Category Archives: Medicare Administrative Contractor

More Covered Health Care Services and More Policing under the Biden Administration!

Happy 55th Medicare! Pres. Biden’s health care policies differ starkly from former Pres. Trump’s. I will discuss some of the key differences. The newest $1.9 trillion COVID bill passed February 27th. President Biden is sending a clear message for health care providers: His agenda includes expanding government-run, health insurance and increase oversight on it. In 2021, Medicare is celebrating its 55th year of providing health insurance. The program was first signed into law in 1965 and began offering coverage in 1966. That first year, 19 million Americans enrolled in Medicare for their health care coverage. As of 2019, more than 61 million Americans were enrolled in the program.

Along with multiple Executive Orders, Pres. Biden is clearly broadening the Affordable Care Act (“ACA”), Medicaid and Medicare programs. Indicating an emphasis on oversight, President Biden chose former California Attorney General Xavier Becerra to lead HHS. Becerra was a prosecutor and plans to bring his prosecutorial efforts to the nation’s health care. President Biden used executive action to reopen enrollment in ACA marketplaces, a step in his broader agenda to bolster the Act with a new optional government health plan.

For example, one of my personal, favorite issues that Pres. Biden will address is parity for Medicare coverage for medically necessary, oral health care. In fact, Medicare coverage extends to the treatment of all microbial infections except for those originating from the teeth or periodontium. There is simply no medical justification for this exclusion, especially in light of the broad agreement among health care providers that such care is integral to the medical management of numerous diseases and medical conditions.

The Biden administration has taken steps to roll back a controversial Trump-era rule that requires Medicaid beneficiaries to work in order to receive coverage. Two weeks ago, CMS sent letters to several states that received approval for a Section 1115 waiver – for Medicaid. CMS said it was beginning a process to determine whether to withdraw the approval. States that received a letter include Arizona, Arkansas, Georgia, Indiana, Nebraska, Ohio, South Carolina, Utah, and Wisconsin. The work requirement waivers that HHS approved at the end of the previous administration’s term may not survive the new presidency.

Post Payment Reviews—Recovery Audit Contractor (“RAC”) audits will increase during the Biden administration. The RAC program was created by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. As we all know, the RACs are responsible for identifying Medicare overpayments and underpayments and for highlighting common billing errors, trends, and other Medicare payment issues. In addition to collecting overpayments, the data generated from RAC audits allows CMS to make changes to prevent improper payments in the future. The RACs are paid on a contingency fee basis and, therefore, only receive payment when recovery is made. This creates overzealous auditors and, many times, inaccurate findings. In 2010, the Obama administration directed federal agencies to increase the use of auditing programs such as the RACs to help protect the integrity of the Medicare program. The RAC program is relatively low cost and high value for CMS. It is likely that the health care industry will see growth in this area under the Biden administration. To that end, the expansion of audits will not only be RAC auditors, but will include increased oversight by MACs, CERTs, UPICs, etc.

Telehealth audits will be a focus for Pres. Biden. With increased use of telehealth due to COVID, comes increased telehealth fraud, allegedly. On September 30, 2020, the inter-agency National Health Care Take Down Initiative announced that it charged hundreds of defendants ostensibly responsible for—among other things—$4.5 billion in false and fraudulent claims relating to telehealth advertisements and services. Unfortunately for telehealth, bad actors are prevalent and will spur on more and more oversight.

Both government-initiated litigation and qui tam suits appear set for continued growth in 2021. Health care fraud and abuse dominated 2020 federal False Claims Act (“FCA”) recoveries, with almost 85 percent of FCA proceeds derived from HHS. The increase of health care enforcement payouts reflects how important government paid health insurance is in America. Becerra’s incoming team is, in any case, expected to generally ramp up law enforcement activities—both to punish health care fraud and abuse and as an exercise of HHS’s policy-making authorities.

With more than $1 billion of FCA payouts in 2020 derived from federal Anti-Kickback Statute (“AKS”) settlements alone, HHS’s heavy reliance on the FCA because it is a strong statute with “big teeth,” i.e., penalties are harsh. For these same reasons, prosecutors and qui tam relators will likely continue to focus their efforts on AKS enforcement in the Biden administration, despite the recent regulatory carveouts from the AKS and an emerging legal challenge from drug manufacturers.

The individual mandate is back in. The last administration got rid of the individual mandate when former Pres. Trump signed the GOP tax bill into law in 2017. Pres. Biden will bring back the penalty for not being covered under health insurance under his plan. Since the individual mandate currently is not federal law, a Biden campaign official said that he would use a combination of Executive Orders to undo the changes.

In an effort to lower the skyrocketing costs of prescription drugs, Pres. Biden’s plan would repeal existing law that currently bans Medicare from negotiating lower prices with drug manufacturers. He would also limit price increases for all brand, biotech and generic drugs and launch prices for drugs that do not have competition.

Consumers would also be able to buy cheaper priced prescription drugs from other countries, which could help mobilize competition. And Biden would terminate their advertising tax break in an effort to also help lower costs.

In all, the Biden administration is expected to expand health care, medical, oral, and telehealth, while simultaneously policing health care providers for aberrant billing practices. My advice for providers: Be cognizant of your billing practices. You have an opportunity with this administration to increase revenue from government-paid services but do so compliantly.

HIPAA and Football

By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.

On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer.  Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.

Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”)[1] does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).

Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure.  Most people don’t spell it correctly and even less people know what the acronym means.[2]  In 2009, HIPAA was supplemented with the HITECH Act.[3] Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information.  HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities[4] “implement a mechanism to encrypt” all PHI that is stored electronically.  45 C.F.R. Section 164.312(a)(2)(iv).  Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).

