Here is an article that I wrote that was first published on RACMonitor on March 15, 2018:
All audits are questionable, contends the author, so appeal all audit results.
Providers ask me all the time – how will you legally prove that an alleged overpayment is erroneous? When I explain some examples of mistakes that Recovery Audit Contractors (RACs) and other health care auditors make, they ask, how do these auditors get it so wrong?
First, let’s debunk the notion that the government is always right. In my experience, the government is rarely right. Auditors are not always healthcare providers. Some have gone to college. Many have not. I googled the education criteria for a clinical compliance reviewer. The job application requires the clinical reviewer to “understand Medicare and Medicaid regulations,” but the education requirement was to have an RN. Another company required a college degree…in anything.
Let’s go over the most common mistakes auditors make that I have seen. I call them “oops, I did it again.” And I am not a fan of reruns.
- Using the Wrong Clinical Coverage Policy/Manual/Regulation
Before an on-site visit, auditors are given a checklist, which, theoretically, is based on the pertinent rules and regulations germane to the type of healthcare service being audited. The checklists are written by a government employee who most likely is not an attorney. There is no formal mechanism in place to compare the Medicare policies, rules, and manuals to the checklist. If the checklist is erroneous, then the audit results are erroneous. The Centers for Medicare & Medicaid Services (CMS) frequently revises final rules, changing requirements for certain healthcare services. State agencies amend small technicalities in the Medicaid policies constantly. These audit checklists are not updated every time CMS issues a new final rule or a state agency revises a clinical coverage policy.
For example, for hospital-based services, there is a different reimbursement rate depending on whether the patient is an inpatient or outpatient. Over the last few years there have been many modifications to the benchmarks for inpatient services. Another example is in behavioral outpatient therapy; while many states allow 32 unmanaged visits, others have decreased the number of unmanaged visits to 16, or, in some places, eight. Over and over, I have seen auditors apply the wrong policy or regulation. They apply the Medicare Manual from 2018 for dates of service performed in 2016, for example. In many cases, the more recent policies are more stringent that those of two or three years ago.
- A Flawed Sample Equals a Flawed Extrapolation
The second common blunder auditors often make is producing a flawed sample. Two common mishaps in creating a sample are: a) including non-government paid claims in the sample and b) failing to pick the sample randomly. Both common mistakes can render a sample invalid, and therefore, the extrapolation invalid. Auditors try to throw out their metaphoric fishing nets wide in order to collect multiple types of services. The auditors accidentally include dates of service of claims that were paid by third-party payors instead of Medicare/Medicaid. You’ve heard of the “fruit of the poisonous tree?” This makes the audit the fruit of the poisonous audit. The same argument goes for samples that are not random, as required by the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG). A nonrandom sample is not acceptable and would also render any extrapolation invalid.
- A Simple Misunderstanding
A third common blooper found with RAC auditors is simple misunderstandings based on lack of communication between the auditor and provider. Say an auditor asks for a chart for date of service X. The provider gives the auditor the chart for date of service X, but what the auditor is really looking for is the physician’s order or prescription that was dated the day prior. The provider did not give the auditor the pertinent document because the auditor did not request it. These issues cause complications later, because inevitably, the auditor will argue that if the provider had the document all along, then why was the document not presented? Sometimes inaccurate accusations of fraud and fabrication are averred.
- The Erroneous Extrapolation
Auditors use a computer program called RAT-STATS to extrapolate the sample error rate across a universe of claims. There are so many variables that can render an extrapolation invalid. Auditors can have too low a confidence level. The OIG requires a 90 percent confidence level at 25 percent precision for the “point estimate.” The size and validity of the sample matters to the validity of the extrapolation. The RAT-STATS outcome must be reviewed by a statistician or a person with equal expertise. An appropriate statistical formula for variable sampling must be used. Any deviations from these directives and other mandates render the extrapolation invalid. (This is not an exhaustive list of requirements for extrapolations).
- That Darn Purple Ink!
A fifth reason that auditors get it wrong is because of nitpicky, nonsensical reasons such as using purple ink instead of blue. Yes, this actually happened to one of my clients. Or if the amount of time with the patient is not denoted on the medical record, but the duration is either not relevant or the duration is defined in the CPT code. Electronic signatures, when printed, sometimes are left off – but the document was signed. A date on the service note is transposed. Because there is little communication between the auditor and the provider, mistakes happen.
The moral of the story — appeal all audit results.
Premature Recoupment of Medicare or Medicaid Funds Can Feel Like Getting Mauled by Dodgeballs: But Is It Constitutional?
State and federal governments contract with many private vendors to manage Medicare and Medicaid. And regulatory audits are fair game for all these contracted vendors and, even more – the government also contracts with private companies that are specifically hired to audit health care providers. Not even counting the contracted vendors that manage Medicaid or Medicare (the companies to which you bill and get paid), we have Recovery Act Contractors (RAC), Zone Program Integrity Contractors (ZPICs), Medicare Administrative Contractors (MACs), and Comprehensive Error Rate Testing (CERT) auditors. See blog for explanation. ZPICs, RACs, and MACs conduct pre-payment audits. ZPICs, RACs, MACs, and CERTs conduct post-payment audits.
