Blog Archives

How Does OIG Target Provider Types for Audits and Who Needs to Worry?

Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).

Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.

Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?

These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.

Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.

Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive.  Pick one and read.

You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.

Other targeted providers types coming up:

  • Telehealth
  • Security of Certified Electronic Health Record Technology Under Meaningful Use
  • States’ Collection of Rebates on Physician-Administered Drugs
  • States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
  • Adult Day Health Care Services
  • Oversight of States’ Medicaid Information Systems Security Controls
  • States’ MCO Medicaid Drug Claims
  • Incorrect Medical Assistance Days Claimed by Hospitals
  • Selected Inpatient and Outpatient Billing Requirements

And the list goes on and on…

Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs

Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!

EHR Programs’ Two, Haunting Risks: Liability and Audits – Scared Yet?

Happy Halloween!!

pennywise

What is scarier than Pennywise, Annabelle, and Jigsaw combined? Getting sued for an EHR program mistake and getting audited for EHR eligibility when the money is already spent (most likely, on the EHR programs).

Without question, EHR programs have many amazing qualities. These programs save practices time and money and allow them to communicate instantly with insurers, hospitals, and referring physicians. Medical history has never been so easy to get, which can improve quality of care.

However, recently, there have been a few audits of EHR programs that have caused some bloodcurdling concerns and of which providers need to be aware of creepy cobwebs with the EHR programs and the incentive programs.

  1. According to multiple studies, EHR has been linked to patient injuries, which can result in medical malpractice issues; and
  2. In an audit by OIG, CMS was found to have inappropriately paid $729.4 million (12 percent of the total) in incentive payments to providers who did not meet meaningful use requirements, which means that CMS may be auditing providers who accepted the EHR incentive payments in the near future.

Since the implementation of the Health Information Technology for Economic and Clinical Health Act, which rewards providers with incentive payments to utilize electronic health record (EHR) computer programs, EHR use has skyrocketed. Providers who accept Medicare are even more incentivized to implement EHR programs because not using EHR programs lead to penalties.

I.    Possible Liability Due to EHR Programs

A recent study by the The Doctors’ Company (TDC) found that the use of EHR has contributed to a number of patient injuries over the last 10 years. The study highlights why it is so important to have processes in place for back-up, cross-checking, and auditing the documentation in your EHRs.

Without question, the federal government pushed for physicians and hospitals to implement EHR programs quickly. Now 80% of physician practices use EHR programs. 90% of hospitals use EHR programs. But the federal government did not create EHR standards when it mandated the use of the programs. This resulted in vastly inconsistent EHR programs. These programs, for the most part, were not created by health care workers. The people who know whether the EHR programs work in real life – the providers – haven’t transformed the EHR programs into better programs based on reality. The programs are “take it or leave it” models created in a vacuum. This only makes sense because providers don’t write computer code, and the EHR technology is extremely esoteric. A revision to an EHR program probably takes an act of wizardry. Revitalizing the current EHR programs to be better suited to real life could take years.

There are always unanticipated consequences when new technology is implemented – didn’t we all learn this from the NCTracks implementation debacle? Now that was gruesome!

TDC study found that EHR programs may place more liability on the provider-users than pre-electronic databases.

The study states the following:

“In our study of 66 EHR-related claims from July 2014 through December 2016, we found that 50 percent of these claims were caused by system factors such as failure of drug or clinical decision support alerts and 58 percent of claims were caused by user factors such as copying and pasting progress notes.

This study was an update to our first analysis of EHR-related claims, a review of 97 claims that closed from January 2007 through June 2014.”

Another study published by the Journal of Patient Health studied more than 300,000 cases. Although it found that less than 1% of the total (248 cases) involved technology mistakes, more than 80% of those suits alleged harms of medium to intense severity. The researchers stressed that the 248 claims represented the “tip of an iceberg” because the vast majority of EHR-related cases, even those involving serious harm, never generate lawsuits.

