Published on:

When an expensive treatment option is unavailable to a patient because of cost or lack of insurance coverage, some healthcare providers turn to a Patient Assistance Program or PAP to help their patients pay for treatment. The Department of Health and Human Services Office of the Inspector General (OIG) has long recognized that PAPs provide important safety net financial assistance to patients that cannot afford the costs of treatment.

However, OIG believes PAPs also present a risk of fraud, waste, and abuse. OIG’s primary concerns are that donor contributions to the PAP and the PAP’s grants to patients both implicate the Anti-Kickback Statute because they could induce or influence the PAP to send business to the donor or influence the patient to choose certain items. Similarly, OIG has expressed concern that a PAP’s grants to patients implicate the Beneficiary Inducement Statute because it could influence the patient’s selection of a particular provider.

Therefore, a PAP should be structured with certain safeguards in place to steer clear of fraud, waste, and abuse allegations. These safeguards may include structuring the PAP as an independent charitable organization that is not controlled by the donors. OIG has indicated that, in order to ensure such independence, a PAP should not exert direct or indirect influence over its donors, nor should donors have links to the charity that could directly or indirectly influence the operations of the charity or its grant programs. Safeguards may also include making the assistance available to all eligible patients on an equal basis and providing it on a first-come, first-served basis to the extent that funding is available; awarding assistance without regard to any donor’s interests and without regard to the patient’s choice of product, provider, practitioner, supplier, or insurance plan; and providing assistance based upon a reasonable, verifiable, and uniform measure of a patient’s financial need. A PAP and providers should also be cautious about advertising the existence of the PAP or the availability of assistance.

Published on:

In response to the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (CMS) created separate payments for audio-only telephone evaluation and management (E/M) services. E/M billing codes apply to medical services related to evaluating and managing a patient, such as, hospital visits, preventive services, and office visits. Coding for E/M services can be complicated because many variables are involved in selecting the proper code. For example, the type and complexity of history, examination, and decision making, as well as time spent with the patient are often factors to be considered. Audio-only telephone E/M services were not previously covered by Medicare under the physician fee schedule (PFS). However, beginning with the March 2020 Interim Final Rule with Comment (IFC), CMS found these types of visits to be clinically appropriate and began to cover certain audio-only codes. CMS further expanded the list of covered audio-only codes in the April 2020 IFC.

CMS soon found that audio-only health services became far more popular than CMS expected, and many beneficiaries were not using video technology to communicate from their homes. Since the new E/M codes were established, providers were seeing beneficiaries for more complex evaluation and management services using audio-only technology, when they would normally utilize telehealth video or in-person visits to evaluate the patient. According to CMS, the intensity and complexity of providing an audio-only visit to a beneficiary during the unique circumstances of the COVID-19 PHE was not properly valued as established in the March 2020 IFC. This was especially true when considering these audio-only services were often being used as a complete substitute for office/outpatient Medicare video telehealth visits. Therefore, CMS established new RVUs based on E/M codes in existence prior to the PHE and the time requirements necessary for telephone service-related codes. Because these audio-only visits were being used in replacement of office/outpatient E/M visits, they should be considered telehealth services and added to the Medicare telehealth service list while the PHE is ongoing.

In the CY 2021 PFS proposed rule, CMS elected not to continue covering the audio-only codes when the PHE ends. This is because, outside the circumstances of the COVID-19 PHE, telehealth services generally must be provided using interactive, two-way audio and video technology. Commenters on the proposed rule broadly supported maintaining payment for audio-only provided services. Commenters stated that many beneficiaries may not have access to two-way audio and video technology and that continuing to pay for these E/M services will help vulnerable populations and those with less access to quality healthcare. However, CMS declined to finalize payment of these E/M codes beyond the PHE. The Social Security Act requires telehealth services to be furnished using a telecommunications system. CMS maintains that there is a longstanding policy of interpreting “telecommunications system” to include technology that allows the telehealth visit to be analogous to an in-person visit. Outside the COVID-19 PHE, CMS continues to believe that the longstanding interpretation of telecommunications system excludes the use of audio-only technology for Medicare telehealth services. The PHE declaration must be renewed in 90-day increments and is currently slated to end April 20, 2021. However, HHS and the Biden administration have signaled that they are likely to repeatedly renew the PHE through at least the end of 2021, thereby allowing Medicare telehealth waivers to continue until the end of the year.

