Health Law Blog - Healthcare Legal Issues

Archive for the ‘False Claims Act’ Category

Using the Self Disclosure Protocols to Minimize Risk

Tuesday, June 27th, 2017

When to Use the OIG’s Self Disclosure Protocols

Self Disclosure Mitigate RiskThe HHS Office of Inspector General offers providers an opportunity to self-disclose certain violations in exchange for avoiding some of the more draconian penalties that may otherwise apply under applicable regulations.  Even though the OIG’s Provider Self-Disclosure Protocols (“SDP”) can be very compelling, the decision whether to utilize the OIG’s self-disclosure protocols is often very difficult.

To begin, the SDP is not available in all situations.  The SDP is limited to situations that potentially violate Federal criminal, civil, and administrative laws for which Civil Monetary Penalties are authorized.  The SDP requires the disclosing party to Continue

Dermatology Fraud Risk Areas – Impossibly Long Days

Tuesday, June 27th, 2017

Failure to Supervise and Impossibly Long Days

Payment of $302,000 and Forced Corporate Integrity Agreement – July 2016

fraud and abuse dermatologistsThe government alleged the dermatologist in this case repeatedly billed for services under the “incident to” billing rules during periods when the dermatologist was not present in the office.  Some of the services were allegedly performed when the doctor was traveling out of the country.  The government also alleged the doctor billed for impossibly long days including one day where 26 hours were billed.

This case illustrates the need to comply with the “incident to” billing rules.  Those rules permit a physician extender’s services be billed under the physician in certain circumstances.  In order to qualify to bill incident to, the physician must be physically present within the office suite at the time the extender performs the service.  The physician cannot order the procedure and then leave the office while the procedure is being performed.  There are new Medicare rules clarifying some aspects of the “incident to” billing rules.  There was a previous ambiguity that some providers interpreted as permitting the physician that ordered the service to bill for the services, even though another physician actually supervised the performance of the service.  The rules revision clarified only the supervising physician can bill the services as “incident to” his or her service.  The ordering physician can only bill the service if he or she also supervises the extender.

Dermatology Practice Fraud and Abuse Risks Identified in Florida Case

Tuesday, June 27th, 2017

Dermatologist Fraud and Abuse Risks – Identified from Florida Case Targeting Demotologist

Dermatology Risk Areas Fraud and AbuseAn allegation from a competing dermatologist resulted in a Federal government investigation of a Florida dermatologist.  The dermatologist was accused of charging the Medicare program for unnecessary biopsies and radiation treatments that were not rendered, not properly supervised, or given by unqualified physician assistants.  It was alleged the doctor was not even in the country when some of the procedures at issue were performed.  The unnecessary charges were alleged to have totaled around $49 million over a 6-year period.

The dermatologist did not admit wrongdoing in the settlement.  Rather, he alleged the overbilling resulted from his unique practice that relied on radiation, instead of disfiguring surgery, to help patients.  The doctor claimed he had cured “over 45,000 non-melanoma skin cancers with radiation therapy” over a 30-year period.  The problem with that argument appears to be the fact that the dermatologist was not trained or qualified in providing radiation oncology treatments.

There are a number of interesting things about this case.  The case was brought by a competing physician as a whistleblower.  The physician who brought the case expressed concern about having to treat patients that the accused doctor had misdiagnosed with squamous cell carcinoma.

The case also alleged significant billing for services allegedly provided when the doctor was not even in the office.  The accused doctor alleged he was available by phone while the procedures at issue were being performed.  This raises interesting issues under the rules regarding “incident to” billing.  Those rules permit a physician to bill for physician extender services.  In order to qualify to bill a service as “incident to” a physician’s service, the billing physician must meet supervisions requirements.  The physician must be physically present within the office suite during the performance of the procedure in order to qualify to bill a service as “incident to” the physician’s services.

It appears there were a number of things going on in this case.