It can seem that audits can hit you from every side.
“Remember the 5 D’s of dodgeball: Dodge, duck, dip, dive and dodge.”
Remember the 5 A’s of audits: Appeal, argue, apply, attest, and appeal.”
Medicare providers can contest payment denials (whether pre-payment or post-payment) through a five-level appeal process. See blog.
On the other hand, Medicaid provider appeals vary depending on which state law applies. For example, in NC, the general process is an informal reconsideration review (which has .008% because, essentially you are appealing to the very entity that decided you owed an overpayment), then you file a Petition for Contested Case at the Office of Administrative Hearings (OAH). Your likelihood of success greatly increases at the OAH level because these hearings are conducted by an impartial judge. Unlike in New Mexico, where the administrative law judges are hired by Human Services Department, which is the agency that decided you owe an overpayment. In NM, your chance of success increases greatly on judicial review.
In Tx, providers may use three methods to appeal Medicaid fee-for-service and carve-out service claims to Texas Medicaid & Healthcare Partnership (TMHP): electronic, Automated Inquiry System (AIS), or paper within 120 days.
In Il, you have 60-days to identify the total amount of all undisputed and disputed audit
overpayment. You must report, explain and repay any overpayment, pursuant to 42 U.S.C.A. Section 1320a-7k(d) and Illinois Public Aid Code 305 ILCS 5/12-4.25(L). The OIG will forward the appeal request pertaining to all disputed audit overpayments to the Office of Counsel to the Inspector General for resolution. The provider will have the opportunity to appeal the Final Audit Determination, pursuant to the hearing process established by 89 Illinois Adm. Code, Sections 104 and 140.1 et. seq.
You get the point.”Nobody makes me bleed my own blood. Nobody!” – White Goodman
Recoupment During Appeals
Regardless whether you are appealing a Medicare or Medicaid alleged overpayment, the appeals process takes time. Years in some circumstances. While the time gently passes during the appeal process, can the government or one of its minions recoup funds while your appeal is pending?
The answer is: It depends.
Before I explain, I hear my soapbox calling, so I will jump right on it. It is my legal opinion (and I am usually right) that recoupment prior to the appeal process is complete is a violation of due process. People are always shocked how many laws and regulations, both on the federal and state level, are unconstitutional. People think, well, that’s the law…it must be legal. Incorrect. Because something is allowed or not allowed by law does not mean the law is constitutional. If Congress passed a law that made it illegal to travel between states via car, that would be unconstitutional. In instances that the government is allowed to recoup Medicaid/care prior to the appeal is complete, in my (educated) opinion. However, until a provider will fund a lawsuit to strike these allowances, the rules are what they are. Soapbox – off.
Going back to whether recoupment may occur before your appeal is complete…
For Medicare audit appeals, there can be no recoupment at levels one and two. After level two, however, the dodgeballs can fly, according to the regulations. Remember, the time between levels two and three can be 3 – 5 years, maybe longer. See blog. There are legal options for a Medicare provider to stop recoupments during the 3rd through 5th levels of appeal and many are successful. But according to the black letter of the law, Medicare reimbursements can be recouped during the appeal process.
Medicaid recoupment prior to the appeal process varies depending on the state. Recoupment is not allowed in NC while the appeal process is ongoing. Even if you reside in a state that allows recoupment while the appeal process is ongoing – that does not mean that the recoupment is legal and constitutional. You do have legal rights! You do not need to be the last kid in the middle of a dodgeball game.
Don’t be this guy:
Low reimbursement rates make accepting Medicaid seem like drinking castor oil. You wrinkle your nose and swallow quickly to avoid tasting it. But if you are a provider that does accept Medicaid and you wish to stop accepting Medicaid – read this blog and checklist (below) before taking any action! Personally, if you do accept Medicaid, I say, “Thank you.” See blog. With more and more Medicaid recipients, the demand for providers who accept Medicaid has catapulted.
The United States has become a Medicaid nation. Medicaid is the nation’s largest health insurance program, covering 74 million, or more than 1 in 5 Americans.
Earlier this year, Kaiser published a report stating that 70% of office-based providers accept new patients covered by Medicaid. But this report does not mean that Medicaid recipients have access to quality health care. I will explain below.
The variation in the above chart is interesting. Reimbursement rates directly impact whether providers in the state accept Medicaid. The participation goes from a low of 38.7% in New Jersey (where primary care reimbursement rates are 48% of Medicare rates) to a high of 96.5% in Nebraska (where the primary care reimbursement is 75% of Medicare). Montana, with a 90% physician participation rate, pays the same rate as Medicare for primary care, while California, with a 54.2% participation rate, pays 42% of the Medicare reimbursement rate. We should all strive to be like Nebraska and Montana … granted the number of Medicaid recipients are fewer in those states. For September 2017, Nebraska ranked 45th out of the 50 states for Medicaid enrollment. Montana ranked 42nd. Wyoming came in dead last.
