Proposed 60 Day Repayment Rules Push Providers Toward More Robust Compliance Programs

CMS has released a long awaited proposed rule defining provider obligations to report Medicare and Medicaid over-payments within 60 days of identification.  Section 6402 of the Patient and Program Protection Act created possible False Claims Act liability and possible program exclusion for the knowing concealment or avoidance of a repayment obligation.  The new proposed rule is intended to add definition to the general obligation that was included in the initial statutory provisions.  Section 6402 of PPACA requires providers to report and return over-payments within 60 days of identification.  The original statute broadly defined the provider obligations but did not provide specifics on several topics such as when an overpayment is deemed to be “identified” or how long providers were obligated to look back when identifying potential over-payments.

The Proposed Rule created an extremely onerous look-back period of ten years.  This means that providers will be obligated to report overpayment obligations that they discover which date back as far as ten years from the date of discovery.  The actual disclosure rules are somewhat less oppressive than the self disclosure rules that were already in place with regard to the Anti-kickback Statute and the Stark Law.  Nevertheless, many aspects of the proposed regulations, and in particular the ten year look-back rule, are likely to generate comments from affected parties. The specific requirements of the self disclosure rule leave much room for debate over several issues such as the level of detail that is required to be included in the disclosure.  There will certainly be a lot of debate at upcoming conferences that begin to dissect the specifics of the proposed regulations. 

The 60 day clock once an overpayment has been identified.  The proposed rule considers an overpayment to be “identified” when (i) there is actual knowledge that an overpayment exists, (ii) there is a reckless disregard or deliberate ignorance that an overpayment exists.  There will be a lot of debate over when someone obtains “actual knowledge.”  There will likely be even more debate over when someone begins acting in “reckless disregard” that an overpayment exists.  The “reckless disregard” standard involves an imputation of knowledge to an individual and will revolve over the facts that were present or should have been observed.  This requires a objective imputation of a subject standard of “identification.”  These areas of the law always involve much debate.  The definition that CMS chose for “identification” forces providers to be overly diligent in their proactive efforts to uncover billing inaccuracies.  Virtually any error that goes uncovered and could lead to a repayment could be imputed to the provider under the “reckless disregard” standard.  The entire standard contemplates the use of a diligent system of audits being put in place in order for a provider to demonstrate that they have not acted in deliberate ignorance or reckless disregard of the existence of an overpayment.  The standard that CMS set is just a further indication that the Federal government is attempting to push past the “pay and chase” approach of the past toward a system that requires providers to actively police themselves for errors.

To put this in perspective, failure to report an “identified” overpayment within 60 days opens the provider to liability under the False Claims Act.  The False Claims Act providers for penalties of three times the actual amount of the overpayment, plus between $5,000 and $11,000 per claim.  If a provider discovered a systematic error that may have led to a significant number of claims being overpaid, the amount of financial exposure under the False Claims Act can be very substantial; substantial to the point of presenting a grave threat to financial viability in some cases.  Under the Proposed Rule, reporting and repayment would be required for all  identified within ten years of receipt.  In the case of the discovery of a systematic billing problem, this could require repayment for the past ten years of claims.  If the False Claims Act obligation is applied to the entire look back period, the amount due grows exponentially.

If the proposed rule is finalized in its current form, it should have a very significant affect on compliance activities.  In order to meet the “reckless disregard” standard, providers will need to engage in very robust auditing and monitoring programs; in most cases much more extensive than are currently being utilized.  Some compliance officers tend to rank risk by the degree of potential consequences to the organization.  Risk identification is a function of two factors; the likelihood of a matter occurring and the degree of consequences.  What the CMS overpayment disclosure rules do, in conjunction with the False Claims Act damage computation, is to greatly increase the consequences of systematic billing errors.  The only way for a provider to prevent these errors, or at least create a plausible argument that it was taking appropriate steps to flush out errors, is to implement a robust auditing program.

