Published on:

The U.S. Department of Health and Human Services’ (HHS) Centers for Medicare & Medicaid Services (CMS) recently issued a proposed rule to implement requirements of the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Specifically, this proposed rule would adopt standards for “healthcare attachments” transactions, which would support both healthcare claims and prior authorization transactions, and a standard for electronic signatures to be used in conjunction with healthcare attachments transactions. CMS has stated that it believes the proposed rule would result in significant cost savings and a reduction in administrative paperwork, allowing healthcare providers to allocate more time on direct patient care.

The HIPAA Administrative Simplification rule is designed to ensure consistent electronic communication across healthcare systems and promote efficient transfer of administrative data between health plans, healthcare providers, and clearinghouses. This regulation requires HIPAA-covered entities to adopt standards for transactions involving the electronic exchange of healthcare data and specifies standards to be used in all HIPAA-covered transactions.

Healthcare attachments are documents that provide additional information to aid in the healthcare payment decision-making process. This information typically includes patient or case-related information, patient test results, and medical records. The proposed rule would mandate a standard format for the transmission of healthcare attachments between HIPAA-regulated entities to support electronic healthcare claims and prior authorization transactions, which currently lack an efficient and uniform method of sending attachments.

Published on:

The U.S. Department of Health and Human Services (HHS) has announced the coming end of the COVID-19 Public Health Emergency (PHE) and has provided guidance on the phase-out of PHE 1135 Waivers. HHS announced that the PHE will expire on May 11, 2023, which will trigger the planned transition and phase-out of PHE 1135 Waivers.

During the COVID-19 PHE, HHS and its constituent agencies, such as the Centers for Medicare & Medicaid Services (CMS), waived many regulatory requirements to create additional flexibility for providers to help ensure that beneficiaries’ needs for healthcare items and services continued to be met during the pandemic. Under the 1135 Waivers, a provider’s noncompliance with certain requirements would generally not result in sanctions so long as the goods or services were provided in good faith and absent of fraud and abuse. As the pandemic winds down and the PHE ends, HHS has provided guidance on the phasing out of the 1135 Waivers and has provided insight on which items and services will and will not be affected moving forward.

According to HHS, the federal government will stop providing free COVID-19 vaccines and treatments, primarily because Congress has not authorized additional funds to purchase more vaccines and treatments. Instead, these items will be transitioned to traditional health insurance carriers. HHS has indicated that this transition will be accomplished in a “thoughtful, well-coordinated manner” and that carriers would cover COVID-19 vaccines and treatments without co-pays, but HHS has not released details or addressed how this transition will impact providers. COVID-19 testing will similarly be affected. While Congress required insurance carriers to cover certain COVID-19 tests during the PHE, when the PHE ends, this requirement will also end and coverage for COVID-19 testing will be determined solely by the individual carrier’s coverage policies.

Published on:

Under the Consolidated Appropriations Act (CAA), a new Medicare provider type, the rural emergency hospital (REH), has been created with the goal of preserving access to outpatient hospital services in rural communities. Rural providers already face numerous financial and operational challenges, and the high number of recent closures of rural hospitals has only compounded the health disparities in rural communities. The introduction of this new provider type offers a targeted solution for small rural providers that cannot continue to operate a full-service hospital.

Under the new classification, an REH is a Medicare-enrolled provider that must furnish emergency department services and observation care. REHs may also provide other outpatient services, but may not provide inpatient services, except for certain skilled nursing facility services. Currently, for outpatient services, an REH’s annual per patient average length of stay cannot exceed 24 hours. Additionally, REHs benefit from two basic payment policies: a monthly facility payment of $272,866 per month in 2023 and payment at 105% of the Outpatient Prospective Payment System (OPPS) rate for services that qualify as REH services.

