Category Archives: Federal Government
Who knows that – regardless your innocence –the government can and will recoup your funds preemptively at the third level of Medicare appeals. This flies in the face of the elements of due process. However, courts have ruled that the redetermination and the reconsideration levels afford the providers enough due process, which entails notice and an opportunity to be heard. I am here to tell you – that is horse manure. The first two levels of a Medicare appeal are hoops to jump through in order to get to an independent tribunal – the administrative law judge (“ALJ”). The odds of winning at the 1st or 2nd level Medicare appeal is next to zilch, although often you can get the alleged amount reduced. The first level is before the same entity that found you owe the money. Auditors are normally not keen on overturning themselves. The second level is little better. The first time that you present to an independent tribunal is at the third level.
Between 2009 and 2014, the number of ALJ appeals increased more than 1,200 percent. And the government recoups all alleged overpayments before you ever get before an ALJ.
In a recent case, Sahara Health Care, Inc. v. Azar, 975 F.3d 523 (5th Cir. 2020), a home health care provider brought an action against Secretary of Department of Health and Human Services (“HHS”) and Administrator for the Centers for Medicare and Medicaid Services (“CMS”), asserting that its statutory and due process rights were violated and that defendants acted ultra vires by recouping approximately $2.4 million in Medicare overpayments without providing a timely ALJ hearing. HHS moved to dismiss, and the provider moved to amend, for a temporary restraining order (“TRO”) and preliminary injunction, and for an expedited hearing.
The case was thrown out, concluding that adequate process had been provided and that defendants had not exceeded statutory authority, and denied provider’s motion for injunctive relief and to amend. The provider appealed and lost again.
What’s the law?
Congress prohibited HHS from recouping payments during the first two stages of administrative review. 42 U.S.C. § 1395ff(f)(2)(A).
If repayment of an overpayment would constitute an “extreme hardship, as determined by the Secretary,” the agency “shall enter into a plan with the provider” for repayment “over a period of at least 60 months but … not longer than 5 years.” 42 U.S.C. § 1395ddd(f)(1)(A). That hardship safety valve has some exceptions that work against insolvent providers. If “the Secretary has reason to believe that the provider of services or supplier may file for bankruptcy or otherwise cease to do business or discontinue participation” in the Medicare program, then the extended repayment plan is off the table. 42 U.S.C. § 1395ddd(f)(1)(C)(i). A provider that ultimately succeeds in overturning an overpayment determination receives the wrongfully recouped payments with interest. 42 U.S.C. § 1395ddd(f)(2)(B). The government’s interest rate is high. If you do have to pay back the alleged overpayment prematurely, the silver lining is that you may receive extra money for your troubles.
The years-long back log, however, may dwindle. The agency has received a funding increase, and currently expects to clear the backlog by 2022. In fact, the Secretary is under a Mandamus Order requiring such a timetable.
A caveat regarding this grim news. This was in the Fifth Circuit. Other Courts disagree. The Fourth Circuit has held that providers do have property interests in Medicare reimbursements owed for services rendered, which is the correct holding. Of course, you have a property interest in your own money. An allegation of wrongdoing does not erase that property interest. The Fourth Circuit agrees with me.
By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.
On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer. Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.
Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”) does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).
Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure. Most people don’t spell it correctly and even less people know what the acronym means. In 2009, HIPAA was supplemented with the HITECH Act. Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information. HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities “implement a mechanism to encrypt” all PHI that is stored electronically. 45 C.F.R. Section 164.312(a)(2)(iv). Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).
Whew, that was a quick history lesson. Now, back to the story.
In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI. First, a laptop was stolen. Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.
HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS).
You may be wondering, what in the world did they violate that would result in such an outrageous fine? So did MD Anderson!
MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.
Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient. 45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity. Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed. “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.
HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity. Well, go complain to the referees HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.
Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations. Not so fast, said the Court. The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system. MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation. Id.at *4.
