Top Ten Health Care Compliance Risks for 2011.
January 1, 2011 by Lorraine Ater
Filed under Featured, UPIC Audits
(December 31, 2010): In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010. Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:
Compliance Risk Number 1: Increased “HEAT” Activity and Enforcement: Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT). These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions. HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.
As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:
- Filed charges against more than 800 defendants.
- Obtained 583 criminal convictions.
- Opened 886 new civil health care fraud matters.
- Obtained 337 civil administrative actions against parties committing health care fraud.
- Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies.
President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program.These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented. Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.
Compliance Risk Number 2: Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims: As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million. In 2011, we should expect to see:
- The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
- The reliance of both contractors and the government on data mining will continue to grow. Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
- An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.” In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.
Are you ready for an unannounced / unanticipated site visit or audit? When is the last time that you have conducted an internal review of your billing / coding practices? Are you aware of the hidden dangers when conducting these reviews? In 2011, your Compliance Officer may very well be your most important non-clinical staff member. Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.
Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs). In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations. Instead, the information gathered is often sparse and similar for each of the patients treated. Take care before converting your practice or clinic to an EMR system. Include your Compliance Officer in the selection and review process.
Compliance Risk Number 4: Physician Quality Reporting Initiative (PQRI) Issues: Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate. As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered. Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.
Compliance Risk Number 5: Medicaid Integrity Contractors (MICs) and Medicaid Recovery Audit Contractors (MDRACs): In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States. Notably, the information and documentation requested has often been substantial. Medicaid providers must now also contend with MDRACs. As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011. Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.
Compliance Risk Number 6: HIPAA / HITECH Privacy Violations: Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).
- Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
- Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.
As of mid-2010, there had been 93 breaches affecting 500 or more individuals. The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million. Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records. Many of these thefts could have been avoided with appropriate security. The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement. Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.
Compliance Risk Number 7: Increased Number of Qui Tams Based on Overpayments: Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.
This law creates a minefield for physicians and other Medicare providers. First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later. Of course, the legislation does not actually explain what it means to “identify” an overpayment.
From a “risk” standpoint, this change is enormous. Disgruntled employees try to file a Qui Tam (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion. While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case. Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.
Compliance Risk Number 8: Third-Party Payor Actions: Third-party (non-Federal) payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents. Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs). Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services. If so, their SIU opens a new investigation against the provider.
Compliance Risk Number 9: Employee Screening: With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare. As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded. In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.
Compliance Risk Number 10: Payment Suspension Actions: Last, but not least, we expect the number of payment suspension actions to increase in 2011. In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions. Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.
As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements. Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution. Providers must take compliance seriously if they hope to thrive in 2011.
Liles Parker attorneys provide health law guidance and advice to health care providers around the country. Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations. Should you have questions regarding these and other issues, give us a call for a free consultation. We can be reached at 1 (800) 475-1906.
Medicare Exclusion Screening of Your Staff is Essential.
December 11, 2010 by Lorraine Ater
Filed under Featured, Medicare Audits
(December 11, 2010): Earlier this week, HHS-OIG announced that it had assessed significant civil monetary penalties (CMPs) against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. Medicare exclusion screening is essential.
I. The Failure to Conduct Proper Medicare Exclusion Screening Activities Can Result in Significant CMPs.
The provider paid $376,432 to resolve these allegations. As Lewis Morris, Chief Counsel to the Office of Inspector General stated:
“Providers self-disclosing such violations will ultimately pay lower settlement amounts. . . But in cases initiated by the government — such as this one — providers will, as a matter of course, be required to pay more to resolve the matter.’
As Mr. Morris further noted:
“This case illustrates yet again that OIG will pursue CMPs when providers have employed an excluded person for the furnishing of items or services paid for by Federal health care programs,”
Notably, this matter was referred to HHS-OIG for investigation by the State Medicaid Fraud Control Unit (MFCU).
II. Lessons to be Learned.
This case illustrates a number of important lessons for all health care providers who participate in Federal Health Benefits Program, regardless of size. These lessons include:
Medicare exclusion screening of your employees is easy and quick: It takes very little effort for a provider to screen current and prospective employees against HHS-OIG list of excluded parties and GSA’ s list of parties who have been debarred from participation in Federal contracts. Notably, the failure to screen employees can be quite costly.
No mention of actual fraud or overpayment was mentioned in this case. Nevertheless, the employment of excluded individuals was found to be quite serious by HHS-OIG: HHS-OIG won’t hesitate to pursue civil monetary penalties against a provider who employs excluded individuals, despite the fact that no mention is made of any wrongful billings. Regular screenings of your employees should be made to ensure that none of your employees have been excluded from participation.