Published on:

On February 10, 2021, the United States Department of Justice filed the first criminal charges relating to a alleged violation of the terms the Provider Relief Fund (PRF). The allegations contained in the indictment illustrate some of the pitfalls of the PRF and the importance of compliance with its terms. It may also provide insight into coming enforcement actions.

The alleged defendant was a resident of southeastern Michigan who owned and operated a home health agency in Indiana. The home health agency closed in January 2020 and filed a notice of voluntary termination with Medicare in March 2020. However, despite the filing of this notice, when the first wave of payments under the PRF were automatically deposited into providers’ accounts in April, the defendant’s home health agency received approximately $38,000. The defendant then allegedly submitted an attestation to the terms and conditions of the PRF payment and allegedly distributed the funds to family members in a series of checks, all just under $10,000. The indictment charged the defendant with one count of Theft of Public Money, Property, or Records.

This indictment touches several possible areas of enforcement or audits of PRF payments, including eligibility criteria, attestations, and use of the funds. The first wave of payments under the PRF consisted of $30 billion that was automatically deposited in providers’ accounts in amounts based on a provider’s 2019 Medicare billing. Providers did not make requests or applications for this funding. However, simply because a provider received money did not mean they were entitled to keep it, a provider also had to meet the eligibility criteria, such as the requirement that it provided services after January 31, 2020.

Published on:

On March 15, 2021, the Centers for Medicare & Medicaid Services (CMS) announced it will increase the amount Medicare pays providers for administering the COVID-19 vaccine. For vaccines administered on or after March 15, 2021, the new national average payment rate for physicians, pharmacies, hospitals, and other providers who administer the vaccine of $40 per single-dose vaccine and $80 per two-dose vaccine. The exact payment rates will be based on the type of provider offering the vaccine and will be adjusted based on the location of the provider. For vaccines administered prior to March 15, 2021, Medicare rates will remain $28.39 per single-dose vaccine and $45.33 for both doses of a two-dose vaccine.

These changes in Medicare payment rates are based on new information regarding the costs of vaccine administration for different types of providers and more resources needed to safely administer the vaccine. The goal of CMS is to increase the number of providers offering the vaccine and further emphasize that no beneficiary, whether a beneficiary with private insurance, Medicare, or Medicaid, should pay cost-sharing to receive the COVID-19 vaccine. The new payment rate is effective for COVID-19 vaccines given on or after March 15, 2021.

In order to receive COVID-19 vaccines at no cost from the federal government, providers cannot charge patients for administration of the vaccine. Providers that receive federally purchased vaccines during the public health emergency must contractually agree to administer COVID-19 vaccines to patients regardless of their ability to pay; Providers are therefore prohibited from charging a patient any amount for administration of the vaccine, including a copay, coinsurance, or deductible, including seeking reimbursement from patients, such as balance billing. CMS provides payment information for various programs, to ensure consistent coverage across payers, such as:

Published on:

Imagine a physician wants to rent office space from another physician, but the two refer patients to each other. Or a clinical laboratory wants to contract with a marketer to promote their products. Three of the largest compliance concerns when structuring such an arrangement are the Stark Law, also known as the Physician Self-Referral Law, the Anti-Kickback Statute, often referred to as the AKS, and the Eliminating Kickbacks in Recovery Act, or EKRA. All three regulate referrals and can carry stiff penalties, sometimes criminal penalties. However, each also contains a series of exceptions or safe harbors into which some business structures may fit. Even simple arrangements between healthcare entities can involve complex analysis to comply with these statutes.