I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was. That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.
Let’s hope I have many touchdowns to stand up and celebrate on Sunday! Go Chiefs!
The legal fine print: As exciting as this opinion is, please remember that devices should be encrypted and PHI should be protected to the maximum extent possible. While this is a great decision, it doesn’t remove the obligation to comply with the Regulations.
 PHI contains 18 different identifiers. 42 C.F.R. § 164.514(a)(2)(i).
 It’s the Health Insurance Portability and Accountability Act of 1996.
 HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009.
 Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.
 This is a very simple overstatement, but it works for the purposes of this article.
 Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards. An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.
The RACs are on attack! The “COVID Pause Button” on RAC audits has been lifted. The COVID Pause Button has been lifted since August 2020. But never have I ever seen CMS spew out so many new RAC topics in one month of a new year. Happy 2021.
Recovery audit contractors (“RACs”) will soon be auditing positron emission tomography (PET) scans for initial treatment strategy in oncologic conditions for compliance with medical necessity and documentation requirements.
Positron emission tomography (“PET”) scans detect early signs of cancer, heart disease and brain disorders. An injectable radioactive tracer detects diseased cells. A combination PET-CT scan produces 3D images for a more accurate diagnosis.
According to CMS’ RAC audit topics, “(PET) for Initial Treatment Strategy in Oncologic Conditions: Medical Necessity and Documentation Requirements,” will be reviewed as of January 5, 2021. The PET scan audits will be for outpatient hospital and professional service reviews. CMS added additional 2021 audit targets to the approved list:
- Air Ambulance: Medical Necessity and Documentation Requirements,. This complex review will be examining rotatory wing (helicopter) aircraft claims to determine if air ambulance transport was reasonable and medically necessary as well as whether or not documentation requirements have been met.
- Hospice Continuous Home Care: Medical Necessity and Documentation Requirements, and
- Ambulance Transport Subject to SNF Consolidated Billing.
Upcoming HHS secretary Xavier Becerra plans to get his new tenure underway quickly.
In False Claims Act (“FCA”) news, Medicare audits of P-Stim have ramped up across the country. A Spinal Clinic in Texas agreed to pay $330,898 to settle FCA allegations for allegedly billing Medicare improperly for electro-acupuncture device neurostimulators. CMS claims that “Medicare does not reimburse for acupuncture or for acupuncture devices such as P-Stim, nor does Medicare reimburse for P-Stim as a neurostimulator or as implantation of neurostimulator electrodes.”
Finally, is your staff getting medical records to consumers requesting their records quickly enough? Right to access to health records is yet another potential risk for all providers, especially hospitals due to their size. A hospital system agreed to pay $200,000 to settle potential violations of the HIPAA Privacy Rule’s right of access standard. This is HHS Office for Civil Rights’ 14th settlement under its Right of Access Initiative. The first person alleged that she requested medical records in December 2017 and did not receive them until May 2018. In the second complaint, the person asked for an electronic copy of his records in September 2019, and they were not sent until February 2020.
Beware of slow document production as slow document production can lead to penalties. And be on the lookout for the next RAC Report.
Remember, never accept the results of a Medicare or Medicaid audit. It is always too high. Believe me, after 21 years of my legal practice, I have yet to agree with the findings if a Tentative notice of Overpayment by any governmental contracted auditor, whether it is PCG, NGS, the MACs, MCOs, or Program Integrity – in any of our 50 States. That is quite a statement about the general, quality of work of auditors. Remember Teambuilders? How did $12 million become $896.35? See blog.
1 CMS, “0200-Air Ambulance: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/35Jx1co.
2 CMS, “0201-Hospice Continuous Home Care: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/3oRUyiY.
3 CMS, “0202- Ambulance Transport Subject to SNF Consolidated Billing,” proposed RAC topic, January 5, 2021, http://go.cms.gov/2LOMEbw.
