Equities rest with agency in administrative enforcement actions

Administrative enforcement is quicker than an investigation but still “deadly” for the provider or supplier, concluded Judith Waltz, partner at Foley & Lardner LLP, at the American Health Lawyers Association’s 2017 Institute on Medicare and Medicaid Payment Issues. “Administrative enforcement” means the tools available to HHS, CMS, and the HHS Office of Inspector General (OIG) without or with limited formal involvement of the Department of Justice, including civil money penalties (CMPs), payment suspensions, and billing privilege or enrollment denials and revocations. In administrative enforcement actions, the equities and more discretion may rest with the agency, and a lesser burden of persuasion applies for the agency to prove its case.

Exclusion regulations

In December 2016 the OIG revised its exclusion regulations (see 81 FR 88334) in part to implement the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148). Waltz explained that the Final rule did the following: (1) expanded its permissive exclusion authority for convictions related to obstruction of an investigation to include audits; (2) added permissive exclusion authority for making false statements, omissions, or misrepresentations in enrollment applications; (3) added early reinstatement for loss of license in a different state; and (4) added a 10-year look-back period for exclusions.

Inflation

Waltz noted that CMPs are being updated annually for inflation pursuant to a final rule issue in December 2016 (see 45 C.F.R. Part 102). For example, a CMP for failing to grant timely access is up to $15,000 per day, $16,312 after inflation, and the CMP for false statements, omissions, or misrepresentations in enrollment or similar documents is up to $50,000 per false statement, $54,732 after inflation. Waltz said, “After inflation, numbers are unbelievable.”

CIAs contain lessons for compliance professionals & board members

The typical obligations contained in a corporate integrity agreement (CIA) overseen by the HHS Office of Inspector General (OIG) can be implemented by compliance programs to drive accountability and improve effectiveness. In a webinar titled Compliance Accountability: Lessons Learned from Implementing Corporate Integrity Agreements, Tom Herrmann, JD, and Carrie Kusserow, MA, CHC, CHPC, CCEP, both of Strategic Management Services, LLC, provided an overview of the standard obligations in a CIA, including recent changes, and provided tips to listeners on how to effective oversight and organizational controls for health care organizations.

CIAs are typically included as part of a “global settlement” of criminal, civil, and administrative charges against a health care provider or entity. The CIA, which usually lasts for five years, allows the provider to remain a participant in federal health care programs in exchange for compliance responsibilities. These responsibilities include oversight by the compliance officer, executive-level compliance committee, and board, but also written guidance, mandatory trainings, screening for excluded providers, and regular reports to the OIG. Recently, the OIG has made some changes to CIA obligations, including requirements for management including certifications, minutes from executive-level compliance committee meetings, and obligations for the board.

To avoid entering into a CIA, or to survive one that has already been implemented, organizations should have a compliance officer who is a member of senior management. The compliance officer should report to the CEO, and is neither responsible for serving as legal counsel, nor subordinate to general counsel or the CFO. The compliance officer should chair the executive-level compliance committee, which should include senior management from relevant departments, and meet at least quarterly. Certain senior executives, including the CEO, COO, CFO, and CMO have obligations to monitor and oversee activities within their areas of authority. Lastly, the board of directors, made up of independent, non-executive board members, should be specifically trained on corporate governance and its responsibilities for compliance program oversight.

All compliance programs should have updated written policies and procedures, a disclosure mechanism like a hotline, provide annual training, and should include compliance as an element of performance review for all employees.

Florida hospital improperly billed Medicare almost $300,000 over two years

For over two years, University of Florida Health Jacksonville did not comply with Medicare billing requirements, due to inadequate billing controls. The noncompliance resulted in overpayments of at least $273,000, according to an audit by the HHS Office of the Inspector General (OIG).

Claims

The 695-bed not-for-profit hospital submitted 11,134 inpatient claims during the audit period (January 2013 through September 2014). Medicare paid the hospital $167 million on those claims. The OIG audit evaluated 1,305 inpatient claims that were potentially at risk for billing errors. From those claims, the OIG selected a random sample of 154 paid claims, totaling $1,964,826. Although the OIG determined that the hospital complied with billing requirements for the majority of the claims (133), the audit revealed that the hospital failed to comply with Medicare billing requirements for 21 claims, resulting in a net overpayment of $63,881 for the audit period. Based upon the sample, the OIG extrapolated that the hospital improperly received overpayments of at least $273,346 between January 2013 and September 2014.

Errors

For 19 of the 154 claims, the hospital billed incorrect diagnosis-related group (DRG) codes. For example, in one case, the hospital submitted a claim with a secondary diagnosis code 599.0 (urinary tract infection), despite the fact that the patient’s medical record indicated the patient had no signs or symptoms of a urinary tract infection. In other words, the hospital had no basis to assign code 599.0. The hospital attributed the billing mistakes to human error. The noncompliance related to the DRG codes accounted for the vast majority of the errors and led to net overpayments of $47,165.

When a patient is discharged from an acute care hospital and readmitted to the same hospital on the same day for symptoms related to the prior stay, the hospital is required to combine the original and subsequent stay into a single claim. The OIG determined that for 2 of the 154 audited claims, the hospital incorrectly billed Medicare for related discharges and readmissions that occurred on the same day. The hospital attributed the improper billing to human error.

