Category Archives: Medicare Audits
This segment is rated ‘F’ for fraud. It is not for the meek of heart. How many of you have read a newspaper or seen the news about Medicare and Medicaid provider fraudsters? There is a grey area between civil and criminal prosecutions of fraud. Some innocent providers get caught in the wide, fraud net because counsel doesn’t understand the idiosyncrasies of Medicare regulations.
Health care fraud GENERALLY exists as one of the following:
- Billing for services not rendered;
- Billing for a non-covered service as a covered service;
- Misrepresenting the DOS
- Misrepresenting location of service;
- Misrepresenting provider of service
- Waiving deductibles and/or co-payments
- Incorrect reporting of diagnoses or procedures;
- Overutilization of services;
- Kickbacks/referrals for money
- False or unnecessary issuance of prescription drugs
To err is human. Or so Alexander Pope says. I am here to attest that many of those accused providers are innocent and victims of unspecialized criminal attorneys.
One plastic surgeon knows this only too well. Quick anecdote:
Doctor was audited for removing lesions from the eye area and accused of billing for removing cancerous lesions even when the biopsies came back benign. Yet Medicare instructs physicians to NOT go back and change a CPT code after the fact. The physician is supposed to make an educated guess as to whether the lesion removed is benign or malignant. There are no crystal balls so he makes an educated determination.
Since plastic surgery is highly specialized and the physician is highly educated. Deference should be given to the physician regardless.
This plastic surgeon was accused of upcoding and billing for services not rendered. He performed biopsies around the eye of possible, cancerous lesions. Once removed, he would send the samples to lab. Meanwhile, before knowing whether the samples were cancerous, because he believed them to be cancerous, billed for removal of cancerous lesion to Medicare. Correct coding for skin procedures is not impossible.
In a Local Coverage Determination (“LCD”), beginning 2008, Medicare instructed physicians to not go back and change codes depending on the pathology. “If a benign skin lesion excision was performed, report the applicable CPT code, even if final pathology demonstrates a malignant or carcinoma diagnosis for the lesion removed. The final pathology does not change the CPT code of the procedure performed.” See LCD: Removal of Benign Skin Lesions, 2008. This plastic surgeon relied on CMS’ Medicare regulations and policies, including the Medicare Provider Manual and LCD 2008, which are published by the government and on which Dr. relied.
Doctor hired two criminal attorneys who did not specialize in Medicare. Doctor gets charged, and attorneys convince him to plead guilty claiming that he cannot fight the government. And that the government will seize his property if he doesn’t settle.
He pled guilty to a crime that he did not do. He paid millions in restitution, was under house arrest for 15 months, the Medical Board revoked his medical license, and he lost his career.
The lesson here is always fight the government. But choose wisely with whom you fight.
I have good news and bad news today. I have chosen to begin with the good news. The ALJ backlog will soon be no more. Yes, the 4-6 years waiting period between the second and third level will, by sometime in 2021, be back to 90 days, with is the statutory requirement. What precipitated this drastic improvement? Money. This past year, CMS’ budget increased exponentially, mostly due to the Medicare appeals backlog. OMHA was given enough dough to hire 70 additional ALJs and to open six additional locations. That brings the number of ALJs ruling over provider Medicare appeals to over 100. OMHA now has the capability to hear and render decisions for approximately 300,000 appeals per year. This number is drastically higher than the number of Medicare appeals being filed. The backlog will soon be nonexistent. This is fantastic for all providers because, while CMS will continue to recoup the alleged overpayment after the 2nd level, the providers will be able to have its case adjudicated by an ALJ much speedier.
Now the bad news. Remember when the RAC program was first implemented and the RACs were zealously auditing, which is the reason that the backlog exists in the first place. RACs were given free rein to audit whichever types of service providers they chose to target. Once the backlog was out of hand, CMS restricted the RACs. They only allowed a 3 year lookback period when other auditors can go back 6 years, like the SMRC audits. CMS also mandated that the RACs slow down their number of audits and put other restrictions on RACs. Now that OMHA has the capacity to adjudicate 300,000 Medicare appeals per year, expect that those reins that have been holding the RACs back will by 2021 or 2022 be fully loosened for a full gallop.
Switching gears: Two of the lesser known audits that are exclusive to the CMS are the Supplemental Medical Review Contractor (“SMRC”) and the Targeted Probe and Educate (“TPE”) audits. Exclusivity to CMS just means that Medicare claims are reviewed, not Medicaid.
