory reviews and investigations. For a free consultation, call Robert at: 1 (800) 475-1900.

[1] 42 C.F.R. § 441.56(c)(2).

How to Implement a Compliance Plan in Your Practice

Confused-Doctor(September 17, 2015): Despite the fact that Medicare and Medicaid requires that participating providers implement a compliance plan, most small providers have yet to complete the necessary steps to accomplish this requirement.  “My office manager went to a continuing education program, and she’s come back telling me we need a compliance program. I don’t know about that. I know I need to be in compliance with all those rules and regulations, but it seems to be complex and confusing. Do I really need one? How do I put a program into place without spending enormous sums? We’re a small practice and we don’t have a lot of extra time and money to spend on compliance activities.”

This is how my clients often approach me with questions about compliance programs. Or, they have been the recipient of an audit letter from either Medicare or a private insurer. Let’s face it, the requirements for compliance programs are here to stay. Not only are compliance programs now required by the federal government for any provider who receives Medicare or Medicaid reimbursement (see section 6401 of the Affordable Care Act), they are also required by many private insurance companies. Within the last year, I have seen increasing numbers of network provider contracts from private insurance companies include a requirement that the provider have a compliance program. So, having a functional compliance program is no longer an option but a requirement.

To that end, over the next year, we will be exploring the basic elements of an effective compliance program, as well as topics related to a solid compliance program. Let’s start with what a compliance program is and is not. A compliance program is not a document that is placed in a binder on a high shelf in your office, to be dusted off only annually or when faced with scrutiny by insurance companies or, God forbid, state or federal regulators. Instead, a compliance program should become part of the fabric of doing business in your practice. When implemented correctly, a compliance program can help identify potential trouble spots in your practice and give you a framework for addressing those trouble spots. Of course, a functioning and effective compliance program can also help minimize fines and, if things go south, could keep a civil matter from turning into a criminal matter.

A compliance program is also not a mumu – one size does NOT fit all. Just as there are differences between patients, there are differences between practices, the risks they face and the best methods of addressing those risks. An effective compliance program recognizes that while the structure of most compliance programs is similar, it takes into account the practice’s size and sophistication, the medical specialty, and the patient population. For this reason, compliance programs in a box or purchased off the Internet really are not desirable and often cost a practice more money in customization and sometimes tears down the road. A perfect example is the recent settlement by Anchorage Community Mental Health Services in relation to a HIPAA breach, where the government noted the ineffectiveness of the “sample” compliance policies and documents the provider put forward as its compliance program.

The basic elements of an effective compliance program are not complicated. They are:

  1. Designating an individual to serve as compliance officer and creating a compliance committee, particularly for larger organizations.
  2. Implementing a standard of conduct and policies and procedures relevant to the practice’s operations.
  3. Conducting effective training and education.
  4. Instituting effective methods of communication
  5. Conducting internal monitoring and auditing
  6. Enforcing the policies and standards through well-publicized disciplinary guidelines
  7. Responding promptly to violations and taking appropriate corrective action.

Each month we will explore each of these topics, discussing how to implement a compliance plan, and how to do so in a cost-effective fashion. Along the way, we will also discuss various forms of guidance available to practices when you implement a compliance plan that is tailored for the specific needs and risks of your individual practice. Let’s start with one right away – the federal government itself. The Office of Inspector General of the U.S. Department of Health and Human Services (“OIG”) has published a number of “Compliance Program Guidances”, intended to help different provider types understand and implement compliance practices specific to and appropriate for their particular branch. One of the guidances is specifically written for individual and small group physician practices and published in October 2000. It’s available here: http://oig.hhs.gov/authorities/docs/physician.pdf. In fact, this document is so basic to a physician practice’s compliance program that I strongly recommend that every compliance program have this document printed off, included among the compliance program documents, and readily available for staff member review. Although this document was published in 2000 (and therefore refers to CMS as HCFA and doesn’t make reference to the Affordable Care Act), it can be considered a bit like the U.S. Constitution – a document that creates the foundation for what comes after and points to a better future.

H-Kocher-photo-2-199x300Heidi Kocher, Esq. is a health law attorney with the firm, Liles Parker, Attorneys & Counselors at Law.  Liles Parker has offices in Washington DC, Houston TX, McAllen TX and Baton Rouge LA.  Do you need to implement a complaince plan?  Call one of our experienced health care attorneys for assistance. For a free consultation, please call: 1 (800) 475-1906.

Are More Home Health Program Integrity Initiatives on the Horizon?

April 22, 2015 by  
Filed under Home Health & Hospice

Doctor-Greeting-Patient-in-

Physician Face-to-Face Encounter with Patient

(April 22, 2015): Late last month, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) released its 2015 “Compendium of Unimplemented Recommendations” (Compendium). Published annually, the Compendium sets out the top 25  program integrity issues previously identified by HHS-OIG that are expected to “most positively impact HHS programs in terms of cost savings and /or quality improvements” [1] when ultimately implemented. In past years, HHS agencies responsible for implementing these previously-identified problem areas have typically made significant efforts to address HHS-OIG’s recommendations. Not surprisingly, the a number of Medicare home health program integrity issues are again listed in this “hit list” of risk areas susceptible to fraud and abuse by unscrupulous providers.

 

I.  Home Health Program Integrity Issues Like “Face-to-Face” Examinations Remain a Problem:

As the Compendium sets out, home health program integrity issues remain an ongoing area of concern for HHS-OIG. Under the Affordable Care Act (ACA), the Centers for Medicare and Medicaid Services (CMS) were given a number of expanded authorities and tools designed to assist the agency (and its contractors) in preventing and detecting instances of health care fraud and abuse. Not surprisingly, inadequate and / or incomplete home health documentation remains one of HHS-OIG’s primary concerns, particularly when it comes to the qualifying encounter between a Medicare patient and his or her treating physician. CMS implemented a requirement that a face-to-face encounter, setting out the reason(s) why home health is required, must be properly documented and certified as medically necessary by the patient’s physician. As mandated under the ACA, the requirement to properly document that a compliant face-to-face encounter was conducted by the patient’s certifying physician is a condition of payment.

II.  Deficient Face-to-Face Certifications Can Place Your Home Health Agency in Jeopardy:

Unfortunately, the fulfillment of requirement remains elusive. In a number of recent home health cases we have handled, the Zone Program Integrity Contractor (ZPIC) conducting the audit has asserted that the face-to-face certification completed by the patient’s treating physician has either been deficient or, in some case, completely absent from the medical record. As HHS-OIG has noted in its 2015 Compendium, in prior years, CMS oversight of the face-to-face problem has been minimal. HHS-OIG has estimated that approximately $2 billion in payments for home health services should not have been paid due to the fact that the associated face-to-face encounters conducted did not meet Medicare’s documentation requirements.

III.   What Should Our Home Health Agency do to Comply with Medicare’s Face-to-Face Requirements?

Not surprisingly, home health agencies have expressed concern and frustration over the face-to-face issue. From a business standpoint, home health agencies rely on referrals of patients from community physicians. If a face-to-face encounter is not fully or properly documented by a certifying physician, any Medicare payments resulting from the referral will likely be denied in an audit by a ZPIC. Agencies are therefore required to carefully review each face-to-face certification for completeness and accuracy prior to admitting a patient.

