Category Archives: Medicaid Appeals

Beware the Ides of March! And Medicare Provider Audits!

Hello! And beware the Ides of March, which is today! I am going to write today about the state of audits today. When I say Medicare and Medicaid audits, I mean, RACs, MACs, ZPICs, UPICs, CERTs, TPEs, and OIG investigations from credible allegations of fraud. Without question, the new Biden administration will be concentrating even more on fraud, waste, and abuse germane to Medicare and Medicaid. This means that auditing companies, like Public Consulting Group (“PCG”) and National Government Services (“NGS”) will be busy trying to line their pockets with Medicare dollars. As for the Ides, it is especially troubling in March, especially if you are Julius Caesar. “Et tu, Brute?”

One of the government’s most powerful tool is the federal government’s zealous use of 42 CFR 455.23, which states that “The State Medicaid agency must suspend all Medicaid payments to a provider after the agency determines there is a credible allegation of fraud for which an investigation is pending under the Medicaid program against an individual or entity unless the agency has good cause to not suspend payments or to suspend payment only in part.” (emphasis added). That word – “must” – was revised from “may” in 2011, part of the Affordable Care Act (“ACA”).

A “credible allegation” is defined as an indicia of reliability, which is a low bar. Very low.

Remember back in 2013 when Ed Roche and I were reporting on the New Mexico behavioral health care cluster? To remind you, the State of NM accused 15 BH health care providers, which constituted 87.5% of the BH providers in NM, of credible allegations of fraud after the assistant AG, at the time, Larry Heyeck, had just published a legal article re “Credible Allegations of Fraud.” See blog and blog. Unsurprisingly, the suicide rate and substance abuse skyrocketed. There was even a documentary “The Shake-Up” about the catastrophic events in NM set off by the findings of PCG.

This is another example of a PCG allegation of overpayment over $700k, which was reduced to $336.84.

I was the lawyer for the three, largest entities and litigated four administrative appeals. If you recall, for Teambuilders, PCG claimed it owed over $12 million. After litigation, an ALJ decided that Teambuilders owed $836.35. Hilariously, we appealed. While at the time, PCG’s accusations put the company out of business, it has re-opened its doors finally – 8 years later. This is how devastating a regulatory audit can be. But congratulations, Teambuilders, for re-opening.

Federal law mandates that during the appeal of a Medicare audit at the first two levels: the redetermination and reconsideration, that no recoupment occur. However, after the 2nd level and you appeal to the ALJ level, the third level, the government can and will recoup unless you present before a judge and obtain an injunction.

Always expect bumps along the road. I have two chiropractor clients in Indiana. They both received notices of alleged overpayments. They are running a parallel appeal. Whatever we do for one we have to do for the other. You would think that their attorneys’ fees would be similar. But for one company, NGS has preemptively tried to recoup THREE times. We have had to contact NGS’ attorney multiple times to stop the withholds. It’s a computer glitch supposedly. Or it’s the Ides of March!

HIPAA and Football

By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.

On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer.  Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.

Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”)[1] does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).

Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure.  Most people don’t spell it correctly and even less people know what the acronym means.[2]  In 2009, HIPAA was supplemented with the HITECH Act.[3] Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information.  HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities[4] “implement a mechanism to encrypt” all PHI that is stored electronically.  45 C.F.R. Section 164.312(a)(2)(iv).  Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).

Whew, that was a quick history lesson.  Now, back to the story.

In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI.  First, a laptop was stolen.  Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.  

HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS). 

You may be wondering, what in the world did they violate that would result in such an outrageous fine?  So did MD Anderson!

MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.

Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient.[5]  45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity.  Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed.[6]  “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.

HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity.  Well, go complain to the referees  HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.

Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations.  Not so fast, said the Court.  The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system.  MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation.  Id.at *4.  

I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was.  That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.  

Let’s hope I have many touchdowns to stand up and celebrate on Sunday!  Go Chiefs!    

The legal fine print: As exciting as this opinion is, please  remember that devices should be encrypted and PHI should be protected to the maximum extent possible.  While this is a great decision, it doesn’t remove the obligation to comply with the Regulations. 


[1] PHI contains 18 different identifiers.  42 C.F.R. § 164.514(a)(2)(i).

[2] It’s the Health Insurance Portability and Accountability Act of 1996. 

[3] HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009. 

[4] Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.

[5] This is a very simple overstatement, but it works for the purposes of this article.

[6] Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards.  An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.

Medicaid Suspension Lifted Because No Evidence of Intent!

Happy 2021! I bring great news and good tidings. I’m fairly sure that everyone reading is educated in what a preliminary injunction is and how important it can be for a health care provider falsely accused of credible allegations of fraud to lift the mandatory suspension of reimbursements. Finally, over the holidays, a Judge found that an indication of intent is required for an accusation of credible allegations of fraud, unlike past cases in which a mere accusation results in suspensions. 42 CFR §455.23 mandates that a health care provider’s reimbursements be suspended based on “credible allegations of fraud.” Which is a low bar. My client, an oral surgeon, had a disgruntled employee complaint and a baseless PCG audit of $6k. A double threat.

