Blog Archives

CMS Clarifying Medicare Overpayment Rules: The Bar Is Raised (Yet Again) for Health Care Providers

Have you ever watched athletes compete in the high jump? Each time an athlete is successful in pole vaulting over the bar, the bar gets raised…again…and again…until the athlete can no longer vault over the bar. Similarly, the Center for Medicare and Medicaid Services (CMS) continue to raise the bar on health care providers who accept Medicare and Medicaid.

In February, CMS finalized the rule requiring providers to proactively investigate themselves and report any overpayments to CMS for Medicare Part A and B. (The Rule for Medicare Parts C and D were finalized in 2014, and the Rule for Medicaid has not yet been promulgated). The Rule makes it very clear that CMS expects providers and suppliers to enact robust self auditing policies.

We all know that the Affordable Care Act (ACA) was intended to be self-funding. Who is funding it? Doctors, psychiatrists, home care agencies, hospitals, long term care facilities, dentists…anyone who accepts Medicare and Medicaid. The self-funding portion of the ACA is strict; it is infallible, and its fraud, waste, and abuse (FWA) detection tools…oh, how wide that net is cast!

Subsection 1128J(d) was added to Section 6402 of the ACA, which requires that providers report overpayments to CMS “by the later of – (A) the date which is 60 days after the date on which the overpayment was identified; or (B) the date any corresponding cost report is due, if applicable.”

Identification of an overpayment is when the person has, or reasonably should have through the exercise of reasonable diligence, determined that the person received an overpayment. Overpayment includes referrals or those referrals that violate the Anti-Kickback statute.

CMS allows providers to extrapolate their findings, but what provider in their right mind would do so?

There is a six-year look back period, so you don’t have to report overpayments for claims older than six years.

You can get an extension of the 60-day deadline if:

• Office of Inspector General (OIG) acknowledges receipt of a submission to the OIG Self-Disclosure Protocol
• OIG acknowledges receipt of a submission to the OIG Voluntary Self-Referral Protocol
• Provider requests an extension under 42 CFR §401.603

My recommendation? Strap on your pole vaulting shoes and get to jumping!

“Red Rover, Red Rover, Send Lab Services Right Over!” And How To Self Audit

Medicare is the largest payor of clinical lab services in the nation. Clinical lab services include everything from blood counts to urinalyses, and every letter of the alphabet in between. Lab services are performed by hospitals, independent labs, physicians, or other institutions.

Medicare Part B (which covers lab services) has had increased enrollment over the past few years, but the amount billed to Part B over the past few years has increased at a much higher rate. In other words, the amount of lab services billed to Part B has increased disproportionately to the increase in enrollment. Any number of factors could contribute to this: defensive practice of medicine, more reliance on laboratory testing, more labs…

Regardless, the higher billing amounts in lab services has now won the prestigious award of “Increased CMS Scrutiny!” (sarcasm, people). And the crowd goes wild!!!!

Mid-2014, the U.S. Office of Inspector General (OIG) published a study entitled, “Questionable Billing for Medicare Part B Clinical Laboratory Services.” OIG determined that Medicare allowed $1.5 billion to be paid for claims with questionable billing. It recommended that CMS: (1) review the labs identified with questionable billing and take appropriate action; (2) review program integrity strategies and determine whether such strategies are adequate; and (3) ensure that claims with invalid and ineligible ordering-physician numbers are not being paid.

In normal and expectant government time frames, the “dinosauric beast” has now determined, a little over a year later, that laboratory service claims warrant enhanced scrutiny. And a little over 85 years after its discovery, we finally determine that Pluto isn’t a planet.

CMS zoomed in their lens of scrutiny on lab services multiple times over a decade ago. Each “CMS zoom” resulted in millions and millions of money given to the federal government, which perpetuates the feds to zoom more and more…it’s easy money.

