Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Health Law Hot Topics Webinar Series

Please Join Us

Complimentary 3-Part CLE-Approved Health Law Webinar Series

May 3, 10, and 17

In partnership with Goodwin Law, Wolters Kluwer is offering a three-part webinar series focusing on issues of high impact on health law today.

 

CLE credits are only offered for live attendance and are complimentary.

 

Session 1

Title: Healthcare Law for Digital Health, Telemedicine, and Health IT Companies

Date: Thursday, May 3, 2018

Time: 1:00 PM Eastern Daylight Time

Duration: 1 hour

Register for Session One: Healthcare Law for Digital Health, Telemedicine, and Health IT Companies

 

Session 2

Title: FDA Regulation of Digital Health and Health IT

Date: Thursday, May 10, 2018

Time: 1:00 PM Eastern Daylight Time

Duration: 1 hour

Register for Session Two: FDA Regulation of Digital Health and Health IT

 

Session 3

Title: Data Privacy and Security for Digital Health and Health IT

Date: May 17, 2018

Time: 1:00 PM Eastern Daylight Time

Duration: 1 hour

Register for Session Three: Data Privacy and Security for Digital Health and Health IT

 

FEATURED PRESENTER:

Roger A. Cohen is a partner in Goodwin’s nationally recognized Life Sciences Practice.
He counsels healthcare services, life sciences, and healthcare IT clients concerning compliance with the myriad laws and regulations governing the delivery of healthcare services such as the Anti-Kickback Statute, the Physician Self-Referral Law (the Stark Law), the False Claims Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Medicare and Medicaid rules and regulations, and laws governing reimbursement, licensure, and certification.

MODERATOR:

Kathryn Beard is the Associate Managing Editor in the Health Law editorial team of Wolters Kluwer Legal & Regulatory U.S.
Her areas of expertise include the Affordable Care Act, health care reform, Medicaid expansion, social media, and the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), including the merit-based incentive payment system (MIPS), advanced alternative payment models (APMs), and the Quality Payment Program (QPP).

 

Wolters Kluwer Legal & Regulatory U.S. is pleased to partner with Above the Law for CLE accreditation.*  Upon the conclusion of each webinar an informal certificate of completion will be issued by Wolters Kluwer Legal & Regulatory U.S. Attendees will also receive an official certificate via email from Above the Law’s third party CLE provider, Marino Law. 

*CLE available for NY, NJ and CA. A Uniform Certificate of Attendance for CLE credit will be issued for all other states.

House committee gives its approval to Medicare Advantage telehealth bill

A bill—The Increasing Telehealth Access in Medicare (ITAM)—aimed at improving access to Medicare Advantage telehealth services received approval from the House Ways and Means Committee on September 13, 2017. The unanimous approval came alongside the committee’s unanimous passage of a bill (H.R. 3726) to simply physician self-referral prohibitions and a bill (H.R. 3729) to continue Medicare add-on payments for ambulance services.

ITAM

The bipartisan bill, Increasing Telehealth Access in Medicare (ITAM) (H.R. 3727), introduced by Representatives Diane Black (R-Tenn) and Mike Thompson (D-Calif), seeks to encourage the use of telehealth by making it a basic benefit—rather than a supplemental service—for Medicare Advantage beneficiaries. Although critics of telehealth warn that the service presents a risk of overutilization in a fee-for-service reimbursement model, proponents of the new ITAM bill note that by pairing telehealth with Medicare advantage, that concern is “flipped on its head.”

Telehealth

A related bill, in the Senate, known as the Furthering Access to Stroke Telemedicine Act (S. 431), would permit any site exclusively administering acute care stroke treatment to be included in the list of eligible Medicare sites for telemedicine services, without regard for the site’s geographic location. In May of 2017, the Senate Finance Committee unanimously passed the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act (S. 870), a bill designed to expand telehealth access for Medicare beneficiaries with chronic conditions while increasing the incentives for accountable care organizations (ACOs) to provide those services.

Health technology oversight growing more complicated as innovation continues

As health information technology (HIT) evolves and the industry increasingly relies on it, the field represents a niche opportunity for young lawyers. At the American Health Lawyers Association (AHLA) Fundamentals of Health Law conference, presenters Ryann Schneider and Sidney Welch emphasized the necessity of understanding both the technology and regulations as well as maintaining close oversight of vendors. This area presents many pitfalls and compliance is difficult, but essential.

Innovations

At the close of the third quarter of 2016, $6.5 billion in digital health deals were recorded. Clinical operations are finding more uses for technology, as providers use telehealth for specialty consults, chronic care management, monitoring, and diagnosis while patients continue to rely on personal health applications and wearables. These innovations require continued development of oversight strategies.

Statutes and regulations

One challenge for compliance is understanding the changing (and conflicting) rules surrounding telemedicine. CMS has issued and updated telemedicine regulations for Medicare, while Medicaid reimbursement differs between the states. States have also implemented various non-payment laws, such as the definitions of a valid telemedicine encounter and requiring a full license to practice medicine in the state in which the patient is located. There are also intellectual property considerations, as well as dealing with a long list of regulatory agencies from the HHS Office of Inspector General (OIG) and the Department of Justice (DOJ) to the Federal Trade Commission (FTC) and Internal Revenue Service (IRS).

Vendors

When health care entities hire technology vendors, each side has a different level of understanding and priorities. Health care customers are particularly sensitive to safety, outcome commitments, and security than other technology customers, and often overestimate the time and resources required for projects. Vendors are experts on their technology, and have a better idea of the partnership required to successfully implement sophisticated projects.

The speakers noted that counsel does not have to understand the nuts and bolts of the technology, but emphasized the need for a team comprised of both business and tech experts to ensure that all bases are covered. Additionally, if in-house counsel focuses on regulatory understanding, outside technology or intellectual property (IP) counsel can supplement with specialized expertise.