Articles Posted in Compliance

Published on:

A St. Louis, Missouri based chiropractor has become the first person charged under the new COVID-19 Consumer Protection Act, with the government alleging numerous civil violations and seeking civil monetary penalties. The allegations serve as a cautionary tale for healthcare providers marketing and selling goods and services relating to the COVID-19 pandemic.

The COVID-19 Consumer Protection Act was enacted in December 2020 and makes it unlawful, for the duration of the ongoing COVID-19 public health emergency, for any person, partnership, or corporation to engage in unfair or deceptive acts or practices in or affecting commerce that are associated with the treatment, cure, prevention, mitigation, or diagnosis of COVID-19. The Act is similar to Section 5(a) of the FTC Act, but adds increased penalties for violations relating to the COVID-19 pandemic. The Act authorizes injunctive relief and Civil Monetary Penalties of up to $42,792 per violation.

In this case, the first under the Act, the government alleged that the chiropractor and his company violated the Act by making claims about the efficacy of their products that were not supported by scientific literature. Specifically, that the chiropractor sold various vitamin supplements and claimed that they prevented or treated COVID-19. The government also alleged that the chiropractor claimed the vitamin supplements were more effective that the available COVID-19 vaccines. The government alleged that the chiropractor made these claims in numerous videos posted on various social media and other websites and misrepresented the results of studies concerning the efficacy of the vitamin supplements in treating or preventing COVID-19. According to the allegations, these claims constituted violations of the Act because, even though there are studies showing correlation between vitamin deficiencies and elevated risk from the virus, there are no randomized clinical trials that establish the vitamin supplements caused positive health outcomes in connection with COVID-19.

Published on:

In general, liability waivers can be a useful tool for businesses and individuals to avoid personal injury lawsuits and liability. Typically, liability waivers are associated with participating in a dangerous activity, such as skiing, boating, gym classes, or school activities. The individual participating in the activity signs the waiver, acknowledging that he or she accepts the risks associated with the activity and agrees to release the business or individual from liability related to these risks. However, in response to the COVID-19 pandemic, liability waivers by patients for COVID-19 related risks are becoming increasingly common. While these waivers are likely enforceable, providers should be aware of potential legal issues if patients are asked to sign COVID-19 liability waivers.

Each state evaluates the enforceability of liability waivers differently. For example, in some states, such as Louisiana, Virginia, and Montana, personal injury liability waivers are all invalid. However, in most states, including Michigan, these liability waivers are generally enforceable, subject to certain restrictions. In Michigan, parties may contract against liability for harm caused by ordinary negligence, but not gross negligence, or willful and wanton misconduct. Therefore, a party will not be protected from liability if it intentionally or recklessly engaged in the conduct that caused harm. Although not explicitly stated in laws or statutes in Michigan, other important factors for providers to consider in drafting these liability waivers include:

  • Clear language. The waiver should clearly state that the individual is releasing the business or provider from liability. The terms should also be easy for the parties to understand.
Published on:

On April 15, 2021, the Department of Health and Human Services Office of Inspector General (OIG) issued a statement reminding providers that the COVID-19 vaccine must be provided at no cost to the public. OIG issued this message as a result of complaints from patients about charges from providers for receiving the COVID-19 vaccine. All supply of the COVID-19 vaccine in the United States has been purchased by the United States Government and is only to be used by providers through the Centers for Disease Control and Prevention’s (CDC) COVID-19 Vaccination Program. Because the vaccine is being supplied by the federal government, any provider participating in the CDC COVID-19 Vaccination Program must comply with the terms of the program and offer the vaccine to recipients for free.