For example, in 2000, OIG issued Project LabScam, which resulted in substantial settlements against Laboratory Corporation of America Holdings, SmithKline Beecham, Met/Path, Damon, Roche, and Allied.

In 2002, OIG found that Medicare incorrectly paid $7.4 million for lab services with invalid ordering UPINs and $15.3 million for lab service claims with inactive ordering UPINs.

What does this mean to providers of lab services today?

It means you need to be prepared for an audit.

When I was young, one of my favorite games was “Red Rover.” Children would grasp arms and form a straight line facing the other team, which was doing the same. I would yell, “Red River, Red Rover, send Holly right over!” At which time, little Holly would be released from her line and prepare to run, full speed, into my line of little kids’ arms. Inevitably, once we saw where Holly was running, we would tighten up our grasps on one another’s arms to prepare for the impact.

Similarly, in preparation for upcoming audits, lab service providers need to tighten up.

How?

The best way to be certain of your risks in a potential audit is to hire a professional consultant or an experienced attorney to review a large sample of your documents. This allows an outsider to provide an unbiased opinion as to your risk. You may have the best billing manager in the world, but, when it comes to a self audit, he or she already believes that his or her documentation is stellar and that the organization of such documents is self evident. Having an outsider audit your records is worth its weight in gold and the best way to tighten up pre-audit.

The second best way to be certain of your risks in a potential audit is to self audit. Even if you hire a consultant or an attorney for a one time, third-party audit, you still want to self-audit multiple times a year. Every now and then you need to kick the old tires.

How do you self audit?

FYI: My general explanation of how to self audit will be appropriate for all health care service provider types. I will describe some more detailed ways to self audit that will be specific to lab services.

In order to self audit, I teach the IAKA method, not to be confused with IKEA.

  • Identify common risks
  • Audit a sample of your documents
  • Keep record of each step of your audit, including findings
  • Act on the findings.

Identify

What are the common red flags in your industry?

For lab services, common red flags may be high average allowed amounts per ordering physician, high percentage of claims with ineligible ordering-physician numbers, high percentage of claims with compromised beneficiary numbers, and high percentage of duplicate lab tests.

Here’s an area to look into that you may not otherwise consider in a self audit: what percentage of your lab clients live outside 100 miles? This may sound hoaky, but I had a lab service client flagged because 92% of the clients resided over 150 miles away. There was a perfectly reasonable explanation for such anomaly, the lab was located in a large, prestigious hospital in a rural area and people came from miles away to the hospital, but the statistic still flagged it.

Another specific item to review is, on average, how much does each physician bill in the laboratory? Do you have 4 physicians who bill, on average, $60,000+ per ordering physician? Because, for an independent lab, that would be very high.

Audit

For the actual self audit, you want to break up the audit into two categories: standards and procedures and document compliance.

For standards and procedures, you are reviewing whether you are properly orienting new hires, the specific training you implement, your criminal background check procedures, HIPAA training, your license renewal processes, your certification renewal processes, etc.

For document compliance, you are reviewing for physician signatures and dates.

NOTE: It is not required, but it is extremely prudent to print the name of the signator underneath all signatures. I have seen auditors ding providers on “physicians not being licensed/credentialed” because the auditor could not read the name of the physician. 

You are also reviewing for medical necessity, eligible ordering-physician numbers, distance the client is to the lab, amount prescribed to that particular client, amount prescribed by that particular physician, whether that test prescribed for the same client within a 12 month period, coding compliance, etc.

Keep Record

It is imperative that you keep meticulous records while you conducting the audits. You want to be able to show an auditor that you caught a mistake and that you implemented a plan of correction to remedy the mistake going forward. And that, in actuality, you remedied the mistake going forward. This documentation is essential for possible defenses to alleged potential overpayments, false claims, and, even, alleged criminal actions. Your documentation skills could be the difference between paying millions in penalties, or, in the extreme case, jail.