For those who are not in the know: An injunction is an extraordinary legal tool that allows the judge to suspend whatever bad action the government or one of its auditors do.

You have to prove:

  1. Likelihood of success on the merits
  2. Irreparable harm
  3. Balance of equities
  4. Public Interest.

I would guestimate that only 10-20% of requests for TROs and PIs are granted. Last week, we won for the oral surgeon. Everyone can learn from his success. This is how we won. Let me set the stage. We have an oral surgeon who underwent an infamous PCG audit resulting in an alleged $6k overpayment. PCG concurrently sends his data to program integrity, and one month later and without any notice, his reimbursements are suspended based on a “credible allegation of fraud.” Concurrently, he had a disgruntled employee threatening him.

Remember that the bar to demonstrate “credible allegation of fraud” is amazingly low. It is an “indicia of reliability.” An inaccurate PCG audit and a disgruntled employee, in this case, were the catalyst for the oral surgeon’s Medicaid reimbursements. His practice comprised of 80% Medicaid, so the suspension would cause irreparable harm to the practice.

We filed a TRO, PI, and Motion to Stay. The day before Christmas, we had trial.

The Judge ruled that the Department cannot just blindly rely on an anonymous accusation. There has to be some sort of investigation. It is not OK to accept accusations at face value without any sort of independent fact-checking. The Judge created an additional burden for the Department in cases of accusations of fraud that is not present in the regulation. But it is logical and reasonable to expect the Department to explore the accusations. The Judge emphasized that fraud requires intent. He also pointed out that fraud is not defined in the regulations. He emphasized that billing errors are not intentional acts.

The Judge held that, “[i]n light of the large number of Medicaid beneficiaries treated by the Petitioner’s practice, the rarity of the physician’s skills, and the apparent demand for those services, the relatively small amount of money now or formally in controversy, the lack of evidence of actual fraud and the contrary indications, the high probability that good cause exists for not suspending Petitioner’s Medicaid payments, and the near certainty of irreparable harm to the Petitioner if the relief is not granted, a TRO should be granted.”

Even better, the Judge ordered that the surgeon did not have to put up a bond, which is normally required by law. By the stroke of the Judge’s pen, the surgeon could go back to work performing medically necessary services to Medicaid recipients, which, by the way is rare for an oral surgeon to accept Medicaid. This is a success for health care providers. Accusations of fraud should require independent corroboration and evidence of intent.

KNICOLE EMANUEL TO HOST JANUARY WEBCAST ON PRFS AND RAC AUDITS

For healthcare providers looking to avoid any of the traps stemming from PRF (Provider Relief Funds) compliance, RACmonitor is inviting you to sign up for Knicole Emanuel’s upcoming webcast on January 21st, 2021. It is titled: COVID-19 Provider Relief Funds: How to Avoid Audits.  You can visit RACmonitor download the order form for the webcast to save yourself a spot. 

Webcast Description: 

If your facility accepted Provider Relief Funds (PRFs) as a consequence of the coronavirus pandemic, you need to be aware of the myriad of rules and regulations that are associated with this funding or else face penalties and takebacks. A word of caution: expect to be audited. In Medicare and Medicaid, regulatory audits are as certain as death and taxes. That is why your facility needs to arm itself with the knowledge of how to address documentation requests from the government, especially while the Public Health Emergency (PHE) is in effect.

This exclusive RACmonitor webcast, led by healthcare attorney Knicole Emanuel, discusses the PRF rules that providers must follow and how to prove that funds were appropriately used. There are strict regulations dictating why, how, and how much PRFs can be spent due to the catastrophic, financial impact of COVID-19. Register now to learn how to avoid penalties and takebacks related to PRFs.

Learning Objectives:

  • Rules and regulations relative to receiving and spending funds provided by the COVID-19 PRF
  • Exceptions to COVID-19 PRF and relevant effective dates
  • PRF documentation and reporting requirements
  • The importance of the legal dates of PHE
  • How to prove your facility’s use of funds is germane to COVID-19

Who Should Attend:

  • CFOs
  • RAC and appeals specialists
  • RAC coordinators
  • Compliance officers
  • Directors and managers

About Knicole C. Emanuel, Esq.

Healthcare industry expert and Practus partner, Knicole Emanuel, is a regular contributor to the healthcare industry podcast, Monitor Mondays, by RACmonitor. For more than 20 years, Knicole Emanuel has maintained a health care litigation practice, concentrating on Medicare and Medicaid litigation, health care regulatory compliance, administrative law and regulatory law. Knicole has tried over 2,000 administrative cases in over 30 states and has appeared before multiple states’ medical boards. 

She has successfully obtained federal injunctions in numerous states. This allowed health care providers to remain in business despite the state or federal laws allegations of health care fraud, abhorrent billings, and data mining. A wealth of knowledge in her industry, Knicole frequently lectures across the country on health care law. This includes the impact of the Affordable Care Act and regulatory compliance for providers, including physicians, home health and hospice, dentists, chiropractors, hospitals and durable medical equipment providers.

“Credible Allegations of Fraud”: Immediate Medicare Payment Suspension!