Despite repeated efforts by CMS to provide clarification to home health agencies (and the certifying physicians they work with) regarding what the agency expects and requires in order for a face-to-face certification to be compliant, clear assistance has been an elusive goal. Within the last month, CMS has published the following guidance on face-to-face certification requirements:

  • 03/09/15: “. . . CMS is developing a list of clinical elements within a suggested electronic clinical template that would allow electronic health record vendors to create prompts to assist physicians when documenting the home health (HH) face-to-face encounter for Medicare purposes. Once completed by the physician, the resulting progress note or clinic note would be part of the medical record.  The current draft of the electronic clinical template is available in the Downloads section below. Comments can be sent to HomeHealthTemplate@cms.hhs.gov. In addition to developing an electronic clinical template for documenting a home health face-to-face examination, CMS is developing a paper clinical template. To see information about the home health paper clinical template, see home heath (HH) paper clinical template.
  • 03/23/15: In reviewing the transcript, CMS realizes that inaccurate information was provided related to HHA documentation to support certification for home health services.  Per 42CFR 424.22 (a) and (c), the patient’s medical record must support the certification of eligibility and documentation in the patient’s medical record shall be used as a basis for certification of home health eligibility.  Therefore, reviewers will consider HHA documentation if it is incorporated into the patient’s medical record and signed off by the certifying physician.   More guidance will follow regarding the review of home health claims shortly.  CMS apologizes for the confusion. (emphasis added). The Open Door Forum scheduled for April 8, 2015 @ 1:00pm (EST) is our last scheduled call to discuss the draft Home Health Templates.  An updated version of the draft templates will be posted prior to the Open Door Forum.”
  • 03/30/15: Previously, CMS announced it would conduct an Open Door Forum on the Home Health Electronic and Paper Clinical Template on April 8, 2015 and May 6, 2015 @ 1:00pm (EST) to discuss the draft.  We are now combining these calls and will have one final scheduled call on Tuesday April 28, 2015 at 1:30pm (EST).   An updated version of the draft templates will be posted prior to the Open Door Forum.  We appreciate all the comments we have received and are considering the comments as we revise the draft template.  While we will not be replying directly to questions received in the mailbox, we will try to address the most common issues during the Open Door Forum call.  Please continue to offer your concerns and suggestions as we appreciate your feedback.  The deadline to submit comments is 8:00pm (EST) on May 5th. Comments can be sent [to] HomeHealthTemplate@cms.hhs.gov

And, finally, last week CMS posted the following:

  • 04/17/15: “The new version of the draft Home Health Electronic Clinical Template and the new draft Paper Template have been developed.  We have removed the old versions to minimize confusion.  The next and final Open Door Forum to discuss this draft template will take place on Tuesday, April 28, 2015 at 1:30 p.m. (EST).  Please submit comments regarding this draft template via e-mail to HomeHealthTemplate@cms.hhs.gov.  We value all of the comments submitted and consider each one, but we cannot guarantee all questions will be addressed during the Open Door Forum call.  We will try to address the most common issues/concerns received.  CMS will continue to accept comments sent to the e-mail address even after the call.  Stakeholders are encouraged to submit questions or comments as quickly as possible.  Once a draft of the template is completed, the template will undergo the required Paperwork Reduction Act (PRA) approval process.  A release date for the template cannot be determined until the PRA process is complete.  Once released in its final approved format, the use of this documentation tool will be voluntary.” (emphasis added).

As reflected in the agency’s multiple posts, the face-to-face issue is a lot more complicated that it may have seemed at first blush, when first included in the ACA as a “condition of payment.”

IV.  Conclusion:

Home health program integrity audits are expected to remain a focus of ZPICs and other CMS contractors for at least the near future.  Unfortunately, part of the ongoing problem faced by home health agencies is that the government’s documentation expectations have been a moving target.  While we appreciate CMS’ repeated efforts to provide definitive guidance on what the agency and its ZPICs expect in terms of documentation and medical necessity, home health providers and their referring physicians are continuing forward, in the hopes that clear instructions will ultimately be provided on this critical requirement. Unfortunately, the government’s ongoing confusion in this area has not precluded Health Integrity, AdvanceMed and other ZPICs around the country from conducting home health audits and denying claims based on the contractor’s assertion that the required face-to-face certification was deficient.

During this interim period, in order to avoid face-to-face denials, home health agencies should continue to carefully review all certifications completed by referring physicians for completeness and accuracy. While changes to prior face-to-face templates issued by CMS will undoubtedly be forthcoming, it remains the responsibility of each agency to review each certification in light of the guidance CMS has issued thus far and to proceed cautiously with each admission.

Robert Liles represents health care providers in RAC and ZPIC appeals.Robert W. Liles, JD, MS, MBA serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law. Robert represents home health agencies of all sizes around the country in connection with a full range of ZPIC prepayment reviews, postpayment audits and suspension actions. He also handles home health False Claims Act cases. For a complimentary consultation, please call Robert at: 1 (800) 475-1906.

[1]Department of Health and Human Services, Office of Inspector General (HHS-OIG), “Compendium of Unimplemented Recommendations” Page I, (March 2015). https://oig.hhs.gov/reports-and-publications/compendium/files/compendium2015.pdf

 

OIG Proposes New Anti-Kickback Law Safe Harbors

(November 10, 2014): The U.S. Department of Health and Human Services Office of Inspector General (“OIG”) recently published a Proposed Rule that would amend the safe harbor regulations under the Federal Anti-Kickback statute[1] (“AKS”) as well as add new safe harbors. The Proposed Rule would also establish new exceptions to the Civil Monetary Penalty (“CMP”) statute related to the beneficiary inducement CMP.[2] OIG will accept comments on the Proposed Rule by mail or electronically until December 2, 2014 at 5 p.m. (Eastern).

I.  The Anti-Kickback Statute and Safe Harbor Regulations:

The AKS provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under Federal health care programs. The types of remuneration covered specifically include, but are not limited to, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. Additionally, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients, but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.

Due to the broad reach of the statute, interested parties expressed concern that some relatively innocuous commercial arrangements would be covered by the statute. This could, in turn, potentially subject entities to unwarranted criminal prosecution. As a result, Congress drafted certain “Safe Harbor” provisions. These regulations describe various payment and business practices that, although they potentially implicate the Federal AKS, are not treated as offenses under the statute.

II.  Changes to the Anti-Kickback Statute:

The Proposed Rule would modify certain existing safe harbors under the AKS as well as add new safe harbors that provide new protections or codify certain existing statutory protections. These changes include:

      • A technical correction to existing safe harbor for referral services;
      • Protection for certain cost-sharing waivers, including pharmacy waivers of cost-sharing for financially needy Medicare Part D beneficiaries and waivers for state- or municipality-owned emergency ambulance services;
      • Protection for certain remuneration between Medicare Advantage organizations and federally qualified health centers;
      • Protection for discounts by manufacturers on drugs furnished to beneficiaries under the Medicare Coverage Gap Discount Program; and
      • Protection for free or discounted local transportation services that meet specified criteria.

