Blog Archives

OIG Finds PCG Inappropriately Altered Medicaid Documents!

Our old friends from Public Consulting Group (PCG) were found to have accepted improper Medicaid payments in New Jersey.

Those of you who have followed my blog will remember that PCG has been the “watchdog” and auditor of Medicaid claims in many, many states, including North Carolina, New Mexico, and New York. The story of PCG’s motus operandi is like an old re-run of Friends – it never seems to end. PCG audits health care provider records, usually about 150 claims, and determines an error rate based on a desk review by an employee who may or may not have the requisite experience in health care or regulatory compliance issues. The error rates are normally high, and PCG extrapolates the number across a universe of three years (generally). The result is an alleged overpayment of millions of dollars. Of course, it varies state to state, but PCG is paid on a contingency basis, usually 12 – 15%. See blog.

In a November 2017 Office of Inspector General (OIG) Report, OIG found that, in New Jersey, PCG, which was the contractor for New Jersey doctored records.

Isn’t that called fraud?

OIG found that New Jersey did not follow Federal regulations and the Centers for Medicare and Medicaid Services’ (CMS) guidance when it developed its payment rates for Medicaid school-based services and, as a result, claimed $300.5 million in unallowable costs. Among OIG’s findings, OIG determined that PCG improperly altered school employees’ responses to time studies to timestudies to indicate that their activities were directly related to providing Medicaid services when the responses indicated the activities were unrelated.

OIG recommended that New Jersey repay $300.5 million in federal Medicaid reimbursements. If you are a taxpayer in New Jersey,

Screen Shot 2018-02-07 at 4.04.46 PM

you know that you are hanging Sec. Carole Johnson in effigy…at least, in your mind.

According to the New Jersey Medicaid website, PCG receives and processes billing agreements from newly Medicaid-enrolled LEAs, which is the acronym for “Local Education Agency.”

Here are PCG’s duties:

Screen Shot 2018-02-07 at 4.07.30 PM

The New Jersey State Agency claims Federal Medicaid reimbursement for health services provided by schools under Individuals With Disabilities Education Act (IDEA) through its Special Education Medicaid Initiative (SEMI). The State Department of Treasury (Treasury), the administrative manager for SEMI, hired PCG, on a contingency fee basis (shocker) to develop SEMI payment rates and submit claims on behalf of schools, which are overseen by the State Department of Education (DOE). Figure 1 (below) illustrates how New Jersey processes and claims Medicaid school-based services.

Screen Shot 2018-02-07 at 5.05.38 PM

But notice the last bullet point in the list of PCG’s duties above. “provides ongoing Medicaid legal and regulatory compliance monitoring.” Of itself?

Only costs related to providing Medicaid-covered services may be included in payment rates for Medicaid services. But, remember, PCG is paid on contingency. See below.

Screen Shot 2018-02-08 at 10.50.36 AM

So is it surprising that PCG raised the reimbursement rates? Why wouldn’t they? If you were paid on contingency, wouldn’t you determine the rates to be higher?

OIG’s report states that New Jersey, through a contractor (PCG), increased the payment rates retroactively to July 2003 from $552 to $1,451 for evaluation services and from $21 to $50 for rehabilitation services. This significant increase raised the question of whether the State was again using unallowable costs.

According to OIG, out of 1,575 responses from school employees, PCG recoded 235 employee responses in order to receive payment from Medicaid. Of those 235 recoded responses, OIG determined that 203 claims were incorrectly recoded by PCG. My math isn’t the best, but I am pretty sure that is approximately a 85% error rate. Shall we extrapolate?

Examples of improper activity code alterations included a social worker indicated that they were “scheduling students to see the [social worker].” Social worker coded this activity as “general administration” – correctly by the way. PCG altered the code to indicate that the employee was providing health care services in order to get paid for that time.

