Kusserow on Compliance: EHR incentive program attestation is serious business

The American Recovery and Reinvestment Act of 2009 (ARRA) (P.L. 111-5) authorized providing incentive payments to eligible health care professionals, hospitals, and Medicare Advantage Organizations (“MAOs”) to promote the adoption and “meaningful use” of health information technology and electronic health record (“EHR”) systems. CMS established the Medicare and Medicaid Electronic Health Record Incentive Programs (EHR Incentive Programs) to make incentive payments to health care professionals and providers that meet specified requirements for the meaningful use of certified EHR technology (CEHRT). The EHR Incentive Programs are intended to bring about improved clinical outcomes and population outcomes, increase transparency and efficiency in health care, empower individuals to make decisions regarding their care, and generate additional research data on health systems. Program participants must report on their performance pertaining to certain clinical quality measures (CQMs) and objectives to CMS (for Medicare) or the authorized state agency (for Medicaid) through an attestation process. Since 2011, the EHR Incentive Programs have made incentive payments to numerous eligible professionals, eligible hospitals, and critical access hospitals (CAHs) that qualify as “meaningful users” by meeting the objectives and CQMs outlined in the various stages of the applicable programs.

Annual attestations required

Eligible providers must annually attest to meeting the specified objectives and measures in order to receive incentive payments under the EHR Incentive Programs. Once they have attested to meeting the identified objectives and measures, they are deemed to be meaningful users and eligible for incentive payments.  CMS, its contractor, and state Medicaid agencies conduct both random and targeted audits to detect inaccuracies in eligibility, reporting, and receipt of payment with respect to the EHR Incentive Programs.  Eligible hospitals may be selected for pre- or post-payment audits. CMS has required that eligible hospitals retain all supporting documentation used in completing the Attestation Module responses in either paper or electronic format for six years post-attestation. Eligible hospitals are responsible for maintaining documentation that fully supports the meaningful use and CQM data submitted during attestation. Those hospitals undergoing pre-payment audits will be required to provide supporting documentation to validate submitted attestation data before receiving payment.

Unsupported and false attestations

Making false statements, including attestations to the federal government, could implicate federal law (18 U.S.C. § 1001), which generally prohibits knowingly and willfully making false or fraudulent statements or concealing information. Although eligible hospitals receiving incentive payments under the Medicare and Medicaid EHR Incentive Programs are not required to follow any particular parameters when spending the payments, they must annually attest to meeting the relevant measures and objectives in order to be entitled to incentive payments. It is critical that eligible hospitals maintain documentation that supports their attestations.  Supporting documentation needs to make clear that the hospital is meeting the terms and conditions of the EHR Incentive Program. A checklist document by itself would be insufficient as supporting documentation. Failure to maintain such supporting documentation creates potential liability. Although no significant enforcement activity has taken place, compliance officers are advised to verify that proper supporting documentation is maintained.  In fact, the responsible program manager should be maintaining documentation as part of ongoing monitoring. As part of ongoing auditing, the compliance office should ensure that monitoring is conducted and validate that it is adequately meeting regulatory requirements.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

 

 

‘Fatigued’ providers must concentrate on complying with two-midnight rule

Some providers may be experience two-midnight rule “compliance fatigue” due to the changing rules and current lack of traditional enforcement activity, said presenters at the Health Care Compliance Association webinar, “Two Midnight Rule: Where Are We Now?” The two-midnight rule has been a “moving target” and its evolution has been challenging for providers, with CMS having issued more than 40 items of sub-regulatory guidance over the past 3.5 years. Presenters Lauren Gennett and Isabella Wood of King & Spaulding LLP said, however, that it is important for compliance personnel to emphasize the importance of continued compliance.

Two-midnight rule. The two-midnight rule is codified at 42 C.F.R. Sec. 412.3(d), which provides that an inpatient admission is considered reasonable and necessary under Part A if the admitting physician ordered the inpatient admission based on the expectation that the patient would require at least two midnights of medically necessary hospital services.

If an unforeseen circumstance, such as a beneficiary’s death or transfer, results in a shorter stay than the physician’s expectation of at least two midnights, the patient may be considered to be appropriately treated on an inpatient basis. An inpatient admission for a surgical procedure specified by Medicare as “inpatient only” under 42 C.F.R. Sec. 419.22(n) is also generally appropriate for payment under Medicare Part A, regardless of the expected duration of care.

