Articles Posted in Compliance

Published on:

On July 15th, 2022, the U.S. Department of Health and Human Services (HHS) extended the COVID-19 Public Health Emergency by another 90 days. The Public Health Emergency has allowed HHS and various federal agencies to issue waivers of regulatory requirements to ensure that providers have greater flexibility with several issues, including reporting requirements and telehealth reimbursement as the Pandemic grew increasingly dangerous.

The Public Health Emergency has existed since January 27th of 2020. After the last extension of the Public Health Emergency in April of 2022, HHS Secretary Xavier Becerra assured that there will also be a 60-day notice to providers nationwide when HHS decides to terminate the Public Health Emergency.

Although the Public Health Emergency has been extended, it is important to note that the Centers for Medicare and Medicaid Service (CMS) has already started to end some of the regulatory flexibilities implemented during the Public Health Emergency. We discussed the termination of some of these blanket waivers in a previous blog post. Providers who are relying on any of the regulatory waivers should verify whether the waivers remain in effect or have been ended prior to the end of the Public Health Emergency.

Published on:

On July 20, 2020, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a special fraud alert targeting remuneration paid to physicians and other practitioners by telemedicine companies. As telemedicine use has increased exponentially over the last two years, so too have the proliferation of telemedicine marketing arrangements and the prosecution of these arrangements by OIG and federal law enforcement. OIG issued the fraud alert in conjunction with the announcement of a new $1.2 billion enforcement action regarding alleged telemedicine fraud.

Generally, the arrangements at issue involve a telemedicine company that may recruit both patients and physicians (or other practitioners). The telemedicine company then pays the physician to review some form of medical record, possibly contact the patient, and order some product or service, generally durable medical equipment (DME) or laboratory testing. OIG has taken the position that the fees paid to physicians and practitioners under these arrangements may constitute unlawful “remuneration” meant to induce or reward referrals under the Anti-Kickback Statute (AKS). Pursuant to the AKS, it is unlawful to knowingly and willfully solicit, receive, offer, or pay any remuneration to induce or reward, among other things, referrals for, or orders of, items or services reimbursable by a federal health care program.

OIG drafted the alert as a notice to physicians and other practitioners to be wary of certain characteristics in these arrangements. OIG outlined several ‘suspect characteristics’ that it believes may increase the risk of fraud and abuse in telemedicine arrangements:

Published on:

This spring, the Department of Justice (DOJ) intervened in a two-year-old qui tam whistleblower lawsuit against a hospital and oncology practice in Memphis, Tennessee. DOJ accused the hospital of violating the Anti-Kickback Statute (AKS) and the False Claims Act (FCA) by paying the oncology practice for its patient referrals. The hospital and the practice have maintained that the complex series of contracts between them represented a lawful business relationship meant to create a new cancer treatment center.

The AKS is a criminal statute that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by federal health care programs. Remuneration goes beyond cash payments and includes anything of value. If the AKS applies, conduct may still be lawful if it falls into one of several “safe harbors.” Some of the most common safe harbors are the investment interest safe harbor, specific types of rental agreements for office space or equipment, and contracts for personal services that meet certain criteria. The AKS is often enforced in conjunction with the FCA, which imposes civil liability for knowingly submitting false claims to the government. Importantly, the FCA carries severe consequences, including treble damages and a per-claim penalty that increases each year with inflation ($12,537 per claim for 2022).

In this case, the arrangement between the hospital and practice involved several distinct agreements. First, the hospital purchased many of the assets of the practice, including offices and equipment. Second, the hospital leased approximately 200 physician and non-physician employees from the practice. These first two agreements were supported by fair market value (FMV) opinions. Third, the hospital paid the physicians for management services under a Management Services Agreement (MSA). Lastly, the hospital made a several-million-dollar investment in a for-profit research entity controlled by the practice’s owners.

Published on:

SMRC audits can be a difficult and baffling ordeal for a provider. They can last for months or years with very little information provided to the healthcare provider but can have devasting impacts. The Supplemental Medical Review Contractor, or SMRC, is a contractor with the Centers for Medicare & Medicaid Services (CMS) that performs a variety of Medicare and Medicaid audit and medical review tasks. Noridian Healthcare Solutions, which is also a Medicare Administrative Contractor (MAC), was selected as the SMRC in 2018 and remains the current SMRC.  The SMRC conducts nationwide medical reviews of Medicare Parts A and B, DMEPOS, and Medicaid claims for compliance with coverage, coding, payment, and billing requirements.