  • There appears to have been a pattern of diagnosing a higher level of severity than was supported by the patient’s condition.
  • There was a routine use of radiation therapy, even in cases that were not medically appropriate.  This placed patients at potential risk.
  • There appears to have been questions whether the accused doctor was authorized to perform radiation therapy.
  • There were issues regarding improper use of the “incident to” billing rules when the doctor was not present to actively supervise the service.
  • There was also some evidence the doctor had offered incentives for staff to misdiagnose and over utilize the radiation treatment.
  • There was an alleged kickback arrangement with another physician who operated a clinical laboratory.

Credible Information Indicating Overpayment – Duty to Investigate

Tuesday, June 27th, 2017

Addressing Potential Over-payment Situations – Exercising Reasonable Care

known overpayment credible informationThe new final regulations under the 60-day repayment rule, require providers to affirmatively exercise reasonable diligence to identify potential overpayment situations. The obligations to further investigate is triggered when a provider receives “credible information” that indicates a potential overpayment.  Affirmative steps must be taken in a timely and good faith manner to investigate the situation further. Failing to use reasonable diligence can result in significant penalties under the False Claims Act (FCA). In some cases criminal liability can attach as well; particularly when evidence strongly indicates a problem might exist and a deliberate decision is made not to investigate or repay an amount due.

By now most health care providers are at least generally aware of the 60-day repayment rule. That rule originated as part of the Affordable Care Act in 2010. The rule provides that the failure to repay a known overpayment within 60 days after discovery results in potential penalties under the FCA. This means a simple overpayment is multiplied by a factor of three. Additionally, penalties can be assessed in amounts ranging from a minimum of $11,000 and a maximum of approximately $22,000 per claim. Financial exposure under the FCA can be very substantial; particularly when there is a systematic billing error that impacts a large number of claims over a significant period of time. The lookback period for imputed False Claims is 6 years, which amplifies the potential exposure when the “tip of the iceberg” is discovered in a current year audit.

The initial statutory provision left some ambiguity regarding application of the 60-day repayment rule. One significant ambiguity relates to when the 60-day time period begins to run. The statute states the 60-day period commences upon “identification” of the overpayment but included no clarification of when a provider is deemed to have identified the existence of an overpayment. It was not clear whether identification occurred when there was an allegation that an overpayment exists, when an amount of overpayment was calculated, when the existence of the overpayment was verified, or at some other time. It was also unclear whether actual knowledge of an overpayment was required or whether knowledge could be imputed in certain circumstances.

CMS provided clarification on the issue of identification in the final regulations, but the clarification places significant burdens on providers. Under the final rules, the provider is deemed to have identified an overpayment not when actual knowledge is obtained, but rather when the provider “should have” identified the overpayment through the exercise of “reasonable diligence.” The new standard requires providers to conduct a timely and good faith investigation when it receives credible information an overpayment might exist. Failing to take reasonable steps to investigate will result in imputed knowledge and deemed “identification” of the overpayment. In other words, the 60-day clock starts to run when the investigation should have commenced.

It is useful at this point to mention what constitutes an overpayment that invokes the statutory requirement. An overpayment exists when the provider receives any funds to which they are not entitled. There is no requirement of an amount threshold, substantiality, or materiality. Any overpayment invokes the statute and becomes a potential false claim if not repaid within the 60-day period. There are situations where the amount of overpayment is so small that the provider might determine it not worth the resources to identify, quantify and repay. When making this determination, it should be kept in mind the FCA will apply if a whistleblower case is brought or a government investigation is commenced and finds the overpayment. FCA liability can result in large penalties; particularly where there are multiple claims involved. It should also be kept in mind that criminal statutes impose felony penalties for the willful failure to return known overpayments.

Overpayments that are self-discovered and repaid before they become false claims are relatively easy to manage. Once the FCA potentially attaches, these situations become increasingly complicated to manage. The OIG Self Disclosure process should be considered where potential for significant penalties is present. The Self Disclosure Protocols permit resolution at a minimum of 1.5 times the amount of the overpayment. Full disclosure of the facts and investigation is required as part of the self-disclosure process. Only civil penalties are subject to settlement under the protocol. The wrong facts disclosed as part of the SDP process can lead to criminal charges against the entity or individuals. Criminal charges cannot be settled using the SDP.

