Medicaid Fraud Control Units Performed Poorly During the Pandemic: Expect MFCU Oversight to Increase
OIG just published its annual survey of how well or poor MFCUs across the country performed in 2020, during the ongoing COVID pandemic. Each State has its own Medicaid Fraud Control Unit (“MFCU”) to prosecute criminal and civil fraud in its respective State. I promise you, you do not want MFCU to be calling or subpoena-ing you unexpectedly. The MFCUs reported that the pandemic created significant challenges for staff, operations, and court proceedings, which led to lower case outcomes in FY 2020. But during this past “lower than expected” recovery year, the MFCUs still recovered over $1 billion from health care providers. It was a 48% drop.
As MFCUs initially moved to a telework environment, some staff reported experiencing challenges conducting work because of limitations with computer equipment and network infrastructure. Field work was also limited. To help protect staff and members of the public from the pandemic, MFCUs reported curtailing some in-person field work, such as interviews of witnesses and suspects. These activities were further limited because of an initial lack of personal protective equipment that was needed in order to conduct similar activities in nursing homes and other facilities. Basically, COVID made for a bad recovery year by the MFCUs. Courts were closed for a while as well, slowing the prosecutorial process.
The report further demonstrated how lucrative the MFCU agencies are, despite the pandemic. For every $1 dollar spent on the administration of a MFCU, the MFCUs rake in $3.36. In 2020, the MFCUs excluded 928 individuals or entities. There were 786 civil settlements and judgments; the vast majority of judgments were pharmaceutical manufacturers. Convictions decreased drastically from 1,564 in 2019 to 1,017 convictions in 2020. Interestingly, looking at the types of providers convicted or penalized, the vast majority were personal care services attendants and agencies. Five times higher than the next highest provider type – nurses: LPN, RNs, NPs, and PAs.
And the award goes to Maine’s MFCU – The Maine MFCU received the Inspector General’s Award for Excellence in Fighting Fraud, Waste, and Abuse for its high number of case outcomes across a mix of case types.
OIG also established the desired performance indicators for 2021. OIG expects the MFCUs to maintain an indictment rate of 19% and a conviction rate of 89.1%.
The OIG Report Foreshadows 2021 MFCU Actions:
- Hospice: Expect audits. $0 was recovered in 2020.
- Fraud convictions increased for cardiologists and emergency medicine. Expect these areas to be more highly scrutinized, especially given all the COVID exceptions and rule amendments last year.
- Expect a MFCU rally. The pandemic may not be over, but with increased vaccines and after a down year, MFCUs will be bulls in the upcoming year as opposed to last year’s forced, lamb-like actions due to the pandemic.
While Medicare is strictly a federal program, Medicaid is funded with federal and State tax dollars. Therefore, each State’s regulations germane to Medicaid can vary. Medicaid fraud can be prosecuted as a federal or a State crime.
Hello! And beware the Ides of March, which is today! I am going to write today about the state of audits today. When I say Medicare and Medicaid audits, I mean, RACs, MACs, ZPICs, UPICs, CERTs, TPEs, and OIG investigations from credible allegations of fraud. Without question, the new Biden administration will be concentrating even more on fraud, waste, and abuse germane to Medicare and Medicaid. This means that auditing companies, like Public Consulting Group (“PCG”) and National Government Services (“NGS”) will be busy trying to line their pockets with Medicare dollars. As for the Ides, it is especially troubling in March, especially if you are Julius Caesar. “Et tu, Brute?”
One of the government’s most powerful tool is the federal government’s zealous use of 42 CFR 455.23, which states that “The State Medicaid agency must suspend all Medicaid payments to a provider after the agency determines there is a credible allegation of fraud for which an investigation is pending under the Medicaid program against an individual or entity unless the agency has good cause to not suspend payments or to suspend payment only in part.” (emphasis added). That word – “must” – was revised from “may” in 2011, part of the Affordable Care Act (“ACA”).
A “credible allegation” is defined as an indicia of reliability, which is a low bar. Very low.
Remember back in 2013 when Ed Roche and I were reporting on the New Mexico behavioral health care cluster? To remind you, the State of NM accused 15 BH health care providers, which constituted 87.5% of the BH providers in NM, of credible allegations of fraud after the assistant AG, at the time, Larry Heyeck, had just published a legal article re “Credible Allegations of Fraud.” See blog and blog. Unsurprisingly, the suicide rate and substance abuse skyrocketed. There was even a documentary “The Shake-Up” about the catastrophic events in NM set off by the findings of PCG.
I was the lawyer for the three, largest entities and litigated four administrative appeals. If you recall, for Teambuilders, PCG claimed it owed over $12 million. After litigation, an ALJ decided that Teambuilders owed $836.35. Hilariously, we appealed. While at the time, PCG’s accusations put the company out of business, it has re-opened its doors finally – 8 years later. This is how devastating a regulatory audit can be. But congratulations, Teambuilders, for re-opening.
Federal law mandates that during the appeal of a Medicare audit at the first two levels: the redetermination and reconsideration, that no recoupment occur. However, after the 2nd level and you appeal to the ALJ level, the third level, the government can and will recoup unless you present before a judge and obtain an injunction.
Always expect bumps along the road. I have two chiropractor clients in Indiana. They both received notices of alleged overpayments. They are running a parallel appeal. Whatever we do for one we have to do for the other. You would think that their attorneys’ fees would be similar. But for one company, NGS has preemptively tried to recoup THREE times. We have had to contact NGS’ attorney multiple times to stop the withholds. It’s a computer glitch supposedly. Or it’s the Ides of March!