The SMRCs, in particular, create confusion. We have seen DME SMRC audits on ventilator claims, which are extremely document intensive. You can imagine the high amounts of money at issue because, for ventilators, many people require them for long periods of time. Sometimes there can 3000 claim lines for a ventilator claim. These SMRC audits are not extrapolated, but the amount in controversy is still high. SMRCs normally request the documents for 20-40 claims. It is a one-time review. It’s a post payment review audit. It doesn’t sound that bad until you receive the request for documents of 20-40 claims, all of which contain 3000 claim lines and you have 45 days to comply.
Lastly, in a rare act, CMS has inquired as whether provider prefer TPE audits or continue with post payment review audits for the remainder of the pandemic. If you have a strong opinion one way or the other, be sure to contact CMS.
Auditors are not lawyers. Some auditors do not even possess the clinical background of the services they are auditing. In this blog, I am concentrating on the lack of legal licenses. Because the standards to which auditors need to hold providers to are not only found in the Medicare Provider Manuals, regulations, NCDs and LCDs. Oh, no… To add even more spice to the spice cabinet, common law court cases also create and amend Medicare and Medicaid policies.
For example, the Jimmo v. Selebius settlement agreement dictates the standards for skilled nursing and skilled therapy in skilled nursing facilities, home health, and outpatient therapy settings and importantly holds that coverage does not turn on the presence or absence of a beneficiary’s potential for improvement.
The Jimmo settlement dictates that:
“Specifically, in accordance with the settlement agreement, the manual revisions clarify that coverage of skilled nursing and skilled therapy services in the skilled nursing facility (SNF), home health (HH), and outpatient therapy (OPT) settings “…does not turn on the presence or absence of a beneficiary’s potential for improvement, but rather on the beneficiary’s need for skilled care.” Skilled care may be necessary to improve a patient’s current condition, to maintain the patient’s current condition, or to prevent or slow further deterioration of the patient’s condition.”
This Jimmo standard – not requiring a potential for improvement – is essential for diseases that are lifelong and debilitating, like Multiple Sclerosis (“MS”). For beneficiaries suffering from MS, skilled therapy is essential to prevent regression.
I have reviewed numerous audits by UPICs, in particular, which have failed to follow the Jimmo settlement standard and denied 100% of my provider-client’s claims. 100%. All for failure to demonstrate potential for improvement for MS patients. It’s ludicrous until you stop and remember that auditors are not lawyers. This Jimmo standard is found in a settlement agreement from January 2013. While we will win on appeal, it costs providers money valuable money when auditors apply the wrong standards.
The amounts in controversy are generally high due to extrapolations, which is when the UPIC samples a low number of claims, determines an error rate and extrapolates that error rate across the universe. When the error rate is falsely 100%, the extrapolation tends to be high.
While an expectation of improvement could be a reasonable criterion to consider when evaluating, for example, a claim in which the goal of treatment is restoring a prior capability, Medicare policy has long recognized that there may also be specific instances where no improvement is expected but skilled care is, nevertheless, required in order to prevent or slow deterioration and maintain a beneficiary at the maximum practicable level of function. For example, in the regulations at 42 CFR 409.32(c), the level of care criteria for SNF coverage specify that the “. . . restoration potential of a patient is not the deciding factor in determining whether skilled services are needed. Even if full recovery or medical improvement is not possible, a patient may need skilled services to prevent further deterioration or preserve current capabilities.” The auditors should understand this and be trained on the proper standards. The Medicare statute and regulations have never supported the imposition of an “Improvement Standard” rule-of-thumb in determining whether skilled care is required to prevent or slow deterioration in a patient’s condition.
When you are audited by an auditor whether it be a RAC, MAC or UPIC, make sure the auditors are applying the correct standards. Remember, the auditors aren’t attorneys or doctors.
Medicaid Fraud Control Units Performed Poorly During the Pandemic: Expect MFCU Oversight to Increase
OIG just published its annual survey of how well or poor MFCUs across the country performed in 2020, during the ongoing COVID pandemic. Each State has its own Medicaid Fraud Control Unit (“MFCU”) to prosecute criminal and civil fraud in its respective State. I promise you, you do not want MFCU to be calling or subpoena-ing you unexpectedly. The MFCUs reported that the pandemic created significant challenges for staff, operations, and court proceedings, which led to lower case outcomes in FY 2020. But during this past “lower than expected” recovery year, the MFCUs still recovered over $1 billion from health care providers. It was a 48% drop.