Providers participating in the CDC COVID-19 Vaccination program must sign a CDC COVID-19 Vaccination Program Provider Agreement. Providers are responsible for compliance with the requirements in the agreement. Compliance with the program requires that providers administer the vaccine at no cost to the patient. All organizations and providers enrolled in the program:

  • Must administer the COVID-19 vaccine with no out-of-pocket charges to the patient
Published on:

On October 22, 2020, the Michigan Legislature enacted Enrolled House Bills 4459 and 4460. These rules were enacted to create limitations on out-of-network provider payments, require certain disclosures to patients related to costs of services, and to generally protect patients from balance medical billing. Balance billing occurs when a healthcare provider bills a patient for services for the amount the patient’s insurance company does not pay. The typical example of balance or surprise medical billing occurs when a patient goes to the emergency room at a hospital in the patient’s insurance network. The patient may receive care from multiple physicians and not know which is participating with the patient’s insurance, because hospitals often employ out-of-network physicians, or those that have no relationship with a patient’s health insurance. After the patient’s insurance pays its allowed amount for in-network and out-of-network services, the patient is then billed for the remaining out-of-network balance.

House Bill 4459 limits how much an out-of-network provider can collect in certain situations by implementing fee restrictions. The amount an out-of-network provider can collect from the patient is limited in certain circumstances, including:

  • Where the service is provided to an emergency patient, is covered by the emergency patient’s health benefit plan, and is provided by a nonparticipating provider at either a participating health facility or nonparticipating health facility.
Published on:

When an expensive treatment option is unavailable to a patient because of cost or lack of insurance coverage, some healthcare providers turn to a Patient Assistance Program or PAP to help their patients pay for treatment. The Department of Health and Human Services Office of the Inspector General (OIG) has long recognized that PAPs provide important safety net financial assistance to patients that cannot afford the costs of treatment.

However, OIG believes PAPs also present a risk of fraud, waste, and abuse. OIG’s primary concerns are that donor contributions to the PAP and the PAP’s grants to patients both implicate the Anti-Kickback Statute because they could induce or influence the PAP to send business to the donor or influence the patient to choose certain items. Similarly, OIG has expressed concern that a PAP’s grants to patients implicate the Beneficiary Inducement Statute because it could influence the patient’s selection of a particular provider.

Therefore, a PAP should be structured with certain safeguards in place to steer clear of fraud, waste, and abuse allegations. These safeguards may include structuring the PAP as an independent charitable organization that is not controlled by the donors. OIG has indicated that, in order to ensure such independence, a PAP should not exert direct or indirect influence over its donors, nor should donors have links to the charity that could directly or indirectly influence the operations of the charity or its grant programs. Safeguards may also include making the assistance available to all eligible patients on an equal basis and providing it on a first-come, first-served basis to the extent that funding is available; awarding assistance without regard to any donor’s interests and without regard to the patient’s choice of product, provider, practitioner, supplier, or insurance plan; and providing assistance based upon a reasonable, verifiable, and uniform measure of a patient’s financial need. A PAP and providers should also be cautious about advertising the existence of the PAP or the availability of assistance.

Published on:

In response to the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (CMS) created separate payments for audio-only telephone evaluation and management (E/M) services. E/M billing codes apply to medical services related to evaluating and managing a patient, such as, hospital visits, preventive services, and office visits. Coding for E/M services can be complicated because many variables are involved in selecting the proper code. For example, the type and complexity of history, examination, and decision making, as well as time spent with the patient are often factors to be considered. Audio-only telephone E/M services were not previously covered by Medicare under the physician fee schedule (PFS). However, beginning with the March 2020 Interim Final Rule with Comment (IFC), CMS found these types of visits to be clinically appropriate and began to cover certain audio-only codes. CMS further expanded the list of covered audio-only codes in the April 2020 IFC.

CMS soon found that audio-only health services became far more popular than CMS expected, and many beneficiaries were not using video technology to communicate from their homes. Since the new E/M codes were established, providers were seeing beneficiaries for more complex evaluation and management services using audio-only technology, when they would normally utilize telehealth video or in-person visits to evaluate the patient. According to CMS, the intensity and complexity of providing an audio-only visit to a beneficiary during the unique circumstances of the COVID-19 PHE was not properly valued as established in the March 2020 IFC. This was especially true when considering these audio-only services were often being used as a complete substitute for office/outpatient Medicare video telehealth visits. Therefore, CMS established new RVUs based on E/M codes in existence prior to the PHE and the time requirements necessary for telephone service-related codes. Because these audio-only visits were being used in replacement of office/outpatient E/M visits, they should be considered telehealth services and added to the Medicare telehealth service list while the PHE is ongoing.

