Revised Common Rule strengthened human-subject protections, simplified IRB oversight simplified

In January 2017, the regulations for ethical conduct of human research, known as the Federal Policy for the Protection of Human Subjects and referred to as the Common Rule, were updated to better protect human subjects involved in research, while facilitating valuable research and reducing burden, delay, and ambiguity for investigators (82 FR 7149, January 19, 2017). In addition, the revisions modernize and simplify the current system of independent review board (IRB) oversight. The changes to the Common Rule, which was originally adopted in 1991, become effective January 19, 2018. At a Health Care Compliance Association (HCCA) webinar, Laura Odwazny, Senior Attorney, HHS Office of the General Counsel, provided the background of, and insight into, the main changes made to the Common Rule.

The Common Rule

The Common Rule, which currently applies to 18 federal departments and agencies, outlines the basic provisions for prior approval of human subjects research by IRBs, informed consent of participants, and institutional assurances of compliance with the regulations. Some agencies have adopted regulatory protections for human subjects in addition to the Common Rule.

Organizations whose researchers receive federal funding to conduct human research must have a Federalwide Assurance (FWA), a written commitment to comply with federal regulations related to human research protections, on file with the OHRP. According to Odwazny, under the current regulations, if a research institution voluntarily extends FWA to all research regardless of the funding source, OHRP can extend its oversight of activities of privately funded research; however the preamble of the Final rule includes a plan to eliminate the voluntary extension of the FWA.

Major changes

Odwazny identified three major rules that were adopted in the Final rule: (1) single-IRB review for multi-institutional research in the U.S.; (2) extended compliance oversight jurisdiction to independent IRBs; and (3) improved informed consent, as well as allowing broad consent for unspecified future research use of already collected information and biospecimens.

The following areas were specifically addressed:

  • consent forms;
  • carve outs;
  • definitions of identifiable private information (IPI) and identifiable biospecimens;
  • concepts of broad consent;
  • limited IRB review; and
  • exemptions for secondary use research of IPI or identifiable biospecimens.

Streamlining IRB oversight

Odwazny explained that under the revised Common Rule, agencies have the authority to enforce compliance directly against IRBs not operated under the Federalwide Assurance. Under this change, compliance actions can be directed against an independent IRB responsible for regulatory noncompliance rather than against the institution working with the independent IRB. In addition, U.S. institutions engaged in cooperative research, which involves more than one institution, must rely on a single IRB approval for the portion of research conducted in the U.S. (the effective date for this provision is January 20, 2020). The single IRB must be identified by the federal department or agency supporting or conducting the research or by the lead institution subject to the acceptance of the federal department or agency supporting the research. The Final rule also provided exceptions to the mandated single IRB review, exceptions for continuing review, and changes to IRB recordkeeping requiring documentation related to these new exceptions.

How to avoid coding pitfalls for ambulatory services billing

Ambulatory services documentation offers compliance challenges as complex as inpatient services documentation that providers need to be aware of to avoid potential compliance risks while documenting for billing. Ellis Knight, M.D., Senior Vice President/Chief Medical Officer, of the Coker Group, focused on ambulatory coding in an HCCA webinar titled “Clinical Documentation for Compliant Coding—It’s No Longer Just an Inpatient Issue.”

Clinical documentation improvement

Knight noted that coders “speak” a different language than clinicians and therefore clinical documentation improvement (CDI) has been mainly a translational process. Specifically in relation to medical diagnoses, translating what a clinician may write down in the clinical note versus how the coder interprets the clinical note for billing purposes. Historically the focus has been on inpatient documentation, especially documentation to justify diagnostic related group (DRG) assignment and capture of major complications and co-morbidities (MCCs) and complications and co-morbidities (CCs). As a result, the “problem” is that reimbursement occurs with parties arriving at the same diagnosis with different billing codes.

Ambulatory documentation

As such, ambulatory documentation is equally as complex as the inpatient documentation arena, involving thousands of codes. A major complicating factor is that time-frame and volume of patient encounters makes ambulatory CDI a much different work process than inpatient CDI. Knight noted that among the many compliance risks associated with ambulatory CDI, documentation must support: (1) medical necessity of services rendered (CPT codes); (2) specific services and level of care provided to the patient (CPT and HCPCS codes); (3) diagnoses (ICD-10); (4) severity of illness and clinical complexity (HCCs); and (5) quality of care rendered (HEDIS).

For medical necessity, the clinical documentation must justify the ordering of tests, performance of procedures, referrals to specialists or consultants, prescribing of medications and other activities which payers must cover. It must document services and level of services performed, as errors leave practitioners at risk for overbilling the carrier which could result in treble damages under the False Claims Act. Moreover, Knight stressed that it is not enough to just document. HCCs must be documented on an annual basis and addressed, i.e., monitored, evaluated, assessed or treated, in order to be captured. In regards to quality of care, the clinical documentation must include provision of certain quality of care measures, e.g., immunizations, tobacco use, smoking cessation counseling, BMI measurement, obesity counseling, preventive care (colonoscopy, mammography).

Know the auditors and audit process, you’ll be audited someday

Providers and suppliers will be audited by CMS at some point, so it is important to understand the various types of audits and the appeals process, according the presenter of a Health Care Compliance Association (HCCA) webinar titled “Medicare Audits & Audit Appeals—From A to Z(PIC).” Scott R. Grubman, Esq., of Chilivis Cochran Larkins & Beyer LLP, focused his discussion on recovery audit contractors (RACs) and zone program integrity contractors (ZPICs) and the various steps of the audit appeals process, from the initial determination to judicial review.