III.  Changes to the Beneficiary Inducement CMP:

The Beneficiary Inducement CMP statute generally prohibits any person or entity from offering remuneration to a Medicare or Medicaid beneficiary if that remuneration is likely to influence the beneficiary’s selection of a provider. The Proposed Rule would also amend and narrow the definition of “remuneration” to include certain exceptions for the following:

  • Copayment reductions for certain hospital outpatient department services
  • Certain remuneration that poses a low risk of harm and promotes access to care;
  • Coupons, rebates, or other retailer reward programs that meet specified requirements;
  • Certain remuneration to financially needy individuals; an
  • Copayment waivers for the first fill of generic drugs.

OIG also proposes to codify the gainsharing CMP[3]. The gainsharing CMP prohibits a hospital from knowingly paying, either directly or indirectly, a physician to induce the physician to reduce or limit the services provided to Medicare or Medicaid beneficiaries under the physician’s direct care. The Proposed Rule would narrow the prohibition in light of today’s health care landscape, which focuses on “accountability for providing high quality care at lower costs.”

IV.  Conclusion:

Health care providers should be interested in the Proposed Rule and make comments as necessary. The Proposed Rule makes pertinent changes to the AKS Safe Harbors and CMP laws that should give providers greater leeway to enter into beneficiary arrangements without fear that they will be subject to criminal penalties under the statutes. In a sense, the Proposed Rule follows OIG’s ongoing efforts to adopt regulations that promote lower costs and greater health care services while protecting patients and federal health care programs from fraud and abuse.

As a provider, if you have any questions about the current regulations found within the Anti-Kickback Statute or the proposed changes, please do not hesitate to give us a call today. We would be more than happy to assist you so that you remain compliant with all federal and statute regulations regarding potentially fraudulent activity.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by RACs, ZPICs and other CMS-engaged specialty contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

[1] 42 U.S.C. § 1320a-7b(b).

[2] 42 U.S.C. § 1320a-7a.

[3] 1128A(b)(1) of the Social Security Act.

CMS and Contractors Must Address EHR Fraud Vulnerabilities

EHR fraud is a significant concern of CMS and its contractors.(February 7, 2014):  A new report from the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) finds that the Centers for Medicare and Medicaid Services (CMS) and its contractors have adopted few Medicare program integrity practices to address electronic health record (EHR) fraud vulnerabilities. These EHR fraud vulnerabilities include improper billing practices like copy-pasting (cloning) and over documentation. The Department of Health and Human Services, Office of Inspector General (OIG) recommended that CMS provide better guidance to Medicare contractors on detecting EHR fraud and direct those contractors to use providers’ audit logs, a valuable fraud detection tool when reviewing medical records.

I.     Electronic Health Records Have Largely Replaced Paper Medical Records:

EHRs are replacing traditional paper medical records with electronic records that document and store patient health information. They are patient-focused and instantly provide authorized users with real-time, secure information. EHRs may include administrative clinical data relevant to a patient’s care under a particular provider, such as patient statistics like age and weight, progress notes, medications, medical history, and clinical test results.[1] More importantly, the health information in these records can be created and managed by authorized providers in a digital format capable of being shared across various health care entities

II.     EHR Fraud Vulnerabilities:

EHRs facilitate the government’s goal of a health care system that strengthens the relationship between patients and their doctors.  The timeliness and availability of patient health information may enable providers to make better decisions and provide better care. However, misuse and other fraudulent practices are a significant concern with EHRs. Indeed, recently identified EHR fraud vulnerabilities will require CMS and its Medicare contractors to revise their traditional approaches to combating fraud and abuse in the health care industry.

For example, OIG recognized that “clues within the progress notes, handwriting styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs.” The report also found that tracing authorship and documentation in an EHR may not be as direct as tracing in a paper record. In fact, OIG noted that health care providers can use EHR software features to disguise the true authorship of the EHR and distort information in the record. These practices can lead to inflated health care claims and fraudulent submissions for reimbursement.

III.     A Number of Program Integrity Risks are Presented by EHR Utilization:

While the full extent of health care fraud is unknown, there is no doubt it is substantial. Indeed, estimates put the cost of health care fraud between $75 billion and $250 billion. Unfortunately, the promulgation of EHRs may enable more widespread instances of deceptive practices. Specific features of EHRs, if poorly designed or misused, can result in EHR fraud and improper billing schemes.

  • Cloning.

A common EHR documentation practice used to commit fraud is known as “copy-pasting” or “cloning”. Cloning allows authorized providers to select information from one source in an EHR and replicate it in another section. For example, a health care practitioner can use cloning as a useful tool to replicate elements of a patient’s demographics on each page of the EMR. Originally seen as beneficial, cloning can be an easy way to copy forward documentation that appears to be the same, or at least unchanged from a prior visit, in a patient’s medical record.  However, cloning is susceptible to misuse. When clinicians clone information but do not update it or ensure its accuracy, erroneous data may enter the patient’s medical record. In turn, inappropriate charges may be billed to patients or third-party health care payors. Likewise, improper cloning can facilitate attempts to upcode claims and duplicate or create fraudulent claims.

  • Overdocumentation.

Another EHR documentation practice used to perpetuate fraud includes “Overdocumentation.” Under this scheme, a clinician inserts false or irrelevant documentation into the EHR, creating the appearance of medically necessary information that supports billing at a higher level of service.  Overdocumentation typically occurs in EHR systems that auto-populate fields when using templates built into the system. It may also be seen in EHR programs that generate extensive documentation from the single click of a checkbox; if a provider does not properly edit the documentation, the information may be inaccurate. As a result, fraudulent records are produced and suggests that the clinician performed comprehensive services than were not actually rendered.

IV.     CMS Contractors Are Supposed to Play a Vital Role in Safeguarding the Integrity of the Medicare Program:

CMS’s Medicare Integrity Program (MIP) is designed to combat fraud, waste, and abuse. Misuse and deceptive practices divert billions of dollars that could otherwise be spent on the health and welfare of Medicare beneficiaries. To facilitate its efforts to address Medicare’s vulnerabilities to fraud, waste, and abuse, CMS relies on Medicare administrative and program integrity contractors.  These contractors perform various functions, such as paying claims, identifying improper Medicare payments, and investigating fraudulent activity.

Medicare Administrative Contractors (MACs) are primarily responsible for processing and paying Medicare claims. MACs educate Medicare providers on appropriate billing methods and are responsible for detecting and deterring fraud.  Zone Program Integrity Contractors (ZPICs) also focus on detecting and deterring Medicare fraud. ZPICs investigate providers that have filed potentially fraudulent claims, conducting prepayment reviews, postpayment audits, as well as unscheduled onsite visits.  Recovery Audit Contractors (RACs) are largely responsible for identifying and reducing Medicare improper payments by detecting and recouping improper payments made on claims for Medicare services.

Importantly, these Medicare contractors rely on beneficiary medical records for a significant amount of their program integrity work.  When providers shift from paper medical records to EHRs, MACs, ZPICs, and RACs will have to adjust their current techniques for identifying improper payments and investigating fraud.

V.     A Recent OIG Report Found that Medicare Vulnerabilities are not Being Effectively Addressed:

OIG undertook a study to determine whether CMS and its contractors were properly implementing Medicare program integrity practices in light of growing EHR adoption. Unfortunately, the report found that CMS and its contractors had adopted very few program integrity practices specific to EHRs.

  • Few CMS Contractors are Reviewing EHRs any Differently than Paper Medical Rercords.