Of those 248 claims that may have been the result of EHR-related mistakes, 31% were medication errors. For example, a transcription error in entering the data from a handwritten note. Diagnostic errors contributed to 28% of the claims. Inability to access records in an emergency setting accounted for another 31%. But systems aren’t entirely to blame. User error — such as data entry and copy-and-paste mistakes and alert fatigue — is also a big problem, showing up in 58% of the claims reviewed. Boo!

Tips:

  • Avoid copying and pasting; beware of templates.
  • Do not just assume the EHR technology is correct. Cross check.
  • Self audit

II.    Possible Audit Exposure for Accepting EHR Incentive Payments

Not only do providers need to be careful in using the EHR technology, but if you did attest to Medicare or Medicaid EHR incentive programs, you may be audited.

In June 2017, the Office of Inspector General (OIG) audited CMS and its EHR incentive program. OIG found that “CMS did not always make EHR incentive payments to EPs [eligible professionals] in accordance with Federal requirements. On the basis of [OIG’s] sample results, [OIG] estimated that CMS inappropriately paid $729.4 million (12 percent of the total) in incentive payments to EPs who did not meet meaningful use requirements. These errors occurred because sampled EPs did not maintain support for their attestations. Furthermore, CMS conducted minimal documentation reviews, leaving the self-attestations of the EHR program vulnerable to abuse and misuse of Federal funds.”

OIG also found that CMS made EHR incentive payments totaling $2.3 million that were not in accordance with the program-year payment requirements when EPs switched between Medicare and Medicaid incentive programs.

OIG recommended that CMS review provider incentive payments to determine which providers did not meet meaningful use requirements and recover the estimated $729,424,395.

What this means for you (if you attested to EHR incentive payments) –

Be prepared for an audit.

If you are a physician practice, make sure that you have the legally adequate assignment contracts allowing you to collect incentive payments on behalf of your physicians. A general employment contract will , generally, not suffice.

Double check that your EHR program was deemed certified. Do not just take the salesperson’s word for it. You can check whether your EHR program is certified here.

If you accepted Medicaid EHR incentive payments be sure that you met all eligibility requirements and that you have the documentation to prove it. Same with Medicare. These two programs had different eligibility qualifications.

Following these tips can save you from a spine-tingling trick from Pennywise!

we all float

Do You Pay Your Billing Agent a Percentage of Claims? You May Be in Violation of Federal law!

The Office of Inspector General (OIG) recently disseminated hundreds of recoupment letters to providers in New York who had percentage-based contracts with billing agents. OIG is seeking recoupment for services spanning a five-year period, plus 9% interest. See example redacted letter from OIG.

oig letter

42 CFR 447.10 prohibits the re-assignment of provider claims and applies only to Medicaid. It is recommended that you pay your billing agent a flat fee or on a time basis.

North Carolina Medical Society also discourages fee splitting. On the NCMS website, the Society warns that “Except in instances permitted by law (N.C. Gen. Stat. § 55B-14(c)), it is the position of the Board that a licensee cannot share revenue on a percentage basis with a non-licensee. To do so is fee splitting and is grounds for disciplinary action.”

Not all States prohibit fee splitting, and if Medicare or Medicaid is not involved, then we look to state law. But if Medicare or Medicaid is involved, then federal law matters. Some States prohibit fee splitting for doctors, chiropractors, and hospitals, while other states do not prohibit fee splitting for massage therapists. So it is important to know your State’s laws.

Lawyers also have fee-splitting prohibitions. To split fees with a nonlawyer constitutes the practice of law without a license (and probably multiple other ethical concerns).

Physicians, group practices and management services organizations should continue to carefully examine their current and proposed arrangements to ensure compliance with the fee-splitting prohibition applicable to your State. If you are unsure, consult an attorney.

OIG may have started these audits in New York, but, as New York State says “Excelsior” – ever upward – we can be sure that OIG will continue across the country.

Self Disclosure Protocol: What Is It? And Do I Have To?