Keep in mind that these rules do not only apply to large health care providers.  They also apply to individual and small physician practices and other small health care companies.  The potential impact on smaller organizations can be even more severe.  The recent health care reform law made compliance programs mandatory for most providers starting with nursing homes in 2013.  Mandatory compliance programs will extend to other types of providers as regulations are put in place.  In view of the proposed repayment regulations, providers of all size should seriously look at the areas of risk that apply to their operations and implement compliance programs that include an audit plan that is tailored to the provider’s specific risk areas.

DEA Waivers Necessary For Access To Controlled Substances

What is a “Convicted Felon” in the Eyes of the DEA

Most health care providers have implemented some sort of screening process for new employees, contractors and medical staff members.  The screening process usually involves some sort of criminal background check along with review of the OIG and GSA exclusion lists.

One aspect of criminal background checks is rarely discussed and involves individuals who will have “access to controlled substances.”  The Drug Enforcement Agency has rules that prohibit any DEA registrant from employing, as an employee or agent, any party who has ever been “convicted” of a felony involving controlled substances.  No such person may ever be employed in a position where they will have “access to controlled substances” unless a waiver is obtained from the Administrator of the DEA.

I placed a few of the operative terms in quotes above for a reason.  The exact definitions of these the terms “convicted of a felon'” and “access to controlled substances” is what makes application of this rule rather tricky.  The first angle involves whether or not a potential employee, staff physician or other has had a “felony conviction” involving controlled substances.  Oftentimes someone who is accused of a drug related crime under state law will plead “no contest” to a felony but the terms of the sentence will provide that the severity of the sentence will be reduced to a misdomeaner, or sometimes even dismissed, upon completion of terms of probation.  If the terms of probation are successfully completed, a subsequent criminal record search may come up with the action having been dismissed or reduced to a misdemeanor.  No issue, right?  Common sense would dictate that there is no felony conviction and the individual can be employed. 

Wrong.  The DEA rules consider there to have been a felony conviction even though the charges may have eventually been dismissed or reduced.  This is applicable whenever there is a plea of “no contest” or “nolo contendre.”  The DEA considers these please to be an admission of and a conviction of a felony offense.  This can be highly problematic for a health care provider who is doing a record search and comes upon a case that may show up as a misdemeanor or having been dismissed.  The provider must look further to determine whether the event could still be considered to be a felony by the DEA.  If it is considered to be a felony, a Waiver must be sought from the DEA to employ or otherwise permit that individual to use the provider’s facilities.  Waivers can be difficult and costly to obtain.  There are no regulations guiding the process and the final decision is in the sole discretion of the Administrator of the DEA.  There are no meaningful appeal rights.

Another thing that should be pointed out is that once a person is convicted of a felony (as defined by the DEA) that involves controlled substances, the issue carries along with the individual forever.  A waiver only applies to a specific facility.  The employee has no standing to apply for a waiver request.  Every place that the employee wishes to work in the future will need to obtain a waiver.

It should be clarified that a waiver is only required if the individual will have “access to controlled substances.”  This is the second definition that becomes important.  There does not appear to be any regulation or case that defines when an individual is considered to have “access to controlled substances.”  The DEA takes a fairly broad view that would generally prohibit any direct patient care.  Practicing medicine in a hospital and most other settings is likely excluded.  However, this definition probably does not extend to administrative tasks that do not involve seeing patients or being located in areas of the facility that do not hold controlled substances.  Yet, the fact that there is no clear definition of “access to controlled substances” makes this rule very difficult to apply in a specific, practical situation.

The takeaway from all of this is that compliance departments, human resource departments, and credentialing departments may need to take a fresh look at this issue to be certain that they have systems in place to flag cases described in this article.  The DEA may consider even a youthful drug conviction, that shows up as a dismissal or a misdemeanor on a criminal background check to be a felony.  If the event is considered to be a felony, a health care organization cannot employ the individual in a position to have access to controlled substances without first obtaining a waiver from the DEA.

