Fraud & Abuse

Published on: July 22, 2021

OIG Focuses Efforts on Telehealth Audits

The opportunity for expanded use of telehealth services spurred by the COVID-19 pandemic provided many individuals with greater access to healthcare services and allowed providers to furnish patient care in safe environments. However, this expansion has led to potential abuse concerns, prompting the Department of Health and Human Services (HHS) Office of Inspector General (OIG) to issue a statement announcing that OIG is conducting seven different audits, evaluations, and inspections of telehealth services under the Medicare and Medicaid programs.

Because OIG is investigating providers specific to telemedicine, these audits will review remote patient monitoring, virtual check-ins, and e-visits. An OIG report issued in April 2018 concluded that 31% of the sample claims reviewed did not meet the Medicare conditions for payment for telehealth services. That report was prior to the broad expansion of telemedicine from the COVID -19 pandemic. Providers who have billed for telehealth services during the public health emergency (PHE) should be prepared to undergo audits of those claims.

Current OIG telemedicine audit projects include:

Published on: July 6, 2021

Responding to a Targeted Probe and Educate Review

by Wachler & Associates, P.C.

A healthcare practice or other provider or supplier receives a letter from their Medicare Administrative Contractor (MAC). The letter notifies the provider that they have been selected for a Targeted Probe and Educate (TPE) review. This initial letter, the Notice of Review, likely does not include any specific records requests but indicates that the MAC will request records at a later date. The letter may briefly describe the TPE process as including three rounds of claims review with education after each round. This letter will likely warn that, if a provider/supplier fails to improve the accuracy of its claims after three rounds, the MAC will refer the provider/supplier to CMS for additional action, such as prepayment review, extrapolation of overpayments, referral to a RAC, or other disciplinary action.

A provider or supplier navigating a TPE review should take care to comply with the program’s requirements and timelines and should be aware of the potential consequences of a review. A TPE review can take months or years to resolve and can have devastating impacts on a provider’s business, up to and including revocation of Medicare billing privileges and placement on the CMS Preclusion List.

After the Notice of Review, the MAC will send Additional Documentation Requests (ADR) for 20-40 claims. However, these ADRs may be indistinguishable from any other, with no indication of the added importance of being pursuant to a TPE audit. The ADRs will require a response within 45 days. After the provider submits the documentation, the MAC is required to provide direct one-on-one education to the provider. The MAC will then issue a letter that outlines its findings. If a high number of claims are denied, the MAC will proceed to a second round of review of 20-40 claims and education. If a high number of claims are denied again, the MAC will proceed to a third round.

Published on: June 30, 2021

A Primer on SMRC Audits

by Wachler & Associates, P.C.

The Centers for Medicare & Medicaid Services (CMS) contracts with a Supplemental Medical Review Contractor (SMRC) who provides support for a variety of tasks aimed at lowering improper payment rates and increasing efficiencies of the medical review functions of the Medicare and Medicaid programs. Noridian Healthcare Solutions was selected as the SMRC in 2018. The SMRC conducts nationwide medical reviews of Medicare Parts A and B, DMEPOS, and Medicaid claims to determine whether claims follow coverage, coding, payment, and billing requirements. The focus of the medical reviews may include areas identified by CMS data analysis, the Comprehensive Error Rate Testing (CERT) program, professional organizations, and federal oversight agencies. At the request of CMS, the SMRC may also carry out other special projects to protect the Medicare Trust Fund.

SMRC audits are referred to as projects and there are three categories of SMRC project reviews:

Healthcare Fraud Prevention Partnership (HFPP) Review: Based on fraud, waste, and abuse trends identified by the HFPP.

Published on: May 24, 2021

OIG Makes Multiple Updates to Work Plan in May 2021

by Wachler & Associates, P.C.

In May 2021, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) added several new items to its work plan. The OIG work plan sets forth various projects including OIG audits and evaluations that are underway or that OIG plans to address during the fiscal year and beyond. These are some of the highlights of the new additions to the work plan of which providers and suppliers should be aware.