You are a provider, and you accept Medicare and Medicaid. You find out that the person with whom you contracted to provide extraction services for your dental patients has been upcoding for the last few months. -or- You discover that the supervisory visits over the past year have been less than…well, nonexistent. -or- Or your licensed therapist forgot to mention that her license was revoked. What do you do?

What do you do when you unearth a potential, past overpayment to you from Medicare or Medicaid?

Number One: You do NOT hide your head!

man with head in sand

Do not be an ostrich. First, being an ostrich will have a direct correlation with harsher penalties. Second, you may miss mandatory disclosure deadlines, which will lead to a more in-depth, concentrated, and targeted audits by the government, which will lead to harsher penalties.

As for the first (harsher penalties), not only will your potential, monetary penalties leap skyward, but knowledge (actual or should have had) could put you at risk for criminal liability or false claims liability. As for increased, monetary penalties, recent Office of Inspector General (OIG) information regarding the self disclosure protocol indicates that self disclosure could reduce the minimum multiplier to only 1.5 times the single damages versus 2-10 times the damages without self disclosure.

As for the second (missing deadlines), your penalties will be exorbitantly higher if you had or should have had actual knowledge of the overpayments and failed to act timely. Should the government, despite your lack of self disclosure, decide to audit your billings, you can count on increased scrutiny and a much more concentrated, in-depth audit. Much of the target of the audit will be what you knew (or should have) and when you knew (or should have). Do not ever think: “I will not ever get audited. I am a small fish. There are so many other providers, who are really de-frauding the system. They won’t come after me.” If you do, you will not be prepared when the audit comes a’knocking on your door – and that is just foolish. In addition, never underestimate the breadth and scope of government audits. Remember, our tax dollars provide almost unlimited resources to fund thousands of audits at a time. Being audited is not like winning the lottery, Your chances are not one in two hundred million. If you accept Medicare and/or Medicaid, your chances of an audit are almost 100%. Some providers undergo audits multiple times a year.

Knowing that the definition of “knowing” may not be Merriam Webster’s definition is also key. The legal definition of “knowing” is more broad that you would think. Section 1128J(d)(4)(A) of the Act defines “knowing” and “knowingly” as those terms are defined in 31 U.S.C. 3729(b). In that statute the terms “knowing” and “knowingly” mean that a person with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. 3729(b) also states that knowing and knowingly do not require proof of specific intent to defraud.

Number Two: Contact your attorney.

It is essential that you have legal counsel throughout the self disclosure process. There are simply too many ways to botch a well-intended, self disclosure into a casus belli for the government. For example, OIG allows three options for self disclosure; however, one option requires prior approval from OIG. Your counsel needs to maintain your self disclosure between the allowable, navigational beacons.

Number Three: Act timely.

You have 60-days to report and pay. Section 1128J(d)(2) of the Social Security Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable. See blog.

________________________________________________________

If you have a Medicare issue, please continue to Number Four. If your issue is Medicaid only, please skip Number Four and go to Number Five. If your issue concerns both Medicare and Medicaid, continue with Number Four and Five (skip nothing).

_________________________________________________________

Number Four: Review the OIG Self Disclosure Protocol (for Medicare).

OIG publishes a Self Disclosure Protocol. Read it. Print it. Frame it. Wear it. Memorize it.

Since 2008, OIG has resolved 235 self disclosure provider cases through settlements. In all but one of these cases, OIG released the disclosing parties from permissive exclusion without requiring any integrity measures. What that means is that, even if you self disclose, OIG has the authority to exclude you from the Medicare system. However, if you self disclose, may the odds be ever in your favor!

Number Five: Review your state’s self disclosure protocol.

While every state differs slightly in self disclosure protocol, it is surprising how similar the protocol is state-to-state. In order to find your state’s self disclosure protocol, simply Google: “[insert your state] Medicaid provider self disclosure protocol.” In most cases, you will find that your state’s protocol is less burdensome than OIG’s.