RACs

Charged with “identifying and correcting improper payments through detection and collection of overpayments,” the RAC program started as a demonstration project and completed its first audits in 2011-2013. As new RAC contracts were awarded in October 2016, RAC audits will continue into the future. RACs are paid a contingency fee (somewhere between 7 and 17 percent of the recovery), but only when a favorable reconsideration is made, so they have a financial incentive to find and recover overpayments. According to Grubman, RACs “may not work on the side of fairness for providers.” But RACs are limited in the number of claims they can audit per provider per year and must maintain a 95 percent accuracy rate and an overturn rate of less than 10 percent. RAC audits, as well as MAC audits, are desk reviews, contrary to ZPIC audits.

ZPICs

Grubman warns to be careful when going through a ZPIC audit. ZPICs are tasked, for example, to investigate potential fraud and abuse and to refer parties for CMS administrative actions or for law enforcement; conduct investigations (not just as desk audits, but through interviews and onsite visits, too) and data analysis under the CMS Fraud Prevention System; and to identify the need for administrative actions such as payment suspensions. While RACs typically look at unintentional overpayments, ZPICs respond to intentional overpayments.

Audit process

Whatever the auditor that reviews the claim, an initial determination is first made as to whether the item and services are covered and the amount payable. The auditor then notifies the provider/supplier of the decision following specific notice requirements. A provider or supplier may appeal that decision, following this chronology:

1. Redetermination. A request for a redetermination must be filed within 120 calendar days from receipt of the initial determination, and within 30 calendar days to avoid CMS starting to recoup the overpayment. (Grubman suggests starting the count on the date listed on the determination, not receipt, to avoid running into any issues.) The redetermination involves an “independent review” performed by the same contractor (but a different individual). New issues may be raised by the contractor during redetermination, but a redetermination must be issued within 60 days from receipt of request.
2. Reconsideration. Within 180 days of the redetermination (or within 60 days to avoid recoupment), a party may file a request for reconsideration, which is an independent review of the evidence and findings conducted by a qualified independent contractor (QIC). QICs are bound by national coverage determinations (NCDs), CMS rulings, precedential Medicare Council decisions, and applicable laws and regulations. (Local coverage determinations (LCDs) and CMS program guidance is not binding but given substantial deference.) A QIC has 60 days to issue its reconsideration, and if the deadline isn’t met, the appellant can escalate to the next level of appeal.
3. Administrative law judge (ALJ). If the amount at issue exceeds $160, a request for an ALJ decision may be filed within 60 days of the reconsideration (recoupment cannot be avoided). A hearing is typically held either in person, video conference, or telephone, and parties may submit evidence and/or present witnesses. An ALJ decision is a de novo review and ALJs have wide discretion over the hearing. ALJs are bound by the same NCDs and laws and regulations and must give deference to non-binding authority as with reconsiderations. An ALJ must issue a decision within 90 days, however, there exists an immense backlog in issuing decisions, which has even become the subject of a legal challenge (see Court sets a timeline for Medicare claims backlog, December 6, 2016).
4. Medicare Appeals Council. Within 60 calendar days of the ALJ’s decision, a review by the Medicare Appeals Council may be requested. The Council’s review is limited to those issues the appellant claims to disagree with. Briefs are filed by the parties but no new evidence is provided. Typically a decision is made with no oral arguments and must be made within 90 calendar days.
5. Judicial review: Within 60 calendar days of receipt of the Council’s decision, a suit may be filed in the district court where the provider/supplier resides or has its principal place of business, with the Secretary of HHS named as defendant.

Hospital compliance programs need to integrate explanted device policy

Medicare requires that explanted medical devices—implantable devices that are removed due to recall, advisory, malfunction, failure, or early battery depletion—must be pursued by the provider as for free replacement or reduced charges under warranty. The failure to do so results in an overpayment for the provider or hospital, which must then be repaid to CMS. In a Health Care Compliance Association (HCCA) webinar, Jesse Schafer, Explant Control Manager, Mayo Clinic, and Peter Casady, CEO and Co-Founder, Champion Healthcare Technologies discussed best practices for medical device warranty credit failures and related HHS Office of Inspector General (OIG) audits.

Since 2010, the OIG has conducted six audits specifically for credit failures on medical device warranties, and found overpayments ranging between $30,000 and $300,000. In these cases, the warranty credit failures occurred because the hospitals:

  • did not pursue available credits;
  • did not report credits received;
  • did not have adequate internal control procedures to coordinate functions among various departments; or
  • relied upon the vendor to manage the device return and credit process (and gaps resulted).

Schafer recommended a workflow among various departments, including compliance, coding, clinical, pathology, supply chain / contracting logistics, accounts receivable, and patient financial services. Hospitals should (1) identify explanted devices that are eligible for warranty credits due to performance issues; (2) secure eligible explanted devices; (3) make sure the devices were returned to the vendor for warranty claims; (4) follow up on warranty claims to confirm approval; (5) make sure the provider then received credit or a no-charge replacement; and (6) adjust claims for credits that are greater or equal to 50 percent.