Whew, that was a quick history lesson.  Now, back to the story.

In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI.  First, a laptop was stolen.  Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.  

HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS). 

You may be wondering, what in the world did they violate that would result in such an outrageous fine?  So did MD Anderson!

MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.

Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient.[5]  45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity.  Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed.[6]  “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.

HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity.  Well, go complain to the referees  HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.

Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations.  Not so fast, said the Court.  The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system.  MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation.  Id.at *4.  

I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was.  That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.  

Let’s hope I have many touchdowns to stand up and celebrate on Sunday!  Go Chiefs!    

The legal fine print: As exciting as this opinion is, please  remember that devices should be encrypted and PHI should be protected to the maximum extent possible.  While this is a great decision, it doesn’t remove the obligation to comply with the Regulations. 


[1] PHI contains 18 different identifiers.  42 C.F.R. § 164.514(a)(2)(i).

[2] It’s the Health Insurance Portability and Accountability Act of 1996. 

[3] HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009. 

[4] Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.

[5] This is a very simple overstatement, but it works for the purposes of this article.

[6] Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards.  An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.

Provider Relief Funds: The Hottest RAC Audit Subject

Reporting the use of PRFs will be an ongoing issue due to the fraud and abuse implications of misusing PRFs.

The federal Provider Relief Fund (PRF) was created under the provisions of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, which was passed to address the economic harm suffered by healthcare providers that have incurred (or will incur) additional expenses and have lost (or will lose) significant revenue as a result of the COVID-19 pandemic. PRF payments have been made from either the “general distribution” tranche or via various “targeted distributions.” PRF payment amounts and whether the providers complied with the terms and conditions will be a hotly contested topic in Recovery Audit Contractor (RAC) and Medicare Administrative Contractor (MAC) audits for years to come. If Centers for Medicare & Medicaid Services (CMS) auditors put out a monthly magazine, like Time, PRF would be on the cover. This will be the hot topic of RAC audits, come Jan. 1, 2021.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) will audit Medicare payments made to hospitals for COVID-19 discharges that qualified for the 20-percent add-on payment under the CARES Act, according to a new item on the agency’s work plan.

To use the PRF funding from either the general or targeted distributions, providers must attest to receiving the funds and agree to all terms and conditions. However, what constitutes a “healthcare-related expense” or how to calculate “lost revenue” is not clearly defined. Similarly, how you net healthcare-related expenses toward lost revenue is also vague and undefined. On Nov. 2, HHS issued a clarification to post-payment reporting guidance for PRF funds.

The current guidance, issued Oct. 22, includes a two-step process for providers to report their use of PRF payments. The guidance specifically cites:

  • Healthcare-related expenses attributable to COVID that another source has not reimbursed and is not obligated to reimburse, which may include general and administrative (G&A) or “healthcare-related operating expenses;” and
  • PRF payment amounts not fully expended on healthcare-related expenses attributable to coronavirus are then applied to lost revenues associated with patient care, net of the healthcare-related expenses attributable to coronavirus calculated under the first step. Recipients may apply PRF payments toward lost revenue, up to the amount of the difference between their 2019 and 2020 actual patient care revenue.

HHS’s newest clarification came from its response to a FAQ, in which it said that healthcare-related expenses are no longer netted against the patient care lost revenue amount cited in the second portion. HHS indicated that a revised notice would be posted to remove the “net of the healthcare-related expenses” language in the guidance. Of course, as of now, we have no guidance regarding when this clarification is to be put into place officially. Yet another moving target for auditors.

Anticipate audits of the use of your PRF payments. CMS is choosing a sample of hospitals across the country that have received PRF payments to verify that such expenditures were for healthcare-related expenses. For each audit, OIG will obtain data and interview HHS/PRF program officials to understand how PRF payments were calculated, and then review actual PRF payments for compliance with CARES Act requirements. OIG will also review whether HHS’s controls over PRF payments ensured that payments were calculated correctly and disbursed to eligible providers.

Audits will also focus on how providers initially applied to receive PRFs, including calculations utilized and how COVID-19 patients are defined. When each hospital ceased netting expenses against lost revenue will now be another hot topic.

Balance billing is another area of interest. The terms and conditions require providers that accept the PRFs not to collect out-of-pocket payments from patients for all care for a presumptive or actual case of COVID-19 that exceeded what they would pay an in-network provider.

More havoc may ensue with any purchases or sales transactions that occur in the next year or so. Providers will need to know how to navigate compliance risks associated with any accepted or transferred PRFs. Tracking and reporting use of the PRFs will also be an ongoing issue due to the fraud and abuse implications of misusing PRFs, and there is limited guidance regarding how use will be audited. Many questions remain unanswered. Many terms remain undefined.

Programming Note: Knicole Emanuel, Esq. is a permanent panelist on Monitor Mondays. Listen to her RAC Report every Monday at 10 a.m. EST.

The Undefined, Definition of “Medical Necessity”

While the Coronavirus pandemic is horrible and seems to be getting worse. COVID has forced slight, positive changes in the telehealth arena and, perhaps, in the widening of the ambiguous definition of “medical necessity” or, as I call it – the undefined, definition of “medical necessity.” Medical necessity is the backbone of rendering health care services. Without it, services should not be provided. Yet, medical necessity is the most litigated topic in all of audits.

On September 1, 2020, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule that will codify a definition of “medical necessity” for Medicare purposes. So far, the definition of medical necessity varies, depending on the source. The MACs have been given long rein in defining the term on an individual and separate basis, creating disparity in definitions and criteria. The proposed rule’s comment period ended November 2, 2020.