To enroll as an REH, eligible providers must submit a Form CMS-855A change of information application, rather than an initial enrollment application. This process avoids the gap in payment that typically accompanies initial enrollment and helps ease the burden that would otherwise fall on prospective REHs. The provider must also submit an action plan for initiating REH services, including a transition plan that lists the services the provider will retain, modify, add, and discontinue. The action plan must also include a description of the services the REH elects to provide, in addition to the required emergency department services and observation care, and a description of how it will use the facility payment. An eligible provider may only become an REH by converting from a critical access hospital (CAH) or rural hospital. Only providers that were a CAH or rural hospital with 50 beds or less on the enactment date of the CAA (December 27, 2020) are eligible to convert to an REH.

Published on:

Michigan’s reworked Corporate Practice of Medicine laws now allow for multidisciplinary practices amongst physicians (licensed MDs and DOs), podiatrists, and chiropractors. Prior to 2022, Michigan’s Corporate Practice of Medicine laws prohibited chiropractors from forming professional corporations with physicians and podiatrists. Now, chiropractors are generally permitted to form professional corporations with physicians and podiatrists without violating Michigan’s Corporate Practice of Medicine laws.

Corporate Practice of Medicine occurs when a corporate entity practices medicine, as opposed to an individual practitioner. In this arrangement, the corporate entity employs physicians, and the physician provides the medical services. Since corporate entities generally exercise some level of control over how their employees perform their roles and many states believe that medical decision making should solely be done by physicians and not be influenced by non-physician employers, many states prohibit or regulate the corporate practice of medicine. These prohibitions and regulations are one of the reasons that physicians form physician groups or professional corporations.

While each state has its own approach to regulating the corporate practice of medicine, there are three general approaches. First, some states do not regulate the corporate practice of medicine or otherwise restrict physicians’ ability to be employed by entities controlled by non-physicians. Second, some states fully prohibit the corporate practice of medicine. These states allow only physicians to form and be shareholders in professional corporations, associations, or professional limited liability companies (PLLCs), and do not permit non-physicians to employ physicians. Finally, other states fall somewhere in the middle. Several states allow non-physicians to own a portion of a professional corporation that practice medicine, but limit this to a minority (49%) interest or other non-controlling interest. Other exceptions exist as well. Some states impose less strict or even no restrictions on non-profit corporations’ practice of medicine. For example, Texas has a general prohibition on the corporate practice of medicine but has a specific exception for Non-profit corporations.

Published on:

In January 2023, the U.S. Department of Health and Human Services (HHS) through the Centers for Medicare & Medicaid Services (CMS) issued a final rule implementing policies for the Medicare Advantage (MA) Risk Adjustment Data Validation (RADV) program. The RADV program is CMS’s primary audit and oversight tool of MA program payments. Under the RADV program, CMS identifies improper risk adjustment payments made to Medicare Advantage Organizations (MAOs) in situations where medical diagnoses submitted for payment allegedly were not supported in the beneficiary’s medical record.  The RADV final rule is oriented to ensure that Medicare recipients have access to the benefits and services they need, including under MA plans, while protecting the fiscal administration of the Medicare program by aligning CMS’s oversight of traditional Medicare and MA programs.

Under the final rule, CMS will not extrapolate audit findings for payment years 2011 through 2017, and will collect only non-extrapolated overpayments for those plan years. This is a notable departure from previous rulemaking, which proposed to apply extrapolation beginning in payment year 2011. Audit extrapolations will begin with the plan year 2018 RADV audit using any extrapolation technique that is statistically valid. CMS has indicated that the audits will center on plans identified as highest risk for improper payments. CMS also stated its intention that, while they are not required to do so, CMS will continue to disclose their extrapolation methodology to MAOs in order to provide MAOs with information sufficient to understand the means by which CMS extrapolated the RADV payment error.

The final rule also solidifies the proposed policy that CMS will not apply a fee for service (FFS) adjuster in RADV audits. The final rule explains that the requirement for actuarial evidence in MA payments applies to how CMS risk-adjusts the payments it makes to MAOs, and not to the obligation to return overpayments for unsupported diagnosis codes, including overpayments identified during a RADV audit. Additionally, CMS has expressed that it does not believe that it is reasonable to interpret the relevant provisions in the Social Security Act as requiring a reduction in payments to MAOs by a statutorily set minimum adjustment in the coding pattern adjustment, while at the same time prohibiting CMS from paying at those reduced rates by mandating a FFS adjuster for RADV audits. In light of these recently finalized policies, MAOs should take steps to ensure compliance with the Medicare program in order to be fully prepared for increased audits of MA plans.

