Category Archives: Medicaid Appeals
Today I pose a very important question for you. Do your participation contracts that you sign with Medicare/caid, MCOs, MACs – do they even matter? Are these boilerplate contracts worth the ink and the paper? The answer is yes and no. To the extent that the contracts are written aligned with the federal and State regulations, the contracts are enforceable. To the extent that the contracts violate the federal regulations, those clauses are unenforceable. The contract can even, at times, be more stringent or contain more limitations than the federal regulations. One thing is for sure, these contracts can be your worst enemy or your savior, depending on the clauses.
An Idaho client-provider of mine has been the victim of Optum-“black-hole-ism.” In this case, the “black-hole-ism” will save my client from paying $500k it does not owe. My client is the leading substance abuse (SA) provider in Idaho. Optum is managing Medicaid dollars, which makes it the Agent of the “single State agency,” the Department of Health of Idaho. 42 C.F.R. 431.10. See blog.
The Optum provider contract states that – “It is agreed that the parties knowingly and voluntarily waive any right to a Dispute if arbitration is not initiated within one year after the Dispute Date.” What a great clause. If only all contracts had this limiting clause.
In our dispute, Optum avers we owe $500k. The first demand we received was dated December 2018 for DOS 2016-2017. Notice Optum was timely back in 2018. That was when the client hired my team, and we submitted a rebuttal and initiated the informal appeal to Optum. Here’s where Optum gets sloppy. Months pass. A year passes. I hear crickets in the background. A year and a half passes. Who knows why Optum took a year and a half to respond? COVID happened. Black-hole-ism? Bureaucracy and red tape? Apathy? Ineptness?
Finally, we get a response in September 2020. We respond in October 2020. Our new response included a novel argument that was not included in the 2018 rebuttal. Our argument went something like: “Na Na Na Boo Boo, you’re too late per 7.1 Optum contract.” If we could have included a raspberry, we would done so.
Remember the clause? “It is agreed that the parties knowingly and voluntarily waive any right to a Dispute if arbitration is not initiated within one year after the Dispute Date.”
Well, 2020 is 3-4 years after the initial DOS at issue: 2016-2017. This time, the boilerplate contract is our friend.
Since there is also an arbitration clause, which is not your friend, we will be wholly dependent on an arbitrator to interpret the one-year, limiting clause as a logical, reasonable person. But I will be shocked if even an arbitrator doesn’t throw out this case with prejudice.
Today I want to talk about two ways to increase revenue merely by ensuring that your patients’ rights are met. We talk about providers being audited for their claims being regulatory compliant, but how about self-audits to increase your revenue? I like these kind of audits! I am calling these audits “Reverse RAC audits”. Let’s bring money in instead of reimbursements recouped.
You can protect yourself as a provider and increase revenue by remembering and litigating on behalf of your consumers’ rights. Plus, your patients will be eternally grateful for your advocacy. It is a win/win. The following are two, distinct ways to increase revenue and protect your consumers’ rights:
- Ensuring freedom of choice of provider; and
- Appealing denials on behalf of your consumers.
Freedom of choice of provider.
In a federal case in Indiana, we won an injunction based on the patients’ rights to access to care.
42 CFR § 431.51 – Free choice of providers states that “(b) State plan requirements. A State plan must provide as follows…:
(1) A beneficiary may obtain Medicaid services from any institution, agency, pharmacy, person, or organization that is –
(i) Qualified to furnish the services; and
(ii) Willing to furnish them to that particular beneficiary.
In Bader v. Wernert, MD, we successfully obtained an injunction enjoining the State of Indiana from terminating a health care facility. We sued on behalf of a geneticist – Dr. Bader – whose facility’s contract was terminated from the Medicaid program for cause. We sued Dr. Wernert in his official capacity as Secretary of the Indiana Family and Social Services Administration. Through litigation, we saved the facility’s Medicaid contract from being terminated based on the rights of the consumers. The consumers’ rights can come to the aid of the provider.