Where amounts are smaller, a provider may decide to repay without going through the protocol process. A determination of which option is right in the specific situation should be made with the involvement of legal counsel that has experience with these issues.

Proper operation of a compliance program is the best defense to mitigating exposure under the 60-day rule. Prompt investigation should be conducted whenever there is a credible allegation of an overpayment. Compliance risk identification and proactive auditing can also help mitigate risk by identifying problems early and by demonstrating the compliance process is being effectively operated. This will help avoid allegations that overpayments should have been discovered sooner through the exercise of a reasonable compliance program. Most importantly, ignoring alleged overpayments is never an answer that mitigates risk. All credible allegations must be investigated and appropriate repayment should be made using one of the available methods. The requirements of the final rule should be baked into compliance program policies and procedures and staff should be educated on the need to investigate and return overpayments within required timeframes.

Personal Care Agency Fraud – Business Structure Can Impact Compliance Risk

Tuesday, June 27th, 2017

Personal Care Agency Structure Can Increase Risk and Government Scrutiny

Personal Care Agency FraudThe OIG recently released a review of Medicaid Fraud Control Unit activities which identified personal care agencies as accounting for nearly one-third of fraud prosecutions.  Previous blogs identified a number of compliance risks that often ensnare agencies.  Risk can also be impacted by the structure and nature of the business that is conducted by the agency.  The business might be perfectly legal, but can still create additional risk.

An good example involves personal care agencies that focus on recruiting patients with extended families who already reside with the patient.  A personal care business plan that focuses on training extended family might be technically legal, but can certainly present risk that a reviewer will more closely scrutinize record-keeping, PCW training, and other requirements.  Closer scrutiny may result in overpayment requests and/or investigation.

The normal business plan for a personal care agency involves the hiring and training of personal care worker who are assigned to clients who retain the agency’s services.  Normally, a PCW and a client do not know each other and certainly are not sharing a residence with the client.  Some agencies might focus their business on recruitment of patients who live with extended family.  Simply by providing training to the existing family member, the agency is able to generate reimbursement.  The extended family member is able to earn a wage for the service that it performed.

Immediate family will normally not qualify to generate reimbursement as a personal care work.  More distant family might be able to generate reimbursement.  There may be nothing specific in the laws of the applicable state that prohibits this type of arrangement.  At the same time, there is nothing prohibiting a regulator from more closely scrutinizing regulatory requirements when presented with agencies that may be technically legal but could be viewed as being abusive at their core.

The main point here is that business structure and other factors might present additional levels of risk to an agency.  Business structure should be considered as a factor when conducting risk analysis.  Businesses that are operated in technical compliance could present higher degrees of risk than more traditional business structures.

Using Self-Disclosure Protocols – CMS and OIG Self Disclosure Process

Tuesday, April 11th, 2017

Self-Disclosure Has Become a Normal Part of the Compliance Process

As the OIG and CMS make self-disclosure easier for providers, we have noticed an increase in the rate of cases that are being filed.  Assisting providers in making decisions whether to self-disclose, conducting internal investigations, and guiding the self-disclosure process when appropriate has become a large part of our compliance practice.  Here are just a few of the articles and other resources that we have released regarding self-disclosure issues:

Exercising Reasonable Care to Identify and Address Potential Overpayments

Criminal Exposure for Failing to Repay Known Overpayment

When to Use the OIG’s Self Disclosure Protocols

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Self-Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

When Does An Overpayment Become Fraud? How Simple Inattention Can Expose You to Penalties for Fraudulent Activities

Provider Self-Disclosure Decisions – Voluntary Disclosure Process

Provider Self Disclosure Process

For more information on the self-disclosure process and legal updates impacting the process, watch this space.

