On July 13, 2017, Attorney General Jeff Sessions and Department of Health and Human Services (HHS) Secretary Tom Price, M.D., announced the Department of Justice’s (DOJ) biggest-ever health care fraud takedown. 412 health care providers were charged with health care fraud. In total, allegedly, the 412 providers schemed and received $1.3 billion in false billings to Medicare, Medicaid, and TRICARE. Of the 412 defendants, 115 are physicians, nurses, and other licensed medical professionals. Additionally, HHS has begun the suspension process against 295 health care providers’ licenses.
The charges include allegations of billing for medically unnecessary treatments or services that were not really provided. The DOJ has evidence that many of the defendants had illegal kickback schemes set up. More than 120 of the defendants were charged with unlawfully or inappropriately prescribing and distributing opioids and other narcotics.
While this particular sting operation resulted from government investigations, not all health care fraud is discovered through government investigation. A great deal of fraud is uncovered through private citizens coming forward with incriminating information. These private citizens can file suit against the fraudulent parties on behalf of the government; these are known as qui tam suits.
Being a whistleblower goes against what most of us are taught as children. We are taught not to be a tattletail. I have vivid memories from elementary school of other kids acting out, but I would remain silent and not inform the teacher. But in the health care world, tattletails are becoming much more common – and they make money for blowing that metaphoric whistle.
What is a qui tam lawsuit?
Qui tam is Latin for “who as well.” Qui tam lawsuits are a type of civil lawsuit whistleblowers (tattletails) bring under the False Claims Act, a law that rewards whistleblowers if their qui tam cases recover funds for the government. Qui tam cases are a powerful weapon against Medicare and Medicaid fraud. In other words, if an employee at a health care facility witnesses any type of health care fraud, even if the alleged fraud is unknown to the provider, that employee can hire an attorney to file a qui tam lawsuit to recover money on behalf of the government. The government investigates the allegations of fraud and decides whether it will join the lawsuit. Health care entities found guilty in a qui tam lawsuit will be liable to government for three times the government’s losses, plus penalties.
The whistleblower is rewarded for bringing these lawsuits. If the government intervenes in the case and recovers funds through a settlement or a trial, the whistleblower is entitled to 15% – 25% of the recovery. If the government doesn’t intervene in the case and it is pursued by the whistleblower team, the whistleblower reward is between 25% – 30% of the recovery.
These recoveries are not low numbers. On June 22, 2017, a physician and rehabilitative specialist agreed to pay $1.4 million to resolve allegations they violated the False Claims Act by billing federal health care programs for medically unreasonable and unnecessary ultrasound guidance used with routine lab blood draws, and with Botox and trigger point injections. If a whistleblower had brought this lawsuit, he/she would have been awarded $210,000 – 420,000.
On June 16, 2017, a Pennsylvania-based skilled nursing facility operator agreed to pay roughly $53.6 million to settle charges that it and its subsidiaries violated the False Claims Act by causing the submission of false claims to government health care programs for medically unnecessary therapy and hospice services. The allegations originated in a whistleblower lawsuit filed under the qui tam provisions of the False Claims Act by 7 former employees of the company. The whistleblower award – $8,040,000 – 16,080,000.
There are currently two, large qui tam cases against United Health Group (UHG) pending in the Central District of California. The cases are: U.S. ex rel. Benjamin Poehling v. UnitedHealth Group, Inc. and U.S. ex rel. Swoben v. Secure Horizons, et al. Both cases were brought by James Swoben, who was an employee and Benjamin Poehling, who was the former finance director of a UHG group that managed the insurer’s Medicare Advantage Plans. On May 2, 2027, the U.S. government joined the Poehling lawsuit.
The charges include allegations that UHG:
- Submitted invalid codes to the Center for Medicare and Medicaid Services (CMS) that it knew of or should have known that the codes were invalid – some of the dates of services at issue in the case are older than 2008.
- Intentionally avoided learning that some diagnoses codes or categories of codes submitted to their plans by providers were invalid, despite acknowledging in 2010 that it should evaluate the results of its blind chart reviews to find codes that need to be deleted.
- Failed to follow up on and prevent the submissions of invalid codes or submit deletion for invalid codes.
- Attested to CMS each year that the data they submitted was true and accurate while knowing it was not.
UHG would not be in this expensive, litigious pickle had it conducted a self audit and followed the mandatory disclosure requirements.