For healthcare providers looking to avoid any of the traps stemming from PRF (Provider Relief Funds) compliance, RACmonitor is inviting you to sign up for Knicole Emanuel’s upcoming webcast on January 21st, 2021. It is titled: COVID-19 Provider Relief Funds: How to Avoid Audits. You can visit RACmonitor download the order form for the webcast to save yourself a spot.
If your facility accepted Provider Relief Funds (PRFs) as a consequence of the coronavirus pandemic, you need to be aware of the myriad of rules and regulations that are associated with this funding or else face penalties and takebacks. A word of caution: expect to be audited. In Medicare and Medicaid, regulatory audits are as certain as death and taxes. That is why your facility needs to arm itself with the knowledge of how to address documentation requests from the government, especially while the Public Health Emergency (PHE) is in effect.
This exclusive RACmonitor webcast, led by healthcare attorney Knicole Emanuel, discusses the PRF rules that providers must follow and how to prove that funds were appropriately used. There are strict regulations dictating why, how, and how much PRFs can be spent due to the catastrophic, financial impact of COVID-19. Register now to learn how to avoid penalties and takebacks related to PRFs.
- Rules and regulations relative to receiving and spending funds provided by the COVID-19 PRF
- Exceptions to COVID-19 PRF and relevant effective dates
- PRF documentation and reporting requirements
- The importance of the legal dates of PHE
- How to prove your facility’s use of funds is germane to COVID-19
Who Should Attend:
- RAC and appeals specialists
- RAC coordinators
- Compliance officers
- Directors and managers
About Knicole C. Emanuel, Esq.
Healthcare industry expert and Practus partner, Knicole Emanuel, is a regular contributor to the healthcare industry podcast, Monitor Mondays, by RACmonitor. For more than 20 years, Knicole Emanuel has maintained a health care litigation practice, concentrating on Medicare and Medicaid litigation, health care regulatory compliance, administrative law and regulatory law. Knicole has tried over 2,000 administrative cases in over 30 states and has appeared before multiple states’ medical boards.
She has successfully obtained federal injunctions in numerous states. This allowed health care providers to remain in business despite the state or federal laws allegations of health care fraud, abhorrent billings, and data mining. A wealth of knowledge in her industry, Knicole frequently lectures across the country on health care law. This includes the impact of the Affordable Care Act and regulatory compliance for providers, including physicians, home health and hospice, dentists, chiropractors, hospitals and durable medical equipment providers.
As 2020 ends and we look forward to starting a new chapter in 2021, we offer you this little nugget of advice—a resolution that sounds deceptively easy—read your mail. Yes, friends you heard it here first. . . the best thing you can do to protect yourself, your business, your patients, and your loved ones is to read the dang mail. Email, text messages, real mail, carrier pigeon or messages in a bottle. READ THEM!
2020 brought us a lot of curve balls and unexpected events but some of those events could have been avoided had mail been opened and read.
CMS and its third party contractors hold a lot of power in the healthcare world and can cause your practice to come crashing down by hitting send or putting a forever stamp on a letter. A regular practice of reading your mail can avoid that CMS avalanche of doom. 
You may be reading this and thinking, you’ve got to be crazy I always read my mail. Or perhaps you are thinking, this is the easiest new year’s resolution yet—all I have to do is read the mail.
Don’t be too hasty with your self-confidence. This is a hard practice to establish and an even harder one to maintain.
First, you have to actually read the mail. All of the mail. Even the mail you think will contain bad news. Constitutional due process requires only notice NOT successful notice. If successful notice were required, “then people could evade knowledge, and avoid responsibility for their conduct, by burning notices on receipt—or just leaving them unopened.” See Ho v. Donovan, 569 F.3d 677, 680 (7th Cir. 2009). “Conscious avoidance of information is a form of knowledge.” Id.
Second, you need a policy or procedure regarding the opening and reading of mail. One client we worked with did not have a system for logging mail once it was received in the office. Mail was lost. Deadlines were missed. Payments from the largest payer were suspended. The cost – too much to print.