On the state-side, you will also find that the benefits of self disclosure, generally, are even better than the benefits from the federal government. In most states, self disclosure results in no penalties (as long as you follow the correct protocol and do not hide anything).

Number Six: Draft your self disclosure report.

Your self disclosure report must contain certain criteria. Review the Federal Registrar for everything that needs to be included.

It is important to remember that you are only responsible for self disclosures going back six years (on the federal side).

Mail the report to:

DHHS/OIG/OCIG
Grantee Self-Disclosures
330 Independence Avenue, Room 5527
Washington, DC 20201

Or you can self disclose online at this link.

Do the Anti-Kickback and Stark Laws Apply to Private Payors?

Good question.

Anti-Kickback statutes (AKS) and Stark law are extremely important issues in health care. Violations of these laws yield harsh penalties. Yet, many healthcare professionals have little to no knowledge on the details of these two legal beasts.

The most common question I get regarding AKS and Stark is: Do AKS and Stark apply to private payers? Health care professionals believe, if I don’t accept Medicare or Medicaid, then I don’t need to worry about AKS and Stark. Are they correct??

The general and overly broad response is that the Stark Law, 42 USC § 1395nn, only applies to Medicare and Medicaid. The AKS, 42 USC § 1320a-7b(b)),applies to any federal healthcare program.

Is there a difference between AKS and Stark?

Answer: Yes. As discussed above, the first difference is that AKS applies to all federal healthcare programs. This stark difference (pun intended) makes the simple decision to not accept Medicare and Medicaid, thus allowing you to never worry about AKS, infinitely more difficult.

Let’s take a step back… What are AKS and Stark laws and what do these laws prohibit? When you Google AKS and Stark, a bunch of legal blogs pop up and attempt to explain, in legalese, what two, extremely esoteric laws purport to say, using words like “renumeration,” “knowing and willful,” and “federal healthcare program.” You need a law license to decipher the deciphering of AKS and Stark. The truth is – it ain’t rocket science.

The AKS is a criminal law; if you violate the AKS, you can be prosecuted as a criminal. The criminal offense is getting something of value for referrals. You cannot refer patients to other health care professionals in exchange for money, reduced rent, use of laboratory equipment, referrals to you, health services for your mother, marketing, weekly meals at Ruth’s Chris, weekly meals at McDonalds, oil changes, discounted theater tickets, Uber rides, Costco coupons, cooking lessons, or…anything of value, regardless the value. 

Safe harbors (exceptions to AKS) exist. But those exceptions better fit squarely into the definition of the exceptions. Because there are no exceptions beyond the enumerated exceptions.

AKS is much more broad in scope than Stark. Other than Medicare and Medicaid, AKS applies to any health care plan that utilizes any amount of federal funds. For example, AKS applies to Veterans Health Care, State Children’s Health Programs (CHIP), Federal Employees Health Benefit Program, and many other programs with federal funding. Even if you opt to not accept Medicare and Medicaid, you may still be liable under AKS.

Stark law, on the other hand, is more narrow and only applies to Medicare and Medicaid. I find the following “cheat sheet” created by a subdivision of the Office of Inspector General to be helpful in understanding AKS and Stark and the differences between the two:

One other important aspect of Stark is that is considered “strict liability,” whereas AKS requires a proving of a “knowing and willful” action.

Feel free to print off the above chart for your reference. However, see that little asterisk at the bottom of the chart? It applies here as well.

Look into My Crystal Ball: Who Is Going to Be Audited by the Government in 2017?

Happy New Year, readers!!! A whole new year means a whole new investigation plan for the government…

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) publishes what is called a “Work Plan” every year, usually around November of each year. 2017 was no different. These Work Plans offer rare insight into the upcoming plans of Medicare investigations, which is important to all health care providers who accept Medicare and Medicaid.