Keep in mind that some States’ Waivers for Medicaid include exceptions and limitations to the qualified and willing provider standard. There are also limits to waiving the freedom of choice of provider, as well.
Appealing consumers’ denials.
This is kind of a reverse RAC Audit. This is an easy way to increase revenue.
Under 42 CFR § 405.910 – Appointed representatives, a provider of services may appeal on behalf of the consumers. If you appeal on behalf of your consumers, the obvious benefit is that you could get reimbursed for the services rendered that were denied. You cannot charge a fee for the service; however, so please keep this in mind.
One of my clients currently has hired my team appealing all denials that are still viable under the statute of limitations. There are literally hundreds of denials.
Over the past few years, they had hundreds of consumers’ coverage get denied for one reason or the other. Allegedly not medically necessary or provider’s trainings weren’t conveyed to the auditors. In other words, most of the denials are egregiously wrong. Others are closer to call. Regardless these funds were all a huge lump of accounts’ receivables that was weighing down the accounting books.
Now, with the help of my team, little by little, claim by claim, we are chipping away at that accounts’ receivables. The receivables are decreasing just by appealing the consumers’ denials.
In RAC news, on June 1, 2021, Cotiviti acquired HMS RAC region 4. Don’t be surprised if you see Cotiviti’s logo on RAC audits where you would have seen HMS. This change will have no impact in the day-to-day contract administration and audit timelines under CMS’ guidance. You will continue to follow the guidance in the alleged, improper payment notification letter for submission of medical documentation and discussion period request. In March 2021, CMS awarded Performant an 8.5 year contract to serve as the Region 1 RAC.
There really cannot be any deviations regardless the name of the RAC Auditor because this area is so regulated. Providers always have appeal rights regardless Medicare/caid RAC audits. Or any other type of audit. Medicaid RAC provider appeals are found in 42 CFR 455.512. Whereas Medicare provider redeterminations and the 5 levels of appeal are found in 42 CFR Subpart I. The reason that RAC audits are spoken about so often is that the Code of Federal Regulations applies different rules for RAC audits versus MAC, TPE, UPIC, or other audits. The biggest difference is that RAC auditors are limited to a 3 year look back period according to 42 CFR 455.508. Other auditors do not have that same limitation and can look back for longer periods of time. Of course, whenever “credible allegations of fraud” is involved, the lookback period can be for 10 years.
The federal regulations also allow States to request exceptions from the Medicaid RAC program. CMS mandates every State to participate in the RAC program. But there is a federal reg §455.516 that allows exceptions. To my knowledge, no State has requested exceptions out of the RAC Audit program.
RAC auditors have announced a renewed focus on the two-midnight rule for hospitals. Again. This may seem like a rerun and it is. You recall around 2012, RACs began noticing high rates of error with respect to patient status in certain short-stay Medicare claims submitted for inpatient hospital services. CMS and the RACs indicated the inpatient care setting was medically unnecessary, and the claims should have been billed as outpatient instead. Remember, for stays under 2 midnights, inpatient status may be used in rare and unusual exceptions and may be payable under Medicare Part A on a case-by-case basis.
Changes of ownership of a facility can spur RAC, MAC, and MCO audits. In fact, federal regulations require disclosure of changes of ownership within 35 days after any change of ownership. 42 CFR 455.104. The regulations require disclosure, but there is no guidance regarding acceptance of said change of ownership. In other words what if your company undergoes a change in ownership and the MCO or MAC terminates the participation agreement because they don’t appreciate who the new owner is. The federal regulations also require disclosure of any convictions related to Medicaid. 42 CFR 455.106. In the particular case I am discussing, the MCO audited this company 10-15 times over two years. There seemed to be a personal vendetta, for whatever reason, against the company from higher-ups at the MCO.
