Identifying ‘60-day rule’ overpayments during routine auditing

The need to identify, report, and return Medicare and Medicaid overpayments to CMS under the “60-day rule” and the ability to understand and prepare for the risks posed by routine auditing are essential for all medical providers. At a recent Health Care Compliance Association (HCCA) webinar, Jean Acevedo, LHRM, CPC, CHC, CENTC, Senior Consultant, Acevedo Consulting, Inc., and Lester J. Perling, Esq., CHC, partner, Broad and Cassel LLP, discussed these topics and offered their recommendations.

The 60-day rule

Section 6402(a) of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) established new section 1128J of the Social Security Act, which requires providers and suppliers who submit claims to Medicare and Medicaid to report and return “identified” overpayments to CMS within 60-days or face potential liability under the federal False Claims Act. These requirements were implemented by CMS in a February 12, 2016 Final rule (81 FR 7653) (see CMS finally codifies the 60-day Parts A and B overpayment return rule, February 12, 2016; and Comments, questions, concerns? Weighing in on the 60-day overpayment Final rule, March 2, 2016).

According to Perling, the Final rule sets forth the following parameters for understanding the 60-day overpayment requirement:

  • Definition of an “identified” overpayment. Providers are responsible for overpayments that they “know or should have known”about through the exercise of “reasonable diligence.” Providers that deliberately choose not to investigate when they are made aware of the existence of potential overpayments, would be held liable under the FCA.
  • Exercising “reasonable diligence”. Reasonable diligence requires that providers (1) implement proactive compliance activities to monitor for the receipt of overpayments; and (2) undertake investigations “in a timely manner” in response to obtaining “credible information” of a potential overpayment.
  • “Timely” defined. CMS considers a “timely” investigation to be at the most six months from receipt of the credible information, except in extraordinary circumstances.
  • When does the 60-day period begin? The 60-day period does not begin to run until the provider has had a chance to undertake follow-up activities and quantify the amount of the overpayment.
  • Lookback period. The 60-day rule applies to overpayments identified within six years after they were received.
  • Repayment options. Providers may use claims adjustment, credit balance, the HHS Office of Inspector General’s (OIG) Self-Disclosure Protocol, or other appropriate processes to report or return overpayments. Regardless of the process used, the refund should include an explanation or the statistical sampling methodology used if the overpayment was extrapolated.

Routine baseline audit

Acevedo next discussed the annual baseline audit performed as part of the organization’s compliance program. She recommended that it be done under the attorney/client and work/product privileges in order to help insulate the organization from exposure.

Physical therapy case study

Acevedo next presented an audit case study of a physical therapy department. She stressed the need for the auditor (whether in-house or an outside contractor) to examine the three critical physical therapy documents: (1) the initial evaluation and plan of treatment; (2) the treatment notes; and (3) the clinician’s progress report.

In preforming the audit, she recommended that the auditor take note of the fact that health care professionals are creatures of habit and that, for example, they will either include all necessary elements in the plan of treatment, the treatment notes, and the progress report, or not (i.e., they are usually consistently good, or consistently bad at recordkeeping). She also cautioned that while this document audit may be time consuming, and it is important that the auditor be thorough and not just review the most recent treatment notes and progress reports.

If the auditor finds that therapy documents are deficient or erroneous, Acevedo suggested that the auditor STOP and do two things: (1) consider the possibility that an overpayment situation exists and the timeline that may kick in under the 60-day rule; and (2) alert the attorney and the owner of the practice. She cautioned, however, about jumping to conclusions and leaving a paper trail of written concerns that may amount to “breadcrumbs” for a government investigator or a whistleblower to follow.

Prospective v. retrospective audits

Perling stressed that whether the audit is prospective (i.e., occurs prior to submission of a claim) or retrospective (post claim submission) it does not matter as the finding of negative result or high error rate in either would potentially activate the 60-day rule requirements.

Issues to consider when auditing

Perling suggested taking the necessary steps prior to audit to create an attorney/client privilege that will be recognized and respected by any government investigator.

Perling also discussed whether the standards the auditor is relying on are authoritative or merely guidance. Perling believes that statutes and regulations are clearly authoritative, but that “not everything CMS publishes is authoritative.” For example, while CMS Manuals and Local Coverage Determinations are binding on the Medicare contractor, they are not binding on an administrative law judge. The real question, according to Perling, is “whether the Department of Justice or a whistleblower will think a standard is authoritative.”

Final thoughts

In closing, Perling and Acevedo offered three reminders: (1) educate before auditing; (2) the routine annual audit should review current compliance with standards, not past deficiencies; and (3) audits are still required for effective compliance programs. The danger, according to Acevedo, “is putting your head in the sand.”