As MFCUs initially moved to a telework environment, some staff reported experiencing challenges conducting work because of limitations with computer equipment and network infrastructure. Field work was also limited. To help protect staff and members of the public from the pandemic, MFCUs reported curtailing some in-person field work, such as interviews of witnesses and suspects. These activities were further limited because of an initial lack of personal protective equipment that was needed in order to conduct similar activities in nursing homes and other facilities. Basically, COVID made for a bad recovery year by the MFCUs. Courts were closed for a while as well, slowing the prosecutorial process.
The report further demonstrated how lucrative the MFCU agencies are, despite the pandemic. For every $1 dollar spent on the administration of a MFCU, the MFCUs rake in $3.36. In 2020, the MFCUs excluded 928 individuals or entities. There were 786 civil settlements and judgments; the vast majority of judgments were pharmaceutical manufacturers. Convictions decreased drastically from 1,564 in 2019 to 1,017 convictions in 2020. Interestingly, looking at the types of providers convicted or penalized, the vast majority were personal care services attendants and agencies. Five times higher than the next highest provider type – nurses: LPN, RNs, NPs, and PAs.
And the award goes to Maine’s MFCU – The Maine MFCU received the Inspector General’s Award for Excellence in Fighting Fraud, Waste, and Abuse for its high number of case outcomes across a mix of case types.
OIG also established the desired performance indicators for 2021. OIG expects the MFCUs to maintain an indictment rate of 19% and a conviction rate of 89.1%.
The OIG Report Foreshadows 2021 MFCU Actions:
- Hospice: Expect audits. $0 was recovered in 2020.
- Fraud convictions increased for cardiologists and emergency medicine. Expect these areas to be more highly scrutinized, especially given all the COVID exceptions and rule amendments last year.
- Expect a MFCU rally. The pandemic may not be over, but with increased vaccines and after a down year, MFCUs will be bulls in the upcoming year as opposed to last year’s forced, lamb-like actions due to the pandemic.
While Medicare is strictly a federal program, Medicaid is funded with federal and State tax dollars. Therefore, each State’s regulations germane to Medicaid can vary. Medicaid fraud can be prosecuted as a federal or a State crime.
Happy 55th Medicare! Pres. Biden’s health care policies differ starkly from former Pres. Trump’s. I will discuss some of the key differences. The newest $1.9 trillion COVID bill passed February 27th. President Biden is sending a clear message for health care providers: His agenda includes expanding government-run, health insurance and increase oversight on it. In 2021, Medicare is celebrating its 55th year of providing health insurance. The program was first signed into law in 1965 and began offering coverage in 1966. That first year, 19 million Americans enrolled in Medicare for their health care coverage. As of 2019, more than 61 million Americans were enrolled in the program.
Along with multiple Executive Orders, Pres. Biden is clearly broadening the Affordable Care Act (“ACA”), Medicaid and Medicare programs. Indicating an emphasis on oversight, President Biden chose former California Attorney General Xavier Becerra to lead HHS. Becerra was a prosecutor and plans to bring his prosecutorial efforts to the nation’s health care. President Biden used executive action to reopen enrollment in ACA marketplaces, a step in his broader agenda to bolster the Act with a new optional government health plan.
For example, one of my personal, favorite issues that Pres. Biden will address is parity for Medicare coverage for medically necessary, oral health care. In fact, Medicare coverage extends to the treatment of all microbial infections except for those originating from the teeth or periodontium. There is simply no medical justification for this exclusion, especially in light of the broad agreement among health care providers that such care is integral to the medical management of numerous diseases and medical conditions.
The Biden administration has taken steps to roll back a controversial Trump-era rule that requires Medicaid beneficiaries to work in order to receive coverage. Two weeks ago, CMS sent letters to several states that received approval for a Section 1115 waiver – for Medicaid. CMS said it was beginning a process to determine whether to withdraw the approval. States that received a letter include Arizona, Arkansas, Georgia, Indiana, Nebraska, Ohio, South Carolina, Utah, and Wisconsin. The work requirement waivers that HHS approved at the end of the previous administration’s term may not survive the new presidency.