PCG incorporated learning disabilities teacher-consultant salaries in the evaluation rate. These salaries are unallowable because teacher-consultants provide special education services, not health-related services.

In a description of its rate-setting methodology, PCG stated that it excluded costs associated with learning disabilities teacher-consultants because they do not perform any medical services and are not medical providers as customarily recognized in the State’s Medicaid program. However, OIG found that PCG did not remove all learning disabilities teacher-consultant salaries when calculating payment rates

OIG calculated the amount of just that one issue – learning disabilities teacher-consultant salaries incorrectly incorporated – as more than $61 million. What’s 13% of $61 million (assuming that PCG’s contingency rate is 13%)? $7,930,000.

OIG recommended that New Jersey Medicaid:

  • refund $300,452,930 in Federal Medicaid reimbursement claimed based on payment rates that incorporated unallowable costs,
  • work with CMS to determine the allowable amount of the remaining $306,233,377 that we have set aside because the rates included unallowable costs that we cannot quantify, and
  • revise its payment rates so they comply with Federal requirements.

PCG disagreed with OIG’s findings.

Another recommendation that OIG SHOULD have found – Get rid of PCG.

 

EHR: What’s In YOUR Contract? Legal Issues You Need to Know.

Electronic health records or EHR have metamorphosed health care. Choosing a vendor can be daunting and the prices fluctuate greatly. As a provider, you probably determine your EHR platform on which vendor’s program creates the best service notes… or which creates the most foolproof way of tracking time… or which program is the cheapest.

But…what’s in YOUR contract can be legally deadly.

Regardless how you choose your EHR vendor, you need to keep the following legal issues in mind when it comes to EHR and the law:

Regulatory and Clinical Coverage Policy Compliance

Most likely, your EHR vendor does not have a legal degree. Yet, you are buying a product and assuming that the EHR program complies with applicable regulations, rules, and clinical coverage policies – whichever are applicable to your type of service. Well, guess what? These regulations, rules, and clinical coverage policies are not stagnant. They are amended, revised, and re-written more than my chickens lay eggs, but a little less often, because my chickens lay eggs every day.

Think about it – The Division of Medical Assistance (DMA) publishes a monthly Medicaid Bulletin. Every month DMA provides more insight, more explanations, more rules that providers will be held accountable to follow.

Does your EHR program update every month?

You need to review your contract and determine whether the vendor is responsible for regulatory compliance or whether you are. If you are, should you put so much faith in the EHR program?

Document Accessibility

You are required to maintain your records (depending on your type of service) anywhere from 5-10 years. Let’s say that you sign a four year contract with EHR Vendor X. The four years expires, and you hire a new EHR vendor. You are audited. But Vendor X does not allow you access to the records because you no longer have a contract with them – not their problem!

You need to ensure that your EHR contract allows you access to your documents (because they are your documents) even in the event of the contract expiring or getting terminated. The excuse that “I don’t have access to that” does not equal a legal defense.

Indemnification

This is otherwise known as the “Blame Game.” If there is a problem with regulatory compliance, as in, the EHR records do not follow the regulations, then you need to know whether the EHR vendor will take responsibility and pay, or help pay, for attorneys’ fees to defend yourself.

Like it or not, the EHR vendor does not undergo audits by the state and federal government. The EHR vendor does not undergo post and pre-payment reviews for regulatory compliance. You do. It is your NPI number that is held accountable for regulatory compliance.

You need to check whether there is an indemnification clause in the EHR contract. In other words, if you are accused of an overpayment because of a mistake on the part of the vendor, will the vendor cover your defense? My guess is that there is no indemnification clause.

HIPAA Compliance

HIPAA laws require that you minimize the access to private health information (PHI) and prevent dissemination. With hard copies, this was easy. You could just lock up the documents. With EHR, it becomes trickier. Obviously, you have access to the PHI as the provider. But who can access your EHR on the vendor-side? Assuming that the vendor has an IT team in case of computer issues, you have to consider to what exactly does that team have access.