Happy 55th Medicare! Pres. Biden’s health care policies differ starkly from former Pres. Trump’s. I will discuss some of the key differences. The newest $1.9 trillion COVID bill passed February 27th. President Biden is sending a clear message for health care providers: His agenda includes expanding government-run, health insurance and increase oversight on it. In 2021, Medicare is celebrating its 55th year of providing health insurance. The program was first signed into law in 1965 and began offering coverage in 1966. That first year, 19 million Americans enrolled in Medicare for their health care coverage. As of 2019, more than 61 million Americans were enrolled in the program.
Along with multiple Executive Orders, Pres. Biden is clearly broadening the Affordable Care Act (“ACA”), Medicaid and Medicare programs. Indicating an emphasis on oversight, President Biden chose former California Attorney General Xavier Becerra to lead HHS. Becerra was a prosecutor and plans to bring his prosecutorial efforts to the nation’s health care. President Biden used executive action to reopen enrollment in ACA marketplaces, a step in his broader agenda to bolster the Act with a new optional government health plan.
For example, one of my personal, favorite issues that Pres. Biden will address is parity for Medicare coverage for medically necessary, oral health care. In fact, Medicare coverage extends to the treatment of all microbial infections except for those originating from the teeth or periodontium. There is simply no medical justification for this exclusion, especially in light of the broad agreement among health care providers that such care is integral to the medical management of numerous diseases and medical conditions.
The Biden administration has taken steps to roll back a controversial Trump-era rule that requires Medicaid beneficiaries to work in order to receive coverage. Two weeks ago, CMS sent letters to several states that received approval for a Section 1115 waiver – for Medicaid. CMS said it was beginning a process to determine whether to withdraw the approval. States that received a letter include Arizona, Arkansas, Georgia, Indiana, Nebraska, Ohio, South Carolina, Utah, and Wisconsin. The work requirement waivers that HHS approved at the end of the previous administration’s term may not survive the new presidency.
Post Payment Reviews—Recovery Audit Contractor (“RAC”) audits will increase during the Biden administration. The RAC program was created by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. As we all know, the RACs are responsible for identifying Medicare overpayments and underpayments and for highlighting common billing errors, trends, and other Medicare payment issues. In addition to collecting overpayments, the data generated from RAC audits allows CMS to make changes to prevent improper payments in the future. The RACs are paid on a contingency fee basis and, therefore, only receive payment when recovery is made. This creates overzealous auditors and, many times, inaccurate findings. In 2010, the Obama administration directed federal agencies to increase the use of auditing programs such as the RACs to help protect the integrity of the Medicare program. The RAC program is relatively low cost and high value for CMS. It is likely that the health care industry will see growth in this area under the Biden administration. To that end, the expansion of audits will not only be RAC auditors, but will include increased oversight by MACs, CERTs, UPICs, etc.
Telehealth audits will be a focus for Pres. Biden. With increased use of telehealth due to COVID, comes increased telehealth fraud, allegedly. On September 30, 2020, the inter-agency National Health Care Take Down Initiative announced that it charged hundreds of defendants ostensibly responsible for—among other things—$4.5 billion in false and fraudulent claims relating to telehealth advertisements and services. Unfortunately for telehealth, bad actors are prevalent and will spur on more and more oversight.
Both government-initiated litigation and qui tam suits appear set for continued growth in 2021. Health care fraud and abuse dominated 2020 federal False Claims Act (“FCA”) recoveries, with almost 85 percent of FCA proceeds derived from HHS. The increase of health care enforcement payouts reflects how important government paid health insurance is in America. Becerra’s incoming team is, in any case, expected to generally ramp up law enforcement activities—both to punish health care fraud and abuse and as an exercise of HHS’s policy-making authorities.
With more than $1 billion of FCA payouts in 2020 derived from federal Anti-Kickback Statute (“AKS”) settlements alone, HHS’s heavy reliance on the FCA because it is a strong statute with “big teeth,” i.e., penalties are harsh. For these same reasons, prosecutors and qui tam relators will likely continue to focus their efforts on AKS enforcement in the Biden administration, despite the recent regulatory carveouts from the AKS and an emerging legal challenge from drug manufacturers.
The individual mandate is back in. The last administration got rid of the individual mandate when former Pres. Trump signed the GOP tax bill into law in 2017. Pres. Biden will bring back the penalty for not being covered under health insurance under his plan. Since the individual mandate currently is not federal law, a Biden campaign official said that he would use a combination of Executive Orders to undo the changes.
In an effort to lower the skyrocketing costs of prescription drugs, Pres. Biden’s plan would repeal existing law that currently bans Medicare from negotiating lower prices with drug manufacturers. He would also limit price increases for all brand, biotech and generic drugs and launch prices for drugs that do not have competition.
Consumers would also be able to buy cheaper priced prescription drugs from other countries, which could help mobilize competition. And Biden would terminate their advertising tax break in an effort to also help lower costs.
In all, the Biden administration is expected to expand health care, medical, oral, and telehealth, while simultaneously policing health care providers for aberrant billing practices. My advice for providers: Be cognizant of your billing practices. You have an opportunity with this administration to increase revenue from government-paid services but do so compliantly.
BRRRRRR..it’s cold out there for health care providers! Expect a more stringent re-certification process going forward! DHHS was cited for being lax on provider enrollment or stuck in a metaphoric snowbank. I, on the other hand, got stuck in an actual snowbank.
Over President’s Day weekend, my mom, sister, daughter, niece, and nephew all drove to the Omni Homestead in Hot Springs, VA for a few days of skiing and snow tubing. Fun, right? It was a wonderful time, but getting there was an absolute fiasco that we will laugh about for years to come. Now, however, it’s too soon.
