Articles Posted in Fraud & Abuse

Published on:

Private equity (PE) and venture capital firms have been expending their involvement and acquisitions in the healthcare industry for years. Many physicians, physician practices, other healthcare provider types, or their employees who are approached by PE regarding an acquisition may have questions regarding the proposed deal or some of the issues that may arise.

In general, a PE firm will approach a physician practice or other provider type and propose some sort of arrangement. The PE firm may seek to buy a controlling interest in the practice, where state law allows non-physician ownership of a practice, or to set up a management services organization which contracts with and manages the practice. Either way, the PE firm acquires control over most or all of the operations of the practice. The PE firm may persuade the practice to enter the arrangement with promises that the PE firm will provide some form of management expertise, industry experience, or unique support structures that will make the practice more profitable or efficient.

However, most, though not all, PE firms adhere to a business model that prioritizes short-term profitability over other concerns. This model may conflict with the priorities of physicians who also prioritize quality of patient care, sustainment of professional and business relationships, and the long-term viability of a practice. In practice, PE firms often attempt to cut costs by decreasing administrative or clinical support staff, increasing physician workload, renegotiating contractual agreements with the practice’s vendors and employed physicians, or shifting the practice’s business model toward more profitable services and cutting less profitable patient services. While some of these measures may very well increase the efficiency of a practice, physicians should be aware that their priorities may not align with the priorities of the PE firm seeking to take over the practice. Physicians should carefully evaluate the terms and operative models of any such transaction with a PE firm or PE-back entity.

Published on:

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently announced that it intends to increase scrutiny of fee-for-service peripheral vascular procedures billed to the Medicare program. Although OIG did not describe the specific actions in intends to take, it appears likely that OIG will conduct data analysis of Medicare claims for vascular services, especially atherectomies and angioplasties; conduct audits of specific providers, likely those with high utilization of vascular services or those with prior audit denials or accusations of improper billing; and also review the program integrity measures that CMS and its contractors have taken to address fraud, waste, and abuse in these procedures.

In explaining the motivation for its review, OIG noted that the use of peripheral vascular procedures in the Medicare population has increased over the past decade. In 2022, Medicare paid more than $600 million for atherectomies and angioplasties with and without a stent in peripheral arteries. These minimally invasive surgeries aim to improve blood flow when arteries narrow or become blocked because of peripheral arterial disease but are recommended only after patients have tried medical and exercise therapy, and have lifestyle-limiting symptoms. OIG also asserted that CMS and whistleblower fraud investigations have identified these surgeries as vulnerable to improper payments.

Our firm has significant experience in representing physician groups and other providers in the defense of Medicare audits of vascular procedures. We have seen many instances in which Medicare contractors have misunderstood clinical terminology or other documentation elements relating to vascular procedures and have inappropriately denied claims or even alleged that the provider has committed fraud based only on the contractor’s own mistaken interpretation of the provider’s medical records. Providers who are audited by the Unified Program Integrity Contractors (UPICs), such as CoventBridge Group, should be particularly vigilant in reviewing any findings or claim denials issued by the UPICs. Such denials are generally appealable through the Medicare claims appeal process and may be partially or fully overturned on appeal. Even where a provider prevails on appeal, a contractor’s spurious fraud allegations can have significant detrimental impacts, including delays in payment, Medicare payment suspensions, and further audits from both Medicare and other payors.

Published on:

On April 26, 2024, the Department of Health and Human Services (HHS) published a Final Rule introducing compliance changes for reproductive healthcare information under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Titled “HIPAA Privacy Rule to Support Reproductive Health Care Privacy,” the Final Rule prohibits disclosure of protected health information (PHI) related to lawful reproductive healthcare under certain circumstances. HIPAA-covered entities will also be required to update their Notices of Privacy Practices (NPPs), obtain attestations in connection with certain requests for reproductive healthcare information, and update their HIPAA policies and training.

The Final Rule prohibits uses or disclosure of PHI to investigate or impose liability on individuals, healthcare providers, or others who seek, obtain, provide, or facilitate reproductive healthcare that is lawful under the circumstances under which it is provided, or to identify persons for such activities. Notably, the Final Rule includes a presumption, with certain exceptions, that the reproductive healthcare provided by a person other than the covered entity receiving the request was lawful. Covered entities are required to obtain a signed attestation from certain requestors that they do not seek PHI for these prohibited purposes. This requirement applies when PHI is requested for health oversight activities, judicial and administrative proceedings, law enforcement purposes, and disclosure to coroners and medical examiners. The HHS Office for Civil Rights (OCR) has stated that it intends to publish model attestation language. Additionally, covered entities are required to modify their NPPs to support reproductive healthcare privacy.

The Final Rule continues to allow covered healthcare providers to use or disclose PHI for purposes otherwise permitted under the Privacy Rule where the request for the use or disclosure of PHI is not made to investigate or impose liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare. The Final Rule will become effective on June 25, 2024, with a compliance date of December 23, 2024, except for certain requirements pertaining to Notices of Privacy Practices. Covered entities must comply with the NPP provisions of the Final Rule by February 16, 2026.