It’s like that old Mastercard ad, yes, I’m talking to those of you out there who were around in the late 90s.
The cost of establishing a policy for logging in mail. . . zero.
The cost of reading mail. . . zero.
The cost of neglecting your mail, missing deadlines, and losing your practice. . . priceless.
So, as this year ends and you contemplate ways to improve your practice in 2021, please, please, please take our advice and READ YOUR MAIL.
It’s not just CMS that has holds the mailbox power. Just ask the City of North Charleston, SC. A motorist’s emailed complaint to the city over injuries sustained in an accident was not forwarded to the insurance carrier resulting in a multi-million dollar default judgement against the city. See Campbell v. City of North Charleston, 431 S.C. 454,459 (SC Ct. App. 2020) (holding that “the failure to forward an email did not amount to good cause shown for failure to timely file an answer).
 For those of you who have no idea what we are talking about see https://www.aaaa.org/timeline-event/mastercard-mccann-erickson-campaign-never-got-old-priceless/
Ashley Thomson brings 20 years of extensive in-house, hospital counsel and law firm experience to our team. Well-versed in a variety of disciplines, her emphasis is in health care, insurance and compliance, specifically medical malpractice, employment, healthcare and privacy law compliance and defense, including matters involving HIPAA. Ashley has also been heavily involved in risk management, patient safety, corporate governance, contract and policy drafting, negotiations and healthcare management. Prior to joining Practus, Ashley served as Associate General Counsel for Truman Medical Center (TMC) where she oversaw litigation, managed all aspects of their corporate compliance matters, including governmental audits and investigations, cybersecurity issues, HIPAA enforcement, 340B compliance and provider-based billing. As their Staff Litigation Counsel, she defended and litigated medical malpractice and general liability matters on behalf of the hospital, its employees, physician group and residents. Prior to joining TMC, Ashley was an Associate Attorney for Husch Blackwell.
Ashley is an outdoors woman at heart. When she’s not working, she’s hiking, walking, working in her yard, or playing with her kids. She’s also an avid reader and a football fan especially when she’s watching her favorite team, the Kansas City Chiefs!
If you are accused of Medicare fraud, your Medicare reimbursements will be immediately cut off without any due process or ability to defend yourself against the allegations. If you accept Medicare and Medicaid then you are held to strict regulations, some of which are highly, Draconian in nature without much recourse, legally, for providers. Many, many a provider have gone bankrupt and been forced out of business due to “credible allegations of fraud.” You see, legally, “credible allegations of fraud” is a low standard to meet. The definition of “credible” is “an indicia of reliability.” “Indicia” is defined as “signs, indications, circumstances which tend to show or indicate that something is probable. It is used in the form of “indicia of title,” or “indicia of partnership,” particularly when the “signs” are items like letters, certificates, or other things that one would not have unless the facts were as the possessor claimed. It can be a disgruntled worker. I am sure that none of the listeners here today have ever dealt with a disgruntled employee. Yes, that is sarcasm.
42 CFR § 405.372 is the regulation outlining the requirements for suspending Medicare payments. 42 CFR § 455.23 is the regulation mandating suspension of Medicaid payments upon credible allegations of fraud.
Pursuant to Medicare regulations, CMS must suspend Medicare reimbursements to a healthcare provider “in whole or in part” if it has been “determined that a credible allegation of fraud exists against a provider or supplier.” 42 C.F.R. § 405.371(a)(2). A credible allegation of fraud is “an allegation from any source, including … civil fraud claims cases, and law enforcement investigations.” 42 C.F.R. § 405.370(a). The decision to suspend Medicare payment or continue a payment suspension is made at the discretion of CMS – not the MAC. If you receive a letter from a MAC alleging fraud, be sure to check whether the letter states that the decision was made in collaboration with CMS. The MACs do not have the authority.
