Kusserow on Compliance: OIG plans 2021 evaluation of nursing home discharge requirements

The HHS Office of Inspector General (OIG) announced it is planning in 2021 to examine the extent to which nursing homes meet CMS requirements for facility-initiated discharges. In its announcement, the OIG noted that a facility-initiated transfer or discharge of a resident from a nursing home can be an unsafe and traumatic experience for the resident and his or her family. In response to this concern, Congress passed the Nursing Home Reform Act of 1987 to protect residents against inappropriate facility-initiated transfer and discharge.

However, data from the National Ombudsman Reporting System show, from 2011 through 2016, cited complaints related to “discharge/eviction” more frequently than any other concern. The OIG also took note of the media reports that highlighted the rise in nursing home evictions and complaints about the discharge process. Past reviews found varying reasons for non-compliant discharges. Some discharges are driven by changes to payment source, but the most frequently reported discharge reason relates to residents that are discharged due to “behavioral, mental, and/or emotional expressions or indications of resident distress.” This includes facilities discharging residents while they are hospitalized related to these behaviors as the basis for discharge. The most common discharge violations included: (1) placement in a questionable/unsafe setting; (2) where a resident remains hospitalized; and (e) where there is a pattern of discharge violations in the facility, among other issues.

The OIG has long monitored the extent to which state long-term care ombudsmen, state survey agencies, and CMS address facility-initiated discharges from nursing homes.  As part of its ongoing work in this area, it will, in 2021, be further examining the extent to which nursing homes meet CMS requirements for facility-initiated discharges. Nursing Home Compliance Officers should take note of this and build a review of this compliance issue in their 2021 workplan.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: The OIG announces plan to begin auditing the Two-Midnight Rule

The HHS Office of Inspector General (OIG) announced that it will begin auditing short stay claims again, and when appropriate, recommend overpayment collections. The agency’s previous audits identified millions of dollars in overpayments for inpatient claims with short lengths of stay. The OIG found that many have billed stays as inpatient claims when they should have been billed as outpatient claims, which usually results in a lower payment.

To reduce inpatient admission errors, CMS implemented the Two-Midnight Rule in 2014. CMS generally considered it inappropriate to receive payment under the inpatient prospective payment system (IPPS) for stays not expected to span at least two midnights. The only procedures excluded from the rule were newly initiated mechanical ventilation and any procedures appearing on the Inpatient Only List. Revisions were made to the Two-Midnight Rule after its implementation.

The OIG plans to once again audit hospital inpatient claims after the implementation of and revisions to the Two-Midnight Rule. The objective is to determine whether inpatient claims with short lengths of stay were incorrectly billed as inpatient and should have been billed as outpatient or outpatient with observation. The OIG also plans to review policies and procedures for enforcing the Two-Midnight Rule at the administrative level and contractor level. With this new initiative, hospital Compliance Officers should consider focusing on this issue as part of their 2021 work plan.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG cautions pharmaceutical and medical device companies over speaker programs

The HHS OIG published a Special Fraud Alert cautioning pharmaceutical and medical device companies against conducting speaker programs given the “inherent risks” of implicating the Anti-Kickback Statute and False Claims Act. The OIG cited numerous enforcement actions related to speaker program arrangements, as well as Sunshine Act payment records reflecting significant payments for such programs in recent years. The OIG called for companies to assess the need for re-starting in-person speaker programs that have been paused during the COVID-19 pandemic. The Fraud Alert outlines “suspect” characteristics of a speaker program that may provoke an enforcement action, including the following:

  • Selected high-prescribing persons to be speakers and rewarded them with lucrative fees.
  • There is little or no substantive information presented at the program.
  • Alcohol is available or a meal exceeding “modest value” is provided to program attendees.
  • Held speaker programs at entertainment venues not conducive to educational presentation.
  • Company sponsors many programs on the same or substantially the same topic or product, especially if there has been no recent substantive change in relevant information.
  • Programs conducted where there has been a “significant period of time” with no new medical or scientific information nor new-FDA approval of a product or indication.
  • Programs where the attendees have attended other programs on the same or substantially the same topics more than once.
  • Attendees include individuals who do not have a legitimate business reason to attend the program, such as friends, significant others, family members, practice employees, and others with no use for the information.
  • Sales representatives or marketing personnel involved in the selection of speakers or the company selects HCP speakers or attendees based on past or potential revenue generated by prescriptions (e.g., a return on investment analysis).
  • Payment to HCP speakers exceeds fair market value for the speaking service or compensation takes into account the volume of business generated by the HCPs.
  • Conditioned speaker remuneration on sales targets (e.g., required speaker HCPs to write a minimum number of prescriptions in order to receive the speaker honoraria).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: A reminder about email compliance

The HHS Office for Civil Rights (OCR) continues to report HIPPA Privacy violations involving email transmissions. With the coming New Year, it may be advisable to review electronic patient health information (ePHI) email security, which must adhere to a specific regulatory standard. The HIPAA Security Rule introduced several requirements which must be satisfied before email communications can be considered in compliance with HIPPA. HIPAA email rules require messages to be secured in transit if they contain ePHI and are sent outside a protected internal email network, beyond the firewall.

Additionally, HIPAA email rules require covered entities to implement access controls, audit controls, integrity controls, ID authentication, and transmission security in order to: (a) restrict access to PHI; (b) monitor how PHI is communicated; (c) ensure the integrity of PHI at rest; (d) ensure 10o percent message accountability; and (e) protect PHI from unauthorized access during transit. These standards extend to having a schedule for retaining, archiving, and destroying (after six years) emails containing ePHI. Furthermore, emails must be kept safe in transmissions by using encryption. Emails including PHI shouldn’t be transmitted unless the email is encrypted. If the PHI is in the body text, the message must be encrypted. The following email compliance issues should be verified:

  1. All email communications with PHI are being encrypted
  2. Emails are being monitored for compliance
  3. Data inside emails are being protected from cyberattacks
  4. Emails are being stored in an unalterable state
  5. Email retention schedules are being followed
  6. Email chain of custody standards are being followed
  7. Email access is being controlled with individual accounts and passwords
  1. Email accounts are only being used by registered users
  1. Email messages are complying with accepted professional and business practices
  2. Established log-on controlled access procedures and passwords are being followed

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.