Statistically writing, Medicaid covers:
- 39% of all children.
- Nearly half of all births in the country.
- 60% of nursing home and other long-term care expenses.
- More than 1/4 of all spending on mental health services and over a fifth of all spending on substance abuse treatment.
However, even if the report is correct and 70% of health care providers do accept Medicaid, that is not indicative of quality access of care for Medicaid recipients. The number of Medicaid recipients is skyrocketing at a rate that cannot be covered by the number of providers who accept Medicaid. Kaiser estimates that by 2020, more than 25% (1 out of 4) of Americans will be dependent on Medicaid. Because of the low reimbursement rates, health care providers who do accept Medicaid are forced to increase the quantity of patients, which, logically, could decrease the quality … or the amount of time spent with each patient. Citing the percentage of providers who accept Medicaid, in this instance, 70%, is not indicative of quality of access of care; the ratio of Medicaid recipients to providers who accept Medicaid would be more germane to quality of access to care for Medicaid recipients. Even if 70% of health care providers accept Medicaid, but we have 74 million Medicaid recipients, then 70% is not enough. My opinion is what it is because based on years of experience with this blog and people reaching out to me. I have people contact me via this blog or email explaining that their mother, father, child, sister, or brother, has Medicaid and cannot find a provider for – dental, mental health, developmentally disabled services. So, maybe, just maybe, 70% is not good enough.
Before dropping Medicaid like a hot potato, ask yourself the following questions:
Will I have enough patients without Medicaid to keep my staff and I busy?
Location! Location! Location! Your location matters. If you provide health care services in areas that are predominantly Medicaid-populated, then you may need to reconsider dropping the ‘Caid. California, New York, and Texas were the top spenders in Medicaid for fiscal year 2016, totaling over a whopping $183 billion of America’s total expenditure on ‘Caid, which was $553 billion.
I am sure that I am preaching to the choir, but choosing to not accept Medicaid is not fiscally sound if you and your staff will be twiddling their thumbs all day. Even low reimbursement rates are better than no reimbursement rates. On the downside, if you choose to accept Medicaid, you need a “rainy-day” fund to pay for attorneys to defend any regulatory audits, termination of Medicaid contracts, accusations of fraud, prepayment review, and/or other adverse determinations by the state (and, if you accept Medicare, the federal government and all its vendors).
2. Have I attested for the Medicaid EHR meaningful use incentives?
If you attested and accepted the EHR incentive payments, you may need to continue seeing Medicaid patients in order to keep/maintain your EHR payments. (Please consult an attorney).
3. Will I still be subject to Medicaid audits in the future?
If avoiding Medicaid audits is your primary reason for dropping ‘Caid, ‘ho your horses. Refusing to accept ‘Caid going forward does not indemnify you from getting future audits. In fact, in cases of credible allegations of fraud, you may be subject to future Medicaid audits for another 6 years after you no longer accept Medicaid. You will also need to continue to maintain all your records for regulatory compliance. If you cease accepting Medicaid, those recipients will need to find new providers. Those medical records are the Medicaid recipients’ property and need to be forwarded to the new provider.
If you are currently under investigation for credible allegations of fraud, of which you may or may not be aware, then suddenly stop accepting Medicaid, it could be a red flag to an investigator. Not that ceasing to accept Medicaid is evidence of wrongdoing, but sometimes sudden change, regardless of the change, can spur curiosity in auditors. For example, in NC DHHS v. Parker Home Care, the Court of Appeals ruled that a tentative notice of overpayment by Public Consulting Group (PCG) does not constitute a final agency decision. The managed care organizations (MCOs) freaked out because the MCOs were frightened that a health care provider could argue, in Court, that Parker Home Care applies to MCOs, as well. They were so freaked out that they filed an Amicus Curiae Brief, which is a Brief on behalf of a person or organization that is not a party to a particular litigation but that is permitted by the court to advise it in respect to some matter of law that directly affects the case in question. The MCOs’ Brief states, “The Court of Appeals’ decision, if allowed to stand, could be construed to undermine the authority explicitly granted to managed care organizations, such as the LME/MCOs in North Carolina, by CMS.” Too bad our Waiver specifically states that DHS/DMA to CMS states, “[DMA] retains final decision-making authority on all waiver policies and requirements.” But I digress. In Parker Home Care, the MCOs filed the Brief to preserve their self-instilled authority over their catchments areas. However, despite the MCOs request that the NC Supreme Court take the issue under consideration, the Supreme Court denied certiorari, which means the Supreme Court refused to entertain the issue. While it is not “law” or “precedent” or “written in stone,” generally, attorneys argue that the Supreme Court’s refusal to entertain an issue means that it does not deem the issue to be a controversy … that the Court agrees with the lower court’s decision. Hence, the argument that the MCOs cannot render final agency decisions.
