Health Care Reforms Aims at Reducing Fraud and Abuse through New Enforcement Initiatives and Program Requirements

President Obama signed into law on March 23 the Patient Protection and Affordable Care Act (PPACA), ending a yearlong legislative initiative by the President and Congress to reform health care in America. The new bill includes numerous provisions aimed at fraud and abuse, provider compliance, and enforcement initiatives. Providers must be particularly aware and in compliance with the new regulatory changes under Title VI – Transparency and Program Integrity, since it will have an impact on their operations. The following are summaries of select Title VI provisions, which are intended to go into effect at the end of the year or shortly thereafter. Additionally, since these selected provisions will impact operations, providers should be knowledgeable on how to comply with these new provisions and stay tuned to updates from the Department of Health and Human Services regarding implementation and enforcement.

Fraud, Abuse, and Enforcement

• The recovery audit contractor (RAC) program will expand to the Medicaid program and Medicare Parts C and D by Dec. 31, 2010. Sec. 6411
• HSS and State agencies may suspend Medicare and Medicaid payments, respectively, to providers and suppliers while conducting fraud investigations based on credible allegations. Sec. 6402(h)
• Civil monetary penalties (CMP) increase to $50,000 for each false record knowingly made or used for payment under a Federal health care program.
• Providers and suppliers are subject to $15,000 CMP each day they deny HHS-OIG access to conduct an audit, investigation, or evaluation. Sec. 6408(a)
• An amendment to the Anti-Kickback Statute (AKS) adds that a person does not need to know the statute prohibits a specific action in order to violate the AKS. Furthermore, the government does not need to prove that the individual or entity specifically intended to commit a violation of the AKS. Sec. 6402(f)
• A Stark Law amendment precludes establishing new physician-owned hospitals after Dec. 31, 2010. The amendment also prohibits already established physician-owned hospitals from expanding the facility or the amount of physician ownership after Dec. 31, 2010. Sec. 6001(a)
• HHS will establish a self-referral disclosure protocol (SRDP) within six months from the enactment of PPACA that allows providers and suppliers to self-disclose actual or potential violations of the Stark Law. HHS may reduce the penalty amount based on the self-disclosure. Sec. 6409

Health Care Program Requirements

• An amendment to the referral exception under the Stark Law requires physicians to provide patients with a written list of suppliers when referring magnetic resonance imaging, computed tomography, and positron emission tomography services. Applies to services furnished after Jan. 1, 2010. Sec. 6003
• Providers and suppliers enrolling and re-enrolling in Medicare, Medicaid, and CHIP will face enhanced screening and enrollment requirements, including:
  • Provider screening measures, i.e. licensure and background checks, database checks, fingerprinting, and site visits;
  • Oversight of new providers and suppliers for a period of 30 days to a year;
  • Disclosure requirements regarding current and previous affiliations;
  • Adjustments to payments in order to satisfy past-due obligations;
  • Temporary moratorium on enrollment to prevent or combat fraud, waste, or abuse; and
  • Mandatory compliance programs with core elements established by HHS.

Sec. 6401(a)1-7

• Providers must report and return overpayments to the appropriate payer within 60 days of indentifying the overpayment. Consequently, failure to return an overpayment after 60 days is considered an obligation and violation under the False Claims Act. Sec. 6402(d)
• The period for submission of Medicare claims is reduced to 12 months from the date the service or item was provided. Applies to all services furnished on or after Jan. 1, 2010. Sec. 6404

Posted by: Jillian Bower, Associate at Strategic Management

For more information, please see below:

http://www.strategicm.com/commercial/bios/bower.php

What Does the Administration’s Budget Mean for Healthcare Compliance?

The Obama Administration recently unveiled its proposed federal budget for fiscal year (FY) 2011. The proposed budget totaling $3.8 trillion allocates a significant amount of resources to the Department of Health and Human Services (HHS) and the Department of Justice (DOJ). Of particular note, is the increased funding for healthcare fraud enforcement. Specifically, the President proposes to increase discretionary spending for fraud programs by 80 percent, from $311 million to $561 million in FY 2011. Further, the budget plan increases the HHS Office of Inspector General’s (OIG’s) funding for fraud and abuse activities by $125 million, from $251 million to $376 million. Additional highlights related to healthcare compliance include:

•  The expansion of the Medicare Fraud Strike Force program, a HHS-DOJ operated program designed to combat Medicare fraud, from seven to twenty cities;
• The allotment of $25.5 billion for the Medicaid program, by extending the temporary increase in the Federal Medical Assistance Percentage under the American Recovery and Reinvestment Act to six months;
• A decrease in Medicare funding by $683 million in FY 2011 and $500 billion over the next ten years;
• An allocation of $110 million to strengthen health IT initiatives; and
• The administration of Medicare demonstration projects to evaluate the quality of care and healthcare costs.

