Articles Posted in Compliance

Published on:

As the COVID-19 pandemic continues to recede, efforts by commercial insurance carriers to claw back millions of dollars paid out for COVID-19 testing services are steadily increasing, creating an ongoing audit risk for healthcare providers, especially clinical labs. In many cases, efforts to get people tested, slow the pandemic, and ask questions later have turned into accusations of over-billing and demands that providers repay the insurance carriers.

Early in the pandemic, Congress required commercial insurers to cover certain claims for COVID-19 testing. However, Congress did not provide the insurers with funds to cover the cost of this mandate and some insurers have pushed back against lab claims for COVID-19 testing. As public opinion and political fervor over the urgency of testing has subsided, commercial insurers are taking advantage of the opportunity to audit COVID-19 testing claims, dispute payments they have made to the labs, and demand that labs make repayment, often for significant portions of the lab’s COVID-19 testing volume. These disputes generally focus on the same issues.

First, insurers may audit labs based on the requirement for an “individualized clinical assessment,” including whether the practitioner was authorized, whether the order for testing was within the scope of state law, whether the assessment was conducted by telemedicine or by a questionnaire, whether the ordering provider used a standing order, and what rules apply where a state does not or did not require an order for COVID-19 testing.

Published on:

One of the largest areas of debate in healthcare regulatory compliance is the Eliminating Kickbacks in Recovery Act (EKRA). Despite the many question marks by healthcare providers around how to comply with EKRA, the statute also carries some of the stiffest penalties for failing to do so. Enacted in 2018, EKRA provides criminal penalties for paying, receiving, or soliciting any remuneration in return for referrals to recovery homes, clinical treatment facilities, or laboratories. Although initially intended to apply only to substance abuse and recovery, EKRA was written so broadly that it applies to all clinical laboratory services, not just in connection with substance abuse and recovery. It is unclear if Congress intended this effect, as the expansion to all lab services was included a mere 6 days before the final version of the law passed. Regardless, a violation of EKRA may be punished by fines up to $200,000, imprisonment of up to 10 years, or both, for each occurrence.

EKRA is often compared to other federal regulatory statutes, such as the Physician Self-Referral Law (commonly called the Stark Law) and the Anti-Kickback Statute (AKS). However, EKRA is written incredibly broadly and may prohibit conduct that might otherwise be permissible under the Stark Law and AKS. The Stark Law and AKS also have volumes of regulations and decades of enforcement, such that it is generally well understood how these statutes function, how government agencies view and enforce them, and how to structure arrangements to comply with them. EKRA, on the other hand, has no regulations and few enforcement actions, often leaving healthcare providers with only the bare text of what is potentially a very broad statute.

Recent enforcement actions are beginning to show that EKRA is likely as broad as it appears. Initially, enforcement actions under EKRA were limited to allegations regarding substance abuse and recovery services, as originally intended. But this summer, the Department of Justice (DOJ) charged a clinical lab with an alleged multi-million-dollar healthcare fraud scheme, which included allegations that the lab violated EKRA by paying for referrals for COVID-19 testing, showing a willingness to enforce the full breadth of EKRA on clinical lab services.

Published on:

On July 15th, 2022, the U.S. Department of Health and Human Services (HHS) extended the COVID-19 Public Health Emergency by another 90 days. The Public Health Emergency has allowed HHS and various federal agencies to issue waivers of regulatory requirements to ensure that providers have greater flexibility with several issues, including reporting requirements and telehealth reimbursement as the Pandemic grew increasingly dangerous.

The Public Health Emergency has existed since January 27th of 2020. After the last extension of the Public Health Emergency in April of 2022, HHS Secretary Xavier Becerra assured that there will also be a 60-day notice to providers nationwide when HHS decides to terminate the Public Health Emergency.

Although the Public Health Emergency has been extended, it is important to note that the Centers for Medicare and Medicaid Service (CMS) has already started to end some of the regulatory flexibilities implemented during the Public Health Emergency. We discussed the termination of some of these blanket waivers in a previous blog post. Providers who are relying on any of the regulatory waivers should verify whether the waivers remain in effect or have been ended prior to the end of the Public Health Emergency.

Published on:

On July 20, 2020, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a special fraud alert targeting remuneration paid to physicians and other practitioners by telemedicine companies. As telemedicine use has increased exponentially over the last two years, so too have the proliferation of telemedicine marketing arrangements and the prosecution of these arrangements by OIG and federal law enforcement. OIG issued the fraud alert in conjunction with the announcement of a new $1.2 billion enforcement action regarding alleged telemedicine fraud.

Generally, the arrangements at issue involve a telemedicine company that may recruit both patients and physicians (or other practitioners). The telemedicine company then pays the physician to review some form of medical record, possibly contact the patient, and order some product or service, generally durable medical equipment (DME) or laboratory testing. OIG has taken the position that the fees paid to physicians and practitioners under these arrangements may constitute unlawful “remuneration” meant to induce or reward referrals under the Anti-Kickback Statute (AKS). Pursuant to the AKS, it is unlawful to knowingly and willfully solicit, receive, offer, or pay any remuneration to induce or reward, among other things, referrals for, or orders of, items or services reimbursable by a federal health care program.