4. Will I be able to sleep at night?
Health care providers become health care providers, generally, with the intent to help people. This makes most health care providers nurturing people. You have to ask yourself whether you will be comfortable, ethically, with your decision to not accept Medicaid. I cannot tell you how many of my clients tell me, at some point, “I’m just not going to accept Medicaid anymore.” And, then continue to accept Medicaid … because they are good people. It infuriates me when I am in court arguing that terminating a provider’s Medicaid contract will put the provider out of business, and the attorney from the State makes a comment like, “It was the provider’s business decision to depend this heavily on Medicaid.” No, actually, many providers do feel an ethical duty to serve the Medicaid population.
Check your health care community and determine whether other providers with your specialty accept Medicaid. Are they accepting new Medicaid patients? Are they viable options for your patients? Are they as good as you are? Just like attorneys, there are good and bad; experienced and inexperienced; intelligent and not-so-much; capable and not-so-much.
5. Can I delegate Medicaid recipients to a mid-level practitioner?
Physician assistants and nurse practitioners are wonderful assets to have to devote to Medicaid recipients. This is not to say that Medicaid recipients deserve lesser-educated services because, quite frankly, some PAs and NPs are just as good as the MDs. But you get my point. If PAs and NPs have a lower billable rate, then it makes business financial sense to delegate the Medicaid recipients to them. Similarly, I have an amazing, qualified paralegal, Todd Yoho. He has background in medical coding, went to two years of law school, and is smarter than many attorneys. I am blessed to have him. But the reality is that his billable rate is lower than mine. I try to use his services whenever possible to try to keep the attorneys’ fees lower. Same with mid-level practitioner versus using the MD.
6. Instead of eliminating Medicaid patients, can I just decrease my Medicaid patients?
This could be a compromise with yourself and your business. Having the right balance between Medicaid recipients and private pay, or even Medicare patients, can be key in increasing income and maintaining quality of care. Caveat: In most states, you are allowed to cap your Medicaid recipients. However, there are guidelines that you muts follow. Even Medicaid HMOs or MCOs could have different requirements for caps on Medicaid recipients. Again, seek legal advice.
Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).
Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.
Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?
These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.
Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.
Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive. Pick one and read.
You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.
Other targeted providers types coming up:
- Security of Certified Electronic Health Record Technology Under Meaningful Use
- States’ Collection of Rebates on Physician-Administered Drugs
- States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
- Adult Day Health Care Services
- Oversight of States’ Medicaid Information Systems Security Controls
- States’ MCO Medicaid Drug Claims
- Incorrect Medical Assistance Days Claimed by Hospitals
- Selected Inpatient and Outpatient Billing Requirements
And the list goes on and on…
Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs…
Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!
The Center for Medicare and Medicaid Services (CMS) announced the expansion of Targeted Probe and Educate (TPE) audits. At first glance, this appears to be fantastic news coming on the heels of so much craziness at Health and Human Services (HHS). We have former-HHS Secretary Price flying our tax dollars all over. Dr. Don Wright stepping up as our new Secretary. The Medicare appeal backlog fiasco. The repeal and replace Obamacare bomb. Amidst all this tomfoolery, health care providers are still serving Medicare and Medicaid patients, reimbursement rates are in the toilet, which drives down quality and incentivizes providers to not accept Medicare or Medicaid (especially Caid), and providers are undergoing “Audit Alphabet Soup.” I actually had a client tell me that he receives audit letters requesting documents and money every single week from a plethora of different organizations.
So when CMS announced that it was broadening its TPE audits, it was a sigh of relief for many providers. But will TPE audits be the benign beasts they are purporting to be?
What is a TPE audit? (And – Can We Have Anymore Acronyms…PLEASE!)
CMS says that TPE audits are benevolent. CMS’ rhetoric indicates that these audits should not cause the toner to run out from overuse. CMS states that TPE audits will involve “the review of 20-40 claims per provider, per item or service, per round, for a total of up to three rounds of review.” See CMS Announcement. The idea behind the TPE audits (supposedly) is education, not recoupments. CMS states that “After each round, providers are offered individualized education based on the results of their reviews. This program began as a pilot in one MAC jurisdiction in June 2016 and was expanded to three additional MAC jurisdictions in July 2017. As a result of the successes demonstrated during the pilot, including an increase in the acceptance of provider education as well as a decrease in appealed claims decisions, CMS has decided to expand to all MAC jurisdictions later in 2017.” – And “later in 2017” has arrived. These TPE audits are currently being conducted nationwide.
Below is CMS’ vision for a TPE audit:
Clear? As mud?