In addition to increased funding for healthcare fraud enforcement, the President recently issued a memorandum that directs all federal departments and agencies to expand their use of audits to detect improper reimbursement of federal dollars. According to the memorandum, the Administration will use the Payment Recapture Audit model, which is the model used by Medicare’s Recovery Audit Contractors. Under this model, auditors will be paid on a contingency basis where compensation is linked to identified improper payments.

 So what does this mean for healthcare compliance? Overall, it is apparent that the federal government is increasing its anti-fraud efforts and continuing investigations and enforcement of penalties to violators. The government is already equipped with sophisticated analytic techniques such as time‐sequencing analysis, clustering, and association rules to identify improper Medicare payments and potential cases of fraud. With the additional funding under the proposed budget, the government will have the resources to combat fraud, waste, and abuse at full force.

As a result, providers must ensure that the proper safeguards are developed and implemented in order to monitor, detect, and remediate fraud and abuse of federal health care programs. The most effective method to protect your organization in this regulatory and enforcement environment is with risk management. Providers are encouraged to conduct a risk assessment to identify and mitigate areas of weakness. Subsequent to identifying your risk areas, providers should conduct regular audits to monitor their compliance. Audits may be internal or external; however, engaging an external auditor will provide your organization with a neutral perspective that can add value to your audit. Overall, implementing these steps will not only facilitate compliance but also protect your organization from costly legal fees, penalties, and even exclusion from federal health care programs.
To view the documents related to the budget go to: http://www.whitehouse.gov/omb/budget/Overview/.

Posted by: Camella Boateng, Associate at Strategic Management.

For more information, please click the link below:

http://www.strategicm.com/commercial/bios/boateng.php

Forthcoming Legislation Aimed at Fighting Health Care Fraud

 Senator Chuck Grassley recently introduced new legislation to fight health care fraud, waste, and abuse. The bill, titled The Strengthening Program Integrity and Accountability in Health Care Act (S 2774) includes many of the fraud prevention provisions from the comprehensive health care reform bills, which are now being reconsidered. As the ranking member of the Senate Finance Committee, Sen. Grassley had a hand in developing many of the provisions included in the health care reform bill, and subsequently this newly introduced anti-fraud bill. The proposed bill enhances efforts by federal health care programs and federal enforcement agencies to curtail fraudulent activities committed by current and new providers.

Several of the bill’s provisions focus on fraudulent or potentially fraudulent claims submitted for payment by providers and suppliers. Providers should be aware of the following key proposed measures:

• Reducing the submission period for Medicare claims to no more than 12 months;
• Requiring providers to report and return overpayments within 60 days after either the date the overpayment was identified or the due date of the corresponding cost report;
• Expanding of the Recovery Audit Contractors Program to Medicaid and Medicare Parts C and D;
• Consolidating the repository of claims for all parts of Medicare, Medicaid, CHIP, Veterans Affair, Department of Defense, Social Security, and Indian Health Services into a single, Integrated Data Repository; and
• Granting DHHS OIG and Department of Justice access to Medicare and Medicaid claims for the purpose of carrying out law enforcement activities.

 Considering the increased attention for claims reviews through integrated data systems, it is crucial for providers to know and analyze their data just as well as government enforcers would. Providers should conduct a prepayment review of all claims before submission to identify errors, and subsequently before the issuance of a denial or overpayment. Further, it is advised to conduct a mock review of paid claims to mimic reviews conducted by government contractors. Mock reviews are often conducted by external entities with expertise and knowledge of high risk billing issues. Risk areas under review by the Recovery Audit Contractors often serve as the starting point. Mock reviews are a beneficial and informative way to know and manage billing risks.

 If overpayments are identified through claims reviews and data mining efforts, they must be reported and returned to the appropriate payer. Therefore, it is essential to have a process in place to report and return such overpayments on a timely basis. This process should be documented in a written policy and should be reviewed and updated on a regular basis.

 Currently, the Senate Finance Committee is reviewing the proposed bill, after which it is likely to move to the Senate for full vote. Therefore, providers have sufficient time to start conducting their own claims reviews before enhanced government enforcement begins. Undoubtedly, both sides of the health care reform debate agree that fraud, waste, and abuse must be addressed and ultimately reduced. Therefore, it is not a matter of if such measures will pass but when.

