Published on:

When a Medicare-enrolled provider or supplier receives a demand to repay an alleged overpayment, especially a massive and statistically extrapolated overpayment that dwarfs the company’s revenue and which the company can never hope to pay back, it often raises the question: who is liable for this alleged debt if the company cannot pay it back? While every company and set of circumstances are different, this question can have a significant impact on how to defend an alleged Medicare overpayment.

Whether the owner, members, or shareholders of the entity that received the alleged overpayment are personally liable generally turns on the corporate nature of the entity. Individually enrolled providers, sole proprietors, and partners in a partnership may generally share liability with the entity that received the overpayment, or may actually be the entity in the case of some individuals. Corporations, LLCs, and other corporate entities may offer more protection for their owners, members, or shareholders, who are generally not liable for the debts of the entity under the principle of “limited liability.” There are exceptions to limited liability which CMS (and other creditors) can attempt to use to collect from owners, but CMS rarely attempts to use these exceptions.

However, owners, members, and shareholders of entities with an alleged Medicare debt should be aware that there may be other impacts. CMS may refer the owner of an entity with an alleged Medicare debt to the OIG for placement on the OIG Exclusion List. CMS may also revoke the current enrollment or deny future enrollment applications of entities affiliated with the owner of an entity with outstanding Medicare debt. Perhaps most importantly, the owner or controller of an entity that knowingly causes the entity to fail to return a Medicare overpayment may create individual liability for themselves under the 60-Day Rule, Civil Monetary Penalties, and – importantly – the False Claims Act. CMS will generally also refer a debt to the US Department of Treasury for collections efforts.

Published on:

In the recently released 2025 Physician Fee Schedule (“PFS”) Final Rule, the Centers for Medicare & Medicaid Services (“CMS”) implemented changes to the 60 Day Rule regarding the return of identified Medicare and Medicaid overpayments. Initially created by the 2010 Affordable Care Act, the 60 Day Rule requires healthcare providers to report and return Medicare and Medicaid overpayments within 60 days of identifying such overpayments. Failing to comply with the 60 Day rule may result in the imposition of a civil monetary penalty or an alleged violation of the Federal False Claims Act.

CMS made two significant changes to the 60 Day Rule in the 2025 PFS Final Rule. First, CMS formalized a six-month period for a good faith investigation before the 60-day clock begins to run. CMS had previously posited in guidance that it believed a provider should generally have up to six months to perform a good faith investigation before the provider is deemed to have “identified” the overpayment. In the 2025 Rule, CMS incorporated this position into the regulation itself, providing that the deadline for reporting and returning an overpayment will be suspended until either the provider completes the investigation or 180 days after the date the overpayment is initially identified, whichever is earlier.

Second, the 2025 Rule dropped the “reasonable diligence” standard and adopted the “knowingly” standard of the False Claims Act. Previously, the provider was deemed to have identified the overpayment if it had or should have determined through reasonable diligence that it had received a quantified overpayment. With the change, the provider will now be deemed to have identified an overpayment when it knowingly receives or retains an overpayment. “Knowingly” is defined by direct reference to the False Claims Act, thus aligning the two standards. Many observers had noted that it was inconsistent for CMS to claim providers would have False Claims Act liability for violating the 60 Day Rule, when the two had different standards. That inconsistency no longer exists.

Published on:

Telemedicine has become an increasingly important part of the healthcare delivery landscape. Since the early stages of the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (“CMS”) have repeatedly issued regulatory flexibilities to allow Medicare to cover certain services provided in whole or in part by telemedicine. One of the most important of these regulatory flexibilities is the expansion of the definition of “direct supervision” to include direct supervision by telemedicine. CMS recently extended the effective period of this expansion through the end of 2025 and hinted at how it may handle direct supervision after that.

CMS has created three levels of supervision: personal, direct, and general supervision. Various services may require one of these levels of supervision in order to be covered by Medicare. Direct supervision is particularly important because it applies to several circumstances, including services provided and billed “incident to” a physician’s service. Click here for an explanation of “incident to” billing. Historically, direct supervision in the office setting has meant that the physician must be present in the office suite and immediately available to furnish assistance and direction throughout the performance of the procedure. It does not mean that the physician must be present in the room when the procedure is performed.

However, during the COVID-19 public health emergency (“PHE”), CMS expanded this definition of direct supervision to provide that the presence of the physician (or other practitioner) includes virtual presence through audio/video real-time communications technology. Audio-only communication is not included. This expansion was intended to be temporary and expires at the end of the PHE. However, it has proved so useful and integral to the delivery of services to Medicare beneficiaries that it has been repeatedly extended, including past the official end of the PHE.

Published on:

Healthcare providers recently secured a significant legal victory regarding the No Surprises Act (NSA) and its independent dispute resolution (IDR) process. While the NSA was designed to protect patients from surprise medical bills, disputes between providers and insurers have persisted, particularly when it comes to the IDR process used to settle payment disagreements. A recent court ruling struck down parts of the IDR rule, handing a win to providers.