Managed care can be tricky because, by definition, it removes the management of Medicaid and Medicare from the government agencies into these quasi-private/quasi-governmental agencies. I still think that managed care violates 42 CFR 410(e), the single state agency requirement that states that “The Medicaid agency may not delegate, to other than its own officials, the authority to supervise the plan or to develop or issue policies, rules, and regulations on program matters.” Despite my personal opinion, managed care is definitely the trend. To date, 40 States have managed care organizations (MCOs) to manage Medicaid.
This company is a behavioral health care provider, which provides substance abuse services, SAIOP, SACOT, PSR, OPT, urine tests; they run a Suboxone clinic, a laboratory, and a pharmacy. It also provides free/charitable transportation services to get the consumers to the facility without receiving any money in return. The CEO was accused of personal, tax fraud. He and his wife never submitted their own taxes; they relied on professionals. One, below-stellar accountant performed the companies’ taxes and the CEO’s personal taxes a few years ago. I am no tax expert, but apparently the problem was that he took no salary for two years while the facility was bringing in little profit. His wife is a physician, so they were able to sustain on one income. A lot of confusion later and multiple tax and criminal attorneys, CEO pled guilty to a personal tax plea. It is a Martha Stewart mistake, not a Bernie Madoff. The guilty plea was not germane to Medicaid.
Once the CEO pleads guilty to the personal plea, the newspaper publishes a story. The MCO first terminates the contract based on 42 CFR 455.106, which requires disclosure if – and the exact wording is important – “Has been convicted of a criminal offense related to that person’s involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs.” This guilty plea was not related to Medicaid so the termination was erroneous.
Concurrently, in light of the CEO’s plea, he steps down and his wife who is also a medical physician steps in to transition as CEO to keep the company going. Obviously, a company is bigger than its CEO’s personal transgressions. 200 staff and hundreds of consumers relied on its viability as a company.
Once we argued that the personal guilty plea was not related to Medicaid, the MCO added the additional reason for termination – failing to disclose a change in ownership. A double whammy!
We were able to successfully file a preliminary injunction arguing that irreparable harm would ensue if the termination were upheld. We also argued that the terminations were erroneous. The Judge agreed in this case agreeing that a company is indeed bigger than its CEO’s transgressions.
We always think about audits involving medical records. But audits can also involve audits of corporate disclosures or nondisclosures of managerial issues. Audits of provider executive teams can be deadly to any company.
Terminations of provider agreements are always tricky because, most often, the MCO or MAC will argue that it can terminate the Medicaid/care contract at will. I disagree, first and foremost. See blog, “Property Rights.”
If a facility is terminated for cause, that reason better be accurate!
In this case, the CEO had no duty to disclose his personal, guilty plea per the regulations. Secondly, the MCOs’ assertion that it had no notice of the transfer of ownership was equally as disingenuous. The facility had been open and honest regarding the transition of the company to a new CEO. While no formal notice was ever provided, there was clear communication about the transition to/from the MCO.
Thus, we were successful in obtaining an injunction; thereby keeping the company viable.
Hello! And beware the Ides of March, which is today! I am going to write today about the state of audits today. When I say Medicare and Medicaid audits, I mean, RACs, MACs, ZPICs, UPICs, CERTs, TPEs, and OIG investigations from credible allegations of fraud. Without question, the new Biden administration will be concentrating even more on fraud, waste, and abuse germane to Medicare and Medicaid. This means that auditing companies, like Public Consulting Group (“PCG”) and National Government Services (“NGS”) will be busy trying to line their pockets with Medicare dollars. As for the Ides, it is especially troubling in March, especially if you are Julius Caesar. “Et tu, Brute?”
One of the government’s most powerful tool is the federal government’s zealous use of 42 CFR 455.23, which states that “The State Medicaid agency must suspend all Medicaid payments to a provider after the agency determines there is a credible allegation of fraud for which an investigation is pending under the Medicaid program against an individual or entity unless the agency has good cause to not suspend payments or to suspend payment only in part.” (emphasis added). That word – “must” – was revised from “may” in 2011, part of the Affordable Care Act (“ACA”).