What are the mandatory disclosure requirements? Glad you asked…
Section 6402(a) of the Affordable Care Act (ACA) creates an express obligation for health care providers to report and return overpayments of Medicare and Medicaid. The disclosure must be made by 60 days days after the date that the overpayment was identified or the date any corresponding cost report is due, if applicable. Identification is defined as the point in which the provider has determined or should have determined through the exercise of due diligence that an overpayment exists. CMS expects the provider to proactively investigate any credible information of a potential overpayment. The consequences of failing to proactively investigate can be seen by the UHG lawsuits above-mentioned. Apparently, UHG had some documents dated in 2010 that indicated it should review codes and delete the invalid codes, but, allegedly, failed to do so.
How do you self disclose?
According to CMS:
“Beginning June 1, 2017, providers of services and suppliers must use the forms included in the OMB-approved collection instrument entitled CMS Voluntary Self-Referral Disclosure Protocol (SRDP) in order to utilize the SRDP. For disclosures of noncompliant financial relationships with more than one physician, the disclosing entity must submit a separate Physician Information Form for each physician. The CMS Voluntary Self-Referral Disclosure Protocol document contains one Physician Information Form.”
You are a provider, and you accept Medicare and Medicaid. You find out that the person with whom you contracted to provide extraction services for your dental patients has been upcoding for the last few months. -or- You discover that the supervisory visits over the past year have been less than…well, nonexistent. -or- Or your licensed therapist forgot to mention that her license was revoked. What do you do?
What do you do when you unearth a potential, past overpayment to you from Medicare or Medicaid?
Number One: You do NOT hide your head!
Do not be an ostrich. First, being an ostrich will have a direct correlation with harsher penalties. Second, you may miss mandatory disclosure deadlines, which will lead to a more in-depth, concentrated, and targeted audits by the government, which will lead to harsher penalties.
As for the first (harsher penalties), not only will your potential, monetary penalties leap skyward, but knowledge (actual or should have had) could put you at risk for criminal liability or false claims liability. As for increased, monetary penalties, recent Office of Inspector General (OIG) information regarding the self disclosure protocol indicates that self disclosure could reduce the minimum multiplier to only 1.5 times the single damages versus 2-10 times the damages without self disclosure.
As for the second (missing deadlines), your penalties will be exorbitantly higher if you had or should have had actual knowledge of the overpayments and failed to act timely. Should the government, despite your lack of self disclosure, decide to audit your billings, you can count on increased scrutiny and a much more concentrated, in-depth audit. Much of the target of the audit will be what you knew (or should have) and when you knew (or should have). Do not ever think: “I will not ever get audited. I am a small fish. There are so many other providers, who are really de-frauding the system. They won’t come after me.” If you do, you will not be prepared when the audit comes a’knocking on your door – and that is just foolish. In addition, never underestimate the breadth and scope of government audits. Remember, our tax dollars provide almost unlimited resources to fund thousands of audits at a time. Being audited is not like winning the lottery, Your chances are not one in two hundred million. If you accept Medicare and/or Medicaid, your chances of an audit are almost 100%. Some providers undergo audits multiple times a year.
Knowing that the definition of “knowing” may not be Merriam Webster’s definition is also key. The legal definition of “knowing” is more broad that you would think. Section 1128J(d)(4)(A) of the Act defines “knowing” and “knowingly” as those terms are defined in 31 U.S.C. 3729(b). In that statute the terms “knowing” and “knowingly” mean that a person with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. 3729(b) also states that knowing and knowingly do not require proof of specific intent to defraud.
Number Two: Contact your attorney.
It is essential that you have legal counsel throughout the self disclosure process. There are simply too many ways to botch a well-intended, self disclosure into a casus belli for the government. For example, OIG allows three options for self disclosure; however, one option requires prior approval from OIG. Your counsel needs to maintain your self disclosure between the allowable, navigational beacons.
Number Three: Act timely.
You have 60-days to report and pay. Section 1128J(d)(2) of the Social Security Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable. See blog.
If you have a Medicare issue, please continue to Number Four. If your issue is Medicaid only, please skip Number Four and go to Number Five. If your issue concerns both Medicare and Medicaid, continue with Number Four and Five (skip nothing).
Number Four: Review the OIG Self Disclosure Protocol (for Medicare).