The suspension, however, is not indefinite, although the length is normally a year, which is financially devastating. The regulations allow CMS to maintain the suspension until a “legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence to support allegations of fraud.” 42 C.F.R. §§ 405.370(a) and .372(d)(3); see also § 405.371(b)(3)(ii) (CMS may extend the suspension of payment if the Department of Justice submits a written request that “suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal or civil action or both or based on a pending criminal or civil action or both.”).
When you receive a fraud accusation of any type – it is imperative to send it to your counsel. If you opt to litigate the suspension by asking the Court to enjoin the suspension, your first legal obstacle will be to argue that you do not have to exhaust your administrative remedies before appearing for the injunction. Cases have been decided both in the favor of providers and their suspensions have been lifted and against the providers. These cases usually win or lose on the argument that the suspension of reimbursements is an ancillary subject from the actual investigation of fraud. It is a jurisdictional argument.
It is my opinion that the federal regulations that allow for suspension of payments upon credible allegations of fraud need to be revised. Any of you with lobbyists, we need to revise the regulations to require due process – notice and an opportunity to be heard – prior to the government suspending Medicare and Medicaid reimbursements based on a spurious accusation from an anonymous source.
Back in 2015, I am sure that you all recall the case in New Mexico where NM accused 15 BH care provider of credible allegations of fraud. The providers constituted 87.5% of the BH in NM. I was one of the attorneys representing the larger BH cos. Prior to my involvement, all 15 providers requested good cause. All were denied. Lawmakers think that the good cause exception written into the regulation is enough defense for providers. But when the good cause is almost always denied, it isn’t much help. Write to your congress people. Amend the regulations to require due process.
Reporting the use of PRFs will be an ongoing issue due to the fraud and abuse implications of misusing PRFs.
The federal Provider Relief Fund (PRF) was created under the provisions of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, which was passed to address the economic harm suffered by healthcare providers that have incurred (or will incur) additional expenses and have lost (or will lose) significant revenue as a result of the COVID-19 pandemic. PRF payments have been made from either the “general distribution” tranche or via various “targeted distributions.” PRF payment amounts and whether the providers complied with the terms and conditions will be a hotly contested topic in Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits for years to come. If Centers for Medicare & Medicaid Services (CMS) auditors put out a monthly magazine, like Time, PRF would be on the cover. This will be the hot topic of RAC audits, come Jan. 1, 2021.
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) will audit Medicare payments made to hospitals for COVID-19 discharges that qualified for the 20-percent add-on payment under the CARES Act, according to a new item on the agency’s work plan.
To use the PRF funding from either the general or targeted distributions, providers must attest to receiving the funds and agree to all terms and conditions. However, what constitutes a “healthcare-related expense” or how to calculate “lost revenue” is not clearly defined. Similarly, how you net healthcare-related expenses toward lost revenue is also vague and undefined. On Nov. 2, HHS issued a clarification to post-payment reporting guidance for PRF funds.
The current guidance, issued Oct. 22, includes a two-step process for providers to report their use of PRF payments. The guidance specifically cites:
- Healthcare-related expenses attributable to COVID that another source has not reimbursed and is not obligated to reimburse, which may include general and administrative (G&A) or “healthcare-related operating expenses;” and
- PRF payment amounts not fully expended on healthcare-related expenses attributable to coronavirus are then applied to lost revenues associated with patient care, net of the healthcare-related expenses attributable to coronavirus calculated under the first step. Recipients may apply PRF payments toward lost revenue, up to the amount of the difference between their 2019 and 2020 actual patient care revenue.
HHS’s newest clarification came from its response to a FAQ, in which it said that healthcare-related expenses are no longer netted against the patient care lost revenue amount cited in the second portion. HHS indicated that a revised notice would be posted to remove the “net of the healthcare-related expenses” language in the guidance. Of course, as of now, we have no guidance regarding when this clarification is to be put into place officially. Yet another moving target for auditors.