EHR technology is making it easier to commit fraud. However, CMS and its contractors have not adjusted their program integrity practices for identifying and investing fraud in EHRs.  According to the OIG report, just two MACs and two ZPICs acknowledged that they conduct additional reviews of EHR documentation beyond what they do for paper records.  Moreover, the report found that audit logs are being severely underutilized. An audit log data is a unique function of EHRs. They help distinguish EHRs from paper medical records and can be a valuable tool in authenticating a medical record to support a claim.  Nonetheless, the report found that only 3 of the 18 Medicare contractors admitted using audit log data in their review process.

  • Few CMS Contractors Reported Being Able to Determine if Cloning or Overdocumentation Was Occurring.

The report also found that varying ability of MACs, ZPICs, and RACs to identify cloning and over documentation in both EHRs and paper medical records.  Generally, more contractors were able to identify incidences of overdocumentation versus cloning. OIG reasoned that overdocumentation was likely easier to identify because it is the more evident within the supporting medical record for a single claim. In contrast, examples of cloning are more difficult to identify in a single claim because it may require a single reviewer to examine multiple claims from a single patient or provider for evidence of identical language. Notably, ZPICs were the most successful contractor to report being able to identify these types of schemes. As you recall, ZPICs’ primary objective is to target fraud; as a result, they are more likely to look at multiple claims as compared to other Medicare contractors.

  • CMS Provided Only Limited Guidance to Medicare Contractors on EHR Fraud Vulnerabiltiies. 

Finally, the report looked into the extent that Medicare contractors were receiving guidance from CMS on typical fraud vulnerabilities, such as cloning, overdocumentation, and / or electronic signatures. Unfortunately, the report found that little guidance or training was being disseminated. For example, CMS provided guidance to most MACs and RACs on electronic signatures; however, not one single ZPIC responded that it received this assistance. For the other EHR-related vulnerabilities, the help guidance provided by CMS was insufficient.

VI.     Recommendation Made by OIG in its Report:

Overall, the report recognizes that CMS and its contractors have not changed their program integrity strategies during the growing adoption of EHRs. Contractors are reporting that they are unable to identify cloning or overdocumentation in both forms of medical records. Moreover, few contractors are adopting additional review procedures specifically tailored to EHRs. Finally, little guidance is coming from CMS on how to detect fraud vulnerabilities.  Therefore, OIG made two recommendations. CMS must:

  1. Provide guidance to its contractors on detecting fraud associated with EHRs; and

  2. Direct its contractors to use providers’ audit logs.

OIG also argued that CMS should work with contractors to identify best practices and develop guidance and tools for detecting fraud associated with EHRs, especially as it pertains to EHR documentation and electronic signatures. Moreover, the report stressed how audit log data can be a valuable tool in authenticating a medical record to support a claim.

VII.     CMS’s Response to OIG’s Concerns:

In its response letter to OIG, CMS recognized that it could give better guidance to contractors to prevent EHR-related fraud and abuse. CMS also agreed that audit logs should be used more frequently. However, CMS said that the use of audit logs “may not be appropriate in every circumstance” and would require special training for reviewers.

VIII.     Final Remarks:

This report is just the latest effort by OIG to determine the extent that providers are using EHRs to commit waste, fraud, and abuse in the Medicare program. Every month, we hear reports of physicians, hospitals, and other Medicare providers using EHRs to generate documentation that supports higher coding levels, which thereby inflate Medicare bills. This is fraud.  As the federal government continues to encourage the implementation and use of EHRs, CMS will begin to focus its efforts, as well as its Medicare contractors, on how to prevent fraud, waste, and abuse using this technology. EHR systems may be poorly designed or implemented, which will require you to copy and paste entire sections of a beneficiary’s record or the whole note, rather than just the relevant component.

Ultimately, your ability to avoid the filing of an improper claim rests on your ability to comply with federal and state laws, regulations and rules governing the provision, coding and billing of health care services. Without a doubt, the single most important step you can take in this regard is to develop, implement and adhere to the provisions and guidelines set out in an effective Compliance Plan. Otherwise, your practice may be targeted by CMS and one of its Medicare contractors.

If you have any questions about a Medicare audit or implementing a Compliance Plan for your practice, give us a call. We would be more than happy to assist you in these matters.


[1] CMS, Electronic Health Records. Accessed at http:www.cms.gov on Jan. 14, 2014.

Robert Liles represents health care providers in RAC and ZPIC appeals.Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906.

The OIG Strategic Plan for 2014-2018 Has Been Issued.

The OIG Strategic Plan has been issued. (December 3, 2013): The U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) spends a significant amount of resources to fight health care fraud and abuse.  The OIG is also tasked with promoting efficiency, economy, and effectiveness in HHS programs and operations.  Recently, the agency outlined how it will continue to meet its vision, goals, and priorities so that it can better achieve its mission in its OIG Strategic Plan, 2014-2018.  The OIG Strategic Plan sets forth four broad goals: (1) Fight Fraud, Waste, and Abuse; (2) Promote Quality, Safety, and Value; (3) Secure the Future; and (4) Advance Excellence and Innovation.  Health care providers should pay particular attention to areas in your organization that concern fraud, waste, and abuse.  Providers should also assess OIG’s priorities and strategies and implement compliance-focused protections and self-audits so that your activities comply with all health care laws and regulations. 

I.    Overview of the OIG and the Purpose of the OIG Strategic Plan:

The OIG provides independent and objective oversight of more than 300 HHS programs.  The OIG carries out its mission to protect the integrity of these programs and the health and welfare of the people served by those programs through a nationwide network of audits, investigations, and evaluations conducted by numerous offices and components. In FY 2012, OIG’s work resulted in savings and recoveries of misspent funds estimated at $15.4 billion.  A key partner, the Health Care Fraud and Abuse Control program, returned more than $7 for every $1 invested.  These results are increasingly important as the federal government seeks to improve the effectiveness and efficiency of its anti-fraud operations. 

The OIG Strategic Plan outlines the agency’s vision and priorities that guide the agency so that it can carry out its mission to “protect the integrity of Department of Health and Human Services programs and operations and the health and welfare of the people they serve.”  Along with the four primary goals outlined in the plan, the OIG Strategic Plan describes three major priorities for each goal and the OIG’s strategies for accomplishing each priority.

II. The OIG Strategic Plan is Designed to Help the Agency Fight Fraud, Waste, and Abuse:

In order to fight fraud, waste and abuse, the OIG has identified the following priorities:

 ·         Identify, investigate, and taken action when needed;

 ·         Hold wrongdoers accountable and maximize recovery of public funds; and

 ·         Prevent and deter fraud, waste, and abuse.

The OIG will pursue several strategies to further these priorities.  It will build on successful enforcement models, such as the Medicare Fraud Strike Force teams, to enhance its enforcement results with other HHS programs.  Specifically, the agency will focus on key areas that include Medicare and Medicaid program integrity and waste in HHS programs.  The OIG will also continue to pursue appropriate means to hold fraud perpetrators accountable and to recover stolen or misspent HHS funds.  Accordingly, it will focus on identifying and recovering improper payments and utilizing exclusions and referrals for debarment to protect HHS programs and beneficiaries.  Finally, the OIG will apply lessons it has learned about fraud vulnerabilities and effective prevention to HHS’ new and evolving health programs.  The OIG will promote compliance with Federal requirements and resolving compliance, advising HHS on key safeguards to prevent fraud, waste, and abuse, and assessing whether providers and suppliers, grantees, and others are qualified to participate in Government programs

III.  The OIG Strategic Plan is also Aimed at Pomoting Quality, Safety, and Value:

For its second goal of promoting quality, safety, and value, the OIG indicates the following priorities:

 ·         Foster high quality of care;

 ·         Promote public safety; and

 ·         Maximize value by improving efficiency and effectiveness.

