Kusserow on Compliance: OIG’s planned work for home health agencies

Home Health Agencies (HHAs) remain one of the top enforcement priorities for the DOJ and HHS Office of Inspector General (OIG). Considerable OIG investigative resources are devoted to HHA fraud. However, the OIG auditors and evaluators are also focusing on HHA waste and abuse. For example, in May 2019, the OIG released several audit reports related to HHAs, including those for EHS Home Health, Excella Home Care, Great Lakes Home Health, and Metropolitan Jewish Home Care. The OIG found a number of deficiencies, including beneficiaries who were not homebound that were able to ambulate without assistance and perform home exercises, or had only a partial episode (wound healed). In addition, in many cases, documentation was not provided or did not support services. To continue its efforts in this area, the OIG has added several planned audits and evaluations related to HHAs, including the following:

  1. OIG will review supporting documentation to determine whether home health claims with 5 to 10 skilled visits in a payment episode, in which the beneficiary was discharged home, met the conditions for coverage and were adequately supported as required by federal guidance.

 

  1. Recent OIG reports disclosed high error rates at individual HHAs, consisting primarily of beneficiaries who were not homebound or who did not require skilled services. So, the OIG will continue its efforts regarding whether home health claims were paid in accordance with federal requirements.

 

  1. Using data from the CMS’s Comprehensive Error Rate Testing (CERT), the OIG plans to identify the common characteristics of “at risk” HHA providers that could be used to target pre- and post-payment review of claims.

 

  1. The OIG will review Medicare Part A payments to HHAs to determine whether claims billed to Medicare Part B for items and services were allowable and in accord with federal regulations. Generally, certain items, supplies, and services furnished to patients are covered under Part A and should not be separately billable to Part B. the OIG has previously found noncompliance with these Medicare billing requirements.

 

  1. The OIG will compare HHA survey documents to Medicare claims data to look for evidence of patients omitted from HHA-supplied patient information from select recertification surveys using Medicare claims data.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: New OCR Guidelines

The HHS Office for Civil Rights (OCR) issued a new guidance which points out a list of 10 violations where Business Associates (BAs) can be held directly liable. The guidance points out that where BAs may not be liable, the covered entity (CE) may be still on the hook for violations of those violations. As such CEs should carefully review their BA Agreements (BAAs) to ensure that they cover requirements that don’t directly apply to BAs but are still enforceable against CEs.

The OCR also notes that large data breaches also continue to dominate the press. The OCR recently cited among recent notable breaches that an EMR and software services provider allowed hackers access to 3.5 million patient records. Touchstone Medical Imaging (TMI), agreed to pay $3 million for a breach involving one of its FTP servers that contained PHI for over 300,000 patients. LabCorp received notice from American Medical Collection Agency (AMCA), a collection firm working on its behalf, regarding unauthorized access of 7.7 million patients’ PHI stored by AMCA. This announcement followed a similar one from Quest Diagnostics, in which they reported that AMCA’s breach affected 11.9 million of its patients.

Updates on OCR enforcement actions can be found at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG releases two reports questioning quality of hospice care

80% surveyed hospices had deficiencies

Many cases of harm to beneficiaries cited

The OIG released two reports which found hospices participating in Medicare had one or more deficiencies in the quality of care they provided to their patients. The OIG cited cases where beneficiaries were seriously harmed by poor care or facilities failed to act in cases of abuse. In its reports, the OIG made several recommendations to strengthen safeguards.

