Blog Archives

Self Disclosure Protocol: What Is It? And Do I Have To?

You are a provider, and you accept Medicare and Medicaid. You find out that the person with whom you contracted to provide extraction services for your dental patients has been upcoding for the last few months. -or- You discover that the supervisory visits over the past year have been less than…well, nonexistent. -or- Or your licensed therapist forgot to mention that her license was revoked. What do you do?

What do you do when you unearth a potential, past overpayment to you from Medicare or Medicaid?

Number One: You do NOT hide your head!

man with head in sand

Do not be an ostrich. First, being an ostrich will have a direct correlation with harsher penalties. Second, you may miss mandatory disclosure deadlines, which will lead to a more in-depth, concentrated, and targeted audits by the government, which will lead to harsher penalties.

As for the first (harsher penalties), not only will your potential, monetary penalties leap skyward, but knowledge (actual or should have had) could put you at risk for criminal liability or false claims liability. As for increased, monetary penalties, recent Office of Inspector General (OIG) information regarding the self disclosure protocol indicates that self disclosure could reduce the minimum multiplier to only 1.5 times the single damages versus 2-10 times the damages without self disclosure.

As for the second (missing deadlines), your penalties will be exorbitantly higher if you had or should have had actual knowledge of the overpayments and failed to act timely. Should the government, despite your lack of self disclosure, decide to audit your billings, you can count on increased scrutiny and a much more concentrated, in-depth audit. Much of the target of the audit will be what you knew (or should have) and when you knew (or should have). Do not ever think: “I will not ever get audited. I am a small fish. There are so many other providers, who are really de-frauding the system. They won’t come after me.” If you do, you will not be prepared when the audit comes a’knocking on your door – and that is just foolish. In addition, never underestimate the breadth and scope of government audits. Remember, our tax dollars provide almost unlimited resources to fund thousands of audits at a time. Being audited is not like winning the lottery, Your chances are not one in two hundred million. If you accept Medicare and/or Medicaid, your chances of an audit are almost 100%. Some providers undergo audits multiple times a year.

Knowing that the definition of “knowing” may not be Merriam Webster’s definition is also key. The legal definition of “knowing” is more broad that you would think. Section 1128J(d)(4)(A) of the Act defines “knowing” and “knowingly” as those terms are defined in 31 U.S.C. 3729(b). In that statute the terms “knowing” and “knowingly” mean that a person with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. 3729(b) also states that knowing and knowingly do not require proof of specific intent to defraud.

Number Two: Contact your attorney.

It is essential that you have legal counsel throughout the self disclosure process. There are simply too many ways to botch a well-intended, self disclosure into a casus belli for the government. For example, OIG allows three options for self disclosure; however, one option requires prior approval from OIG. Your counsel needs to maintain your self disclosure between the allowable, navigational beacons.

Number Three: Act timely.

You have 60-days to report and pay. Section 1128J(d)(2) of the Social Security Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable. See blog.

________________________________________________________

If you have a Medicare issue, please continue to Number Four. If your issue is Medicaid only, please skip Number Four and go to Number Five. If your issue concerns both Medicare and Medicaid, continue with Number Four and Five (skip nothing).

_________________________________________________________

Number Four: Review the OIG Self Disclosure Protocol (for Medicare).

OIG publishes a Self Disclosure Protocol. Read it. Print it. Frame it. Wear it. Memorize it.

Since 2008, OIG has resolved 235 self disclosure provider cases through settlements. In all but one of these cases, OIG released the disclosing parties from permissive exclusion without requiring any integrity measures. What that means is that, even if you self disclose, OIG has the authority to exclude you from the Medicare system. However, if you self disclose, may the odds be ever in your favor!

Number Five: Review your state’s self disclosure protocol.

While every state differs slightly in self disclosure protocol, it is surprising how similar the protocol is state-to-state. In order to find your state’s self disclosure protocol, simply Google: “[insert your state] Medicaid provider self disclosure protocol.” In most cases, you will find that your state’s protocol is less burdensome than OIG’s.

On the state-side, you will also find that the benefits of self disclosure, generally, are even better than the benefits from the federal government. In most states, self disclosure results in no penalties (as long as you follow the correct protocol and do not hide anything).

Number Six: Draft your self disclosure report.

Your self disclosure report must contain certain criteria. Review the Federal Registrar for everything that needs to be included.

It is important to remember that you are only responsible for self disclosures going back six years (on the federal side).

Mail the report to:

DHHS/OIG/OCIG
Grantee Self-Disclosures
330 Independence Avenue, Room 5527
Washington, DC 20201

Or you can self disclose online at this link.

Look into My Crystal Ball: Who Is Going to Be Audited by the Government in 2017?

Happy New Year, readers!!! A whole new year means a whole new investigation plan for the government…

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) publishes what is called a “Work Plan” every year, usually around November of each year. 2017 was no different. These Work Plans offer rare insight into the upcoming plans of Medicare investigations, which is important to all health care providers who accept Medicare and Medicaid.