All this to say medical necessity is in the eye of the beholder. Much like beauty. Why then, can RAC and MAC auditors who are not doctors, not firsthand, treating providers, not nurses or LCASs, decide that medical necessity does or does not exist for a patient that they have never seen?

Black’s Law Dictionary (the most prominent legal dictionary) has a super, unhelpful definition of medical necessity: “If not carried out the patient’s situation could worsen. For a patient’s treatment found to be necessary is this specific type of procedure or treatment.”

The American Medical Association (“AMA”), on the other hand, has a more detailed definition, probably unintended to make it all the more confusing:

“Our AMA defines medical necessity as: Health care services or products that a prudent physician would provide to a patient for the purpose of preventing, diagnosing or treating an illness, injury, disease or its symptoms in a manner that is: (a) in accordance with generally accepted standards of medical practice; (b) clinically appropriate in terms of type, frequency, extent, site, and duration; and (c) not primarily for the economic benefit of the health plans and purchasers or for the convenience of the patient, treating physician, or other health care provider.”

CMS’ proposed rule codifies a definition of what makes an item or service medically “reasonable and necessary” under the Social Security Act 1861(a)(1)(A). The rule, if finalized, would codify in regulations a definition of “reasonable and necessary” items and services based on a definition currently used by Medicare Administrative Contractors (MACs), with an additional element that potentially would include coverage determinations by commercial insurers as a factor in making Medicare coverage determinations.

The Proposed Definition (To be Codified in 42 CFR 405.201)

“We are proposing to codify the longstanding Program Integrity Manual definition of “reasonable and necessary” into our regulations at 42 CFR 405.201(b), with modification. Under the current definition, an item or service is considered “reasonable and necessary” if it is (1) safe and effective; (2) not experimental or investigational; and (3) appropriate, including the duration and frequency that is considered appropriate for the item or service, in terms of whether it is—

  • Furnished in accordance with accepted standards of medical practice for the diagnosis or treatment of the patient’s condition or to improve the function of a malformed body member;
  • Furnished in a setting appropriate to the patient’s medical needs and condition;
  • Ordered and furnished by qualified personnel;
  • One that meets, but does not exceed, the patient’s medical need; and
  • At least as beneficial as an existing and available medically appropriate alternative.” See Proposed Rule.

In addition, CMS adds that it will also utilize commercial payor standards or have an objective panel determine medical necessity if criteria #1 and #2 were met, but not #3. This additional commentary is another example of how subjective and fact-specific determining medical necessity can be. The LCDs will also be consulted.

If adopted, these proposals would arguably lead to the most wide-ranging changes in Medicare’s coverage standards and procedures in decades. The proposal to codify the definition of “reasonable and necessary” applies to all items and services. The inclusion of commercial payor standards may be a wild card.

The definition of medical necessity has not been officially revised – yet. One could imagine that, in the midst of a RAC or MAC audit, auditors and providers will disagree as to the true definition of medical necessity.

Going forward, when you get audited, immediately look and see whether your claim denials were denied due to “lack of medical necessity.” Ask yourself, “Really? Is there no medical necessity in this case…even in the era of COVID?” Because the auditors may be wrong.

Secondly, ensure that the RAC and MAC entity is CMS-certified to review those certain CPT codes for medical necessity. CMS limits audits on medical necessity because of the vagueness of the definition. When auditors find no medical necessity, then providers must push back. And you should push back, legally, of course!

RAC Audits Expected During the COVID Pandemic

Even though the public health emergency (“PHE”) for the COVID pandemic is scheduled to expire July 24, 2020, all evidence indicates that the PHE will be renewed. I cannot imagine a scenario in which the PHE is not extended, especially with the sudden uptick of COVID.

Center for Medicare and Medicaid Services (CMS) has given guidance that the voluminous number of exceptions that CMS has granted during this period of the PHE may be extended to Dec. 1, 2020. However, there is no indication of the RAC, and MAC audits being suspended until December 2020. In fact, we expect the audits to begin again any day. There will be confusion when audits resume and COVID exceptions are revoked on a rolling basis.

Remember the emergency-room physician whom I spoke about on the June 29 on Monitor Mondays? The physician whose Medicare enrollment was revoked due to a computer error or an error on the part of CMS. What normally would have been an easy fix, because of COVID, became more difficult. Because of COVID, he was unable to work for three months. He is back up and running now. The point is that COVID really messed up so many aspects of our lives.

The extension of PHE, technically, has no bearing on RAC and MAC audits coming back. Word on the street is that RAC and MAC audits are returning August 2020.

This month, July 2020, CMS released, “Coronavirus Disease 2019 (COVID-19) Provider Burden Relief Frequently Asked Questions (FAQs).” (herein afterward referred as “CMS July 2020 FAQs”).

The question was posed to CMS: “Is CMS suspending most Medicare-Fee-for-Service (FFS) medical review during the PHE for the COVID-19 pandemic? The answer is, according to CMS, “As states reopen, and given the importance of medical review activities to CMS’ program integrity efforts, CMS expects to discontinue exercising enforcement discretion beginning on Aug. 3, 2020, regardless of the status of the public health emergency. If selected for review, providers should discuss with their contractor any COVID-19-related hardships they are experiencing that could affect audit response timeliness. CMS notes that all reviews will be conducted in accordance with statutory and regulatory provisions, as well as related billing and coding requirements. Waivers and flexibilities in place at the time of the dates of service of any claims potentially selected for review will also be applied.” See CMS July 2020 FAQs.

Monday, July 13, 2020, we began our fourth “COVID-virtual trial.” The Judges with whom I have had interaction have taken a hard stance to not “force” someone to appear in person. It appears, at least to me, that virtual trials are the wave of the future. This is the guidance that conveys to me that RAC and MAC audits will begin again in August. Virtual audits may even be the best thing that ever happened to RAC and MAC audits. Maybe now the auditors will actually read the documents that the provider gives them.

