Blog Archives

How Does OIG Target Provider Types for Audits and Who Needs to Worry?

Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).

Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.

Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?

These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.

Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.

Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive.  Pick one and read.

You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.

Other targeted providers types coming up:

  • Telehealth
  • Security of Certified Electronic Health Record Technology Under Meaningful Use
  • States’ Collection of Rebates on Physician-Administered Drugs
  • States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
  • Adult Day Health Care Services
  • Oversight of States’ Medicaid Information Systems Security Controls
  • States’ MCO Medicaid Drug Claims
  • Incorrect Medical Assistance Days Claimed by Hospitals
  • Selected Inpatient and Outpatient Billing Requirements

And the list goes on and on…

Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs

Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!

Health Care Integration: A Glimpse Into My Crystal Ball

Throughout the history of health care, payors and payees of Medicare/caid have existed in separate silos. In fact, the two have combated – the relationship has not always been stellar.

Looking into my crystal ball; however, all will not be as it is now [that’s clear as mud!].

Now, and in the upcoming years, there will be a massive shift to integrate payors and payees under the same roof. Competition drives this movement. So does the uncertainty in the health care market. This means that under one umbrella may be the providers and the paying entities.

Why is this a concern? First – Any healthcare entity that submits claims to the federal government, whether it be a provider or payor, must comply with the fraud and abuse statutes. As such, there is a potential to run afoul of federal and state regulations regulating the business of health care. Payors know their rules; providers know their rules…And those rules are dissimilar; and, at times, conflicting. The opportunity to screw up is endemic.

Second – With the new responsibilities mandated by the Yates Memo, these new relationships could create awkward situations in which the head of the payor department could have knowledge (or should have knowledge) of an [alleged] overpayment, but because of the politics at the company or self-interest in the preservation of his or her career, the head may not want to disclose such overpayment. With the 60-day rule, the head’s hesitation could cost the company.

Let’s investigate:

The Affordable Care Act (ACA) reinvented health care in so many ways. Remember, the ACA is supposed to be self-funding. Taxes were not to increase due to its inception. Instead, health care providers fund the ACA through post payment and prepayment audits, ZPIC audits, CERTs, MFCU, MICs, RACs, and PERMs.

The ACA also made a whole new commercially-insured population subject to the False Claims Act. False statements are now being investigated in connection with Medical Loss Ratios, justifications for rate increases, risk corridor calculations, or risk adjustment submissions.

CMS imposes a duty to detect fraud, waste, and abuse (FWA). But what if you’re looking at your own partners?

medicare paying

 

The chart above depicts “old school” Medicare payment options for physicians and other health care providers. In our Brave New World, the arrows will be criss-crossed (applesauce), because when the payors and the payees merge, the reimbursements, the billing, and the regulatory supervision will be underneath the same roof. It’ll be the game of “chicken” taken to a whole new level…with prison and financial penalties for the loser.

Since 2011, kickback issues have exponentially grown. The Anti-Kickback Statute makes it a criminal offense for a provider to give “remuneration” to a physician in order to compensate the physician for past referrals or to induce future referrals of patients to the provider for items or services that are reimbursed, in whole or in part, by Medicare or Medicaid.

Imagine when payors and payees are owned by the same entity! Plus, the ACA amended the kickback statutes to eliminate the prong requiring actual knowledge or intent. Now you can be convicted of anti kickback issues without any actual knowledge it was ever occurring!!

Now we have the “one purpose test,” which holds that a payment or offer of remuneration violates the Anti-Kickback Statute so long as part of the purpose of a payment to a physician or other referral source by a provider or supplier is an inducement for past or future referrals. United States v. Borrasi,  2011 WL 1663373 (7th Cir. May 4, 2011).

There are statutory exceptions. But these exceptions differ depending on whether you are a payor or payee – see the potential criss-cross applesauce?

And, BTW, which types of health care services are bound by the anti kickback statutes?

  1. Clinical laboratory services;
  2. Physical therapy services;
  3. Occupation therapy services;
  4. Radiology services (including MRIs, Ultrasounds, and CAT scans);
  5. Radiation therapy and supplies;
  6. Durable medical equipment and supplies;
  7. Parenteral and enteral nutrients, equipment, and supplies;
  8. Prosthetics, orthotics, and prosthetic devices and supplies;
  9. Home health services;
  10. Outpatient prescription drugs; and
  11. Inpatient and outpatient hospital services.

 

Imagine a building. Inside is a primary care physician (PCP), a pediatrician, a home health agency, and a psychiatrist. Can the PCP refer to the home health agency? Can a hospital refer to a home care agency? What if one of the Board of Directors sit on both entities?

The keys to avoiding the anti kickback pitfalls is threefold: (1) fair market value (FMV); (2) arm’s length transactions; and (3) money cannot be germane to referrals.

However, there is no one acceptable way to determine FMV. Hire an objective appraiser. While hiring an objective appraiser does not establish accuracy, it can demonstrate a good faith attempt.

Number One Rule for Merging/Acquiring/Creating New Partnerships in our new Brave New World of health care?

Your attorney should be your new BFF!! (Unless she already is).

Alphabet Soup: RACs, MICs, MFCUs, CERTs, ZPICs, PERMs and Their Respective Look Back Periods

I have a dental client, who was subject to a post payment review by Public Consulting Group (PCG). During the audit, PCG reviewed claims that were 5 years old.  In communication with the state, I pointed out that PCG surpassed its allowable look back period of 3 years.  To which the Assistant Attorney General (AG) said, “This was not a RAC audit.”  I said, “Huh. Then what type of audit is it? MIC? ZPIC? CERT?” Because the audit has to be one of the known acronyms, otherwise, where is PCG’s authority to conduct the audit?