Friday the 12th, I almost successfully drove over a snowy, icy hill, known as Airport Rd. Then, this happened…
The catastrophic first day (the 12th), as bad as it was, the tomfoolery gave me the inspiration for this blog. On the way to The Homestead, I got my car stuck in a snowbank with my daughter for hours waiting for a tow truck, who had a really hard time finding us. I drive a two-wheel drive, sedan. My sister, on the other hand, enjoyed her youngest daughter (my niece) throwing up from car sickness the entire 5-hour drive. On the bright side, my daughter was excited to sit in the back of a police officer’s car. She even held up the handcuffs as a pose.
As I sat in my Dodge Dart with my 15-year-old girl for hours, I had 3 dentists call me regarding small, alleged overpayments. The tiniest amount at issue was $34k. The largest was just $56k. One dentist was undergoing a RAC audit. Another was undergoing a CERT audit. The third dentist was undergoing a “meaningful use” audit. My 5-hour drive quickly became 8.
The next call informed me that DHHS was being scrutinized for allowing providers maintain a Medicaid contract, who, purportedly, were not qualified. Considering I have had multiple provider-clients lately accused of not being qualified when they were qualified. My interest was perked. As I sat stuck in a snowbank, was DHHS’ provider enrollment process stuck in a similar snowbank and unable to move?
The NC State Auditor released the February 2021 Performance Audit, “Medicaid Provider Enrollment.”
The Medicaid Provider Enrollment process did not ensure that only qualified providers were approved to provide services to Medicaid beneficiaries and to receive payments from North Carolina’s Medicaid program. Specifically, the Division:
- Did not identify and remove enrolled providers from the Medicaid program who had their professional license suspended or terminated.
- Allowed all providers who had professional license limitations to remain enrolled in the Medicaid program.
- Did not ensure that its contractor verified all professional credentials during the Medicaid provider enrollment re-verification process.
- Did not require its contractor to verify provider ownership information during the Medicaid provider enrollment re-verification process.
As a result, there was an increased risk that providers whose actions posed a threat to patient safety were enrolled in Medicaid and could receive millions of dollars in improper payments from the State.
According to the Performance Audit, the following are three, specific examples of providers allowed to continue to participate in the Medicaid program:
- A physician had a license limitation that prohibited treating any female patients. A previous license limitation had required that a chaperone be present and document their presence any time the physician examined a female patient because of multiple past sexual and professional misconduct allegations. Despite the license limitation restricting the physician from treating female patients, the physician billed Medicaid for services provided to 208 female patients in the amount of $78,000 from October 18, 2018, through June 30, 2020.
- A physician was placed on probation for multiple “departure[s] from the standards of acceptable and prevailing medical practice.” The physician used a single-use syringe on multiple patients, injected unused pharmaceutical product from a previously used syringe into more than one patient, and failed to properly dispose of human waste – instead, the physician stored it “in a box in a closet near the nurse’s station.”
- A physician had a license limitation that prohibited treating any female patients. The medical board was “concerned about the process [the physician] follows for breast examinations” and found the physician’s conduct to be “a departure from the standards of acceptable and prevailing medical practice within the meaning of NCGS §90-14(a)(6).” Despite not receiving payments from Medicaid, the provider remained active in the Medicaid claims processing system (NCTracks) and was eligible to receive payments.
While I will be the first to admit that these examples are egregious, I can vouch that there are also providers accused of not being qualified when they are truly qualified. False accusation of not being qualified is also a problem. However, in light of this Performance Audit, DHHS will surely be more strict in future re-credentialing. There may be a blizzard of Medicaid provider terminations.
DHHS’ excuse when confronted with the accusation of sloppy provider enrollment process was, “The Division said that it did not have the authority to remove providers with current license limitations from the Medicaid program.” I call bullshxx and yellow snow.
DHHS routinely argues in court that it has the authority to terminate Medicaid providers’ contracts without cause. Now, I disagree, but that has been DHHS’ stance. For DHHS to claim it does not have the authority to terminate providers’ Medicaid contracts is disingenuous.
CMS was involved in this Performance Audit and instructed DHHS that it does have the authority to terminate providers who do not qualify for Medicaid participation.
Numerous home health agencies and adult care facilities were found to have staff who were not qualified. It appears that the State Auditor’s argument is that, if an agency has unqualified staff, then 100% recoupments are in order. We will have to wait and see whether DHHS attempts recoupments or terminations, as it is instructed.
Meanwhile, my daughter and I were towed out of the snowbank.
Who knows that – regardless your innocence –the government can and will recoup your funds preemptively at the third level of Medicare appeals. This flies in the face of the elements of due process. However, courts have ruled that the redetermination and the reconsideration levels afford the providers enough due process, which entails notice and an opportunity to be heard. I am here to tell you – that is horse manure. The first two levels of a Medicare appeal are hoops to jump through in order to get to an independent tribunal – the administrative law judge (“ALJ”). The odds of winning at the 1st or 2nd level Medicare appeal is next to zilch, although often you can get the alleged amount reduced. The first level is before the same entity that found you owe the money. Auditors are normally not keen on overturning themselves. The second level is little better. The first time that you present to an independent tribunal is at the third level.
Between 2009 and 2014, the number of ALJ appeals increased more than 1,200 percent. And the government recoups all alleged overpayments before you ever get before an ALJ.