The Stark Law, 42 U.S.C. 1395nn, prohibits physicians from referring patients to receive “designated health services” payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Financial relationships include both compensation and ownership or investment interests. Designated health services include clinical laboratory services, PT and OT, DME, some imaging services, and several other services. Some of the most common exceptions to the Stark law include the in-office ancillary exception, fair market value compensation, and bona fide employment relationships. CMS has also recently implemented exceptions related to value-based arrangements.

The AKS, 42 U.S.C. 1320a-7b(b), is a criminal statute that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by federal health care programs. Remuneration means far more than cash payments and includes anything of value. If the AKS applies, conduct may still be lawful if it falls into one of several “safe harbors.” Some of the most common safe harbors are the investment interest safe harbor, specific types of rental agreements for office space or equipment, and contracts for personal services that meet certain criteria. Like the Stark Law, CMS has also implemented safe harbors for certain value-based arrangements.

Published on:

On March 11, 2021, President Biden signed  the $1.9 trillion American Rescue Plan, a legislative package to help fund vaccinations, provide immediate relief to families during the COVID-19 pandemic, increase COVID-19 testing and identify new and emerging strains of COVID-19.  The final bill includes several sources of funding for COVID-19 response and other healthcare programs:

Development of a national vaccination program

  • The bill includes $20 billion for a nationwide vaccination program, in partnership with state and local authorities. The vaccination program will include the creation of community vaccination centers as well as mobile vaccination units. Under the plan, the Biden Administration will work with Congress to expand the Federal Medicaid Assistance Percentage (FMAP) to 100%, to ensure all Medicaid enrollees will be vaccinated.
Published on:

On March 9, 2021 the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a 45-day extension of the public comment period for the proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule. The public comment period has been extended from March 22, 2021, to May 6, 2021 in order to give the public more time to fully consider the proposed changes.

OCR first announced the proposed rule making on December 10, 2020. The proposed changes to HIPAA are part of the larger transition to a value-based health care system in which providers are compensated based on patient health outcomes. The modifications propose to address standards that may impede the transition to a value-based health care system and other unnecessary burdens by increasing individuals’ rights to access their health information, enhancing information sharing for care coordination and case management, improving family and caregiver involvement for individuals experiencing health emergencies, reducing the administrative burden on HIPAA-covered providers, and facilitating the disclosure of certain health information during emergencies such as the opioid crisis and COVID-19 pandemic. Other major provisions include:

  • Defining the terms electronic health record (EHR) and personal health application
Published on:

As part of the response to the COVID-19 pandemic, Congress provided funding for testing of patients without health insurance. To receive this reimbursement for testing, providers must attest that the patient is uninsured. However, it is not clear how providers must gather this information, exposing providers to risk of enforcement actions.

For claims for COVID-19 testing and testing-related items and services, a patient is considered uninsured if the patient does not have coverage through an individual, or employer-sponsored plan, a federal healthcare program, or the Federal Employees Health Benefits Program at the time the services were rendered. For claims for treatment for positive cases of COVID-19, a patient is considered uninsured if the patient did not have any health care coverage at the time the services were rendered. For claims for vaccine administration, this means that the patient did not have any health care coverage at the time the service was rendered.

The funding of testing for the uninsured is administered by the Health Resources & Services Administration (HRSA) under the COVID-19 Claims Reimbursement to Health Care Providers and Facilities for Testing, Treatment, and Vaccine Administration for the Uninsured Program. Congress has allocated $2 billion to this program through The Families First Coronavirus Response Act (FFCRA) and the Paycheck Protection Program and Health Care Enhancement Act (PPPHCEA), as well as a portion of the Provider Relief Fund.

Published on:

On February 12, 2021, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced the details of its previously-announced discretion in the enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act related to privacy, security, and date breaches. OCR will not penalize covered health care providers or their business associates for non-compliance under HIPAA for the good faith use of online or web-based scheduling applications (WBSAs) for scheduling COVID-19 vaccination appointments during the COVID-19 pandemic.