The NSA, which took effect in January 2022, was created to protect patients from unexpected medical bills when they receive care from out-of-network providers, especially in emergencies. These surprise bills usually happen when patients unknowingly receive care from out-of-network providers at in-network hospitals or when they don’t have control over which provider they see, typically during an emergency. In general, the NSA stops group health plans and health insurers from billing patients more than their in-network cost-sharing amount for certain out-of-network services, including:

  • Emergency services,
Published on:

Healthcare fraud, waste, and abuse laws apply to any entity doing business in the healthcare space and especially those submitting claims to government healthcare plans or programs, such as Medicare and Medicaid. The three most important and influential healthcare fraud, waste, and abuse laws are the federal laws: the Physician Self-Referral Statute (commonly called the “Stark Law”), the Anti-Kickback Statute (the “AKS”) and the Eliminating Kickbacks in Recovery Act (“EKRA”). Even a simple business arrangement can require a complex analysis where one or more of these statutes is implicated.

The Stark Law (42 U.S.C. 1395nn) prohibits physicians from referring patients to entities providing “designated health services” covered by Medicare or Medicaid if there is a financial relationship between the physician (or their immediate family) and the entity, except under specific exceptions. The financial relationships can cover employment, direct compensation, investment, and others. The Stark Law is somewhat unique because it does not apply to all Medicare or Medicaid services, but only to specific “designated health services” that are listed in statute and regulations. The Stark Law includes several exceptions, such as in-office ancillary services and fair market value compensation, but each element of the exception must be met for it to apply.

Similarly, the AKS (42 U.S.C. 1320a-7b(b)) prohibits the exchange of “remuneration” to influence patient referrals or generate business for services billed to federal healthcare programs. The AKS applies to all services billed to federal healthcare programs, and “remuneration” is broadly defined to include anything of value. The AKS includes several exceptions and “safe harbors.” A safe harbor refers to a set of circumstances defined by regulations where conduct that would otherwise implicate the AKS is nonetheless permissible if it meets all the requirements of the safe harbor.

Published on:

Corporate Practice of Medicine, or CPOM for short, is a legal doctrine that refers to who is authorized to own and operate a medical practice and, specifically, to employ physicians. Most states regulate CPOM in one way or another, on the rationale that physicians should be able to practice medicine free of influence that may be wielded by an employer who is not licensed. As a practical matter, CPOM regulations also usually increase the importance and bargaining power of physicians in business arrangements.

Every state sets its own policy and rules regarding CPOM, but they fall into three broad categories. First, some states have very strict CPOM rules and only allow physicians to be employed by entities that are 100% owned and controlled by other licensed physicians. Second, some states have few or no CPOM restrictions and any entity can employ physicians, regardless of the licensure of ownership or management. Third, most states fall somewhere in the middle. They may require that the entity that employs physicians have a certain percentage of physician ownership, say 51%, while the remainder can be owned by nonphysicians. They may allow multiple types of licensed practitioners to join together in one practice, for example, physicians and podiatrists owning a practice that practices both medicine and podiatry. They may have exceptions that allow certain types of licensed healthcare facilities to employ physicians.

These complex regulations can create a need for complex business arrangements to maintain compliance. One of the most common is the management services organization (MSO) model. Under an MSO model, the medical practice is owned by licensed practitioners as required by the CPOM rules in the particular state. The medical practice then contracts with the MSO, which is generally owned by un-licensed investors, to provide certain management, administrative, and other services in exchange for a management fee.  In addition to the complex business concerns, these arrangements can raise numerous legal and regulatory compliance concerns, including control over the practice and medical decision making, influence of non-licensed investors, control over personnel decisions, fee-splitting concerns, fraud waste and abuse concerns regarding how the management fee is calculated and any other revenue streams or referrals between the entities, and many more. The MSO model, especially variations backed by private equity, has recently come under scrutiny by professional groups and government entities raising these and other issues. Physician practices contemplating such an arrangement should be mindful of both the reasons for such an arrangement and the compliance concerns, CPOM and otherwise, regarding how the arrangement is structured.

Published on:

When a Medicare provider or supplier receives claims denials or an overpayment demand as a result of a Medicare audit, the decision whether and how to appeal the decision, or to simply repay the amount demanded by the Medicare contractor, is usually a business decision. In some cases, it may initially appear that the value of the demand simply does not justify the effort and cost of pursuing an appeal. However, a Medicare provider in this position should be aware that forgoing an appeal may have consequences far above and beyond paying back the amount demanded by Medicare.

In many cases, choosing to forego an appeal is not simply a matter of repaying funds to the Medicare program, but the Centers for Medicare & Medicaid Services (CMS) and its contractors will generally take a decision not to appeal as an admission by the provider that the audit results are correct and that the claims were properly denied. CMS and its contractors may use this perceived admission of ‘guilt’ against a provider later, long after it is far too late for the provider to appeal the audit findings.