In a recent case, Sahara Health Care, Inc. v. Azar, 975 F.3d 523 (5th Cir. 2020), a home health care provider brought an action against Secretary of Department of Health and Human Services (“HHS”) and Administrator for the Centers for Medicare and Medicaid Services (“CMS”), asserting that its statutory and due process rights were violated and that defendants acted ultra vires by recouping approximately $2.4 million in Medicare overpayments without providing a timely ALJ hearing. HHS moved to dismiss, and the provider moved to amend, for a temporary restraining order (“TRO”) and preliminary injunction, and for an expedited hearing.
The case was thrown out, concluding that adequate process had been provided and that defendants had not exceeded statutory authority, and denied provider’s motion for injunctive relief and to amend. The provider appealed and lost again.
What’s the law?
Congress prohibited HHS from recouping payments during the first two stages of administrative review. 42 U.S.C. § 1395ff(f)(2)(A).
If repayment of an overpayment would constitute an “extreme hardship, as determined by the Secretary,” the agency “shall enter into a plan with the provider” for repayment “over a period of at least 60 months but … not longer than 5 years.” 42 U.S.C. § 1395ddd(f)(1)(A). That hardship safety valve has some exceptions that work against insolvent providers. If “the Secretary has reason to believe that the provider of services or supplier may file for bankruptcy or otherwise cease to do business or discontinue participation” in the Medicare program, then the extended repayment plan is off the table. 42 U.S.C. § 1395ddd(f)(1)(C)(i). A provider that ultimately succeeds in overturning an overpayment determination receives the wrongfully recouped payments with interest. 42 U.S.C. § 1395ddd(f)(2)(B). The government’s interest rate is high. If you do have to pay back the alleged overpayment prematurely, the silver lining is that you may receive extra money for your troubles.
The years-long back log, however, may dwindle. The agency has received a funding increase, and currently expects to clear the backlog by 2022. In fact, the Secretary is under a Mandamus Order requiring such a timetable.
A caveat regarding this grim news. This was in the Fifth Circuit. Other Courts disagree. The Fourth Circuit has held that providers do have property interests in Medicare reimbursements owed for services rendered, which is the correct holding. Of course, you have a property interest in your own money. An allegation of wrongdoing does not erase that property interest. The Fourth Circuit agrees with me.
By Ashley Thomson, Partner at Practus, LLP. A Virtual Law Firm.
On rare occasions a Court can issue an opinion that is so logical and on-point you want to stand up and cheer. Maybe you’re only cheering if you’re a HIPAA-nerd, like me. My name is Ashley and I work with Knicole. I was the assistant GC for Truman Medical Center for 17 years. As AGC at Truman, I was inundated with so many various issues.
Here’s what got me standing up in my home office as if Patrick Mahomes just threw a pass to Tyreek Hill and the KC Chiefs scored the winning touchdown in the Super Bowl—the 5th Circuit Court of Appeals held that a lost or stolen unencrypted device containing protected health information (“PHI”) does not automatically result in a violation of the HIPAA Disclosure Rule or Encryption Rule. If you want to do your own touchdown dance check out Univ. of Texas M.D. Anderson Cancer Ctr. v. United States Dep’t of Health & Human Servs., No. 19-60226, 2021 WL 127819, at *5 (5th Cir. Jan. 14, 2021).
Unless you’ve spent the last 20 years living under a rock, you are generally aware that HIPAA is a law that protects your health information from public disclosure. Most people don’t spell it correctly and even less people know what the acronym means. In 2009, HIPAA was supplemented with the HITECH Act. Together, these laws govern how health care providers handle your medical information and what to do if there is a breach of the information. HIPAA and HITECH’s implementing regulations (the “Regulations”) require all covered entities “implement a mechanism to encrypt” all PHI that is stored electronically. 45 C.F.R. Section 164.312(a)(2)(iv). Second, the Regulations prohibit unpermitted disclosure of PHI. 45 C.F.R. Sec. 164.502(a). These two regulations are referred to as the Encryption Rule and the Disclosure Rule respectively. These requirements are enforced by the Department of Health and Human Services (“HHS”) in conjunction with the Office for Civil Rights (“OCR”).
Whew, that was a quick history lesson. Now, back to the story.
In 2012 and 2013 MD Anderson Cancer Center (“MD Anderson”) had three (3) events happen involving unencrypted devices containing PHI. First, a laptop was stolen. Second, a thumb drive was lost during someone’s commute home. Third, a visiting researcher misplaced a thumb drive. Pursuant to the regulations, MD Anderson reported these events to HHS.
HHS concluded that MD Anderson violated the Regulations and imposed a fine over $4,000,000 (let me spell that out for you. . . FOUR MILLION DOLLARS).
You may be wondering, what in the world did they violate that would result in such an outrageous fine? So did MD Anderson!
MD Anderson threw its proverbial, red challenge flag and pursued its appeal rights and ended up, finally, in Federal Court where they succeeded on establishing that the mere loss of unencrypted PHI does not violate the Disclosure Rule and that the Encryption Rule does not require that a covered entity sit down and force each and every person to encrypt their devices.
Let’s look first at the Disclosure Rule. As a general rule, HIPAA prohibits the disclosure of PHI without permission from the patient. 45 C.F.R. Sec. 164.502(a). HIPAA defines disclosure as “the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” 45 C.F.R. Sec. 164.103. Prior to reaching the 5th Circuit, MD Anderson had been told the mere fact that the unencrypted laptop and thumb drives were lost or stolen resulted in the conclusion the PHI had been improperly disclosed to someone outside of the covered entity. Thank goodness, the Court stepped in with the reasonable statement that many of us in the health care field have been saying for years. . . just because a device is lost or stolen doesn’t mean the PHI was improperly disclosed. “It defies reason to say an entity affirmatively acts to disclose information when someone steals it.” Univ. of Texas M.D. Anderson Cancer Ctr.,2021 WL 127819, at *5.