For those of you who do not know, OIG is an agency of the federal government that is charged with protecting the integrity of HHS, basically, investigating Medicare and Medicaid fraud, waste, and abuse.

So let me look into my crystal ball and let you know which health care professionals may be audited by the federal government…

crystal-ball

The 2017 Work Plan contains a multitude of new and revised topics related to durable medical equipment (DME), hospitals, nursing homes, hospice, laboratories.

For providers who accept Medicare Parts A and B, the following are areas of interest for 2017:

  • Hyperbaric oxygen therapy services: provider reimbursement
  • Inpatient psychiatric facilities: outlier payments
  • Skilled nursing facilities: reimbursements
  • Inpatient rehabilitation hospital patients not suited for intensive therapy
  • Skilled nursing facilities: adverse event planning
  • Skilled nursing facilities: unreported incidents of abuse and neglect
  • Hospice: Medicare compliance
  • DME at nursing facilities
  • Hospice home care: frequency of on-site nurse visits to assess quality of care and services
  • Clinical Diagnostic Laboratories: Medicare payments
  • Chronic pain management: Medicare payments
  • Ambulance services: Compliance with Medicare

For providers who accept Medicare Parts C and D, the following are areas of interest for 2017:

  • Medicare Part C payments for individuals after the date of death
  • Denied care in Medicare Advantage
  • Compounded topical drugs: questionable billing
  • Rebates related to drugs dispensed by 340B pharmacies

For providers who accept Medicaid, the following are areas of interest for 2017:

  • States’ MCO Medicaid drug claims
  • Personal Care Services: compliance with Medicaid
  • Medicaid managed care organizations (MCO): compliance with hold harmless requirement
  • Hospice: compliance with Medicaid
  • Medicaid overpayment reporting and collections: all providers
  • Medicaid-only provider types: states’ risk assignments
  • Accountable care

Caveat: The above-referenced areas of interest represent the published list. Do not think that if your service type is not included on the list that you are safe from government audits. If we have learned nothing else over the past years, we do know that the government can audit anyone anytime.

If you are audited, contact an attorney as soon as you receive notice of the audit. Because regardless the outcome of an audit – you have appeal rights!!! And remember, government auditors are more wrong than right (in my experience).

New OIG Report, But Same, Ole Results: Medicare and Medicaid Fraud Persistent in PCS

How many times have you heard, “Third time’s a charm?”If that is true, then what is the fifth time? The sixth time?

In an October 3, 2016, advisory report, the Office of Inspector General (OIG) recommends that the Center for Medicare and Medicaid Services (CMS) heighten its scrutiny on personal care services (PCS) in states across the country. The OIG claims “that home health has long been recognized as a program area vulnerable to fraud, waste, and abuse.” Past OIG reports have focused on Medicare. This new one focuses on Medicaid.

OIG is a division of the U.S. Department of Health and Human Services (HHS) and is charged with identifying and combating waste, fraud, and abuse in the HHS’s more than 300 programs. But, evidently, OIG is not happy, happy, happy, when HHS disregards its findings, which appears to be what has happened for a number of years.

PCS are nonmedical services for people who need assistance with activities of daily living (ADLs), such as bathing, eating, and toileting. Most of the time, PCS are allowing the person to remain in his or her home, instead of being institutionalized. However, according to OIG, PCS is fraught with fraud.

PCS is an optional service for Medicaid, i.e., states can choose to cover the cost of PCS with government funds. But, on the federal level, PCS is provided, if medically necessary, in all states.

The OIG report summarizes Medicaid fraud schemes from November 2012 through August 2016. OIG goes on to say that the fraud in this report is merely replicate of Medicare fraud found in a prior reports. In other words,OIG is basically saying that it has found Medicare fraud in home health in multiple, past reports and that CMS has not followed through appropriately. In fact, this report makes over five times, in recent years, that OIG has instructed CMS to increase its regulatory oversight of Medicare/caid personal care services. How many times does it take for your spouse to ask you to take out the trash until you take out the trash? Third time’s a charm??