Act

I got ahead of myself in the prior section by saying that you need to document the way in which you fix the mistake. But I cannot emphasize it enough. Acting on your findings is important, obviously, but documenting the actions is more important. Ever hear the saying, “If it isn’t documented, it didn’t happen?” Take that as gospel.

Be prepared. Be proactive. Be ready. Tighten up!

Have an Inkling of a Possible Overpayment, You Must Repay Within 60 Days, Says U.S. District Court!

You are a health care provider.  You own an agency.  An employee has a “hunch” that…

maybe…

perhaps….

your agency was overpaid for Medicare/caid reimbursements over the past two years to the tune of $1 million!

This employee has been your billing manager for years and you trust her…but…she’s not an attorney and doesn’t have knowledge of pertinent legal defenses. You are concerned about the possibility of overpayments, BUT….$1 million? What if she is wrong?  That’s a lot of money!

According to a recent U.S. District Court in New York, you have 60 days to notify and refund the government of this alleged $1 million overpayment, despite not having a concrete number or understanding whether, in fact, you actually owe the money.

Seem a bit harsh? It is.

With the passage of the Affordable Care Act (ACA) on March 23, 2010, many new regulations were implemented with burdensome requirements to which health care providers are required to adhere.  At first, the true magnitude of the ACA was unknown, as very few people actually read the voluminous Act and, even fewer, sat to contemplate the unintentional consequences the Act would present to providers. For example, I daresay that few, if any, legislators foresaw the Draconian effect from changing the word “may” in 42 CFR 455.23 to “must.” See blog and blog and blog.

Another boiling frog in the muck of the ACA is the 60-Day Refund Rule (informally the 60-day rule).

What is the 60-Day Refund Rule?

In 2012, CMS proposed the “60-day Refund Rule,” requiring Medicare providers and suppliers to repay Medicare overpayments within 60 days of the provider or supplier identifying the overpayment.  Meaning, if you perform a self audit and determine that you think that you were overpaid, then you must repay the amount within 60 days or face penalties.

If I had a nickel for each time a clients calls me and says, “Well, I THINK I may have been overpaid, but I’m not really sure,” and, subsequently, I explained how they did not owe the money, I’d be Kardashian rich.

It is easy to get confused. Some overpayment issues are esoteric, involving complex eligibility issues, questionable duplicity issues, and issues involving “grey areas” of “non”-covered services.  Sometimes a provider may think he/she owes an overpayment until he/she speaks to me and realizes that, by another interpretation of the same Clinical Coverage Policy that, in fact, no overpayment is owed. To know you owe an overpayment, generally, means that you hired someone like me to perform the self audit.  From my experience, billing folks are all too quick to believe an overpayment is owed without thinking of the legal defenses that could prevent repayment, and this “quick to find an overpayment without thinking of legal defenses” is represented in Kane ex rel. United States et al. v. Healthfirst et al., the lawsuit that I will be discussing in this blog.  And to the billings folks’ credit, you cannot blame them.  They don’t want to be accused of fraud. They would rather “do the right thing” and repay an overpayment, rather than try to argue that it is not due.  This “quick to find an overpayment without thinking of legal defenses” is merely the billing folks trying to conduct all work “above-board,” but can hurt the provider agency financially.

Nonetheless, the 60-day Refund Rule is apathetic as to whether you know what you owe or whether you hire someone like me.  The 60-Day Refund Rule demands repayment to the federal government upon 60-days after your “identification” of said alleged overpayment.

Section 1128(d)(2) of the Social Security Act states that:

“An overpayment must be reported and returned under paragraph (1) by the later of— (A) the date which is 60 days after the date on which the overpayment was identified; or (B) the date any corresponding cost report is due, if applicable.”

A recent case in the U.S. District Court of New York has forged new ground by denying a health care providers’ Motion to Dismiss the U.S. government’s and New York State’s complaints in intervention under the False Claims Act (FCA).  The providers argued that the 60-day rule cannot start without a precise understanding as to the actual amount of the overpayment. Surely, the 60-day rule does not begin to run on the day someone accuses the provider of a possible overpayment!