For those of you who do not know, OIG is an agency of the federal government that is charged with protecting the integrity of HHS, basically, investigating Medicare and Medicaid fraud, waste, and abuse.

So let me look into my crystal ball and let you know which health care professionals may be audited by the federal government…

crystal-ball

The 2017 Work Plan contains a multitude of new and revised topics related to durable medical equipment (DME), hospitals, nursing homes, hospice, laboratories.

For providers who accept Medicare Parts A and B, the following are areas of interest for 2017:

  • Hyperbaric oxygen therapy services: provider reimbursement
  • Inpatient psychiatric facilities: outlier payments
  • Skilled nursing facilities: reimbursements
  • Inpatient rehabilitation hospital patients not suited for intensive therapy
  • Skilled nursing facilities: adverse event planning
  • Skilled nursing facilities: unreported incidents of abuse and neglect
  • Hospice: Medicare compliance
  • DME at nursing facilities
  • Hospice home care: frequency of on-site nurse visits to assess quality of care and services
  • Clinical Diagnostic Laboratories: Medicare payments
  • Chronic pain management: Medicare payments
  • Ambulance services: Compliance with Medicare

For providers who accept Medicare Parts C and D, the following are areas of interest for 2017:

  • Medicare Part C payments for individuals after the date of death
  • Denied care in Medicare Advantage
  • Compounded topical drugs: questionable billing
  • Rebates related to drugs dispensed by 340B pharmacies

For providers who accept Medicaid, the following are areas of interest for 2017:

  • States’ MCO Medicaid drug claims
  • Personal Care Services: compliance with Medicaid
  • Medicaid managed care organizations (MCO): compliance with hold harmless requirement
  • Hospice: compliance with Medicaid
  • Medicaid overpayment reporting and collections: all providers
  • Medicaid-only provider types: states’ risk assignments
  • Accountable care

Caveat: The above-referenced areas of interest represent the published list. Do not think that if your service type is not included on the list that you are safe from government audits. If we have learned nothing else over the past years, we do know that the government can audit anyone anytime.

If you are audited, contact an attorney as soon as you receive notice of the audit. Because regardless the outcome of an audit – you have appeal rights!!! And remember, government auditors are more wrong than right (in my experience).

Medicaid Auditors, Nitpicky Nonsense, and Journalistic Mistakes

In my experience with regulatory audits of health care providers, which is substantial, the auditors have zero incentive to perform audits conservatively…or even properly, if I am being completely honest. The audit companies themselves are for-profit entities with Boards of Directors, sometimes with shareholders, and definitely with executives who are concerned with the corporate bottom lines. The actual auditors are salaried employees (or contractors) who are given an audit checklist, which may or may not be correct) and instructions as to which companies to audit.

Think about it – you are hired as an auditor…what happens if you come back to your boss, saying, “Nope. I found no documentation errors.”I liken it to me hiring a housekeeper and that housekeeper showing up at my house and saying, “Your house is so clean. There is nothing for me to clean.” First of all, for those who know me, you know that no housekeeper would ever say that my house did not to be cleaned, but that is neither here nor there. The analogy remains. No employee or hired contractor will tell you that you do not need to hire him or her because he or she is not needed. It is only human nature and logic. Will a dog trainer tell you that your dog is fully trained? Will a personal trainer tell you are perfectly fit? Will a rug maker tell you that you don’t need a rug? Will an auditor tell you that your documents are perfect? If so, they would render themselves obsolete.

Disagree with my opinions on this blog all you want, but if you disagree with the principle that an employee will not argue himself or herself out of a job, then you are living in a fantasy land made up of rainbows and gummy bears.

So let’s begin with the basic logical principles: 2+2=4 and auditors have incentives to find errors.

Now, knowing the basic, underlying fact that auditors have incentives to locate documentation errors, an article was recently published entitled, “Audit says home health care companies overbilled Mass. Medicaid by $23m.” While I am not in a position to critique a journalist’s writing, I disagree with the broad, overreaching statements found in this article. While the article claims that 9 home health companies owe the State of Massachusetts $23 million, my guess is that (if the companies hire a competent attorney) the companies do not owe such a large amount. In my experience, there are many legal defenses to safeguard against allegations in an audit.

The follow-up article may be entitled, “Audit of Home Health Agencies Found to Be Erroneous.”

Here is the first paragraph of that article claiming home care agencies overbilled Medicaid for $23 million:

“The state’s Medicaid program was routinely billed for home health care services that were never provided or were not medically necessary. Providers submitted documents with missing dates and signatures. Sometimes basic information like a patient’s medical history was nowhere to be found.”

Let’s dissect.

First sentence: “The state’s Medicaid program was routinely billed for home health care services that were never provided or were not medically necessary.”

I call bull feces on this one. First, the audit, which is the topic of this article, only audited 9 home health agencies. Unless only 10 home health agencies exist in Massachusetts, an audit of 9 agencies can hardly be considered “routinely billing” Medicaid.

