Articles Posted in Compliance

Published on:

In January 2023, the U.S. Department of Health and Human Services (HHS) through the Centers for Medicare & Medicaid Services (CMS) issued a final rule implementing policies for the Medicare Advantage (MA) Risk Adjustment Data Validation (RADV) program. The RADV program is CMS’s primary audit and oversight tool of MA program payments. Under the RADV program, CMS identifies improper risk adjustment payments made to Medicare Advantage Organizations (MAOs) in situations where medical diagnoses submitted for payment allegedly were not supported in the beneficiary’s medical record.  The RADV final rule is oriented to ensure that Medicare recipients have access to the benefits and services they need, including under MA plans, while protecting the fiscal administration of the Medicare program by aligning CMS’s oversight of traditional Medicare and MA programs.

Under the final rule, CMS will not extrapolate audit findings for payment years 2011 through 2017, and will collect only non-extrapolated overpayments for those plan years. This is a notable departure from previous rulemaking, which proposed to apply extrapolation beginning in payment year 2011. Audit extrapolations will begin with the plan year 2018 RADV audit using any extrapolation technique that is statistically valid. CMS has indicated that the audits will center on plans identified as highest risk for improper payments. CMS also stated its intention that, while they are not required to do so, CMS will continue to disclose their extrapolation methodology to MAOs in order to provide MAOs with information sufficient to understand the means by which CMS extrapolated the RADV payment error.

The final rule also solidifies the proposed policy that CMS will not apply a fee for service (FFS) adjuster in RADV audits. The final rule explains that the requirement for actuarial evidence in MA payments applies to how CMS risk-adjusts the payments it makes to MAOs, and not to the obligation to return overpayments for unsupported diagnosis codes, including overpayments identified during a RADV audit. Additionally, CMS has expressed that it does not believe that it is reasonable to interpret the relevant provisions in the Social Security Act as requiring a reduction in payments to MAOs by a statutorily set minimum adjustment in the coding pattern adjustment, while at the same time prohibiting CMS from paying at those reduced rates by mandating a FFS adjuster for RADV audits. In light of these recently finalized policies, MAOs should take steps to ensure compliance with the Medicare program in order to be fully prepared for increased audits of MA plans.

Published on:

As the COVID-19 public health emergency (PHE) gets extended yet again and while the healthcare industry continues to grapple with the numerous changes and developments over the past several years, providers should gear up for an uncertain landscape in 2023. Between the massive influx of providers implementing telehealth services and the countless unprecedented changes and reforms within the healthcare industry as a whole, the PHE has continued to be a constant, underlying source of uncertainty for providers when it comes to compliance and government imposition. There are several focus areas that healthcare providers in 2023 should approach with caution and this blog will briefly discuss some of those areas.

The COVID-19 pandemic ushered in a nationwide shift in how providers deliver healthcare services, as services delivered via telehealth became more widely utilized and more readily covered by governmental and commercial payors. However, some of the fundamental regulatory flexibilities and policy waivers that made this shift possible are temporary, which creates an unpredictable environment for providers in 2023. To make matters more complex, telehealth services have been an area of increased scrutiny by enforcement agencies and appear to remain a focus of future enforcement action. Moreover, the increased prevalence of telehealth services raises data privacy concerns generally, but in particular for providers subject to HIPAA. When the PHE does inevitably come to an end, so too will some of the flexibilities that allow HIPAA-covered providers to accessibly provide telehealth services without greater data privacy controls. Providers should take the opportunity to analyze possible changes to their data privacy practices to ensure compliance following the end of the PHE.

Over the course of the past several years, providers have seen heightened levels of government enforcement activity related to alleged fraud and abuse within the healthcare industry, and it does not appear to be slowing down any time soon. In 2021 alone, the Department of Justice (DOJ) generated $5.6 billion in False Claims Act (FCA) settlements and judgments. As several of the Department’s stated priorities have not changed since February 2022, providers can expect to see continued enforcement action in areas such as opioid abuse, Medicare managed care (Part C), and audits looking for allegedly medically unnecessary services. Furthermore, a series of memoranda issued by current and past attorneys general seem to sway back and forth concerning the limitations on the uses of sub-regulatory guidance in FCA cases, adding even greater uncertainty to future fraud and abuse enforcement activity.