I recently attended a legal continuing education class on data breach and HIPAA compliance for health care. One of the speakers was a Special Agent with the FBI. This gentleman prosecutes data breaches for a living. He said that hackers will pay over $500 per private medical document. Health care companies experienced a 72% increase in cyberattacks between 2013 and 2014. Stolen health care information is 10 times more valuable than your credit card information.

Zombie Apocalypse

Obviously, I am exaggerating here. I do not believe that The Walking Dead is real and in our future. But here is my point – You are held accountable for maintaining your medical records, even in the face of an act of God or terrorism.

Example: It was 1996. Provider Dentist did not have EHR; he had hard copies. Hurricane Fran flooded Provider Dentist’s office, ruining all medical records. When Provider Dentist was audited, the government did not accept the whole “there was a hurricane” excuse. Dentist was liable for sever penalties and recoupments.

Fast forward to 2017 and EHR – Think a mass computer shutdown won’t happen? Just ask Delta about its August 2016 computer shutdown that took four days and cancelled over 2000 flights. Or Medstar Health, which operates 10 hospitals and more than 250 outpatient facilities, when in March 2016, a computer virus shut down its emails and…you guessed it…its EHR database.

So, what’s in YOUR contract?

Look into My Crystal Ball: Who Is Going to Be Audited by the Government in 2017?

Happy New Year, readers!!! A whole new year means a whole new investigation plan for the government…

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) publishes what is called a “Work Plan” every year, usually around November of each year. 2017 was no different. These Work Plans offer rare insight into the upcoming plans of Medicare investigations, which is important to all health care providers who accept Medicare and Medicaid.

For those of you who do not know, OIG is an agency of the federal government that is charged with protecting the integrity of HHS, basically, investigating Medicare and Medicaid fraud, waste, and abuse.

So let me look into my crystal ball and let you know which health care professionals may be audited by the federal government…

crystal-ball

The 2017 Work Plan contains a multitude of new and revised topics related to durable medical equipment (DME), hospitals, nursing homes, hospice, laboratories.

For providers who accept Medicare Parts A and B, the following are areas of interest for 2017:

  • Hyperbaric oxygen therapy services: provider reimbursement
  • Inpatient psychiatric facilities: outlier payments
  • Skilled nursing facilities: reimbursements
  • Inpatient rehabilitation hospital patients not suited for intensive therapy
  • Skilled nursing facilities: adverse event planning
  • Skilled nursing facilities: unreported incidents of abuse and neglect
  • Hospice: Medicare compliance
  • DME at nursing facilities
  • Hospice home care: frequency of on-site nurse visits to assess quality of care and services
  • Clinical Diagnostic Laboratories: Medicare payments
  • Chronic pain management: Medicare payments
  • Ambulance services: Compliance with Medicare

For providers who accept Medicare Parts C and D, the following are areas of interest for 2017:

  • Medicare Part C payments for individuals after the date of death
  • Denied care in Medicare Advantage
  • Compounded topical drugs: questionable billing
  • Rebates related to drugs dispensed by 340B pharmacies

For providers who accept Medicaid, the following are areas of interest for 2017:

  • States’ MCO Medicaid drug claims
  • Personal Care Services: compliance with Medicaid
  • Medicaid managed care organizations (MCO): compliance with hold harmless requirement
  • Hospice: compliance with Medicaid
  • Medicaid overpayment reporting and collections: all providers
  • Medicaid-only provider types: states’ risk assignments
  • Accountable care

Caveat: The above-referenced areas of interest represent the published list. Do not think that if your service type is not included on the list that you are safe from government audits. If we have learned nothing else over the past years, we do know that the government can audit anyone anytime.

If you are audited, contact an attorney as soon as you receive notice of the audit. Because regardless the outcome of an audit – you have appeal rights!!! And remember, government auditors are more wrong than right (in my experience).