One of the most widely viewed False Claims Act (FCA) cases filed against a hospital is coming to an end--Florida hospital, Halifax Health, is preparing to pay $1 million to settle a $73 million dollar Medicare overbilling case. Potentially, maximum damages in the trial could have exceeded $200 million, which would then be followed by an $85 million dollar settlement that the health system paid in March to settle the first half of the case. Although the False Claims Act makes it illegal for hospitals to submit inaccurate bills to Medicare, Judge Presell, who presided over this case, ruled that it doesn't necessarily trigger the FCA to bill Medicare for cases in which the medical record lacks enough information to justify admission for inpatient stays.
Recently in Health Law News Category
Companies doing business in highly-regulated industries, including the health care industry, were left holding their breath after a D.C. district court ruled that the attorney-client privilege doctrine did not attach to a company's internal investigation conducted under the direction of in-house legal counsel. United States ex rel. Barko v. Halliburton Co., No. 05-cv-1276 (D.D.C. Mar. 6, 2014). The decision shattered the previously-held belief that, in most cases, the attorney-client privilege attaches to communications made in the course of an internal investigation led by legal counsel.
However, these industries, and their legal departments in particular, can now breathe easy after the D.C. Circuit Court overturned the district court's decision and restored the attorney-client privilege to its previously-recognized applicability to internal investigations. In Re: Kellogg Brown & Root, Inc., et al., No. 1:05-cv-1276 (D.C. Circuit, May 7, 2014).
Factual Background and District Court's Ruling
Harry Barko, a former employee of defense contractor Kellogg Brown & Root, Inc. ("KBR"), filed a False Claims Act compliant under the qui tam provision alleging that KBR defrauded the federal government by inflating costs and accepting kickbacks while administering military construction contracts in Iraq. During discovery, Barko requested that KBR produce certain documents related to KBR's previously-conducted internal investigations looking into the alleged fraudulent activity. The investigations were conducted at the direction of KBR's in-house legal counsel, and KBR asserted the attorney-client privilege in refusing to produce the documents.
In a potentially groundbreaking decision, the district court held that the attorney-client privilege did not attach to the requested documents because "the communication would not have been made 'but for' the fact that legal advice was sought." The district court concluded that KBR's internal investigation was conducted for a business, not legal, purpose and "undertaken pursuant to regulatory law and corporate policy rather than for the purpose of obtaining legal advice."
In so holding, the district court distinguished the facts in KBR from those in the landmark U.S. Supreme Court case Upjohn Co. v. United States, 449 U.S. 383 (1981), in which the Supreme Court held that the attorney-client privilege applies to corporations. The district court held that Upjohn did not apply because: (i) outside counsel was not involved in KBR's investigation; (ii) non-attorneys conducted many of the interviews; and (iii) KBR did not inform the interviewees that one purpose of the interviews was to assist KBR in obtaining legal advice.
The district court's ruling caught the attention of the health care industry, among others, where internal investigations into fraudulent or illegal activity are common and, in some instances, required by law. Many health care businesses lack the necessary resources to involve outside counsel in every internal investigation or to have an attorney conduct every employee interview, and the district court's ruling threatened the presumed protections of the attorney-client privilege doctrine.
Circuit Court's Ruling
In a much anticipated decision, and to the relief of the health care industry, the circuit court overturned the district court's decision and held that the attorney-client privilege attached to the requested documents.
The circuit court found that the facts of KBR were "materially indistinguishable" from the facts in Upjohn and rejected the reasoning used by the district court to distinguish the two cases. First, the circuit court held that Upjohn does not require the involvement of outside counsel. Rather, the "general rule...is that a lawyer's status as in-house counsel 'does not dilute the privilege.'" Second, the circuit court held that, while the interviews in Upjohn were conducted by attorneys, "communications made by and to non-attorneys serving as agents of attorneys in internal investigations are routinely protected by the attorney-client privilege." Third, the circuit court held that there is no requirement in Upjohn that a company use "magic words" to advise its employees that the investigation is being conducted to assist the company in obtaining legal advice. Nevertheless, the circuit court found that, as in Upjohn, the KBR interviewees "knew that the company's legal department was conducting an investigation of a sensitive nature and that the information they disclosed would be protected."