If you are accused of Medicare fraud, your Medicare reimbursements will be immediately cut off without any due process or ability to defend yourself against the allegations. If you accept Medicare and Medicaid then you are held to strict regulations, some of which are highly, Draconian in nature without much recourse, legally, for providers. Many, many a provider have gone bankrupt and been forced out of business due to “credible allegations of fraud.” You see, legally, “credible allegations of fraud” is a low standard to meet. The definition of “credible” is “an indicia of reliability.” “Indicia” is defined as “signs, indications, circumstances which tend to show or indicate that something is probable. It is used in the form of “indicia of title,” or “indicia of partnership,” particularly when the “signs” are items like letters, certificates, or other things that one would not have unless the facts were as the possessor claimed. It can be a disgruntled worker. I am sure that none of the listeners here today have ever dealt with a disgruntled employee. Yes, that is sarcasm.

42 CFR § 405.372 is the regulation outlining the requirements for suspending Medicare payments. 42 CFR § 455.23 is the regulation mandating suspension of Medicaid payments upon credible allegations of fraud.

Pursuant to Medicare regulations, CMS must suspend Medicare reimbursements to a healthcare provider “in whole or in part” if it has been “determined that a credible allegation of fraud exists against a provider or supplier.” 42 C.F.R. § 405.371(a)(2). A credible allegation of fraud is “an allegation from any source, including … civil fraud claims cases, and law enforcement investigations.” 42 C.F.R. § 405.370(a). The decision to suspend Medicare payment or continue a payment suspension is made at the discretion of CMS – not the MAC. If you receive a letter from a MAC alleging fraud, be sure to check whether the letter states that the decision was made in collaboration with CMS. The MACs do not have the authority.

The suspension, however, is not indefinite, although the length is normally a year, which is financially devastating. The regulations allow CMS to maintain the suspension until a “legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence to support allegations of fraud.” 42 C.F.R. §§ 405.370(a) and .372(d)(3); see also § 405.371(b)(3)(ii) (CMS may extend the suspension of payment if the Department of Justice submits a written request that “suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal or civil action or both or based on a pending criminal or civil action or both.”).

When you receive a fraud accusation of any type – it is imperative to send it to your counsel. If you opt to litigate the suspension by asking the Court to enjoin the suspension, your first legal obstacle will be to argue that you do not have to exhaust your administrative remedies before appearing for the injunction. Cases have been decided both in the favor of providers and their suspensions have been lifted and against the providers. These cases usually win or lose on the argument that the suspension of reimbursements is an ancillary subject from the actual investigation of fraud. It is a jurisdictional argument.

It is my opinion that the federal regulations that allow for suspension of payments upon credible allegations of fraud need to be revised. Any of you with lobbyists, we need to revise the regulations to require due process – notice and an opportunity to be heard – prior to the government suspending Medicare and Medicaid reimbursements based on a spurious accusation from an anonymous source.

Back in 2015, I am sure that you all recall the case in New Mexico where NM accused 15 BH care provider of credible allegations of fraud. The providers constituted 87.5% of the BH in NM. I was one of the attorneys representing the larger BH cos. Prior to my involvement, all 15 providers requested good cause. All were denied. Lawmakers think that the good cause exception written into the regulation is enough defense for providers. But when the good cause is almost always denied, it isn’t much help. Write to your congress people. Amend the regulations to require due process.

Provider Relief Funds: The Hottest RAC Audit Subject

Reporting the use of PRFs will be an ongoing issue due to the fraud and abuse implications of misusing PRFs.

The federal Provider Relief Fund (PRF) was created under the provisions of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, which was passed to address the economic harm suffered by healthcare providers that have incurred (or will incur) additional expenses and have lost (or will lose) significant revenue as a result of the COVID-19 pandemic. PRF payments have been made from either the “general distribution” tranche or via various “targeted distributions.” PRF payment amounts and whether the providers complied with the terms and conditions will be a hotly contested topic in Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits for years to come. If Centers for Medicare & Medicaid Services (CMS) auditors put out a monthly magazine, like Time, PRF would be on the cover. This will be the hot topic of RAC audits, come Jan. 1, 2021.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) will audit Medicare payments made to hospitals for COVID-19 discharges that qualified for the 20-percent add-on payment under the CARES Act, according to a new item on the agency’s work plan.

To use the PRF funding from either the general or targeted distributions, providers must attest to receiving the funds and agree to all terms and conditions. However, what constitutes a “healthcare-related expense” or how to calculate “lost revenue” is not clearly defined. Similarly, how you net healthcare-related expenses toward lost revenue is also vague and undefined. On Nov. 2, HHS issued a clarification to post-payment reporting guidance for PRF funds.

The current guidance, issued Oct. 22, includes a two-step process for providers to report their use of PRF payments. The guidance specifically cites:

  • Healthcare-related expenses attributable to COVID that another source has not reimbursed and is not obligated to reimburse, which may include general and administrative (G&A) or “healthcare-related operating expenses;” and
  • PRF payment amounts not fully expended on healthcare-related expenses attributable to coronavirus are then applied to lost revenues associated with patient care, net of the healthcare-related expenses attributable to coronavirus calculated under the first step. Recipients may apply PRF payments toward lost revenue, up to the amount of the difference between their 2019 and 2020 actual patient care revenue.