A “credible allegation” is defined as an indicia of reliability, which is a low bar. Very low.
Remember back in 2013 when Ed Roche and I were reporting on the New Mexico behavioral health care cluster? To remind you, the State of NM accused 15 BH health care providers, which constituted 87.5% of the BH providers in NM, of credible allegations of fraud after the assistant AG, at the time, Larry Heyeck, had just published a legal article re “Credible Allegations of Fraud.” See blog and blog. Unsurprisingly, the suicide rate and substance abuse skyrocketed. There was even a documentary “The Shake-Up” about the catastrophic events in NM set off by the findings of PCG.
I was the lawyer for the three, largest entities and litigated four administrative appeals. If you recall, for Teambuilders, PCG claimed it owed over $12 million. After litigation, an ALJ decided that Teambuilders owed $836.35. Hilariously, we appealed. While at the time, PCG’s accusations put the company out of business, it has re-opened its doors finally – 8 years later. This is how devastating a regulatory audit can be. But congratulations, Teambuilders, for re-opening.
Federal law mandates that during the appeal of a Medicare audit at the first two levels: the redetermination and reconsideration, that no recoupment occur. However, after the 2nd level and you appeal to the ALJ level, the third level, the government can and will recoup unless you present before a judge and obtain an injunction.
Always expect bumps along the road. I have two chiropractor clients in Indiana. They both received notices of alleged overpayments. They are running a parallel appeal. Whatever we do for one we have to do for the other. You would think that their attorneys’ fees would be similar. But for one company, NGS has preemptively tried to recoup THREE times. We have had to contact NGS’ attorney multiple times to stop the withholds. It’s a computer glitch supposedly. Or it’s the Ides of March!
By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.
On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer. Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.
Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”) does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).
Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure. Most people don’t spell it correctly and even less people know what the acronym means. In 2009, HIPAA was supplemented with the HITECH Act. Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information. HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities “implement a mechanism to encrypt” all PHI that is stored electronically. 45 C.F.R. Section 164.312(a)(2)(iv). Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).
Whew, that was a quick history lesson. Now, back to the story.
In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI. First, a laptop was stolen. Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.
HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS).
You may be wondering, what in the world did they violate that would result in such an outrageous fine? So did MD Anderson!
MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.
Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient. 45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity. Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed. “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.
HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity. Well, go complain to the referees HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.
Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations. Not so fast, said the Court. The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system. MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation. Id.at *4.
I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was. That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.
Let’s hope I have many touchdowns to stand up and celebrate on Sunday! Go Chiefs!
The legal fine print: As exciting as this opinion is, please remember that devices should be encrypted and PHI should be protected to the maximum extent possible. While this is a great decision, it doesn’t remove the obligation to comply with the Regulations.
 PHI contains 18 different identifiers. 42 C.F.R. § 164.514(a)(2)(i).
 It’s the Health Insurance Portability and Accountability Act of 1996.
 HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009.
 Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.
 This is a very simple overstatement, but it works for the purposes of this article.
 Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards. An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.
Happy 2021! I bring great news and good tidings. I’m fairly sure that everyone reading is educated in what a preliminary injunction is and how important it can be for a health care provider falsely accused of credible allegations of fraud to lift the mandatory suspension of reimbursements. Finally, over the holidays, a Judge found that an indication of intent is required for an accusation of credible allegations of fraud, unlike past cases in which a mere accusation results in suspensions. 42 CFR §455.23 mandates that a health care provider’s reimbursements be suspended based on “credible allegations of fraud.” Which is a low bar. My client, an oral surgeon, had a disgruntled employee complaint and a baseless PCG audit of $6k. A double threat.
For those who are not in the know: An injunction is an extraordinary legal tool that allows the judge to suspend whatever bad action the government or one of its auditors do.
