Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Medicaid and CHIP are catching uncovered kids, the ACA helps

Due to high rates of Medicaid and Children’s Health Insurance Program (CHIP) coverage for young children, only 3.3 percent of children ages three and younger were uninsured in 2016. Coverage of both young children (age three and younger) and their parents increased under the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) in 2014 and 2015—a trend that continued in 2016. According to an Urban Institute report, young children and their families continued to rely on Medicaid and CHIP in 2016, with 48.5 percent of young children covered by Medicaid or CHIP. In comparison, only 42 percent of older children were covered by the programs.

Trends. Nearly half of young children and one-fifth of the parents of young children were covered by Medicaid and CHIP in 2015 as well. The high incidence of Medicaid and CHIP coverage is partly due to higher incidence of family characteristics among parents of younger children, including lower incomes, younger parents, and mixed immigration status.

Variance. Despite high overall levels of coverage, the prevalence of health insurance coverage for young children and their families continued to vary across state lines. Uninsurance rates were below 2 percent in 12 states but above 8 percent in three states—Alaska, Wyoming, and North Dakota. Additionally, the expansion of state Medicaid programs under the ACA continues to be a significant source of variation in state uninsurance levels for the parents of young children. For example, an estimated 8.7 percent of parents of young children in expansion states were uninsured in 2016, whereas 18 percent of parents of young children were uninsured in nonexpansion states.

MACPAC suggests Congress authorize states to mandate managed care

Congress should amend Section 1932(a)(2) of the Social Security Act (SSA) to allow states to require all beneficiaries to enroll in Medicaid managed care programs under state plan authority, without a waiver, according to the Medicaid and CHIP Payment and Access Commission (MACPAC).

Other recommendations

During its January session, MACPAC approved the managed care recommendation, which will be added to the commission’s draft March 2018 report to Congress alongside two December 2017 recommendations that Congress (1) extend Section 1915(b) waiver approvals from two to five years; and (2) revise Section 1915(c) waivers to waive freedom of choice and allow selective contracting.

Concerns

Other concerns raised by MACPAC in December 2017 included: (1) whether the managed care recommendation should include long-term services and supports; (2) the adequacy of protections for vulnerable beneficiaries under state plan authority; and (3) that the recommendation to allow mandatory managed care enrollment requires oversight of states and plans to ensure beneficiary needs are met.

CHIP and DSHs face difficult financial roads without quick congressional move

Without congressional action, authorization for the Children’s Health Insurance Program will end on September 30, 2017, with the end of fiscal year (FY) 2017. Cuts to disproportionate share hospital (DSH) payments are also scheduled to take effect on October 1, 2017. If the authorization lapses and the cuts take effect, states will face budget shortages in their attempts to keep the CHIP program solvent and DSHs, which already operate on tight budgets, will be exposed to greater financial strain. A number of other health care related provisions are also slated to lapse on September 30, 2017, if Congress does not act, according to a Congressional Research Service (CSR) report.

Action

On September 28, 2017, the Energy and Commerce Committee announced that it would markup a bill to extend funding to the CHIP program. On the same day, members of Congress authored a letter to House Speaker Paul Ryan (R-Wis) and Democratic Leader Nancy Pelosi (D-Calif) expressing concerns regarding the impact of the DSH cuts and calling for congressional action.

DSH cuts

Stakeholders have made ongoing attempts to procure action from Congress to delay the DSH cuts. On September 18, nine hospital organizations urged lawmakers to further delay the start of Medicaid DSH cuts authorized by Section 2551 of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) (see Hospital organizations again advocate for delay of Medicaid DSH reductions, September 19, 2017). The cuts would have gone into effect in 2014 but legislation delayed the reduction. The reduced payments were designed to account for decreases in uncompensated care, yet, DSHs warn that planned increases in coverage rates under the ACA have not been realized, exposing providers to unfair payment reductions.

CHIP

Although the impact of a delay in CHIP reauthorization will differ from state to state, a Kaiser Family Foundation analysis revealed that “states would face budget pressures, children would lose coverage, and implementation of program changes could result in increased costs and administrative burden for states” if Congress does not reauthorize the CHIP program by the end of FY 2017 (see States face budget shortages if Congress doesn’t extend CHIP funding, September 11, 2017).