Published on:

As the COVID-19 public health emergency (PHE) gets extended yet again and while the healthcare industry continues to grapple with the numerous changes and developments over the past several years, providers should gear up for an uncertain landscape in 2023. Between the massive influx of providers implementing telehealth services and the countless unprecedented changes and reforms within the healthcare industry as a whole, the PHE has continued to be a constant, underlying source of uncertainty for providers when it comes to compliance and government imposition. There are several focus areas that healthcare providers in 2023 should approach with caution and this blog will briefly discuss some of those areas.

The COVID-19 pandemic ushered in a nationwide shift in how providers deliver healthcare services, as services delivered via telehealth became more widely utilized and more readily covered by governmental and commercial payors. However, some of the fundamental regulatory flexibilities and policy waivers that made this shift possible are temporary, which creates an unpredictable environment for providers in 2023. To make matters more complex, telehealth services have been an area of increased scrutiny by enforcement agencies and appear to remain a focus of future enforcement action. Moreover, the increased prevalence of telehealth services raises data privacy concerns generally, but in particular for providers subject to HIPAA. When the PHE does inevitably come to an end, so too will some of the flexibilities that allow HIPAA-covered providers to accessibly provide telehealth services without greater data privacy controls. Providers should take the opportunity to analyze possible changes to their data privacy practices to ensure compliance following the end of the PHE.

Over the course of the past several years, providers have seen heightened levels of government enforcement activity related to alleged fraud and abuse within the healthcare industry, and it does not appear to be slowing down any time soon. In 2021 alone, the Department of Justice (DOJ) generated $5.6 billion in False Claims Act (FCA) settlements and judgments. As several of the Department’s stated priorities have not changed since February 2022, providers can expect to see continued enforcement action in areas such as opioid abuse, Medicare managed care (Part C), and audits looking for allegedly medically unnecessary services. Furthermore, a series of memoranda issued by current and past attorneys general seem to sway back and forth concerning the limitations on the uses of sub-regulatory guidance in FCA cases, adding even greater uncertainty to future fraud and abuse enforcement activity.

Published on:

Healthcare providers have seen a disturbing rise in audits by Medicare Unified Program Integrity Contractors (UPICs). The stated purpose for the UPICs is to investigate instances of suspected fraud, waste, and abuse in Medicare or Medicaid claims. However, UPICs are often over-zealous in alleging fraud where there is none, thereby causing devastating consequences for Medicare providers.

Like the Medicare Administrative Contractors (MACs), Recovery Audit Contractors (RACs), and the now-defunct Zone Program Integrity Contractors (ZPICs), UPICs are government contractors that have been tasked by the Centers for Medicare & Medicaid Services (CMS) to review claims submitted by Medicare providers and identify alleged overpayment to providers. Currently, the companies that hold contracts to act as UPICs are CoventBridge Inc., Qlarant Integrity Solutions, LLC, and SafeGuard Services.  However, UPIC investigations are different from other types of Medicare audits because the UPICs are meant to specifically seek out fraud and a UPIC investigation is more likely to lead to collateral consequences, such as a suspension of Medicare payments or a revocation of Medicare billing privileges.

A UPIC investigation often follows the same trajectory. First, the UPIC will conduct a series of probe audits of the provider. These may seem inconsequential because they involve only a few claims or a small dollar value at issue. Second, the UPIC will deny nearly every claim it reviews and indicate that it has found a “credible allegation of fraud.” Third, the UPIC will lead CMS to suspend the provider’s Medicare payments. Around the same time as the Notice of Suspension, the UPIC will request additional medical records, usually for significantly more claims than before. Fourth, and usually several months later, the UPIC will issue another set of audit findings. This final audit will often include a statistical extrapolation and demand a significant repayment, often in the hundreds of thousands or millions of dollars. In some cases, the UPIC can also lead CMS to revoke the provider’s Medicare billing privileges.