HHS’s newest clarification came from its response to a FAQ, in which it said that healthcare-related expenses are no longer netted against the patient care lost revenue amount cited in the second portion. HHS indicated that a revised notice would be posted to remove the “net of the healthcare-related expenses” language in the guidance. Of course, as of now, we have no guidance regarding when this clarification is to be put into place officially. Yet another moving target for auditors.

Anticipate audits of the use of your PRF payments. CMS is choosing a sample of hospitals across the country that have received PRF payments to verify that such expenditures were for healthcare-related expenses. For each audit, OIG will obtain data and interview HHS/PRF program officials to understand how PRF payments were calculated, and then review actual PRF payments for compliance with CARES Act requirements. OIG will also review whether HHS’s controls over PRF payments ensured that payments were calculated correctly and disbursed to eligible providers.

Audits will also focus on how providers initially applied to receive PRFs, including calculations utilized and how COVID-19 patients are defined. When each hospital ceased netting expenses against lost revenue will now be another hot topic.

Balance billing is another area of interest. The terms and conditions require providers that accept the PRFs not to collect out-of-pocket payments from patients for all care for a presumptive or actual case of COVID-19 that exceeded what they would pay an in-network provider.

More havoc may ensue with any purchases or sales transactions that occur in the next year or so. Providers will need to know how to navigate compliance risks associated with any accepted or transferred PRFs. Tracking and reporting use of the PRFs will also be an ongoing issue due to the fraud and abuse implications of misusing PRFs, and there is limited guidance regarding how use will be audited. Many questions remain unanswered. Many terms remain undefined.

Programming Note: Knicole Emanuel, Esq. is a permanent panelist on Monitor Mondays. Listen to her RAC Report every Monday at 10 a.m. EST.

PHE Is an Enigma for Most Providers

As of now, the public health emergency (PHE) for the COVID-19 pandemic will expire July 24, 2020, unless it is renewed. Fellow contributor David Glaser and I have both reported on the potential end date of the PHE. Recent intel from Dr. Ronald Hirsh is that the Centers for Medicare & Medicaid Services (CMS) may renew the PHE period. Each time the PHE period is renewed, it is effective for another 90 days. Recent news about the uptick in COVID cases may have already alerted you that the PHE period will probably be prolonged.

CMS has given guidance that the exceptions that it has granted during this period of the PHE may be extended to Dec. 1, 2020. There is no indication of the Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits being suspended until December 2020. In fact, we expect the audits to begin again any day. There will be confusion when audits resume and COVID exceptions are revoked on a rolling basis.

I witnessed some interesting developments as a health care attorney during this ongoing pandemic. Three of my physician clients were erroneously placed on the Medicare exclusion lists. One would think that during the pandemic, CMS would move mountains to allow a Harvard-trained ER doctor to work in an ER. Because of the lack of staff, it was actually difficult to achieve an easy fix. This doctor was suspended from Medicare based on an accidental and inadvertent omission of a substance abuse issue more than 10 years ago. He disclosed everything except an 11-year-old misdemeanor. He did not omit the misdemeanor purposely. Instead, this ER physician relies on other hospital staff to submit his Medicare re-credentialing every year, as he should. It just happened that this year, the year of COVID, this doctor got caught up in a mistake that in normal times would have been a phone call away from fixing. We cleared up his issue, but not until he was unable to work for over two months, during the midst of the PHE.

At the time of the announcement of the public health emergency, another company, a home health provider, was placed on prepayment review. I am not sure how many of you are familiar with prepayment review, but this is a Draconian measure that all States and the federal government may wield against health care providers. When you are on prepayment review, you cannot get paid until another independent contracted entity reviews your claims “objectively.” I say objectively in quotes because I have yet to meet a prepayment review audit with which I agreed.

Mostly because of COVID, we were forced to argue for a preliminary injunction, allowing this home heath provider to continue to provide services and get paid for services rendered during the PHE. We were successful. That was our first lawsuit during COVID. I believe we went to trial in April 2020. We had another trial in May 2020, for which we have not received the result, although we have high hopes. I may be able to let you know the outcome eventually. But for now, because of COVID, with a shortage of court reporters willing to work, we will not receive the transcript from the trial until over four weeks after the trial.

Tomorrow, Tuesday, we begin our third COVID trial. For the first time since COVID, it will not be virtual. This is the guidance that conveys to me that RAC and MAC audits will begin again soon. If a civil judge is ordering the parties to appear in person, then the COVID stay-at-home orders must be decreasing. I cannot say I am happy about this most recent development (although audits may be easier if they are conducted virtually).

The upshot is that no one really knows how the next few months will unfold in the healthcare industry. Some hospitals and healthcare systems are going under due to COVID. Big and small hospital systems are in financial despair. A RAC or MAC audit hitting in the wake of the COVID pandemic could cripple most providers. In the rearranged words of Roosevelt, “speak loudly, and carry a big stick.”