Rare and unusual circumstances exception. There may be “rare and unusual circumstances” in which an inpatient admission for a service not on the inpatient only list may be reasonable and necessary in the absence of an expectation of a two midnight stay. CMS expanded this exception effective January 1, 2016 (see OPPS payment update a net cut for many, Health Law Daily, November 13, 2015). The exception is determined on a case-by-case basis by the physician responsible for the care of the beneficiary, subject to CMS medical review. Relevant factors include: (1) the severity of the signs and symptoms exhibited by the patient; (2) the medical predictability of something adverse happening to the patient; and (3) the need for diagnostic studies that appropriately are outpatient services.

Wood said that CMS has not provided examples of services that might qualify for the “rare and unusual circumstances” exception. She noted that the exception is challenging for providers, who do not know how rare and unusual the circumstances must be to qualify for the exception. There is, she said, “a lot of wiggle room and uncertainty” for providers.

Inpatient admission orders. Before the two-midnight rule, there was not an express requirement for an inpatient admission order, but now 42 C.F.R. Sec. 412.3(a) requires that the inpatient admission order be in the medical record for the hospital to be paid for inpatient services under Part A. The physician is required to authenticate the order before discharge, which can be difficult for short stays. Gennett said that this requirement is “low hanging fruit for contractor denials.” There is, however, an exception for missing or defective orders that CMS originally included in January 2014 guidance and recently updated in the Medicare Benefit Policy Manual, Pub. 100-02, Ch. 1 (see Change Request 9979, March 10, 2017).

Enforcement. From October 2013 through September 2015 Medicare administrative contractors (MACs) conducted limited “probe & educate” reviews, and quality improvement organizations (QIOs) began conducting reviews in October 2015. QIO review has had its challenges, however, and in 2016 CMS temporarily “paused” QIO patient status reviews (see QIOs back to reviewing Two-Midnight rule claims, Health Law Daily, September 13, 2016). In April 2017 the QIO record selection process changed; QIOs now sample the top 175 providers with a high or increasing number of short stay claims per area with a request for 25 cases, and all other providers previously identified as having “major concerns” in the prior round of review will have a request for 10 cases.

Recovery audit contractors (RACs) may conduct provider-specific patient status reviews for providers that have been referred by the QIO as exhibiting persistent noncompliancewith Medicare payment policies, including consistently failing to adhere to the two midnight rule. The presenters noted that providers should be “extra cautious” in light of the potential for RAC referrals.

The two-midnight rule is also on the HHS Office of Inspector General’s (OIG) radar. In December 2016, the OIG issued a report based on a claims review for fiscal years 2013 and 2014 concluding that hospitals are billing for many inpatient stays that were potentially inappropriate (see Two-midnight Medicare policy succeeding but still lacks full cooperation, Health Law Daily, December 19, 2016). The OIG also stated in its FY 2017 work plan that it intends to review hospitals’ use of inpatient and outpatient stays under the two midnight rule.

CMS solicits applications for Rural Community Hospital Demonstration

CMS is soliciting applications for additional hospitals to participate in the Rural Community Hospital Demonstration Program, which tests payment under a reasonable cost-based methodology for Medicare inpatient hospital services furnished by eligible rural hospitals. No more than 30 hospitals can participate in the program at the same time. Applications are due May 17, 2017, and CMS’ goal is to finalize selections by June 2017.

Section 410A of the Medicare Modernization Act (MMA) (P.L. 108-173) originally authorized the demonstration for five years, and Sections 3123 and 10313 of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) extended it for another five-year period. Section 15003 of the 21st Century Cures Act (P.L. 114-255) again amended section 410A to require another five-year extension of the demonstration (see 21st Century Cures clears House, now set for Senate vote, December 1, 2016).

Eligibility

To be eligible to participate in the program, a hospital must: (1) be located in a rural area or be treated as such pursuant to Soc. Sec. Act Sec. 1886(d)(8)(E); (2) have fewer than 51 acute care inpatient beds, as reported in its most recent cost report; (3) make available 24-hour emergency care services; and (4) not be designated or eligible for designation as a critical access hospital pursuant to Soc. Sec. Act Sec. 1820.

Hospitals that were participating in the demonstration as of the last day of the initial five-year period or as of December 30, 2014 may participate in this second extension period, unless the hospital elects to discontinue participation. A newly selected hospital may be located in any state; however, priority will be given to hospitals located in one of the 20 states with the lowest population densities.

Payment

For discharges occurring in the first cost reporting period on or after the implementation of the extension, hospitals participating in the demonstration will receive payment for their reasonable costs of providing covered inpatient hospital services (except for services furnished in a psychiatric or rehabilitation unit that is a distinct part of the hospital). For discharges occurring during the second or later cost reporting period, hospitals will be paid the lesser of their reasonable costs or a target amount.