The chart does not indicate how long the provider will have to submit records or how quickly the TPE auditors will review the documents for compliance. But it appears to me that getting through Round 3 could take a year (this is a guess based on allowing the provider 30 days to gather the records and allowing the TPE auditor 30 days to review).
Although the audit is purportedly benign and less burdensome, a TPE audit could take a whole year or more. Whether the audit reviews one claim or 20, having to undergo an audit of any size for a year is burdensome on a provider. In fact, I have seen many companies having to hire staff dedicated to responding to audits. And here is the problem with that – there aren’t many people who understand Medicare/caid medical billing. Providers beware – if you rely on an independent biller or an electronic medical records program, they better be accurate. Otherwise the buck stops with your NPI number.
Going back to CMS’ chart (above), notice where all the “yeses” go. As in, if the provider is found compliant , during any round, all the yeses point to “Discontinue for at least 12 months.” I am sure that CMS thought it was doing providers a favor, but what that tells me is the TPE audit will return after 12 months! If the provider is found compliant, the audit is not concluded. In fact, according to the chart, the only end results are (1) a referral to CMS for possible further action; or (2) continued TPE audits after 12 months. “Further action” could include 100% prepayment review, extrapolation, referral to a Recovery Auditor, or other action. Where is the outcome that the provider receives an A+ and is left alone??
CMS states that “Providers/suppliers may be removed from the review process after any of the three rounds of probe review, if they demonstrate low error rates or sufficient improvement in error rates, as determined by CMS.”
I just feel as though that word “may” should be “will.” It’s amazing how one word could change the entire process.
What if you had to appeal traffic citations through the police officer who pulled you over before you could defend yourself before an impartial judge? That would be silly and a waste of time. I could not fathom a time in which the officer would overturn his/her own decision.
“No, officer, I know you claim that I was speeding, but the speed limit on Hwy 1 had just increased to 65. You were wrong when you said the speed limit was 55.”
“Good catch, citizen. You’re right; I’m wrong. Let’s just rip up this speeding ticket.”
Not going to happen.
The same is true when it comes to decisions by the Department of Health and Human Service (DHHS) to sanction or penalize a Medicaid provider based on alleged provider abuse (otherwise known as documentation errors). If DHHS determines that you owe $800,000 because your service notes are noncompliant, I am willing to bet that, upon its own reconsideration, the decision will be upheld. Asking for reconsideration review from the very same entity that decided the sanction or penalty is akin to doing something over and over and expecting different results (definition of insanity?).
But – are informal reconsideration reviews required by law to fight an adverse decision before you may appear before an administrative law judge?
The reason that you should care whether the reconsideration reviews are required by law is because the process is time consuming, and, often, the adverse determination is in effect during the process. If you hire an attorney, it is an expensive process, but one that you will not (likely) win. Generally, I am adverse to spending time and money on something that will yield nothing.
Before delving into whether reconsideration reviews are required by law, here is my caveat: This issue has not been decided by our courts. In fact, our administrative court has rendered conflicting decisions. I believe that my interpretation of the laws is correct (obviously), but until the issue is resolved legally, cover your donkey (CYA), listen to your attorney, and act conservatively.
Different laws relate to whether the adverse decision is rendered by the DHHS or whether the adverse decision is rendered by a managed care organization (MCO). Thus, I will divide this blog into two sections: (1) reconsiderations to DHHS; and (2) reconsiderations to an MCO.
Appealing DHHS Adverse Determinations
When you receive an adverse decision from DHHS, you will know that it is from DHHS because it will be on DHHS letterhead (master of the obvious).
10A NCAC 22F .0402 states that “(a) Upon notification of a tentative decision the provider will be offered, in writing, by certified mail, the opportunity for a reconsideration of the tentative decision and the reasons therefor. (b) The provider will be instructed to submit to the Division in writing his request for a Reconsideration Review within fifteen working days from the date of receipt of the notice. Failure to request a Reconsideration Review in the specified time shall result in the implementation of the tentative decision as the Division’s final decision.”
As seen above, our administrative code recommends that a Medicaid provider undergo the informal reconsideration review process through DHHS to defend a sanction or penalty before presenting before an impartial judge at the Office of Administrative Hearings (OAH). I will tell you, having gone through hundreds upon hundreds of reconsideration reviews, DHHS does not overturn itself. The Hearing Officers know who pay their salaries (DHHS). The reconsideration review ends up being a waste of time and money for the provider, who must jump through the “reconsideration review hoop” prior to filing a petition for contested case.
Historically, attorneys recommend that provider undergo the reconsideration review for fear that an Administrative Law Judge (ALJ) at OAH would dismiss the case based on failure to exhaust administrative remedies. But upon a plain reading of 10A NCAC 22F .0402, is it really required? Look at the language again. “Will be offered” and “the opportunity for.” And what is the penalty for not requesting a reconsideration review? That the tentative decision becomes final – so you can petition to OAH the final decision.
My interpretation of 10A NCAC 22F .0402 is that the informal reconsideration review is an option, not a requirement.