HHS claimed that it would be difficult for them to enforce the Disclosure Rule if it had to show that the PHI was disclosed to someone outside of the covered entity. Well, go complain to the referees HHS “that’s precisely the sort of policy argument that HHS could vet in a rulemaking proceeding. It’s not an acceptable basis for urging us to transmogrify the regulation HHS wrote into a broader one.” Id. And with that, the Court unceremoniously stated the obvious and provided some reason in the rather unreasonable world of HIPAA enforcement.
Next up? The Encryption Rule where HHS argued that MD Anderson’s desire to do more to encrypt their devices was an admission of non-compliance with the regulations. Not so fast, said the Court. The rule requires that a covered entity have a mechanism for the encryption PHI not that it implements an iron clad, hacker proof, 100% guaranteed encryption system. MD Anderson had an encryption mechanism which is enough to satisfy the regulation, even if HHS now “wishes it had written a different” regulation. Id.at *4.
I feel like this is the SUPERBOWL of HIPAA decisions. You may not be as excited about this opinion as I was. That’s ok. . . I’m a HIPAA and privacy nerd and I’m ok with that.
Let’s hope I have many touchdowns to stand up and celebrate on Sunday! Go Chiefs!
The legal fine print: As exciting as this opinion is, please remember that devices should be encrypted and PHI should be protected to the maximum extent possible. While this is a great decision, it doesn’t remove the obligation to comply with the Regulations.
 PHI contains 18 different identifiers. 42 C.F.R. § 164.514(a)(2)(i).
 It’s the Health Insurance Portability and Accountability Act of 1996.
 HITECH stands for the Health Information Technology for Economic and Clinical Health Act of 2009.
 Later, we can delve into what qualifies as a covered entity. Let’s just all agree that MD Anderson is a covered entity.
 This is a very simple overstatement, but it works for the purposes of this article.
 Let’s face it, most of these devices are lost or stolen and (1) never found or (2) thrown out as the thieves take what they really wanted . . . cold hard cash or credit cards. An old janky laptop or a random thumb drive is not at the top of the most wanted list for kleptomaniacs.
CMS levies billions of dollars in overpayments a year against healthcare providers, based on the use of extrapolation audits.
The use of extrapolation in Medicare and private payer audits has been around for quite some time now. And lest you be of the opinion that extrapolation is not appropriate for claims-based audits, there are many, many court cases that have supported its use, both specifically and in general. Arguing that extrapolation should not have been used in a given audit, unless that argument is supported by specific statistical challenges, is mostly a waste of time.
For background purposes, extrapolation, as it is used in statistics, is a “statistical technique aimed at inferring the unknown from the known. It attempts to predict future data by relying on historical data, such as estimating the size of a population a few years in the future on the basis of the current population size and its rate of growth,” according to a definition created by Eurostat, a component of the European Union. For our purposes, extrapolation is used to estimate what the actual overpayment amount might likely be for a population of claims, based on auditing a smaller sample of that population. For example, say a Uniform Program Integrity Contractor (UPIC) pulls 30 claims from a medical practice from a population of 10,000 claims. The audit finds that 10 of those claims had some type of coding error, resulting in an overpayment of $500. To extrapolate this to the entire population of claims, one might take the average overpayment, which is the $500 divided by the 30 claims ($16.67 per claim) and multiply this by the total number of claims in the population. In this case, we would multiply the $16.67 per claim by 10,000 for an extrapolated overpayment estimate of $166,667.
The big question that normally crops up around extrapolation is this: how accurate are the estimates? And the answer is (wait for it …), it depends. It depends on just how well the sample was created, meaning: was the sample size appropriate, were the units pulled properly from the population, was the sample truly random, and was it representative of the population? The last point is particularly important, because if the sample is not representative of the population (in other words, if the sample data does not look like the population data), then it is likely that the extrapolated estimate will be anything but accurate.
To account for this issue, referred to as “sample error,” statisticians will calculate something called a confidence interval (CI), which is a range within which there is some acceptable amount of error. The higher the confidence value, the larger the potential range of error. For example, in the hypothetical audit outlined above, maybe the real average for a 90-percent confidence interval is somewhere between $15 and $18, while, for a 95-percent confidence interval, the true average is somewhere between $14 and $19. And if we were to calculate for a 99-percent confidence interval, the range might be somewhere between $12 and $21. So, the greater the range, the more confident I feel about my average estimate. Some express the confidence interval as a sense of true confidence, like “I am 90 percent confident the real average is somewhere between $15 and $18,” and while this is not necessarily wrong, per se, it does not communicate the real value of the CI. I have found that the best way to define it would be more like “if I were to pull 100 random samples of 30 claims and audit all of them, 90 percent would have a true average of somewhere between $15 and $18,” meaning that the true average for some 1 out of 10 would fall outside of that range – either below the lower boundary or above the upper boundary. The main reason that auditors use this technique is to avoid challenges based on sample error.
To the crux of the issue, the Centers for Medicare & Medicaid Services (CMS) levies billions of dollars in overpayments a year against healthcare providers, based on the use of extrapolation audits. And while the use of extrapolation is well-established and well-accepted, its use in an audit is not an automatic, and depends upon the creation of a statistically valid and representative sample. Thousands of extrapolation audits are completed each year, and for many of these, the targeted provider or organization will appeal the use of extrapolation. In most cases, the appeal is focused on one or more flaws in the methodology used to create the sample and calculate the extrapolated overpayment estimate. For government audits, such as with UPICs, there is a specific appeal process, as outlined in their Medical Learning Network booklet, titled “Medicare Parts A & B Appeals Process.”