Anticipate audits of the use of your PRF payments. CMS is choosing a sample of hospitals across the country that have received PRF payments to verify that such expenditures were for healthcare-related expenses. For each audit, OIG will obtain data and interview HHS/PRF program officials to understand how PRF payments were calculated, and then review actual PRF payments for compliance with CARES Act requirements. OIG will also review whether HHS’s controls over PRF payments ensured that payments were calculated correctly and disbursed to eligible providers.
Audits will also focus on how providers initially applied to receive PRFs, including calculations utilized and how COVID-19 patients are defined. When each hospital ceased netting expenses against lost revenue will now be another hot topic.
Balance billing is another area of interest. The terms and conditions require providers that accept the PRFs not to collect out-of-pocket payments from patients for all care for a presumptive or actual case of COVID-19 that exceeded what they would pay an in-network provider.
More havoc may ensue with any purchases or sales transactions that occur in the next year or so. Providers will need to know how to navigate compliance risks associated with any accepted or transferred PRFs. Tracking and reporting use of the PRFs will also be an ongoing issue due to the fraud and abuse implications of misusing PRFs, and there is limited guidance regarding how use will be audited. Many questions remain unanswered. Many terms remain undefined.
Programming Note: Knicole Emanuel, Esq. is a permanent panelist on Monitor Mondays. Listen to her RAC Report every Monday at 10 a.m. EST.
While the Coronavirus pandemic is horrible and seems to be getting worse. COVID has forced slight, positive changes in the telehealth arena and, perhaps, in the widening of the ambiguous definition of “medical necessity” or, as I call it – the undefined, definition of “medical necessity.” Medical necessity is the backbone of rendering health care services. Without it, services should not be provided. Yet, medical necessity is the most litigated topic in all of audits.
On September 1, 2020, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule that will codify a definition of “medical necessity” for Medicare purposes. So far, the definition of medical necessity varies, depending on the source. The MACs have been given long rein in defining the term on an individual and separate basis, creating disparity in definitions and criteria. The proposed rule’s comment period ended November 2, 2020.
All this to say medical necessity is in the eye of the beholder. Much like beauty. Why then, can RAC and MAC auditors who are not doctors, not firsthand, treating providers, not nurses or LCASs, decide that medical necessity does or does not exist for a patient that they have never seen?
Black’s Law Dictionary (the most prominent legal dictionary) has a super, unhelpful definition of medical necessity: “If not carried out the patient’s situation could worsen. For a patient’s treatment found to be necessary is this specific type of procedure or treatment.”
The American Medical Association (“AMA”), on the other hand, has a more detailed definition, probably unintended to make it all the more confusing:
“Our AMA defines medical necessity as: Health care services or products that a prudent physician would provide to a patient for the purpose of preventing, diagnosing or treating an illness, injury, disease or its symptoms in a manner that is: (a) in accordance with generally accepted standards of medical practice; (b) clinically appropriate in terms of type, frequency, extent, site, and duration; and (c) not primarily for the economic benefit of the health plans and purchasers or for the convenience of the patient, treating physician, or other health care provider.”
CMS’ proposed rule codifies a definition of what makes an item or service medically “reasonable and necessary” under the Social Security Act 1861(a)(1)(A). The rule, if finalized, would codify in regulations a definition of “reasonable and necessary” items and services based on a definition currently used by Medicare Administrative Contractors (MACs), with an additional element that potentially would include coverage determinations by commercial insurers as a factor in making Medicare coverage determinations.
The Proposed Definition (To be Codified in 42 CFR 405.201)
“We are proposing to codify the longstanding Program Integrity Manual definition of “reasonable and necessary” into our regulations at 42 CFR 405.201(b), with modification. Under the current definition, an item or service is considered “reasonable and necessary” if it is (1) safe and effective; (2) not experimental or investigational; and (3) appropriate, including the duration and frequency that is considered appropriate for the item or service, in terms of whether it is—
- Furnished in accordance with accepted standards of medical practice for the diagnosis or treatment of the patient’s condition or to improve the function of a malformed body member;
- Furnished in a setting appropriate to the patient’s medical needs and condition;
- Ordered and furnished by qualified personnel;
- One that meets, but does not exceed, the patient’s medical need; and
- At least as beneficial as an existing and available medically appropriate alternative.” See Proposed Rule.