Update on Medicare/Medicaid Audits in the Wake of COVID-19

Published in Today’s Wound Clinic:

When I was asked to draft an article for Today’s Wound Clinic, it was approximately two weeks ago. I was asked to write about the current state of Medicare and Medicaid audits. Specifically, I was asked to provide a legal analysis about CMS suspending audits un-related to COVID-19. In the month of April, we have seen the spike of COVID-19, which has overturned our everyday world. We have been instructed by President Trump to “stay home” and “social distance” to decrease the spread of the virus. This “stay at home” instruction is unprecedented and has uprooted many of our most reliable and commonplace businesses, such as hairdressers, bowling alleys, and tattoo parlors.

Here is the answer: The current state of Medicare/Medicaid audits, at the moment, is dictated by COVID-19.

We can divide the post-COVID-19 audit rules into 3 categories:

  1. Those exceptions published by CMS to apply to all health care providers
  2. Those special, verbal exceptions given directly to an individual provider that were not published by CMS
  3. Effective immediately, new guidelines that CMS will follow until CMS believes it no longer needs to follow (by its own choice, of course).

An example of an “effective immediately” guideline is our current state of Medicare/Medicaid audits in the wake of COVID-19. CMS has not suspended all Medicare/Medicaid regulatory audits. But CMS has suspended most audits.

Effective immediately, survey activity is limited to the following (in Priority Order):

  • All immediate jeopardy complaints (cases that represents a situation in which entity noncompliance has placed the health and safety of recipients in its care at risk for serious injury, serious harm, serious impairment or death or harm) and allegations of abuse and neglect;
  • Complaints alleging infection control concerns, including facilities with potential COVID-19 or other respiratory illnesses;
  • Statutorily required recertification surveys (Nursing Home, Home Health, Hospice, and ICF/IID facilities);
  • Any re-visits necessary to resolve current enforcement actions;
  • Initial certifications;
  • Surveys of facilities/hospitals that have a history of infection control deficiencies at the immediate jeopardy level in the last three years;
  • Surveys of facilities/hospitals/dialysis centers that have a history of infection control deficiencies at lower levels than immediate jeopardy.

See CMS QSO-20-12-ALL. You can see that these “effective immediately” guidelines are usually published on CMS letterhead. The “effective immediately” guidelines explain why CMS is taking the stated action, the stated action, and that the action is temporary and due to COVID-19.

Here are a few recent “effective immediately” guidelines due to COVID-19:

  • On April 27, 2020, CMS said it would no longer expedite Medicare payments to doctors and be more stringent about accelerating the payments to hospitals as Congressional relief aimed at providers reaches $175 billion.
  • The agency is not accepting any new applications for the loans from Part B suppliers, including doctors, non-physician practitioners and durable medical equipment suppliers. CMS will continue to process pending and new requests from Part A providers, including hospitals, but be stricter with application approvals.
  • CMS expanded the Accelerated and Advance Payment Programs in late March as the pandemic continued to gain strength in the U.S. Since then, the agency has approved over 21,000 applications making up $59.6 billion in accelerated payments to Part A providers and almost 24,000 applications making up $40.4 billion in payments for Part B suppliers.

The $2.2 trillion Coronavirus Aid, Relief, and Economic Security stimulus package passed by Congress in March benchmarked $100 billion in funds for hospitals. On Friday, President Donald Trump signed legislation with a second round of emergency funding, called the Paycheck Protection Program and Health Care Enhancement Act, that allocates another $75 billion for providers — roughly three-quarters of what major provider trade associations requested.

An initial $30 billion from the fund was distributed between April 10 and April 17 based on Medicare fee-for-service revenue, sparking criticism that put facilities with a smaller proportion of Medicare business, such as children’s and disproportionate share hospitals, at a disadvantage. HHS on Friday began releasing an additional $20 billion in CARES payments to providers based on their 2018 net patient revenue, with more funding to roll out “soon,” the agency said, including $10 billion for hard-hit areas like New York.

How RAC/MAC auditors are compensated dictates their actions and/or aggressiveness.

RAC Auditors are paid by contingency. They are usually compensated approximately 13%, depending on the State. Imagine what 13% is of 1 million. It is $130,000 – more than most people make in a year. If you do not believe that 13% contingency is enough to incentivize a company, which, in turn, incentivize the employees, then you are sorely mistaken.

RACs were established through a demonstration program under the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (“MMA”), piloted between 2005 and 2008, and were later made permanent under the Tax Relief and Health Care Act of 2006, which required CMS to establish Recovery Auditors for all states before 2010.

MACs are not compensated by contingency, per se. CMS decided to structure the MAC contracts with 1-year base performance periods and four, optional, 1-year performance periods at the time. The MMA required that these contracts be recompeted at least once every 5 years. The recent enactment of the Medicare Access and CHIP Reauthorization Act of 2015 amended this requirement to authorize a maximum 10-year performance period before MAC contracts must be recompeted. The amendment, which applies to MAC contracts in effect at the time of enactment or entered into on or after enactment, would permit CMS to modify existing MAC contracts or enter into future MAC contracts for 1-year base performance periods and nine optional 1-year performance periods. See Pub. L. No. 114-10, § 509(a)- (b) (April 16, 2015). Therefore, while MACs are not compensated on contingency, MACs are compensated on performance. The less a MAC spends, the more services a MAC allows, the strict oversight a MCA ensues on its providers…all these “performance-based” measures may not be a contingency compensation relationship, but it’s pretty close. Saved money becomes profit for MACs.