On Aug. 20, 2020, the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) released a report titled “Medicare Contractors Were Not Consistent in How They Reviewed Extrapolated Overpayments in the Provider Appeals Process.” This report opens with the following statement: “although MACs (Medicare Administrative Contractors) and QICs (Qualified Independent Contractors) generally reviewed appealed extrapolated overpayments in a manner that conforms with existing CMS requirements, CMS did not always provide sufficient guidance and oversight to ensure that these reviews were performed in a consistent manner.” These inconsistencies were associated with $42 million in extrapolated payments from fiscal years 2017 and 2018 that were overturned in favor of the provider. It’s important to note that at this point, we are only talking about appeal determinations at the first and second level, known as redetermination and reconsideration, respectively.
Redetermination is the first level of appeal, and is adjudicated by the MAC. And while the staff that review the appeals at this level are supposed to have not been involved in the initial claim determination, I believe that most would agree that this step is mostly a rubber stamp of approval for the extrapolation results. In fact, of the hundreds of post-audit extrapolation mitigation cases in which I have been the statistical expert, not a single one was ever overturned at redetermination.
The second level of appeal, reconsideration, is handled by a QIC. In theory, the QIC is supposed to independently review the administrative records, including the appeal results of redetermination. Continuing with the prior paragraph, I have to date had only several extrapolation appeals reversed at reconsideration; however, all were due to the fact that the auditor failed to provide the practice with the requisite data, and not due to any specific issues with the statistical methodology. In two of those cases, the QIC notified the auditor that if they were to get the required information to them, they would reconsider their decision. And in two other cases, the auditor appealed the decision, and it was reversed again. Only the fifth case held without objection and was adjudicated in favor of the provider.
Maybe this is a good place to note that the entire process for conducting extrapolations in government audits is covered under Chapter 8 of the Medicare Program Integrity Manual (PIM). Altogether, there are only 12 pages within the entire Manual that actually deal with the statistical methodology behind sampling and extrapolation; this is certainly not enough to provide the degree of guidance required to ensure consistency among the different government contractors that perform such audits. And this is what the OIG report is talking about.
Back to the $42 million that was overturned at either redetermination or reconsideration: the OIG report found that this was due to a “type of simulation testing that was performed only by a subset of contractors.” The report goes on to say that “CMS did not intend that the contractors use this procedure, (so) these extrapolations should not have been overturned. Conversely, if CMS intended that contractors use this procedure, it is possible that other extrapolations should have been overturned but were not.” This was quite confusing for me at first, because this “simulation” testing was not well-defined, and also because it seemed to say that if this procedure was appropriate to use, then more contractors should have used it, which would have resulted in more reversals in favor of the provider.
Interestingly, CMS seems to have written itself an out in Chapter 8, section 220.127.116.11 of the PIM, which states that “[f]ailure by a contractor to follow one or more of the requirements contained herein does not necessarily affect the validity of the statistical sampling that was conducted or the projection of the overpayment.” The use of the term “does not necessarily” leaves wide open the fact that the failure by a contractor to follow one or more of the requirements may affect the validity of the statistical sample, which will affect the validity of the extrapolated overpayment estimate.
Regarding the simulation testing, the report stated that “one MAC performed this type of simulation testing for all extrapolation reviews, and two MACs recently changed their policies to include simulation testing for sample designs that are not well-supported by the program integrity contractor. In contrast, both QICs and three MACs did not perform simulation testing and had no plans to start using it in the future.” And even though it was referenced some 20 times, with the exception of an example given as Figure 2 on page 10, the report never did describe in any detail the type of simulation testing that went on. From the example, it was evident to me that the MACs and QICs involved were using what is known as a Monte Carlo simulation. In statistics, simulation is used to assess the performance of a method, typically when there is a lack of theoretical background. With simulations, the statistician knows and controls the truth. Simulation is used advantageously in a number of situations, including providing the empirical estimation of sampling distributions. Footnote 10 in the report stated that ”reviewers used the specific simulation test referenced here to provide information about whether the lower limit for a given sampling design was likely to achieve the target confidence level.” If you are really interested in learning more about it, there is a great paper called
“The design of simulation studies in medical statistics” by Burton et al. (2006).
Its application in these types of audits is to “simulate” the audit many thousands of times to see if the mean audit results fall within the expected confidence interval range, thereby validating the audit results within what is known as the Central Limit Theorem (CLT).
Often, the sample sizes used in recoupment-type audits are too small, and this is usually due to a conflict between the sample size calculations and the distributions of the data. For example, in RAT-STATS, the statistical program maintained by the OIG, and a favorite of government auditors, sample size estimates are based on an assumption that the data are normally (or near normally) distributed. A normal distribution is defined by the mean and the standard deviation, and includes a bunch of characteristics that make sample size calculations relatively straightforward. But the truth is, because most auditors use the paid amount as the variable of interest, population data are rarely, if ever, normally distributed. Unfortunately, there is simply not enough room or time to get into the details of distributions, but suffice it to say that, because paid data are bounded on the left with zero (meaning that payments are never less than zero), paid data sets are almost always right-skewed. This means that the distribution tail continues on to the right for a very long distance.