More importantly, the circuit court rejected the "but for" test applied by the district court as inapplicable to the attorney-client privilege analysis. The circuit court clarified the "primary purpose test" and held that the proper test asks the question: "Was obtaining or providing legal advice a primary purpose of the communication, meaning one of the significant purposes of the communication?" If so, then the attorney-client privilege attaches, regardless of whether the internal investigation was conducted pursuant to company policy, a statute or a regulation.
The circuit court acknowledged the significance of its decision when it branded the district court's opinion a "novel approach" that "would eradicate the attorney-client privilege for internal investigations conducted by businesses that are required by law to maintain compliance programs, which is now the case in a significant swath of American industries."
In an ever-changing industry where some health care providers are subject to compliance program requirements for Medicare enrollment under the Patient Protection and Affordable Care Act (or are encouraged to implement voluntary compliance programs), health care businesses should take note of both the circuit court's and the district court's opinions. These opinions are a reminder of the importance of having attorneys actively direct the internal investigation and document their involvement. This includes providing written instructions to non-attorneys working on the investigation clarifying that they are working at the direction of the legal department and that a significant purpose of the investigation is to assist the business in obtaining legal advice.
The circuit court's opinion also reminds us that the attorney-client privilege protects against the disclosure of privileged communications, not the underlying facts if the facts can be obtained through non-privileged sources. Additionally, only confidential communications are protected. Therefore, it is important to ask interviewees to keep communications confidential. Also, although "magic words" are not required for the attorney-client privilege to attach, it is prudent to inform the interviewees that the interview is for the purpose of obtaining legal advice for the business. Once conveyed to the interviewee, the interviewer should memorialize in writing that the instructions were conveyed to and understood by the interviewee.
Lastly, it remains to be seen whether other courts will follow the D.C. Circuit's opinion. Therefore, out of an abundance of caution and if the resources are available, businesses should consider having legal counsel conduct employee interviews and should consider engaging outside counsel, if appropriate.
On May 9 and May 12, 2014, the United States Department of Health and Human Services ("HHS") published two proposed rules that would significantly expand the authority of the Office of Inspector General ("OIG") to exclude providers from participation in federal health care payor programs and impose civil monetary penalties. The proposed rules are authorized pursuant to the Affordable Care Act of 2010 ("ACA") as the ACA expanded the authority of OIG to protect federal health care programs from fraud and abuse.
The May 9, 2014 proposed rule would expand the OIG's current powers to include permissive exclusion where an individual or entity is convicted of an offense that involves obstruction of an audit. Currently, the OIG's exclusion authority only extends to convictions for obstructing an investigation into any criminal offense described under the mandatory exclusion authorities and certain permissive exclusion authorities.
In addition, the May 9, 2014 proposed rule would expand the OIG's permissive exclusion authority regarding the failure to provide certain payment information. The OIG currently has authority to exclude only entities and individuals who directly provide services and fail to provide required payment information for those services. The proposed rule would expand this authority to include not only the individual or entity directly providing the services, but also any individual or entity ordering, referring, or certifying the need for such services.
The May 9, 2014 proposed rule also adds new exclusion authority for instances where an individual or entity knowingly makes, or causes to be made, a false statement, omission, or misrepresentation of a material fact in any application or contract to participate as a provider in a federal health care program.
HHS also proposes to remove the six-year statute of limitations for exclusions. This means that, under the proposed rule, an individual or entity could be subject to exclusion for actions that occurred at any time, including several years after any alleged wrongdoing has ended or been corrected.
Under the May 14, 2014 proposed rule, the OIG would be granted expanded authority to impose civil monetary penalties on providers and suppliers of federal healthcare. The proposed rule would allow a $10,000 per day penalty on providers and suppliers who fail to timely report and return an identified overpayment. The proposed rule also seeks to add a $15,000 per day penalty for failing to grant timely access to records. False statements, omissions, or misrepresentations of a material fact in any application, bid, or contract to participate or enroll as a provider under a federal health care program would be punishable with a fine up to $50,000 under the proposed rule.
