Kusserow on Compliance: CMS to issue new Medicare card to 60 million beneficiaries

New cards will no longer contain Social Security number

Over 2.5 million beneficiaries are victims of identity theft incidents

CMS is readying a fraud prevention initiative that removes Social Security numbers from Medicare cards to help combat identity theft, and safeguard taxpayer dollars.  This is being done to meet the congressional deadline for replacing all Medicare cards by April 2019 that followed the passage of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). CMS will assign all Medicare beneficiaries a new, unique a Medicare Beneficiary Identifier (MBI) number which will contain a combination of numbers and uppercase letters. Beneficiaries will be instructed to safely and securely destroy their current Medicare cards and keep the new MBI confidential. Issuance of the new MBI will not change the benefits a Medicare beneficiary receives and will be designed to help protect against personal identity theft affects a large and growing number of seniors.  According to the DOJ, people age 65 or older are increasingly the victims of this type of crime that now are estimated to affect 2.6 million seniors a year. Two-thirds of all identity theft victims reported a direct financial loss with also the problems associated with disrupting lives, damage credit ratings, and result in inaccuracies in medical records and costly false claims.

New card will be mailed beginning in April 2018 and will use the unique, randomly-assigned MIB number to replace the Social Security-based Health Insurance Claim Number (HICN) currently used on the Medicare card.  Providers and beneficiaries will both be able to use secure look up tools that will support quick access to MBIs when they need them. There will also be a 21-month transition period where providers will be able to use either the MBI or the HICN further easing the transition.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG issues first 2017 Semi-Annual report—1,422 exclusions in first half of 2017

The OIG released is first semi-annual report for 2017 which included the number of exclusion actions taken. There were a total of 1,422 individuals and entities they excluded from Medicare, Medicaid, and other Federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, for patient abuse or neglect, or as a result of license revocation. The OIG posts all such actions on its List of Excluded Individuals and Entities (LEIE).  In its compliance guidance, the OIG calls for screening of all individuals and entities engaged by or with whom they do business against the LEIE. CMS also makes such screening a condition of participation and enrollment. The OIG has a number of Administrative Sanction authorities whereby they have added steadily to the LEIE database. In the last three years the OIG added over 10,000 exclusions to the LEIE.

OIG Enforcement Authorities

Tom Herrmann, JD, is a nationally recognized health care compliance consultant.  He served for a number of years in the OIG Counsel’s Office as Chief of the Administrative Litigation Branch, and supervised the litigation of cases involving the imposition of civil monetary penalties and program exclusions. He explained that the OIG has been delegated the authorities to impose Civil Monetary Penalties, assessments, and program exclusion on health care providers and others determined to have engaged in defined wrongdoing. The effect of an OIG exclusion is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. He noted that in almost all instances where the OIG’s imposition of program exclusion or CMPs is appealed, it is upheld by a HHS Administrative Law Judge (ALJ), the HHS Departmental Appeals Board (DAB), and Federal Courts. As such, it is absolutely essential to have ongoing sanction-screening of anyone engaged by a healthcare organization.

Jillian Bower, is another highly experienced health care compliance consultant, who has assisted scores of clients in meeting the sanction-screening obligations through the Compliance Resource Center (CRC). She notes that CMS has been very aggressive in calling for sanction screening, not only of the LEIE, but Debarments posted by the General Services Administration (GSA), as well as pressuring State Medicaid Directors to establish exclusion databases and mandate monthly screening by their enrolled providers. Since then most states have moved to comply with the CMS direction. This has increased the sanction-screening burden greatly for not only for the compliance office, but also human resource management (HRM). Procurement is also affected by the number of vendors and contractors that also have to be screened. Medical credentialing is involved because physicians granted staff privileges have to be screened. In order to meet screening mandates, it is almost a necessity to use a vendor search engine tools to assist in sanction-screening. This saves downloading the sanction databases of all the entities and developing their own search engine. So using a vendor for this purpose is a step in the right direction; however the bulk of the work remains with the organization to do screening and resolving potential “hits” remains with the organization. Altogether this can be a considerable effort and many organizations have to dedicate one or many employees to meet all these obligations. Alternatively, many just outsource the entire process, including verification and certification of results to a vendor

Sanction-Screening Tips

  1. Ensure periodic sanction screening of employees, medical staff, contractors, and vendors against the LEIE, not just at time of engagement but periodically thereafter. An individual or entity may be pass a sanction screen at time of engagement, but later have a sanction imposed.

 

  1. Maintain a complete record of sanction screening to evidence meeting mandates with individual(s) responsible for sanction screening attesting to results each time screening has taken place. If using a vendor to conduct the sanction screening on behalf of the organization, they should provide a full certified report each time they perform their service.

 

  1. Develop a compliance policy and applications requiring as a condition of employment, gaining staff privileges, or engagement, attestation that the individual has not been, nor are they now, the subject of an investigation by any duly authorized regulatory or enforcement agency. It is also advisable to add a condition of engagement that employees must promptly report any notice of investigation that involves them.

 

  1. Care should be taken to meet state Medicaid screening requirements in addition to checking the LEIE. For those organizations that cross state lines, it is particularly important to ensure compliance with state sanction screening mandates that differ from state to state.