In these types of skewed situations, sample size normally has to be much larger in order to meet the CLT requirements. So, what one can do is simulate the random sample over and over again to see whether the sampling results ever end up reporting a normal distribution – and if not, it means that the results of that sample should not be used for extrapolation. And this seems to be what the OIG was talking about in this report. Basically, they said that some but not all of the appeals entities (MACs and QICs) did this type of simulation testing, and others did not. But for those that did perform the tests, the report stated that $41.5 million of the $42 million involved in the reversals of the extrapolations were due to the use of this simulation testing. The OIG seems to be saying this: if this was an unintended consequence, meaning that there wasn’t any guidance in place authorizing this type of testing, then it should not have been done, and those extrapolations should not have been overturned. But if it should have been done, meaning that there should have been some written guidance to authorize that type of testing, then it means that there are likely many other extrapolations that should have been reversed in favor of the provider. A sticky wicket, at best.
Under the heading “Opportunity To Improve Contractor Understanding of Policy Updates,” the report also stated that “the MACs and QICs have interpreted these requirements differently. The MAC that previously used simulation testing to identify the coverage of the lower limit stated that it planned to continue to use that approach. Two MACs that previously did not perform simulation testing indicated that they would start using such testing if they had concerns about a program integrity contractor’s sample design. Two other MACs, which did not use simulation testing, did not plan to change their review procedures.” One QIC indicated that it would defer to the administrative QIC (AdQIC, the central manager for all Medicare fee-for-service claim case files appealed to the QIC) regarding any changes. But it ended this paragraph by stating that “AdQIC did not plan to change the QIC Manual in response to the updated PIM.”
With respect to this issue and this issue alone, the OIG submitted two specific recommendations, as follows:
- Provide additional guidance to MACs and QICs to ensure reasonable consistency in procedures used to review extrapolated overpayments during the first two levels of the Medicare Parts A and B appeals process; and
- Take steps to identify and resolve discrepancies in the procedures that MACs and QICs use to review extrapolations during the appeals process.
In the end, I am not encouraged that we will see any degree of consistency between and within the QIC and MAC appeals in the near future.
Basically, it would appear that the OIG, while having some oversight in the area of recommendations, doesn’t really have any teeth when it comes to enforcing change. I expect that while some reviewers may respond appropriately to the use of simulation testing, most will not, if it means a reversal of the extrapolated findings. In these cases, it is incumbent upon the provider to ensure that these issues are brought up during the Administrative Law Judge (ALJ) appeal.
Programming Note: Listen to Frank Cohen report this story live during the next edition of Monitor Mondays, 10 a.m. Eastern.
The RACs are on attack! The “COVID Pause Button” on RAC audits has been lifted. The COVID Pause Button has been lifted since August 2020. But never have I ever seen CMS spew out so many new RAC topics in one month of a new year. Happy 2021.
Recovery audit contractors (“RACs”) will soon be auditing positron emission tomography (PET) scans for initial treatment strategy in oncologic conditions for compliance with medical necessity and documentation requirements.
Positron emission tomography (“PET”) scans detect early signs of cancer, heart disease and brain disorders. An injectable radioactive tracer detects diseased cells. A combination PET-CT scan produces 3D images for a more accurate diagnosis.
According to CMS’ RAC audit topics, “(PET) for Initial Treatment Strategy in Oncologic Conditions: Medical Necessity and Documentation Requirements,” will be reviewed as of January 5, 2021. The PET scan audits will be for outpatient hospital and professional service reviews. CMS added additional 2021 audit targets to the approved list:
- Air Ambulance: Medical Necessity and Documentation Requirements,. This complex review will be examining rotatory wing (helicopter) aircraft claims to determine if air ambulance transport was reasonable and medically necessary as well as whether or not documentation requirements have been met.
- Hospice Continuous Home Care: Medical Necessity and Documentation Requirements, and
- Ambulance Transport Subject to SNF Consolidated Billing.
Upcoming HHS secretary Xavier Becerra plans to get his new tenure underway quickly.
In False Claims Act (“FCA”) news, Medicare audits of P-Stim have ramped up across the country. A Spinal Clinic in Texas agreed to pay $330,898 to settle FCA allegations for allegedly billing Medicare improperly for electro-acupuncture device neurostimulators. CMS claims that “Medicare does not reimburse for acupuncture or for acupuncture devices such as P-Stim, nor does Medicare reimburse for P-Stim as a neurostimulator or as implantation of neurostimulator electrodes.”
Finally, is your staff getting medical records to consumers requesting their records quickly enough? Right to access to health records is yet another potential risk for all providers, especially hospitals due to their size. A hospital system agreed to pay $200,000 to settle potential violations of the HIPAA Privacy Rule’s right of access standard. This is HHS Office for Civil Rights’ 14th settlement under its Right of Access Initiative. The first person alleged that she requested medical records in December 2017 and did not receive them until May 2018. In the second complaint, the person asked for an electronic copy of his records in September 2019, and they were not sent until February 2020.
Beware of slow document production as slow document production can lead to penalties. And be on the lookout for the next RAC Report.
Remember, never accept the results of a Medicare or Medicaid audit. It is always too high. Believe me, after 21 years of my legal practice, I have yet to agree with the findings if a Tentative notice of Overpayment by any governmental contracted auditor, whether it is PCG, NGS, the MACs, MCOs, or Program Integrity – in any of our 50 States. That is quite a statement about the general, quality of work of auditors. Remember Teambuilders? How did $12 million become $896.35? See blog.
1 CMS, “0200-Air Ambulance: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/35Jx1co.
2 CMS, “0201-Hospice Continuous Home Care: Medical Necessity and Documentation Requirements,” proposed RAC topic, January 5, 2021, http://go.cms.gov/3oRUyiY.