Now, N.C. Gen. Stat. 150B-22 states that “[i]t is the policy of this State that any dispute between an agency and another person that involves the person’s rights, duties, or privileges, including licensing or the levy of a monetary penalty, should be settled through informal procedures. In trying to reach a settlement through informal procedures, the agency may not conduct a proceeding at which sworn testimony is taken and witnesses may be cross-examined. If the agency and the other person do not agree to a resolution of the dispute through informal procedures, either the agency or the person may commence an administrative proceeding to determine the person’s rights, duties, or privileges, at which time the dispute becomes a “contested case.””
It is clear that our State’s policy is that a person who has a grievance against an agency; i.e., DHHS, attempts informal resolution prior to filing an appeal at OAH. Notice that N.C. Gen. Stat. 150B-22 is applicable to any dispute between “an agency and another person.” “Agency” is defined as “an agency or an officer in the executive branch of the government of this State and includes the Council of State, the Governor’s Office, a board, a commission, a department, a division, a council, and any other unit of government in the executive branch. A local unit of government is not an agency.”
Clearly, DHHS is an “agency,” as defined. But an MCO is not a department; or a board; or a commission; or a division; or a unit of government in the executive branch; or a council. Since the policy of exhausting administrative remedies applies to DHHS, are you required to undergo an MCO’s reconsideration review process?
Appealing an MCO Adverse Determination
When you receive an adverse decision from an MCO, you will know that it is from an MCO because it will be on the MCO’s letterhead (master of the obvious).
There is a reason that I am emphasizing the letterhead. It is because DHHS contracts with a number of vendors. For example, DHHS contracts with Public Consulting Group (PCG), The Carolina Center for Medical Excellence (CCME), HMS, Liberty, etc. You could get a letter from any one of DHHS’ contracted entities – a letter on their letterhead. For example, you could receive a Tentative Notice of Overpayment on PCG letterhead. In that case, PCG is acting on behalf of DHHS. So the informal reconsideration rules would be the same. For MCOs, on the other hand, we obtained a Waiver from the Center for Medicare and Medicaid Services (CMS) to “waive” certain rules and to create the MCOs. Different regulations apply to MCOs than DHHS. In fact, there is an argument that N.C. Gen. Stat. 150B-22 does not apply to the MCOs because the MCOs are not an “agency.” Confusing, right? I call that job security.
Are you required to undergo the MCO’s internal reconsideration review process prior to filing a petition for contested case at OAH?
Your contract with the MCO certainly states that you must appeal through the MCO’s internal process. The MCO contracts with providers have language in them like this:
Dispute Resolution and Appeals: “The CONTRACTOR may file a complaint and/or appeals as outlined in the LME/PIHP Provider Manual promulgated by LME/PIHP pursuant to N.C. Gen. Stat. 122C-151.3 and as provided by N.C. Gen. Stat. Chapter 108C.”
I find numerous, fatal flaws in the above section. Whoever drafted this section of the contract evidently had never read N.C. Gen. Stat. 122C-151.3, which plainly states in subsection (b) “This section does not apply to LME/MCOs.” Also, the LME/PIHP does not have the legal authority to promulgate – that is a rule-making procedure for State agencies, such as DHHS. The third fatal flaw in the above section is that the LME/MCO Provider Manual is not promulgated and certainly was not promulgated not pursuant to N.C. Gen. Stat. 122C-151.3, does not apply to LME/MCOs.
Just because it is written, does not make it right.
If N.C. Gen. Stat. 150B-22 does not apply to MCOs, because MCOs are not an agency, then the State policy of attempting to resolve disputes through informal methods before going to OAH does not apply.
There is no other statute or rule that requires a provider to exhaust an MCO’s internal review process prior to filing a petition for contested case.
What does that mean IN ENGLISH??
What it means is that the MCOs contract and provider manual that create an informal one or two-step reconsideration process is not required by law or rule. You do not have to waste your time and money arguing to the MCO that it should overturn its own decision, even though the reconsideration review process may be outlined in the provider manual or your procurement contract.
OAH has agreed…and disagreed.
In Person-Centered Partnerships, Inc. v. NC DHHS and MeckLINK, No. 13 DHR 18655, the court found that “[n]either the contractual provisions in Article II, Section 5.b of the Medicaid Contract nor MeckLINK’s “Procedures for implementation of policy # P0-09 Local Reconsideration Policy” states that reconsideration review is mandatory and a prerequisite to filing a contested case.”