My colleague, Jennifer Forsyth, recently blogged about this very issue.  See Jennifer’s blog.

Basically, in Kane ex rel. United States et al. v. Healthfirst et al., three hospitals provided care to Medicaid patients. Due to a software glitch [cough, cough, NCTracks] and due to no fault of the hospitals, the hospitals received possible overpayments.  The single state entity for Medicaid in New York questioned the hospitals in 2010, and the hospitals took the proactive step of tasking an employee, Kane, who eventually became the whistleblower, to determine whether, if, in fact, the hospital did receive overpayments.

At this point, arguably, the hospitals were on notice of the possibility of overpayments, but had not “identified” such overpayments per the 60-day rule.  It was not until Kane made preliminary conclusions that the hospitals were held to have “identified” the alleged overpayments.  But very important is the fact that the Court held the hospitals liable for having “identified” the alleged overpayments prior to actually knowing the veracity of the preliminary findings.

Five months after being tasked with the job of determining any overpayment, Kane emails the hospital staff her findings that, in her opinion, the hospitals had received overpayments totaling over $1 million for over 900 claims.  In reality, Kane’s findings were largely inaccurate, as approximately one-half of her alleged findings of overpayments were actually paid accurately.  Despite the inaccurate findings, the Complaint that Kane filed as the whistleblower (she had been previously fired, which may or may not have contributed to her willingness to bring a whistleblower suit), alleged that the hospitals had a duty under the 60-day rule to report and refund the overpayments, even though there was no certainty as to whether the findings were accurate. And the Court agreed with Kane!

Even more astounding, Kane’s email to the hospitals’ management that contained the inaccurate findings contained phrases that would lead one to believe that the findings were only preliminary:

  • “further analysis would be needed to confirm his findings;” and
  • the spreadsheet provided “some insight to the magnitude of the problem” (emphasis added).

The above-mentioned comments would further the argument that the hospitals were not required to notify the Department and return the money 60 days from Kanes’ email because Kane’s own language within the email was so wishy-washy. Her language in her email certainly does not instill confidence that her findings are accurate and conclusive.

But…

The 60-day rule requires notification and return of the overpayments within 60 days of identification.  The definition of “identification” is the crux of Kane ex rel. United States et al. v. Healthfirst et al. [it depends on what the definition of “is” is].

The Complaint reads, that the hospitals “fraudulently delay[ed] its repayments for up to two years after the Health System knew” the extent of the overpayments” (emphasis added). According to the Complaint, the date that the hospitals “knew” of the overpayment was the date Kane emailed the inaccurate findings.

The hospitals filed a Motion to Dismiss based on the fact that Kane’s email and findings did not conclusively identify overpayments, instead, only provided a preliminary finding to which the hospitals would have needed to verify.

The issue in Kane ex rel. United States et al. v. Healthfirst et al. is the definition of “identify” under the 60-day rule. Does “identify” mean “possibly, maybe?” Or “I know I owe it?” Or somewhere in between?

The hospitals filed a Motion to Dismiss, claiming that the 60-day rule did not begin to run on the date that Kane sent his “preliminary findings.”  The U.S. District Court in New York denied the hospitals’ Motion to Dismiss and stated in the Order, “there is an established duty to pay money to the government, even if the precise amount due is yet to be determined.” (emphasis added).

Yet another heavy burden tossed upon health care providers in the ever-deepening, regulatory muck involved in the ACA.  As health care providers carry heavier burdens, they begin to sink into the muck.

Important take aways:

  • Caveat: Take precautions to avoid creating disgruntled, former employees.
  • Have an experienced attorney on speed dial.
  • Self audit, but self audit with someone highly experienced and knowledgeable.
  • Understand the ACA. If you do not, read it. Or hire someone to teach you.