The Strategic Plan indicates that the OIG will expand its work efforts directed to quality of care.  The agency will focus on promoting quality of care in nursing facilities and home- and community-based settings, access to and use of preventative care, and quality improvement programs.  The OIG will also continue to prioritize fraud investigations that have public safety as well as financial implications and to look for comprehensive solutions.  In particular, the agency will continue to focus investigative efforts related to prescriptions drug fraud cases.  Mirroring other federal government initiatives, the OIG will maximize value by assessing the effectiveness of federal programs that intend to achieve value through care coordination and those that deliver and pay for beneficiary care in new ways.

IV.  The OIG Strategic Plan is Intended to “Secure the Future”:

The OIG’s third goal of “securing the future” emphasizes the following:

·         Foster sound financial stewardship and reduction of improper payments (misspent funds);

·         Support a high-performing health care system; and

·         Promote the secure and effective use of data and technology.

The agency will continue its efforts to address program and operational vulnerabilities that affect the long-term health and viability of HHS programs.  Over the next few years, the OIG will continue to prioritize work on billing and payment errors by providers, effective program administration and contract oversight, and inefficiencies that result in wasteful spending.  Furthermore, as HHS manages its transition to payments based on value rather than volume, OIG plans to conduct reviews and recommend changes to maximize overall value, protect program integrity, and foster value and high performance.  Finally, the OIG recognizes that data and technology will drive improvements in health care and human services through lower costs. Key areas of the OIG’s focus will include the accuracy and completeness of program data (e.g., Medicaid data), the privacy and security of personally identifiable information (PII), and the security and integrity of electronic health records (EHR).

V.   The OIG Strategic Plan is Intended to Advance Excellence and Innovation:

Finally, OIG wants to advance excellence and innovation in its organization and workforce through:

           ·         Recruiting, retaining, and empowering a diverse work force;

           ·         Leveraging leading-edge tools and technology; and

                                   ·         Promoting leadership, vision, and expertise.

The OIG’s final goal primarily deals with the agency’s plan related to its internal operations over the next five years.  The agency knows that to identify, understand, and address the challenges facing HHS, it will look to invest in its workforce by recruiting and retaining talented employees and by maintaining workforce excellence and the highest standards of professional conduct.  It will also seek to use the best data, analytic tools, and technologies available to maximize the impact of its work.

VI.  Final Remarks:

Overall, the OIG Strategic Plan seeks to embody the OIG’s guiding principles as it strives to ensure that Federal dollars are used appropriately and that HHS programs well serve the people who use them.  As such, this new plan outlines the agency’s priorities very broadly and largely reiterates past plans and priorities.  Nevertheless, this new Strategic Plan somewhat focuses on the OIG’s mission of fighting health care fraud and assessing and protecting program integrity as new health care payment and delivery systems evolve.

In fact, Healthcare providers are becoming all too familiar with the countless auditing organizations used by the government to combat fraud in health care related expenditures, including RACs, MICs, and ZPICs.  If the federal government believes that these entities are based on a good return for its investment in preventing or curbing fraudulent activities, stricter oversight and auditing programs are likely to increase.  The OIG may also look to enhance its exclusion capability by pursuing exclusion efforts of individual health care providers and smaller entities as opposed to larger provider entities.

Robert W. Liles is a health care attorney experienced in handling prepayment reviews and audits.Robert W. Liles serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  He represented physician practices, home health agencies, hospices, DME companies and other health care providers in Medicare, Medicaid and private payor audits.  Robert also represents health care professionals in connection with State Licensure Board complaints and investigations.  For a free consultation, call: 1 (800) 475-1906.

 

HHS-OIG Issues New Guidance on the Effects of Exclusion from Participation in Federal Health Benefits Programs.

Effects of Exclusion (May 21, 2013) On May 8, 2013, the Office of Inspector General of HHS (OIG) issued a Special Advisory Bulletin on the effects of exclusion from participation in Federal health care programs.  As background, among other things, the statute prohibits payment for services under a Federal health care program that are provided by excluded individuals.  Additionally, the statute also provides for the imposition of CMPs against providers that employ or enter into contracts with excluded persons to provide items or services payable by Federal health care programs.

The statute has been interpreted broadly to cover direct and indirect payments.  Thus, it has been considered a violation of the prohibition for an excluded person to deliver services even where the payment is not made directly for the payment for the services that the excluded person provides, e.g. where a hospital employs an excluded nurse to provide inpatient hospital services that are reimbursed under Medicare inpatient PPS.  For this, and many other, reasons knowledgeable attorneys have advised clients to check whether their employees and contractors are listed as excluded on the OIG’s List of Excluded Individuals and Entities (LEIE) at http://oig.hhs.gov/exclusions, both at time of employment or contracting, and also periodically.  This would include, for example, checking employees who service a facility on a temporary basis.  Knowledgeable counsel have also recommended including a requirement in its  contract with an entity with which a provider contracts that the contractor performs the screening of its employees periodically, and the provider should periodically monitor the performance of this function by that entity.  Finally, knowledgeable counsel have included a review of a target’s compliance with this requirement as part of its due diligence in an acquisition.[1]

The Special Advisory Bulletin answers a number of questions in greater specificity than previously.  For example, many providers questioned how frequently they must screen their employees and contractors after hiring or retention.  Although the Bulletin states that there is no frequency required by statute or regulation, it indicates that the LEIE is now updated monthly.  The OIG thus recommends that providers screen their employees and contractors against the LEIE at hiring or contracting (or at time of use in the case of workers retained through a temporary agency), and on a monthly basis.

The Bulletin also suggests that the LEIE be the primary source of information about HHS-OIG exclusions because, although the GSA’s SAM list lists HHS-OIG exclusions as well as debarment actions taken by other agencies, it does not contain the same level of detail as the LEIE.  Additionally, the Bulletin recommends that where a provider relies on a contractor to screen its employees and includes a provision to this effect in the contract, that it validate that the contractor is conducting screening by such mechanisms as requesting and maintaining screening documentation by the contractor.  Moreover, the Bulletin makes clear that the prohibition covers services performed by volunteers.

Michael CookLiles Parker attorneys are experienced in issues such as the prohibition on billing Federal health programs for services provided by excluded individuals, protecting providers from violating that provision as part of their compliance programs and in due diligence in acquisitions, and in addressing violations that they discover.  Any person having questions in the area should contact Michael Cook for a free consultation at (202) 298-8750

 


[1] Often this has also included checking a target’s compliance with screening of employees and contractors not only on the LEIE, but also on the GSA’s excluded person’s list (GSA EPLS which was recently merged into another list referred to as the SAM, https://www.sam.gov).

The Latest OIG Report on E/M Coding Finds that Coding Practices are Trending Higher.