During the COVID-19 public health emergency, HIPAA covered providers, such as large pharmacy chains, or business associates acting on behalf of the covered providers, may utilize WBSAs to schedule individual appointments for COVID-19 vaccinations. For the purposes of this exercise of discretion, a WBSA is an online or web-based application that only allows the intended parties to access the data and that provides individual appointment scheduling related to largescale COVID-19 vaccination. Technology that directly connects to electronic health records (EHR) systems used by covered providers is not included in this discretionary measure and does not constitute a WBSA. The HIPAA privacy rules allow business associates of a covered entity to use and disclose protected health information (PHI) for certain functions, only as dictated by a business associate contract or other agreement. However, during the COVID-19 pandemic, health care providers need to quickly schedule many appointments for COVID-19 vaccinations and often do this through WBSAs. Some of these online scheduling applications, and the way in which healthcare providers use them, may not comply with the HIPAA privacy rules.  Furthermore, vendors of the WBSAs may not know providers are using these applications to create and send PHI, potentially making the WBSA vendors business associates under HIPAA.

OCR will exercise discretion in the enforcement of HIPAA privacy rules and will not penalize covered healthcare providers, their business associates, or WBSA vendors who are technically business associates, for noncompliance as it relates to the scheduling of individual COVID-19 vaccination appointments during the COVID-19 pandemic. This enforcement discretion applies to covered healthcare providers and their business associates, which are, in good faith, using WBSAs to schedule COVID-19 vaccination appointments, as well as WBSA vendors whose platform is being used to schedule COVID-19 vaccination appointments. Discretion does not apply to covered providers or business associates for activities unrelated to the scheduling of COVID-19 vaccinations or if the covered providers or business associates fail to act in good faith. Instances where a covered provider or business associate are not acting in good faith include: the use of a WBSA that allows the sale of personal information collected, the use of a WBSA for purposes other than scheduling COVID-19 vaccination appointments, the use of a WBSA without reasonable safeguards to protect the PHI, and the use of a WBSA to screen individuals for COVID-19 before an in-person visit.

Published on:

A revocation of Medicare billing privileges can have devastating impacts on a healthcare provider. Not only does a revocation render the provider unable to bill the Medicare program for a period of time, but it can have wide-ranging impacts on a provider’s practical ability to operate or to practice in their chosen field.

Medicare billing privileges can be revoked for twenty-two enumerated reasons, including non-compliance with Medicare enrollment requirements, felony convictions, and failure to respond to requests for medical records. A recent expansion of CMS’s revocation authority also updated the ability to revoke a provider for an “abuse of billing privileges” to include a pattern or practice of submitting claims that do not meet Medicare requirements. In some cases, the Medicare Administrative Contractor (MAC) gathers the information and determines to revoke a provider. In other cases, the MAC forwards the information to the Centers for Medicare & Medicaid Services (CMS) and CMS makes the revocation determination. The revocation may be based on a prior interaction with the MAC or CMS, such as a prior audit of the provider. The provider may not necessarily be told during this interaction that it can lead to a revocation of billing privileges.

When CMS or a MAC revokes billing privileges, they will set a reenrollment bar, which dictates how long a provider must wait before it can reapply for Medicare billing privileges. CMS recently expanded its authority to set the reenrollment bar. In general, reenrollment bars may now be set between 1 and 10 years, depending on the circumstances, although certain provisions allow for longer bars. CMS may also decide to place a revoked provider on the CMS Preclusion List. The Preclusion List labels the provider a “bad actor” and cuts off their ability to bill Medicare Part C and Part D. A Medicare revocation or placement on the Preclusion List may also impact contracts outside the Medicare program. For example, commercial carriers may terminate participation agreements with a provider based on a Medicare revocation or placement on the Preclusion List.

Contact Information