Moreover, the May 14, 2014 proposed rule would also expand existing monetary penalties for arranging or contracting for the provision of services with an excluded individual or entity. A penalty of up to $10,000 is possible under the proposed rule for each separately billable item or service provided, furnished, ordered, or prescribed by an excluded individual, plus an assessment of not more than three times the amount billed for the item or service. If an item or service is not separately billable, the OIG will determine the penalty based on the number of days the excluded person was employed or contracted, and the person's total compensation.
The May 9, 2014 proposed rule can be viewed here. The May 12, 2014 proposed rule can be viewed here. Both proposed rules are open to public comment. The deadline for public comments for the May 9, 2014 proposed rule is July 8, 2014. The deadline for the May 12 2014 proposed rule is July 11, 2014. Public comments can be submitted online at http://www.regulations.gov.
On May 19, 2014, Centers for Medicare and Medicaid Services ("CMS") announced that it is considering new ways to define and pay for hospital short-stays. In October 2013, CMS implemented the "Two-Midnight Rule" with the goal of bringing clarity to billing for Part A inpatient hospital admissions. However, the Rule has been faced with ongoing criticism and significant pushback from hospitals.
The Two-Midnight Rule was intended to provide clear guidelines regarding when hospitals should bill for inpatient versus outpatient services, such as observation. The rule provides that at the time of admission, the admitting physician must document an expectation that a patient receive 2 midnights or more of hospital care. The medical record must contain sufficient information to support this expectation as a condition of payment. Dr. Ann Sheehy testified at the House Health Subcommittee May 20, 2014 that the rule "does not distinguish between clinical populations because it is a time based policy with no basis in sound clinical judgment."
The distinction between inpatient and outpatient hospital services can significantly impact how much Medicare pays a hospital for the services it provides to beneficiaries. In fact, Medicare has historically paid nearly 3 times more for a short inpatient stay than an observation stay on average. The House Health Subcommittee heard testimony from HHS Regional Inspector General Jodi Nudelman that differing payment rates have resulted in some hospitals admitting short-stay inpatients more than others. In fact, she testified that some hospitals attribute over 70% of their inpatient stays to short stay admissions while others admit short-stay inpatients less than 10% of the time.
Growing confusion surrounding the rule and potential unintended consequences have made it clear that the Two Midnight Rule must be carefully reevaluated. Now CMS is considering new alternatives and is seeking comments on an alternate pay system. According to CMS Deputy Administrator, Sean Cavanaugh, one potential alternative could be modeled after the per-day payment system that is already used for patients who transfer from one hospital to another during an episode of care. Additionally, CMS is soliciting comments on whether reimbursement rates for specific inpatient services should be capped at the outpatient rate for the equivalent service.
The Program for Evaluating Payment Patterns Electronic Report ("PEPPER") is an electronic data report under contract with the Centers for Medicare & Medicaid Services ("CMS") that helps guide hospital's auditing and monitoring services.
In 2014, PEPPER published new target areas for Short-Term Acute Care hospitals that were identified as prone to improper Medicare payments. Significantly, 6 new target areas related to patient "status" were established (i.e., to determine whether a beneficiary was appropriately admitted as an "inpatient"). Of note, while 4 of these target areas focus on hospital stays that did not cross 2 midnights, two of the target areas focus on 2 day hospital stays. Thus, it is clear that even if a hospital stay crosses 2 midnights, hospitals will be called upon to establish that the hospitalization itself was medically necessary.
Although the Recovery Auditors (i.e., "RACs") presently are prohibited from conducting patient status reviews, Medicare Administrative Contractors ("MACs") have been tasked to conduct "Probe and Educate" medical reviews, for the purposes of determining whether CMS' new 2 midnight rule was satisfied.