Second, who is making these determinations that the home health services are not medically necessary??? Considering that, in order to render home health services, the provider must obtain prior authorization that the services are medically necessary, I find it a hard pill to swallow that the rendered services are not medically necessary. These are prior authorized services!!

Third, providing home health services is anything but routine. Life happens. The assertion that home health care services were never provided fails to take into consideration – life. For example, a home health aide could present at the client’s home at the regularly scheduled time, but the consumer’s son is present. The son brought McDonald’s, in which case, the aide may render all services, but does not prepare a meal for the client. Or, perhaps, the consumer’s plan states that the aide must bathe the consumer. But the consumer recently had surgery and cannot take a bath or shower for a certain amount of time. In the above examples, services were not rendered, that is true, but did some sort of aberrant billing or fraud occur? I would argue, no.

Second sentence: “Providers submitted documents with missing dates and signatures.”

This sentence is also troubling. Let’s say that a consumer requires home health services and receives prior authorization. The home health aide renders the services. In the subsequent documentation, the home health aide forgets to date the service note. There is no question that the home health services were needed. There is no question that the services were rendered. There is only a missing date written on the service note. Does this circumstance warrant a 100% recoupment for a minor documentation error? If you answer, yes, you may have a fulfilling career as a Medicaid auditor in your future. You also may believe that a documentation error as egregious as a missing date should warrant tearing up the provider’s Medicaid contract and burning it. You may also hate puppy dogs and ice cream.

My answer is no. There are less drastic measures to be implemented other than a 100% recoupment – for example, a plan of correction could be required.

Third sentence: “Sometimes basic information like a patient’s medical history was nowhere to be found.”

I have major issues with this sentence. Ever hear of the saying, “You only get what you ask for?” All health care providers, including home health care providers, maintain massive amounts of documentation, whether it be electronic or paper. Furthermore, one client file could have years and years of documentation. When an auditor comes to an agency, the auditor normally presents with a list of consumer names and dates of service.

For example, the auditor wants to review the documentation for Barack Obama, date of service 11/8/12. The provider hands over the service note, the plan of care, the prior authorization, etc. Information not found on the documents provided to the auditor: place of birth, past drug use, including, marijuana and cocaine, smoking history, exercise regimen, marital status, immunizations, list of surgical procedures…you get the picture.

The article goes on to state, “Executives at all of the companies reached by the Globe said they are appealing the audit findings and chalked up most of the violations to minor paperwork issues that were overblown by state auditors.”

“There’s mistakes here, I understand that,” said Debra Walsh, administrator at Able Home Care. “[But] how did a missing address escalate to a sanction? That doesn’t make any sense.”

She’s right. It doesn’t make logical, reasonable, human sense. But it does make sense when you remember that the auditors are sent to the agencies with an audit checklist and a list of consumers with dates of service. If the checklist requires an address of the provider and the consumer to be present on the service note, regardless whether the regulations, rules or law require an address to be present on a service note, and there is no address present on the service note, then the auditor will find noncompliance. Strict adherence to the “Stepford Auditors’ Handbook” is required, not strict adherence to the law.

Looking at the sunny side – Most audit findings are easy-greasy to defend with legal arguments. Have you seen the TV show, “What Not To Wear?” The first, initial meeting of the targeted person on “What Not To Wear” is the original audit results “before a good legal defense.” It’s exaggerated, ugly, and quite shocking.

Then Stacy and Clinton come to the rescue and teach the scraggly, poorly-dressed individual fashion tips and the former frumpy individual is transformed into a fashionable chichi – or a much more palatable overpayment amount.

(In this analogy, my team and I are Stacy and Clinton. I will be Stacy).

One of my favorite examples of a “before” and “after” audit results is the following:

Before (frumpy individual):

""before2
After (fashionable chichi):
photo (3)
""

Next time you see an article claiming that a health care provider overbilled the government for Medicare or Medicaid reimbursements, check and see whether the determination was appealed by the provider(s).

The appeal may demonstrate an entirely new perspective on such alleged overpayments than the original audit, because, remember, an auditor would not maintain a job if he or she found compliance.

Medicare Audits: DRG Downcoding in Hospitals: Algorithms Substituting for Medical Judgment, Part 1

This article is written by our good friend, Ed Roche. He is the founder of Barraclough NY, LLC, which is a litigation support firm that helps us fight against extrapolations.

e-roche

The number of Medicare audits is increasing. In the last five years, audits have grown by 936 percent. As reported previously in RACmonitor, this increase is overwhelming the appeals system. Less than 3 percent of appeal decisions are being rendered on time, within the statutory framework.

It is peculiar that the number of audits has grown rapidly, but without a corresponding growth in the number of employees for Recovery Audit Contractors (RACs). How can this be? Have the RAC workers become more than 900 percent more efficient? Well, in a way, they have. They have learned to harness the power of big data.

Since 1986, the ability to store digital data has grown from 0.02 exabytes to 500 exabytes. An exabyte is one quintillion bytes. Every day, the equivalent 30,000 Library of Congresses is put into storage. That’s lots of data.