Medicare and Medicaid auditors love rules. Even if the rules that auditors are instructed to follow really are not required by actual law. It goes without saying that auditors are not lawyers. Auditors are not trained to decipher whether statutes, regulations or policy are superseded by federal statutes and regulations. The fact is that, more times than one would hope, the auditors are wrong in their assessments that a claim should be denied, not out of malice, but because of a basic misunderstanding of what the law actually requires.

I have all kinds of stories about auditors claiming money is owed, when, really it was not owed because the RAC/MAC auditor failed to follow the actual, correct procedure or misconstrued a regulation. For example, I had a durable medical equipment provider, DME ABC, who was informed by the NSC Supplier Audit and Compliance Unit of Palmetto GBA that it owed $1,075,548.64. Palmetto is one of the MACs for Medicare – durable medical equipment. There was no demand letter. The alleged overpayment amount came to fruition in a telephone conference between the CEO of the company and an employee of Palmetto. Let’s call her Nancy. Nancy told CEO that company owed $1,075,548.64 based on an alleged violation of 42 C.F.R. § 424.58,

Even more disconcerting, was the fact that Palmetto claimed that its alleged, oral overpayment against DME ABC arose from a normal, reoccurring validation process pursuant to 42 C.F.R. §424.57, approved by CMS and in accordance with the requirements of 42 C.F.R. §424.58. No formal letter was necessary was Palmetto’s retort. Not correct; a formal demand letter is always required.

In this case, Palmetto began to backtrack once we pointed out that Palmetto nor Nancy ever sent a formal demand letter with any reconsideration review appeal rights or administrative appeal rights. We knew this was procedurally incorrect because federal law dictates that you receive a formal demand letter with appeal rights and notice of how many days you have to appeal. But out of fear of retribution, DME ABC was willing to write a check without pushing back. Obviously, we did not do so.

I tell this story as an example of how intimidating, scary, and overwhelming auditors can be. If someone off the street asked you for a million dollars, you would laugh them off your doorstep, right? After you tell them to don a mask and maintain social distancing.

But in the new-age world of COVID-19, rules have been broken. This behavior would not be acceptable pre-COVID-19. But this provider honestly was going to pay.

The Trump Administration is issuing an unprecedented array of temporary regulatory waivers and new rules to equip the American healthcare system with maximum flexibility to respond to the 2019 Novel Coronavirus (COVID-19) pandemic.

Pre-COVID-19 if you were to state “paperwork over patients,” everyone in the industry would agree. There would be snickers and eyes rolling, because no one wanted paperwork to be over patients. But it was. Now the mantra has flipped upside down – now the mantra is: Patients over Paperwork.

Post-COVID-19, if documents are lost or misplaced, or otherwise unusable, DME MACs have the flexibility to waive replacements requirements under Medicare such that the face-to-face requirement, a new physician’s order, and new medical necessity documentation are not required. Suppliers must still include a narrative description on the claim explaining the reason why the equipment must be replaced and are reminded to maintain documentation indicating that the DMEPOS was lost, destroyed, irreparably damaged or otherwise rendered unusable or unavailable as a result of the emergency.

Post-COVID-19, CMS is pausing the national Medicare Prior Authorization program for certain DMEPOS items. CMS is not requiring accreditation for newly enrolling DMEPOS and extending any expiring supplier accreditation for a 90-day time period. CMS is waiving signature and proof of delivery requirements for Part B drugs and Durable Medical Equipment when a signature cannot be obtained because of the inability to collect signatures. Suppliers should document in the medical record the appropriate date of delivery and that a signature was not able to be obtained because of COVID-19.

Post-COVID-19, in order to increase cash flow to providers impacted by COVID-19, CMS has expanded the current Accelerated and Advance Payment Program. An accelerated/advance payment is a payment intended to provide necessary funds when there is a disruption in claims submission and/or claims processing. CMS may provide accelerated or advance payments during the period of the public health emergency to any two Medicare providers/suppliers who submits a request to the appropriate MAC and meets the required qualifications. The process of obtaining the funds is a MAC-by-MAC process. Each MAC will work to review requests and issue payments within seven calendar days of receiving the request. Traditionally repayment of these advance/accelerated payments begins at 90 days, however for the purposes of the COVID-19 pandemic, CMS has extended the repayment of these accelerated/advance payments to begin 120 days after the date of issuance of the payment. Providers can get more information on this process here: www.cms.gov/files/document/Accelerated-and-Advanced-Payments-Fact-Sheet.pdf

The Future of Medicare/Medicaid Audits

The beauty of predicting the future is that no one can ever tell you that you are wrong. These are my predictions:

Auditors will deny claims for not having prior authorizations. Auditors will deny claims because the supplier accreditation expired after the 90-day time period. Auditors will deny claims because the percentage of face-to-face time was not met as described per CPT codes.