Compliance Program Development and Effectiveness Review

John Fisher, JD, CHC

A significant part of our health law practice involves the creation, implementation, and review of compliance programs for health care providers.  Some of our compliance practice is devoted to institutional provides such as hospitals, health systems and nursing homes.  We are increasingly advising our smaller health care clients, such as physician groups, home health agencies and other providers on establishing appropriate compliance programs.  The entire health care industry is trending toward the adoption of compliance programs spurred on by a true desire to reduce risk as well as recent legal changes that mandate the adoption of compliance programs for most health care providers.

We have made a major firm committment to our compliance practice.  Health care attorney John Fisher recently obtained national certification in health care compliance through the Health Care Compliance Association.  We have assembled a team attorneys with various legal backgrounds, including health law, employment law, non-profit tax law and other areas to complement Mr. Fisher’s focus on compliance issues faced by health care providers.

We provide compliance program development and review services to hospitals, individual physicians and group practices, dental groups, chiropractic groups, home health agencies, skilled nursing facilities, durable medical equipment suppliers, ambulance providers, therapy clinics, ambulatory surgery centers, and behavioral health care providers.  We assist providers in conducting internal audits, internal investigations, compliance program gap analysis and effectiveness reviews. We have also assisted providers who are the subject of reviews by institutions where they may be employed or have staff privileges.

Examples of some of our compliance program related involvement in the health care area include:

• Conducting effectiveness reviews and making suggestions for enhancements to existing compliance programs.
• Working with governing bodies to develop initial compliance programs.
• Advising compliance officers and governance with respect to ongoing monitoring and auditing.
• Assisting providers to conduct internal audits and assessments.
• Assisting providers to focus on specific risk areas that may affect their practices.
• Assisting providers in the reacting to compliance reports including investigations and corrective action plan development.
• Conducting detailed compliance related research in the course of acquisitions of other providers.
• Creating programs that leverage existing resources and expertise into an enterprise management system addressed at compliance issues.
• Compliance Programs Are An Essential Element of Health Care Operations

Effective compliance programs have become an essential element of an effective regulatory risk reduction program.  The importance of compliance programs have been repeatedly emphasised by government officials over the past decade.  Recently, Marilyn Tavenner, Acting Administrator of the Centers for Medicare & Medicaid Services (CMS) released a brief article on the CMS Blog emphasizing the use of “predictive modeling” technologies to identify specific providers that warrant further investigation.  The Acting Administrator touts that predictive modeling has already identified 2,500 leads for further investigation, 600 preliminary law enforcement cases, and 400 direct interviews with providers that have taken place due to the use of predictive modeling.

The 2012 Office of Inspector General Annual Work Plan also referred to new methods and programs to detect potential billing anomolies.  The OIG states that it will be using data matching programs to identify not only providers who are at a high risk of having incorrect billings, but also providers who have low risk.  The OIG claims that it will be examining both types of providers to determine the impact that compliance program operations have on the accuracy of billings.  This is alarming because it means that the OIG will be eamining the operations of compliance programs who show low risk of billing anomolies.

The Coming of Mandatory Compliance Programs

The PPACA created the concept of mandatory compliance programs for most providers.  Nursing homes are first on the list and must certify that they have an effective compliance program by 2013.  We are expecting additional regulations on what constitutes and effecive compliance progam as well as specific timelines defining when other provider types will be required to adopt compliance programs as a condition of participation in the Medicare and Medicaid programs.

Compliance Programs – One Size Does Not Fit All

The OIG Guidance on Compliance Programs as well as the Federal Sentencing Guidelines make it clear that one size does not fit all when it comes to compliance program development.  An effective compliance program needs to be strategically developed based on identification of the risk factors that are specific to the size and nature of the organization.  It is not prudent to simply copy the policies of another organization and adopt them as your own.  You should create a structure as well as topical policies that reflect the nature of your particular organization; sometimes right down to the personalities that are involved in the various aspects of your operations.