The SMRC’s audit areas are chosen by CMS and are referred to as “projects.” The focus of the medical reviews may include areas identified by CMS data analysis, the Comprehensive Error Rate Testing (CERT) program, professional organizations, and federal oversight agencies. At the request of CMS, the SMRC may also carry out other special projects. Not every SMRC project is created equal. Some SMRC projects are intended as program integrity audits to identify suspected fraud or are intended as medical necessity reviews to identify overpayments, while other SMRC projects are simply data collection and analysis meant to inform future CMS policy. Where a provider is subject to a SMRC audit, knowing which project the audit falls under can provide valuable information.

Where CMS assigns a project to a SMRC, the SMRC first sends targeted providers an Additional Documentation Request (ADR) letter, usually  in a distinctive green envelope with the Noridian SMRC logo. Upon receipt of the requested medical records and/or supporting documents, the SMRC conducts the review based on the analysis of national claims data, statutory and regulatory coverage, and coding, payment, and billing requirements. Once the review is complete, the provider should receive a Review Results Letter. A provider may sometimes be given 14 days to request a voluntary Discussion and Education session with the SMRC. The provider generally also can appeal the SMRC’s findings directly to the SMRC. Where a SMRC denies an appeal, it may refer the matter to the local MAC to collect the alleged overpayment, which is generally subject to the Medicare claims appeal process. If the SMRC suspects fraud, it may also refer the matter to CMS or other government agencies.

Published on:

Healthcare providers are often required to collect co-pays, deductibles, or coinsurance payments from patients. These requirements may be imposed by participation agreements with commercial insurers or, in the case of Medicare and Medicaid, federal and state laws or regulations. It can be tempting to waive copays and other amounts due from patients because it improves patient relationships and may lead to more business. However, waiving copays and the like can implicate beneficiary inducement laws, the Anti-Kickback Statute, the Civil Monetary Penalties Statute, the False Claims Act, and other laws.

While there are some legitimate reasons to waive copays, in most cases, the provider must attempt to collect from the patients. Where a provider attempts to collect copays and other amounts from patients but is unsuccessful and there is no other legitimate reason to waive the copay, what collection efforts are providers required to use to comply with the laws listed above and avoid accusations of waiving copays?

In general, a healthcare provider must use “reasonable collection efforts” to collect copays and the like from patients. Some actions that a provider may consider are: sending multiple bills or invoices to the patient, collections or demand letters, phone calls to or personal contact with the patient, use of a collections agency, threats of litigation, drafts of litigation documents to send to the patient, and initiation of litigation against the patient. Some of these measures are draconian and may well cost more than the copay to be collected. While the size of the amount to be collected can be a factor in determining what collection efforts are “reasonable,” in nearly every case, the provider must make some attempt to collect. That is, a provider generally cannot refuse collection efforts simply because the amount due is small.  Further, a provider’s collection policy generally must be the same for all patients, regardless of the payor.

Published on:

A new study supports the growing perception that clinical laboratories will see an increase in audits from commercial insurance companies as the COVID-19 pandemic recedes. These audits will likely focus on a few particular areas of the COVID-19 testing services that clinical labs have developed and provided over the past two years.

The study reviewed lab revenue in Hawaii from May to December 2020 and is likely applicable to labs in other insurance markets. The study indicated strong growth in lab revenue from PCR tests and significant profit margins from PCR tests. Because federal law, namely the CARES Act, requires commercial insurers to cover COVID-19 testing without co-pays or other costs to the beneficiary, this increase in lab revenue will generally translate to higher costs for insurance companies. Further, when Congress passed the CARES Act, it did not provide funding to insurance companies for this coverage mandate. Many have long predicted that this would lead to increased costs for insurers, which would likely be passed on to members through higher premiums. Many insurance companies have pushed back against this coverage mandate since it was enacted.

Part of the pushback from commercial insurance companies has been to audit labs in an effort to deny claims for COVID-19 testing and to claw-back funds paid to labs for COVID-19 testing. These audits tend to focus on one or more of several issues: testing for a covered purpose, testing for travel, individualized clinical assessments, standing orders, posted cash prices, and collection codes. Some labs are particularly vulnerable to these audits because, during the pandemic, many labs rushed to invest and develop COVID-19 testing capability and capacity. Meanwhile, guidance regarding the CARES Act and the circumstances under which insurance companies are required to cover COVID-19 testing came out piecemeal and changed frequently as it developed. Due to these factors, labs may have high volumes of tests that represent a good-faith, best effort at complying with the CARES Act at the time the tests were performed, but may have compliance vulnerabilities as the law is currently understood.

