What compliance professionals should know about auditing physician compensation arrangements

In an environment of increasing integration and financial relationships with physicians; a rigid and technical regulatory framework; aggressive government enforcement; and disproportionate penalties and enterprise risk under the Stark Law (42 U.S.C §1395nn), it is incumbent for health care organizations to have an audit plan and process for physician compensation arrangements to ensure such arrangements comply with Stark law requirements. In a webinar presented by the Health Care Compliance Association (HCCA), Curtis H. Bernstein, Principal, Pinnacle Healthcare Consulting and Joseph N. Wolfe (Hall, Render, Killian, Heath & Lyman, P.C.) provided insight into considerations for managing risks, an overview of the Stark Law and its exceptions, and tips for planning an audit and the audit process.

Managing the risk

Wolfe stressed the importance of ensuring that compensation arrangements with referring physicians are defensible. When it comes to compensation arrangements, organizations should ask, “How will the organization defend itself?” Wolfe recommended that the organization focus on the Stark Law’s technical requirements, which were updated in 2016, and the three tenets of defensibility: (1) fair market value, (2) commercial reasonableness, and (3) not taking into account the value or volume of referrals. Wolfe emphasized the need for health care providers that enter into physician arrangements to ensure that individuals involved in the process have an in depth understanding the Stark regulations and the exceptions

The plan and the process

Bernstein explained that the scope of the audit depends on the size and complexity of the company, prior experience with the process under audit, recent changes in the company or company’s operations, and previously recognized deficiencies, as well as circumstances that may arise during the audit. The audit process involves several steps.

  • A list of currently executed physician contracts must be compiled.
  • Compliance personnel must interview individuals commonly involved in physician relationships. The individuals conducting the audit should understand interview processes, including strategy, documentation, approval, and selection of interviewees.
  • The interviews must be reconciled to currently executed physician contracts. Common issues arising in reconciliation include the use of space, office equipment, and other items by physicians for professional or personal use, and payment for services not provided.
  • Time sheets or other attestation forms must be reviewed for completeness and accuracy.
  • Fair market value and commercial reasonableness must be documented for each agreement. Consider:
    • Who is providing the service?
    • Why are the services required?
    • When are the services performed?
    • How are the services provided?
  • All other terms of agreement and necessary steps must be performed in executing agreements and verified.

Bernstein noted that other items to consider during the process include the compensation structure, the length of a fair market value opinion versus the length of the contract, whether the compensation was set in advance, if the agreements were executed, and whether the agreements expired.

The compliance component

While the basic elements of an effective compliance program apply to physician arrangements, Wolfe explained that as compliance applies specifically to physician arrangements, it should be compensation focused and documentation and governance should support defensibility. He recommended that organizations adopt a compensation philosophy, have a written compensation plan, establish parameters for monitoring compensation, and form a compensation committee. In addition, organizations should (1) ensure that policies align with the new Stark technical requirements; (2) establish a consistent process for obtaining third party valuation opinions; and (3) periodically audit physician compensation arrangements. Finally, organizations should continue to monitor the enforcement climate.

Revised Common Rule strengthened human-subject protections, simplified IRB oversight simplified

In January 2017, the regulations for ethical conduct of human research, known as the Federal Policy for the Protection of Human Subjects and referred to as the Common Rule, were updated to better protect human subjects involved in research, while facilitating valuable research and reducing burden, delay, and ambiguity for investigators (82 FR 7149, January 19, 2017). In addition, the revisions modernize and simplify the current system of independent review board (IRB) oversight. The changes to the Common Rule, which was originally adopted in 1991, become effective January 19, 2018. At a Health Care Compliance Association (HCCA) webinar, Laura Odwazny, Senior Attorney, HHS Office of the General Counsel, provided the background of, and insight into, the main changes made to the Common Rule.

The Common Rule

The Common Rule, which currently applies to 18 federal departments and agencies, outlines the basic provisions for prior approval of human subjects research by IRBs, informed consent of participants, and institutional assurances of compliance with the regulations. Some agencies have adopted regulatory protections for human subjects in addition to the Common Rule.

