Articles Posted in Medicare

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced several new changes in its Work Plan update in August 2022. The OIG Work Plan forecasts the projects that OIG plans to implement over the foreseeable future. These projects usually include OIG audits and evaluations. Below are the highlights from the Work Plan update of which providers and suppliers should take notice.

First, OIG will perform an audit of selected HHS divisions to evaluate the effectiveness of security controls to determine whether service providers are identifying and reporting cybersecurity events. The audit seeks to ensure HHS’s compliance with the Federal Information Security Management Act and OMB Circular A-130 which requires Federal agencies to ensure that service providers meet the security requirements for transmitting, processing, or storing Federal information.

Second, OIG will perform a nationwide review of skilled nursing facility (SNF) costs for services, facilities, and supplies furnished by entities with common ownership with the SNF. Medicare regulations require that the cost of services, facilities, and supplies furnished to a provider by an organization under common ownership or control be the same or lower than the cost of comparable services and supplies purchased elsewhere. Accordingly, the review will compare these costs to determine whether skilled nursing facilities are reporting these related-party costs in accordance with the Medicare regulations. The review will also consider how a skilled nursing facility’s allocation of Medicare funds can impact beneficiary care.

SMRC audits can be a difficult and baffling ordeal for a provider. They can last for months or years with very little information provided to the healthcare provider but can have devasting impacts. The Supplemental Medical Review Contractor, or SMRC, is a contractor with the Centers for Medicare & Medicaid Services (CMS) that performs a variety of Medicare and Medicaid audit and medical review tasks. Noridian Healthcare Solutions, which is also a Medicare Administrative Contractor (MAC), was selected as the SMRC in 2018 and remains the current SMRC.  The SMRC conducts nationwide medical reviews of Medicare Parts A and B, DMEPOS, and Medicaid claims for compliance with coverage, coding, payment, and billing requirements.

The SMRC’s audit areas are chosen by CMS and are referred to as “projects.” The focus of the medical reviews may include areas identified by CMS data analysis, the Comprehensive Error Rate Testing (CERT) program, professional organizations, and federal oversight agencies. At the request of CMS, the SMRC may also carry out other special projects. Not every SMRC project is created equal. Some SMRC projects are intended as program integrity audits to identify suspected fraud or are intended as medical necessity reviews to identify overpayments, while other SMRC projects are simply data collection and analysis meant to inform future CMS policy. Where a provider is subject to a SMRC audit, knowing which project the audit falls under can provide valuable information.

Where CMS assigns a project to a SMRC, the SMRC first sends targeted providers an Additional Documentation Request (ADR) letter, usually  in a distinctive green envelope with the Noridian SMRC logo. Upon receipt of the requested medical records and/or supporting documents, the SMRC conducts the review based on the analysis of national claims data, statutory and regulatory coverage, and coding, payment, and billing requirements. Once the review is complete, the provider should receive a Review Results Letter. A provider may sometimes be given 14 days to request a voluntary Discussion and Education session with the SMRC. The provider generally also can appeal the SMRC’s findings directly to the SMRC. Where a SMRC denies an appeal, it may refer the matter to the local MAC to collect the alleged overpayment, which is generally subject to the Medicare claims appeal process. If the SMRC suspects fraud, it may also refer the matter to CMS or other government agencies.

Healthcare providers are often required to collect co-pays, deductibles, or coinsurance payments from patients. These requirements may be imposed by participation agreements with commercial insurers or, in the case of Medicare and Medicaid, federal and state laws or regulations. It can be tempting to waive copays and other amounts due from patients because it improves patient relationships and may lead to more business. However, waiving copays and the like can implicate beneficiary inducement laws, the Anti-Kickback Statute, the Civil Monetary Penalties Statute, the False Claims Act, and other laws.

While there are some legitimate reasons to waive copays, in most cases, the provider must attempt to collect from the patients. Where a provider attempts to collect copays and other amounts from patients but is unsuccessful and there is no other legitimate reason to waive the copay, what collection efforts are providers required to use to comply with the laws listed above and avoid accusations of waiving copays?

In general, a healthcare provider must use “reasonable collection efforts” to collect copays and the like from patients. Some actions that a provider may consider are: sending multiple bills or invoices to the patient, collections or demand letters, phone calls to or personal contact with the patient, use of a collections agency, threats of litigation, drafts of litigation documents to send to the patient, and initiation of litigation against the patient. Some of these measures are draconian and may well cost more than the copay to be collected. While the size of the amount to be collected can be a factor in determining what collection efforts are “reasonable,” in nearly every case, the provider must make some attempt to collect. That is, a provider generally cannot refuse collection efforts simply because the amount due is small.  Further, a provider’s collection policy generally must be the same for all patients, regardless of the payor.