In the CY 2021 PFS proposed rule, CMS elected not to continue covering the audio-only codes when the PHE ends. This is because, outside the circumstances of the COVID-19 PHE, telehealth services generally must be provided using interactive, two-way audio and video technology. Commenters on the proposed rule broadly supported maintaining payment for audio-only provided services. Commenters stated that many beneficiaries may not have access to two-way audio and video technology and that continuing to pay for these E/M services will help vulnerable populations and those with less access to quality healthcare. However, CMS declined to finalize payment of these E/M codes beyond the PHE. The Social Security Act requires telehealth services to be furnished using a telecommunications system. CMS maintains that there is a longstanding policy of interpreting “telecommunications system” to include technology that allows the telehealth visit to be analogous to an in-person visit. Outside the COVID-19 PHE, CMS continues to believe that the longstanding interpretation of telecommunications system excludes the use of audio-only technology for Medicare telehealth services. The PHE declaration must be renewed in 90-day increments and is currently slated to end April 20, 2021. However, HHS and the Biden administration have signaled that they are likely to repeatedly renew the PHE through at least the end of 2021, thereby allowing Medicare telehealth waivers to continue until the end of the year.

Published on:

On February 10, 2021, the United States Department of Justice filed the first criminal charges relating to a alleged violation of the terms the Provider Relief Fund (PRF). The allegations contained in the indictment illustrate some of the pitfalls of the PRF and the importance of compliance with its terms. It may also provide insight into coming enforcement actions.

The alleged defendant was a resident of southeastern Michigan who owned and operated a home health agency in Indiana. The home health agency closed in January 2020 and filed a notice of voluntary termination with Medicare in March 2020. However, despite the filing of this notice, when the first wave of payments under the PRF were automatically deposited into providers’ accounts in April, the defendant’s home health agency received approximately $38,000. The defendant then allegedly submitted an attestation to the terms and conditions of the PRF payment and allegedly distributed the funds to family members in a series of checks, all just under $10,000. The indictment charged the defendant with one count of Theft of Public Money, Property, or Records.

This indictment touches several possible areas of enforcement or audits of PRF payments, including eligibility criteria, attestations, and use of the funds. The first wave of payments under the PRF consisted of $30 billion that was automatically deposited in providers’ accounts in amounts based on a provider’s 2019 Medicare billing. Providers did not make requests or applications for this funding. However, simply because a provider received money did not mean they were entitled to keep it, a provider also had to meet the eligibility criteria, such as the requirement that it provided services after January 31, 2020.

Published on:

Imagine a physician wants to rent office space from another physician, but the two refer patients to each other. Or a clinical laboratory wants to contract with a marketer to promote their products. Three of the largest compliance concerns when structuring such an arrangement are the Stark Law, also known as the Physician Self-Referral Law, the Anti-Kickback Statute, often referred to as the AKS, and the Eliminating Kickbacks in Recovery Act, or EKRA. All three regulate referrals and can carry stiff penalties, sometimes criminal penalties. However, each also contains a series of exceptions or safe harbors into which some business structures may fit. Even simple arrangements between healthcare entities can involve complex analysis to comply with these statutes.

The Stark Law, 42 U.S.C. 1395nn, prohibits physicians from referring patients to receive “designated health services” payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Financial relationships include both compensation and ownership or investment interests. Designated health services include clinical laboratory services, PT and OT, DME, some imaging services, and several other services. Some of the most common exceptions to the Stark law include the in-office ancillary exception, fair market value compensation, and bona fide employment relationships. CMS has also recently implemented exceptions related to value-based arrangements.