Obviously, these would be erroneous denials if the denials are within the dates that the COVID-19 pandemic occurred. The problem will be that the auditors will not be able to keep up with all the exceptions, not because the auditors are acting out of malice or dislikes providers. They will be simply trying to do their job. They will simply not be able to take into consideration all the exceptions that were given during the virus. Because, while we do have many written exceptions, if you call CMS with a personal and individualized problem, CMS will, most likely, grant you a needed exception. As long as the exception has the best interest of the consumer at heart. However, this personalized exception will not be written on CMS’s website. In five years, when you undergo a MAC or RAC audit, you better have proof that you received that exception. It will not be enough proof for you to state that you were given the exception over the phone.

So how can you protect yourself from future, erroneous audits?

Write everything down. When you speak to CMS, document concurrently the date, time, name of the person to whom you are speaking, the summary of your conversation, the COVID-19 regulatory exception, sign it and date it.

It is a hearsay exception. Writing down everything does not magically transform your note into the truth. However, writing down everything concurrently does magically allow that note that you wrote to be allowed in a court of law as an exhibit. Had you not written the note contemporaneously with the conversation that you had with CMS, then the attorney on the other side of the case would move to exclude your handwritten or typed note as hearsay.

Hearsay is defined as a statement that (1) the declarant does not make while testifying at the current trial or hearing; and (2) a party offers in evidence to prove the truth of the matter asserted in a statement. There are too many hearsay exceptions to name in this article.

Just know, for purposes of this article, that any health care provider who is relying on an exception to a normally required regulatory mandate – regardless what it is – either be able to: (1) cite the written exception that was published by CMS to the public; or (2) produce the written or typed contemporaneously written note that you wrote to memorialize the conversation.

Knicole Emanuel Appears on the Hospital Finance Podcast – Suspension of Audits

D83B4E86-D9CA-462F-8C54-EDBC90DA00E8

To listen, please click here.

Highlights of this episode include:

  • Background on why CMS will forego all audits unrelated to the coronavirus.
  • What types of audits will CMS continue during the coronavirus pandemic?
  • What providers need to know about complying with current audits, such as TPE audits.
  • How providers can protect themselves by documenting exceptions such as two-day admissions.
  • And more…

Mike Passanante: Hi, this is Mike Passanante and welcome back to the award-winning Hospital Finance Podcast®.

As a result of the COVID-19 crisis, the government has suspended most auditing activities for providers. To sort out what that means for hospitals, I’m joined by Knicole Emanuel. Knicole is an attorney at Potomac Law Group in Raleigh, North Carolina, where she concentrates on Medicare and Medicaid regulatory compliance litigation. Knicole, welcome to the show.

Knicole Emanuel: Thank you and thank you for having me.

Mike: Knicole, the government announced that it is suspending survey activities. Practically what does that mean for providers?

Knicole: Well, so right now because of the Coronavirus, CMS has decided to forego audits that are unrelated to the coronavirus. So actually effective April 3, 2020. The only audits that will be conducted will be those audits that are germane to all immediate Jeopardy complaints. Those kind of cases that represent a situation in which an entities non-compliance has placed the health and safety of recipients in its care at risk for serious injury. So we’re talking about potential serious injury or serious harm.

Another audit that’s going to continue would be complaints alleging infection control concerns because that would obviously be impacted by the coronavirus. Any sort of statutorily required recertification surveys are going to be conducted. I would assume that they’re going to be conducted telephonically. They’re not going to be going on-site and revisits necessary to resolve current enforcement actions. That’s important because when this Coronavirus all came about, there were hundreds and hundreds and hundreds, perhaps thousands upon thousands of healthcare providers already in the middle of TPE audits or RAC audits or MAC audit. And they’d already had on-site visits, they’d already had maybe perhaps a lower accuracy rating. And they’re going to be stuck in this cycle of being stuck in the audit until they can get a resurvey because with this coronavirus the penalties that they’re enduring, whether it’s a suspension of admission, or whether it’s a monetary penalty. These penalties are being administered even if they cannot have a secondary or a revisit of the audit to get them off of the penalty that they’re currently on. So it’s really important that people who are in the middle of audit and when all this came down to get them off of the audit cycle so they can go back to providing care.

Mike: So essentially, there are a number of activities that are suspended. But it’s important for providers to know that there is a subset of activities that will continue even during this period.

Knicole: Correct. But they’re all going to be activities that are of the utmost importance. The items that take lower priority are going to be pushed down.

Mike: Okay, and you mentioned the TPE audits a second ago. So that’s the targeted probe and education. Are they going to continue during this time period as far as you know?

Knicole: Well, so as far as I know, they are not going to continue as in they’re not going to start new TPE audit. Now the question then becomes, “Well, I received a document request a month ago for a TPE audit. Do I need to comply now?” And the conservative safe answer is to go ahead and keep complying with these document requests. Although the deadlines for these document requests, those are going to be extended. I’m sure you’ll be able to get extensions for trying to comply with those. And in reality, if you contact the people who are conducting the audit, you may find that the entire audit in general is put on pause. But don’t assume it’s put on pause. Try to make sure you comply, unless you find out it’s on pause. And if you get something over the email or over a phone that says that your TPE audit is paused currently, follow up with an email and get it in writing. Because future audit, they’re not going to remember that your particular audit was with pause during the coronavirus.