For example, a provider may receive a Medicare probe audit. The contractor conducting the probe audit reviews medical records for 10 claims and denies all 10, claiming that the provider did not meet Medicare requirements for coverage. The repayment demand is ‘only’ $3,000. The provider strongly disagrees with the contractor’s allegation, but decides it is not worth it to appeal and simply pays the $3,000. A few months later, the provider receives another probe audit. The contractor reviews 12 claims and denies all 12 for the same reasons as in the first probe audit. Again, the repayment demand is ‘only’ $4,000, so even though the provider strongly believes their claims meet Medicare requirements, the provider chooses to repay the $4,000 rather than expend the time and resources to pursue the lengthy and complex Medicare claims appeal process.

Published on:

In September 2024, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) published a report detailing its recent review of remote patient monitoring (RPM) services furnished to Medicare beneficiaries and recommending additional oversight of RPM services. The OIG’s call for heightened scrutiny in this area is likely an indicator of increased audit activity of providers of these services.

By way of background, remote patient monitoring services typically use digital technologies to collect medical and other forms of health data from a patient in one location and electronically transmit that data to the patient’s healthcare provider in a different location for evaluation and treatment management. In many instances, the data collected is automatically electronically transmitted to providers for review and allows for efficient patient management. In some cases, these technologies can either trigger direct patient engagement or facilitate communication between the patient and provider.

In 2019, the Centers for Medicare & Medicaid Services (CMS) expanded payment for remote patient monitoring services. Shortly thereafter, the availability of Medicare reimbursement for remote monitoring services led to a substantial increase of providers furnishing RPM services. OIG’s report specifically highlights the increase in utilization of RPM services between 2019 and 2022, with Medicare payments for RPM services totaling more than $300 million in 2022, compared to $15 million in 2019.

Published on:

Medicare claims audits can be a complex and frustrating experience for healthcare providers who choose to accept Medicare. If claims are denied during the audit – and they nearly always are – the appeal process can itself take months or years and contains many strategic decisions for a provider to make.

A Medicare audit generally begins when a Medicare contractor requests medical records from a provider. At this stage, it is important to note which type of contractor is making the request (is it a MAC, UPIC, RAC, SMRC, etc.?), which type of review the contractor is performing (pre-payment, post-payment, TPE, PPEO, CERT, is it likely to be statistically extrapolated, etc.?), and any special circumstances of the provider (Has it received similar audits or requests recently? Did it have a recent change of ownership? Does a separate entity possess relevant documentation? Etc.).  Depending on the circumstances of the review, the provider may take additional steps to increase the likelihood that the claims reviewed by the contractor are found payable in the first instance. A provider may choose to submit additional records, retain a clinical expert, engage in additional communication with the contractor, or submit some form of legal brief or position paper. On the other hand, in some cases, it may be more appropriate to simply submit the records and await a response.

If claims are denied during the review, such claims are generally eligible for the Medicare claims appeal process, a complex, 5-step administrative appeals process. First is Redetermination, usually with the same contractor that issued the denials initially. Second is Reconsideration, before a different Medicare contractor. Third is review by an Administrative Law Judge (ALJ), where the provider has the opportunity to conduct a hearing and present witnesses. Fourth is review by the Medicare Appeals Council, the highest level of appeal within the Department of Health and Human Services. Fifth is appeal to federal court, which is usually limited in scope and not appropriate in many cases.

Published on:

The number of Medicare payment suspensions issued by the Centers for Medicare & Medicaid Services (CMS) has grown in recent years. Although generally framed as a temporary and less severe sanction than an outright revocation of Medicare billing privileges, a suspension of Medicare payments can be just as devastating to a Medicare provider or supplier and can in many cases put the provider out of business, leading to significant procedural and due process concerns regarding CMS’ frequent use of payment suspensions.

A Medicare payment suspension is a suspension of a Medicare-enrolled provider or supplier’s ability to receive payment from the Medicare program. Suspensions are usually scheduled to last for 180 days, but they can be extended essentially indefinitely. While a provider may technically continue to treat Medicare patients and submit Medicare claims for payment – the claims simply will not get paid until the suspension ends – for a provider with a high percentage of Medicare patients, a sudden, unforeseen, and indefinite interruption of all Medicare payments can wreak havoc on cash flow and destroy a practice or business as quickly and effectively as any enrollment or licensing sanction. Payment suspensions are also often issued without notice, meaning that a provider’s Medicare payments may abruptly stop, often days before the provider receives a letter informing them of the suspension.

Given the devastating effects of a suspension of Medicare payments, one may think there may be significant procedural, due process, or appeal protections in place for providers. That is not the case. Although federal law only explicitly authorizes CMS to issue payment suspensions where there is a “credible allegation of fraud,” CMS has implemented regulations that also give it the authority to suspend payments any time CMS believes it has “reliable information that an overpayment exists” and that broadly expand the definition of what constitutes a “credible allegation of fraud.” These regulations also give CMS extremely broad authority to issue suspensions without first notifying the provider, while giving the provider very limited appeal rights.

Contact Information