You are a provider, and you accept Medicare and Medicaid. You find out that the person with whom you contracted to provide extraction services for your dental patients has been upcoding for the last few months. -or- You discover that the supervisory visits over the past year have been less than…well, nonexistent. -or- Or your licensed therapist forgot to mention that her license was revoked. What do you do?
What do you do when you unearth a potential, past overpayment to you from Medicare or Medicaid?
Number One: You do NOT hide your head!
Do not be an ostrich. First, being an ostrich will have a direct correlation with harsher penalties. Second, you may miss mandatory disclosure deadlines, which will lead to a more in-depth, concentrated, and targeted audits by the government, which will lead to harsher penalties.
As for the first (harsher penalties), not only will your potential, monetary penalties leap skyward, but knowledge (actual or should have had) could put you at risk for criminal liability or false claims liability. As for increased, monetary penalties, recent Office of Inspector General (OIG) information regarding the self disclosure protocol indicates that self disclosure could reduce the minimum multiplier to only 1.5 times the single damages versus 2-10 times the damages without self disclosure.
As for the second (missing deadlines), your penalties will be exorbitantly higher if you had or should have had actual knowledge of the overpayments and failed to act timely. Should the government, despite your lack of self disclosure, decide to audit your billings, you can count on increased scrutiny and a much more concentrated, in-depth audit. Much of the target of the audit will be what you knew (or should have) and when you knew (or should have). Do not ever think: “I will not ever get audited. I am a small fish. There are so many other providers, who are really de-frauding the system. They won’t come after me.” If you do, you will not be prepared when the audit comes a’knocking on your door – and that is just foolish. In addition, never underestimate the breadth and scope of government audits. Remember, our tax dollars provide almost unlimited resources to fund thousands of audits at a time. Being audited is not like winning the lottery, Your chances are not one in two hundred million. If you accept Medicare and/or Medicaid, your chances of an audit are almost 100%. Some providers undergo audits multiple times a year.
Knowing that the definition of “knowing” may not be Merriam Webster’s definition is also key. The legal definition of “knowing” is more broad that you would think. Section 1128J(d)(4)(A) of the Act defines “knowing” and “knowingly” as those terms are defined in 31 U.S.C. 3729(b). In that statute the terms “knowing” and “knowingly” mean that a person with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. 3729(b) also states that knowing and knowingly do not require proof of specific intent to defraud.
Number Two: Contact your attorney.
It is essential that you have legal counsel throughout the self disclosure process. There are simply too many ways to botch a well-intended, self disclosure into a casus belli for the government. For example, OIG allows three options for self disclosure; however, one option requires prior approval from OIG. Your counsel needs to maintain your self disclosure between the allowable, navigational beacons.
Number Three: Act timely.
You have 60-days to report and pay. Section 1128J(d)(2) of the Social Security Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable. See blog.
If you have a Medicare issue, please continue to Number Four. If your issue is Medicaid only, please skip Number Four and go to Number Five. If your issue concerns both Medicare and Medicaid, continue with Number Four and Five (skip nothing).
Number Four: Review the OIG Self Disclosure Protocol (for Medicare).
OIG publishes a Self Disclosure Protocol. Read it. Print it. Frame it. Wear it. Memorize it.
Since 2008, OIG has resolved 235 self disclosure provider cases through settlements. In all but one of these cases, OIG released the disclosing parties from permissive exclusion without requiring any integrity measures. What that means is that, even if you self disclose, OIG has the authority to exclude you from the Medicare system. However, if you self disclose, may the odds be ever in your favor!
Number Five: Review your state’s self disclosure protocol.
While every state differs slightly in self disclosure protocol, it is surprising how similar the protocol is state-to-state. In order to find your state’s self disclosure protocol, simply Google: “[insert your state] Medicaid provider self disclosure protocol.” In most cases, you will find that your state’s protocol is less burdensome than OIG’s.
On the state-side, you will also find that the benefits of self disclosure, generally, are even better than the benefits from the federal government. In most states, self disclosure results in no penalties (as long as you follow the correct protocol and do not hide anything).
Number Six: Draft your self disclosure report.
Your self disclosure report must contain certain criteria. Review the Federal Registrar for everything that needs to be included.
It is important to remember that you are only responsible for self disclosures going back six years (on the federal side).
Mail the report to:
330 Independence Avenue, Room 5527
Washington, DC 20201
Or you can self disclose online at this link.
The Centers for Medicare & Medicaid Services released its final rule today on the return of overpayments. The final rule requires providers and suppliers receiving funds under the Medicare/Medicaid program to report and return overpayments within 60 days of identifying the overpayment, or the date a corresponding cost report is due, whichever is later. As published in the February 12, 2016 Federal Register, the final rule clarifies the meaning of overpayment identification, the required lookback period, and the methods available for reporting and returning identified overpayments to CMS. See https://www.federalregister.gov/articles/2016/02/12/2016-02789/medicare-program-reporting-and-returning-of-overpayments.
The point in time in which an overpayment is identified is significant because it triggers the start of the 60-day period in which overpayments must be returned. CMS originally proposed that an overpayment is identified only when “the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment.” The final rule changes the meaning of identification, stating that “a person has identified an overpayment when the person has or should have, through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment. The change places a burden on healthcare providers and suppliers to have reasonable policies and programs in place which monitor the receipt of Medicare/Medicaid payments.
6-Year Lookback Period
The final rule also softens the period for which health care providers and suppliers may be liable for the return of overpayments. As the rule was originally proposed, CMS required a 10-year lookback period, consistent with the False Claims Act. Now, overpayments must be reported and returned only if a person identifies the overpayment within six years of the date the overpayment was received.
Guidance in Reporting and Returning Overpayments
The final rule provides that providers and suppliers must use an applicable claims adjustment, credit balance, self-reported refund, or other appropriate process to satisfy the obligation to report and return overpayments. If a health care provider or supplier has reported a self-identified overpayment to either the Self-Referral Disclosure Protocol managed by CMS or the Self-Disclosure Protocol managed by the Office of the Inspector General (OIG), the provider or supplier is considered to be in compliance with the provisions of this rule as long as they are actively engaged in the respective protocol.