Published on:

On March 12, 2024, several senators wrote a letter to the Government Accountability Office (GAO) Comptroller General, requesting an investigation into the policies and procedures CMS has in place to prevent Medicare fraud, waste, and abuse. The senators noted that in 2022, GAO estimated there were $47 billion in improper Medicare payments with $1.7 billion being reclaimed, representing a 2.8% recovery rate.

The senators’ letter was likely prompted by a recent investigation from the National Association of Accountable Care Organizations (NAACOS), which uncovered an alleged fraudulent urinary catheter scheme. NAACOS discovered that ten medical device companies went from billing 15 patients for catheters to over 500,000 patients for catheters within a period of two years. This alleged scheme has been estimated to cost CMS over $2 billion and has garnered significant media attention. Of particular concern to the senators is the fact that NAACOS publicly commented on this issue prior to any announcements from CMS.

The senators noted that this alleged scheme highlights “critical vulnerabilities” within CMS’ fraud, waste, and abuse policies. To this point, they requested that the fraud prevention measures of the Medicare Fraud Strike Force, a team with representatives from the Department of Health and Human Services (HHS), Office of Inspector General (OIG), and Federal Bureau of Investigation (FBI), should be investigated by GAO in order to identify weaknesses and areas for improvement.

Published on:

As we noted previously, Medicare providers of wound care services continue to be the target of audits by Medicare contractors. Wound care services typically involve the application of allografts, skin substitutes, and related products to promote healing and support recovery. Due to the generally high reimbursement rates and need for frequent reapplication of these types of products, the Medicare program views such products as a high risk for improper payments or alleged fraud. Providers who utilize these products for wound care services or who are subjected to audit should understand the contours of an audit and be aware of their rights in responding to an audit.

The Medicare Unified Program Integrity Contractors (UPICs), such as the CoventBridge Group or Qlarant, typically perform these audits. UPICs are charged with the primary goal of investigating instances of suspected fraud, waste, and abuse in Medicare or Medicaid claims. Historically, UPICs are quick to allege that a provider has committed fraud and deny claims for any supposed non-compliance with coverage or documentation requirements, regardless of how minor the perceived deficiency. Providers should be cognizant that a UPIC’s allegation of fraud or non-compliance may bring about significant adverse consequences, especially when such allegations are not disputed. These allegations may be addressed by a timely and well-developed appeal of claims denied by the UPIC.

Wound care services involving skin substitutes and similar products subject to audit are generally denied for reasons such as the following:

Published on:

A recent report by the Department of Health and Human Services (HHS) Office of Inspector General (OIG) may signal even more scrutiny of healthcare providers who received funds from the Provider Relief Fund (PRF). As we have long predicted, while the PRF was intended as a financial lifeline for the country’s healthcare providers during the height of the COVID-19 pandemic, as the pandemic has cooled, it has become a minefield of compliance issues for healthcare providers and fertile ground for government auditors to demand repayments.

The PRF is a $178 billion fund created by Congress through the CARES Act to provide financial relief to healthcare providers during the COVID-19 pandemic. HHS subdivided the PRF into various general and targeted distributions and assigned the Health Resources and Services Administration (HRSA) to administer the PRF. These distributions were paid to providers in several waves between April 2020 and the present. While this infusion of cash was likely a welcome relief at the time, it came with strings attached. Some of these strings included restrictions on which providers were eligible to receive funds, restrictions on how providers could use the funds, and requirements to report on the use of the funds.

The recent OIG investigation looked at PRF payments made to 150 providers during the PRF Phase 2 General Distributions. The Phase 2 General Distributions required providers to apply for payments and submit documentation. HRSA reviewed these applications and calculated the payment amount to make to provider, mostly based on the provider’s patient care revenue as documented in the application. OIG asserted that, for 17 of the 150 providers it reviewed, HRSA had miscalculated amounts due and had overpaid the providers. OIG recommended that HRSA demand these providers return these funds and that HRSA review all other Phase 2 General Distributions for similar errors HRSA may have made.

Published on:

Hospice care has become an area of program integrity focus for the Centers for Medicare & Medicaid Services (CMS). Pursuant to that focus, CMS recently expanded the rules and scrutiny that it applies to hospices, including expanding the 36-month rule to apply to hospices.

The 36-month rule is a rule regarding changes of ownership in certain types of Medicare-enrolled entities.  If an entity undergoes a change of majority ownership within three years of its initial enrollment in Medicare or within three years of its most recent change of majority ownership, the Medicare provider agreement generally cannot be transferred to the new owner. The new owner is generally required to enroll in Medicare as a new entity, including undergoing all site surveys, accreditations, and other requirements. In the absence of a new enrollment, the new owner will not be permitted to bill under the entity that it just bought. Purchases outside the 36-month window are generally not subject to this rule. Historically, the 36-month rule applied to home health agencies (HHAs). CMS has now expanded it to apply to hospices as well.