Published on:

Recently, in Advisory Opinion 22-20, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) approved an acute care hospital’s arrangement in which its employed nurse practitioners (NPs) perform certain services that the patients’ primary care physicians traditionally perform. This opinion may present opportunities for providers because it represents a departure from OIG’s typical approach to arrangements involving remuneration from a hospital to a referring physician and demonstrates OIG’s emphasis on healthcare providers offering quality care to federal healthcare program beneficiaries. However, it must be noted that this opinion’s efficacy is limited only to the federal Anti-Kickback Statute. Other laws, such as the federal physician self-referral law or Stark Law, may pose significant risk factors to similar arrangements. Also, Advisory Opinions are only binding on OIG in regarding the specific arrangements review, but they can be a source of guidance regarding other arrangements.

Under the proposed arrangement, the Requestor is an acute care hospital that provides inpatient and outpatient hospital-based services and which seeks to use its employed NPs to perform various tasks for the patients, who are inpatients or in observation status in two designated medical units and who are admitted by physicians that participate in the Requestor’s program. Participating physicians are predominantly primary care physicians, although the hospital makes the services available for all physicians who regularly admit patients to the designated medical units. The hospital does not take into account a physician’s volume or value of referrals in considering the physician for participation.

The arrangement is limited to two general care units and does not extend to surgical or specialty care units. Under the arrangement, the NPs perform various tasks in communication and collaboration with the physicians that the physicians would normally perform. Such tasks include initiating plans of care, educating patients and families, and arranging for follow-up laboratory or imaging studies, among others. The patients seen by the NPs are under active evaluation and require ongoing medical attention, thus the arrangement allows them to be diagnosed and treated more quickly. The treating physicians remain ultimately responsible for the patients’ care and must still round on their patients daily. The physicians also cannot bill for the NPs’ services. The hospital neither makes payments to the treating physicians under the arrangement nor separately bills any payor for the NPs’ services.

Published on:

Recently, the Centers for Medicare & Medicaid Services (CMS) published its Final Rule implementing changes to the Medicare Physician Fee Schedule for CY 2023. In addition to recent clinical laboratory updates, the Final Rule also includes certain changes regarding billing and reimbursement for telehealth services and gives providers guidance on transitioning away from the flexibilities that arose out of the COVID-19 public health emergency (PHE).

In determining whether new telehealth services may be included on the list of Medicare-covered codes, CMS assigns each potential addition to one of three defined categories. Category 1 services are those similar to professional consultation, office visits, and office psychiatry services already on the approved telehealth list. Category 2 services, which are not similar to services already on the approved telehealth list, are assessed by CMS to determine whether there is evidence of clinical benefit to patients when the service is provided via telehealth. Category 3 encompasses services added on a temporary basis during the PHE that would facilitate continued access to medically necessary services during the pandemic, but for which there is insufficient evidence to evaluate the services for permanent addition under Category 1 or Category 2 criteria.

In the Final Rule, CMS made the following changes with respect to the approved Medicare Telehealth Services List:

Published on:

Medicare Advantage (MA) plans are learning what Medicare providers have long known about the flawed way in which Medicare uses statistical extrapolation in its audits. The Centers for Medicare & Medicaid Services (CMS) has indicated that, for the first time, it intends to apply statistical extrapolations to overpayments and other payment errors by MA plans, which were uncovered in recently released federal audits. CMS conducted 90 audits of MA plans examining billings for approximately 18,000 patients from 2011 through 2013 that resulted in a finding of about $12 million in net overpayments associated with the plans. CMS now intends to extrapolate the results of those audits across the entire membership of each plan – likely millions of patients – and recoup from the plans an estimated $650 million of total overpayments, which CMS has indicated it intends to recoup even though no action has been taken since the audits were conducted.

These circumstances and the issues that the MA plans are pointing out with Medicare’s extrapolation methodology may sound familiar to any Medicare provider that has been subjected to an extrapolated Medicare audit. CMS, its contractors, and other federal agencies, such as the Department of Health and Human Services (HHS) Office of Inspector General (OIG), have used statistical extrapolation against Medicare providers for decades, while strong opposition from the insurance industry has kept it from being applied to audits of MA plans. However, the recent growth of MA plans and the recent release of some CMS audit results have led CMS to begin to apply it to MA plans.

While statistical extrapolation can be a valid and useful auditing tool where the auditor carefully employs sound statistical principles and valid methodologies, Medicare extrapolations are often sloppy, imprecise, and difficult to challenge. As MA plans are now learning, Medicare extrapolations (especially those conducted by contractors) often include errors that skew the results, overestimate the alleged overpayment, or would render the extrapolation outright invalid in an academic or accounting setting, including: over-sampling high-value claims, double-counting claims, using a sample that does not represent the universe to which it is extrapolated, combining dozens of unrelated services or codes into a single sample frame or universe, ignoring information in favor of the provider, failure to use stratification or cluster sampling where the data set used demands it for precision, unacceptably low levels of precision, and demands for astronomical and business-shattering overpayments after having actually reviewed only a small number of claims. Moreover, HHS’s reviewers – who are charged with reviewing these audits for accuracy – will often bend over backwards to explain why an error-riddled extrapolation was appropriate, while the agency has built a fortress of regulations, caselaw, and manual provisions that make it very difficult to challenge even the most flawed extrapolations.