First, OIG will audit payments made to healthcare providers under the general distributions of the Provider Relief Fund. This includes approximately $92 billion across all three phases of the general distributions. Provider who received these funds were required to meet certain requirements, such as submitting revenue information and supporting documentation to the Health Resources and Services Administration (HRSA), which used this information to determine eligibility and payments. OIG will perform a series of audits of funds related to the three phases of the General Distribution to determine whether payments were: (1) correctly calculated for providers that applied for these payments, (2) supported by appropriate and reasonable documentation, and (3) made to eligible providers.

Second, OIG will conduct a nationwide, three-part study of the effects of the COVID-19 pandemic on nursing homes. The first part will analyze the extent to which Medicare beneficiaries residing in nursing homes were diagnosed with COVID-19 and describe the characteristics of those who were at greater risk. The second part will describe the characteristics of the nursing homes that were hardest hit by the pandemic (i.e., homes with high numbers of beneficiaries who had COVID-19). The third part will describe the strategies nursing homes used to mitigate the unprecedented challenges of COVID-19.

Published on: May 19, 2021

Common Reasons for Medicare Revocations

by Wachler & Associates, P.C.

Federal regulations provide 22 distinct reasons that the Centers for Medicare & Medicaid Services (CMS) may use to revoke a healthcare provider’s or supplier’s Medicare billing privileges. Any revocation can have devastating impacts on a provider, but the grounds for revocation are often misunderstood. These are some of the most common reasons CMS will assert in revoking Medicare billing privileges.

Noncompliance: CMS may revoke a provider for noncompliance with Medicare enrollment requirements. This is somewhat of a catch-all and is often used when CMS or a contractor alleges technical issues with the myriad of requirements for a provider to maintain Medicare enrollment, such as issues with a provider’s surety bond, insurance policy, or business telephone lines. This reason for revocation is unique in two ways: the contractor often has authority to revoke without asking CMS to make the decision and the provider may have the opportunity to submit a Corrective Action Plan (CAP) demonstrating that they have addressed the issue.

Felony Convictions: CMS may revoke a provider when the provider or any of its owners or managers have been convicted in the last 10 years of any felony that CMS deems detrimental to the Medicare program or beneficiaries. This most often includes financial crimes such as insurance fraud or healthcare fraud but can include many others. A guilty plea or pretrial diversion program may still constitute a conviction. Moreover, even where a provider has previously disclosed the felony conviction, CMS may still use it as a reason to revoke. Where a provider is revoked for a felony, CMS will often make the revocation retroactive and back-date it to the date of the conviction.

Published on: May 6, 2021

HHS, DOJ Active in National Telemedicine Fraud Enforcement

by Wachler & Associates, P.C.

Two nurse practitioners, with Medicare patients based in Montana, recently pled guilty to conspiracy to commit healthcare fraud. The two NPs were among 345 other healthcare professionals charged in a nationwide healthcare fraud and opioid action undertaken by the United States Department of Justice (DOJ) in September 2020. This alleged fraudulent activity has resulted in charges for defendants in various healthcare professions, including, genetic testing laboratories, pharmacies, and durable medical equipment (DME) companies.

Since September 2020, DOJ has been investigating a largescale telefraud scheme which alleges that a marketing network brought in hundreds of thousands of unaware participants through the use of telemarketing calls, direct mail, television advertisements, and internet advertisements. The telemedicine executives charged in the action allegedly paid healthcare providers to request DME, medications, and laboratory and diagnostic testing that were medically unnecessary and either without any patient interaction or with only a short telephone conversation with patients the providers had never met or seen. Often, the test results, medications, or DME ordered were not provided to the beneficiaries, were not medically necessary or of use to the beneficiaries, or were the result of false diagnoses. The two individual NPs pled guilty to conspiracy to commit healthcare fraud through their involvement in a plan related to DME, specifically braces used in orthotics. The two NPs received illegal payments from telemedicine companies in exchange for signing orders for braces received by unlicensed telemarketers with no formal training. Medicare patients received the braces without having been seen by a healthcare provider. The orthotics ordered by the nurses for Medicare patients were not medically necessary, and Medicare will only pay for services that are medically necessary and reasonable and supplies used to diagnose and treat a patient’s condition.

