May 2012 Archives

May 29, 2012

Medicare RAC Recovery Efforts Summarized in Quarterly Newsletter

On May 18, 2012, Medicare released their 2nd Quarter Newsletter regarding the recovery efforts of each of the region's Recovery Audit Contractors: DCS, CGI, Connolly, and HDI.

CGI Federal has the lowest level of overpayment recoupments and underpayment identification. Connolly and HDI/HMS are identifying and correcting exceedingly more improper payments compared to CGI and DCS.

Total improper payments (over and under) increased over 50% between the 1st and 2nd quarters of FY 2012. Total improper payments have already exceeded $1 billion and we are only half way through the year. In 3 out of the 4 regions; the #1 recoupment issue is identified as cardiovascular procedures. Region D reports same day or minor procedures as its #1 issue.

Of all of the areas where hospitals experienced success in the appeal process, sort stay inpatient surgeries were the area where they had the most success.

Continue reading "Medicare RAC Recovery Efforts Summarized in Quarterly Newsletter" »

May 29, 2012

Automated Tracking and Reporting of Recovery Audit-Associated Reopenings and Appeals

Changes to Recovery Audit Contractor ("RAC") tracking and reporting of RAC-associated reopenings and appeals data were recently implemented. Specifically, CMS Transmittal 1093, dated May 23, 2012, deleted Business Requirement 7604.2.4, required under Change Request ("CR") 7469, which mandated specific data transfer protocols related to the information. The Business Requirement was deleted due to RAC-data warehouse limitations. See

CMS currently tracks reopenings and appeals of adjustments by RACs through monthly contractor-supplies spreadsheets. The Transmittal referenced above directs implementation of automated tracking/reporting solutions.

Continue reading "Automated Tracking and Reporting of Recovery Audit-Associated Reopenings and Appeals" »

May 26, 2012

State Attorney General-Initiated HIPAA Settlement Nets $750,000

The Massachusetts Attorney General's Office announced Thursday that it has settled, for $750,000, a data breach lawsuit filed against South Shore Hospital under the Massachusetts Consumer Protection Act and the federal Health Insurance Portability and Accountability Act (HIPAA).

The alleged HIPAA violation arose from unencrypted back-up tapes that South Shore sent offsite to a data archiving company to be erased and re-sold as blank media. However, the hospital did not inform the data company that the tapes contained protected health information (PHI), did not determine whether the data company had appropriate safeguards in place to protect the PHI, and did not enter into a business associate agreement with the company. In shipment, two of three boxes containing the PHI were lost and have not been recovered.

The lawsuit, brought by the Massachusetts Attorney General's Office, is only the third of its kind. Through the Health Information Technology for Economic and Clinical Health (HITECH), passed in 2009, Congress: (i) dramatically increased the HIPAA monetary penalties that could be levied against providers; (ii) granted authority to state attorneys general to prosecute HIPAA privacy and security violations; and (iii) perhaps most importantly, allows state attorney generals to share in any monetary penalties that they are able to collect (e.g., a "bounty sharing" provision). The changes were in response to a perceived lack of enforcement of the HIPAA regulations by the Office for Civil Rights of the Department of Health and Human Services (HHS).

While only the Vermont and Connecticut Attorneys General have initiated lawsuits under HITECH, the legislation is expected to add serious teeth to healthcare privacy laws. Under HITECH, an attorney general receiving a complaint from a resident may sue in federal district court for an injunction and monetary damages. In all three cases, the attorneys general have brought suit under both HIPAA and state privacy laws, and HHS has actively supported the initiative by offering in-person and computer-based training to state attorneys generals nationwide, and even assisting the Connecticut Attorney General's Office in its prosecution.

South Shore Hospital, which settled for $750,000, was the largest of the three AG-initiated lawsuits. As the size of HIPAA violation settlements continue to grow, so too will the interest of states in exercising their new-found authority. Attorneys general may also be more inclined to initiate HIPAA lawsuits because of the positive impression such actions will make on constituents.

As the HITECH incentives catalyze the shift toward electronic health records, privacy issues will be at the forefront, attracting much greater attention than in the past. Hospitals, physicians, health care providers, Business Associates, and all other parties subject to HIPAA regulations are well advised to ensure that they have appropriate HIPAA policies, procedures, and safeguards in place to protect patient privacy, avoid violating HIPAA, and avoid attracting the attention of a much more aggressive, financially incentivized, state attorneys general corps.

Continue reading "State Attorney General-Initiated HIPAA Settlement Nets $750,000" »

May 4, 2012

Government Criticizes Healthcare Providers and Insurers for Out-of-Network Payment

The New York State Department of Financial Services ("Department") recently issued a highly critical report about out-of-network billing practices in New York State. The report stems from the Department's receipt of frequent complaints from patients who unexpectedly receive bills from specialists or other providers who they did not know were out-of-network. The Department indicated that unexpected, and often times, excessive medical bills from out-of-network providers are contributing to the growing problem of consumer medical debt, which continues to be a primary cause of personal bankruptcy.