Published on:

In December 2022, the Pandemic Response Accountability Committee (PRAC) Health Care Subgroup released its report focusing on telehealth fraud, waste, and abuse risks associated with select healthcare programs across six federal agencies during the first year of the COVID-19 pandemic.

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) conducted this report by leading a group of OIGs from each of the six federal agencies involved. Including the HHS OIG, those six federal agencies are the Department of Defense (DoD), the Office of Personal Management (OPM), the Department of Veterans Affairs (VA), the Department of Labor (DOL), and the Department of Justice (DOJ). The report summarizes potential program integrity risks identified by the six participating OIGs. Specifically, the report aims to inform stakeholders how expanded use of telehealth during the COVID-19 pandemic helped individuals access healthcare during uncertain times, while also raising awareness about the critical importance of safeguarding expanded telehealth services against fraud, waste, and abuse.

Among the key findings across federal healthcare programs, the OIGs identified:

Published on:

Recently, in Advisory Opinion 22-20, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) approved an acute care hospital’s arrangement in which its employed nurse practitioners (NPs) perform certain services that the patients’ primary care physicians traditionally perform. This opinion may present opportunities for providers because it represents a departure from OIG’s typical approach to arrangements involving remuneration from a hospital to a referring physician and demonstrates OIG’s emphasis on healthcare providers offering quality care to federal healthcare program beneficiaries. However, it must be noted that this opinion’s efficacy is limited only to the federal Anti-Kickback Statute. Other laws, such as the federal physician self-referral law or Stark Law, may pose significant risk factors to similar arrangements. Also, Advisory Opinions are only binding on OIG in regarding the specific arrangements review, but they can be a source of guidance regarding other arrangements.

Under the proposed arrangement, the Requestor is an acute care hospital that provides inpatient and outpatient hospital-based services and which seeks to use its employed NPs to perform various tasks for the patients, who are inpatients or in observation status in two designated medical units and who are admitted by physicians that participate in the Requestor’s program. Participating physicians are predominantly primary care physicians, although the hospital makes the services available for all physicians who regularly admit patients to the designated medical units. The hospital does not take into account a physician’s volume or value of referrals in considering the physician for participation.

The arrangement is limited to two general care units and does not extend to surgical or specialty care units. Under the arrangement, the NPs perform various tasks in communication and collaboration with the physicians that the physicians would normally perform. Such tasks include initiating plans of care, educating patients and families, and arranging for follow-up laboratory or imaging studies, among others. The patients seen by the NPs are under active evaluation and require ongoing medical attention, thus the arrangement allows them to be diagnosed and treated more quickly. The treating physicians remain ultimately responsible for the patients’ care and must still round on their patients daily. The physicians also cannot bill for the NPs’ services. The hospital neither makes payments to the treating physicians under the arrangement nor separately bills any payor for the NPs’ services.

Published on:

Recently, the Centers for Medicare & Medicaid Services (CMS) published its Final Rule implementing changes to the Medicare Physician Fee Schedule for CY 2023. In addition to recent clinical laboratory updates, the Final Rule also includes certain changes regarding billing and reimbursement for telehealth services and gives providers guidance on transitioning away from the flexibilities that arose out of the COVID-19 public health emergency (PHE).

In determining whether new telehealth services may be included on the list of Medicare-covered codes, CMS assigns each potential addition to one of three defined categories. Category 1 services are those similar to professional consultation, office visits, and office psychiatry services already on the approved telehealth list. Category 2 services, which are not similar to services already on the approved telehealth list, are assessed by CMS to determine whether there is evidence of clinical benefit to patients when the service is provided via telehealth. Category 3 encompasses services added on a temporary basis during the PHE that would facilitate continued access to medically necessary services during the pandemic, but for which there is insufficient evidence to evaluate the services for permanent addition under Category 1 or Category 2 criteria.

In the Final Rule, CMS made the following changes with respect to the approved Medicare Telehealth Services List:

Contact Information