Auditing by RACs has morphed into using computerized techniques to pick targets for audits. An entire industry has emerged that specializes in processing Medicare claims data and finding “sweet spots” on which the RACs can focus their attention. In a recent audit, the provider was told that a “focused provider analysis report” had been obtained from a subcontractor. Based on that report, the auditor was able to target the provider.

A number of hospitals have been hit with a slew of diagnosis-related group (DRG) downgrades from internal hospital RAC teams camping out in their offices, continually combing through their claims data. The DRG system constitutes a framework that classifies any inpatient stay into groups for purposes of payment.

The question then becomes: how is this work done? How is so much data analyzed? Obviously, these audits are not being performed manually. They are cyber audits. But again, how?

An examination of patent data sheds light on the answer. For example, Optum, Inc. of Minnesota (associated with UnitedHealthcare) has applied for a patent on “computer-implemented systems and methods of healthcare claim analysis.” These are complex processes, but what they do is analyze claims based on DRGs.

The information system envisaged in this patent appears to be specifically designed to downgrade codes. It works by running a simulation that switches out billed codes with cheaper codes, then measures if the resulting code configuration is within the statistical range averaged from other claims.

If it is, then the DRG can be downcoded so that the revenue for the hospital is reduced correspondingly. This same algorithm can be applied to hundreds of thousands of claims in only minutes. And the same algorithm can be adjusted to work with different DRGs. This is only one of many patents in this area.

When this happens, the hospital may face many thousands of downgraded claims. If it doesn’t like it, then it must appeal.

Here there is a severe danger for any hospital. The problem is that the cost the RAC incurs running the audit is thousands of time less expensive that what the hospital must spend to refute the DRG coding downgrade.

This is the nature of asymmetric warfare. In military terms, the cost of your enemy’s offense is always much smaller than the cost of your defense. That is why guerrilla warfare is successful against nation states. That is why the Soviet Union and United States decided to stop building anti-ballistic missile (ABM) systems — the cost of defense was disproportionately greater than the cost of offense.

Hospitals face the same problem. Their claims data files are a giant forest in which these big data algorithms can wander around downcoding and picking up substantial revenue streams.

By using artificial intelligence (advanced statistical) methods of reviewing Medicare claims, the RACs can bombard hospitals with so many DRG downgrades (or other claim rejections) that it quickly will overwhelm their defenses.

We should note that the use of these algorithms is not really an “audit.” It is a statistical analysis, but not done by any doctor or healthcare professional. The algorithm could just as well be counting how many bags of potato chips are sold with cans of beer.

If the patient is not an average patient, and the disease is not an average disease, and the treatment is not an average treatment, and if everything else is not “average,” then the algorithm will try to throw out the claim for the hospital to defend. This has everything to do with statistics and correlation of variables and very little to do with understanding whether the patient was treated properly.

And that is the essence of the problem with big data audits. They are not what they say they are, because they substitute mathematical algorithms for medical judgment.

EDITOR’ NOTE: In Part II of this series, Edward Roche will examine the changing appeals landscape and what big data will mean for defense against these audits. In Part III, he will look at future scenarios for the auditing industry and the corresponding public policy agenda that will involve lawmakers.

 

Another Win for the Good Guys! RAC Auditors Cannot Look Back Over 3 Years!!! (BTW: We Already Knew This -Shhhhh!)

I love being right – just ask my husband.

I have argued for years that government auditors cannot go back over three years when conducting a Medicaid/Care audit of a health care provider’s records, unless there are credible allegations of fraud. See blog.

42 CFR 455.508 states that “[a]n entity that wishes to perform the functions of a Medicaid RAC must enter into a contract with a State to carry out any of the activities described in § 455.506 under the following conditions:…(f) The entity must not review clams that are older than 3 years from the date of the claim, unless it receives approval from the State.”

Medicaid RAC is defined as “Medicaid RAC program means a recovery audit contractor program administered by a State to identify overpayments and underpayments and recoup overpayments.” 42 CFR 455. 504.

From the definition of a Medicaid RAC (Medicare RAC is similarly defined), albeit vague, entities hired by the state to identify over and underpayments are RACs. And RACs are prohibited from auditing claims that are older than 3 years from the date of the claim.

In one of our recent cases, our client, Edmond Dantes, received a Tentative Notice of Overpayment from Public Consulting Group (PCG) on May 13, 2015. In a Motion for Summary Judgment, we argued that PCG was disallowed to review claims prior to May 13, 2012. Of the 8 claims reviewed, 7 claims were older than May 13, 2012 – one even went back to 2009!

The Administrative Law Judge (ALJ) at the Office of Administrative Hearings (OAH) agreed. In the Order Granting Partial Summary Judgment, the ALJ opined that “[s]tatutes of limitation serve an important purpose: to afford security against stale demands.”

Accordingly, the ALJ threw out 7 of the 8 claims for violating the statute of limitation. With one claim left, the amount in controversy was nominal.