Organizations whose researchers receive federal funding to conduct human research must have a Federalwide Assurance (FWA), a written commitment to comply with federal regulations related to human research protections, on file with the OHRP. According to Odwazny, under the current regulations, if a research institution voluntarily extends FWA to all research regardless of the funding source, OHRP can extend its oversight of activities of privately funded research; however the preamble of the Final rule includes a plan to eliminate the voluntary extension of the FWA.

Major changes

Odwazny identified three major rules that were adopted in the Final rule: (1) single-IRB review for multi-institutional research in the U.S.; (2) extended compliance oversight jurisdiction to independent IRBs; and (3) improved informed consent, as well as allowing broad consent for unspecified future research use of already collected information and biospecimens.

The following areas were specifically addressed:

  • consent forms;
  • carve outs;
  • definitions of identifiable private information (IPI) and identifiable biospecimens;
  • concepts of broad consent;
  • limited IRB review; and
  • exemptions for secondary use research of IPI or identifiable biospecimens.

Streamlining IRB oversight

Odwazny explained that under the revised Common Rule, agencies have the authority to enforce compliance directly against IRBs not operated under the Federalwide Assurance. Under this change, compliance actions can be directed against an independent IRB responsible for regulatory noncompliance rather than against the institution working with the independent IRB. In addition, U.S. institutions engaged in cooperative research, which involves more than one institution, must rely on a single IRB approval for the portion of research conducted in the U.S. (the effective date for this provision is January 20, 2020). The single IRB must be identified by the federal department or agency supporting or conducting the research or by the lead institution subject to the acceptance of the federal department or agency supporting the research. The Final rule also provided exceptions to the mandated single IRB review, exceptions for continuing review, and changes to IRB recordkeeping requiring documentation related to these new exceptions.

How to avoid coding pitfalls for ambulatory services billing

Ambulatory services documentation offers compliance challenges as complex as inpatient services documentation that providers need to be aware of to avoid potential compliance risks while documenting for billing. Ellis Knight, M.D., Senior Vice President/Chief Medical Officer, of the Coker Group, focused on ambulatory coding in an HCCA webinar titled “Clinical Documentation for Compliant Coding—It’s No Longer Just an Inpatient Issue.”

Clinical documentation improvement

Knight noted that coders “speak” a different language than clinicians and therefore clinical documentation improvement (CDI) has been mainly a translational process. Specifically in relation to medical diagnoses, translating what a clinician may write down in the clinical note versus how the coder interprets the clinical note for billing purposes. Historically the focus has been on inpatient documentation, especially documentation to justify diagnostic related group (DRG) assignment and capture of major complications and co-morbidities (MCCs) and complications and co-morbidities (CCs). As a result, the “problem” is that reimbursement occurs with parties arriving at the same diagnosis with different billing codes.

Ambulatory documentation

As such, ambulatory documentation is equally as complex as the inpatient documentation arena, involving thousands of codes. A major complicating factor is that time-frame and volume of patient encounters makes ambulatory CDI a much different work process than inpatient CDI. Knight noted that among the many compliance risks associated with ambulatory CDI, documentation must support: (1) medical necessity of services rendered (CPT codes); (2) specific services and level of care provided to the patient (CPT and HCPCS codes); (3) diagnoses (ICD-10); (4) severity of illness and clinical complexity (HCCs); and (5) quality of care rendered (HEDIS).

For medical necessity, the clinical documentation must justify the ordering of tests, performance of procedures, referrals to specialists or consultants, prescribing of medications and other activities which payers must cover. It must document services and level of services performed, as errors leave practitioners at risk for overbilling the carrier which could result in treble damages under the False Claims Act. Moreover, Knight stressed that it is not enough to just document. HCCs must be documented on an annual basis and addressed, i.e., monitored, evaluated, assessed or treated, in order to be captured. In regards to quality of care, the clinical documentation must include provision of certain quality of care measures, e.g., immunizations, tobacco use, smoking cessation counseling, BMI measurement, obesity counseling, preventive care (colonoscopy, mammography).