The Department launched an investigation looking into more than 2,000 complaints it received in 2011 involving payment issues in order to better understand all aspects of the medical bills. A large number of complaints submitted to the Department involved patients who received scheduled, non-emergency medical services for which pre-approval had been obtained from the patient's insurer. In many of these cases, neither the insurer, the doctor, nor the hospital disclosed to the patient that other specialists - some of whom were out-of-network - would also be providing professional services. (Currently, providers are not required to disclose whether they are in-network or out-of-network prior to performing services.)

The Department's investigation of unexpected bills sent to patients by out-of-network providers revealed some large flaws in the way the health insurance market operates, such as:

• Lack of Disclosure for Non-Emergency Care. For scheduled, non-emergency medical services, patients typically do not know many of the specialists who are anticipated to provide treatment, and whether those specialists are
out-of-network, how much those out-of-network specialists reasonably expect to charge, and how much the insurer reasonably expects to cover. This lack of disclosure is a frequent cause of patient complaints.
• Excessive Bills for Emergency Care. In emergency situations, patients do not have the luxury of advance disclosure by out-of-network providers. Additionally, some out-of-network specialists appear to take advantage of the patients at this vulnerable point by charging excessive fees.
• Reduced Insurance Coverage. Some insurers have significantly reduced the level of out-of-network coverage. Employers, unable to keep up with increasing premiums, have chosen to reduce benefits. Patients are often unaware that their policies offer less generous out-of-network coverage.
• Difficulty in Submitting Claims. Submitting out-of-network claims is often confusing and time consuming. Not all insurers allow patients to submit claims electronically and not all out-of-network providers include a claim form with their bill to the patient.

The Department recognized in its report that health plans and healthcare providers will need to reform their current policies and practices. Some of these improvements may include enhanced disclosure, limitations on excessive charges for emergency health care services, and a simplified claim submission process.

The Department concluded its report by noting that even though a patient may have health insurance; this does not necessarily mean that he or she will leave the hospital without a bill. As such, prior to receiving medical treatment, patients should inquire which doctors will be providing professional services on their behalf and whether they are in or out-of-network.

Continue reading "Government Criticizes Healthcare Providers and Insurers for Out-of-Network Payment " »

May 4, 2012

CMS Delays Sunshine Act Data Collection Requirements

The Centers for Medicare and Medicaid Services ("CMS") has extended the implementation of the Physician Payments Sunshine Act Physician Payments Sunshine Act ("Sunshine Act"), which was promulgated as a result of Section 6002 of the Patient Protection and Affordable Care Act.

CMS will not require manufacturers of drugs, devices, biological, or medical supplies to begin collecting Sunshine Act data on their payments and gifts to physicians and teaching hospitals until January 2013.

In a May 3rd blog post, CMS said that it will issue a final rule later this year, and that it will not require data collection before 2013. CMS's latest delay is likely due to the significant industry-pushback it received, and the more than 300 comments it received during the proposed rule's 60-day comment period.

Continue reading "CMS Delays Sunshine Act Data Collection Requirements" »

May 2, 2012

New CMS Guidance Allows SRDP Analysis to be Limited to Four Years

In four new recently posted frequently asked questions (FAQs) (select Fraud and Abuse in the left column), the Centers for Medicare & Medicaid Services (CMS) offers new guidance regarding the CMS Voluntary Self-Referral Disclosure Protocol. On September 23, 2010, CMS published the Medicare self-referral disclosure protocol ("SRDP") pursuant to Section 6409(a) of the Patient Protection and Affordable Care Act (ACA). The SRDP sets forth a process to enable providers of services and suppliers to self-disclose actual or potential violations of the physician self-referral statute.

Although the SRDP provides that the financial analysis must cover the entire look-back period, the new FAQs indicate that a disclosing party will satisfy the SRDP by submitting financial analysis setting forth the total amount actually or potentially due and owing for claims improperly submitted and paid within the time frame established for reopening determinations at 42 C.F.R. s 405.980(b) (i.e. four years). However, a disclosing party must still comply with other aspects of the SRDP, which includes specifying the duration of any period of noncompliance with the physician self-referral statute. That requirement remains unchanged by the recently added FAQs and a disclosing party must continue to specify the duration of any period of noncompliance, even if that period exceeds the time period that the party must submit financial analysis for.

The new guidance provided by the recent FAQs is a positive development for providers, as it reduces the burden on a provider who participates in the SRDP process.

Continue reading "New CMS Guidance Allows SRDP Analysis to be Limited to Four Years" »