The government is serious about self-disclosing problems: HHS-OIG’s Chief Counsel went out of his way to point out that provider’s who self-disclose will ultimately pay a lower amount of damages to the government. While we recognize the government’s preference in this regard, should you identify a problem, you should contact legal counsel before making a self-disclosure. HHS-OIG’s voluntary disclosure protocol has a number of requirements that should be fully assessed prior to deciding to make a disclosure under the program. To be clear, if you owe money to the government, you must pay it back. The issue to be resolved is how to go about returning any monies to which you are not entitled. Depending on the circumstances, a provider may be better off working with their Medicare Administrative Contractor to resolve a problem. In other cases, HHS-OIG’s protocol may be the best option. Every situation is different and should be carefully assessed before action is taken.
Federal and State law enforcement teams are coordinating their actions and findings: Notably, these violations were first identified by a State MFCU who then contacted HHS-OIG. Similarly, we are seeing State Medical Boards advising ZPICs of actions they are taking against licensed health care providers. In several cases, the State Medical Board found that the provider was either not providing adequate supervision over subordinate Nurse Practitioners and Physician Assistants. The ZPIC has then used this as a basis to argue that the claims did not qualify for Medicare coverage.
In summary, health care providers should continually be reviewing their compliance efforts to ensure that basic mistakes such as the ones in this case (failure to properly conduct Medicare exclusion screening procedures of employees) do not occur.
Robert W. Liles serves as Managing Partner at Liles Parker. Robert and our other health law attorneys represent health care providers around the country in connection with compliance and other health law issues. Should you have questions about a health law issue, feel free to call us for a free consultation. We can be reached at: 1 (800) 475-1906.
Home Health Agency “Patient Recruiter” Sentenced to 63 Months in Prison for Allegedly Committing Health Care Fraud
October 18, 2010 by
Filed under HEAT Enforcement
(October 18, 2010): The U.S. Attorney’s Office for the Eastern District of Michigan, working with the FBI and HHS-OIG has announced the sentencing of yet another defendant convicted of home health fraud. As the Department of Justice’s Press Release reflects, the defendant, a nurse who worked as a “patient recruiter“ and operator of a Detroit-area home health agency, allegedly solicited Medicare beneficiaries for the home health agency where he worked and “offered them cash kickbacks in exchange for their Medicare patient information and signatures on medical documents.” The defendant also allegedly:
“admitted that he knew the beneficiaries he recruited were neither homebound nor in need of physical therapy services.” Finally, the defendant allegedly “admitted in court papers that he knew [the home health agency] used the beneficiaries’ Medicare information to bill Medicare for physical therapy that was medically unnecessary and / or never performed.” (emphasis added).
As a result, it was estimated that $6.96 million in “false or fraudulent claims [were submitted] to the Medicare program.” In this case, the defendant was sentenced to 63 months in prison for his actions.
Commentary: Over the last few months, a number of criminal prosecutions have been brought against “patient recruiters” working for home health agencies who have allegedly been involved in wrongdoing. In most cases, the defendants have been alleged to have improperly used the Medicare information of these patients to improperly bill for services that were not medically necessary and / or were not rendered. In light of these cases, it is recommended that home health agencies carefully review their marketing practices to verify that the conduct of their employees or contractors does not violate applicable statutory and regulatory requirements. It is also recommended that home health agency Compliance Officers work with outside counsel to engage outside billing / coding personnel to conduct periodic home health claims reviews so that the propriety of the skilled nursing services billed can be properly verified.
Liles Parker attorneys represent home health agencies and their officers in Medicare audits and investigations. Please call 1 (800) 475-1906 for a free consultation.
President Obama’s 2011 Funding Request Provides for Expansion of the HEAT Program to Additional Cities
October 4, 2010 by
Filed under HEAT Enforcement
(October 4, 2010): As DOJ has recently noted in its own blog, over the last Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), have been extraordinarily active in jointly pursuing health care providers allegedly engaging in fraud as part of the HEAT program. As DOJ notes, the mission of the HEAT program is:
- To marshal significant resources across government to prevent waste, fraud and abuse in the Medicare and Medicaid programs and crack down on the fraud perpetrators who are abusing the system and costing us all billions of dollars.
- To reduce skyrocketing health care costs and improve quality of care by ridding the system of perpetrators who are preying on Medicare and Medicaid beneficiaries.