90 Individuals Charged with $260 Million False Medicare Billings in National Takedown by Medicare Fraud Strike Force
On Tuesday, May 13, 2014, the Department of Justice ("DOJ") and Department of Health and Human Services ("DHHS") held a joint news conference to announce that the Medicare Fraud Strike Force had conducted a nationwide takedown of 90 individuals involving approximately $260 million in fraudulent Medicare billings. The nationwide takedown marked the seventh such takedown in Medicare Fraud Strike Force history. Since the Strike Force's inception in March 2007, operations in nine locations have charged nearly 1,900 defendants and include allegations of falsely Medicare billings of almost $6 billion. Additionally, CMS, working in conjunction with the DHHS Office of Inspector General, has suspended the enrollments of high-risk providers in five Strike force locations and has removed over 17,000 providers from the Medicare program since 2011.
The Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Almost 400 law enforcement agents from the FBI, HHS-OIG, multiple Medicaid Fraud Control Units and other federal, state and local law enforcement agencies participated in the takedown.
The recent takedown involved six locations, including Miami, Tampa, Houston, Detroit, Los Angeles, and New York. The charges included allegations that the defendants committed various health care fraud-related crimes, including conspiracy to commit health care fraud, violations of the anti-kickback statute and money laundering. The charges are based on a variety of alleged fraud schemes involving various medical treatments and services, including home health care, mental health services, psychotherapy, physical and occupational therapy, durable medical equipment and pharmacy fraud. Of the 90 individuals charged, 27 were health care professionals, including 16 physicians.
In December of 2013, the Centers for Medicare & Medicaid Services (CMS) issued a Request for Quotes for new Recovery Auditor (RAC) contracts. The new contracts include significant changes to payment terms. Whereas the current contracts allow payment to RACs after the first level of appeal has been exhausted (120 days), the new contracts do not allow payment until after the second level of appeal has been exhausted (120 - over 400 days).
In opposition of the modification on payment terms, CGI Federal, Inc., the Region B Recovery Auditor, submitted pre-award protests to the federal Government Accountability Office (GAO) asking for a change to the new payment terms. The GAO denied the protests on April 23, 2014.
On May 1, 2014, CGI elevated its case to the Court of Federal Claims. The suit requested the Court to order an injunction against the US Department of Health and Human Services' (HHS) implementation of the new RAC contracts and remove the delay in compensation. GCI argues that the new payment terms are inconsistent with customary commercial practices and unfairly restrict competition for the contract, rendering it "commercially impracticable" for CGI to submit a quote.
The first hearing is scheduled for June 6, 2014. The judge will grant an injunction if he or she determines that irreparable harm would be done if the contracts are awarded. If the judge does not grant injunctive relief, CGI may still proceed with its case. The A/B contract awards were expected in May or June, but could be delayed as a result of the suit.
New York Presbyterian Hospital & Columbia University Pay $4.8 Million to Settle Alleged HIPAA Violations
On May 7, 2014, the Department of Health and Human Services ("HHS"), New York-Presbyterian Hospital ("NYP") and Columbia University ("CU") agreed to collectively pay $4.8 million to settle charges of alleged violations of the HIPAA Privacy and Security Rule marking the largest HIPAA settlement to date.
OCR initiated an investigation of NYP and CU after receiving a joint breach report in September 2010 regarding the disclosure of the electronic protected health information ("ePHI") of 6,800 individuals. Due to a lack of technical safeguards, protected health information including patient status, vital signs, medications, and laboratory results were made publically accessible using Internet search engines.
At the close of the investigation, OCR determined that neither NYP nor CU had conducted an accurate and thorough risk analysis or developed an adequate risk management pan. OCR further determined that NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management.
In addition the $4.8 million settlement (NYP to pay $3.3 million and CU to pay $1.5 million), both parties will also be required to implement a substantive corrective action plan to correct deficiencies in their HIPAA compliance programs including:
• Undertaking a thorough risk analysis;
• Developing and implementing a risk management plan;
• Reviewing and revising policies and procedures on information access management and device and media controls;
• Training staff that have access to ePHI; and
• Providing progress reports
Notably, this settlement highlights the significance of conducting routine risk and vulnerability assessments, having adequate written policies in place, and conducting workforce training on HIPAA privacy and security policies. It is imperative that all covered entities and business associates proactively review the mandatory requirements under HIPAA and carefully evaluate and monitor to compliance.