 

  1. Inasmuch as most exclusions in the LEIE arise from another underlying court, state agency, or licensure board action, it is critical as part of the credentialing process to verify that health care professionals are duly licensed and not until any restrictions. Engaging or giving staff privileges to individuals who are restricted in their license may be considered by CMS as violating conditions of participation.

 

  1. Educate and inform management and employees on their obligation to promptly report any notification of an adverse action by any duly authorized regulatory or enforcement agency. Policies should be implemented to reinforce this.

 

  1. Consider using a vendor tool to assist in sanction-screening, but compare services and costs to avoid unnecessary expenditures; and consider the cost-benefits of outsourcing then entire sanction-screening process.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG proposed budget for 2018 cites accomplishments

The HHS OIG submitted their fiscal year (FY) 2018 proposed budget for a total of $359 million that includes $291 million to support oversight of the Medicare and Medicaid programs.  In justifying their request, the OIG reported expected recoveries of more than $5.66 billion for FY 2016 that includes $4.46 billion in investigative receivables and approximately $82 million in CMPs. The OIG’s work also prevents fraud and abuse through industry outreach and guidance and recommendations to HHS to remedy program vulnerabilities. Additionally, OIG reported on its role as a Health Care Fraud and Abuse Control (HCFAC) program participant in returning $5 to the Medicare Trust Funds for every $1 invested in FY 2016. The OIG reported 844 criminal actions against individuals or organizations that engaged in crimes against HHS programs and 708 civil and administrative enforcement actions, including False Claims Act lawsuits filed in Federal district court, and Civil Monetary Penalty (CMP) law settlements. The OIG excluded 3,635 individuals and organizations from participation in Federal health care programs. The OIG is also part of Health Care Fraud Strike Force teams that coordinate operations conducted jointly by Federal, State, and local law enforcement entities that resulted in filing of charges against 255 individuals or entities, 207 criminal actions, and $321 million in investigative receivables.

Over the last five years, the OIG’s expected recoveries have averaged $5.3 billion annually. Changes in the amount of expected recoveries from year to year are due to the particular mix of cases resolved in a given year, as well as continued efforts to work with operating divisions to implement OIG recommendations.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: EHR incentive program attestation is serious business

The American Recovery and Reinvestment Act of 2009 (ARRA) (P.L. 111-5) authorized providing incentive payments to eligible health care professionals, hospitals, and Medicare Advantage Organizations (“MAOs”) to promote the adoption and “meaningful use” of health information technology and electronic health record (“EHR”) systems. CMS established the Medicare and Medicaid Electronic Health Record Incentive Programs (EHR Incentive Programs) to make incentive payments to health care professionals and providers that meet specified requirements for the meaningful use of certified EHR technology (CEHRT). The EHR Incentive Programs are intended to bring about improved clinical outcomes and population outcomes, increase transparency and efficiency in health care, empower individuals to make decisions regarding their care, and generate additional research data on health systems. Program participants must report on their performance pertaining to certain clinical quality measures (CQMs) and objectives to CMS (for Medicare) or the authorized state agency (for Medicaid) through an attestation process. Since 2011, the EHR Incentive Programs have made incentive payments to numerous eligible professionals, eligible hospitals, and critical access hospitals (CAHs) that qualify as “meaningful users” by meeting the objectives and CQMs outlined in the various stages of the applicable programs.

Annual attestations required

Eligible providers must annually attest to meeting the specified objectives and measures in order to receive incentive payments under the EHR Incentive Programs. Once they have attested to meeting the identified objectives and measures, they are deemed to be meaningful users and eligible for incentive payments.  CMS, its contractor, and state Medicaid agencies conduct both random and targeted audits to detect inaccuracies in eligibility, reporting, and receipt of payment with respect to the EHR Incentive Programs.  Eligible hospitals may be selected for pre- or post-payment audits. CMS has required that eligible hospitals retain all supporting documentation used in completing the Attestation Module responses in either paper or electronic format for six years post-attestation. Eligible hospitals are responsible for maintaining documentation that fully supports the meaningful use and CQM data submitted during attestation. Those hospitals undergoing pre-payment audits will be required to provide supporting documentation to validate submitted attestation data before receiving payment.

Unsupported and false attestations

Making false statements, including attestations to the federal government, could implicate federal law (18 U.S.C. § 1001), which generally prohibits knowingly and willfully making false or fraudulent statements or concealing information. Although eligible hospitals receiving incentive payments under the Medicare and Medicaid EHR Incentive Programs are not required to follow any particular parameters when spending the payments, they must annually attest to meeting the relevant measures and objectives in order to be entitled to incentive payments. It is critical that eligible hospitals maintain documentation that supports their attestations.  Supporting documentation needs to make clear that the hospital is meeting the terms and conditions of the EHR Incentive Program. A checklist document by itself would be insufficient as supporting documentation. Failure to maintain such supporting documentation creates potential liability. Although no significant enforcement activity has taken place, compliance officers are advised to verify that proper supporting documentation is maintained.  In fact, the responsible program manager should be maintaining documentation as part of ongoing monitoring. As part of ongoing auditing, the compliance office should ensure that monitoring is conducted and validate that it is adequately meeting regulatory requirements.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.