There are certain core principals that will be common to all compliance programs.  However, your program should be appropriately scaled to the size and resources of your organization.  I am not suggesting that you fail to allocate sufficient resources to compliance.  Decisions regarding allocation of resources are difficult but must be addressed.  At the same time, you do not want to develop policies that you will never have the resources to appropriately follow.  This carries the risk of creating a “Roadmap” that demonstrators to investigators the things that you are NOT doing.  Policies that you do not follows are argueably worse than having no policies at all; at least in some areas.

§ 410.26 Services and supplies incident to a physician’s professional services:
Conditions.
(a) Definitions. For purposes of this section, the following definitions apply:
(1) Auxiliary personnel means any individual who is acting under the supervision of a physician (or other practitioner), regardless of whether the individual is an employee, leased employee, or independent contractor of the physician (or other practitioner) or of the same entity that employs or contracts with the physician (or other practitioner).
(2) Direct supervision means the level of supervision by the physician (or other practitioner) of auxiliary personnel as defined in § 410.32(b)(3)(ii).
(3) Independent contractor means an individual (or an entity that has hired such an individual) who performs parttime or full-time work for which the individual (or the entity that has hired such an individual) receives an IRS–1099 form.
(4) Leased employment means an employment relationship that is recognized by applicable State law and that is established by two employers by a contract such that one employer hires the services of an employee of the other employer.
(5) Noninstitutional setting means all settings other than a hospital or skilled nursing facility.
(6) Practitioner means a non-physician practitioner who is authorized by the Act to receive payment for services incident to his or her own services.
(7) Services and supplies means any services or supplies (including drugs or biologicals that are not usually self-administered) that are included in section 1861(s)(2)(A) of the Act and are not specifically listed in the Act as a separate benefit included in the Medicare program.
(b) Medicare Part B pays for services and supplies incident to the service of a physician (or other practitioner).
(1) Services and supplies must be furnished in a noninstitutional setting to noninstitutional patients.
(2) Services and supplies must be an integral, though incidental, part of the service of a physician (or other practitioner) in the course of diagnosis or treatment of an injury or illness.
(3) Services and supplies must be commonly furnished without charge or included in the bill of a physician (or other practitioner).
(4) Services and supplies must be of a type that are commonly furnished in the office or clinic of a physician (or other practitioner).
(5) Services and supplies must be furnished under the direct supervision of the physician (or other practitioner).
The physician (or other practitioner) directly supervising the auxiliary personnel need not be the same physician (or other practitioner) upon whose professional service the incident to service is based.
(6) Services and supplies must be furnished by the physician, practitioner with an incident to benefit, or auxiliary personnel.
(7) A physician (or other practitioner) may be an employee or an independent contractor.
(c) Limitations. (1) Drugs and biologicals are also subject to the limitations specified in § 410.29.
(2) Physical therapy, occupational therapy and speech-language pathology services provided incident to a physician’s professional services are subject to the provisions established in §§ 410.59(a)(3)(iii),  0.60(a)(3)(iii), and 410.62(a)(3)(ii).

OIG To Review Accuracy Of Present-On-Admission Indicators – Hospital Acquired Conditions

In 2008, CMS began requiring hospitals to submit indicators for present-on-admission (“POA”) with each Medicare diagnoses code.  This enables CMS to identify which diagnoses were present when the patient was admitted and which developed during the term of the stay in the hospital.  Hospitals do not receive any additional compensation relative to conditions that develop during the term of the hospital stay.  In fact, hospitals with high rates of hospital-acquired conditions receive reduced Medicare payments under the Affordable Care Act.

The 2012 work plan includes a new item relating to hospital-acquired conditions.  The OIG will be using certified coders to review claims for accuracy of POA indicators.  It appears that the OIG will be providing this information to CMS to assist CMS in fulfilling its responsibilities to reduce payment to hospitals with high levels of hospital-acquired conditions.  This action item reflects increased focus on the issue of hospital acquired conditions.