Compliance Program Best Practices Review of Effectiveness

Monday, April 3rd, 2017

Now Is The Time To Re-Examine Compliance “Best Practices” In Your Organization

Historically, compliance programs have not been per se mandatory.  However, most larger health care organizations have established formal compliance programs to foster an atmosphere of compliance and to take advantage of possible benefits under the Federal Sentencing Guidelines.  The Patient Protection and Affordable Care Act of 2010 has made compliance programs mandatory for many providers.  The exact scope of what type of provider will be required to establish formal compliance programs has not yet been set in stone by the Office of Inspector General.  However, it can probably be expected that most providers will be required to formalize their compliance efforts.

Institutional health care compliance has been growing for well over a decade now.  Compliance is becoming of major importance to health care providers of all nature and size.  The OIG has promoted compliance programs by releasing compliance guidance covering a number of industries, including billing companies, physician practices, hospitals, home health agencies, long term care facilities, ambulatory surgery centers and others.  Smaller providers who have previously not had the establishment of formal compliance programs on their radar will now be required to adopt formal plans.

It is not enough to simply adopt a compliance plan, place it on a shelf, and let it collect dust.  A compliance program requires active monitoring.  There are seven basic elements that are necessary for a compliance program to meet regulatory requirements and the requirements under the Federal Sentencing Guidelines.  The seven primary elements of an effective compliance program include:

  • The establishment of written compliance policies and procedures;
  • The designation of a high ranking individual within the organization to serve as compliance officer;
  • The establishment of an effective training and education program for all levels of personnel;
  • The establishment of effective lines of communication, such as a compliance hotline, to enable individuals within the organization to report compliance breaches;
  • Performing ongoing internal auditing and monitoring
  • The creation of a system that enforces breaches of the compliance program including appropriate discipline and corrective measures
  • The establishment of effective measures to respond to compliance problems that are detected.

An effective compliance program establishes an atmosphere of compliance that permeates the entire organization.  A compliance program should be tailored to the specific circumstances of the provider.  The program should also feed and grow on itself.  As problems are detected appropriate changes should be made to the program and related policies and procedures.

Mandatory compliance programs also highlight the importance of compliance on larger institutions who may have already adopted formal programs.  These institutions should take the signal that compliance is of growing importance.   Providers who have already adopted compliance plans should take the opportunity to dust them off and re-examine the role of compliance within their organization.  Now is the time to increase the focus on compliance and assure that compliance is an active system rather than a written plan that is sitting on the shelf.

Criminal Exposure for Failing to Repay Known Overpayment

Monday, April 3rd, 2017

Known Overpayments can Implicate Criminal Statutes

failing to repay overpaymentWe hear a lot about potential liability under the False Claims Act for the failure to repay overpayments within 60 days after discovery. Focus on the 60 day rule has taken some of the focus away from the potential for criminal charges for retaining known overpayments. Section 1128B(a)(3) of the Social Security Act (42 U.S.C. § 1320a-7b(a)(3)) makes it a crime to conceal or fail to disclose any occurrence that affects the initial or conued right to any benefit payment. A violations of the statutes requires a showing that the charged individual have knowledge of the event affecting the right to the applicable benefit. A violation of the statute is a felony and is punishable by a maximum of five years in prison and a fine of $250,000 for individuals or $500,000 for corporations.

The Office of Inspector General has applied this statute, even in cases where the overpayment occurs innocently but a party fails to repayment an overpayment after receiving knowledge. This type of situation is clearly subject to the False Claims Act where repayment is not made within 60 days. Criminal responsibility is also a potential; particularly when a decision is made not to repay after learning about the existence of an overpayment. Criminal exposure is present for the entity as well as the individuals who are responsible for failing to make repayment of a known overpayment. There is an element of ambiguity regarding application of the criminal component, but this has not stopped prosecutors from asserting the statute in the past.