Mike: That’s great advice, Knicole. Do you have any other recommendations for providers as they’re navigating through this time?

Knicole: Yes, I do. There are a number of providers right now that are asking for exceptions, and I can give examples. So for example, in the hospital setting, there are hospitals that are asking for waivers for the inpatient admission standards or the two-day admission, or the moon rules. All those kind of things are asking for exceptions, and a lot of the hospital, A lot of the providers are getting the exceptions they need to allow people to have to stay longer in their hospitals because they have nowhere to discharge them. They can’t go back to their nursing homes where the coronavirus may or may not be. And so, because they’re getting all these exceptions, five years from now when you’re undergoing an audit, no one is going to remember that you had this exception that this particular consumer can stay in my hospital for two extra days or five extra days. And five years from now, you may get audited and say, “Well, you got to recoup all this money because you let them stay in for too long of a time.” When in reality, you are given an exception, write all the exceptions down. Keep one place, keep a computer program, keep a hard copy, whatever you want to do, and notebook, if that you want to get down to not having any technology involved. But keep track of all of these exceptions that you get as little as they may be because if you’re getting an exception for one person, and that one person can stay longer than the two-day allowance for the outpatient stays, and you multiply that by, okay, well, now you’ve got to take that exception and extrapolate it again, 200 people over the course of a year, that’s a lot of money we’re talking about. So you need to make sure you keep track of all the exceptions, no matter how small. And keep track of them somewhere that you’re not going to lose them. If your attrition rate is high with executives, you need to make sure that the next people in line had that knowledge so that in future audit, you can explain that you did not abide by the regulations for good reason. You had an exception, but no one’s keeping track of all these exceptions.

Mike: And so, it’s great advice, Knicole. And I know you’ve got a great blog of your own that people can follow. If people wanted to read more about what’s going on here on that blog or get in touch with you, how can they do that?

Knicole: Well, you’re more than welcome to go onto my blog, which is Medicare and Medicaid law. It is at medicaidlawnc.com. You can also contact me at any time. I’m at Potomac Law Group. I help providers across the country and not only in North Carolina, but in 33 states. And so, I am pretty well versed on all the exceptions that I’m seeing. It’s really fast-paced right now. It’s scary. It’s surreal. But it is really important to make sure that everything is written down because in the future– I mean, that old saying that old adage for nurses, if it’s not written, it doesn’t exist, is really going to matter in the future years.

Mike: Knicole, thanks for adding some clarity around this very complex issue. We appreciate you coming back to the show today.

Knicole: Absolutely. Thank you.

COVID-19: Temporary Rate Increases for Medicaid Providers!

Effective March 10, 2020, the Division of Health Benefits (DHB) implemented a 5% rate increase for the Medicaid provider groups listed below. See DHHS Update. (This update was published April 3, 2020, but retroactively effective).

DHB will systematically reprocess claims submitted with dates of service beginning March 10, 2020, through the implementation date of the rate increase.

Claims reprocessing for Skilled Nursing Facility providers will be reflected in the April 7, 2020, checkwrite. All other provider groups claim reprocessing will be included in subsequent checkwrites beginning April 14, 2020.

Providers receiving a 5% increase in fee-for-service reimbursement rates:

  • Skilled Nursing Facilities
  • Hospice Facilities
  • Local Health Departments
  • Private Duty Nursing
  • Home Health
  • Fee for Service Personal Care Services
  • Physical, Occupational, Respiratory, Speech and Audiology Therapies
  • Community Alternatives for Children (CAP/C) Personal Care Services (PCS)
  • Community Alternatives for Disabled Adults (CAP/DA) Personal Care Services (PCS)
  • Children’s Developmental Service Agency (CDSA)

[Notice that none of the increased rates include Medicaid services managed by managed care organizations (“MCOs”). No mental health, substance abuse, or developmentally disabled services’ rates are included].

Reprocessed claims will be displayed in a separate section of the paper Remittance Advice (RA) with the unique Explanation of Benefits (EOB) codes 10316 and 10317 – CLAIMS REPROCESSED AS A RESULT OF 5% RATE INCREASE EFFECTIVE MARCH 10, 2020 ASSOCIATED WITH THE COVID-19 PANDEMIC. The 835 electronic transactions will include the reprocessed claims along with other claims submitted for the checkwrite (there is no separate 835). Please note that depending on the number of affected claims you have in the identified checkwrite, you could see an increase in the size of the RA.

Reprocessing does not guarantee payment of the claims. Affected claims will be reprocessed. While some edits may be bypassed as part of the claim reprocessing, changes made to the system since the claims were originally adjudicated may apply to the reprocessed claims. Therefore, the reprocessed claims could deny.

This Medicaid rate increase could not come faster! While it is a small, itsy-bitsy, tiny, minuscule semblance of a “bright side”…a bright side it still is.