Post Payment Reviews—Recovery Audit Contractor (“RAC”) audits will increase during the Biden administration. The RAC program was created by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. As we all know, the RACs are responsible for identifying Medicare overpayments and underpayments and for highlighting common billing errors, trends, and other Medicare payment issues. In addition to collecting overpayments, the data generated from RAC audits allows CMS to make changes to prevent improper payments in the future. The RACs are paid on a contingency fee basis and, therefore, only receive payment when recovery is made. This creates overzealous auditors and, many times, inaccurate findings. In 2010, the Obama administration directed federal agencies to increase the use of auditing programs such as the RACs to help protect the integrity of the Medicare program. The RAC program is relatively low cost and high value for CMS. It is likely that the health care industry will see growth in this area under the Biden administration. To that end, the expansion of audits will not only be RAC auditors, but will include increased oversight by MACs, CERTs, UPICs, etc.
Telehealth audits will be a focus for Pres. Biden. With increased use of telehealth due to COVID, comes increased telehealth fraud, allegedly. On September 30, 2020, the inter-agency National Health Care Take Down Initiative announced that it charged hundreds of defendants ostensibly responsible for—among other things—$4.5 billion in false and fraudulent claims relating to telehealth advertisements and services. Unfortunately for telehealth, bad actors are prevalent and will spur on more and more oversight.
Both government-initiated litigation and qui tam suits appear set for continued growth in 2021. Health care fraud and abuse dominated 2020 federal False Claims Act (“FCA”) recoveries, with almost 85 percent of FCA proceeds derived from HHS. The increase of health care enforcement payouts reflects how important government paid health insurance is in America. Becerra’s incoming team is, in any case, expected to generally ramp up law enforcement activities—both to punish health care fraud and abuse and as an exercise of HHS’s policy-making authorities.
With more than $1 billion of FCA payouts in 2020 derived from federal Anti-Kickback Statute (“AKS”) settlements alone, HHS’s heavy reliance on the FCA because it is a strong statute with “big teeth,” i.e., penalties are harsh. For these same reasons, prosecutors and qui tam relators will likely continue to focus their efforts on AKS enforcement in the Biden administration, despite the recent regulatory carveouts from the AKS and an emerging legal challenge from drug manufacturers.
The individual mandate is back in. The last administration got rid of the individual mandate when former Pres. Trump signed the GOP tax bill into law in 2017. Pres. Biden will bring back the penalty for not being covered under health insurance under his plan. Since the individual mandate currently is not federal law, a Biden campaign official said that he would use a combination of Executive Orders to undo the changes.
In an effort to lower the skyrocketing costs of prescription drugs, Pres. Biden’s plan would repeal existing law that currently bans Medicare from negotiating lower prices with drug manufacturers. He would also limit price increases for all brand, biotech and generic drugs and launch prices for drugs that do not have competition.
Consumers would also be able to buy cheaper priced prescription drugs from other countries, which could help mobilize competition. And Biden would terminate their advertising tax break in an effort to also help lower costs.
In all, the Biden administration is expected to expand health care, medical, oral, and telehealth, while simultaneously policing health care providers for aberrant billing practices. My advice for providers: Be cognizant of your billing practices. You have an opportunity with this administration to increase revenue from government-paid services but do so compliantly.
Who knows that – regardless your innocence –the government can and will recoup your funds preemptively at the third level of Medicare appeals. This flies in the face of the elements of due process. However, courts have ruled that the redetermination and the reconsideration levels afford the providers enough due process, which entails notice and an opportunity to be heard. I am here to tell you – that is horse manure. The first two levels of a Medicare appeal are hoops to jump through in order to get to an independent tribunal – the administrative law judge (“ALJ”). The odds of winning at the 1st or 2nd level Medicare appeal is next to zilch, although often you can get the alleged amount reduced. The first level is before the same entity that found you owe the money. Auditors are normally not keen on overturning themselves. The second level is little better. The first time that you present to an independent tribunal is at the third level.
Between 2009 and 2014, the number of ALJ appeals increased more than 1,200 percent. And the government recoups all alleged overpayments before you ever get before an ALJ.