Another specific issue addressed in the CMS’ July 2020 FAQs is that given the nature of the pandemic and the inability to collect signatures during this time, CMS will not be enforcing the signature requirement. Typically, Part B drugs and certain Durable Medical Equipment (DME) covered by Medicare require proof of delivery and/or a beneficiary’s signature. Suppliers should document in the medical record the appropriate date of delivery and that a signature was not able to be obtained because of COVID-19. This exception may or may not extend until Dec. 31, 2020.

The upshot is that no one really knows how the next few months will unfold in the healthcare industry. Some hospitals and healthcare systems are going under due to COVID. Big and small hospital systems are in financial despair. A RAC or MAC audit hitting in the wake of the COVID pandemic could cripple most providers. I will reiterate my recommendation: In the re-arranged words of Roosevelt, “Speak loudly, and carry a big stick.”

Programming Note: Knicole Emanuel is a permanent panelist on Monitor Mondays. Listen to her live reporting every Monday at 10 a.m. EST.

Update on Medicare/Medicaid Audits in the Wake of COVID-19

Published in Today’s Wound Clinic:

When I was asked to draft an article for Today’s Wound Clinic, it was approximately two weeks ago. I was asked to write about the current state of Medicare and Medicaid audits. Specifically, I was asked to provide a legal analysis about CMS suspending audits un-related to COVID-19. In the month of April, we have seen the spike of COVID-19, which has overturned our everyday world. We have been instructed by President Trump to “stay home” and “social distance” to decrease the spread of the virus. This “stay at home” instruction is unprecedented and has uprooted many of our most reliable and commonplace businesses, such as hairdressers, bowling alleys, and tattoo parlors.

Here is the answer: The current state of Medicare/Medicaid audits, at the moment, is dictated by COVID-19.

We can divide the post-COVID-19 audit rules into 3 categories:

  1. Those exceptions published by CMS to apply to all health care providers
  2. Those special, verbal exceptions given directly to an individual provider that were not published by CMS
  3. Effective immediately, new guidelines that CMS will follow until CMS believes it no longer needs to follow (by its own choice, of course).

An example of an “effective immediately” guideline is our current state of Medicare/Medicaid audits in the wake of COVID-19. CMS has not suspended all Medicare/Medicaid regulatory audits. But CMS has suspended most audits.

Effective immediately, survey activity is limited to the following (in Priority Order):

  • All immediate jeopardy complaints (cases that represents a situation in which entity noncompliance has placed the health and safety of recipients in its care at risk for serious injury, serious harm, serious impairment or death or harm) and allegations of abuse and neglect;
  • Complaints alleging infection control concerns, including facilities with potential COVID-19 or other respiratory illnesses;
  • Statutorily required recertification surveys (Nursing Home, Home Health, Hospice, and ICF/IID facilities);
  • Any re-visits necessary to resolve current enforcement actions;
  • Initial certifications;
  • Surveys of facilities/hospitals that have a history of infection control deficiencies at the immediate jeopardy level in the last three years;
  • Surveys of facilities/hospitals/dialysis centers that have a history of infection control deficiencies at lower levels than immediate jeopardy.

See CMS QSO-20-12-ALL. You can see that these “effective immediately” guidelines are usually published on CMS letterhead. The “effective immediately” guidelines explain why CMS is taking the stated action, the stated action, and that the action is temporary and due to COVID-19.

Here are a few recent “effective immediately” guidelines due to COVID-19:

  • On April 27, 2020, CMS said it would no longer expedite Medicare payments to doctors and be more stringent about accelerating the payments to hospitals as Congressional relief aimed at providers reaches $175 billion.
  • The agency is not accepting any new applications for the loans from Part B suppliers, including doctors, non-physician practitioners and durable medical equipment suppliers. CMS will continue to process pending and new requests from Part A providers, including hospitals, but be stricter with application approvals.
  • CMS expanded the Accelerated and Advance Payment Programs in late March as the pandemic continued to gain strength in the U.S. Since then, the agency has approved over 21,000 applications making up $59.6 billion in accelerated payments to Part A providers and almost 24,000 applications making up $40.4 billion in payments for Part B suppliers.

The $2.2 trillion Coronavirus Aid, Relief, and Economic Security stimulus package passed by Congress in March benchmarked $100 billion in funds for hospitals. On Friday, President Donald Trump signed legislation with a second round of emergency funding, called the Paycheck Protection Program and Health Care Enhancement Act, that allocates another $75 billion for providers — roughly three-quarters of what major provider trade associations requested.

An initial $30 billion from the fund was distributed between April 10 and April 17 based on Medicare fee-for-service revenue, sparking criticism that put facilities with a smaller proportion of Medicare business, such as children’s and disproportionate share hospitals, at a disadvantage. HHS on Friday began releasing an additional $20 billion in CARES payments to providers based on their 2018 net patient revenue, with more funding to roll out “soon,” the agency said, including $10 billion for hard-hit areas like New York.

How RAC/MAC auditors are compensated dictates their actions and/or aggressiveness.

RAC Auditors are paid by contingency. They are usually compensated approximately 13%, depending on the State. Imagine what 13% is of 1 million. It is $130,000 – more than most people make in a year. If you do not believe that 13% contingency is enough to incentivize a company, which, in turn, incentivize the employees, then you are sorely mistaken.

RACs were established through a demonstration program under the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (“MMA”), piloted between 2005 and 2008, and were later made permanent under the Tax Relief and Health Care Act of 2006, which required CMS to establish Recovery Auditors for all states before 2010.