(June 15, 2012): Evaluation and Management (E/M) coding has been the subject of substantial scrutiny in Medicare post-payment audits and appeals for many years. When a reviewer for the Center for Medicare & Medicaid Services (CMS) audits an E/M claim, the reviewer often appears to utilize the AMA CPT Code Book to assess the proper level the claim should have been billed at, mainly using 3 factors: history, examination, and medical decision making. Notably, of seven overall factors, “time” of an E/M service is the least important. For in-office E/M codes, there are categories for new patients and established patients. These categories are further broken down into 5 levels  of service depending on the 3 main factors outlined above. For instance, a relatively simple service, where the patient has a localized complaint and the treatment for the problem is straightforward, may be a level 1 or 2. Conversely, a service for which the patient has a complex history, requires in-depth physical assessment, and treatment for the patient is risky or complicated, or lots of data has to be reviewed, this may warrant a level 4 or 5. Because of this interplay between various elements of a service, E/M coding can be complicated.

I.     HHS-OIG Report on E/M Coding:

Recently, the Office of Inspector General (HHS-OIG) for the U.S. Department of Health and Human Services (HHS) issued a report regarding a significant uptick in E/M coding levels over the past 10 years. As the OIG found, “between 2001 and 2010, Medicare payments for Part B good and services [of which E/M services are a part] increased by 43 percent, from $77 billion to $110 billion. During this same time, Medicare payments for [E/M] services increased by 48 percent, from $22.7 billion to $33.5 billion.” The OIG’s report further identified 1,700 physicians who “consistently billed higher level E/M codes.” Accounting for location, specialty, and beneficiary types, HHS-OIG singled out these physicians as primarily causing the significant increase in Medicare Part B payments. View HHS-OIG’s Report Here.

II.     HHS-OIG’s Recommendations to CMS:

The OIG has recommended that CMS conduct three specific tasks to help identify, re-educate and audit physicians billing higher than average levels. These 3 recommendations include:

  1. Continue to educate physicians on proper billing for E/M services
  2. Encourage its contractor to review physicians’ billing for E/M services
  3. Review physicians who bill higher level E/M codes for appropriate action.

CMS concurred with the first two of these recommendations and partially concurred with the last, noting that “CMS and the MACs [Medicare Administrative Contractors] must take into account the respective return on investment of medical review activities.” CMS noted that while E/M services may be expensive, there are other Part B services which are more expensive and are therefore a possible better return-on-investment for CMS and the Medicare Trust Fund.

III.     How Does this Affect You?

Many audits and other actions by CMS have focused on specific types of providers in the past, such as DMEPOS suppliers, laboratory and pharmacy services, community mental health centers, infusion clinics, home health agencies, and other types of providers who do not conduct basic E/M services. CMS has audited these providers because many of the claims they submit are high-dollar and often fraught with fraud. Nevertheless, the report by OIG could signal a sea change in the auditing and re-education efforts of CMS. General practitioners who provide E/M services may be subject to reviews in the near future. Likewise, OIG may initiate audits or investigations on its own of participating providers who it determines may be billing Medicare improperly.

As a result, all physicians should implement an effective compliance plan as soon as possible. This is not to say that other provider groups, such as home health agencies, should not implement a compliance program as well. Indeed, other provider types who may be currently subject to audit should seek to draft and put in place a compliance plan immediately. Moreover, it’s probably not sufficient to merely download a compliance plan from the internet and say you have one. Rather, a good compliance plan will be individualized and specific to your practice, taking into account the various risk areas which could affect you. Finally, your staff needs to be trained on this program, so that they know how to approach coding and billing, business operations, and patient relationships. After all, they are probably the ones conducting the day-to-day affairs of a practice which could be the subject of scrutiny by a government agency or its contractors.

Robert LilesRobert W. Liles is the managing member of Liles Parker PLLC, a health law and business transactions firm. Robert represents healthcare providers and suppliers around the country in Medicare, Medicaid and private payor audits,  appeals, and fraud / abuse concerns.  Our attorneys can assist in drafting and implementing an effective Compliance Plan and train your healthcare professionals on their various statutory and regulatory obligations. For a free consultation, call toll-free today at 1-800-475-1906.

2011: The Year of Compliance – Medicare Payment Suspension Actions

A Medicare payment suspension action can destroy your practice(January 26, 2011): Medicare payment suspension action can prove disastrous for your practice or home health agency.  How did we get to this point?  The recent debate over healthcare in this country has drawn attention to healthcare costs as well as the relationship between healthcare providers and the Federal government. With healthcare costs steadily on the rise, the government has been searching for ways to contain costs in Federal and State healthcare programs. These cost control efforts have resulted in a substantial focus on reducing healthcare fraud, which the federal government estimates could account for up to 10% of the country’s annual healthcare expenditures (or approximately $226 billion per year).[1] While the government has always possessed the authority to sanction providers for healthcare fraud and related activities, the newly-enacted Health Care Reform legislation (collectively referred to as the “Affordable Care Act” (ACA)) dramatically expands these regulatory powers. One of the most potent anti-fraud tools available to the government- specifically the Center for Medicare and Medicaid Services (CMS)- is the suspension of payments to providers. This article will provide a brief overview of CMS’s Medicare suspension authority and the requisite procedures, discuss the new relevant provisions of the ACA, and then conclude with some advice for providers seeking to avoid suspension actions.

 I.   CMS’ Medicare Payment Suspension Authorities and Procedures:

Historically, CMS has been empowered to suspend payments to Medicare providers in three circumstances:

Fraud or willful misrepresentation;

An overpayment of an undetermined amount has been identified; or

Payments that have been made (or are scheduled to be made) may be incorrect. (42 C.F.R. §405.371(a)(1).

Suspension actions can be initiated several ways.  These include: (1) Suspensions requested by a Medicare contractor (generally recommended by a Zone Program Integrity Contractor (ZPIC) or Program Safeguard Contractor (PSC)), (2) Suspensions initiated by CMS, or (3) Suspensions requested by law enforcement (such as the Office of Inspector General (OIG) or the Department of Justice (DOJ).  Typically, the ZPIC or PSC would then provide CMS with a draft Medicare suspension notice, along with a summary of the information upon which the Medicare suspension action has been based.  The suspension notice to the health care provider must include

 The specific reason for the Medicare suspension;

 The extent of the Medicare suspension (such as all claims, certain types of claims, 100% suspension, or partial suspension);

A statement that the Medicare suspension is not appealable;

A statement that CMS has approved of the Medicare suspension action; 

The date on which the Medicare suspension will begin;

The items and services subject to the Medicare suspension;

The expected duration of the Medicare suspension action;

A statement that the provider may submit a rebuttal within 15 days of the Medicare suspension letter.

Information on where the provider is to mail the rebuttal.  (See generally, CMS, MPIM § 3.9.2.2.2).

 A.        CMS’ Role in Approving a Medicare Suspension Action.

Once a Medicare suspension letter has been drafted, CMS will review it and determine whether the provider should be notified before or after the effective date of the Medicare payment suspension. If a provider is targeted for Medicare payment suspension because of fraud, deliberate misrepresentation, or harm to Medicare trust funds, then the provider will be notified of the Medicare payment suspension on or after the effective date.  Health care providers who are suspended for all other reasons are notified at least 15 days prior to the suspension taking effect.  Notably, the OIG found that only three of the providers suspended during this period were given advance notice.  In other words, it appears that all but three providers were suspended with no advance notice, and were likely suspected of fraud or willful misrepresentation.