The AKS, 42 U.S.C. 1320a-7b(b), is a criminal statute that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by federal health care programs. Remuneration means far more than cash payments and includes anything of value. If the AKS applies, conduct may still be lawful if it falls into one of several “safe harbors.” Some of the most common safe harbors are the investment interest safe harbor, specific types of rental agreements for office space or equipment, and contracts for personal services that meet certain criteria. Like the Stark Law, CMS has also implemented safe harbors for certain value-based arrangements.

Published on:

As part of the response to the COVID-19 pandemic, Congress provided funding for testing of patients without health insurance. To receive this reimbursement for testing, providers must attest that the patient is uninsured. However, it is not clear how providers must gather this information, exposing providers to risk of enforcement actions.

For claims for COVID-19 testing and testing-related items and services, a patient is considered uninsured if the patient does not have coverage through an individual, or employer-sponsored plan, a federal healthcare program, or the Federal Employees Health Benefits Program at the time the services were rendered. For claims for treatment for positive cases of COVID-19, a patient is considered uninsured if the patient did not have any health care coverage at the time the services were rendered. For claims for vaccine administration, this means that the patient did not have any health care coverage at the time the service was rendered.

The funding of testing for the uninsured is administered by the Health Resources & Services Administration (HRSA) under the COVID-19 Claims Reimbursement to Health Care Providers and Facilities for Testing, Treatment, and Vaccine Administration for the Uninsured Program. Congress has allocated $2 billion to this program through The Families First Coronavirus Response Act (FFCRA) and the Paycheck Protection Program and Health Care Enhancement Act (PPPHCEA), as well as a portion of the Provider Relief Fund.

Published on:

On February 12, 2021, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced the details of its previously-announced discretion in the enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act related to privacy, security, and date breaches. OCR will not penalize covered health care providers or their business associates for non-compliance under HIPAA for the good faith use of online or web-based scheduling applications (WBSAs) for scheduling COVID-19 vaccination appointments during the COVID-19 pandemic.

During the COVID-19 public health emergency, HIPAA covered providers, such as large pharmacy chains, or business associates acting on behalf of the covered providers, may utilize WBSAs to schedule individual appointments for COVID-19 vaccinations. For the purposes of this exercise of discretion, a WBSA is an online or web-based application that only allows the intended parties to access the data and that provides individual appointment scheduling related to largescale COVID-19 vaccination. Technology that directly connects to electronic health records (EHR) systems used by covered providers is not included in this discretionary measure and does not constitute a WBSA. The HIPAA privacy rules allow business associates of a covered entity to use and disclose protected health information (PHI) for certain functions, only as dictated by a business associate contract or other agreement. However, during the COVID-19 pandemic, health care providers need to quickly schedule many appointments for COVID-19 vaccinations and often do this through WBSAs. Some of these online scheduling applications, and the way in which healthcare providers use them, may not comply with the HIPAA privacy rules.  Furthermore, vendors of the WBSAs may not know providers are using these applications to create and send PHI, potentially making the WBSA vendors business associates under HIPAA.

OCR will exercise discretion in the enforcement of HIPAA privacy rules and will not penalize covered healthcare providers, their business associates, or WBSA vendors who are technically business associates, for noncompliance as it relates to the scheduling of individual COVID-19 vaccination appointments during the COVID-19 pandemic. This enforcement discretion applies to covered healthcare providers and their business associates, which are, in good faith, using WBSAs to schedule COVID-19 vaccination appointments, as well as WBSA vendors whose platform is being used to schedule COVID-19 vaccination appointments. Discretion does not apply to covered providers or business associates for activities unrelated to the scheduling of COVID-19 vaccinations or if the covered providers or business associates fail to act in good faith. Instances where a covered provider or business associate are not acting in good faith include: the use of a WBSA that allows the sale of personal information collected, the use of a WBSA for purposes other than scheduling COVID-19 vaccination appointments, the use of a WBSA without reasonable safeguards to protect the PHI, and the use of a WBSA to screen individuals for COVID-19 before an in-person visit.

Contact Information