The Federal Criminal False Claims Statute (18 U.S.C. § 287) can also apply to impose potential criminal liability.  That statute applies potential criminal liability on any person who “makes or presents” any claim to an agency of the U.S. Government “knowing such claim to be false, fictitious, or fraudulent.”   This statute can lead to potential 5 years imprisonment plus potential criminal penalties.   Conspiracies to violate the Federal Criminal Claims Statute impose double penealties on participants.  Failing to disclose and repay known overpayments could form the basis of a violation of this statutes as well.

Other criminal statutes could potentially apply to the failure to repay known overpayments.  Mention of these above statutes is not intended to be an exhaustive list of potential exposure.

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Friday, March 17th, 2017

Using SDP Self Disclosure Protocol – Excluded Party Disclosures

CMS Self DisclosureIn 2013, the HHS Office of Inspector General issued revised protocols outlining the process through which health care providers are able to self-disclose and resolve potential liability under the OIG’s civil monetary penalty (CMP) authorities.  The 2013 Self Disclosure Protocols (SDP) clarified the process of self-disclosure and provided answers to some of the questions that were previously impeding provider use of the self-disclosure process.  One area that the SDP clarified involved the calculation of damages where a provider discovers that an employee has been excluded from the Medicare and Medicaid programs.  When a provider is a “direct billing” provider, such a physician, it is relatively easy to identify the billings that are attached to that provider.  Prior to 2013, the process for estimating damages was unknown for employees that do not directly bill federal programs for their services.

The 2013 SDP contained a suggested process for estimating damages when non-billed employees are excluded from the program.  The process is based on the cost of employing the excluded individual.  This made it much easier for providers to use the SDP in these circumstances.  Review of the recently settled self-disclosure cases confirms that the process is working to encourage providers to use the SDP in cases involving exclusions.  The SDP uses a multiple of 1.5 times estimated program damages as a minimum baseline for settling SDP cases.  Calculation of damages resulting from exclusion involve identification of billing for the services of a physician or other provider that receives reimbursement for their services.  Other employees, such as nurses, medical assistants, administrative staff and others, use the estimated cost of employment method.

By my count there appears to have been a total of 49 excluded party SDP settlements from the beginning of 2016 through the date of publication of this article.  This is reflective of the clarified procedure in the 2013 SDP.  Settlement amounts range from around $10,000 to a high of around $800,000.  The higher dollar amount settlements likely relate to multiple excluded parties, long term employees, or large dollar “direct bill” employees.

Self Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

Monday, February 13th, 2017

Provider Self Disclosure Decisions – Voluntary Disclosure Process

The HHS Office of Inspector General offers providers and opportunity to self-disclose certain violations in exchange for avoiding some of the more draconian penalties that may otherwise apply under applicable regulations.  Even though the OIG’s self-disclosure offer can be very compelling, the decision on whether to utilize the OIG’s self-disclosure protocols is often very difficult.

Unfortunately, it is not always clear whether a violation of a regulatory requirement has occurred.  Those involved in health care law are familiar with the level of ambiguity that often exists with respect to specific billing rules and other regulatory standards.  On the other hand, the potential liability for making the wrong call about whether an infraction has actually occurred can be quite significant.  Clearly, if a provider is deciding whether they have violated a regulation, they have knowledge that the situation has occurred.  The failure to act once knowledge is obtained or imputed can lead to sanctions being multiplied.  For example, failing to repay a known overpayment within 60 days can triple the amount of penalties and add up to $22,000 per claim to the price tag.

The current regulatory scheme places a very high price tag on being “wrong” about whether a regulatory violation is present.  The potential high damages for an incorrect decision forces a provider to take an overly expansive view of when (or whether) a regulatory infraction has occurred.

Clearly not every situation where there has been a billing error amounts to fraud or wrongdoing requiring use of the self-disclosure protocol.  Many over-payments that are identified through audit can be dealt with at the intermediary level.  Where investigation raises questions about whether incorrect bills are “knowingly” submitted, the self-disclosure process may provide some mitigation of potential loss.  Situations where the provider perhaps “should have known” raise more difficult issues of analysis.