 Posted by: Jillian Bower,  Associate at Strategic Management

For more information, please click the link below:                            http://www.strategicm.com/commercial/bios/bower.php

Quality Reporting May be Challenging under “Meaningful Use”

 The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) recently issued two regulations to implement the electronic health record (EHR) incentive programs enacted under the American Recovery Act of 2009. The regulations are a first step toward the improvement of quality, efficiency and safety through meaningful use of certified EHR technology.

 In order for professionals and hospitals to be eligible to receive payments under the Medicare and Medicaid EHR incentive programs, they must be able to demonstrate meaningful use of a certified EHR system. As such, CMS’ proposed regulation defines and specifies how to demonstrate “meaningful use” of EHR technology. Specifically, meaningful use is defined as the use of certified EHR technology in a form and manner consistent with certain objectives and measures such as: the improvement of quality, efficiency and safety of health care delivery; reduction of health care disparities; engagement of patients and families; improvement of care coordination; and adequate privacy and security protections for personal health information.

Healthcare providers and executives generally agree that electronic health records hold great promise for improving health care quality, efficiency and safety. It is thus not surprising that quality metrics are central to the meaningful use requirements. However, the number of quality measures included for 2011 was surprising. The interim final rule requires hospitals to report on 35 quality measures as a condition of demonstrating meaningful use. While all of these measures are important, many players in the health care industry have raised concerns. Some state that they currently track only one half to one third of these measures. Another challenge is the maturity of the technology to produce the required reports in a timely manner. While a clinical application that allows real-time reporting on quality measures is necessary, many systems that are currently available are not robust enough to produce the required reports.

Hospitals and physicians alike will face challenges in attempting to meet the quality reporting requirements. Many physicians do not capture clinical data in a discrete format. Some physicians choose to scan in lab reports.

 While the IRF is still open for comments at this time, hospitals and physicians will need to review closely the systems they have in place and revise their processes where needed to ensure that they can meet the meaningful use requirement. Quality measures are becoming increasingly important and are no longer affecting just patient care and program integrity but program funding as well.

Posted by: Deborah Hutchison, Manager at Strategic Management

For more information, please click the link below:                         http://www.strategicm.com/commercial/bios/deborah.php

When is it advisable to hire an Interim Compliance Officer (ICO)?

Jim Cottos answered this question. He is SVP at Strategic Management (jcottos@strategicm.com) having provided compliance advisory service for the past ten year.  Previously served as Regional Inspector General and Chief Inspector for the DHHS OIG and as Assistant IG for Investigations at the Department of Treasury.

We are finding that more and more organizations are engaging experienced professionals and subject matter experts as Interim Compliance Officers (ICO).  The normal period for such arrangements is between six to eighteen months.  I have been an ICO at a number of organizations ranging from a small stand alone hospital to being the interim chief compliance officer for Baylor Health Care System in Dallas, while it took its time finding just the right person to replace the former compliance chief. Baylor also wanted me as a pair of “fresh eyes” to evaluate the compliance program at the academic medical center, which has 17,000 employees.  In some cases, I was hired to be the ICO in order to build or rebuild a compliance program before having a permanent replacement take over.  In other cases where I was engaged to be the ICO, it was to either build or rebuild the stature of the compliance officer before selecting a permanent one.  The real questions to be asked are:

• When and under what circumstance is it advisable to take this course of action?
• What are the advantages of using an ICO?
• How do you select an ICO?

Hiring an ICO can have several benefits.  First, the program is not left unattended and continues in full operation, leaving more time to find the right permanent compliance officer.  Secondly, an ICO will be able to provide an independent assessment of the state of the program. Third, the ICO can assist in defining the specific qualifications for selection of the new permanent compliance officer.   This latter point leads to the fact that the organization may wish to use the ICO to vet and assess candidates for the job.   This may help avoid hiring someone who on paper looks great but is seeking a new job because they are not doing well in their current position.  There are a lot of failed compliance officers looking for new jobs.

My suggestion to any organization considering hiring an ICO would be to take care to find someone with the right experience and expertise.  You don’t want to bring a stranger into the work environment who is an amateur that could create confusion, stir up problems with the workforce or management, let along creating a potential liability.   It is best to find a firm that has a lot of experience doing this kind of work, and who uses only qualified compliance experts.