Since 2016, the Department of Health and Human Services Office of Inspector General (HHS OIG) has recorded a significant increase in telefraud, healthcare fraud related to telemedicine. Prior to the COVID-19 Public Health Emergency (PHE), Medicare only reimbursed providers for telehealth services for routine appointments in specific circumstances. In addition, the telehealth visit was required to be a real-time, two-way interactive communication using video technology, with a patient and provider who had a previous established relationship. However, as a result of the COVID-19 pandemic, the Center for Medicare and Medicaid Services (CMS) expanded Medicare’s telehealth benefits and allows for the billing of evaluation and management (E/M) audio-only telemedicine visits for the duration of the COVID-19 PHE.

Published on: April 9, 2021

Can Patient Assistance Programs Help Patients Pay for Medical Costs?

by Wachler & Associates, P.C.

When an expensive treatment option is unavailable to a patient because of cost or lack of insurance coverage, some healthcare providers turn to a Patient Assistance Program or PAP to help their patients pay for treatment. The Department of Health and Human Services Office of the Inspector General (OIG) has long recognized that PAPs provide important safety net financial assistance to patients that cannot afford the costs of treatment.

However, OIG believes PAPs also present a risk of fraud, waste, and abuse. OIG’s primary concerns are that donor contributions to the PAP and the PAP’s grants to patients both implicate the Anti-Kickback Statute because they could induce or influence the PAP to send business to the donor or influence the patient to choose certain items. Similarly, OIG has expressed concern that a PAP’s grants to patients implicate the Beneficiary Inducement Statute because it could influence the patient’s selection of a particular provider.

Therefore, a PAP should be structured with certain safeguards in place to steer clear of fraud, waste, and abuse allegations. These safeguards may include structuring the PAP as an independent charitable organization that is not controlled by the donors. OIG has indicated that, in order to ensure such independence, a PAP should not exert direct or indirect influence over its donors, nor should donors have links to the charity that could directly or indirectly influence the operations of the charity or its grant programs. Safeguards may also include making the assistance available to all eligible patients on an equal basis and providing it on a first-come, first-served basis to the extent that funding is available; awarding assistance without regard to any donor’s interests and without regard to the patient’s choice of product, provider, practitioner, supplier, or insurance plan; and providing assistance based upon a reasonable, verifiable, and uniform measure of a patient’s financial need. A PAP and providers should also be cautious about advertising the existence of the PAP or the availability of assistance.

Published on: March 29, 2021

First Provider Relief Fund Indictment Provides Window Into Enforcement Issues

by Wachler & Associates, P.C.

On February 10, 2021, the United States Department of Justice filed the first criminal charges relating to a alleged violation of the terms the Provider Relief Fund (PRF). The allegations contained in the indictment illustrate some of the pitfalls of the PRF and the importance of compliance with its terms. It may also provide insight into coming enforcement actions.

The alleged defendant was a resident of southeastern Michigan who owned and operated a home health agency in Indiana. The home health agency closed in January 2020 and filed a notice of voluntary termination with Medicare in March 2020. However, despite the filing of this notice, when the first wave of payments under the PRF were automatically deposited into providers’ accounts in April, the defendant’s home health agency received approximately $38,000. The defendant then allegedly submitted an attestation to the terms and conditions of the PRF payment and allegedly distributed the funds to family members in a series of checks, all just under $10,000. The indictment charged the defendant with one count of Theft of Public Money, Property, or Records.