A note as to the precedential value of this ruling:

Generally, an ALJ decision is not binding on other ALJs. The decisions are persuasive. Had DHHS appealed the decision and the decision was upheld by Superior Court, then the case would have been precedent; it would have been law.

Regardless, this is a fantastic ruling , which only bolsters my argument that Medicaid/care auditors cannot review claims over 3 years old from the date of the claim.

So when you receive a Tentative Notice of Overpayment, after contacting an attorney, look at the reviewed claims. Are those reviewed claims over 3 years old? If so, you too may win on summary judgment.

Medicare Fraud: Do MCOs Have Accountability Too?

Dr. Isaac Kojo Anakwah Thompson, a Florida primary care physician, was sentenced in July 2016 to 4 years in prison and a subsequent two years of supervised release. Dr. Thompson pled guilty to health care fraud.  He was further ordered to pay restitution in the amount of $2,114,332.33. Ouch!! What did he do?

According to the Department of Justice, Dr. Thompson falsely reported that 387 of his clients suffered from ankylosing spondylitis when they did not.

Question: How does faking a patient’s disease make a physician money???

Answer: Hierarchal condition category (HCC) coding. Wait, what?

Basically, Medicare Advantage assigns HCC coding to each patient depending on the severity of their illnesses. Higher HCC scores equals substantially higher monthly capitation payments from Medicare to the managed care organization (MCO). In turn, the MCO will pay physicians more who have more extremely sick patients (higher HCC codes).

Ankylosing spondylitis is a form of arthritis that causes inflammation and damage at the joints; eventually, the inflamed spinal joints can become fused, or joined together so they can’t move independently. It’s a rare disease, affecting 1 in 1000 people. And, importantly, it sports a high HCC code.

In this case, the Office of Inspector General (OIG) found it odd that, between 2006-2010, Dr. Thompson diagnosed 387 Medicare Advantage beneficiaries with ankylosing spondylitis and treated them with such rare disease. To which, I say, if you’re going to defraud the Medicare system, choose common, fabricated diseases (kidding – it’s called sarcasm – I always have to add a disclaimer for people with no humor).

According to the Department of Justice, none or very few of Dr. Thompson’s 387 consumers actually had ankylosing spondylitis.

My issue is as follows: Doesn’t the managed care organization (MCO) share in some of the punishment? Shouldn’t the MCO have to repay the financial benefit it reaped from Dr. Thompson?? Shouldn’t the MCO have a duty to report such oddities?

Let me explain:

In Florida, Humana acted as the MCO. Every dollar that Dr. Thompson received was funneled through Humana. Humana would pay Dr. Thompson a monthly capitation fee from Medicare Advantage based on his patient’s hierarchal condition category (HCC) coding. Increasing even just one patient’s HCC code means more bucks for Dr. Thompson. Remember, according to the DOJ, he increased 387 patients’ HCC codes.

Dr. Thompson reported these diagnoses to Humana, which in turn reported them to Medicare. Consequently, Medicare paid approximately $2.1 million in excess capitation fees to Humana, approximately 80% of which went to Dr. Thompson.

In this case, it is reasonable to expect that Humana had knowledge that Dr. Thompson reported abnormally high HCCs for his patients. For comparison, ankylosing spondylitis has an HCC score of 0.364, which is more than an aortic aneurysm and three times as high as diabetes. Plus, look at the amount of money that the MCO paid Dr. Thompson. Surely, it appeared irregular.

What, if anything, is the MCO’s duty to report physicians with an abnormally high number of high HCC codes? If you have knowledge of someone committing a crime and you do nothing, isn’t that called aiding and abetting?

With the publication of the Yates memo, I expect to see CMS holding MCOs and other state agencies accountable for the actions of its providers. Not to say that the MCOs should actively, independently investigate Medicare/caid fraud, but to notify the Human Services Department (HSD) if abnormalities exist, especially if as blatant as one doctor with 387 patients suffering from ankylosing spondylitis.

Medicare/Caid Audits: Urine Testing Under Fire!!

I have blogged about peeing in a cup before…but we will not be talking about dentists in this blog. Instead we will be discussing pain management physicians and peeing in a cup.

Pain management physicians are under intense scrutiny on the federal and state level due to increased urine testing. But is it the pain management doctors’ fault?

When I was little, my dad and I would play catch with bouncy balls. He would always play a dirty little trick, and I fell for it every time. He would toss one ball high in the air. While I was concentrating on catching that ball, he would hurl another ball straight at me, which, every time, smacked into me – leaving me disoriented as to what was happening. He would laugh and  laugh. I was his Charlie Brown, and he was my Lucy. (Yes, I have done this to my child).

The point is that it is difficult to concentrate on more than one thing. When the Affordable Care Act (ACA) came out, it was as if the federal government wielded 500, metaphoric, bouncy balls at every health care provider. You couldn’t comprehend it in its entirety. There were different deadlines for multiple changes, provider requirements, employer requirements, consumer requirements…it was a bloodbath! [If you haven’t seen the brothers who trick their sister into thinking it’s a zombie apocalypse, you have to watch it!!]