In another case, OAH has held that, “[c]ontract provisions cannot override or negate the protections provided under North Carolina law, specifically the appeal rights set forth in N.C. Gen. Stat. Chapter 108C. Giesel, Corbin on Contracts § 88.7, at 595 (2011) (When the law confers upon an individual a right, privilege, or defense, the assumption is that the right, privilege or defense is conferred because it is in the public interest. Thus, in many cases, it is contrary to the public interest to permit the holder of the right, privilege, or defense to waive or to bargain it away. In these situations, the attempted waiver or bargain is unenforceable.”)” Essential Supportive Services, LLC v. DHHS and its Agent Alliance Behavioral Healthcare, No. 13 DHR 20386 (NCOAH) (quoting Yelverton’s Enrichment Services, Inc., v. PBH, as legally authorized contractor of and agent for N.C. Department of Health and Human Services, 13-CVS-11337, (7 March 2014)).
However, most recently, OAH ruled in the opposite way. A provider was terminated from an MCO’s catchment area, and we immediately filed a preliminary injunction to cease the termination. As you can see from the above-mentioned cases, OAH had not considered the reconsideration review mandatory. But, this time, the Judge found that the “contractual provision in [the MCO’s] contract with Petitioner, which provides for a local reconsideration review, is a valid and binding provision within the contract.”
So, again, the law is as clear as two and two adding up to five.
For now, when you are disputing an adverse determination by an MCO requesting a reconsideration review before going to OAH is a good CYA.
Going back to the traffic example at the beginning of the blog, my husband was pulled for speeding a few weeks ago. I was surprised because, generally, he does not speed. He is a usually conscientious and careful driver. When the officer came to his window, he was genuinely confused as to the reason for the stop. In his mind, he was driving 73 mph, only 3 miles over the speed limit. In fact, he had the car on cruise control. Turns out he confused the sign for HWY 70, as a speed limit sign. The speed limit was actually 55 mph.
We did not appeal the decision.
Electronic health records or EHR have metamorphosed health care. Choosing a vendor can be daunting and the prices fluctuate greatly. As a provider, you probably determine your EHR platform on which vendor’s program creates the best service notes… or which creates the most foolproof way of tracking time… or which program is the cheapest.
But…what’s in YOUR contract can be legally deadly.
Regardless how you choose your EHR vendor, you need to keep the following legal issues in mind when it comes to EHR and the law:
Regulatory and Clinical Coverage Policy Compliance
Most likely, your EHR vendor does not have a legal degree. Yet, you are buying a product and assuming that the EHR program complies with applicable regulations, rules, and clinical coverage policies – whichever are applicable to your type of service. Well, guess what? These regulations, rules, and clinical coverage policies are not stagnant. They are amended, revised, and re-written more than my chickens lay eggs, but a little less often, because my chickens lay eggs every day.
Think about it – The Division of Medical Assistance (DMA) publishes a monthly Medicaid Bulletin. Every month DMA provides more insight, more explanations, more rules that providers will be held accountable to follow.
Does your EHR program update every month?
You need to review your contract and determine whether the vendor is responsible for regulatory compliance or whether you are. If you are, should you put so much faith in the EHR program?
You are required to maintain your records (depending on your type of service) anywhere from 5-10 years. Let’s say that you sign a four year contract with EHR Vendor X. The four years expires, and you hire a new EHR vendor. You are audited. But Vendor X does not allow you access to the records because you no longer have a contract with them – not their problem!
You need to ensure that your EHR contract allows you access to your documents (because they are your documents) even in the event of the contract expiring or getting terminated. The excuse that “I don’t have access to that” does not equal a legal defense.
This is otherwise known as the “Blame Game.” If there is a problem with regulatory compliance, as in, the EHR records do not follow the regulations, then you need to know whether the EHR vendor will take responsibility and pay, or help pay, for attorneys’ fees to defend yourself.
Like it or not, the EHR vendor does not undergo audits by the state and federal government. The EHR vendor does not undergo post and pre-payment reviews for regulatory compliance. You do. It is your NPI number that is held accountable for regulatory compliance.
You need to check whether there is an indemnification clause in the EHR contract. In other words, if you are accused of an overpayment because of a mistake on the part of the vendor, will the vendor cover your defense? My guess is that there is no indemnification clause.
HIPAA laws require that you minimize the access to private health information (PHI) and prevent dissemination. With hard copies, this was easy. You could just lock up the documents. With EHR, it becomes trickier. Obviously, you have access to the PHI as the provider. But who can access your EHR on the vendor-side? Assuming that the vendor has an IT team in case of computer issues, you have to consider to what exactly does that team have access.
I recently attended a legal continuing education class on data breach and HIPAA compliance for health care. One of the speakers was a Special Agent with the FBI. This gentleman prosecutes data breaches for a living. He said that hackers will pay over $500 per private medical document. Health care companies experienced a 72% increase in cyberattacks between 2013 and 2014. Stolen health care information is 10 times more valuable than your credit card information.
Obviously, I am exaggerating here. I do not believe that The Walking Dead is real and in our future. But here is my point – You are held accountable for maintaining your medical records, even in the face of an act of God or terrorism.
Example: It was 1996. Provider Dentist did not have EHR; he had hard copies. Hurricane Fran flooded Provider Dentist’s office, ruining all medical records. When Provider Dentist was audited, the government did not accept the whole “there was a hurricane” excuse. Dentist was liable for sever penalties and recoupments.