For most of the previously participating hospitals, there is a gap between the end date of the hospital’s participating in the first five-year extension and the enactment of the Cures Act on December 13, 2016 that the legislation did not address. In the fiscal year 2018 hospital inpatient prospective payment system (IPPS) Proposed rule, CMS solicited comments on proposed terms of continuation for previously participating hospitals (see IPPS spending to increase $3B, LTCH PPS to decrease $173B, April 17, 2017).

The MMA requires the demonstration to be budget neutral. The IPPS proposed rule detailed the status of the demonstration and the methodology for ensuring budget neutrality.

Kusserow on Compliance: Factors OIG considers in deciding exclusions

The HHS Office of Inspector General (OIG) has authority exclude any individual or entity engaging in prohibited activities from participation in the federal health care programs, and add him or her to their List of Excluded Individuals and Entities (LEIE). The effect of this is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. This authority is anchored in legislation going back to 1977; the OIG was delegated authority to impose civil monetary penalties (CMPs), assessments, and program exclusion on health care providers and others determined to have submitted, or caused the submission of, false or fraudulent claims to the Medicare or Medicaid programs. During my 11-year tenure as Inspector General (IG), the administrative remedies were broadened to address additional types of misconduct. This has continued over the years.  Passage of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) amended and expanded the existing authority for the OIG to impose CMPs and exclusions.

 Factors in exclusion decisions

The LEIE database is very large, with 3,000 new exclusions being added annually. About half of the exclusions included in the database are for criminal convictions related to health care programs and for patient abuse or neglect. These are mandatory exclusion.  In addition, the OIG has discretionary authority to exclude for other types of misconduct, such as license revocation or suspension, exclusion or suspension from another federal or state health care program, provision of unnecessary or substandard services, fraud or kickbacks, and default on a health education loan.

Tom Herrmann, J.D. served over 20 years in the Office of Counsel to the Inspector General. He explained that when exercising its discretionary authority to exclude, the OIG takes into consideration a number of factors, including the following:

  • Nature and circumstances of conduct. This includes determining adverse physical, mental, financial, or other impact to program beneficiaries, recipients, or other patients.
  •  Financial loss. Conduct  that (1) was part of a pattern of wrongdoing; (2) occurred over a substantial period of time; (3) was continual or repeated; and (4) continued until or after the person learned of the Government’s investigation indicates higher risk.
  • Leadership role. If the individual organized, led, or planned the unlawful conduct.
  • History of prior fraudulent conduct. History of judgments, convictions, decisions, or settlements in prior enforcement actions, as well as (1) refusal to have entered into a corporate integrity agreement (CIA), (2) breach of a prior CIA, or (3) lies or failure to cooperate with the OIG while under a CIA.
  • Conduct during investigation. Any (1) obstruction in the investigation or audit; (2) taking any steps to conceal the conduct from the government; or (3) failure to comply with a subpoena.
  • Resolution. The inability to pay an appropriate monetary amount (including damages, assessments, and penalties) to resolve a fraud case.
  • Absence of compliance program. Absence of a compliance program that incorporates the seven elements of an effective compliance program.

Avoiding exclusion

There are a number of steps that can be taken to reduce the likelihood of the OIG exercising its discretion to exclude parties and put them on the LEIE. These include being able to evidence:

  1. Initiating internal investigation and sharing results before the government gets involved;
  2. Self-disclosing an internal investigation;
  3. Cooperating with the government, if it initiate an investigation;
  4. Taking appropriate disciplinary action against individuals responsible for bad conduct;
  5. Implementing an effective compliance program, prior to government investigation;
  6. Devoting increased/improved support for the compliance program; and
  7. Having in the past self-disclosed overpayments in good faith to the OIG and CMS.

LEIE sanction screening

Screening individuals and entities prior to engagement and periodically thereafter is not optional–it is a necessity.   The best practice is to screen monthly against the LEIE and any state exclusion database where business is conducted, in that CMS has set this as a standard for Medicaid Directors.   In addition to screening against the LEIE, most states require screening against their database of sanction parties. Often there are delays in resolution of cases, so that a party may not be included in a sanction database at time of engagement, but is added later. Furthermore, inasmuch as most state Medicaid Fraud Control Units report their criminal actions to the OIG, that in turn includes them in the LEIE, resulting in frequent cases of multiple hits for the same underlying action. This is further complicated by the fact that there are delays when actions by state agencies are reported to the OIG for their determination to add them to the LEIE.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.