A similar “metaphoric ball frenzy” is occurring now with urine testing, and pain management physicians make up the bulk of prescribed urine testing. The urine testing industry has boomed in the past 4-5 years. This could be caused by a number of factors:

  • increase use of drugs (especially heroine and opioids),
  • the tightening of regulations requiring physicians to monitor whether patients are abusing drugs,
  • increase of pain management doctors purchasing mass-spectrometry machines and becoming their own lab,
  • simply more people are complaining of pain, and
  • the pharmaceutical industry’s direct-to-consumer advertising (DTCA).

Medicare’s spending on 22 high-tech tests for drugs of abuse hit $445 million in 2012, up 1,423% in five years. “In 2012, 259 million prescriptions were written for opioids, which is more than enough to give every American adult their own bottle of pills.” See article.

According to the American Association of Pain Management, pain affects more Americans than diabetes, heart disease and cancer combined. The chart below depicts the number of chronic pain sufferers compared to other major health conditions.

pain

In the world of Medicare and Medicaid, where there is profit being made, the government comes a-knockin’.

But should we blame the pain management doctors if recent years brought more patients due to increase of drug use? The flip side is that we do not want doctors ordering urine tests unnecessarily. But aren’t the doctors supposed to the experts on medical necessity??? How can an auditor, who is not a physician and never seen the patient opine to medical necessity of a urine test?

The metaphoric ball frenzy:

There are so many investigations into urine testing going on right now.

Ball #1: The machine manufacturers. A couple of years ago, Carolina Liquid Chemistries (CLC) was raided by the federal government. See article. One of the allegations was that CLC was misrepresenting their product, a urinalysis machine, which caused doctors to overbill Medicare and Medicaid. According to a source, the federal government is still investigating CLC and all the physicians who purchased the urinalysis machine from CLC.

Ball #2: The federal government. Concurrently, the federal government is investigating urine testing billed to Medicare. In 2015, Millennium Health paid $256 million to resolve alleged violations of the False Claims Act for billing Medicare and Medicaid for medically unnecessary urine drug and genetic testing. I wonder if Millennium bought a urinalysis machine from CLC…

Ball #3: The state governments. Many state governments are investigating urine testing billed to Medicaid.  Here are a few examples:

New Jersey: July 12, 2016, a couple and their diagnostic imaging companies were ordered to pay more than $7.75 million for knowingly submitting false claims to Medicare for thousands of falsified diagnostic test reports and the underlying tests.

Oklahoma: July 10, 2016, the Oklahoma attorney general’s office announced that it is investigating a group of laboratories involved in the state’s booming urine testing industry.

Tennessee: April 2016, two lab professionals from Bristol, Tenn., were convicted of health care fraud in a scheme involving urine tests for substance abuse treatments.

If you are a pain management physician, here are a few recommendations to, not necessarily avoid an audit (because that may be impossible), but recommendations on how to “win” an audit:

  1. Document, document, document. Explain why the urine test is medically necessary in your documents. An auditor is less likely to question something you wrote at the time of the testing, instead of well after the fact.
  2. Double check the CPT codes. These change often.
  3. Check your urinalysis machine. Who manufactured it? Is it performing accurately?
  4. Self-audit
  5. Have an experienced, knowledgeable, health care attorney. Do not wait for the results of the audit to contact an attorney.

And, perhaps, the most important – Do NOT just accept the results of an audit. Especially with allegations involving medical necessity…there are so many legal defenses built into regulations!! You turn around and throw a bouncy ball really high – and then…wallop them!!

 

The Yates Memo: It May Be the Second Coming for Individual Executives

The Yates memo? Sadly, we aren’t talking about William Butler Yates, who is one of my favorite poets:

TURNING and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.
Surely some revelation is at hand;
Surely the Second Coming is at hand…Part of The Second Coming

Ok, so maybe it is a little melodramatic to compare the Yates memo from the Office of the Deputy Attorney General to the end of the world, the drowning of innocence, and The Second Coming, but I made analogies in past blogs that had stretched and, dare I say, hyberbolized the situation.

What is the Yates memo?

The Yates memo is a memorandum written by Sally Quillian Yates, Deputy Attorney General for the U.S. Dept. of Justice, dated September 9, 2015.

It basically outlines how federal investigations for corporate fraud or misconduct should be conducted  and what will be expected from the corporation getting investigated. It was not written specifically about health care providers; it is a general memo outlining the investigations of corporate wrongdoing across the board. But it is germane to health care providers.

By far the most scary and daunting item discussed within the Yates memo is the DOJ’s interest in indicting individuals within corporations as well as the corporate entities itself, i.e., the executives…the management. Individual accountability.

No more Lehman Brothers fallout with former CEO Dick Fuld leaving the catastrophe with a mansion in Greenwich, Conn., a 40+ acre ranch in Sun Valley, Idaho, as well as a five-bedroom home in Jupiter Island, Fla.  Fuld may have or may not have been a player in the downfall of Lehman Brothers. But the Yates Memo was not published back in 2008.