You have to prove:
- Likelihood of success on the merits
- Irreparable harm
- Balance of equities
- Public Interest.
I would guestimate that only 10-20% of requests for TROs and PIs are granted. Last week, we won for the oral surgeon. Everyone can learn from his success. This is how we won. Let me set the stage. We have an oral surgeon who underwent an infamous PCG audit resulting in an alleged $6k overpayment. PCG concurrently sends his data to program integrity, and one month later and without any notice, his reimbursements are suspended based on a “credible allegation of fraud.” Concurrently, he had a disgruntled employee threatening him.
Remember that the bar to demonstrate “credible allegation of fraud” is amazingly low. It is an “indicia of reliability.” An inaccurate PCG audit and a disgruntled employee, in this case, were the catalyst for the oral surgeon’s Medicaid reimbursements. His practice comprised of 80% Medicaid, so the suspension would cause irreparable harm to the practice.
We filed a TRO, PI, and Motion to Stay. The day before Christmas, we had trial.
The Judge ruled that the Department cannot just blindly rely on an anonymous accusation. There has to be some sort of investigation. It is not OK to accept accusations at face value without any sort of independent fact-checking. The Judge created an additional burden for the Department in cases of accusations of fraud that is not present in the regulation. But it is logical and reasonable to expect the Department to explore the accusations. The Judge emphasized that fraud requires intent. He also pointed out that fraud is not defined in the regulations. He emphasized that billing errors are not intentional acts.
The Judge held that, “[i]n light of the large number of Medicaid beneficiaries treated by the Petitioner’s practice, the rarity of the physician’s skills, and the apparent demand for those services, the relatively small amount of money now or formally in controversy, the lack of evidence of actual fraud and the contrary indications, the high probability that good cause exists for not suspending Petitioner’s Medicaid payments, and the near certainty of irreparable harm to the Petitioner if the relief is not granted, a TRO should be granted.”
Even better, the Judge ordered that the surgeon did not have to put up a bond, which is normally required by law. By the stroke of the Judge’s pen, the surgeon could go back to work performing medically necessary services to Medicaid recipients, which, by the way is rare for an oral surgeon to accept Medicaid. This is a success for health care providers. Accusations of fraud should require independent corroboration and evidence of intent.
For healthcare providers looking to avoid any of the traps stemming from PRF (Provider Relief Funds) compliance, RACmonitor is inviting you to sign up for Knicole Emanuel’s upcoming webcast on January 21st, 2021. It is titled: COVID-19 Provider Relief Funds: How to Avoid Audits. You can visit RACmonitor download the order form for the webcast to save yourself a spot.
If your facility accepted Provider Relief Funds (PRFs) as a consequence of the coronavirus pandemic, you need to be aware of the myriad of rules and regulations that are associated with this funding or else face penalties and takebacks. A word of caution: expect to be audited. In Medicare and Medicaid, regulatory audits are as certain as death and taxes. That is why your facility needs to arm itself with the knowledge of how to address documentation requests from the government, especially while the Public Health Emergency (PHE) is in effect.
This exclusive RACmonitor webcast, led by healthcare attorney Knicole Emanuel, discusses the PRF rules that providers must follow and how to prove that funds were appropriately used. There are strict regulations dictating why, how, and how much PRFs can be spent due to the catastrophic, financial impact of COVID-19. Register now to learn how to avoid penalties and takebacks related to PRFs.
- Rules and regulations relative to receiving and spending funds provided by the COVID-19 PRF
- Exceptions to COVID-19 PRF and relevant effective dates
- PRF documentation and reporting requirements
- The importance of the legal dates of PHE
- How to prove your facility’s use of funds is germane to COVID-19
Who Should Attend:
- RAC and appeals specialists
- RAC coordinators
- Compliance officers
- Directors and managers
About Knicole C. Emanuel, Esq.
