Published on:

by

When a Medicare provider or supplier’s Medicare billing privileges are revoked, commonly called a Medicare revocation, the provider or supplier must ask the following questions: Why? When? Will there be collateral consequences? What are the appeal rights?

Why? Federal regulations provide 22 distinct reasons that the Centers for Medicare & Medicaid Services (CMS) may use to revoke a healthcare provider’s or supplier’s Medicare billing privileges. Some of the most common revocation reasons are noncompliance with Medicare enrollment requirements, felony convictions, and failures to respond to requests for medical records. A particularly severe revocation reason is an abuse of billing privileges because it means that CMS has found that the provider or supplier has engaged in a “pattern or practice of submitting claims that fail to meet Medicare requirements.” The reason for the revocation can affect both the appeal process and the effective dates of the revocation.

When? Two dates are most important: the effective date and the length of the reenrollment bar. The effective date is the date that the revocation begins. For some revocations, the effective date will be 30 days after the letter informing the provider or supplier of the revocation. However, revocations can also be retroactive. For example, in 2021 CMS may revoke a provider for a felony conviction from 2017 and back-date the revocation to begin in 2017. This may mean that all claims for the provider’s services from 2017 to the present will be denied and overpayments sought. The reenrollment bar is the length of time that a revoked provider or supplier must wait before they can reenroll in Medicare. In general, CMS may set a reenrollment of between 1 and 10 years, depending on the severity of the denial reason. However, reenrollment bars are very often initially set at the maximum of 10 years.

Continue reading
Published on:

by

Two recent settlements illustrate some of the compliance challenges facing clinical laboratories that perform urine drug testing (UDT). Both settlements involve a clinical laboratory resolving allegations that the lab violated the False Claims Act (FCA).

In the first case, the Department of Justice (DOJ) alleged that the lab performed and then billed federal health care programs for both presumptive testing and confirmatory testing. DOJ alleged that the lab was performing both tests at approximately the same time and providing both results to providers simultaneously. DOJ alleged that this rendered one test or the other medically unnecessary: either there was no result to confirm because the presumptive test came back negative, or the presumptive test was unnecessary because the provider already had the confirmatory test in hand. The lab agreed to pay $16 million to resolve these allegations.

In the second case, a physician practice referred UDTs to its in-house clinical laboratory. DOJ alleged that the physicians ordered excessive and unnecessary UDTs for patients without any individualized assessment of clinical need and caused these claims to be submitted to federal healthcare programs. The physicians agreed to pay $3.9 million to resolve these allegations.

Continue reading
Published on:

by

The Department of Health and Human Services (HHS) recently proposed to repeal two rules implemented under the Trump Administration to moderate the power of the agency. The rules HHS seeks to repeal are the Good Guidance Rule and the Civil Enforcement Rule. Public comments on the proposal are due by November 19, 2021.

The Good Guidance Rule was implemented to make guidance documents easier for the public to access and provide input on, and created extra screening steps before HHS may implement guidance. The major provisions of the Good Guidance Rule are: (1) a requirement that each guidance document issued by HHS generally include certain information, including a statement that the guidance does not have the force and effect of law and is not binding unless specifically incorporated into a contract; (2) additional procedures for ‘‘significant guidance documents’’ (defined as those with an estimated impact of greater than $100 million), including a period of notice and comment, a requirement that the Secretary of HHS personally approve new guidance, and a requirement for submission to the Office of Information and Regulatory Affairs (OIRA) for review; (3) creation of a repository for all guidance documents along with a provision stating that guidance documents not in the repository are not effective and would be considered rescinded; and (4) procedures for the public to petition the Department to withdraw or modify any particular guidance document.

The Civil Enforcement Rule was implemented to provide greater notice to providers subject to civil enforcement actions and greater transparency of HHS’s civil enforcement actions. Under the Civil Enforcement Rule, before taking civil enforcement actions, HHS must provide the targeted party with an initial notice of the agency’s legal and factual determinations, an opportunity to object or respond, and the Department’s written response to the affected party’s objections.