Know the auditors and audit process, you’ll be audited someday

Providers and suppliers will be audited by CMS at some point, so it is important to understand the various types of audits and the appeals process, according the presenter of a Health Care Compliance Association (HCCA) webinar titled “Medicare Audits & Audit Appeals—From A to Z(PIC).” Scott R. Grubman, Esq., of Chilivis Cochran Larkins & Beyer LLP, focused his discussion on recovery audit contractors (RACs) and zone program integrity contractors (ZPICs) and the various steps of the audit appeals process, from the initial determination to judicial review.

RACs

Charged with “identifying and correcting improper payments through detection and collection of overpayments,” the RAC program started as a demonstration project and completed its first audits in 2011-2013. As new RAC contracts were awarded in October 2016, RAC audits will continue into the future. RACs are paid a contingency fee (somewhere between 7 and 17 percent of the recovery), but only when a favorable reconsideration is made, so they have a financial incentive to find and recover overpayments. According to Grubman, RACs “may not work on the side of fairness for providers.” But RACs are limited in the number of claims they can audit per provider per year and must maintain a 95 percent accuracy rate and an overturn rate of less than 10 percent. RAC audits, as well as MAC audits, are desk reviews, contrary to ZPIC audits.

ZPICs

Grubman warns to be careful when going through a ZPIC audit. ZPICs are tasked, for example, to investigate potential fraud and abuse and to refer parties for CMS administrative actions or for law enforcement; conduct investigations (not just as desk audits, but through interviews and onsite visits, too) and data analysis under the CMS Fraud Prevention System; and to identify the need for administrative actions such as payment suspensions. While RACs typically look at unintentional overpayments, ZPICs respond to intentional overpayments.

Audit process

Whatever the auditor that reviews the claim, an initial determination is first made as to whether the item and services are covered and the amount payable. The auditor then notifies the provider/supplier of the decision following specific notice requirements. A provider or supplier may appeal that decision, following this chronology:

1. Redetermination. A request for a redetermination must be filed within 120 calendar days from receipt of the initial determination, and within 30 calendar days to avoid CMS starting to recoup the overpayment. (Grubman suggests starting the count on the date listed on the determination, not receipt, to avoid running into any issues.) The redetermination involves an “independent review” performed by the same contractor (but a different individual). New issues may be raised by the contractor during redetermination, but a redetermination must be issued within 60 days from receipt of request.
2. Reconsideration. Within 180 days of the redetermination (or within 60 days to avoid recoupment), a party may file a request for reconsideration, which is an independent review of the evidence and findings conducted by a qualified independent contractor (QIC). QICs are bound by national coverage determinations (NCDs), CMS rulings, precedential Medicare Council decisions, and applicable laws and regulations. (Local coverage determinations (LCDs) and CMS program guidance is not binding but given substantial deference.) A QIC has 60 days to issue its reconsideration, and if the deadline isn’t met, the appellant can escalate to the next level of appeal.
3. Administrative law judge (ALJ). If the amount at issue exceeds $160, a request for an ALJ decision may be filed within 60 days of the reconsideration (recoupment cannot be avoided). A hearing is typically held either in person, video conference, or telephone, and parties may submit evidence and/or present witnesses. An ALJ decision is a de novo review and ALJs have wide discretion over the hearing. ALJs are bound by the same NCDs and laws and regulations and must give deference to non-binding authority as with reconsiderations. An ALJ must issue a decision within 90 days, however, there exists an immense backlog in issuing decisions, which has even become the subject of a legal challenge (see Court sets a timeline for Medicare claims backlog, December 6, 2016).
4. Medicare Appeals Council. Within 60 calendar days of the ALJ’s decision, a review by the Medicare Appeals Council may be requested. The Council’s review is limited to those issues the appellant claims to disagree with. Briefs are filed by the parties but no new evidence is provided. Typically a decision is made with no oral arguments and must be made within 90 calendar days.
5. Judicial review: Within 60 calendar days of receipt of the Council’s decision, a suit may be filed in the district court where the provider/supplier resides or has its principal place of business, with the Secretary of HHS named as defendant.