The Yates Memo outlines 6 steps to strengthen audits for corporate compliance:

  1. To be eligible for any cooperation credit, corporations must provide to the DOJ all relevant facts about individuals involved in corporate misconduct.
  2. Both criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
  3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
  4. Absent extraordinary circumstances, no corporate resolution will provide protection from criminal or civil liability for any individuals.
  5. Corporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized.
  6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual’s ability to pay.

So why write about now – over 6 months after it was disseminated?

First, since its dissemination, a few points have been clarified that were otherwise in question.

About a month after its publication, U.S. Assistant Attorney General Leslie Caldwell emphasized the Yates memo’s requirement that corporations must disclose all relevant facts regarding misconduct to receive cooperation credit. Caldwell went so far to say that companies must affirmatively seek relevant facts regarding misconduct.

For example, Hospital X is accused of Medicare fraud, waste, and abuse (FWA) in the amount of $15 million. The Yates memo dictates that management at the hospital proactively investigate the allegations and report its findings to the federal government. The memo mandates that the hospital “show all its cards” and turn itself in prior to making any defense.

The problem here is that FWA is such a subjective determination.

What if a hospital bills Medicare for inplantable cardioverter defibrillator, or ICD, for patients that had coronary bypass surgery or angioplasty within 90 days or a heart attack within 40 days? What if the heart attack was never documented? What if the heart attack was so minor that it lasted under 100 milliseconds?

The Medicare National Coverage Determinations are so esoteric that your average Medicare auditor could very well cite a hospital for billing for an ICD even when the patient’s heart attack lasted under 100 milliseconds.

Yet, according to the Yates memo, the hospital is required to present all relevant facts before any defense. What if the hospital’s billing person is over zealous in detecting mis-billings? The hospital could very well have a legal defense as to why the alleged mis-billing is actually compliant. What about a company’s right to seek counsel and defend itself? The Yates memo may require the company to turn over attorney-client privilege.

The second point that has been clarified since the Yates’ memo’s publication came from Yates herself.

Yates remarks that there will be a presumption that the company has access to identify culpable individuals  unless they can make an affirmative showing that the company does not have access to it or are legally prohibited from producing it.

Why should this matter? It’s only a memo, right?

Since its publication, the DOJ codified it into the revised U.S. Attorneys’ Manual, including the two clarifying remarks. Since its inception, the heads of companies have been targeted.

A case was brought against David Bostwick, the founder, owner and chief executive officer of Bostwick Laboratories for  allegedly provided incentives to treating physicians in exchange for referrals of patients who would then be subjected to these tests.

When the pharmaceutical company Warner Chilcott was investigated for health care fraud prosecutors also went after W. Carl Reichel, the former president, for his alleged involvement in the company’s kickback scheme.

Prior to the Yates’ memo, it was uncommon for health care fraud investigations to  involve criminal charges or civil resolutions against individual executives.

The Second Coming?

It may feel that way to executives of health care companies accused of fraud, waste, and abuse.

CMS Ramps Up Medicare Audits: A Pig and Pony Show?

Monday, February 22, 2016, The Centers for Medicare and Medicaid Services (CMS) announced that it plans to increase onsite visits and monitoring of health care providers. One of the top priorities for CMS is to verify that provider enrollment and address are correct…

Because, as you know, providers with correct addresses on file are less likely to commit Medicare fraud. Medicare Fraud 101 – Give CMS the wrong address. Really? (While I applaud their valiant effort, the fraud that I have witnessed has not been a health care provider using a fake address to provide fake services…that is too Ponzi, too shallow in thought…too easily detected. Oh no, the fraud I have encountered were providers with actual practices with correct addresses, but embellishing on the amount of services provided to an actual Medicare enrollee to cushion their pockets. This is much more difficult to detect.

But CMS has its reasons for sniffing out fake addresses. CMS’ address hunt-down comes on the heels of a report from June 2015 out of the Government Accountability Office (GAO), which determined that approximately 22% of Medicare provider addresses are “potentially ineligible.” Additionally, last March (2015) CMS decreased the amount of audits conducted by Medicare Administrative Contractors (MACs), which are one of the entities that investigate Medicare provider eligibility.

Whenever the GAO finds potential errors, CMS usually puts on the whole dog and pony show…or, maybe, for a change, a pig and pony show…

With all these political talks about donkeys and elephants, I would like to take a moment and blog about a pig. Some of you know that I own a pet pig. She is 4 1/2 years old and about 30 pounds. See below.

oink

Isn’t she cute?! Some of you will remember my last blog about Oink was “Our Medicaid Budget: Are We Just Putting Lipstick on a Pig?

The reason I bring up Oink is that she is the smartest, most animated animal I have ever encountered. She is also the best “sniffer-outer” I have ever encountered. Her keen sense of smell is well beyond any human’s sense of smell. If you liken Oink to CMS and Medicare fraud to a Skittle, the Skittle would have no chance.