Mark my words…in the near future, there will be heightened investigations and increased audits on home health.

Here are some scenarios that can trigger an audit of home health:

  1. High percentage of episodes for which the beneficiary had no recent visits with the supervising physician;
  2. High percentage of episodes that were not preceded by a hospital or nursing home stay;
  3. High percentage of episodes with a primary diagnosis of diabetes or hypertension;
  4. High percentage of beneficiaries with claims from multiple home health agencies; and
  5. High percentage of beneficiaries with multiple home health readmissions in a short period of time.

While the above-mentioned scenarios do not prove the existence of Medicare/caid fraud, they are red flags that will wave their presence before health care investigators’ faces.

Here are the states (and cities) which will be targets:

Notice that North Carolina is not highlighted. Notice that Florida is highlighted and contained numerous “hotspots.” Certainly that has nothing to do with the abnormal number of people on Medicare…

Regardless, North Carolina will get its share of Medicare PCS audits. Especially, considering that we have the 7th most number of Medicare beneficiaries in the country – that should have gotten us highlighted per se.

Since the OIG Portfolio report issued in 2012, OIG has opened more than 200 investigations involving fraud and patient harm and neglect in the PCS program across the country. “Given the significant vulnerabilities in the PCS program, including a lack of internal controls, and that PCS fraud continues to be a persistent problem, OIG anticipates that its enforcement efforts will continue to involve PCS cases.”Report.

Fifth time is a ______?? (Sure thing).

What is the Stark Law? And Why Is It Important to You?

It seems apropos that a US Congressman was named Pete Stark who first sponsored what came to be known as the Stark law, because the Stark law mandates stark penalties for financially driven physician referrals. Get it? Cheesy, I know.

The Stark law (42 U.S.C. 1395nn) prohibits physician referrals of designated health services (DHR) for Medicare and Medicaid if the physician has a financial interest with the “referred to” agency.

For example, Dr. Goneril is an internist. As an investment, he and his partner, Dr. Regan open a local laboratory “Gloucester” and hire Mr. Lear to run Gloucester. Drs. Goneril and Regan are silent partners. Dr. Goneril orders blood work on Patient Cordelia and refers her to Gloucester.

The above example would be a direct violation of the Stark law.

The penalties are severe. If caught, Dr. Goneril would have to repay all money received for services in which he referred Cordelia to Gloucester. In addition, he could be penalized $15,000 for every time he improperly referred Cordelia, plus three times the amount of improper payment he received from the Medicare/caid program, possible termination from the Medicare/caid program, and penalties of up to $100,000 for every time he tried to circumvent the Stark law.

On the federal level, the Department of Justice, the Center for Medicare and Medicaid Services (CMS), and the Department of Health and Human Services (DHHS) are tasked with enforcing the Stark law.

Recent years have seen the most Stark law violations since its inception and it is only being enforced more and more.

On June 9, 2015, the Office of Inspector General (OIG) issued a fraud alert regarding the Stark law. Investigations since June 2015 has risen significantly.

Here are some recent Stark settlements (for you to understand the severity):

  • Adventist Health System agreed to pay $118.7 million to the federal government and to multiple states.
  • Columbus Regional Healthcare System is paying $25 million.
  • Citizens Medical Center in Victoria, Texas, agreed to pay $21.75 million.

“O, reason not the need! Our basest beggars / Are in the poorest thing superfluous. / Allow not nature more than nature needs, / Man’s life’s as cheap as beast’s.” (King Lear, II, iv).

How do you defend yourself if you are accused of a Stark violation?

First and foremost, hire a qualified health care attorney. There are exceptions to the Stark law which, hopefully, you fall within. Furthermore, there are multiple legal arguments that can abate penalties. You do not always want to settle.There have been a number of agencies, that recently, decided to never settle. Oddly enough, the number of their audits decreased. Maybe the government targets easy money.