In a recent case, Sahara Health Care, Inc. v. Azar, 975 F.3d 523 (5th Cir. 2020), a home health care provider brought an action against Secretary of Department of Health and Human Services (“HHS”) and Administrator for the Centers for Medicare and Medicaid Services (“CMS”), asserting that its statutory and due process rights were violated and that defendants acted ultra vires by recouping approximately $2.4 million in Medicare overpayments without providing a timely ALJ hearing. HHS moved to dismiss, and the provider moved to amend, for a temporary restraining order (“TRO”) and preliminary injunction, and for an expedited hearing.
The case was thrown out, concluding that adequate process had been provided and that defendants had not exceeded statutory authority, and denied provider’s motion for injunctive relief and to amend. The provider appealed and lost again.
What’s the law?
Congress prohibited HHS from recouping payments during the first two stages of administrative review. 42 U.S.C. § 1395ff(f)(2)(A).
If repayment of an overpayment would constitute an “extreme hardship, as determined by the Secretary,” the agency “shall enter into a plan with the provider” for repayment “over a period of at least 60 months but … not longer than 5 years.” 42 U.S.C. § 1395ddd(f)(1)(A). That hardship safety valve has some exceptions that work against insolvent providers. If “the Secretary has reason to believe that the provider of services or supplier may file for bankruptcy or otherwise cease to do business or discontinue participation” in the Medicare program, then the extended repayment plan is off the table. 42 U.S.C. § 1395ddd(f)(1)(C)(i). A provider that ultimately succeeds in overturning an overpayment determination receives the wrongfully recouped payments with interest. 42 U.S.C. § 1395ddd(f)(2)(B). The government’s interest rate is high. If you do have to pay back the alleged overpayment prematurely, the silver lining is that you may receive extra money for your troubles.
The years-long back log, however, may dwindle. The agency has received a funding increase, and currently expects to clear the backlog by 2022. In fact, the Secretary is under a Mandamus Order requiring such a timetable.
A caveat regarding this grim news. This was in the Fifth Circuit. Other Courts disagree. The Fourth Circuit has held that providers do have property interests in Medicare reimbursements owed for services rendered, which is the correct holding. Of course, you have a property interest in your own money. An allegation of wrongdoing does not erase that property interest. The Fourth Circuit agrees with me.
By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.
On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer. Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.
Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”) does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).
Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure. Most people don’t spell it correctly and even less people know what the acronym means. In 2009, HIPAA was supplemented with the HITECH Act. Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information. HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities “implement a mechanism to encrypt” all PHI that is stored electronically. 45 C.F.R. Section 164.312(a)(2)(iv). Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).
Whew, that was a quick history lesson. Now, back to the story.
In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI. First, a laptop was stolen. Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.
HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS).
You may be wondering, what in the world did they violate that would result in such an outrageous fine? So did MD Anderson!
MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.
Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient. 45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity. Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed. “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.
HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity. Well, go complain to the referees HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.
Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations. Not so fast, said the Court. The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system. MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation. Id.at *4.
I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was. That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.
Let’s hope I have many touchdowns to stand up and celebrate on Sunday! Go Chiefs!
The legal fine print: As exciting as this opinion is, please remember that devices should be encrypted and PHI should be protected to the maximum extent possible. While this is a great decision, it doesn’t remove the obligation to comply with the Regulations.
 PHI contains 18 different identifiers. 42 C.F.R. § 164.514(a)(2)(i).
 It’s the Health Insurance Portability and Accountability Act of 1996.
 HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009.
 Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.
 This is a very simple overstatement, but it works for the purposes of this article.
 Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards. An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.
The RACs are on attack! The “COVID Pause Button” on RAC audits has been lifted. The COVID Pause Button has been lifted since August 2020. But never have I ever seen CMS spew out so many new RAC topics in one month of a new year. Happy 2021.
Recovery audit contractors (“RACs”) will soon be auditing positron emission tomography (PET) scans for initial treatment strategy in oncologic conditions for compliance with medical necessity and documentation requirements.
Positron emission tomography (“PET”) scans detect early signs of cancer, heart disease and brain disorders. An injectable radioactive tracer detects diseased cells. A combination PET-CT scan produces 3D images for a more accurate diagnosis.
According to CMS’ RAC audit topics, “(PET) for Initial Treatment Strategy in Oncologic Conditions: Medical Necessity and Documentation Requirements,” will be reviewed as of January 5, 2021. The PET scan audits will be for outpatient hospital and professional service reviews. CMS added additional 2021 audit targets to the approved list:
- Air Ambulance: Medical Necessity and Documentation Requirements,. This complex review will be examining rotatory wing (helicopter) aircraft claims to determine if air ambulance transport was reasonable and medically necessary as well as whether or not documentation requirements have been met.