This indictment touches several possible areas of enforcement or audits of PRF payments, including eligibility criteria, attestations, and use of the funds. The first wave of payments under the PRF consisted of $30 billion that was automatically deposited in providers’ accounts in amounts based on a provider’s 2019 Medicare billing. Providers did not make requests or applications for this funding. However, simply because a provider received money did not mean they were entitled to keep it, a provider also had to meet the eligibility criteria, such as the requirement that it provided services after January 31, 2020.

Published on: March 22, 2021

A Primer on the Stark Law, Anti-Kickback Statute, and EKRA

by Wachler & Associates, P.C.

Imagine a physician wants to rent office space from another physician, but the two refer patients to each other. Or a clinical laboratory wants to contract with a marketer to promote their products. Three of the largest compliance concerns when structuring such an arrangement are the Stark Law, also known as the Physician Self-Referral Law, the Anti-Kickback Statute, often referred to as the AKS, and the Eliminating Kickbacks in Recovery Act, or EKRA. All three regulate referrals and can carry stiff penalties, sometimes criminal penalties. However, each also contains a series of exceptions or safe harbors into which some business structures may fit. Even simple arrangements between healthcare entities can involve complex analysis to comply with these statutes.

The Stark Law, 42 U.S.C. 1395nn, prohibits physicians from referring patients to receive “designated health services” payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Financial relationships include both compensation and ownership or investment interests. Designated health services include clinical laboratory services, PT and OT, DME, some imaging services, and several other services. Some of the most common exceptions to the Stark law include the in-office ancillary exception, fair market value compensation, and bona fide employment relationships. CMS has also recently implemented exceptions related to value-based arrangements.

The AKS, 42 U.S.C. 1320a-7b(b), is a criminal statute that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by federal health care programs. Remuneration means far more than cash payments and includes anything of value. If the AKS applies, conduct may still be lawful if it falls into one of several “safe harbors.” Some of the most common safe harbors are the investment interest safe harbor, specific types of rental agreements for office space or equipment, and contracts for personal services that meet certain criteria. Like the Stark Law, CMS has also implemented safe harbors for certain value-based arrangements.

Published on: March 1, 2021

A Primer on Medicare Revocation

by Wachler & Associates, P.C.

A revocation of Medicare billing privileges can have devastating impacts on a healthcare provider. Not only does a revocation render the provider unable to bill the Medicare program for a period of time, but it can have wide-ranging impacts on a provider’s practical ability to operate or to practice in their chosen field.

Medicare billing privileges can be revoked for twenty-two enumerated reasons, including non-compliance with Medicare enrollment requirements, felony convictions, and failure to respond to requests for medical records. A recent expansion of CMS’s revocation authority also updated the ability to revoke a provider for an “abuse of billing privileges” to include a pattern or practice of submitting claims that do not meet Medicare requirements. In some cases, the Medicare Administrative Contractor (MAC) gathers the information and determines to revoke a provider. In other cases, the MAC forwards the information to the Centers for Medicare & Medicaid Services (CMS) and CMS makes the revocation determination. The revocation may be based on a prior interaction with the MAC or CMS, such as a prior audit of the provider. The provider may not necessarily be told during this interaction that it can lead to a revocation of billing privileges.

When CMS or a MAC revokes billing privileges, they will set a reenrollment bar, which dictates how long a provider must wait before it can reapply for Medicare billing privileges. CMS recently expanded its authority to set the reenrollment bar. In general, reenrollment bars may now be set between 1 and 10 years, depending on the circumstances, although certain provisions allow for longer bars. CMS may also decide to place a revoked provider on the CMS Preclusion List. The Preclusion List labels the provider a “bad actor” and cuts off their ability to bill Medicare Part C and Part D. A Medicare revocation or placement on the Preclusion List may also impact contracts outside the Medicare program. For example, commercial carriers may terminate participation agreements with a provider based on a Medicare revocation or placement on the Preclusion List.