CMS uses a tool known as Comparative Billing Reports, or CBR, to analyze a provider’s billing or prescribing patterns. After collecting each provider’s patterns in a certain Medicare Fee-for-Service area, these patterns are then compared to those of peers in the same state, in the same specialty, and across the country. Accumulating these patterns allows CMS to estimate average billing and prescribing patterns are for providers. It also helps determine which providers may be outliers. These outliers are often informed of their status in order to encourage adjustments in billing practices if necessary. Sometimes, CMS develops “Special Edition” CBRs which give more extensive resources to a particular subset and could include up to 4 letters. Though the CBR letters generally require no response from the provider, it is important to take the information into consideration to avoid complications or possible audits in the future. Under some circumstances, a provider may also choose to follow-up or refute any inaccurate information in a CBR letter.

Recently, CMS released a new CBR letter to critical care providers who were considered after the latest CBR data accumulation. This data came from all dates of service during the year 2021 and the trend was established by looking at cumulative data from 2019 to 2021. According to the letter, the criteria for receiving the latest CBR are that a provider:

• • 1. Is significantly higher compared to either state or national averages in any of the three metrics (i.e., greater than or equal to the 90th percentile), and

Healthcare providers have long struggled under the administrative burden of prior authorization requirements imposed by Medicare Advantage (MA, also known as Medicare Part C) plans, as well as arbitrary prior authorization denials, utilization controls, and coverage denials by MA plans. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently took note of some of the issues providers are having with MA plans and may present a new avenue for providers dealing with these issues.

A recent OIG review of MA prior authorization requirements revealed that an estimated 13% percent of prior authorization requests which were denied by MA plans in fact met Medicare coverage rules and likely would have been approved under fee-for-service Medicare. OIG also determined that about 18% of MA claim denials in fact met Medicare coverage and Medicare Advantage billing rules. Further, OIG found that, on appeal, MA plans only reverse about 3% of prior authorization denials and about 6% of claim denials within three months. According to OIG’s analysis, advanced imaging services such as MRIs and CT scans, post-acute care following hospital stays, and pain relief injections were the most commonly affected services.

MA plans are generally required to follow Medicare coverage rules and their standards can’t be more restrictive than Medicare’s traditional national or local coverage determinations. However, MA plans often deny claims for arbitrary reasons, impose coverage criteria that do not exist under Medicare, or attempt to force provider to alter their utilization of medically necessary services to meet the MA plan’s arbitrary expectations. Moreover, the appeals processes offered by MA plans are often poorly defined and inconsistently administered.

Following a temporary suspension in pre-payment reviews under the Targeted Probe and Educate (TPE) audit program in response to the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (CMS) announced in August 2021 that it would be resuming TPE reviews. Review under the TPE program is intended to be different than other audit reviews because the main goal is intended to be claim accuracy improvement through the use of several rounds of one-on-one education. However, a TPE audit can also have severe consequences for the provider. A provider or supplier navigating a TPE review should take care to comply with the program’s requirements and timelines and should be aware of the potential consequences of a review.

The TPE process is generally initiated when a provider receives an initial Notice of Review letter from their Medicare Administrative Contractor (MAC) which notifies the provider that they have been selected for a TPE review. This initial letter typically does not include any specific records requests, but indicates that the MAC will request records at a later date. The letter may briefly describe the TPE process as involving three rounds of claims review with education after each round. This letter will likely warn that, if a provider/supplier fails to improve the accuracy of its claims after three rounds, the MAC will refer the provider/supplier to CMS for additional action, such as prepayment review, extrapolation of overpayments, referral to a RAC, or other disciplinary action, up to and including revocation of Medicare billing privileges.

After the Notice of Review, the MAC will send Additional Documentation Requests (ADR) for 20-40 claims. These ADRs may be indistinguishable from any other document requests, likely with no indication that they are pursuant to a TPE audit. The ADRs must be responded to within 45 days. After the provider submits the documentation, the MAC is required to provide direct one-one-one education to the provider. The MAC will then issue a letter that outlines its findings. If a high number of claims are denied, the MAC will proceed to a second round of claims review and education. If a high number of claims are again denied, the MAC will proceed to a third round.