Healthcare industry expert and Practus partner, Knicole Emanuel, is a regular contributor to the healthcare industry podcast, Monitor Mondays, by RACmonitor. For more than 20 years, Knicole Emanuel has maintained a health care litigation practice, concentrating on Medicare and Medicaid litigation, health care regulatory compliance, administrative law and regulatory law. Knicole has tried over 2,000 administrative cases in over 30 states and has appeared before multiple states’ medical boards.
She has successfully obtained federal injunctions in numerous states. This allowed health care providers to remain in business despite the state or federal laws allegations of health care fraud, abhorrent billings, and data mining. A wealth of knowledge in her industry, Knicole frequently lectures across the country on health care law. This includes the impact of the Affordable Care Act and regulatory compliance for providers, including physicians, home health and hospice, dentists, chiropractors, hospitals and durable medical equipment providers.
If you are accused of Medicare fraud, your Medicare reimbursements will be immediately cut off without any due process or ability to defend yourself against the allegations. If you accept Medicare and Medicaid then you are held to strict regulations, some of which are highly, Draconian in nature without much recourse, legally, for providers. Many, many a provider have gone bankrupt and been forced out of business due to “credible allegations of fraud.” You see, legally, “credible allegations of fraud” is a low standard to meet. The definition of “credible” is “an indicia of reliability.” “Indicia” is defined as “signs, indications, circumstances which tend to show or indicate that something is probable. It is used in the form of “indicia of title,” or “indicia of partnership,” particularly when the “signs” are items like letters, certificates, or other things that one would not have unless the facts were as the possessor claimed. It can be a disgruntled worker. I am sure that none of the listeners here today have ever dealt with a disgruntled employee. Yes, that is sarcasm.
42 CFR § 405.372 is the regulation outlining the requirements for suspending Medicare payments. 42 CFR § 455.23 is the regulation mandating suspension of Medicaid payments upon credible allegations of fraud.
Pursuant to Medicare regulations, CMS must suspend Medicare reimbursements to a healthcare provider “in whole or in part” if it has been “determined that a credible allegation of fraud exists against a provider or supplier.” 42 C.F.R. § 405.371(a)(2). A credible allegation of fraud is “an allegation from any source, including … civil fraud claims cases, and law enforcement investigations.” 42 C.F.R. § 405.370(a). The decision to suspend Medicare payment or continue a payment suspension is made at the discretion of CMS – not the MAC. If you receive a letter from a MAC alleging fraud, be sure to check whether the letter states that the decision was made in collaboration with CMS. The MACs do not have the authority.
The suspension, however, is not indefinite, although the length is normally a year, which is financially devastating. The regulations allow CMS to maintain the suspension until a “legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence to support allegations of fraud.” 42 C.F.R. §§ 405.370(a) and .372(d)(3); see also § 405.371(b)(3)(ii) (CMS may extend the suspension of payment if the Department of Justice submits a written request that “suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal or civil action or both or based on a pending criminal or civil action or both.”).
When you receive a fraud accusation of any type – it is imperative to send it to your counsel. If you opt to litigate the suspension by asking the Court to enjoin the suspension, your first legal obstacle will be to argue that you do not have to exhaust your administrative remedies before appearing for the injunction. Cases have been decided both in the favor of providers and their suspensions have been lifted and against the providers. These cases usually win or lose on the argument that the suspension of reimbursements is an ancillary subject from the actual investigation of fraud. It is a jurisdictional argument.
It is my opinion that the federal regulations that allow for suspension of payments upon credible allegations of fraud need to be revised. Any of you with lobbyists, we need to revise the regulations to require due process – notice and an opportunity to be heard – prior to the government suspending Medicare and Medicaid reimbursements based on a spurious accusation from an anonymous source.