These upcoming and increased number of audits is CMS’ way of sniffing out fraud. However, CMS’ sense of smell is not up to snuff like Oink’s sense of smell.

Searching for erroneous addresses in order to detect fraud, waste, and abuse (FWA) will, inevitably, be over-inclusive. Meaning, many of the erroneous addresses will not be committing Medicare fraud. Some erroneous addresses exist because providers simply moved to another location and either failed to inform CMS or CMS’ database was not updated with the new address. Other erroneous addresses exist because health care providers went out of business and never informed CMS. A new company leases the property and it appears to CMS that fraudulent billing was occurring a couple years ago out of, for example, what is now a Jimmy John’s.

Searching for erroneous addresses in order to detect FWA will, inevitably, be under-inclusive. Meaning, that many providers committing Medicare fraud do so with accurate office addresses.

My contention is that if you want to find FWA, you need to dig deeper than an incorrect address. Sniffing out Medicare fraud is a bit more in depth than finding improper addresses. That would be like tossing handfuls of Skittles on the ground and expecting Oink to only find the green ones.

In fiscal year 2014, Medicare paid $554 billion for health care and related services. CMS estimates that $60 billion (about 10 percent) of that total was paid improperly (not only because of incorrect addresses).

CMS is responsible for developing provider and supplier enrollment procedures to help safeguard the program from FWA. CMS contracts with Medicare Administrative Contractors (MACs) and the National Supplier Clearinghouse (NSCs) to manage the enrollment process. MACs are responsible for verifying provider and supplier application information in Provider Enrollment, Chain and Ownership System (PECOS) before the providers and suppliers are permitted to enroll into Medicare. CMS currently contracts with 12 MACs, each of which is responsible for its own geographic region, known as a “jurisdiction.

As you can see, we live in Jurisdiction 11. These MACs act as the “sniffer-outers” for CMS.

According to the GAO June 2015 report, about 23,400 (22 percent) of the 105,234 addresses that GAO initially identified as a Commercial Mail Receiving Agency (CMRA), vacant, or invalid address are potentially ineligible for Medicare providers and suppliers. “About 300 of the addresses were CMRAs, 3,200 were vacant properties, and 19,900 were invalid. Of the 23,400 potentially ineligible addresses, [GAO] estimates that, from 2005 to 2013, about 17,900 had no claims associated with the address, 2,900 were associated with providers that had claims that were less than $500,000, and 2,600 were associated with providers that had claims that were $500,000 or more per address.”

In other words, out of 105,234 addresses, only 2,600 actively billed Medicare for over $500,000 from 2005 through 2013 (8 years). Had CMS narrowed the scope and looked at practices that billed over $500,000 since 2010, I fancy the the number would have been much lower, because, as discussed above, many of these providers either moved or went out-of-business.

Now, 2,600 is not a nominal number. I am in no way undermining CMS’ efforts to determine the accuracy of providers’ addresses; I am not insinuating that these efforts are unnecessary or a complete waste of time. I think verification of health care providers’ addresses is an important aspect of detecting FWA. Instead, I believe that, as discussed above, verifying providers’ addresses is a poor, under and over-inclusive attempt at searching for FWA. Because, as I stated at the beginning of this blog, the people who are intentionally trying to defraud the system, are not going to intentionally give an erroneous address. It is just too easy for the government to discover the error. No, the people who are intentionally defrauding the state will have a legitimate office.

For example, in my opinion, it is unlikely that anyone intentionally trying to defraud the system will inform the government that they provide health care services from the following places:

UPS2demolished2

fast food2

Again, if I liken CMS’ search for FWA by detecting inaccurate addresses to Oink, it would be like tossing a handful of Skittles on the ground and expecting Oink to only find the green ones.

If CMS audits are to Oink as fraud is to Skittles, then I think there is a less intrusive, less inclusive way to detect FWA rather than throwing out packets of Skittles for Oink. All that does is make Oink eat too much.

If you are one of the Medicare providers that get caught into CMS’ widely  thrown net, be sure to know your rights! Know the appeal steps!

Medicare RAC Audits Are Spreading in 2016

By now, however unwanted, health care providers are intimately acquainted with RAC audits. If you are one of the lucky providers who has not had the pleasure of undergoing a RAC audit and accept Medicare/caid, then you should go buy lottery tickets.

For Medicare providers, the RAC audits have been targeted to only Parts A and B. However, the Center for Medicare and Medicaid Services (CMS) proposes to expand the RAC audits to Medicare Advantage. CMS has published the proposal and seeks comments by February 1, 2016.

I am reminded of the Bubonic Plague from the 14th century.

As these Medicare audits continue to spread nationwide, to more CPT codes, and to more health care services, providers are warned to wash your hands. It is the best way to prevent acquiring a Medicare audit.

So far, there is no indication when the RAC audits for Medicare Advantage will begin. However, remember that RAC auditors are financially incentivized to audit and find errors. Thus, those RAC auditors will be chomping at the bit to get going.

Wouldn’t you if you were  compensated 9-13% of amount found to be owed back to the state?

More to come…