Recommendations

The OIG recommended that the hospital:

  • refund the estimated $273,346 in overpayments to the Medicare program;
  • identify and return similar overpayments; and
  • strengthen billing and coding controls to ensure future compliance.

 

Objections

The hospital objected to the findings regarding 11 of 21 inpatient claims. Additionally, although the hospital acknowledged that human error contributed to the 10 other errors, there was “no evidence to support systemic coding or billing concerns.” The hospital also challenged the OIG’s authority to extrapolate a payment error rate.

 

 

Kusserow on Compliance: OIG identifies the top HHS challenges

The HHS Office of Inspector General (OIG), in its mid-year review of its work plan, included a summary of the Top Management Challenges (TMCs) facing HHS, along with associated recommendations for improvement. Some of the recommendations reflect persistent and concerning vulnerabilities that the OIG has highlighted for HHS over many years, while others forecast new and emerging issues for the upcoming year and beyond. The current TMCs are identified as follows:

  1. Protecting an expanding Medicaid program from fraud, waste, and abuse. Enrollment in Medicaid and Children’s Health Insurance Program (CHIP) programs has grown by 15 million people since October 2013, and the program remains a top management priority given long-standing program integrity issues and expanding eligibility. CMS needs to provide more oversight of Medicaid expansion, oversight of Medicaid managed care, improving the effectiveness of Medicaid data and systems, state policies that inflate federal costs, and ensuring quality care for Medicaid beneficiaries.
  1. Fighting fraud, waste, and abuse in Medicare Parts A and B. HHS must find ways to reduce wasteful spending and promote better health outcomes at lower costs in reducing improper payments, preventing and deterring fraud, and fostering economical payment policies. More effort is needed to better ensure that Medicare payments are accurate and appropriate, through (a) better identification of problems; (b) more timely recovery of overpayments; and (c) implementing better safeguards to prevent recurrence of problems. In that CMS relies on contractors for most of these crucial functions, the agency must ensure more effective on their part. The Medicare appeals system remains broken and needs fundamental changes to resolve appeals efficiently, effectively, and fairly.
  1. Meaningful and secure exchange and use of electronic information and health information. Technology, including electronic health records (EHRs), offers opportunities for improved patient care, more efficient practice management, and improved overall public health. HHS needs to find ways to measure the extent to which EHRs and other health information technologies (ITs) improve, and ensure that adopted policies advance towards this. HHS faces challenges safeguarding privacy and security of health IT, improving information flow, and ensuring a return on health IT investments. Threats to information privacy and security are evolving. Although progress was noted, more remains to be done to address health IT privacy and security issues, as well as the flow of information.
  1. Administration of grants, contracts, and financial and administrative management systems. HHS is the largest grant-making organization in the federal government, with over $402 billion awarded in FY 2014. The scale of this program can be understood by comparing it with the entire Department of Defense budget of $529 billion for the same period. Increased oversight is need for better grants and contract management, financial statement audit revelations of defective system controls, and improper payments. More can be done to identify poorly performing grantees and those at risk of misspending federal dollars.
  1. Ensuring appropriate use of prescription drugs. The prescription drug coverage is provided for 41 million Medicare Part D and another 71 million Medicaid beneficiaries. Part D is the fastest-growing component of the Medicare program. Management of these drug programs faces numerous challenges in oversight, drug abuse and diversion, and questionable, inappropriate utilization, and enrolling prescribers. Among actions needed include requiring sponsors to report probable fraud, waste, and abuse identified and corresponding actions.
  1. Ensuring quality in nursing home, hospice, and home- and community-based care. Fraud, waste, and abuse with nursing home, hospice, and home- and community-based care continues to be a serious problem. More needs to be done in improving internal controls and better guidance and training for surveyors to ensure that nursing homes with recorded quality and safety issues correct their deficiencies.
  1. Implementing, operating, and overseeing the health insurance marketplaces. The marketplaces are critical elements of the Patient Protection and Affordable Care Act (ACA). Initially the challenges centered on implementation, operation, and oversight of the marketplaces. Looking forward, the OIG anticipates challenges with payments, eligibility determinations, management and administration, and the security of the marketplaces; and calls upon CMS to strengthen marketplace operations and work with states to ensure compliance with federal requirements.
  1. Reforming delivery and payment in health care programs. In January 2015, the HHS Secretary announced goals to foster better care, smarter spending, and healthier people by tying traditional Medicare payments to alternative payment models (APMs), and to quality and value. CMS must establish policy, infrastructure, data systems, program integrity, and oversight mechanisms to successfully implement these and other changes. CMS must also strengthen Medicare Advantage to ensure that benefits are provided only to eligible beneficiaries and that data are available for fraud prevention and detection.
  1. Effectively operating public health and human services programs. HHS must focus on public health preparedness and emergency response, enabling access to and quality of services, and protecting vulnerable populations. Continued collaboration of federal, state, and communities is necessary for proper disaster response.
  1. Ensuring the safety of food, drugs, and medical devices. The FDA must address areas of particular high risk, including: compounded drugs, imported food and drugs, food facilities, off-label promotion and kickbacks, and dietary supplements.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.