OIG publishes a Self Disclosure Protocol. Read it. Print it. Frame it. Wear it. Memorize it.
Since 2008, OIG has resolved 235 self disclosure provider cases through settlements. In all but one of these cases, OIG released the disclosing parties from permissive exclusion without requiring any integrity measures. What that means is that, even if you self disclose, OIG has the authority to exclude you from the Medicare system. However, if you self disclose, may the odds be ever in your favor!
Number Five: Review your state’s self disclosure protocol.
While every state differs slightly in self disclosure protocol, it is surprising how similar the protocol is state-to-state. In order to find your state’s self disclosure protocol, simply Google: “[insert your state] Medicaid provider self disclosure protocol.” In most cases, you will find that your state’s protocol is less burdensome than OIG’s.
On the state-side, you will also find that the benefits of self disclosure, generally, are even better than the benefits from the federal government. In most states, self disclosure results in no penalties (as long as you follow the correct protocol and do not hide anything).
Number Six: Draft your self disclosure report.
Your self disclosure report must contain certain criteria. Review the Federal Registrar for everything that needs to be included.
It is important to remember that you are only responsible for self disclosures going back six years (on the federal side).
Mail the report to:
330 Independence Avenue, Room 5527
Washington, DC 20201
Or you can self disclose online at this link.
Another Win for the Good Guys! RAC Auditors Cannot Look Back Over 3 Years!!! (BTW: We Already Knew This -Shhhhh!)
I love being right – just ask my husband.
I have argued for years that government auditors cannot go back over three years when conducting a Medicaid/Care audit of a health care provider’s records, unless there are credible allegations of fraud. See blog.
42 CFR 455.508 states that “[a]n entity that wishes to perform the functions of a Medicaid RAC must enter into a contract with a State to carry out any of the activities described in § 455.506 under the following conditions:…(f) The entity must not review clams that are older than 3 years from the date of the claim, unless it receives approval from the State.”
Medicaid RAC is defined as “Medicaid RAC program means a recovery audit contractor program administered by a State to identify overpayments and underpayments and recoup overpayments.” 42 CFR 455. 504.
From the definition of a Medicaid RAC (Medicare RAC is similarly defined), albeit vague, entities hired by the state to identify over and underpayments are RACs. And RACs are prohibited from auditing claims that are older than 3 years from the date of the claim.
In one of our recent cases, our client, Edmond Dantes, received a Tentative Notice of Overpayment from Public Consulting Group (PCG) on May 13, 2015. In a Motion for Summary Judgment, we argued that PCG was disallowed to review claims prior to May 13, 2012. Of the 8 claims reviewed, 7 claims were older than May 13, 2012 – one even went back to 2009!
The Administrative Law Judge (ALJ) at the Office of Administrative Hearings (OAH) agreed. In the Order Granting Partial Summary Judgment, the ALJ opined that “[s]tatutes of limitation serve an important purpose: to afford security against stale demands.”
Accordingly, the ALJ threw out 7 of the 8 claims for violating the statute of limitation. With one claim left, the amount in controversy was nominal.
A note as to the precedential value of this ruling:
Generally, an ALJ decision is not binding on other ALJs. The decisions are persuasive. Had DHHS appealed the decision and the decision was upheld by Superior Court, then the case would have been precedent; it would have been law.
Regardless, this is a fantastic ruling , which only bolsters my argument that Medicaid/care auditors cannot review claims over 3 years old from the date of the claim.
So when you receive a Tentative Notice of Overpayment, after contacting an attorney, look at the reviewed claims. Are those reviewed claims over 3 years old? If so, you too may win on summary judgment.
When you, as a health care provider, undergo a regulatory Medicare or Medicaid audit, your liability insurance could be your best friend or your worst enemy. It is imperative that you understand your liability coverage prior to ever undergoing an audit.
There are two very important issues that you need to know about your liability insurance:
1. Whether your liability insurance covers your choice of attorney; and
2. Whether your liability insurance covers settlements and/or judgments.
I cannot express the importance of these two issues when it comes to regulatory audits, paybacks and recoupments. Let me explain why…
Does your liability insurance cover attorneys’ fees for your choice of provider?
I have blogged numerous times over the past years about the importance of knowing whether your liability insurance covers your attorneys’ fees. I have come to realize that whether your liability insurance covers your attorneys’ fees is less important than knowing whether your liability insurance covers your choice of attorney. Believe it or not, when it comes to litigating regulatory issues in the Medicare/Medicaid, attorneys are not fungible.