CMS Releases Final Rule On Return of Overpayments

Written by: David Leatherberry, partner in Gordon &Rees‘ San Diego office

The Centers for Medicare & Medicaid Services released its final rule today on the return of overpayments. The final rule requires providers and suppliers receiving funds under the Medicare/Medicaid program to report and return overpayments within 60 days of identifying the overpayment, or the date a corresponding cost report is due, whichever is later. As published in the February 12, 2016 Federal Register, the final rule clarifies the meaning of overpayment identification, the required lookback period, and the methods available for reporting and returning identified overpayments to CMS. See https://www.federalregister.gov/articles/2016/02/12/2016-02789/medicare-program-reporting-and-returning-of-overpayments.

Identification

The point in time in which an overpayment is identified is significant because it triggers the start of the 60-day period in which overpayments must be returned. CMS originally proposed that an overpayment is identified only when “the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment.” The final rule changes the meaning of identification, stating that “a person has identified an overpayment when the person has or should have, through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment. The change places a burden on healthcare providers and suppliers to have reasonable policies and programs in place which monitor the receipt of Medicare/Medicaid payments.

6-Year Lookback Period

The final rule also softens the period for which health care providers and suppliers may be liable for the return of overpayments. As the rule was originally proposed, CMS required a 10-year lookback period, consistent with the False Claims Act. Now, overpayments must be reported and returned only if a person identifies the overpayment within six years of the date the overpayment was received.

Guidance in Reporting and Returning Overpayments

The final rule provides that providers and suppliers must use an applicable claims adjustment, credit balance, self-reported refund, or other appropriate process to satisfy the obligation to report and return overpayments. If a health care provider or supplier has reported a self-identified overpayment to either the Self-Referral Disclosure Protocol managed by CMS or the Self-Disclosure Protocol managed by the Office of the Inspector General (OIG), the provider or supplier is considered to be in compliance with the provisions of this rule as long as they are actively engaged in the respective protocol.

“Red Rover, Red Rover, Send Lab Services Right Over!” And How To Self Audit

Medicare is the largest payor of clinical lab services in the nation. Clinical lab services include everything from blood counts to urinalyses, and every letter of the alphabet in between. Lab services are performed by hospitals, independent labs, physicians, or other institutions.

Medicare Part B (which covers lab services) has had increased enrollment over the past few years, but the amount billed to Part B over the past few years has increased at a much higher rate. In other words, the amount of lab services billed to Part B has increased disproportionately to the increase in enrollment. Any number of factors could contribute to this: defensive practice of medicine, more reliance on laboratory testing, more labs…

Regardless, the higher billing amounts in lab services has now won the prestigious award of “Increased CMS Scrutiny!” (sarcasm, people). And the crowd goes wild!!!!

Mid-2014, the U.S. Office of Inspector General (OIG) published a study entitled, “Questionable Billing for Medicare Part B Clinical Laboratory Services.” OIG determined that Medicare allowed $1.5 billion to be paid for claims with questionable billing. It recommended that CMS: (1) review the labs identified with questionable billing and take appropriate action; (2) review program integrity strategies and determine whether such strategies are adequate; and (3) ensure that claims with invalid and ineligible ordering-physician numbers are not being paid.

In normal and expectant government time frames, the “dinosauric beast” has now determined, a little over a year later, that laboratory service claims warrant enhanced scrutiny. And a little over 85 years after its discovery, we finally determine that Pluto isn’t a planet.

CMS zoomed in their lens of scrutiny on lab services multiple times over a decade ago. Each “CMS zoom” resulted in millions and millions of money given to the federal government, which perpetuates the feds to zoom more and more…it’s easy money.

For example, in 2000, OIG issued Project LabScam, which resulted in substantial settlements against Laboratory Corporation of America Holdings, SmithKline Beecham, Met/Path, Damon, Roche, and Allied.

In 2002, OIG found that Medicare incorrectly paid $7.4 million for lab services with invalid ordering UPINs and $15.3 million for lab service claims with inactive ordering UPINs.