MACs are not compensated by contingency, per se. CMS decided to structure the MAC contracts with 1-year base performance periods and four, optional, 1-year performance periods at the time. The MMA required that these contracts be recompeted at least once every 5 years. The recent enactment of the Medicare Access and CHIP Reauthorization Act of 2015 amended this requirement to authorize a maximum 10-year performance period before MAC contracts must be recompeted. The amendment, which applies to MAC contracts in effect at the time of enactment or entered into on or after enactment, would permit CMS to modify existing MAC contracts or enter into future MAC contracts for 1-year base performance periods and nine optional 1-year performance periods. See Pub. L. No. 114-10, § 509(a)- (b) (April 16, 2015). Therefore, while MACs are not compensated on contingency, MACs are compensated on performance. The less a MAC spends, the more services a MAC allows, the strict oversight a MCA ensues on its providers…all these “performance-based” measures may not be a contingency compensation relationship, but it’s pretty close. Saved money becomes profit for MACs.

Medicare and Medicaid auditors love rules. Even if the rules that auditors are instructed to follow really are not required by actual law. It goes without saying that auditors are not lawyers. Auditors are not trained to decipher whether statutes, regulations or policy are superseded by federal statutes and regulations. The fact is that, more times than one would hope, the auditors are wrong in their assessments that a claim should be denied, not out of malice, but because of a basic misunderstanding of what the law actually requires.

I have all kinds of stories about auditors claiming money is owed, when, really it was not owed because the RAC/MAC auditor failed to follow the actual, correct procedure or misconstrued a regulation. For example, I had a durable medical equipment provider, DME ABC, who was informed by the NSC Supplier Audit and Compliance Unit of Palmetto GBA that it owed $1,075,548.64. Palmetto is one of the MACs for Medicare – durable medical equipment. There was no demand letter. The alleged overpayment amount came to fruition in a telephone conference between the CEO of the company and an employee of Palmetto. Let’s call her Nancy. Nancy told CEO that company owed $1,075,548.64 based on an alleged violation of 42 C.F.R. § 424.58,

Even more disconcerting, was the fact that Palmetto claimed that its alleged, oral overpayment against DME ABC arose from a normal, reoccurring validation process pursuant to 42 C.F.R. §424.57, approved by CMS and in accordance with the requirements of 42 C.F.R. §424.58. No formal letter was necessary was Palmetto’s retort. Not correct; a formal demand letter is always required.

In this case, Palmetto began to backtrack once we pointed out that Palmetto nor Nancy ever sent a formal demand letter with any reconsideration review appeal rights or administrative appeal rights. We knew this was procedurally incorrect because federal law dictates that you receive a formal demand letter with appeal rights and notice of how many days you have to appeal. But out of fear of retribution, DME ABC was willing to write a check without pushing back. Obviously, we did not do so.

I tell this story as an example of how intimidating, scary, and overwhelming auditors can be. If someone off the street asked you for a million dollars, you would laugh them off your doorstep, right? After you tell them to don a mask and maintain social distancing.

But in the new-age world of COVID-19, rules have been broken. This behavior would not be acceptable pre-COVID-19. But this provider honestly was going to pay.

The Trump Administration is issuing an unprecedented array of temporary regulatory waivers and new rules to equip the American healthcare system with maximum flexibility to respond to the 2019 Novel Coronavirus (COVID-19) pandemic.

Pre-COVID-19 if you were to state “paperwork over patients,” everyone in the industry would agree. There would be snickers and eyes rolling, because no one wanted paperwork to be over patients. But it was. Now the mantra has flipped upside down – now the mantra is: Patients over Paperwork.

Post-COVID-19, if documents are lost or misplaced, or otherwise unusable, DME MACs have the flexibility to waive replacements requirements under Medicare such that the face-to-face requirement, a new physician’s order, and new medical necessity documentation are not required. Suppliers must still include a narrative description on the claim explaining the reason why the equipment must be replaced and are reminded to maintain documentation indicating that the DMEPOS was lost, destroyed, irreparably damaged or otherwise rendered unusable or unavailable as a result of the emergency.

Post-COVID-19, CMS is pausing the national Medicare Prior Authorization program for certain DMEPOS items. CMS is not requiring accreditation for newly enrolling DMEPOS and extending any expiring supplier accreditation for a 90-day time period. CMS is waiving signature and proof of delivery requirements for Part B drugs and Durable Medical Equipment when a signature cannot be obtained because of the inability to collect signatures. Suppliers should document in the medical record the appropriate date of delivery and that a signature was not able to be obtained because of COVID-19.

Post-COVID-19, in order to increase cash flow to providers impacted by COVID-19, CMS has expanded the current Accelerated and Advance Payment Program. An accelerated/advance payment is a payment intended to provide necessary funds when there is a disruption in claims submission and/or claims processing. CMS may provide accelerated or advance payments during the period of the public health emergency to any two Medicare providers/suppliers who submits a request to the appropriate MAC and meets the required qualifications. The process of obtaining the funds is a MAC-by-MAC process. Each MAC will work to review requests and issue payments within seven calendar days of receiving the request. Traditionally repayment of these advance/accelerated payments begins at 90 days, however for the purposes of the COVID-19 pandemic, CMS has extended the repayment of these accelerated/advance payments to begin 120 days after the date of issuance of the payment. Providers can get more information on this process here: www.cms.gov/files/document/Accelerated-and-Advanced-Payments-Fact-Sheet.pdf

The Future of Medicare/Medicaid Audits

The beauty of predicting the future is that no one can ever tell you that you are wrong. These are my predictions:

Auditors will deny claims for not having prior authorizations. Auditors will deny claims because the supplier accreditation expired after the 90-day time period. Auditors will deny claims because the percentage of face-to-face time was not met as described per CPT codes.