Published on:

On November 2, 2022, the Centers for Medicare & Medicaid Services (CMS) published its Final Rule implementing changes to the Medicare Physician Fee Schedule for CY 2023. Included within this Final Rule are important changes for clinical laboratories that will take effect on January 1, 2023.

There are two notable changes affecting clinical labs included in the Final Rule. First, CMS is implementing congressionally mandated changes to the Protecting Access to Medicare Act (PAMA) reporting regulations, which updates reporting timelines and limits the phase-in of laboratory test payment reductions. Laboratories should take steps to have their 2019 data accessible and prepare to report before the March 31, 2023 deadline. Second, CMS is issuing regulations to both codify and modify policies on billing Medicare for specimen collection fees and travel allowances. The changes also increase specimen collection payment rates that had previously remained unchanged for years. Specifically, as it relates to specimen collection, the changes may affect codes 36415, G0471, P9612, and P9615, but do not appear to relate to codes G2023 and G2024. As the regulations relate to travel allowances, the changes may affect codes P9603 and P9604.

Following the implementation of PAMA in 2014, Medicare has set the clinical laboratory fee schedule (CLFS) rates based on data reported by applicable laboratories on the payment rates they receive from commercial payors. The initial reporting period occurred in early 2017 based on data from 2016. However, the second reporting period was delayed due to the COVID-19 public health emergency, which was intended for early 2020. Thus, CMS is revising the definitions of “data collection period” and “data reporting period” to specify that for the data reporting period of January 1, 2023 through March 31, 2023, the data collection period is January 1, 2019 through June 30, 2019. Moreover, CMS clarified that data reporting is required every three years beginning January 2023. As a result, CLFS payment rates for CY 2024 through CY 2026 will be based on data collected in the first half of 2019 and reported in early 2023.

Published on:

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced several new changes in its Work Plan update for November 2022. The OIG Work Plan forecasts the projects that OIG plans to implement over the foreseeable future. These projects usually include OIG audits and evaluations. Below are the highlights from the Work Plan update of which providers and suppliers should take notice.

First, OIG will conduct a targeted audit of Medicaid nursing facilities’ use of funds related to direct patient care. In carrying out this audit, OIG plans to select three facilities in selected states to determine what percentage of Medicaid nursing facility revenue is being expended on direct patient care. The three facilities selected for review will be composed of one of each of the following types: for-profit, not-for-profit, and governmental.

Second, OIG will perform a nationwide audit of inpatient rehabilitation facilities (IRFs). In prior years, IRF claims audits and Hospital Compliance audits that include IRF claims have revealed alleged high error rates related to IRF stays which did not support that the IRF care was reasonable and necessary in accordance with Medicare requirements. In response to these findings, IRF stakeholders have asserted that Medicare audit contractors and OIG have misconstrued the IRF coverage regulations. OIG plans to utilize this planned nationwide audit to better understand which claims IRFs believe are properly payable by Medicare and whether there are areas in which CMS can clarify Medicare IRF claims payment criteria. This audit will be an independent performance audit in accordance with Generally Accepted Government Auditing Standards.

Published on:

Recently, a federal court in Oregon held that healthcare entities, including hospitals, are legally obligated to report to the National Practitioner Data Bank (NPDB) where a practitioner surrenders their clinical privileges while under investigation, even if the physician did not know that he or she was under investigation.

The Department of Health and Human Services (HHS) originally established the NPDB pursuant to the Health Care Quality Improvement Act of 1986 (HCQIA) in order to collect and release certain information relating to the professional competence and conduct of physicians, dentists, and other healthcare practitioners. Under the Act, healthcare entities, particularly hospitals, are generally required to disclose the acceptance of the surrender of clinical privileges of a physician while the physician is under an investigation by the hospital relating to alleged incompetence or improper professional conduct. The overarching goal of this provision was to close a loophole where physicians under investigation and healthcare entities would resort to “plea bargains” in which a physician agreed to such a surrender in return for the healthcare entity’s promise not to inform other healthcare entities about the circumstances of the physician’s surrender of privileges.