In one report—Hospice Deficiencies Pose Risks to Medicare Beneficiariesthe OIG identified significant vulnerabilities in the Medicare hospice benefit and found over 80 percent of these hospices had at least one deficiency. These included poor care planning, mismanagement of aide services, and inadequate assessments of beneficiaries. Over 20 percent of hospices had a serious “condition-level” deficiency, which means that “the hospice’s capacity to furnish adequate care is substantially limited or adversely affects the health and safety of patients.” The OIG called upon CMS to: (1) strengthen the survey process; (2) establish additional enforcement remedies; (3) provide more information to beneficiaries and their caregivers; (4) expand the deficiency data that accrediting organizations report to CMS to strengthen its oversight of hospices; (5) seek statutory authority to include information from accrediting organizations on Hospice Compare; (6) include on Hospice Compare the survey reports from State agencies; (7) include on Hospice Compare the survey reports from accrediting organizations, once authority is obtained; (8) educate hospices about common deficiencies and those that pose particular risks to beneficiaries; and (9) increase oversight of hospices with a history of serious deficiencies.

In its second report—Safeguards Must Be Strengthened To Protect Medicare Hospice Beneficiaries From Harm—the OIG described specific instances of harm to hospice beneficiaries and identified vulnerabilities in CMS’s efforts to prevent and address harm. Some instances of harm resulted from hospices providing poor care to beneficiaries and some resulted from abuse by caregivers or others and the hospice failing to act. Cases revealed vulnerabilities in beneficiary protections that CMS must address. The OIG called for CMS to: (1) seek statutory authority to establish additional, intermediate remedies for poor hospice performance; (2) strengthen requirements for hospices to report abuse, neglect, and other harm; (3) ensure that hospices are educating staff to recognize signs of abuse, neglect, and other harm; (4) strengthen guidance for surveyors to report crimes to local law enforcement; (5) monitor surveyors’ use of immediate jeopardy; and (6) improve and make user-friendly the process for beneficiaries and caregivers to make complaints.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS ‘guts’ SNF/LTC compliance program mandates

– CMS “bows” to industry pressure

– Objective standards replaced by subjective ones

– Designated compliance officer not to be required

– No contact person to whom “people may report suspected violations”

 

A new CMS proposed rule—“Medicare & Medicaid Programs; Requirements for Long-Term Care Facilities: Regulatory Provisions to Promote Efficiency and Transparency”—proposes to roll back and remove many compliance program related requirements for long term care facilities (LTC) participating in Medicare/Medicaid. The Proposed modifications include removing many of the compliance program requirements adopted in 2016 on the basis that they are not expressly required by statute. The stated purpose of the proposed changes is to reduce administrative burdens. This flies in the face of increased identification by CMS, OIG, GAO, DOJ, and Congress of legal and regulatory compliance violations by LTC facilities.

Enhanced compliance programs were a way of addressing these ongoing problems. Among the requirements removed were (1) designation of a compliance officer; (2) designation of a compliance liaison for operating organizations with five or more facilities; (3) annual reviews of the compliance program; (4) having an identified person to whom individuals may report suspected violations.

CMS now proposes that a LTC organization develop, implement, and maintain an effective compliance and ethics program most appropriate for size and type of the organization. This should include written compliance standards, policies, and procedures that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations. The new standards are far less objective and rely more on subjective concepts that are vague and difficult to substantiate, using terms like “reasonable” and “sufficient.”  Other CMS expectations for facilities include:

  1. Providing sufficient resources for operation of the compliance program.
  2. Designating a high-level person for overall compliance program responsibility with appropriate authority to assure compliance with the regulations.
  3. Taking reasonable steps to achieve compliance with program’s standards, policies, procedures, including monitoring and auditing that is reasonably designed to detect criminal, civil, and administrative violations.
  4. Having in place and publicizing a reporting system whereby anyone could report violations by others within the organization without fear of retribution.
  5. Ensuring consistent enforcement and discipline of standards, policies, and procedures.
  6. Effectively communicating compliance standards, policies, and procedures in compliance mandatory training.
  7. Taking reasonable steps to respond detected violations and to prevent similar violations in the future.

The new CMS proposed compliance program standards are significantly different from standards issued by the U.S. Department of Justice in April 2019—new DOJ evaluation of corporate compliance program guidelineswhich are designed to be used in making prosecutorial decisions and in determining penalty guidelines. Before CMS proposed to rescind many of its previously published standards for compliance programs, the DOJ and CMS standards were consistent.

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.