 B.        Opportunity to Appeal a Medicare Payment Suspension Action.

Notably, there is not an administrative appeals mechanism available for providers to challenge a suspension action. At most, a provider can submit a “rebuttal” letter to CMS detailing why the proposed Medicare payment suspension should not take effect or should be lifted. A rebuttal letter must be submitted within 15 days of the suspension notice. CMS contractors will then review the provider’s rebuttal, draft a response, and submit the proposed response (along with the provider’s rebuttal) to CMS for approval.  From a practical standpoint, it has been our experience that CMS rarely changes its position and cancels the planned Medicare suspension action.

 C.        Length of Medicare Payment Suspensions.

The length of a Medicare suspension of payments period is usually 180 days, but this can be extended under certain circumstances.

D.       Having a Medicare Payment Suspension Action Lifted.

During the suspension period, CMS contractors will request that the provider submit medical records relevant to any suspect claims being examined by CMS. A Medicare contractor (typically a ZPIC or PSC) will then analyze these medical records in order to determine the amount of any improper payments made to the provider, including overpayments. Once the overpayment has been calculated, a provider’s Medicare Administrative Contractor will issue a demand letter to the provider requesting a refund of the overpayment amount. In some instances, once CMS has ascertained the nature and extent of any overpayment, the suspension action will be lifted.

Health care providers may continue to submit claims during a suspension period, but payment action for these claims will not be taken until the ZPIC / PSC can determine the nature and amount of any overpayment that may be owed. Any claims found to qualify for coverage and payment are usually used to offset the amount of the overpayment determined by the ZPIC / PSC.  Excess funds are then distributed to the provider.

 II.  Recent Analysis of Prior Medicare Payment Suspension Actions Taken: 

On November 1, 2010, the OIG released a report for CMS entitled The Use of Payment Suspensions to Prevent Inappropriate Medicare Payments.[3] The goal of this report was to evaluate CMS’ use of suspension actions taken in 2007 and 2008 and  assess CMS’ procedures for implementing payment suspension actions. OIG analyzed 253 payment suspensions made during these two years.

 A.        General Overview of Medicare Payment Suspension Actions Taken in 2007 and 2008.

The OIG found that 85% of the providers suspended in 2007 and 2008 were  Medicare Part B providers.  Additionally, 79% of these providers were located in four states: Florida, California, Michigan, and Puerto Rico.  They further found that CMS contractors generally complied with the suspension “notice” requirements set forth in CMS rules and regulations, providing all of the required elements in the suspension notice in 96% of the actions examined.  Notably, only 16% of the providers suspended submitted a “rebuttal” to the suspension notice.   Notably, the average length of time before CMS approved a proposed suspension was four calendar days, and more than half of these suspensions were extended. Notably, the report explained that many suspensions are extended because CMS contractors needed additional time to calculate overpayments for reasons ranging from delayed receipt of medical records[4] to the complexity of the analysis required.  As OIG found, the median overpayments assessed in connection with payment suspension actions taken were quite large.  The OIG found the following:

Overpayments Assessed in Connection with Medicare Payment Suspension Actions Taken During 2007 and 2008 

 

Type of Health Care Provider

 

   

 Number of Providers Suspended

 

Median Alleged Overpayment Assessed

 

Part A

 

 

21

 

$1,645,026

 

Part B – DMEPOS

 

 

57

 

$1,237,153

 

Part B –non-DMEPOS

 

 

65

 

$1,072,338

B.        Reasons for Medicare Payment Suspension Actions.

OIG reported that the great majority of suspensions that took place between 2007 and 2008 “exhibited characteristics that suggest fraud.” In fact, payment suspensions taken during this period were almost all used “as a tool to fight fraud.” The OIG based this conclusion on the following:

99% of suspension notices were sent to the provider on or after the effective suspension date, indicating that fraud was a consideration in the suspension action.

74% of suspended providers supplied information suggesting questionable billing patterns, such as spikes in multiple claims submitted for the same beneficiary or extensive services provided within a very short time frame.

63% of suspensions involved complaints or information from beneficiaries raising concerns about services they never received or that were medically unnecessary.

 C.        CMS Guidance on Medicare Payment Suspensions Has Been Inconsistent.

The OIG noted some documents supplied by the CMS to provide guidance on payment suspensions are inconsistent or incomplete. Some information that the OIG identified as needing revision includes:

The CMS Program Integrity Manual (PIM) mandates that contractors requesting suspension submit to CMS a draft of the suspension notice along with “other supportive information” when requesting suspension. However, the manual fails to define or provide examples for the phrase “other supportive information.”

 The model suspension notice contained in the PIM has not been updated since 2000. Accordingly, the notice provides an incorrect summary of the suspension process.

The OIG report concluded that, based on the data reviewed, Medicare payment suspensions were used almost exclusively as a tool to fight fraud in 2007 and 2008. The report did not offer any recommendations, but it did note that the PPACA dramatically expanded CMS’s authority to suspend Medicare payments.

III.  Health Care Reform and Medicare Payment Suspensions:

The Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (collectively referred to as the Affordable Care Act or “ACA”), was signed into law on March 23, 2010.  Among its provision, the ACA further expanded CMS’ ability to take payment suspension actions. In addition to the three suspension criteria discussed above, ACA now permitted CMS to suspend payments based on credible allegations of fraud unless there is good cause not to suspend such payments. The seemingly vague language and potentially broad scope of this rule has many providers concerned about the threat of payment suspensions.

 A.        Proposed Regulations.

The ACA requires the Secretary, HHS to prepare new regulations implementing the provisions of the ACA, including the new payment suspension rules.  On September 23, 2010, HHS issued a proposed regulation which defines a “credible allegation of fraud” as allegations from any source, including:

Fraud hotline complaints.

Claims data mining.

Provider audits.

Civil false claims cases.

Law enforcement investigations.

As set out in the Proposed Rule, an allegation is “credible” when it has an indicia of reliability.” Unfortunately, HHS does not supply any additional guidance as to the meaning of potentially vague terms, such as “source” or “indicia of reliability.” Indeed, HHS even appears to concede the ambiguity of these terms; the proposed regulation states “Many issues related to this definition will need to be determined on a case-by-case basis by looking at all the factors, circumstances, and issues at hand.”

This new regulation contains one important limitation, namely the “good cause” exception. Even in cases involving credible allegations of fraud, CMS may continue payments if there exists some good cause for doing so. In the proposed regulation, HHS gives several examples of what could constitute “good cause’ under this standard:

The possibility that payment suspension will alert a violator to an investigation or inquiry;

The possibility that payment suspension will expose whistleblowers or confidential sources;

Where payment suspension may jeopardize beneficiary access to necessary items or services;

Where remedies other than payment suspension available to CMS are more expeditions or effective in protecting Medicare funds; or

Where payment suspension would “not be in the best interests of the Medicare program.”