OIG drafted the alert as a notice to physicians and other practitioners to be wary of certain characteristics in these arrangements. OIG outlined several ‘suspect characteristics’ that it believes may increase the risk of fraud and abuse in telemedicine arrangements:

Published on:

This spring, the Department of Justice (DOJ) intervened in a two-year-old qui tam whistleblower lawsuit against a hospital and oncology practice in Memphis, Tennessee. DOJ accused the hospital of violating the Anti-Kickback Statute (AKS) and the False Claims Act (FCA) by paying the oncology practice for its patient referrals. The hospital and the practice have maintained that the complex series of contracts between them represented a lawful business relationship meant to create a new cancer treatment center.

The AKS is a criminal statute that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by federal health care programs. Remuneration goes beyond cash payments and includes anything of value. If the AKS applies, conduct may still be lawful if it falls into one of several “safe harbors.” Some of the most common safe harbors are the investment interest safe harbor, specific types of rental agreements for office space or equipment, and contracts for personal services that meet certain criteria. The AKS is often enforced in conjunction with the FCA, which imposes civil liability for knowingly submitting false claims to the government. Importantly, the FCA carries severe consequences, including treble damages and a per-claim penalty that increases each year with inflation ($12,537 per claim for 2022).

In this case, the arrangement between the hospital and practice involved several distinct agreements. First, the hospital purchased many of the assets of the practice, including offices and equipment. Second, the hospital leased approximately 200 physician and non-physician employees from the practice. These first two agreements were supported by fair market value (FMV) opinions. Third, the hospital paid the physicians for management services under a Management Services Agreement (MSA). Lastly, the hospital made a several-million-dollar investment in a for-profit research entity controlled by the practice’s owners.

Published on:

SMRC audits can be a difficult and baffling ordeal for a provider. They can last for months or years with very little information provided to the healthcare provider but can have devasting impacts. The Supplemental Medical Review Contractor, or SMRC, is a contractor with the Centers for Medicare & Medicaid Services (CMS) that performs a variety of Medicare and Medicaid audit and medical review tasks. Noridian Healthcare Solutions, which is also a Medicare Administrative Contractor (MAC), was selected as the SMRC in 2018 and remains the current SMRC.  The SMRC conducts nationwide medical reviews of Medicare Parts A and B, DMEPOS, and Medicaid claims for compliance with coverage, coding, payment, and billing requirements.

The SMRC’s audit areas are chosen by CMS and are referred to as “projects.” The focus of the medical reviews may include areas identified by CMS data analysis, the Comprehensive Error Rate Testing (CERT) program, professional organizations, and federal oversight agencies. At the request of CMS, the SMRC may also carry out other special projects. Not every SMRC project is created equal. Some SMRC projects are intended as program integrity audits to identify suspected fraud or are intended as medical necessity reviews to identify overpayments, while other SMRC projects are simply data collection and analysis meant to inform future CMS policy. Where a provider is subject to a SMRC audit, knowing which project the audit falls under can provide valuable information.

Where CMS assigns a project to a SMRC, the SMRC first sends targeted providers an Additional Documentation Request (ADR) letter, usually  in a distinctive green envelope with the Noridian SMRC logo. Upon receipt of the requested medical records and/or supporting documents, the SMRC conducts the review based on the analysis of national claims data, statutory and regulatory coverage, and coding, payment, and billing requirements. Once the review is complete, the provider should receive a Review Results Letter. A provider may sometimes be given 14 days to request a voluntary Discussion and Education session with the SMRC. The provider generally also can appeal the SMRC’s findings directly to the SMRC. Where a SMRC denies an appeal, it may refer the matter to the local MAC to collect the alleged overpayment, which is generally subject to the Medicare claims appeal process. If the SMRC suspects fraud, it may also refer the matter to CMS or other government agencies.

Published on:

Healthcare providers are often required to collect co-pays, deductibles, or coinsurance payments from patients. These requirements may be imposed by participation agreements with commercial insurers or, in the case of Medicare and Medicaid, federal and state laws or regulations. It can be tempting to waive copays and other amounts due from patients because it improves patient relationships and may lead to more business. However, waiving copays and the like can implicate beneficiary inducement laws, the Anti-Kickback Statute, the Civil Monetary Penalties Statute, the False Claims Act, and other laws.

While there are some legitimate reasons to waive copays, in most cases, the provider must attempt to collect from the patients. Where a provider attempts to collect copays and other amounts from patients but is unsuccessful and there is no other legitimate reason to waive the copay, what collection efforts are providers required to use to comply with the laws listed above and avoid accusations of waiving copays?