- Hospice Continuous Home Care: Medical Necessity and Documentation Requirements, and
- Ambulance Transport Subject to SNF Consolidated Billing.
Upcoming HHS secretary Xavier Becerra plans to get his new tenure underway quickly.
In False Claims Act (“FCA”) news, Medicare audits of P-Stim have ramped up across the country. A Spinal Clinic in Texas agreed to pay $330,898 to settle FCA allegations for allegedly billing Medicare improperly for electro-acupuncture device neurostimulators. CMS claims that “Medicare does not reimburse for acupuncture or for acupuncture devices such as P-Stim, nor does Medicare reimburse for P-Stim as a neurostimulator or as implantation of neurostimulator electrodes.”
Finally, is your staff getting medical records to consumers requesting their records quickly enough? Right to access to health records is yet another potential risk for all providers, especially hospitals due to their size. A hospital system agreed to pay $200,000 to settle potential violations of the HIPAA Privacy Rule’s right of access standard. This is HHS Office for Civil Rights’ 14th settlement under its Right of Access Initiative. The first person alleged that she requested medical records in December 2017 and did not receive them until May 2018. In the second complaint, the person asked for an electronic copy of his records in September 2019, and they were not sent until February 2020.
Beware of slow document production as slow document production can lead to penalties. And be on the lookout for the next RAC Report.
Remember, never accept the results of a Medicare or Medicaid audit. It is always too high. Believe me, after 21 years of my legal practice, I have yet to agree with the findings if a Tentative notice of Overpayment by any governmental contracted auditor, whether it is PCG, NGS, the MACs, MCOs, or Program Integrity – in any of our 50 States. That is quite a statement about the general, quality of work of auditors. Remember Teambuilders? How did $12 million become $896.35? See blog.
1 CMS, “0200-Air Ambulance: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/35Jx1co.
2 CMS, “0201-Hospice Continuous Home Care: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/3oRUyiY.
3 CMS, “0202- Ambulance Transport Subject to SNF Consolidated Billing,” proposed RAC topic, January 5, 2021, http://go.cms.gov/2LOMEbw.
For healthcare providers looking to avoid any of the traps stemming from PRF (Provider Relief Funds) compliance, RACmonitor is inviting you to sign up for Knicole Emanuel’s upcoming webcast on January 21st, 2021. It is titled: COVID-19 Provider Relief Funds: How to Avoid Audits. You can visit RACmonitor download the order form for the webcast to save yourself a spot.
If your facility accepted Provider Relief Funds (PRFs) as a consequence of the coronavirus pandemic, you need to be aware of the myriad of rules and regulations that are associated with this funding or else face penalties and takebacks. A word of caution: expect to be audited. In Medicare and Medicaid, regulatory audits are as certain as death and taxes. That is why your facility needs to arm itself with the knowledge of how to address documentation requests from the government, especially while the Public Health Emergency (PHE) is in effect.
This exclusive RACmonitor webcast, led by healthcare attorney Knicole Emanuel, discusses the PRF rules that providers must follow and how to prove that funds were appropriately used. There are strict regulations dictating why, how, and how much PRFs can be spent due to the catastrophic, financial impact of COVID-19. Register now to learn how to avoid penalties and takebacks related to PRFs.
- Rules and regulations relative to receiving and spending funds provided by the COVID-19 PRF
- Exceptions to COVID-19 PRF and relevant effective dates
- PRF documentation and reporting requirements
- The importance of the legal dates of PHE
- How to prove your facility’s use of funds is germane to COVID-19
Who Should Attend:
- RAC and appeals specialists
- RAC coordinators
- Compliance officers
- Directors and managers
About Knicole C. Emanuel, Esq.
Healthcare industry expert and Practus partner, Knicole Emanuel, is a regular contributor to the healthcare industry podcast, Monitor Mondays, by RACmonitor. For more than 20 years, Knicole Emanuel has maintained a health care litigation practice, concentrating on Medicare and Medicaid litigation, health care regulatory compliance, administrative law and regulatory law. Knicole has tried over 2,000 administrative cases in over 30 states and has appeared before multiple states’ medical boards.