Aside from its broad sweep and built-in exception, this new credible allegation of fraud rule is distinct from the other bases for payment suspensions in three critical respects. To begin with, CMS is required to consult with OIG in determining whether a credible allegation of fraud exists. This collaboration is not required before CMS suspends payment on any other basis, and OIG has no formal role in imposing such suspensions. Additionally, as discussed above, the other suspension criteria have 180-day time limits (which, under certain circumstances, can be extended), while the credible allegation of fraud rule does not have any such time restrictions. Suspensions could remain effective indefinitely as OIG conducts its investigation into the fraud allegations. Finally, a payment suspension for a credible allegation of fraud may be lifted upon the resolution of the fraud investigation, which occurs when “a legal action is terminated by settlement, judgment, dismissal, or [dropped for lack of evidence].” Conversely, payment suspensions for other reasons are terminated upon refund of any assessed overpayment to CMS.

IV.  Recommendations for Providers:

Medicare payment suspensions can dramatically impact and disrupt a provider’s healthcare practice. Based on the report published by OIG and in consideration of the new regulations promulgated by HHS, below are some recommendations for avoiding suspension actions.

 A.        Engage Experienced Legal Counsel.

In light of both the seriousness and complexity presented, it is strongly recommended that providers facing a payment suspension action immediately engage experienced counsel.  As you will recall, almost all of the suspension actions pursued by Medicare contractors, OIG and DOJ involve allegations of fraud or deliberate misrepresentation.   Therefore, care should be taken to ensure that the rights of the health care provider and its staff are properly protected.

 B.        Submit a Rebuttal.

The OIG report noted that only 16% of providers suspended between 2007 and 2008 submitted a rebuttal to the suspension notification. While a rebuttal does not guarantee that CMS will not proceed with the suspension, it does give the provider an opportunity to explain any of the potential mistakes or errors that drew the attention of CMS. Additionally, it is critical to keep in mind that suspension actions are not appealable; once a suspension is imposed, there is no recourse for the provider. A rebuttal is a provider’s only opportunity to be heard prior to imposition of the suspension.

 C.        Timely Provide Medical Records When Requested by CMS.

As discussed above, once a suspension has been imposed CMS will request medical records from the provider in order to evaluate the related claims for any potential overpayments. In the OIG report, the authors noted that suspensions were often extended beyond the initial 180-day time period for a variety of reasons, one of which was the provider’s failure to timely submit medical records. It is possible that providers who comply with CMS medical records requests as soon as possible will see their cases resolved more quickly and their suspensions lifted without any extension. Additionally, providers should thoroughly organize medical records for complex cases so that CMS contractors can review the records more efficiently and therefore resolve the suspension action.

 D.        Credible Allegations of Fraud Can Originate from Practically Anywhere.

Because the proposed regulations regarding credible allegations of fraud are exceedingly broad and vague, it is difficult to supply guidance to providers concerned about compliance with this new rule. However, one important principle to keep in mind is that, under the definition proposed by HHS, a credible allegation can come from any source. This includes patients, employees, or other providers. Therefore, it is extremely important for providers to be conscientious so that their conduct does not give rise to any inferences of fraud.iles P

Robert W. Liles, JD, represents healthcare providers in Medicare payment suspension actionsRobert W. Liles and other Liles Parker attorneys have extensive experience representing health care providers in connection with a wide variety of administrative, civil and criminal health care fraud enforcement matters — including Medicare suspension of payment actions. Should you have questions regarding this article, please give us a call.  Initial consultations are free.  Robert can be reached at 1 (800) 475-1906.


[1] Federal Bureau of Investigation, Financial Crimes Report to the Public 2007, available at http://www.fbi.gov/stats-services/publications/fcs_report2007/.

[2] For example, if a government official is unable to complete an examination of information submitted by a suspended provider or the Department of Justice is investigating potential criminal charges or civil actions, then the suspension may be extended for 180 days. If OIG is considering administrative action against the provider- such as exclusion from participation in Medicare or the assessment of civil monetary penalties- then the suspension may be extended indefinitely.

[3] Center for Medicare and Medicaid Services, The Use of Payment Suspensions to Prevent Inappropriate Medicare Payments, Report No. OEI-01-09-00180 (Nov. 2010).

[4] The report states that 55% of suspended providers never provided CMS contractors with any medical records at all.

Provider Exclusion Screening / OIG Screening Practices are a Significant Risk

Provider Exclusion Screening(December 11, 2010):  Has your practice conducted exclusion screening / OIG screening on all of you employees?Earlier this week, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs.  The provider paid $376,432 to resolve these allegations. As Lewis Morris, Chief Counsel to the Office of Inspector General stated:

“Providers self-disclosing such violations will ultimately pay lower settlement amounts. . . But in cases initiated by the government — such as this one — providers will, as a matter of course, be required to pay more to resolve the matter.”

As Mr. Morris further noted:

“This case illustrates yet again that OIG will pursue CMPs when providers have employed an excluded person for the furnishing of items or services paid for by Federal health care programs,”

Notably, this matter was referred to HHS-OIG for investigation by the State Medicaid Fraud Control Unit (MFCU).

I.  Lessons to be Learned When Performing Exclusion Screening / OIG Screening:

This case illustrates a number of important lessons for all health care providers who participate in Federal Health Benefits Program, regardless of size. These lessons include:

OIG Screening employees is easy and quick: It takes very little effort for a provider to screen current and prospective employees against HHS-OIG list of excluded parties and GSA’ s list of parties who have been debarred from participation in Federal contracts. Notably, the failure to screen employees can be quite costly.

No mention of actual fraud or overpayment was mentioned in this case — Nevertheless, the employment of excluded individuals was found to be quite serious by HHS-OIG:   HHS-OIG won’t hesitate to pursue civil monetary penalties against a provider who employs excluded individuals, despite the fact that no mention is made of any wrongful billings. Regular screenings of your employees should be made to ensure that none of your employees have been excluded from participation.

The government is serious about self-disclosing problems: HHS-OIG’s Chief Counsel went out of his way to point out that provider’s who self-disclose will ultimately pay a lower amount of damages to the government. While we recognize the government’s preference in this regard, should you identify a problem, you should contact legal counsel before making a self-disclosure. HHS-OIG’s voluntary disclosure protocol has a number of requirements that should be fully assessed prior to deciding to make a disclosure under the program. To be clear, if you owe money to the government, you must pay it back. The issue to be resolved is how to go about returning any monies to which you are not entitled. Depending on the circumstances, a provider may be better off working with their Medicare Administrative Contractor to resolve a problem. In other cases, HHS-OIG’s protocol may be the best option. Every situation is different and should be carefully assessed before action is taken.

Federal and State law enforcement teams are coordinating their actions and findings: Notably, these violations were first identified by a State MFCU who then contacted HHS-OIG. Similarly, we are seeing State Medical Boards advising ZPICs of actions they are taking against licensed health care providers. In several cases, the State Medical Board found that the provider was either not providing adequate supervision over subordinate Nurse Practitioners and Physician Assistants. The ZPIC has then used this as a basis to argue that the claims did not qualify for Medicare coverage.

In summary, health care providers should continually be reviewing their compliance efforts to ensure that basic mistakes such as the ones in this case (failure to properly screen employees) do not occur.

Our attorneys represent health care providers around the country in connection with compliance issues.   Please feel free to contact us for a complimentary consultation.  We can be reached at: 1 (800) 475-1906.

Next Page »