The Office of Inspector General’s self-disclosure process is available when there is a potential violation of Federal law that could result in the imposition of Civil Monetary Penalties. A simple determination that a billing error may have led to an overpayment is generally not covered by the protocol.  It is only when the error presents potential CMPs that the protocol can be used to self-disclose the violation to the Federal government.  For example, self-disclosure might be considered where an overpayment is not repaid within 60 days after discovery by the provider or where there is a violation of the anti-kickback statute discovered.

To complicate matters even further, once a provider obtains actual knowledge that a billing error occurs, it is always possible that the government will take the position that the infraction “should have” been known to the provider at an earlier date.  This impacts when the 60 day clock that triggers the application of the False Claims Act begins to run.  Once you discover an error, you would like to think that you have 60 days to self disclose and avoid the damage inflating False Claims Act.  Whether you should have discovered the infraction earlier through a properly functioning compliance program will always overshadow these cases.  The only thing that a provider can really do to reduce the stress of this type of impossible situation is to have a strong compliance program in place well in advance.

The situation is also complicated because a potential whistle-blower may view a situation much differently than a provider who finds what it believes to be an innocent mistake through the audit process.  A provider may sincerely believe that there was no “wrongdoing” and that a simple mistake has been identified.  Finding such a mistake may actually be evidence that the provider’s compliance efforts are working.  On the other hand, there is a whole legal profession out there now that is advertising for people to come forward as whistleblowers.  With potential recovery under the False Claims Act of 3 times the over-payment plus up to $22,000 per claim, whistleblower lawyers have strong incentive to attempt to turn what the provider believes to be an innocent mistake into a false claim. The damage calculation creates a big payday for whistleblower plaintiffs and their lawyer, who take these cases on a contingency fee basis.

Generally speaking, when errors are discovered, the providers best bet is to be forthright and deal with the matter “head on.”  A complete internal investigation should be conducted to determine the precise nature of the issues and to identify the extent of wrongdoing.  Based on the outcome of the investigation, the provider can determine whether a simple repayment can be used or whether there may be reason to go through the formal self-disclosure process.

Anyone who has worked with reimbursement rules will realize that payment policies, rules and regulations are not always clear.  It is often difficult to determine whether there is even a violation of applicable rules or whether an overpayment actually exists.  Legal ambiguities further complicate the self-disclosure decision.  The precise nature of any legal ambiguities involved in the specific case need to be completely documented.  If a decision is made that there has been no wrongdoing, the legal analysis should be laid out in writing and in detail and a reasonable judgment should be made regarding the interpretation of applicable legal standards.  If self-disclosure is made in situations involving legal ambiguities, those ambiguities should be explained in detail as part of the self-disclosure.

In the end, a provider facing potential self- disclosure must follow a reasonable process to make a reasoned decision in the face of significant risk and uncertainty.  Perhaps most importantly, it is never a good alternative to pretend that the situation will never be discovered or brought to light.  These cases can arise in strange and unexpected ways.  It is best to assume that a discovered compliance violation will eventually be brought to light.  In most cases it is advantageous for the provider to affirmatively bring the matter forward rather than waiting for the government or a whistleblower to bring a claim.  When that happens, it is much more difficult to resolve the issue.

John H. Fisher, CHC, CCEP is a health care attorney at the Ruder Ware law firm.  John is actively involved representing clients on legal and compliance issues.  He has represented clients in creating compliance programs and in a variety of operational issues.  He also assists providers in addressing risk areas and potential compliance issues including preparing self-disclosure and working with the government to resolve disclosed compliance issues and overpayment.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on specialized compliance, regulatory and health care issues.  John has followed legal issues impacting health care provider for over 25 years.  As such, he is knowledgeable on the current legal standards as well as the historic perspective that is often relevant to an appropriate analysis.  

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

Search
Disclaimer
The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.