Continue reading
Published on:

by

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) included several new items in its work plan update in October 2021. The OIG work plan outlines the projects that OIG plans to implement over the foreseeable future. Such projects typically include OIG audits and evaluations. Below are the highlights from the work plan update that providers and suppliers should take notice of.

First, OIG plans to compare the average sales price (ASP) for certain drugs with their corresponding average manufacturer price (AMP) to assess Medicare Part B drug reimbursement. Since Congress established the ASP as the basis for Medicare Part B drug reimbursement, OIG is empowered to monitor market prices to limit excessive Medicare payment amounts. In fact, the Social Security Act requires that OIG compares the ASPs with AMPs, and if the ASP for a drug exceeds the AMP by 5% in the two previous quarters or three previous four quarters, HHS may substitute the reimbursement amount with a lower calculate rate. The memo produced from this investigation will report the number of drugs OIG identified that meet the criteria for substitution of a lower reimbursement amount. Ultimately, providers and suppliers should be aware of the findings in this memo, as they could lead to reduced Medicare Part B reimbursements.

Second, OIG announced their plans for additional oversight of the 50 state Medicaid Fraud Control Units (MFCUs). MFCUs are state agencies that investigate and prosecute Medicaid provider fraud and complaints of patient abuse or neglect in Medicaid-funded facilities, although approximately 75% of MFCU funding comes from the federal government. OIG will conduct on-site reviews of a sample of MFCUs. OIG did not specify which or how many MFCUs they would review. Additionally, OIG will provide guidance regarding Federal regulations, policy and performance through data collection and analysis. Finally, the OIG will provide technical assistance and training to improve MFCU management and operations.

Continue reading
Published on:

by

UnitedHealth Group has agreed to reprocess the entirety of its commercial claims related to COVID-19 vaccine administration. The move comes after federal investigators concluded that UnitedHealth, as the nation’s largest insurer, paid “millions” of providers 40% less than the Medicare rate for vaccinating patients. According to a letter from the Senate Aging Committee, UnitedHealth is responsible for identifying how many providers’ bills from March to July 2021 need to be repaid and must provide the Committee with information regarding to who and how much the insurer owes by November 5. UnitedHealth’s change in position is a welcome occurrence for healthcare providers, who have often encountered difficulties when seeking reimbursement from commercial insurers for COVID-19 related services, especially vaccine administration and COVID-19 diagnostic testing.

This past week, the UnitedHealth added a statement to its website explaining that it understands “the importance of reimbursement to providers and the effect it has on ensuring they are able to provide vaccinations” and that it will adjust claims paid below the Medicare rate between March 15 and June 30, 2021. The statement further informs providers that UnitedHealth will repay in-network providers and will adjust claims paid less than $40 during that period. The company also notes that, in response to questions it has received about COVID-19 vaccine reimbursement rates for in-network providers, it has “been using the CMS $40 reimbursement value as the basis to pay providers since July 1st,” and in-network providers “do not need to take any action for these adjustments to be processed.”

Although UnitedHealth is not legally required to pay providers the recommended federal rate, federal investigators confirmed it was the only national insurance carrier that had not agreed to pay at least $40 for vaccine administration. Unlike many other medical services, federal legislation in this area prohibits providers from balance billing patients for costs related to the COVID-19 vaccine. Following a determination earlier this year in March by the American Medical Association that the existing rate did not cover the costs associated with administering the vaccine, CMS significantly increased the average payment for COVID-19 immunizations from $28 to $40 for single-dose vaccines and from $45 to $80 for two-dose vaccines. The agency expressed its expectation that commercial carriers should follow suit in offering clinicians a reasonable rate.

Continue reading
Published on:

by

Your practice, agency, or business has been audited by Medicare and now Medicare has stopped paying your claims or is claiming that you owe significant funds that must be repaid to Medicaid. These difficult circumstances can lead to many questions. Who performed the audit? Why are they denying claims or demanding an overpayment? How can you respond?