In the recent case, a hospital reported to the NPDB that a physician surrendered his privileges with the hospital while the physician was under investigation. The physician sought a preliminary injunction ordering the hospital to withdraw the report and argued that the report was false because he was not under investigation when he surrendered his privileges since the hospital officials allegedly failed to comply with the hospital’s policies before an investigation had begun. The court stated that for NPDB reporting purposes, the term “investigation” is not controlled by how that term may be defined in a healthcare entity’s bylaws or policies. Rather, that term is viewed expansively for NPDB reporting purposes, and is considered to run from the start of a general inquiry until a final decision on a clinical privileges action is reached. Notably, the court implied that the result would be the same even if the physician was not aware that he was under investigation, since there is no requirement in the context of NPDB reporting that the healthcare practitioner be notified or aware of the investigation. Thus, the court ultimately disagreed with the physician and upheld the hospital’s report.

Published on:

In a recent news release, the Department of Health and Human Services’ (HHS) Centers for Medicare & Medicaid Services (CMS) announced revisions to the Special Focus Facility Program (SFFP), which addresses poor nursing home performance, that will have the effect of increased scrutiny of these troubled facilities. According to CMS, nursing homes that consistently perform poorly in comparison to their peers will be required to comply with stricter standards and demonstrate systemic quality improvements in order to avoid enforcement actions, including exclusion from the Medicare and Medicaid programs.

The increased scrutiny stems from the Biden Administration’s recently announced plan for reforms to nursing home conditions and complicated ownership structures that HHS contends impede oversight of skilled nursing facilities. The focus of the reforms is to increase nursing home quality and safety by requiring minimum staffing levels, enhanced infection control measures, and oversight of nursing homes owned by for-profit companies, among other policies. There are currently 88 nursing homes with persistent records of noncompliance participating in the SFFP in 2022, representing about 0.5% of all nursing homes. In order to complete the program, nursing homes must pass two consecutive inspections that occur approximately every six months. Under the revised program, nursing homes will not be allowed to exit the program if inspections reveal more than a certain number of deficiencies, or if facilities have not significantly improved.

CMS recommends that skilled nursing facilities work with quality improvement organizations and external consultants to implement evidence-based interventions and make meaningful changes to staffing and leadership. State Survey Agencies are also advised to take nursing homes’ staffing levels into consideration, in addition to their compliance histories, when selecting candidates for the SFFP. If nursing homes demonstrate continued noncompliance with the quality rules or fail to demonstrate efforts to improve, CMS has indicated that it will impose severe enforcement sanctions, such as discretionary denials of payment for new admissions, civil monetary penalties, or directed plans of correction. Importantly, any facilities cited for “immediate jeopardy” deficiencies in two surveys while participating in the SFFP may be terminated from the Medicare and Medicaid programs. Lastly, CMS is extending the monitoring period for possible enforcement actions against nursing homes that have successfully completed the SFFP if their performances decline after they are no longer subject to the extra oversight. Nursing homes participating in the SFFP should be aware of the heightened scrutiny that they will be subject to and take actions to ensure compliance with the quality standards, staffing requirements, and other key focus areas under the revised program.

Published on:

On October 3, 2022, the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report detailing OIG’s findings related to the efficacy of the Unified Program Integrity Contractor (UPIC) program. As many healthcare providers may know, UPICs are the primary program integrity contractors for the Centers for Medicare & Medicaid Services (CMS) and the only program integrity contractors with authority to review both Medicare and Medicaid claims. UPICs are tasked with investigating instances of suspected fraud, waste, and abuse in the Medicare and Medicaid programs. However, much of their work amounts to medical review and payment recovery, as their investigations rarely identify meaningful fraud, although it can cause tremendous damage to a provider when the UPIC accuses a provider of fraud

OIG conducted a qualitative study of each of the five UPICs’ 2019 activities, including surveying each UPIC to find out about the challenges they faced in performing program integrity activities. OIG also solicited input from CMS about the effects of the unification of Medicare and Medicaid program integrity activities, how CMS measures the effectiveness of UPICs, and any challenges UPICs face in conducting their work. Notably, OIG did not assess whether UPICs were appropriately targeting providers with audits and suspensions, or whether UPIC findings were upheld on review by other contractors or Administrative Law Judges in the administrative appeals process. Rather, OIG’s report seems to imply that more auditing is always better, regardless of its efficacy or its impact on healthcare providers.

As a result of the study, OIG found that UPICs conducted substantially more Medicare program integrity work compared to Medicaid work. The study revealed that UPICs conducted only minimal activities related to Medicaid managed care, even though most Medicaid enrollees receive services through managed care. OIG further noted that UPICs reported no data analysis projects completed or vulnerabilities identified related to Medicaid managed care in 2019. Overall, UPICs conducted disproportionately fewer Medicaid activities compared to the levels of funding they receive from CMS for Medicaid program integrity activities.

Contact Information