The final budget bill was recently passed in New York State containing several provisions for Out-of-Network ("OON") reforms. The major changes related to OON reform include: 1) transparency provisions requiring the reestablishment of "usual, customary and reasonable" or "UCR" charges to determine reimbursement rates; 2) adding protections allowing patients to go OON for specialty care; 3) requiring insurers to "make available" OON options reimbursed at 80% UCR; 4) creating a new independent dispute resolution ("IDR") process to resolve disputed claims between insurers and providers; and 5) formation of an OON reimbursement rate workgroup to analyze the effect of the reforms. These reforms not only ensure greater patient choice and access to care, but help protect physician practices that have, for decades, struggled to be adequately reimbursed by insurers for legitimate services provided to patients OON. The following is a brief synopsis of each reform:
Reestablishment of UCR: Beginning in 2015, insurers must be transparent in regards to their rates of reimbursement for services as a percentage of UCR. UCR will be reestablished and defined as "the 80th percentile of all charges for the particular service in the same or similar specialty and same geographic area as reported in the benchmarking database maintained by FAIR Health."
Increasing OON Access and Coverage: Protections have been added, allowing patients to seek OON physicians when their network does not have providers with proper training and expertise for their treatment. Patients will have the option to purchase UCR-based OON products and may request such options from companies that issue comprehensive policies in the group market that cover OON. Such companies must "make available" at least one option for at least 80% of UCR. If no OON coverage option is available in a particular region in New York State, the Superintendent of the Department of Financial Services ("Superintendent") may require insurers selling in the group market of that region to "make available" a similar option.
Independent Dispute Resolution Process (IDR): Greater consumer protections will be enacted against "surprise medical bills." An additional "hold harmless" protection will be in place for consumers who receive care from an OON provider as a result of an emergency situation or through no fault of their own and without notice. Instead, insurers and providers will be allowed to utilize the new IDR process to dispute claims. Rulings through IDR are required to be issued within 30 days of receipt of the request for dispute, ensuring expeditious resolution for providers. To determine a reasonable fee, the IDR entity will consider factors including:
• The physician's usual charges for the same or similar services;
• Fees paid by the insurer to reimburse similarly qualified OON physicians for the same services;
• Level of training, education and experience of the physician;
• Circumstances and complexity of the particular case, including time and place of the service; individual patient characteristics; and
• The usual and customary cost of the service.
OON Reimbursement Rate Workgroup: A workgroup will be formed, aimed at improving access and adequacy of OON services and coverage options. Consisting of two physicians, two insurance representatives, and three consumers and co-chaired by the Superintendent and the Commission of the Department of Health, the workgroup will produce a findings report by January 1, 2016. The workgroup will review and make recommendations regarding the following:
• Current OON reimbursement rates used by insurers and FAIR Health's rate methodology;
• Availability and adequacy of the OON coverage in individual and small group markets in every region; and
• Prevalence of coverage based on UCR or other reimbursement methodologies, such as Medicare.
The Centers for Medicare & Medicaid Services ("CMS") announced in a Federal Register notice that it is creating a new data-collection program for hospice quality reporting called the Hospice Item Set ("HIS") System.
The HIS System, which is mandated under Section 3004(c) of the Patient Protection and Affordable Care Act of 2010 ("ACA"), establishes a new system of records for patient-level data collection. CMS states that the data will confirm whether the appropriate assessments were made, and whether inquiries and concerns were addressed, for each hospice patient. The data CMS plans to collect for each patient includes:
• Respiratory status,
• Patient preferences, and
• Beliefs and values.
Under the program, which hospices must begin using by July 1, 2014, hospices will submit information to the system at the time of admission (and at the time of discharge if a patient does not die).
CMS plans to use strict time limits regarding submission of the information. Hospices must complete admission forms within 14 days of entry, and where applicable, complete discharge forms within 7 days of discharge. The forms must be submitted to the CMS system within 30 days of admission or discharge. Failure to timely report the information could result in cuts to CMS reimbursements.
Notably, under the new information system, information will be collected on all hospice patients, not just patients who are Medicare beneficiaries.