There are several entities that perform Medicare audits. The federal agency that oversees Medicare, the Centers for Medicare & Medicaid Services (CMS), performs few audits itself, but outsources these duties to a series of independent contractors, such as Medicare Administrative Contractors (MACs), Unified Program Integrity Contractors (UPICs), and the Supplemental Medical Review Contractor (SRMC). The vast majority of audits are performed by these contractors, although they will often use CMS’s name or logo in their correspondence and may answer phone calls by saying that they are “with Medicare.”

A healthcare provider’s options in responding to a Medicare audit are available from the very beginning. Sometimes providers receive Additional Document Requests (ADRs) from the contractor demanding information or documentation on a claim or claims. These requests should be reviewed carefully; however, they often contain boilerplate or generic language and it may be difficult to determine which specific documentation the contractor is requesting. Once the contractor reviews any additional documentation that the provider supplies, the contractor will issue its audit findings and determine to pay or to deny certain claims. Other times, the contractor will audit claims dates or other information and issue audit findings without requesting additional information from the provider.

Continue reading
Published on:

by

The Department of Health and Human Services (HHS) recently issued a notice restoring the rulemaking authority of the Food and Drug Administration (FDA). Under the Trump Administration, HHS had issued a memorandum, in September 2020, which required that all rules promulgated from the department’s agencies and offices would need to be signed by the secretary. The new notice specifically “revoked the September 15 Memorandum as it applied to FDA and reinstates any delegations to FDA rescinded by the September 15 Memorandum.” HHS’s recent notice delegating rulemaking authority to the FDA includes the authority to issue regulations pursuant to the Federal Food, Drug, and Cosmetic Act (FD&C Act), applicable portions of the Public Health Service Act (PHS Act), and other authorities governing functions of the FDA.

According to an HHS press release at the time, the goal of the September 2020 memorandum was to minimize “litigation risk for the department’s public health actions” and prevent potential abuse of authority. Some HHS rules have been challenged in court under claims that officials who signed the rules did not have the proper rulemaking authority. Rules must undergo a formal clearance process prior to being published. That process includes review by the agency writing the rule, HHS, press staff, the Office of the General Counsel (OGC), and the Office of Management and Budget. Other offices and departments may be involved in the rulemaking process if they are relevant to the subject matter of the proposed rule.

While some applauded the September 2020 memorandum for reigning in the FDA’s authority during the COVID-19 pandemic, when the agency’s burdensome regulations prevented much-needed products, especially COVID-19 testing devices, from reaching patients, others expressed concern over its possible negative effects. Former FDA Commissioner Scott Gottlieb at the time described the move as a “major distraction” that creates “an implication, or at least a specter” that the FDA’s independence is being “eroded or influenced.” After the new notice was issued, Gottlieb applauded the move in a tweet, saying that the “decision by current HHS will restore an essential element of FDA’s independent judgment and allow the agency to act faster.”

Continue reading
Published on:

by

In response to the mounting nationwide shortage of healthcare workers, one state will allow certain healthcare workers to practice solely on out-of-state licenses. This move may signal similar actions by other states and could have wide-ranging implications for the delivery of healthcare services.

During the height of the COVID-19 pandemic, many states waived requirements that healthcare providers, including in some cases physicians and nurses, be licensed in a particular state to provide services in that state. Often, states allowed a provider licensed and in good standing in any state to providers services to patients within the state based on the provider’s out-of-state licenses. This regulatory flexibility allowed more efficient delivery of care during the pandemic. The greatest efficiency was likely added to the delivery of telemedicine. Quite simply, there is often no technical or practice-related reason why a provider seeing patients via telemedicine must be licensed in the same state as their patient. By waiving regulatory obstacles, providers could practice across state lines by telemedicine and help deliver care to where it was needed most.

However, most of these regulatory flexibilities were only temporary and have since ended, meaning that physicians and providers again must often be licensed in a state to provide services to patients within that state. However, while these flexibilities have largely ended, the shortage of physicians and other healthcare workers, which pre-dates the pandemic, have only grown more acute during the pandemic. In response to these shortages, Nebraska will allow some healthcare workers, including PT, OT, and SLP therapists, to practice in Nebraska without a Nebraska license if the provider is licensed in another state. This move is currently only temporary and does not extend to physicians or nurses.

