Kusserow on Compliance: Most organizations reported encounters with government authorities

• Most organizations have made disclosures for HIPAA breaches and overpayments
• One third received demand letters
• Other encounters report were with OIG and DOJ

It is widely recognized that regulatory and legal enforcement activities have been increasing over the last few years. The results should be a warning bell to all compliance officers that regulators and enforcement officials are right around the corner, necessitating increased efforts on ongoing monitoring and auditing to mitigate exposure of compliance-related risk areas. In the soon to be released national healthcare “2019 Compliance Benchmark Survey” most respondents reported having encountered issues with government agencies in last five years. Ranking at the top, with nearly two-thirds of the respondents, was disclosure to the HHS Office for Civil Rights (OCR) for breaches of privacy under the Health Insurance Portability and Accountability Act (HIPAA). Over half reported making self-disclosures of overpayments received and addressing audits or investigations by government agencies. One-third reported responding to a demand letter from a government agency or contractor. Serious legal encounters with the government was reported at a much lower level.  One out of five respondents reported self-disclosure to the DOJ, OIG and CMS.  About one out of eight respondents reported their organization being involved in the settlement process with DOJ, self-disclosing to the OIG engagement of sanctioned individuals/entities, and being involved in a settlement process for a corporate integrity agreement (CIA).

The “2019 Compliance Benchmark Survey” report will be available without charge at the upcoming HCCA conference in Boston at Strategic Management Services, Booth 420. 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

U.S. pays nearly twice as much for drugs compared to other countries

A recent HHS analysis revealed that prices charged by drug manufacturers to wholesalers and distributors in the United States are 1.8 times higher than in other countries for the top drugs by total expenditures separately paid under Medicare Part B. U.S. prices were higher for most of the drugs included in the analysis, and U.S. prices were more likely to be the highest prices paid among the countries in the study (ASPE Report, October 25, 2018).

Medicare Part B

Drugs typically administered to patients by healthcare practitioners are covered and paid under Medicare Part B, which is part of the fee for service traditional Medicare benefit. Under Part B, providers buy and bill for these drugs. Medicare pays suppliers and providers based upon the Average Sales Price (ASP) for each product, as reported by manufacturers to CMS. Physician offices that buy and bill Part B drugs are paid 106 percent of the drug’s ASP, and hospitals are reimbursed either at 106 percent or 77.5 percent of ASP, depending on the hospital outpatient department’s participation in a safety net drug pricing program. Spending on Part B drugs has doubled since 2006.

The analysis and results

Data was compiled on the top drugs based on total Medicare reimbursement to either physician offices, hospital outpatient departments, or overall under Medicare Part B in 2016. Countries included in the analysis included: the United States, Austria, Belgium, Canada, Czech Republic, Finland, France, Germany, Greece, Ireland, Italy, Japan, Portugal, Slovakia, Spain, Sweden, and the United Kingdom. The analysis identified thirty two Medicare Part B drugs among the top twenty drugs in spending for each setting. These thirty two drugs accounted for $18 billion in spending, out of a total $27 billion on Part B drugs across these settings. The main analysis reports on twenty seven Part B Drugs.

Across the twenty seven drugs in the study, the U.S. ex-manufacturer prices were 1.8 times than average international ex-manufacturer price. There was not any one country that consistently had the highest or lowest prices compared to the U.S. for twenty of the drug products; U.S. prices exceeded the average international price by more than twenty percent. In addition, for nineteen of the twenty seven products the U.S. prices were higher than any other country. Excluding the U.S., Germany and Canada had the highest prices for six drugs and Japan for five drugs. France and the United Kingdom had the lowest prices for four drug products. Japan, Sweden and Slovakia had the lowest prices for three drug products each. Finally, the analysis calculated that the Medicare program and its beneficiaries spent an additional $8.1 billion (47 percent more) on these twenty seven products that it would have, if payments based upon ASP were scaled by the international price ratios.

Overall, prices and reimbursement rates for Part B drugs are significantly higher for the U.S. providers than purchasers outside the U.S., except for a few outlier cases. The amount by which U.S. prices exceeded those of international comparators varied significantly by product, and there was no clear pattern as to which countries were consistently paying lower prices. The analysis suggests that Medicare Part B could achieve significant savings if prices in the U.S. were similar to those of other large market based economies.

Kusserow on Compliance: OCR releases new guidelines on software vulnerabilities and patching

The HHS Office for Civil Rights (OCR) recently released a report focuses on software bugs and patches designed to reduce the vulnerability of computer systems that put electronic personal health information (ePHI) at risk. The OCR noted that last year researchers discovered a widespread vulnerability in computer processors that were sold over the previous decade. These vulnerabilities, known as Spectre and Meltdown, allow “malware” to bypass data access controls and potentially access sensitive data. This security flaw has been present in nearly all processors produced in the last 10 years and affects millions of devices. Upon discovery of these defects, vendors scrambled to release patches that addressed this problem. Managing patches plays an important role in maintaining HIPAA Security Rule compliance and without them vulnerabilities will not be fixed. The health care sector relies on software to manage ePHI and organizations are required under the HIPAA Security Rule to use appropriate technical safeguards to ensure the security of ePHI, including the evaluation of software vulnerabilities, the assessment of potential risks, and the implementation of solutions to keep risk at a reasonable minimum. The OCR suggested the following for effective patch management:

  • Evaluate patches to determine if they apply to your software/systems.
  • Test patches on an isolated system for any unwanted side effects.
  • Once patches have been evaluated and tested, approve them for
  • Deploy patch installation on live systems.
  • Test and verify to ensure correct patch installation and no unforeseen side effects

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG toolkit for calculating opioid levels and opioid misuse risk

The OIG toolkit provides detailed steps for using prescription drug claims data to analyze patients’ opioid levels and identify certain patients who are at risk of opioid misuse or overdose. It is based on the methodology that OIG has developed in its extensive work on opioids. This provides technical information to support the OIG’s public and private sector partners, such as Medicare Part D plan sponsors, private health plans, and State Medicaid Fraud Control Units. It is intended to assist OIG partners with analyzing their own prescription drug claims data to help combat the opioid crisis. It provides steps to calculate patients’ average daily morphine equivalent dose (MED), which converts various prescription opioids and strengths into one standard value. This measure is also called morphine milligram equivalent (MME). The toolkit includes a detailed description of the analysis and programming code that can be applied to the user’s own data. The resulting data can be used to identify certain patients who are at risk of opioid misuse or overdose. Users can also modify the code to meet their needs, such as identifying patients at other levels of risk. The toolkit has three chapters:

 

(1) Analysis of Prescription Drug Claims Data,

(2) Explanation of the Programming Code To Conduct the Analysis, and

(3) Programming Code.

 

Opioid abuse and overdose deaths are at epidemic levels in the United States. As one of the lead federal agencies fighting health care fraud, the OIG is committed to supporting public and private partners in its efforts to curb the opioid epidemic. These partners include Medicare Part D plan sponsors, other private health plans, State Medicaid Fraud Control Units, State prescription drug monitoring programs, and researchers. They can use this toolkit to analyze claims data for prescription drugs and identify patients who may be misusing or abusing prescription opioids and may be in need of additional case management or other follow-up. This toolkit can also be used to answer research questions about opioid utilization.

Copies can be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.