Published on:

CMS uses a tool known as Comparative Billing Reports, or CBR, to analyze a provider’s billing or prescribing patterns. After collecting each provider’s patterns in a certain Medicare Fee-for-Service area, these patterns are then compared to those of peers in the same state, in the same specialty, and across the country. Accumulating these patterns allows CMS to estimate average billing and prescribing patterns are for providers. It also helps determine which providers may be outliers. These outliers are often informed of their status in order to encourage adjustments in billing practices if necessary. Sometimes, CMS develops “Special Edition” CBRs which give more extensive resources to a particular subset and could include up to 4 letters. Though the CBR letters generally require no response from the provider, it is important to take the information into consideration to avoid complications or possible audits in the future. Under some circumstances, a provider may also choose to follow-up or refute any inaccurate information in a CBR letter.

Recently, CMS released a new CBR letter to critical care providers who were considered after the latest CBR data accumulation. This data came from all dates of service during the year 2021 and the trend was established by looking at cumulative data from 2019 to 2021. According to the letter, the criteria for receiving the latest CBR are that a provider:

    • 1. Is significantly higher compared to either state or national averages in any of the three metrics (i.e., greater than or equal to the 90th percentile), and
Published on:

Healthcare providers have long struggled under the administrative burden of prior authorization requirements imposed by Medicare Advantage (MA, also known as Medicare Part C) plans, as well as arbitrary prior authorization denials, utilization controls, and coverage denials by MA plans. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently took note of some of the issues providers are having with MA plans and may present a new avenue for providers dealing with these issues.

A recent OIG review of MA prior authorization requirements revealed that an estimated 13% percent of prior authorization requests which were denied by MA plans in fact met Medicare coverage rules and likely would have been approved under fee-for-service Medicare. OIG also determined that about 18% of MA claim denials in fact met Medicare coverage and Medicare Advantage billing rules. Further, OIG found that, on appeal, MA plans only reverse about 3% of prior authorization denials and about 6% of claim denials within three months. According to OIG’s analysis, advanced imaging services such as MRIs and CT scans, post-acute care following hospital stays, and pain relief injections were the most commonly affected services.

MA plans are generally required to follow Medicare coverage rules and their standards can’t be more restrictive than Medicare’s traditional national or local coverage determinations. However, MA plans often deny claims for arbitrary reasons, impose coverage criteria that do not exist under Medicare, or attempt to force provider to alter their utilization of medically necessary services to meet the MA plan’s arbitrary expectations. Moreover, the appeals processes offered by MA plans are often poorly defined and inconsistently administered.

Published on:

The COVID-19 pandemic has brought seismic changes to the clinical lab industry. High demand for COVID-19 testing services, tremendous amounts of funding, and rapidly changing government regulations have created opportunity for clinical labs, but also new compliance and audit challenges. As the dust settles and government entities and commercial insurers review lab claims for COVID-19 testing over the past two years, these are some of the audit and compliance challenges labs may face.

Early in the pandemic, Congress required commercial insurers to cover certain claims for COVID-19 testing. However, Congress did not provide the insurers with funds to cover the cost of this mandate and some insurers have pushed back against lab claims for COVID-19 testing. Under the federal coverage mandate, insurers are generally required to cover tests that are for the diagnosis of COVID-19 where there is an “individual clinical assessment” by an authorized provider that testing is appropriate. Testing for travel, return to work/school, and general screening purposes is generally not required to be covered, although insurers may choose to cover it. Insurers that chose to cover only what they are legally required to cover may audit labs for providing testing for an uncovered purpose. Testing for travel is sometimes a contentious issue because, depending on the circumstances, it may constitute uncovered general screening, or, in the case of people who were exposed while travelling or who were unable to social distance per CDC guidelines while traveling, may constitute circumstances where testing would be covered.

Further, insurers may audit labs based on the requirement for an “individualized clinical assessment,” including whether the practitioner was authorized, whether the order for testing was within the scope of state law, whether the assessment was conducted by telemedicine or by a questionnaire, and what rules apply where a state does not or did not require an order for COVID-19 testing.

Published on:

As telemedicine becomes an increasingly popular method for connecting patients with healthcare providers, many providers are becoming interested in expanding the reach of their telehealth practices across state lines. Although technological advancements have helped providers communicate with patients remotely, state and federal regulations add additional considerations for practicing across multiple states.

Generally, healthcare providers will provide telehealth services to patients located within their own state. Most states allow for telehealth services and will allow state-licensed providers to provide telehealth services within the state in which they are licensed. State licensure requirements become more complex when an out-of-state provider wishes to provide telehealth services to a patient located in another state.

Telehealth services are generally considered to be performed at the patient’s physical location, which usually means that the provider must be licensed in the patient’s home state. Although the COVID-19 pandemic caused several states to temporarily waive some licensing requirements for cross-state telehealth services, many of those waivers has since expired.

Contact Information