- To highlight best practices by providers and public sector employees who are dedicated to ending waste, fraud and abuse in Medicare.
- To build upon existing partnerships that already exist between the two agencies, including our Medicare Fraud Strike Forces to reduce fraud and recover taxpayer dollars.
Together, DOJ, HHS-OIG and CMS have accomplished the following over the last Fiscal Year:
- Filed charges against more than 800 defendants.
- Obtained 583 criminal convictions.
- Opened 886 new civil health care fraud matters.
- Obtained 337 civil administrative actions against parties committing health care fraud.
Through these coordinated efforts, more than $2.5 billion was recovered. Importantly, these successes have not gone unnoticed. President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program initiative.
Commentary: In light of the government’s continuing efforts, we strongly recommend that our clients review their current compliance efforts to ensure that they take into account any and all risk areas that have been identified or associated with their areas of practice. Providers should work to ensure that their operations and billing activitivies fully comply with applicable statutory and regulatory billing and coding requirements.
Should you have questions, please give us a call for a complimentary consultation. We can be reached at 1 (800) 475-1906.
Can ZPIC Audits Base Their Overpayment Demand on a Mere Sample of Claims? Maybe. . .Maybe Not. . .
July 12, 2010 by rliles
Filed under UPIC Audits
(July 12, 2010): A ZPIC’s use of extrapolation can be a surefire way of destroying a provider’s practice. We’ve known it for years and yet the government’s passion for statistical sampling only seems to be growing. This makes it essential for providers to involve experienced counsel as soon as possible after the audit has been conducted.
“Extrapolation” is the process of using statistical sampling in a review to calculate and project (extrapolate) alleged overpayments made in connection with Medicare claims. Basically, ZPICs seek out errors in an alleged “statistically relevant sample” of the provider’s Medicare claims and then calculate and apply the “error rate” to the entire universe of claims covering a given period of time. This long-standing practice allows ZPICs to grossly inflate the monetary demands on their audit targets while avoiding actually reviewing each of the Medicare claims in the universe for which they are seeking recoupment or offset.
The practice dates back twenty years to a decision by the Secretary of Health and Human Services (HHS) to authorize the use of statistical sampling in lieu of engaging in onerous claim-by-claim reviews. In Chaves County Home Health Services v. Sullivan, 931 F.2d 914 (D.C. Cir. 1991), the district court upheld extrapolation as being within the Secretary’s discretion.
In 2003, after years of protest, physicians groups and others succeeded in convincing Congress to place some limitations on the use of extrapolation. Under Section 935 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), before an auditor can employ extrapolation, there must be either a determination of a sustained or high level of payment error, or documentation that educational intervention has failed to correct the payment error. While this opens the door to challenging an extrapolation, we also work with a statistical expert to identify other errors made by the ZPIC when conducting an extrapolation.
Over the years, Liles Parker has worked with a number of the best statisticians in the country, challenging the extrapolation and having it invalidated at either the Qualified Independent Contractor (QIC) level or at hearing before an Administrative Law Judge (ALJ). If your practice or clinic is audited by a ZPIC, we strongly recommend that you engage experienced legal counsel to represent your interests during this complex process. The legal arguments utilized are driven by the facts in each case. As a result, you should retain counsel with extensive real-world knowledge of how to best challenge the use of statistical sampling by ZPICs and PSCs.
Should you have any questions regarding these issues, don’t hesitate to contact us. For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.
President Obama Publicizes Measures to Fight Health Care Fraud. . . Again. . .
June 14, 2010 by
Filed under Medicare Audits
(June 8, 2010): For those of you who missed the first two dozen pronouncements (okay, perhaps a little exaggerated, but still . . . we the message when Congress made it a False Claims Act violation to hold onto a mere overpayment for more than 60 days), President Barack Obama has again expressed his concern about health care fraud in a national Town Hall video teleconference with Senior Citizens across the country. He took this opportunity to further publicize his “national campaign to combat fraud and misinformation” regarding the Medicare program and the Affordable Care Act.
As President Obama reiterated, the current Administration is committed to fighting health care fraud. To that end, the following steps have been taken:
The President has directed HHS to cut the improper payment rate, which tracks fraud, waste and abuse in the Medicare Fee for Services program, in half by 2012.
The Administration has helped support a renewed partnership between the Federal government and state Attorneys General. Secretary Kathleen Sebelius and Attorney General Eric Holder today sent a letter to state Attorneys General urging them to vigorously prosecute criminals who seek to steal from seniors and taxpayers and pledged the support of federal officials for state efforts.