On April 2, 2014, the Centers for Medicare & Medicaid Services ("CMS") announced its intent to publish data on its payments to individual physicians. Beginning on April 9, 2014, CMS plans to release information regarding the charges for medical services and procedures furnished by physicians and other health care professionals.
CMS stated that the data on the types of medical services and procedures furnished by physicians will be organized by National Provider Identifier ("NPI"), Healthcare Common Procedure Coding System ("HCPCS") code, and the place of service (i.e., whether the services were furnished in a facility or office setting). The data to be released include:
• The number of services performed at each NPI/HCPCS code/place of service;
• The average submitted charges and standard deviation in submitted charges;
• The average allowed amount and standard deviation in allowed amount;
• The average Medicare payment and standard deviation in Medicare payment; and
• A count of unique beneficiaries treated.
CMS claims that the information would give the public a better picture of how physicians practice in the Medicare program. CMS also stated that the information will assist the public in understanding Medicare fraud, waste, and abuse. In a letter to the American Medical Association ("AMA"), CMS stated that the increased transparency will help patients make informed decisions about the care they receive.
However, many assert that the information could easily be misinterpreted. For example, Medicare pays different rates for services in different cities and regions, which may not be clear to those lay persons viewing the information. Doctors may also charge higher rates for complex patients, or when there are extenuating circumstances. Some doctors also see a higher number of patients with Medicare, necessarily resulting in higher overall billings to the program.
In a statement, AMA president Ardis Dee Hoven, M.D., said: "The AMA is concerned that CMS' broad approach to releasing physician payment data will mislead the public into making inappropriate and potentially harmful treatment decisions and will result in unwarranted bias against physicians that can destroy careers." To help curb misleading information, Dr. Hoven stated that "the AMA strongly recommended that physicians be permitted to review and correct their information prior to the data release."
CMS' letter to the AMA announcing the decision can be viewed here.
In need of Ethics Credits? ABA members can get them for free by attending, "You Mean HIPAA Applies to Lawyers? Keeping Data Safe, Clients Happy and Your License Secure", with The HLP's, Clinton Mikel, Esq., as a Speaker/Moderator, April 21, 2014.
It is customary for insurers to deny claims submitted by no-fault providers, and providers, in turn, commonly challenge these denials. Conversely, it is anomalous for a no-fault provider to initiate a (putative) class action suit in response to an insurer's payment denials. Yet, in a recently filed action, an aggrieved provider did just that.
Pan Am Diagnostic Services, Inc. ("Pan Am"), an MRI clinic based in Florida, filed a putative class action on February 19th in Florida court against Equity Insurance Co. ("Equity") for wrongly denying PIP benefits. Pan Am claims that the insurer improperly used payments made to nonmedical providers as a justification for denying payment on valid claims by medical providers.
Under Florida Vehicle No-Fault Law, automobile operators must have insurance that includes at least $10,000 combined medical expense and disability coverage, also known as personal-injury-protection or "PIP." Insurers must pay 80 percent of medically necessary expenses resulting from an accident.
Payments made to nonmedical providers should not be part of the calculations in determining whether a policyholder's PIP medical benefits coverage has been exhausted. Such a scheme makes it appear that the policyholder has already depleted their PIP benefits and legitimate claims by medical providers are unjustly denied.
In a 2012 incident cited by Pan Am, Equity paid only one third of a claim submitted for medical services provided to an Equity policyholder. Equity claimed that the policyholder had exhausted his PIP benefits from a prior treatment by another provider. The prior settlement, however, included several nonmedical costs in addition to compensation for medical care. Pan Am alleges that the policyholder's medical expense limit had not been met and Equity made deceptive settlement payments to falsely imply depletion of the $10,000 coverage.
Such aggregation of prior non-medical costs by insurers can result in acute financial detriment to medical providers whose claims are then improperly denied after they have already provided legitimate medical care. Pan Am is seeking injunctive relief and compensatory damages from Equity.