Back in 2015, I am sure that you all recall the case in New Mexico where NM accused 15 BH care provider of credible allegations of fraud. The providers constituted 87.5% of the BH in NM. I was one of the attorneys representing the larger BH cos. Prior to my involvement, all 15 providers requested good cause. All were denied. Lawmakers think that the good cause exception written into the regulation is enough defense for providers. But when the good cause is almost always denied, it isn’t much help. Write to your congress people. Amend the regulations to require due process.
Reporting the use of PRFs will be an ongoing issue due to the fraud and abuse implications of misusing PRFs.
The federal Provider Relief Fund (PRF) was created under the provisions of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, which was passed to address the economic harm suffered by healthcare providers that have incurred (or will incur) additional expenses and have lost (or will lose) significant revenue as a result of the COVID-19 pandemic. PRF payments have been made from either the “general distribution” tranche or via various “targeted distributions.” PRF payment amounts and whether the providers complied with the terms and conditions will be a hotly contested topic in Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits for years to come. If Centers for Medicare & Medicaid Services (CMS) auditors put out a monthly magazine, like Time, PRF would be on the cover. This will be the hot topic of RAC audits, come Jan. 1, 2021.
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) will audit Medicare payments made to hospitals for COVID-19 discharges that qualified for the 20-percent add-on payment under the CARES Act, according to a new item on the agency’s work plan.
To use the PRF funding from either the general or targeted distributions, providers must attest to receiving the funds and agree to all terms and conditions. However, what constitutes a “healthcare-related expense” or how to calculate “lost revenue” is not clearly defined. Similarly, how you net healthcare-related expenses toward lost revenue is also vague and undefined. On Nov. 2, HHS issued a clarification to post-payment reporting guidance for PRF funds.
The current guidance, issued Oct. 22, includes a two-step process for providers to report their use of PRF payments. The guidance specifically cites:
- Healthcare-related expenses attributable to COVID that another source has not reimbursed and is not obligated to reimburse, which may include general and administrative (G&A) or “healthcare-related operating expenses;” and
- PRF payment amounts not fully expended on healthcare-related expenses attributable to coronavirus are then applied to lost revenues associated with patient care, net of the healthcare-related expenses attributable to coronavirus calculated under the first step. Recipients may apply PRF payments toward lost revenue, up to the amount of the difference between their 2019 and 2020 actual patient care revenue.
HHS’s newest clarification came from its response to a FAQ, in which it said that healthcare-related expenses are no longer netted against the patient care lost revenue amount cited in the second portion. HHS indicated that a revised notice would be posted to remove the “net of the healthcare-related expenses” language in the guidance. Of course, as of now, we have no guidance regarding when this clarification is to be put into place officially. Yet another moving target for auditors.
Anticipate audits of the use of your PRF payments. CMS is choosing a sample of hospitals across the country that have received PRF payments to verify that such expenditures were for healthcare-related expenses. For each audit, OIG will obtain data and interview HHS/PRF program officials to understand how PRF payments were calculated, and then review actual PRF payments for compliance with CARES Act requirements. OIG will also review whether HHS’s controls over PRF payments ensured that payments were calculated correctly and disbursed to eligible providers.
Audits will also focus on how providers initially applied to receive PRFs, including calculations utilized and how COVID-19 patients are defined. When each hospital ceased netting expenses against lost revenue will now be another hot topic.
Balance billing is another area of interest. The terms and conditions require providers that accept the PRFs not to collect out-of-pocket payments from patients for all care for a presumptive or actual case of COVID-19 that exceeded what they would pay an in-network provider.
More havoc may ensue with any purchases or sales transactions that occur in the next year or so. Providers will need to know how to navigate compliance risks associated with any accepted or transferred PRFs. Tracking and reporting use of the PRFs will also be an ongoing issue due to the fraud and abuse implications of misusing PRFs, and there is limited guidance regarding how use will be audited. Many questions remain unanswered. Many terms remain undefined.
Programming Note: Knicole Emanuel, Esq. is a permanent panelist on Monitor Mondays. Listen to her RAC Report every Monday at 10 a.m. EST.