A nationwide series of anti-fraud summits hosted by the Departments of Justice and Health and Human Services will bring federal, state and local officials together with representatives from the private sector to discuss tactics to fight fraud. The first summit will be held in Miami with additional summits in Los Angeles, Las Vegas, Detroit, Boston, New York, and Philadelphia.
A redoubling of efforts by U.S. Attorneys nationwide to coordinate with state and local law enforcement to prevent and prosecute fraud. Today, Attorney General Holder called on U.S. Attorneys to hold regular forums with local officials to discuss how to better crack down on criminals who commit fraud.
Notably, the current administration’s focus on health care fraud enforcement is reminiscent of the major initiatives rolled out during the President Clinton’s terms in office. As you may recall, Attorney General Reno named “Health Care Fraud” as the Department of Justice’s “#1” white collar priority. While many voters tend to associate Republicans with “pro-law enforcement” and “anti-fraud” measures, the Democrats have clearly led in the area of health care fraud enforcement. While the government’s review of Medicare billings have been broad-based, health care providers in Florida, Louisana, Texas and Tennessee appear to be expecially hard hit. Medicare claims have been (and are continuing to be) audited by ZPICs and PSCs througout the South. Regrettably, in many cases we have found that the contractors’ audit findings have been severely flawed, failing to properly the LCD’s provisions, missing key information in the medical records submitted by the health care provider for review and asserting conclusions that are unsupported by any evidence in the case. As a result, providers have been forced to appeal the ZPIC / PSC denial decisions through the administrative appeals system, a time-consuming and expensive process.
In any event, the message is quite clear – the current administration has been, and will continue to be, extremely aggressive in its efforts to identify and pursue both alleged overpayments and instances of health care fraud. Unfortunately, with recent changes to the False Claims Act and the Federal Anti-Kickback Statute, incidents that might have otherwise qualified as a mere overpayment may be viewed quite differently today by Federal prosecutors. Health care providers should diligently work to ensure that their operations, coding and billing activities fully comply with statutory and regulatory requirements.
Should you have any questions regarding these issues, don’t hesitate to contact us. For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.
The Next “Patient” You See May be an Undercover Physician Auditing Your Practice.
April 11, 2010 by
Filed under Medicare Audits
(April 11, 2010): As the American Medical Association (AMA) recently reported on March 22nd, health care providers may find themselves subjected to “Secret Shopper” audits by fellow providers hired by the government conduct reviews and investigations.
In a speech he made March 10th, President Obama expressed interest in a proposal by Senator Tom Coburn, M.D. (R-OK) to have physicians and other health professionals go undercover and pose as patients to root out fraud. Apparently, President Obama included it among with several other Republican proposals which were considered when the recently passed Health Care Reform Bill was enacted. Dr. Coburn tried to amend the Senate health reform bill with a provision that would direct the Department of Health and Human Services to establish a demonstration project for undercover investigations. While a number of demonstration projects were ultimately included in the legislation, it isn’t clear if this is one of them.
Not surprisingly, the AMA has dismissed the idea of paying physicians to pretend to be patients in an effort to smoke out criminal activity. As the AMA responded:
“The AMA has zero tolerance for health fraud, but there’s no evidence that the undercover-patient tactic would be effective or efficient in finding fraud. . . We are partnering with HHS and the Justice Dept. to address fraud, and we strongly recommend the government target areas where fraud occurs most, instead of wasting physician time that could be better spent caring for real patients.” (AMA President J. James Rohack, M.D.)
Notably, “Secret Shopper” audits and investigations are nothing new. Both HHS and DOJ have used individuals posing as patients or employees in investigations for as long as health care fraud has been prosecuted by the government.
From a compliance standpoint, this could present a number of additional risks, not normally encountered in a standard billing and coding audit. This could implicate a variety of E/M related issues. Moreover, this may raise quality of care issues not otherwise covered in a routine audit.
The unknown issue at this point is whether HHS-OIG and / or CMS may try and expand the use of “Secret Shoppers” beyond the traditional boundaries of law enforcement. Currently, although ZPICs, PSCs and MICs may show up at a provider’s door seeking copies of documentation and answers to questions, they readily identify themselves when they arrive. Our client’s have expressed concern about ZPICs and RACs using a variation of the “Secret Shopper” scenario in yet another attempt to identify possible subjects for audit.
Should you have any questions regarding these issues, don’t hesitate to contact us. For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.