Continue reading
Published on:

by

On September 10, 2021, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced the resolution of its twentieth investigation under its HIPAA Right of Access Initiative. In early 2019, OCR stated that they would create an initiative to enforce patients’ right of access to their own health information in a timely and reasonable manner. This concept is not novel to OCR as it has already been outlined as a stated goal of HIPAA within the Privacy Rule. This aspect of HIPAA has been enforced at various times in the past, however it has never been enforced with any regularity until the OCR initiative was established. To date, OCR has remained dedicated to ensuring that every patient is afforded access to their health information that HIPAA has long stated such patients deserve.

In OCR’s latest settlement, a hospital and medical center located in Omaha, Nebraska agreed to take corrective actions and pay $80,000 to settle a potential violation of the HIPAA Privacy Rule. The alleged violation stems from a May 2020 complaint filed by a parent alleging that the hospital had failed to provide her with timely access to her minor daughter’s medical records. The hospital provided some records, but did not provide all of the requested records to the parent’s multiple follow-up requests. OCR alleged that the hospital failed to provide timely access to the requested medical records and thus potentially violated the HIPAA right of access standard. That standard generally requires a covered entity to take action on an access request within 30 days of receipt (or within 60 days if an extension is applicable). As a result of OCR’s investigation, the parent did in fact receive all of the requested records.

Healthcare providers often afford heightened focus to preventing unauthorized access or sharing of health information, which sometimes means that less focus is given to providing quick and affordable health records to patients. In light of OCR’s initiative and dedication to enforce patients’ right of access under the Privacy Rule, healthcare providers should take care to be knowledgeable about this aspect of their operations.

Continue reading
Published on:

by

On September 30, 2021, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help consumers, businesses, and healthcare entities understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about an individual’s COVID-19 vaccination status. As a preliminary note, the guidance reminds readers that the HIPAA Privacy Rule does not apply to employers or employment records. The Privacy Rule only applies to HIPAA covered entities, which include health plans, healthcare clearinghouses, and healthcare providers that conduct standard electronic transactions and, in some cases, to their business associates.

The guidance initially answers a highly popular and controversial question in light of the COVID-19 pandemic. According to the OCR guidance, the HIPAA Privacy Rule does not prohibit businesses or individuals from asking whether their customers or clients have received a COVID-19 vaccine. Because individuals or entities such as businesses are not covered entities, the Privacy Rule generally does not apply to them. The Privacy Rule does not regulate the ability of covered entities and business associates to request information from patients or visitors. Rather, the Privacy Rule regulates how and when covered entities and business associates are permitted to use and disclose protected health information (PHI), for example COVID-19 vaccination status, that covered entities and business associates create, receive, maintain, or transmit. In the opposite direction, the Privacy Rule does not prevent customers or clients of a business from disclosing whether they have been vaccinated. The Privacy Rule does not apply to individuals’ disclosures about their own PHI.

The guidance proceeds to inform readers that employers are not prohibited under the Privacy Rule from requiring employees to disclose whether they have received a COVID-19 vaccine to the employer, clients, or other parties. Generally, the Privacy Rule does not regulate what information can be requested from employees as part of the terms and conditions of employment that an employer may impose on its employees. However, other federal or state laws address terms and conditions of employment. Federal anti-discrimination laws generally do not prevent an employer from choosing to require that all employees physically entering the workplace be vaccinated against COVID-19 and provide documentation or other confirmation that they have met this requirement. Under the Americans with Disabilities Act (ADA), documentation or other confirmation of vaccination must be kept confidential and stored separately from the employee’s personnel files. Similarly, the Privacy Rule does not prohibit a covered entity or business associate from requiring its employees to disclose to their employers or other parties whether employees have received a COVID-19 vaccine. The Privacy Rule also generally does not apply to employment records, including employment records held by covered entities and business associates acting in their capacity as employers.

Continue reading
Contact Information
210 E 3rd St #204
Royal Oak, MI 48067
Phone: 248-544-0888
Fax: 248-544-3111

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2016 – 2025, Wachler & Associates, P.C.
JUSTIA Law Firm Blog Design