In addition, CMS adds that it will also utilize commercial payor standards or have an objective panel determine medical necessity if criteria #1 and #2 were met, but not #3. This additional commentary is another example of how subjective and fact-specific determining medical necessity can be. The LCDs will also be consulted.
If adopted, these proposals would arguably lead to the most wide-ranging changes in Medicare’s coverage standards and procedures in decades. The proposal to codify the definition of “reasonable and necessary” applies to all items and services. The inclusion of commercial payor standards may be a wild card.
The definition of medical necessity has not been officially revised – yet. One could imagine that, in the midst of a RAC or MAC audit, auditors and providers will disagree as to the true definition of medical necessity.
Going forward, when you get audited, immediately look and see whether your claim denials were denied due to “lack of medical necessity.” Ask yourself, “Really? Is there no medical necessity in this case…even in the era of COVID?” Because the auditors may be wrong.
Secondly, ensure that the RAC and MAC entity is CMS-certified to review those certain CPT codes for medical necessity. CMS limits audits on medical necessity because of the vagueness of the definition. When auditors find no medical necessity, then providers must push back. And you should push back, legally, of course!
As children, we say things are or are not fair. But what is fair? In law, fairness is “tried” in the courts of equity rather than law. Equitable estoppel and the defense of laches are arguments made in the courts of equity. Is it fair if you’ve been billing Medicare for services that you were told by CMS was billable and reimburse-able – for years – then, unexpectantly, CMS says, “Hey, providers, what you were told was reimburse-able, actually is not. In fact, providers, even though you relied on our own guidance, we will cease and desist from paying you going forward AND…we are now going back three years to retroactively collect the money that we should never have paid you…”
How is this fair? Yet, many of you have probably encountered RAC or MAC audits and a post payment review. What I described is a post payment review. Let me give you an example of a nationwide, claw-back by CMS to providers.
On January 29, 2020, CMS announced that beginning March 1, 2020, MACs will reject claims for HCPCS code L8679 submitted without an appropriate HCPCS/CPT surgical procedure code. Claims for HCPCS code L8679 billed with an appropriate HCPCS/CPT surgical code will be suspended for medical review to verify that coverage, coding, and billing rules have been met.
At least according to the announcement, it sounded like CMS instructed the MACs to stop reimbursing L8679 going forward, but I read nothing about going back in time to recoup.
In the last few months, my team has been approached by chiropractors and holistic medical providers who received correspondence from a UPIC and their MACs that they owe hundreds of thousands of dollars for L8679 going back three years prior to CMS’ 2020 announcement to cease using the code.
In this particular instance, many of the providers who had been using the L8679 code did so under the direct guidance of CMS, MACs, and other agents over the years. It becomes a fairness question. Should CMS be able to recoup for claims paid for services rendered when CMS had informed the providers it was the correct code for years?
Another factor to consider is that many of these providers are victims of an intentional scheme to sell devices with the false advice that the devices are covered by Medicare. Litigation has already been filed against the company. In a case filed December 6, 2019, in US District Court of the Eastern District of PA, Neurosurgical Care LLC sued Mark Kaiser and his current company, Doc Solutions LLC, claiming that Kaiser’s company falsely marketed the device as being covered by Medicare. Stivax is a “non-narcotic and minimally invasive form of neurostimulation” which is represented as “one of the only FDA approved microchip controlled microstimulation devices for treating back, joint and arthritic pain.”