In general, a healthcare provider must use “reasonable collection efforts” to collect copays and the like from patients. Some actions that a provider may consider are: sending multiple bills or invoices to the patient, collections or demand letters, phone calls to or personal contact with the patient, use of a collections agency, threats of litigation, drafts of litigation documents to send to the patient, and initiation of litigation against the patient. Some of these measures are draconian and may well cost more than the copay to be collected. While the size of the amount to be collected can be a factor in determining what collection efforts are “reasonable,” in nearly every case, the provider must make some attempt to collect. That is, a provider generally cannot refuse collection efforts simply because the amount due is small.  Further, a provider’s collection policy generally must be the same for all patients, regardless of the payor.

Published on:

A new study supports the growing perception that clinical laboratories will see an increase in audits from commercial insurance companies as the COVID-19 pandemic recedes. These audits will likely focus on a few particular areas of the COVID-19 testing services that clinical labs have developed and provided over the past two years.

The study reviewed lab revenue in Hawaii from May to December 2020 and is likely applicable to labs in other insurance markets. The study indicated strong growth in lab revenue from PCR tests and significant profit margins from PCR tests. Because federal law, namely the CARES Act, requires commercial insurers to cover COVID-19 testing without co-pays or other costs to the beneficiary, this increase in lab revenue will generally translate to higher costs for insurance companies. Further, when Congress passed the CARES Act, it did not provide funding to insurance companies for this coverage mandate. Many have long predicted that this would lead to increased costs for insurers, which would likely be passed on to members through higher premiums. Many insurance companies have pushed back against this coverage mandate since it was enacted.

Part of the pushback from commercial insurance companies has been to audit labs in an effort to deny claims for COVID-19 testing and to claw-back funds paid to labs for COVID-19 testing. These audits tend to focus on one or more of several issues: testing for a covered purpose, testing for travel, individualized clinical assessments, standing orders, posted cash prices, and collection codes. Some labs are particularly vulnerable to these audits because, during the pandemic, many labs rushed to invest and develop COVID-19 testing capability and capacity. Meanwhile, guidance regarding the CARES Act and the circumstances under which insurance companies are required to cover COVID-19 testing came out piecemeal and changed frequently as it developed. Due to these factors, labs may have high volumes of tests that represent a good-faith, best effort at complying with the CARES Act at the time the tests were performed, but may have compliance vulnerabilities as the law is currently understood.

Published on:

CMS uses a tool known as Comparative Billing Reports, or CBR, to analyze a provider’s billing or prescribing patterns. After collecting each provider’s patterns in a certain Medicare Fee-for-Service area, these patterns are then compared to those of peers in the same state, in the same specialty, and across the country. Accumulating these patterns allows CMS to estimate average billing and prescribing patterns are for providers. It also helps determine which providers may be outliers. These outliers are often informed of their status in order to encourage adjustments in billing practices if necessary. Sometimes, CMS develops “Special Edition” CBRs which give more extensive resources to a particular subset and could include up to 4 letters. Though the CBR letters generally require no response from the provider, it is important to take the information into consideration to avoid complications or possible audits in the future. Under some circumstances, a provider may also choose to follow-up or refute any inaccurate information in a CBR letter.

Recently, CMS released a new CBR letter to critical care providers who were considered after the latest CBR data accumulation. This data came from all dates of service during the year 2021 and the trend was established by looking at cumulative data from 2019 to 2021. According to the letter, the criteria for receiving the latest CBR are that a provider:

    • 1. Is significantly higher compared to either state or national averages in any of the three metrics (i.e., greater than or equal to the 90th percentile), and
Published on:

Healthcare providers have long struggled under the administrative burden of prior authorization requirements imposed by Medicare Advantage (MA, also known as Medicare Part C) plans, as well as arbitrary prior authorization denials, utilization controls, and coverage denials by MA plans. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently took note of some of the issues providers are having with MA plans and may present a new avenue for providers dealing with these issues.

A recent OIG review of MA prior authorization requirements revealed that an estimated 13% percent of prior authorization requests which were denied by MA plans in fact met Medicare coverage rules and likely would have been approved under fee-for-service Medicare. OIG also determined that about 18% of MA claim denials in fact met Medicare coverage and Medicare Advantage billing rules. Further, OIG found that, on appeal, MA plans only reverse about 3% of prior authorization denials and about 6% of claim denials within three months. According to OIG’s analysis, advanced imaging services such as MRIs and CT scans, post-acute care following hospital stays, and pain relief injections were the most commonly affected services.

MA plans are generally required to follow Medicare coverage rules and their standards can’t be more restrictive than Medicare’s traditional national or local coverage determinations. However, MA plans often deny claims for arbitrary reasons, impose coverage criteria that do not exist under Medicare, or attempt to force provider to alter their utilization of medically necessary services to meet the MA plan’s arbitrary expectations. Moreover, the appeals processes offered by MA plans are often poorly defined and inconsistently administered.

Contact Information