A client of mine summed it up for me today. She said, “I wouldn’t go to my dentist for a PAP smear.”
Case in point, here are some examples of misconceptions that attorneys NOT familiar with the Office of Administrative Hearings (OAH) might think:
• Myth: Getting the case continued is a breeze, especially if all the parties consent to it.
• Reality: Generally, OAH is reluctant to continue cases, except for good cause, especially when a case has pended for a certain amount of time. (This has been a more recent trend and could change in the future).
• Myth: When my case is scheduled for trial on X date, it will be a cattle call and we will only determine when the case will be actually heard, so I don’t need to prepare for trial. (This is true in superior court).
• Reality: Incorrect. Most likely, you will be heard. OAH has a number of administrative law judges (ALJs) who are assigned cases. Generally, they only schedule one case per day, although there are exceptions.
• Myth: Since we are going to trial next week, the other side must not intend to file a motion to dismiss or motion for summary judgment. I don’t need to prepare any counter arguments.
• Reality: The administrative rules allow attorneys to orally file motion the day of trial.
You can imagine how devastating attorney misconceptions can be to your case. An attorney with these misconceptions could very well appear unprepared at a trial, which could have catastrophic consequences on you and your company.
Review your liability insurance. Determine whether your liability insurance covers attorneys’ fees. Then determine whether it covers your choice of attorney.
Does your liability insurance cover settlements and/or judgments?
Recently, a client was informed that the agency allegedly owes over $400,000 to the auditing agency. We will call him Jim. Jim came to me, and I instructed him to determine whether his liability insurance covers attorneys’ fees. It turned out that his insurance did cover attorneys’ fees, but only a certain attorney. Jim had overlooked our first issue.
Despite the fact that his insurance would not cover my fees, he opted to stick with me. (Thanks, Jim).
Regardless, once settlement discussions arose between us and the auditing entity, which in this particular case was Palmetto, I asked Jim for a copy of his liability insurance. If his liability insurance covers settlements, then we have all the incentive in the world to settle and skip an expensive hearing.
I was shocked at the language of the liability insurance.
According to the contract, insurance company would pay for attorneys’ fees (just not mine). Ok, fine. But the insurance company would contribute nothing to settlements or judgments.
What does that mean?
Insurance company could provide Jim with bargain basement attorneys, the cheapest it could find, with no regard as to whether the attorney were a corporate, litigation, real estate, tax, bankruptcy, or health care lawyer BECAUSE…
The insurance company has no skin in the game. In other words, the insurance company could not care less whether the case settles, goes to trial, or disappears. Its only duty is to pay for some lawyer.
Whereas if the insurance company were liable for, say, 20% of a settlement or judgment, wouldn’t the insurance company care whether the hired lawyer were any good?
Print off your liability insurance. Read it. Does your liability insurance cover attorneys’ fees for your choice of provider?
Does your liability insurance cover settlements and/or judgments?
Undergoing a Medicaid audit can seem overwhelming, to say the least. I mean, the Department of Health and Human Services (DHHS), Division of Medical Assistance (DMA) has these Recovery Audit Contractors (RACs) reviewing Medicaid claims going back years. If you have to pull the DMA Clinical Policy from 2007 in order to determine your compliance then the RACs are going back too far, right? There has to be a statute of limitations or statute of repose, right?
RACs are prohibited from identifying overpayments on claims more than 3 years from the date the claim was paid. There is also a hard look-back limit of October 1, 2007.
HOT TIP: If you have a Tentative Notice of Overpayment, check the dates you were paid for the claims.
My question is: Who or What entity is supervising the RACs to ensure no claims are recouped from more than 3 years ago? If the provider does not know the 3 year limit, is the RAC self-enforcing itself? Well, at least everyone reading my blog is knowledgeable now.
Also, RACs must comply with all reopening regulations found in 42 C.F.R. 405.980 (2008) because, in essence, these RACs are reopening claims that already were authorized, paid for, and done.
The regulations require that if a RAC reopens a claim more than 1 year after it was paid, then the RAC must show good cause….AND….document such good cause.
How many providers have asked the RACs to show the documented good cause for claims paid over one year ago?
Now you know you can…and should!