Recall that, over the years, CMS paid for these approved procedures with no problem. This situation begins to leave the realm of the courts of law and into the court of equity. It becomes an equitable issue. Is there fairness in Medicare?
There may not be fairness, but there is an administrative appeal process for health care providers! Use it! Request redeterminations!
Before the informative article below , I have two announcements!
(1) My blog has been “in publication” for over eight (8) years, this September 2020. Yay! I truly hope that my articles have been educational for the thousands of readers of my blog. Thank you to everyone who follows my blog. And…
Click here: For my new bio and contact information.
Ok – Back to the informative news about the most recent Executive Orders…
My co-panelist on RACMonitor, Matthew Albright, gave a fascinating and informative summary on the recent, flurry of Executive Orders, and, he says, expect many more to come in the near future. He presented the following article on RACMonitor Monitor Monday, August 10, 2020. I found his article important enough to be shared on my blog. Enjoy!!
By Matthew Albright
Original story posted on: August 12, 2020
Presidential Executive Order No. 1 was issued on Oct. 20, 1862 by President Lincoln; it established a wartime court in Louisiana. The most famous executive order was also issued by Lincoln a few years later – the Emancipation Proclamation.
Executive orders are derived from the Constitution, which gives the president the authority to determine how to carry out the laws passed by Congress. The trick here is that executive orders can’t make new laws; they can only establish new – and perhaps creative – approaches to implementing existing laws.
President Trump has signed 18 executive orders and presidential memorandums in the past seven days. That sample of orders and memos are a good illustration of the authority – and the constraints – of presidential powers.
An executive order and a presidential memorandum are basically the same thing; the difference is that a memorandum doesn’t have to cite the specific law passed by Congress that the president is implementing, and a memorandum isn’t published in the Federal Register. In other words, an executive order says “this is what the President is going to do,” and a memorandum says “the President is going to do this too, but it shouldn’t be taken as seriously.”
Executive orders and memorandums often give instructions to federal agencies on what elements of a broader law they should focus on. One good example of this is the executive order signed a week ago by President Trump that provides new support and access to healthcare for rural communities. In that executive order, the President cited the Patient Protection and Affordable Care Act as the broad law he was using to improve access to rural communities.
Executive orders also often illustrate the limits of presidential authority, a good example being the series of executive orders and memorandums that the president signed this past Saturday, intended to provide Americans financial relief during the pandemic.
One of the memorandums signed on Saturday delayed the due date for employers to submit payroll taxes. The idea was that companies would in turn decide to stop taking those taxes out of employees’ paychecks, at least until December.
By looking at the language in the memorandum and seeing what it does not try to do, we can learn a lot about presidential limits.
The memorandum does not give employers or employees a tax break. That power rests unquestionably with Congress. The order only delays when the taxes will be collected. Like the grim reaper, the tax man will come to your door someday, even if you can delay when that “someday” is.
Also, the tax delay is only for employers, and – again, another illustration of the limits of presidential power – it doesn’t tell employers how they should manage this extra time they have to pay the tax. That is, companies could decide to continue to take taxes out of people’s paychecks, knowing that the taxes will still have to be paid someday.
Another memorandum that the president signed on Saturday concerned unemployment benefits. That order illustrates the division in powers between the federal Executive Branch and the authority of the states.
The memorandum provides an extra $400 in unemployment benefits, but in order for it to work, the states would have to put up one-fourth of the money. The memorandum doesn’t require states to put up the money; it “calls on” them to do it, because the President, unless authorized by Congress, can’t make states pay for something they don’t want.
Executive orders and memorandums are reflective of my current position as the father of two pre-teen girls. I can declare the direction the household should go, I can “call on them” to play less Fortnite and eat more fruit, but my orders and their subsequent implementation often just serve to illustrate the limits – both perceived and real –of my paternal power.
Programming Note: Matthew Albright is a permanent panelist on Monitor Mondays (with me:) ). Listen to his legislative update sponsored by Zelis, Mondays at 10 a.m. EST.