Articles Posted in Medicaid

Published on:

Nearly 4 years after the beginning of the COVID-19 pandemic, healthcare providers continue to see payor audits and demands for repayment for services provided during the pandemic, primarily COVID-19 testing and vaccinations. While these services were an essential public function during the pandemic, constantly changing and often unclear rules and regulations governing the coverage of these services have created fertile ground for payors to allege after-the-fact that provider were not entitled to payment.

The issues asserted by payors tend to be systemic; that is, related to the process used by the provider rather than issues related to any unique characteristics of any specific claim. Therefore, these allegations often lead to demands that the provider pay back a significant portion of reimbursements for their COVID-19 services, often in the hundreds of thousands or millions of dollars.

COVID-19 audits tend to focus on a few common issues. Payors may audit providers based on the requirement for an “individualized clinical assessment,” including whether the ordering provider was authorized, whether the order for testing was within the scope of state law, whether the assessment was conducted by telemedicine or by a questionnaire, whether the ordering provider used a standing order, and what rules apply where a state does not or did not require an order for COVID-19 testing. The use of standing orders has become a particular point of contention, especially in cases where the practitioner who issued the standing order did not personally examine patients, was located offsite, or was under contract with and receiving reimbursement from the entity billing for the services.

Published on:

Both the Centers for Medicare & Medicaid Services (CMS) and its plethora of contractors rely on the mail to notify providers and suppliers of document requests, audit findings, disciplinary actions, and many other important items. Providers should be careful that their mailing addresses on file with Medicare are current and accurate. Failure to do so can result in the provider not receiving an important piece of correspondence and inadvertently causing significant consequences for the provider.

The Medicare Provider Enrollment, Chain, and Ownership System (PECOS) is the online Medicare enrollment management system. It allows individuals and entities to enroll as Medicare providers or suppliers. When a provider or supplier enrolls in Medicare, it must provide a series of addresses, including a correspondence address, medical review address, and payment address. Whether a provider enrolls online or uses a paper application, once the provider is enrolled, these addresses are stored in PECOS. In PECOS, a provider can check and edit their listed addresses. When CMS or a contractor needs to mail correspondence to the provider, they will look to PECOS for the address to use. As there are multiple address types listed in PECOS, which may list different addresses, the address selected may relate to the purpose of the correspondence, or a contractor may simply choose an address seemingly at random.

Items that may be sent to a provider’s address or addresses listed in PECOS may be Additional Documentation Requests (ADRs), notices of audits, notices of audit findings with appeal rights, and notices of disciplinary proceedings such as Medicare suspensions, revocations, and exclusions. A provider that does not receive one of these because of an incorrect address listed in PECOS may inadvertently fail to provide records, miss an appeal deadline, or otherwise miss the chance to address some action that Medicare takes against them. In general, where correspondence is sent to the address in PECOS, Medicare will assume that it was received and shift the responsibility to the provider to keep PECOS updated. Not receiving such mail can have devastating consequences for the provider and make subsequent appeal or remedials actions much more difficult.

Published on:

Medicare providers who use skin substitutes, allografts, and similar products for wound care are seeing a sharp increase in audits by Medicare contractors. These products often carry high reimbursement rates and require frequent reapplication. Therefore, they are seen by the Medicare program as high risk for improper payments or outright fraud. Providers who use these products or who are subjected to audit should know the consequences of an audit and that there are avenues to respond.

Many of these audits are conducted by Unified Program Integrity Contractors (UPICs), such as CoventBridge group. UPICs are Medicare contractors tasked with auditing providers for suspected fraud in claims submitted to the Medicare or Medicaid programs. Notably, UPICs are quick to deny claims and allege that the provider has committed fraud for any perceived noncompliance with documentation requirements, no matter how minor. A UPIC’s allegation of fraud can nonetheless have serious consequences for a provider, especially when not rebutted, but such allegations may be addressed through the timely appeal of claims denied by the UPIC.