Obviously, these would be erroneous denials if the denials are within the dates that the COVID-19 pandemic occurred. The problem will be that the auditors will not be able to keep up with all the exceptions, not because the auditors are acting out of malice or dislikes providers. They will be simply trying to do their job. They will simply not be able to take into consideration all the exceptions that were given during the virus. Because, while we do have many written exceptions, if you call CMS with a personal and individualized problem, CMS will, most likely, grant you a needed exception. As long as the exception has the best interest of the consumer at heart. However, this personalized exception will not be written on CMS’s website. In five years, when you undergo a MAC or RAC audit, you better have proof that you received that exception. It will not be enough proof for you to state that you were given the exception over the phone.

So how can you protect yourself from future, erroneous audits?

Write everything down. When you speak to CMS, document concurrently the date, time, name of the person to whom you are speaking, the summary of your conversation, the COVID-19 regulatory exception, sign it and date it.

It is a hearsay exception. Writing down everything does not magically transform your note into the truth. However, writing down everything concurrently does magically allow that note that you wrote to be allowed in a court of law as an exhibit. Had you not written the note contemporaneously with the conversation that you had with CMS, then the attorney on the other side of the case would move to exclude your handwritten or typed note as hearsay.

Hearsay is defined as a statement that (1) the declarant does not make while testifying at the current trial or hearing; and (2) a party offers in evidence to prove the truth of the matter asserted in a statement. There are too many hearsay exceptions to name in this article.

Just know, for purposes of this article, that any health care provider who is relying on an exception to a normally required regulatory mandate – regardless what it is – either be able to: (1) cite the written exception that was published by CMS to the public; or (2) produce the written or typed contemporaneously written note that you wrote to memorialize the conversation.

Suspension of Audits During the Coronavirus?

49B70E0C-5089-4D23-925D-54A09DC51563

Effective immediately, survey activity is limited to the following (in Priority Order):

  • All immediate jeopardy complaints (cases that represents a situation in which entity noncompliance has placed the health and safety of recipients in its care at risk for serious injury, serious harm, serious impairment or death or harm) and allegations of abuse and neglect;
  • Complaints alleging infection control concerns, including facilities with potential COVID-19 or other respiratory illnesses;
  • Statutorily required recertification surveys (Nursing Home, Home Health, Hospice, and ICF/IID facilities);
  • Any re-visits necessary to resolve current enforcement actions;
  • Initial certifications;
  • Surveys of facilities/hospitals that have a history of infection control deficiencies at the immediate jeopardy level in the last three years;
  • Surveys of facilities/hospitals/dialysis centers that have a history of infection control deficiencies at lower levels than immediate jeopardy.

See CMS QSO-20-12-ALL.

Obviously, there are so many questions. Providers across the country are asking whether they need to comply with document requests. Are TPE audits continuing? Do they need to comply with ongoing ADRs?

Every bulletin that CMS publishes instigates more detailed and complex questions. With all these relaxed guidelines, won’t RACs, etc. have a field day when this is all over? Of course they will.

General Recommendations:

  • Be proactive.
  • Document everything.
  • Deadlines will be extended.
  • Exceptions will be made.
  • Keep all email correspondence.
  • Maintain copies of everything that you submit. (Do not rely on electronic computer software programs).
  • Keep track of CMS updates.

Email me questions, and I will try to respond.

Also, feel free to reach out to the government: QSOG_EmergencyPrep@cms.hhs.gov.

Effective date: 30 days from the memo, which equals April 3, 2020.

 

 

Inconsequential Medicare Audits Could Morph into a Whopper of a Whale

Emergency room physicians or health care providers are a discrete breed – whales in a sea of fish. Emergency room doctors have – for the most part – been overlooked by the RAC auditors or TPE, ZPIC, or MAC auditors. Maybe it’s because, even RAC auditors have children or spouses that need ER services from time to time. Maybe it’s because ER doctors use so many different billers. Normally, an ER doctor doesn’t know which of his or her patients are Medicaid or Medicare. When someone is suffering from a a broken leg or heart attack, the ER doctor is not going to stop care to inquire whether the patient is insured and by whom. But should they? Should ER doctors have to ask patients their insurer? If the answer includes any sort of explanation that care differs depending on whether someone is covered by Medicare or Medicaid or has private insurance, then, sadly, the answer may be yes.

ER doctors travel to separate emergency rooms, which are owned by various and distinct entities, and rely on individual billing companies. They do not normally work at only one hospital. Thus, they do not always have the same billers. We all know that not all billers are created equal. Some are endowed with a higher understanding of billing idiosyncrasies than others.

For example, for CPT codes 99281-99285 – Hospital emergency department services are not payable for the same calendar date as critical care services when provided by the same physician or physician group with the same specialty to the same patient. 

We all know that all hospitals do not hire and implement the same billing computer software programs. The old adage – “you get what you pay for” – may be more true than we think. Recent articles purport that “the move to electronic health records may be contributing to billions of dollars in higher costs for Medicare, private insurers and patients by making it easier for hospitals and physicians to bill more for their services, whether or not they provide additional care.” – Think a comment like that would red-flag ER doctors services by RAC, MAC and ZPIC auditors? The white whale may as well shoot a water spray 30 feet into the air.

Will auditing entities begin to watch ER billing more closely? And what are the consequences? When non-emergency health care providers are terminated by Medicare, Medicaid, or a MAC or MCO’s network, there is no emergency – by definition. Juxtapose, the need for ER health care providers. ER rooms cannot function with a shortage of  physicians and health care providers. Even more disturbing is if the termination is unwarranted and seemingly inconsequential – only affecting under 4 surgeries per month – but acts as the catalyst for termination of Medicare, Medicaid, and private payors across the board.