The Centers for Medicare & Medicaid Services ("CMS") announced changes to the Medicare Fee-For-Service Recovery Audit Program in a posting on the CMS.gov website February 18, 2014. According to CMS, the changes will go into effect after the new Recovery Audit Program contracts are awarded.
The announcement includes changes to the contingency fees paid to Recovery Audit Contractors ("RACs") and limits on additional documentation requests ("ADRs") issued by RACs.
Under the program changes, Recovery Auditors will not receive a contingency payment until a reconsideration decision at the second level of appeal by a Qualified Independent Contractor ("QIC"). This change, however, is unlikely to satisfy providers, who must wait an average of 16 months after the QIC decision to have their case heard by an Administrative Law Judge. According to the American Hospital Association, in more than 70 percent of inpatient denials by RACs, ALJs rule in favor of providers. The vast majority of hospitals will thus continue to wait many months to recoup improperly denied Medicare payments even under the CMS revised rules.
In addition, CMS announced that it will revise ADR limits based on the type of claim at issue, and that ADR limits will be further adjusted based on a provider's denial rates. According to CMS, providers that have lower denial rates will have lower ADR limits, while providers with high denial rates will have high ADR limits.
CMS is also revising its rules regarding the discussion period after a RAC payment denial. Currently, a RAC is required to stop discussion with a provider after the provider files an appeal. Under the new rules, a RAC must wait 30 days to allow discussion. RACs must also confirm receipt of a discussion request within 3 days under the program changes.
CMS is currently in the process of awarding auditor contracts. The transition from the current RACs to the new RACs will be proceeded by a cease of auditing activity. CMS states that the pause in activity is necessary so that it can refine and improve the Medicare Recovery Audit Program. After the new RAC contracts are awarded, CMS states that audits will resume and claims during the transition period will be reviewed.
The RAC Program Improvements announcement can be viewed here.
Federal authorities are cracking down on abuse of the HITECH Act's Meaningful Use financial incentive program as evidenced by the recent indictment of Joe White, former CEO of Shelby Regional Medical Center ("Shelby Regional") in Tyler, Texas. A federal grand jury indicted White on charges of making false statements to the Centers for Medicare and Medicaid Services ("CMS") and aggravated identity theft.
The American Recovery and Reinvestment Act of 2009 established incentive payments under the Medicare and Medicaid programs for eligible professionals ("EPs") and eligible hospitals who adopt, implement, upgrade or demonstrate meaningful use of Certified Electronic Health Record Technology ("EHR").
CMS is making available up to $27 billion in EHR incentive payments, or as much as $44,000 (through Medicare) or $63,750 (through Medicaid) per EP. The incentive programs were created to promote the use of health information technology in order to improve quality, maintain privacy and security of patient health information, and to reduce the cost of healthcare in the United States.
According to White's indictment, it is alleged that he falsely attested to CMS that Shelby Regional met the Meaningful Use requirements for the 2012 fiscal year. However, Shelby Regional relied on paper records throughout the fiscal year and only minimally used electronic health records. Allegedly, to give the false appearance that the hospital was actually using certified EHR software, White directed its software vendor and hospital employees to manually input data from paper records into the EHR software, often times months after the patient was discharged and after the end of the fiscal year. Additionally, the indictment further alleges that White falsely attested to the hospital's meaningful use by using another person's name and information without that individual's consent or authorization. As a result of the false attestation, CMS paid Shelby Regional over $785,000.
If convicted, White faces up to 5 years in federal prison for making a false statement and up to 2 years in federal prison for aggravated identity theft.
In light of this recent indictment, it is imperative that eligible hospitals and EPs participating in the EHR Incentive Program are in compliance with the HIPAA Security Rule and all other Meaningful Use attestation requirements. It is a specific requirement of the Incentive Program for eligible hospitals and EPs to conduct a security risk analysis of the practice to identify potential risks and vulnerabilities related to the confidentiality, integrity, and availability of electronic protected health information. It is important to note, when attesting to meaningful use, all providers may be subject to a meaningful use audit, since Congress has identified this program as a risk area for abuse.
The Health Law Partners has experience with respect to all HIPAA related matters and representing EPs, hospitals, and providers in Meaningful Use audits.