Denial reasons in wound care audits generally include: the specific product was investigational or experimental, conservative treatment was not documented prior to application of the product, there is no documentation regarding why one product was chosen over another product or another course of treatment, the product was reapplied too many times or over too long a period, the patient did not show significant enough improvement to justify continued use, and that the product was not used for a “homologous use.” “Homologous use” is defined by statutes and regulations governing FDA approval for a product and generally means that tissue is used by the patient in the same manner as it was used by the donor. For example, auditors often claim that placental-derived products can only be used as a “wound covering” because the placenta “covers” the fetus, and that “wound healing” is a separate, inappropriate use. Each of these denial reasons can be addressed in the claims appeal process.

Published on:

The Michigan Medicaid program recently sent a program-wide email to healthcare providers and suppliers reminding them of certain duties under the Michigan Medicaid program. Specifically, the Michigan Department of Health and Human Services (“MDHHS”), which oversees the Michigan Medicaid program, emailed providers that:

“As a reminder, all Medicaid-reimbursed services are subject to review for conformity with accepted medical practice and Medicaid coverage and limitations. The Michigan Department of Health and Human Services (MDHHS) conducts post-payment reviews to verify services, providers, settings, and appropriate billing. Providers must, upon request from authorized agents of the state or federal government, make available for examination and photocopying all medical records, quality assurance documents, financial records, administrative records, and other documents and records that must be maintained. Providers must maintain, in English and a legible manner, written or electronic records necessary to fully disclose and document the extent of services provided to beneficiaries. The records are to be retained for a period of not less than seven years from the date of service, regardless of a change in ownership or termination of participation in Medicaid for any reason.”

Generally, each of these is a basic program requirement applicable to all providers and suppliers who submit claims to the Michigan Medicaid program and are found in state statute, regulation, policy, participation agreement, or other sources.

Published on:

Recently, the Centers for Medicare & Medicaid Services (CMS) published the calendar year (CY) 2024 physician fee schedule (PFS) final rule, which solidified certain proposed changes to Medicare provider enrollment requirements. The changes discussed below go into effect January 1, 2024.

The final rule expands CMS’s current revocation and denial authorities in two significant ways. First, CMS now has the ability to revoke enrollment if a provider, supplier, or any owner, managing employee or organization, officer, or director has been convicted of a misdemeanor under federal or state law within the previous 10 years that CMS deems detrimental to the best interests of the Medicare program and its beneficiaries. Previously, CMS only had the authority to revoke a provider’s Medicare enrollment in the event of a conviction for certain felonies. CMS has stated that this could include any misdemeanor that, in its judgment, places the Medicare program or its beneficiaries at immediate risk, such as a malpractice suit that results in a conviction of criminal neglect or misconduct.

Second, the final rule expands CMS’s authority to revoke and deny enrollment if a provider, supplier, or any owner, managing employee or organization, officer, or director has had a civil judgment under the False Claims Act (FCA) imposed against them within the previous 10 years. Prior to the CY 2024 final rule, CMS did not have the authority to revoke a provider’s Medicare enrollment solely related to FCA activity. For purposes of this ground for revocation or denial, the term “civil judgment” would not include FCA settlement agreements – the provision requires a judgment against the provider or supplier.

Published on:

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) recently entered into a first of its kind resolution agreement and corrective action plan to settle potential HIPAA violations arising out of a ransomware attack. The agreement to settle alleged HIPAA violations was entered into with Doctors’ Management Services (DMS), a practice management company acting as a business associate to several covered entities.

By way of background, in April 2019, OCR opened an investigation based on a breach report from DMS. The report stated that approximately 206,695 individuals were affected when the DMS network server was infected with ransomware. The initial unauthorized access to the network occurred several years prior. However, DMS did not detect the intrusion until late 2018 after ransomware was used to encrypt their files. Based on its investigation, OCR alleged that:

  • DMS failed to conduct an accurate and thorough risk analysis that assessed technical, physical, and environmental risks and vulnerabilities associated with handling electronic patient health information (ePHI);
Published on:

In November 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its General Compliance Program Guidance (GCPG). This guidance was released as part of OIG’s Modernization Initiative, which seeks to make compliance program guidance more user friendly and accessible. The document does not include new information but instead summarizes existing guidance regarding fraud and abuse risk, serving as an up-to-date comprehensive reference guide for the general healthcare community and industry stakeholders. OIG also noted that in 2024 it will begin publishing industry segment-specific CPGs (ICPGs) which will address compliance measures for industry subsectors.