Kusserow on Compliance: OIG reports nearly $50M in recoveries from self-disclosures in first half of 2016

The HHS Office of Inspector General (OIG) issued its semi-annual report for the first half of fiscal year (FY) 2016 (October-March) and summarized key accomplishments. One area included in the report concerned the Provider Self-Disclosure Protocol (SDP) and the results from this program. The OIG reported during the reporting period, self-disclosure cases resulted in more than $48.1 million in HHS receivables. This is a program that the OIG has been promoting since 1998. It has published comprehensive guidelines describing the protocol for providers to voluntarily submit to OIG self-disclosures of fraud, waste, or abuse. It guides providers and suppliers through the process of structuring a disclosure to the OIG about matters that constitute potential violations of federal laws. The carrot offered to organizations and entities to self-disclose is that it gives them an opportunity to minimize the potential costs and disruption that a full-scale OIG audit or investigation might entail if fraud were uncovered. It also allows the provider to negotiate a fair monetary settlement and potentially avoid being excluded from participation in federal health care programs.

The ACA mandates timely reporting overpayments

The Patient Protection and Affordable Care Act (ACA) contains a mandate to disclose and return an overpayment within 60 days after identification or the date any corresponding cost report is due, whichever is later. Overpayment is defined under the law as any funds that a person receives or retains from Medicare or Medicaid to which the person, after any applicable reconciliation, is not entitled. This includes any Medicare or Medicaid payments received by a hospital or other provider in violation of the Stark Law or the Anti-Kickback Statute (AKS). The CMS Final rule requires Medicare Parts A and B health care providers and suppliers to report and return overpayments within 60 days it was identified. This should not be confused with the Final rule published in 2014 that addresses Medicare Parts C and D overpayments. The OIG has reported on many occasions the need for the rule to force providers to more timely report and repay overpayments. Now CMS has clarified the requirements for the reporting and returning of self-identified overpayments. It made it clear that failure to meet the standards may result in enforcement actions under the False Claims Act (FCA) liability, Civil Monetary Penalties liability, and exclusion from federal health care programs. Increasingly the DOJ is employing False Claims Act (FCA) liability for failing to meet this obligation.

Prompt and complete investigation of potential overpayment is critical

This 60-day window for repayment represents a serious problem for providers as to when overpayments have been identified. Providers have had a difficult time determining when the clock starts ticking because the word “identified” was not defined in the law. In 2012, CMS issued a Proposed rule stating that a provider has “identified” when it has “actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment,” no Final rule still has been issued. The rule remained unclear as to how to determine when the “clock” began and left interpretation by providers, until last summer when the U.S. District Court for the Southern District of New York made their decision in the case of Kane v. Healthfirst, Inc. The court ruled an overpayment must be reported, explained, and returned within 60 days after the date it was “identified,” noting the failure to timely return an overpayment constitutes a “reverse false claim.”

Those making the disclosure are expected to thoroughly investigate the nature and cause of the matters uncovered and make a reliable assessment of their economic impact. The OIG evaluates the reported results of each internal investigation to determine the appropriate course of action. Those intending to make a self disclosure should carefully read and follow all submission requirements. In 2013, the OIG posted a revised SDP that retained many of the original elements of the initial protocol, but included new notable features including requiring minimum settlement amounts of at least $50,000 for self-disclosures involving kickback-related submissions and $10,000 for all other disclosures. Importantly, the revised SDP also provides much more detail on the OIG’s review and resolution process, and the benefits providers obtain from disclosing through the SDP.

The SDP has evolved into well-established process that has resulted in more than 1,000 disclosures being resolved with recoveries approaching a half billion dollars. The new requirements for overpayment return, along with increasing enforcement, are making self- disclosure a critical tool for providers and their compliance officers. All of this activity is driving more and more providers to self disclose, so the new trend for increased recoveries from this process is likely to continue, and actually accelerate over the coming year. Even an organization with an “effective” compliance program may find that it has received an overpayment. Recent cases and settlements are making it clear that returning any overpayment received is essential, and self- disclosure is often the best (and sometimes only) way to accomplish this.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.

Rhode Island overpaid Medicaid MCOs but hasn’t brought payments home

Rhode Island overpaid managed care organizations (MCOs) $208 million under the state’s Medicaid expansion program in fiscal year (FY) 2015. The overpayments resulted from the fact that the state overestimated the volume of services that the state’s 60,000 new Medicaid enrollees would use, according to a report from the Rhode Island Office of the Auditor General.

Capitation rates

In FY 2015, capitation rates designed to cover medical care costs for each new enrollee determined the payments that Rhode Island made to two MCOs, Neighborhood Health Plan of Rhode Island and UnitedHealthcare. When enrollees did not use the expected level of services, the insurers were left with $208 in overpayments. As a result of incentives clauses in the contracts between the state and the MCOs, the MCOs were able to retain some of the overpayments. The gain sharing provisions were intended to reward the MCOs for cost efficiencies attained through enhanced case management, preventive care, and enhanced coordination of services. However, the significant amount due to the state was a result of overestimated capitation rates, not efficiencies.

Repayment

According to the Auditor General, as of June 20, 2015, approximately $133 million of the overpayment amount remained due to the state. State officials expect to collect most of the remaining overpayments by June and the rest by the end of 2016. Rhode Island’s slow attempts to recoup the payments raised concerns that it did not act fast enough. However, the state did take steps to cut rates. In 2014, it cut capitation rates 15 percent and, in 2015, by 17 percent. Additionally, when UnitedHealthcare resisted the state’s attempts to recoup payments, the MCO’s contract was revised to allow the state to recover overpayments mid-year if the payments exceeded claims by at least 30 percent.