I have a client named Dr. Ishmael. His big fish became the MAC Palmetto – very suddenly. Like many ER docs, he rotates ERs. He provides services for Medicare, Medicaid, private pay, uninsured – it doesn’t matter to him, he is an ER doctor. He gets a letter from one MAC. In this case, it was Palmetto. Interestingly enough, Palmetto is his smallest insurance payor. Maybe 2 surgeries a month are covered by Palmetto. 90% of his services are provided to Medicaid patients. Not by his choice, but by demographics and circumstance. The letter from Palmetto states that he is being excluded from Palmetto’s Medicare network, effective in 10 days. He will also be placed on the CMS preclusion list in 4 months.

We appeal through Palmetto, as required. But, in the meantime, four other MACs, State Medicaid and BCBS terminate Dr. Ishmael’s billing privileges for Medicare and Medicaid based on Palmetto’s decision. Remember, we are appealing Palmetto’s decision as we believe it is erroneous. But because of Palmetto’s possibly incorrect decision to terminate Dr. Ishmael’s Medicare billing privileges, all of a sudden, 100% of Dr. Ishmael’s services are nonbillable and nonreimburseable…without Dr. Ishmael or the hospital ever getting the opportunity to review and defend against the otherwise innocuous termination decision.

Here, the hospital executives, along with legal counsel, schedule meetings with Dr. Ishmael. “They need him,” they say. “He is important,” they say. But he is not on the next month’s rotation. Or the next.

They say: “Come and see if ye can swerve me. Swerve me? ye cannot swerve me, else ye swerve yourselves! man has ye there. Swerve me?”

Billing audits on ER docs for Medicare/caid compliance are distinctive processes, separate from other providers’ audits. Most providers know the insurance of the patient to whom they are rendering services. Most providers use one biller and practice at one site. ER docs have no control over the choice of their billers. Not to mention, the questions arises, who gets to appeal on behalf the ER provider? Doesn’t the hospital reap the benefit of the reimbursements?

But one seemingly paltry, almost, minnow-like, audit by a cameo auditor can disrupt an entire career for an ER doc. It is imperative to act fast to appeal in the case of an ER doc.  But balance speed of the appeal with the importance of preparing all legal arguments. Most MACs or other auditing entities inform other payors quickly of your exclusion or termination but require you to put forth all arguments in your appeal or you could waive those defenses. I argue against that, but the allegations can exist nonetheless.

The moral of the story is ER docs need to appeal and appeal fast when billing privileges are restricted, even if the particular payor only constitutes 4 surgeries a month. As Herman Melville said: “I know not all that may be coming, but be it what it will, I’ll go to it laughing.” 

Sometimes, however, it is not a laughing matter. It is an appealable matter.

Inconsequential Medicare Audits Could Morph into a Whopper of a Whale

Emergency room physicians or health care providers are a discrete breed – whales in a sea of fish. Emergency room doctors have – for the most part – been overlooked by the RAC auditors or TPE, ZPIC, or MAC auditors. Maybe it’s because, even RAC auditors have children or spouses that need ER services from time to time. Maybe it’s because ER doctors use so many different billers. Normally, an ER doctor doesn’t know which of his or her patients are Medicaid or Medicare. When someone is suffering from a a broken leg or heart attack, the ER doctor is not going to stop care to inquire whether the patient is insured and by whom. But should they? Should ER doctors have to ask patients their insurer? If the answer includes any sort of explanation that care differs depending on whether someone is covered by Medicare or Medicaid or has private insurance, then, sadly, the answer may be yes.

ER doctors travel to separate emergency rooms, which are owned by various and distinct entities, and rely on individual billing companies. They do not normally work at only one hospital. Thus, they do not always have the same billers. We all know that not all billers are created equal. Some are endowed with a higher understanding of billing idiosyncrasies than others.

For example, for CPT codes 99281-99285 – Hospital emergency department services are not payable for the same calendar date as critical care services when provided by the same physician or physician group with the same specialty to the same patient. 

We all know that all hospitals do not hire and implement the same billing computer software programs. The old adage – “you get what you pay for” – may be more true than we think. Recent articles purport that “the move to electronic health records may be contributing to billions of dollars in higher costs for Medicare, private insurers and patients by making it easier for hospitals and physicians to bill more for their services, whether or not they provide additional care.” – Think a comment like that would red-flag ER doctors services by RAC, MAC and ZPIC auditors? The white whale may as well shoot a water spray 30 feet into the air.

Will auditing entities begin to watch ER billing more closely? And what are the consequences? When non-emergency health care providers are terminated by Medicare, Medicaid, or a MAC or MCO’s network, there is no emergency – by definition. Juxtapose, the need for ER health care providers. ER rooms cannot function with a shortage of  physicians and health care providers. Even more disturbing is if the termination is unwarranted and seemingly inconsequential – only affecting under 4 surgeries per month – but acts as the catalyst for termination of Medicare, Medicaid, and private payors across the board.

I have a client named Dr. Ishmael. His big fish became the MAC Palmetto – very suddenly. Like many ER docs, he rotates ERs. He provides services for Medicare, Medicaid, private pay, uninsured – it doesn’t matter to him, he is an ER doctor. He gets a letter from one MAC. In this case, it was Palmetto. Interestingly enough, Palmetto is his smallest insurance payor. Maybe 2 surgeries a month are covered by Palmetto. 90% of his services are provided to Medicaid patients. Not by his choice, but by demographics and circumstance. The letter from Palmetto states that he is being excluded from Palmetto’s Medicare network, effective in 10 days. He will also be placed on the CMS preclusion list in 4 months.