Fast forward to 2017 and EHR – Think a mass computer shutdown won’t happen? Just ask Delta about its August 2016 computer shutdown that took four days and cancelled over 2000 flights. Or Medstar Health, which operates 10 hospitals and more than 250 outpatient facilities, when in March 2016, a computer virus shut down its emails and…you guessed it…its EHR database.
So, what’s in YOUR contract?
You are a provider, and you accept Medicare and Medicaid. You find out that the person with whom you contracted to provide extraction services for your dental patients has been upcoding for the last few months. -or- You discover that the supervisory visits over the past year have been less than…well, nonexistent. -or- Or your licensed therapist forgot to mention that her license was revoked. What do you do?
What do you do when you unearth a potential, past overpayment to you from Medicare or Medicaid?
Number One: You do NOT hide your head!
Do not be an ostrich. First, being an ostrich will have a direct correlation with harsher penalties. Second, you may miss mandatory disclosure deadlines, which will lead to a more in-depth, concentrated, and targeted audits by the government, which will lead to harsher penalties.
As for the first (harsher penalties), not only will your potential, monetary penalties leap skyward, but knowledge (actual or should have had) could put you at risk for criminal liability or false claims liability. As for increased, monetary penalties, recent Office of Inspector General (OIG) information regarding the self disclosure protocol indicates that self disclosure could reduce the minimum multiplier to only 1.5 times the single damages versus 2-10 times the damages without self disclosure.
As for the second (missing deadlines), your penalties will be exorbitantly higher if you had or should have had actual knowledge of the overpayments and failed to act timely. Should the government, despite your lack of self disclosure, decide to audit your billings, you can count on increased scrutiny and a much more concentrated, in-depth audit. Much of the target of the audit will be what you knew (or should have) and when you knew (or should have). Do not ever think: “I will not ever get audited. I am a small fish. There are so many other providers, who are really de-frauding the system. They won’t come after me.” If you do, you will not be prepared when the audit comes a’knocking on your door – and that is just foolish. In addition, never underestimate the breadth and scope of government audits. Remember, our tax dollars provide almost unlimited resources to fund thousands of audits at a time. Being audited is not like winning the lottery, Your chances are not one in two hundred million. If you accept Medicare and/or Medicaid, your chances of an audit are almost 100%. Some providers undergo audits multiple times a year.
Knowing that the definition of “knowing” may not be Merriam Webster’s definition is also key. The legal definition of “knowing” is more broad that you would think. Section 1128J(d)(4)(A) of the Act defines “knowing” and “knowingly” as those terms are defined in 31 U.S.C. 3729(b). In that statute the terms “knowing” and “knowingly” mean that a person with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. 3729(b) also states that knowing and knowingly do not require proof of specific intent to defraud.
Number Two: Contact your attorney.
It is essential that you have legal counsel throughout the self disclosure process. There are simply too many ways to botch a well-intended, self disclosure into a casus belli for the government. For example, OIG allows three options for self disclosure; however, one option requires prior approval from OIG. Your counsel needs to maintain your self disclosure between the allowable, navigational beacons.
Number Three: Act timely.
You have 60-days to report and pay. Section 1128J(d)(2) of the Social Security Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable. See blog.
If you have a Medicare issue, please continue to Number Four. If your issue is Medicaid only, please skip Number Four and go to Number Five. If your issue concerns both Medicare and Medicaid, continue with Number Four and Five (skip nothing).
Number Four: Review the OIG Self Disclosure Protocol (for Medicare).
OIG publishes a Self Disclosure Protocol. Read it. Print it. Frame it. Wear it. Memorize it.
Since 2008, OIG has resolved 235 self disclosure provider cases through settlements. In all but one of these cases, OIG released the disclosing parties from permissive exclusion without requiring any integrity measures. What that means is that, even if you self disclose, OIG has the authority to exclude you from the Medicare system. However, if you self disclose, may the odds be ever in your favor!
Number Five: Review your state’s self disclosure protocol.
While every state differs slightly in self disclosure protocol, it is surprising how similar the protocol is state-to-state. In order to find your state’s self disclosure protocol, simply Google: “[insert your state] Medicaid provider self disclosure protocol.” In most cases, you will find that your state’s protocol is less burdensome than OIG’s.
On the state-side, you will also find that the benefits of self disclosure, generally, are even better than the benefits from the federal government. In most states, self disclosure results in no penalties (as long as you follow the correct protocol and do not hide anything).
Number Six: Draft your self disclosure report.
Your self disclosure report must contain certain criteria. Review the Federal Registrar for everything that needs to be included.
It is important to remember that you are only responsible for self disclosures going back six years (on the federal side).
Mail the report to:
330 Independence Avenue, Room 5527
Washington, DC 20201
Or you can self disclose online at this link.