Further, CMS has redesignated some hospices as high-risk providers, subject to additional enrollment requirements. CMS classifies provider types based on the perceived risk that the provider type poses to the Medicare program. Hospices are generally in the “moderate risk” category, requiring a site visit on top of the standard enrollment screenings. However, in the recent rule, CMS designated newly-enrolling hospices and those reporting a new owner (5% or more) as part of the “high risk” category. All owners of newly-enrolled hospices and new owners of existing hospices will be required to submit fingerprints for a criminal background check. Note that a new hospice owner may be subject to “high risk” screening without implicating the 36-month rule depending on the nature of the purchase and how much of the ownership interest is transferred. Sales and purchases of Medicare-enrolled entities may also be subject to “change of ownership” or “change of information” requirements, again depending on the nature and amount of the transfer.

Published on:

In response to the unprecedented challenges created by the COVID-19 pandemic, the Coronavirus Aid, Relief, and Economic Security (CARES) Act established the Provider Relief Fund (PRF) as an effort to financially support the nation’s healthcare providers as they grappled with COVID-19. To achieve this goal, the Health Resources & Services Administration (HRSA) was tasked with administering the PRF program, and distributed hundreds of thousands of payments from the program’s $178 billion fund to healthcare providers of all types. However, even though providers may have used the PRF funds for permitted COVID-related purposes, many providers are increasingly being demanded to return the money, and being given little to no notice or information as to why.

In the early days of the COVID-19 pandemic, the first batch of disbursements under the PRF program were unsolicited and were deposited directly into providers’ bank accounts without prior application or notice. Providers had to quickly decide whether to return the funds, or to keep the money and agree to abide by the terms and conditions of the PRF program, despite not knowing at the time precisely what those terms were. Many providers that are being subjected to the current rash of repayment demands received PRF funds during the earliest distribution phases.

The repayment demands themselves and the processes available to dispute such demands present an entirely new set of complications and may often give the impression that a provider is being unfairly targeted for performing valuable healthcare services during a public health emergency. As the administrator of the PRF program, HRSA is supposed to initially notify providers of any alleged non-compliance with the PRF program terms and conditions. Usually, this is due to HRSA’s claim that a provider has not submitted the required reporting before the appropriate deadline or within the late reporting timeframe. Notably, providers are increasingly commenting that they are not receiving any notices regarding compliance with the PRF program or reporting requirements, or further, that they are later discovering such notices were sent to the wrong address.

Published on:

Late last year, the Michigan State Medical Society (MSMS) published a letter to the Michigan Attorney General (AG) voicing concerns about the influence of private equity on the practice of medicine and what MSMS referred to as widespread violations on Michigan’s prohibition on the corporate practice of medicine (CPOM). MSMS asked the AG to promptly investigate its concerns.

CPOM refers to the practice of medicine by a corporate entity, rather than an individual practitioner. That is, a corporate entity employs physicians and maintains the control that comes with employment. Many states prohibit the corporate practice of medicine or otherwise regulate what types of entities may employ physicians. The rationale is often a desire that medical decision-making remain with the physician and should not be influenced by a non-physician employer or by profit-driven investors. These regulations are the reasons that physician “employment” is often organized into physician groups or profession corporations.

In Michigan, with a few specific exceptions, entities that provide medical services generally must be organized as professional corporations (PCs) or professional limited liability companies (PLLCs) and must be owned by licensed professionals. A common business model is for a PC or PLLC to contract with an outside management services organization (MSO), which is not physician-owned, but may have financial resources or management expertise that the licensed owners of the PC do not have.

Published on:

Healthcare providers are starting to see the first claims audits based on analysis and determinations made by artificial intelligence (AI). Although the technology is new, many of the issues remain the same. Especially where the companies that develop AI-based audit tools sell these tools and services to commercial insurance companies, AI-driven audits increasingly resemble audits of Medicare providers and suppliers performed by the Recovery Audit Contractors, or RACs.

RACs are Medicare contractors charged by the Centers for Medicare & Medicaid Services (CMS) to identify overpayments and underpayments made to providers and to facilitate return of overpayments to the Medicare Trust Fund. Primarily, RACs accomplish this by conducting audits and issuing repayment demands. RACs are different from other types of Medicare contractors that conduct audits because RACs are paid on a contingency fee. That is, RACs received a percentage of any funds they extract from providers, making them significantly incentivized to deny claims and demand repayment even where there is no clinical or legal basis to do so.

Similarly, because few insurance carriers have developed sophisticated AI tools in house, they often contract outside technology companies to provide the AI audit tools, and often to conduct the audits themselves. These outside contractors are motivated to deny claims and identify alleged overpayments in order to retain the business of the insurance carrier. This motivation is further enhanced where the outside contractor is paid a percentage of the alleged overpayments that their AI tool identifies. Therefore, any provider should carefully scrutinize any such audit findings, much as they would scrutinize the findings of a similarly motivated RAC.

Contact Information