3 CMS, “0202- Ambulance Transport Subject to SNF Consolidated Billing,” proposed RAC topic, January 5, 2021, http://go.cms.gov/2LOMEbw.
Happy 2021! I bring great news and good tidings. I’m fairly sure that everyone reading is educated in what a preliminary injunction is and how important it can be for a health care provider falsely accused of credible allegations of fraud to lift the mandatory suspension of reimbursements. Finally, over the holidays, a Judge found that an indication of intent is required for an accusation of credible allegations of fraud, unlike past cases in which a mere accusation results in suspensions. 42 CFR §455.23 mandates that a health care provider’s reimbursements be suspended based on “credible allegations of fraud.” Which is a low bar. My client, an oral surgeon, had a disgruntled employee complaint and a baseless PCG audit of $6k. A double threat.
For those who are not in the know: An injunction is an extraordinary legal tool that allows the judge to suspend whatever bad action the government or one of its auditors do.
You have to prove:
- Likelihood of success on the merits
- Irreparable harm
- Balance of equities
- Public Interest.
I would guestimate that only 10-20% of requests for TROs and PIs are granted. Last week, we won for the oral surgeon. Everyone can learn from his success. This is how we won. Let me set the stage. We have an oral surgeon who underwent an infamous PCG audit resulting in an alleged $6k overpayment. PCG concurrently sends his data to program integrity, and one month later and without any notice, his reimbursements are suspended based on a “credible allegation of fraud.” Concurrently, he had a disgruntled employee threatening him.
Remember that the bar to demonstrate “credible allegation of fraud” is amazingly low. It is an “indicia of reliability.” An inaccurate PCG audit and a disgruntled employee, in this case, were the catalyst for the oral surgeon’s Medicaid reimbursements. His practice comprised of 80% Medicaid, so the suspension would cause irreparable harm to the practice.
We filed a TRO, PI, and Motion to Stay. The day before Christmas, we had trial.
The Judge ruled that the Department cannot just blindly rely on an anonymous accusation. There has to be some sort of investigation. It is not OK to accept accusations at face value without any sort of independent fact-checking. The Judge created an additional burden for the Department in cases of accusations of fraud that is not present in the regulation. But it is logical and reasonable to expect the Department to explore the accusations. The Judge emphasized that fraud requires intent. He also pointed out that fraud is not defined in the regulations. He emphasized that billing errors are not intentional acts.
The Judge held that, “[i]n light of the large number of Medicaid beneficiaries treated by the Petitioner’s practice, the rarity of the physician’s skills, and the apparent demand for those services, the relatively small amount of money now or formally in controversy, the lack of evidence of actual fraud and the contrary indications, the high probability that good cause exists for not suspending Petitioner’s Medicaid payments, and the near certainty of irreparable harm to the Petitioner if the relief is not granted, a TRO should be granted.”
Even better, the Judge ordered that the surgeon did not have to put up a bond, which is normally required by law. By the stroke of the Judge’s pen, the surgeon could go back to work performing medically necessary services to Medicaid recipients, which, by the way is rare for an oral surgeon to accept Medicaid. This is a success for health care providers. Accusations of fraud should require independent corroboration and evidence of intent.
For healthcare providers looking to avoid any of the traps stemming from PRF (Provider Relief Funds) compliance, RACmonitor is inviting you to sign up for Knicole Emanuel’s upcoming webcast on January 21st, 2021. It is titled: COVID-19 Provider Relief Funds: How to Avoid Audits. You can visit RACmonitor download the order form for the webcast to save yourself a spot.
If your facility accepted Provider Relief Funds (PRFs) as a consequence of the coronavirus pandemic, you need to be aware of the myriad of rules and regulations that are associated with this funding or else face penalties and takebacks. A word of caution: expect to be audited. In Medicare and Medicaid, regulatory audits are as certain as death and taxes. That is why your facility needs to arm itself with the knowledge of how to address documentation requests from the government, especially while the Public Health Emergency (PHE) is in effect.
This exclusive RACmonitor webcast, led by healthcare attorney Knicole Emanuel, discusses the PRF rules that providers must follow and how to prove that funds were appropriately used. There are strict regulations dictating why, how, and how much PRFs can be spent due to the catastrophic, financial impact of COVID-19. Register now to learn how to avoid penalties and takebacks related to PRFs.
- Rules and regulations relative to receiving and spending funds provided by the COVID-19 PRF
- Exceptions to COVID-19 PRF and relevant effective dates
- PRF documentation and reporting requirements
- The importance of the legal dates of PHE
- How to prove your facility’s use of funds is germane to COVID-19
Who Should Attend:
- RAC and appeals specialists
- RAC coordinators
- Compliance officers
- Directors and managers
About Knicole C. Emanuel, Esq.
Healthcare industry expert and Practus partner, Knicole Emanuel, is a regular contributor to the healthcare industry podcast, Monitor Mondays, by RACmonitor. For more than 20 years, Knicole Emanuel has maintained a health care litigation practice, concentrating on Medicare and Medicaid litigation, health care regulatory compliance, administrative law and regulatory law. Knicole has tried over 2,000 administrative cases in over 30 states and has appeared before multiple states’ medical boards.
She has successfully obtained federal injunctions in numerous states. This allowed health care providers to remain in business despite the state or federal laws allegations of health care fraud, abhorrent billings, and data mining. A wealth of knowledge in her industry, Knicole frequently lectures across the country on health care law. This includes the impact of the Affordable Care Act and regulatory compliance for providers, including physicians, home health and hospice, dentists, chiropractors, hospitals and durable medical equipment providers.