There has to be a federal and state regulation applicable to every audit.  If there is not, the audit is not allowable.

So, with the state claiming that this post payment review is not a RAC audit, I looked into what it could be.

In order to address health care fraud, waste, and abuse (FWA), Congress and CMS developed a variety of approaches over the past several years to audit Medicare and Medicaid claims. For all the different approaches, the feds created rules and different acronyms.  For example, a ZPIC audit varies from a CERT audit, which differs from a RAC audit, etc. The rules regulating the audit differ vastly and impact the provider’s audit results greatly. It can be as varied as hockey and football; both have the same purpose of scoring points, but the equipment, method of scoring, and ways to defend against an opponent scoring are as polar opposite as oil and water. It can be confusing and overwhelming to figure out which entity has which rule and which entity has exceeded its scope in an audit.

It can seem that we are caught swimming in a bowl of alphabet soup. We have RACs, ZPICs, MICs, CERTs, and PERMs!!

alphabet soup

What are these acronyms??

This blog will shed some light on the different types of agencies auditing your Medicare and Medicaid claims and what restrictions are imposed on such agencies, as well as provide you with useful tips while undergoing an audit and defending the results.

First, what do the acronyms stand for?

  • Medicare Recovery Audit Contractors (RACs)
  • Medicaid RACs
  • Medicaid Integrity Contractors (MICs)
  • Zone Program Integrity Contractors (ZPICs)
  • State Medicaid Fraud Control Units (MFCUs)
  • Comprehensive Error Rate Testing (CERT)
  • Payment Error Rate Measurement (PERM)

Second, what are the allowable scope, players, and look back periods for each type of audit? I have comprised the following chart for a quick “cheat sheet” when it comes to the various types of audits. When an auditor knocks on your door, ask them, “What type of audit is this?” This can be invaluable information when it comes to defending the alleged overpayment.

SCOPE, AUDITOR, AND LOOK-BACK PERIOD
Name Scope Auditor Look-back period
Medicare RACs

Focus:

Medicare zaqoverpayments and underpayments

Medicare RACs are nationwide. The companies bid for federal contracts. They use post payment reviews to seek over and under payments and are paid on a contingency basis. Region A:  Performant Recovery

Region B:  CGI Federal, Inc.

Region C:  Connolly, Inc.

Region D:  HealthDataInsights, Inc.

Three years after the date the claim was filed.
Medicaid RACs

Focus:

Medicaid overpayments and underpayments

Medicaid RACs operate nationwide on a state-by-state basis. States choose the companies to perform RAC functions, determine the areas to target without informing the public, and pay on a contingency fee basis. Each state contracts with a private company that operates as a Medicaid RAC.

In NC, we use PCG and HMS.

Three years after the date the claim was filed, unless the Medicaid RAC has approval from the state.
MICs

Focus:

Medicaid overpayments and education

MICs review all Medicaid providers to identify high-risk areas, overpayments, and areas for improvement. CMS divided the U.S. into five MIC jurisdictions.

New York (CMS Regions I & II) – Thomson Reuters (R) and IPRO (A) • Atlanta (CMS Regions III & IV) – Thomson Reuters (R) and Health Integrity (A) • Chicago (CMS Regions V & VII) – AdvanceMed (R) and Health Integrity (A) • Dallas (CMS Regions VI & VIII) – AdvanceMed (R) and HMS (A) • San Francisco (CMS Regions IX & X) – AdvanceMed (R) and HMS (A)

MICs are not paid on a contingency fee basis.

MICs  may review a claim as far back as permitted under the laws of the respective states (generally a five-year look-back period).
ZPICs

Focus:

Medicare fraud, waste, and abuse

ZPICs investigate potential Medicare FWA and refer these cases to other entities.

Not random.

CMS, which has divided the U.S. into seven ZPICs jurisdictions.

Only investigate potential fraud.

ZPICs are not paid on a contingency fee basis.

ZPICs have no specified look-back period.
MFCUs

Focus:

Medicaid fraud, waste, and abuse

MFCUs investigate and prosecute (or refer for prosecution) criminal and civil Medicaid fraud cases. Each state, except North Dakota, has an MFCU.

Contact info for NC’s:

Medicaid Fraud Control Unit of North Carolina
Office of the Attorney General
5505 Creedmoor Rd
Suite 300
Raleigh, NC   27612

Phone: (919) 881-2320

website

MFCUs have no stated look-back period.
CERT

Focus:

Medicare improper payment rate

CERT companies indicate the rate of improper payments in the Medicare program in an annual report. CMS runs the CERT program using two private contractors (which I am yet to track down, but I will). The look back period is the current fiscal year (October 1 to September 30).
PERM

Focus:

Medicaid improper payment rate

PERM companies research improper payments in Medicaid and the Children’s Health Insurance Program. They extrapolate a national error rate. CMS runs the PERM program using two private contractors(which I am yet to track down, but I will). The look back period is the current fiscal year (the complete measurement cycle is 22 to 28 months).

 As you can see, the soup is flooded with letters of the alphabet. But which letters are attached to which audit company determines which rules are followed.

It is imperative to know, when audited, exactly which acronym those auditors are

Which brings me back to my original story of my dental provider, who was audited by a “non-RAC” entity for claims 5 years old.

What entity could be performing this audit, since PCG was not acting as its capacity as a RAC auditor? Let’s review:

  • RAC: AG claims no.
  • MIC: This is a state audit, not federal. No.
  • MFCU: No prosecutor involved. No.
  • ZPIC: This is a state audit, not federal. No allegation of fraud. No.
  • CERT:This is a state audit, not federal. No.
  • PERM: This is a state audit, not federal. No.

Hmmmm….

If it walks like a duck, talks like a duck, and acts like a duck, it must be a duck, right?

Or, in this case, a RAC.