Outsourcing Compliance

With increased frequency, organizations are exploring the notion of outsourcing their compliance programs and trying to determine if, when, and under what circumstances this would make sense.  Before making this analysis, it is worth noting that the DHHS OIG has recognized that this may be an acceptable alternative to an in-house compliance officer.  They noted in various compliance guidance documents that it may make sense to have one individual could serve as compliance officer for more than one entity; and in situations where staffing limitations mandate that the entity cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant. However, if this role is outsourced, it is beneficial for the compliance officer to have sufficient interaction to be able to effectively understand the inner workings of the practice.

So, it is permissible from the government’s viewpoint to consider outsourcing a compliance program.   The next question is when it makes sense to do it.   The OIG noted that it may be reasonable to consider this where the entity is relatively small and having an employee designated to do the work may not make good sense.   Examples of this are smaller physician practices, DME suppliers, stand along SNFs, etc.  In these cases the cost of having a full blown internally operated compliance program is not financially sound and is complicated by the close proximity of the person charged with compliance to other employees in a confined work environment.  Under these circumstances, they may be better off hiring an established expert with support resources to develop, operate and support the program properly.  For larger entities and organizations, such as large hospital systems, outsourcing compliance should not be considered a realistic option.

The next question for smaller entities is a cost benefit analysis.   What would it cost to have someone designated internally to operate the compliance program effectively?   Could a part time compliance officer be sufficiently qualified and have time to do all that needs to be done?   Would the individual designated internally as the compliance officer have sufficient time and expertise to ensure the compliance program is effective?   What would it cost in salary and overhead to have someone designated internally versus outsourcing the function?  The entity would be far ahead of the game if cost of outsourcing should be less than if operated internally.  It would ensure a professionally operated program.

Must you screen against the General Services Administration’s (GSA) Excluded Parties Listing System (EPLS)?

For over a decade, the OIG has suggested screening against the EPLS and now questions are being asked as to whether this is really necessary.  It is a costly and time-consuming effort that leads to very little solid results.  There are a number of false hits that arise from screening against the EPLS and this has been complicated by a lack of specific identifiers on the EPLS, which leads to many false hits that then require significant staff time for resolution.  Adding to the time and costs related to the EPLS process it that fact that it is rare to find a valid hit on that database.  It is our position that a solid case can be made for not querying the GSA database in the first place.  Such a statement CANNOT be said about screening against the LEIE.

The GSA site makes it clear that the debarments decisions are designed for use by only federal government agencies, not health care providers who are not entities of the federal government (see Executive Order 12549, “Debarment and Suspension”, and Executive Order 12689, same title).   Also there is the absence of an OIG advisory bulletin addressing or clarifying use of the GSA EPLS. Furthermore, Departmental and CMS regulations are silent on the issue of GSA debarments and their effect on health care financing programs of the DHHS.  We are not aware of a single instance where the DHHS OIG has taken action against a health care provider using an individual or entity on the GSA EPLS.  There are other difficulties associated with screening against the GSA data.  There is no explanation as to where to draw the line in screening contractors and vendors.   Bottom line: It is hard to determine what the downside would be for not screening against the EPLS.

Sanction Screenings

We continue to receive questions dealing with sanction screening. A number of compliance officers have noted complications arising from those already employed or given staff privileges. What is clear is that continued relationship with someone under exclusion can give rise to a host of potential liabilities. However, terminating the relationship can still be a vexing problem and in some cases has led to litigation in some cases. There are things that can be done in advance to avoid some of the complications of dealing with someone appearing on the OIG LEIE. First and foremost, all employee applications shall include questions pertaining to any pending charge or conviction for violation of criminal law; and/or any sanction or disciplinary actions by any duly authorized regulatory or enforcement agency of government. The following is suggested language on applications:

 • “Have you ever been convicted of any criminal violation of law, or are you now under pending investigation or charges of violation of criminal law? If yes, explain.”

 • “Have you been subject of any adverse action(s) by any duly authorized sanctioning or disciplinary agency for either conduct based or performance based actions? If yes, explain.”

Employee applications should also include questions pertaining to any pending charge or conviction for violation of criminal law; and/or any sanction or disciplinary actions by any duly authorized regulatory or enforcement agency of government. It should also be a condition of employment that the individual has an affirmative duty to report any investigation by a duly authorized government agency that involves them personally. In many cases a person who is the subject of investigation at one facility will change jobs before the axe falls and at the time of application for the new job they are not under sanction. It is also advisable to adopt the written policy that any false information provided on an application violates a condition of employment; and any false attestation concerning administrative actions taken against them can constitute independent grounds for termination. In this way the organization may focus on the false statement, rather than the underlying subject of the agency sanctioning.