She has successfully obtained federal injunctions in numerous states. This allowed health care providers to remain in business despite the state or federal laws allegations of health care fraud, abhorrent billings, and data mining. A wealth of knowledge in her industry, Knicole frequently lectures across the country on health care law. This includes the impact of the Affordable Care Act and regulatory compliance for providers, including physicians, home health and hospice, dentists, chiropractors, hospitals and durable medical equipment providers.
While the Coronavirus pandemic is horrible and seems to be getting worse. COVID has forced slight, positive changes in the telehealth arena and, perhaps, in the widening of the ambiguous definition of “medical necessity” or, as I call it – the undefined, definition of “medical necessity.” Medical necessity is the backbone of rendering health care services. Without it, services should not be provided. Yet, medical necessity is the most litigated topic in all of audits.
On September 1, 2020, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule that will codify a definition of “medical necessity” for Medicare purposes. So far, the definition of medical necessity varies, depending on the source. The MACs have been given long rein in defining the term on an individual and separate basis, creating disparity in definitions and criteria. The proposed rule’s comment period ended November 2, 2020.
All this to say medical necessity is in the eye of the beholder. Much like beauty. Why then, can RAC and MAC auditors who are not doctors, not firsthand, treating providers, not nurses or LCASs, decide that medical necessity does or does not exist for a patient that they have never seen?
Black’s Law Dictionary (the most prominent legal dictionary) has a super, unhelpful definition of medical necessity: “If not carried out the patient’s situation could worsen. For a patient’s treatment found to be necessary is this specific type of procedure or treatment.”
The American Medical Association (“AMA”), on the other hand, has a more detailed definition, probably unintended to make it all the more confusing:
“Our AMA defines medical necessity as: Health care services or products that a prudent physician would provide to a patient for the purpose of preventing, diagnosing or treating an illness, injury, disease or its symptoms in a manner that is: (a) in accordance with generally accepted standards of medical practice; (b) clinically appropriate in terms of type, frequency, extent, site, and duration; and (c) not primarily for the economic benefit of the health plans and purchasers or for the convenience of the patient, treating physician, or other health care provider.”
CMS’ proposed rule codifies a definition of what makes an item or service medically “reasonable and necessary” under the Social Security Act 1861(a)(1)(A). The rule, if finalized, would codify in regulations a definition of “reasonable and necessary” items and services based on a definition currently used by Medicare Administrative Contractors (MACs), with an additional element that potentially would include coverage determinations by commercial insurers as a factor in making Medicare coverage determinations.
The Proposed Definition (To be Codified in 42 CFR 405.201)
“We are proposing to codify the longstanding Program Integrity Manual definition of “reasonable and necessary” into our regulations at 42 CFR 405.201(b), with modification. Under the current definition, an item or service is considered “reasonable and necessary” if it is (1) safe and effective; (2) not experimental or investigational; and (3) appropriate, including the duration and frequency that is considered appropriate for the item or service, in terms of whether it is—
- Furnished in accordance with accepted standards of medical practice for the diagnosis or treatment of the patient’s condition or to improve the function of a malformed body member;
- Furnished in a setting appropriate to the patient’s medical needs and condition;
- Ordered and furnished by qualified personnel;
- One that meets, but does not exceed, the patient’s medical need; and
- At least as beneficial as an existing and available medically appropriate alternative.” See Proposed Rule.
In addition, CMS adds that it will also utilize commercial payor standards or have an objective panel determine medical necessity if criteria #1 and #2 were met, but not #3. This additional commentary is another example of how subjective and fact-specific determining medical necessity can be. The LCDs will also be consulted.
If adopted, these proposals would arguably lead to the most wide-ranging changes in Medicare’s coverage standards and procedures in decades. The proposal to codify the definition of “reasonable and necessary” applies to all items and services. The inclusion of commercial payor standards may be a wild card.
The definition of medical necessity has not been officially revised – yet. One could imagine that, in the midst of a RAC or MAC audit, auditors and providers will disagree as to the true definition of medical necessity.
Going forward, when you get audited, immediately look and see whether your claim denials were denied due to “lack of medical necessity.” Ask yourself, “Really? Is there no medical necessity in this case…even in the era of COVID?” Because the auditors may be wrong.
Secondly, ensure that the RAC and MAC entity is CMS-certified to review those certain CPT codes for medical necessity. CMS limits audits on medical necessity because of the vagueness of the definition. When auditors find no medical necessity, then providers must push back. And you should push back, legally, of course!