We appeal through Palmetto, as required. But, in the meantime, four other MACs, State Medicaid and BCBS terminate Dr. Ishmael’s billing privileges for Medicare and Medicaid based on Palmetto’s decision. Remember, we are appealing Palmetto’s decision as we believe it is erroneous. But because of Palmetto’s possibly incorrect decision to terminate Dr. Ishmael’s Medicare billing privileges, all of a sudden, 100% of Dr. Ishmael’s services are nonbillable and nonreimburseable…without Dr. Ishmael or the hospital ever getting the opportunity to review and defend against the otherwise innocuous termination decision.

Here, the hospital executives, along with legal counsel, schedule meetings with Dr. Ishmael. “They need him,” they say. “He is important,” they say. But he is not on the next month’s rotation. Or the next.

They say: “Come and see if ye can swerve me. Swerve me? ye cannot swerve me, else ye swerve yourselves! man has ye there. Swerve me?”

Billing audits on ER docs for Medicare/caid compliance are distinctive processes, separate from other providers’ audits. Most providers know the insurance of the patient to whom they are rendering services. Most providers use one biller and practice at one site. ER docs have no control over the choice of their billers. Not to mention, the questions arises, who gets to appeal on behalf the ER provider? Doesn’t the hospital reap the benefit of the reimbursements?

But one seemingly paltry, almost, minnow-like, audit by a cameo auditor can disrupt an entire career for an ER doc. It is imperative to act fast to appeal in the case of an ER doc.  But balance speed of the appeal with the importance of preparing all legal arguments. Most MACs or other auditing entities inform other payors quickly of your exclusion or termination but require you to put forth all arguments in your appeal or you could waive those defenses. I argue against that, but the allegations can exist nonetheless.

The moral of the story is ER docs need to appeal and appeal fast when billing privileges are restricted, even if the particular payor only constitutes 4 surgeries a month. As Herman Melville said: “I know not all that may be coming, but be it what it will, I’ll go to it laughing.” 

Sometimes, however, it is not a laughing matter. It is an appealable matter.

Are ALJ Appointed Properly, per the Constitution?

A sneaky and under-publicized matter, which will affect every one of you reading this, slid into common law last year with a very recent case, dated Jan. 9, 2020, upholding and expanding the findings of a 2018 case, Lucia v. SEC, 138 S. Ct. 2044 (U.S. 2018). In Lucia, the Supreme Court upheld the plain language of the U.S. Constitution’s Appointments Clause.

The Appointments Clause prescribes the exclusive means of appointing “officers.” Only the President, a court of law, or a head of department can do so. See Art. II, § 2, cl. 2.

In Lucia, the sole issue was whether an administrative law judge (ALJ) can be appointed by someone other than the President or a department head under Article II, §2, cl. 2 of the U.S. Constitution, or whether ALJs simply federal employees. The Lucia court held that ALJs must be appointed by the President or the department head; this is a non-delegable duty. The most recent case, Sara White Dove-Ridgeway v. Nancy Berrryhill, 2020 WL 109034, (D.Ct.DE, Jan. 9, 2020), upheld and expanded Lucia.

ALJs are appointed. In many states, ALJs are direct employees of a single state agency. In other words, in many states, about half, the payroll check that an ALJ receives bears the emblem of the department of health for that state. I have litigated in administrative courts in approximately 33 states, and have seen my share of surprises. In one case, many years ago, LinkedIn informed me that my appointed ALJ was actually a professional photographer by trade.

Lucia, however, determined that ALJs at the Securities and Exchange Commission (SEC) were “officers of the United States,” subject to the Appointment Clause of the Constitution, which requires officers to be appointed by the president, the heads of departments, or the courts. The court’s decision raised concern at the U.S. Department of Health and Human Services (HHS) because its ALJs had not been appointed by the secretary, but rather by lower agency officials.

The court also held that relief should be granted to “one who makes a timely challenge to the constitutional validity of the appointment of an officer who adjudicates his case.” Whether that relief is monetary, in the form of attorneys’ fees reimbursed or out-of-pocket costs, it is unclear.

In July 2018, President Trump’s Executive Order 13843 excepted ALJs from the competitive service, so agency heads, like HHS Secretary Alex Azar, could directly select the best candidates through a process that would ensure the merit-based appointment of individuals with the specific experience and expertise needed by the selecting agencies.

The executive order also accepted all previously appointed ALJs. So there became a pre-July 16, 2018, challenge and a post-July 16, 2018, based on Trump’s Executive Order. Post-July 16, 2018, appointees had to be appointed by the President or department head. But the argument could be made that ALJs appointed pre-July 16, 2018, were grandfathered into the more lax standards. In Dove-Ridgway, Social Security benefits were at issue. On July 5, 2017, ALJ Jack S. Pena found a plaintiff not disabled. On Jan. 7, 2019, the plaintiff filed an appeal of the ALJ’s decision, seeking judicial review from the district court. In what seems to be the fastest decision ever to emerge from a court of law, two days later, a ruling was rendered. The District Court found that even though at the time of the administrative decision, Lucia and Trump’s Executive Order had not been issued, the court still held that the ALJ needed to have been appointed constitutionally. It ordered a remand for a rehearing before a different, constitutionally appointed ALJ, despite the fact that Trump had accepted all previously appointed ALJs.

In this firsthand, post-Jan. 9, 2020, era, we have an additional defense against Medicare or Medicaid audits or alleged overpayments in our arsenal: was the ALJ appointed properly, per the U.S. Constitution?

Programming Note: Listen to Knicole Emanuel’s live reports on Monitor Monday, 10-10:30 a.m. EST.

As seen on RACMonitor.