What does this mean to providers of lab services today?

It means you need to be prepared for an audit.

When I was young, one of my favorite games was “Red Rover.” Children would grasp arms and form a straight line facing the other team, which was doing the same. I would yell, “Red River, Red Rover, send Holly right over!” At which time, little Holly would be released from her line and prepare to run, full speed, into my line of little kids’ arms. Inevitably, once we saw where Holly was running, we would tighten up our grasps on one another’s arms to prepare for the impact.

Similarly, in preparation for upcoming audits, lab service providers need to tighten up.

How?

The best way to be certain of your risks in a potential audit is to hire a professional consultant or an experienced attorney to review a large sample of your documents. This allows an outsider to provide an unbiased opinion as to your risk. You may have the best billing manager in the world, but, when it comes to a self audit, he or she already believes that his or her documentation is stellar and that the organization of such documents is self evident. Having an outsider audit your records is worth its weight in gold and the best way to tighten up pre-audit.

The second best way to be certain of your risks in a potential audit is to self audit. Even if you hire a consultant or an attorney for a one time, third-party audit, you still want to self-audit multiple times a year. Every now and then you need to kick the old tires.

How do you self audit?

FYI: My general explanation of how to self audit will be appropriate for all health care service provider types. I will describe some more detailed ways to self audit that will be specific to lab services.

In order to self audit, I teach the IAKA method, not to be confused with IKEA.

  • Identify common risks
  • Audit a sample of your documents
  • Keep record of each step of your audit, including findings
  • Act on the findings.

Identify

What are the common red flags in your industry?

For lab services, common red flags may be high average allowed amounts per ordering physician, high percentage of claims with ineligible ordering-physician numbers, high percentage of claims with compromised beneficiary numbers, and high percentage of duplicate lab tests.

Here’s an area to look into that you may not otherwise consider in a self audit: what percentage of your lab clients live outside 100 miles? This may sound hoaky, but I had a lab service client flagged because 92% of the clients resided over 150 miles away. There was a perfectly reasonable explanation for such anomaly, the lab was located in a large, prestigious hospital in a rural area and people came from miles away to the hospital, but the statistic still flagged it.

Another specific item to review is, on average, how much does each physician bill in the laboratory? Do you have 4 physicians who bill, on average, $60,000+ per ordering physician? Because, for an independent lab, that would be very high.

Audit

For the actual self audit, you want to break up the audit into two categories: standards and procedures and document compliance.

For standards and procedures, you are reviewing whether you are properly orienting new hires, the specific training you implement, your criminal background check procedures, HIPAA training, your license renewal processes, your certification renewal processes, etc.

For document compliance, you are reviewing for physician signatures and dates.

NOTE: It is not required, but it is extremely prudent to print the name of the signator underneath all signatures. I have seen auditors ding providers on “physicians not being licensed/credentialed” because the auditor could not read the name of the physician. 

You are also reviewing for medical necessity, eligible ordering-physician numbers, distance the client is to the lab, amount prescribed to that particular client, amount prescribed by that particular physician, whether that test prescribed for the same client within a 12 month period, coding compliance, etc.

Keep Record

It is imperative that you keep meticulous records while you conducting the audits. You want to be able to show an auditor that you caught a mistake and that you implemented a plan of correction to remedy the mistake going forward. And that, in actuality, you remedied the mistake going forward. This documentation is essential for possible defenses to alleged potential overpayments, false claims, and, even, alleged criminal actions. Your documentation skills could be the difference between paying millions in penalties, or, in the extreme case, jail.

Act

I got ahead of myself in the prior section by saying that you need to document the way in which you fix the mistake. But I cannot emphasize it enough. Acting on your findings is important, obviously, but documenting the actions is more important. Ever hear the saying, “If it isn’t documented, it didn’t happen?” Take that as gospel.

Be prepared. Be proactive. Be ready. Tighten up!