The GCPG is not legally binding on any individual or entity, but contains valuable information regarding compliance with federal fraud and abuse statutes and regulations. The OIG guidance includes information regarding key fraud and abuse laws, the primary elements of an effective compliance program, program adaptations for small and large entities, other compliance considerations, and OIG resources and processes.

The GCPG begins with an overview of the principal federal fraud and abuse laws including the Anti-Kickback Statute (AKS), the Physician Self-Referral Law (PSL; also known as the “Stark law”), the False Claims Act (FCA), and the Civil Monetary Penalty law (CMP). Their stated goal in summarizing these laws is to “create awareness and provide tools and resources to aid compliance efforts in both preventing violations and identifying potential red flags early with respect to these laws and regulations.”

Published on:

In light of the rapid technological advancements and increasing utilizations of artificial intelligence (AI), the World Health Organization (WHO) issued a publication outlining key regulatory considerations on AI for healthcare. The publication highlights emerging best practices for the development and use of AI in healthcare and aims to lay out an overview of regulatory considerations on AI for healthcare covering six general topic areas discussed below.

As the publication explains in greater detail, the WHO recommends that stakeholders take into account the following considerations as they continue to develop frameworks and best practices for the use of AI in healthcare:

  1. Documentation and transparency: Pre-specifying and documenting the intended medical purpose and development process should be considered in a manner that allows for the tracing of the development steps as appropriate. A risk-based approach should also be considered for the level of documentation and record-keeping utilized for the development and validation of AI systems.
Published on:

In November 2021, the Centers for Medicare & Medicaid Services (CMS) published a final rule expanding their ability to revoke Medicare billing privileges of providers and suppliers. This rule went into effect January 1, 2022, and has significantly increased the importance of a diligent and careful response when faced with a CMS audit.

Prior regulations required CMS to consider the following three factors when determining whether a provider or supplier was engaged in the type of billing practices which could support a revocation: (1) the reason for any claim denials, (2) the length of time over which any pattern or practice of submitting claims that fail to meet Medicare requirements occurred, and (3) how long the provider or supplier had been enrolled in Medicare.

CMS asserted that these three considerations inhibited their ability to “target brief periods involving a significant percentage of denied claims” and therefore proposed revisions to this framework which it believed would strengthen CMS’ overall program integrity efforts. The new framework now considers the following four factors:

Published on:

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced several new changes in its Work Plan update for October 2023. The OIG Work Plan forecasts the projects that OIG plans to implement over the foreseeable future. These projects usually include OIG audits and evaluations. Below are the highlights from the Work Plan update of which providers and suppliers should take notice.

First, OIG will perform an audit of the Morehouse School of Medicine’s National Infrastructure for Mitigating the Impact of COVID-19 (NIMIC) initiative. The NIMIC initiative is a 3-year, $40 million cooperative agreement between HHS’s Office of Minority Health and the Morehouse School of Medicine to fight COVID-19 in racial and ethnic minority, rural, and socially vulnerable communities. The Morehouse School of Medicine is leading the initiative to coordinate a strategic network to deliver COVID-19 related information to communicates hit hardest by the pandemic.

Second, OIG will audit the accuracy of the Child Care and Development Fund (CCDF) attendance records at Minnesota child care centers. The CCDF is the primary federal funding source devoted to subsidizing the child care expenditures of low-income families. OIG has stated that it identified issues with the completeness and accuracy of child care attendance records and with related billings for child care services. Minnesota, as well as possibly additional states, have been selected by OIG for a review to determine whether the state(s) complied with federal and state requirements related to attendance records and whether payments for services at child care centers were allowable.

Contact Information