Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Temporary staffing and interim compliance officers

When individuals from a compliance office, including compliance officers, retire, move to new organizations, or are replaced for any reason, it can leave a gap in the day to day management of the compliance efforts that can create a serious risk. This underscores the importance of not only finding a suitable replacement quickly, however, that process can be time consuming. As such, it is not surprising that many organizations turn to engaging temporary expert assistance, including acting the use of Interim Compliance Officers (ICOs). This decision is often made with the realization that having a gap in the program over a period of months, or designating someone internally to do the work can be dangerous. Smaller organizations are not likely to have anyone sufficiently qualified to carry out all the duties. It is also risky to have someone making decisions, or failing to make decisions, that may create liabilities. The worst decision is selecting someone to take on the role of compliance officer as a temporary set of secondary duties to his or her current job. This will always lead the individual to continue giving priority to their regular job and do as little as possible in compliance.

Temporary staffing has the advantage of quickly filling immediate needs, including addressing any pending issues or problems. Properly experienced professionals can hit the ground quickly and be effective, not just be a placeholder. This approach will permit the organization to continue its search for the permanent replacement.  Using a properly qualified outside expert presents a lot of advantages. The expert can bring the experience of having served in other organizations and dealing with many of the same issues already addressed by prior jobs.  Important also is that they have not been invested in any prior decisions, nor have they been aligned with any parties in the organization. Most importantly, the expert brings “fresh eyes” to the program. An outside expert can provide an objective assessment on the state of the compliance program, offer suggestions, and give guidance for improvements.

Finding the right ICO with a lot experience and technical skills can make significant improvements for any compliance program in a relatively short order.  In fact, it may be the most economical means to have an independent evaluation of a compliance program. However, care needs to be taken when deciding on an expert. It is important that someone is not hired who is a “cast off” from another organization. As such, it is important that references be checked carefully to be assured of someone who is competent and reliable. It is important to design the engagement to bring maximum return of benefit for the cost. Therefore, in the case of an ICO, consideration should be given to the added scope of work. Organizations should expect to have the outside expert:

  • provide an independent assessment of the status of the compliance program;
  • make an assessment of high-risk areas that warrant attention;
  • be able to efficiently and effectively address compliance risk issues that may arise;
  • offer suggestions to build a firmer foundation for the compliance program;
  • review the existing Code, compliance policies, and other guidance;
  • evaluate the quality and effectiveness of compliance training;
  • develop a “road map” for the incoming compliance officer to follow;
  • assist in identifying and evaluating candidates for the permanent position;
  • assess resources needed to effectively operate the compliance program;
  • identify or build metrics that evidence compliance program effectiveness; and
  • develop comprehensive briefings for management and board on the state of the program.

Finally, for even fairly large organizations, a true compliance expert can hold things together for several months without having to be full time on site. Most organizations can keep their compliance program operating with many of the added benefits noted above, using an expert for 50 to 80 hours per month. After all, the ICO is holding the compliance program together, not building it.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS improperly paid $367M for outpatient physical therapy

The OIG issued an audit report that found sixty-one percent of Medicare claims for outpatient physical therapy services reviewed did not comply with Medicare medical necessity, coding, or documentation requirements, resulting in an estimated overpayment of $367 million for outpatient physical therapy services that did not comply with Medicare requirements. These overpayments occurred because CMS controls were not effective in preventing improper payments for outpatient physical therapy services. The Medicare Part B program paid approximately $2 billion for outpatient physical therapy services provided to beneficiaries and past OIG reviews of individual physical therapy providers identified claims for outpatient physical therapy services that were not reasonable, medically necessary, or properly documented.  The OIG analyzed a stratified random sample of 300 outpatient claims for physical therapy services. The OIG’s stated objective was to determine whether Medicare claims for outpatient physical therapy services complied with Medicare requirements. Errors identified fell under three categories:

  1. Services that were not medically necessary, including services which were not reasonable—there was no evidence that the services would be effective, the services did not require the skills of a therapist, or there was not expectation of significant improvement.
  2. Coding did not meet medical requirements—timed units claimed did not match units in treatment notes; missing modifiers; and incorrect codes.
  3. Documentation did not meet Medicare requirement—plan-of-care deficiencies; treatment note deficiencies; and recertification deficiencies.

The OIG recommended CMS: (1) instruct the Medicare contractors to notify providers of potential overpayments so that those providers can exercise reasonable diligence to investigate and return any identified overpayments, (2) establish mechanisms to better monitor the appropriateness of outpatient physical therapy claims, and (3) educate providers about Medicare requirements for submitting outpatient physical therapy claims for reimbursement. CMS generally disagreed with these findings and believes further analysis of the sampled claims is warranted to determine whether the claims met Medicare requirements, according to the report.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Stark Law continues to be questioned

CMS kicked off the New Year by announcing plans to convene an inter-agency group to focus on how to minimize the regulatory barriers of the Stark Law that began in 1989 and underwent expansion in the 1990s. Providers have raise concerns from the beginning of the implementation of the Stark Law. The agencies involved in the review will include: CMS, the HHS Office of Inspector General (OIG), HHS General Counsel, and the Department of Justice (DOJ). Since the announcement, there has been considerable speculation as to how serious this effort will be and how soon something will materialize from it. The subject came up during a hearing on March 21 concerning the implementation of physician payment policies under the Medicare Access and CHIP Reauthorization Act (MACRA). CMS called for the need to consider such reforms as the agency pushes toward a value-based healthcare system. The Stark Law has been viewed by much of the industry as creating real barriers to meeting new government policy objectives.

CMS testimony noted that the Stark Law “has a really big impact on how relationships are structured in the healthcare space, which prohibits physicians from referring a Medicare or Medicaid patient to a provider with which the physicians have financial ties.” The testimony went on to state that the health care system has so many fractured silos with many rules and regulations that govern every part of the health care system and that both MACRA and Stark are important pieces of it. It was noted that the President’s budget proposal for fiscal year 2019 includes a line item calling for the “physician self-referral law” to be reformed “to better support and align with alternative payment models [APM] and to address overutilization.”

The Stark Law prohibits doctors from referring Medicare patients to hospitals, labs and colleagues with whom they have financial relationships, unless they fall under certain exceptions. It also prevents hospitals from paying providers more when they meet certain quality measures, such as reducing hospital-acquired infections, while paying less to those who miss the goals. The result is the law is viewed as making it difficult for physicians to enter innovative payment arrangements because they are not susceptible to fair market value assessment, a Stark requirement. These prohibitions are seen as interfering with key factors related to value-based care. Unlike the Anti-Kickback Statute, which is enforced by the OIG, the Stark law is considered regulatory and falls under CMS jurisdiction. From a regulatory standpoint, there is only so much that CMS can do to make substantive changes. Any real changes in the law will have to come from Congress.

This is not the first time the CMS has tried to move the easing of rules concerning the Stark law.  In 2015, CMS published a Proposed rule relaxing aspects of the Stark law, including easing of some of the strict liability features of the law and CMS’ burden in dealing with the interpretation of key terms, requirements, and other issues.  After reviewing an enormous amount of self-disclosures, CMS realized that a large part of its docket involved arrangements that may technically violate the statute but do not actually pose significant risks of abuse. Therefore, it appears that CMS seeks to reduce the number of self-disclosures reported. However, the proposed update is also intended to account for recent changes relating to health care reform and advancements in patient care and payment methodologies. CMS wanted to ensure that Stark does not inhibit Affordable Care Act (ACA) reforms and these are the same concerns driving the latest initiative.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.