Author Archives: Heather E. Baird

New OIG Exclusion Guidance

On April 18, 2016, the Department of Health and Human Services Office of the Inspector General (“OIG”) issued revised criteria for implementing permissive exclusion authority. These revisions are a non-binding policy statement amending those criteria issued by the OIG in 1997 in a similar non-binding policy statement.

Both the 1997 and 2016 statements address how the OIG will approach excluding an individual or entity (“person”) from participation in Federal health care programs, such as Medicare and Medicaid, from engaging in conduct prohibited by Sections 1128A and 1128B of the Social Security Act. In the 2016 statement, the OIG describes a continuum of risk and the OIG’s responses to health care fraud based upon where the person falls on the continuum of risk. The OIG also revised and refined the criteria that it uses to evaluate the risk presented by a person.

The OIG has conceptualized health care fraud as a continuum of risk, with some people presenting a low risk of health care fraud and other presenting a high risk of health care fraud.

The severity of the OIG’s response to activities that constitute health care fraud decreases the lower on the continuum of risk the activities fall as follows (from most severe OIG response to least severe OIG response): (1) exclusion; (2) heightened scrutiny; (3) integrity obligations; (4) no further action; and (5) release.

The OIG will generally only release a person from exclusion authority when the person self-discloses the conduct cooperatively and in good faith or when the OIG determines that robust integrity obligations that have been agreed to by the person are sufficient to protect Federal health care programs.

In determining where a person falls on the risk continuum, the OIG considers four (4) general categories: (1) nature and circumstances of the conduct; (2) conduct during investigation; (3) significant ameliorative effects; and (4) history of compliance. Within each category are factors that have been determined to either: (a) indicate a higher risk; (b) indicate a lower risk; or (c) be neutral to the risk assessment. Selected examples of these factors are as follows:

Nature and Circumstances of Conduct

  • Patient Harm. Conduct that causes or had the potential to cause any adverse physical, mental, or financial harm or other impact to program beneficiaries, recipients, or other patients indicates higher risk. A lack of patient harm is risk neutral.
  • Loss to Federal Health Care Programs. The greater the amount of actual or intended loss to Federal health care programs, the higher the risk.
  • Frequency of Conduct. Conduct that is continual or repeated indicates higher risk.
  • Prior Conduct. Previous imposition, breach of, or refusal to enter into a corporate integrity agreement indicates higher risk.

Conduct During Investigation

  • Termination of Fraudulent Activities. The inability of a person to engage in the conduct again because a contract or arrangement was terminated, or due to a change in Federal health care program rules, does not affect the risk assessment.
  • Failure to Respond to Subpoena. Failure to respond to a subpoena within a reasonable period of time indicates higher risk. However, prompt subpoena response does not affect the risk assessment.
  • Self-Disclosure. If the person initiated an internal investigation before becoming aware of the government’s investigation to determine who was responsible for the conduct, and shared the results of the internal investigation with the government, this indicates lower risk. If the person self-disclosed the conduct cooperatively and in good faith as a result of the internal investigation, prior to becoming aware of the Government’s investigation, this indicates lower risk. If the person clearly demonstrates acceptance of responsibility for the conduct, this indicates lower risk.
  • Criminal Penalties. A criminal resolution indicates higher risk.
  • Restitution. The inability to pay an appropriate monetary penalty to resolve a fraud case indicates higher risk.

Significant Ameliorative Effects

  • Disciplinary Actions. An entity that has taken appropriate disciplinary action against individuals responsible for the conduct indicates lower risk.
  • New Owner. If, since the end of the conduct at issue, the entity has been sold in an arm’s-length transaction to a non-affiliated, independent third party with a history of compliant participation in the Federal health care programs, this indicates lower risk.

History of Compliance

  • Prior Self-Disclosures. If the person has a history, prior to becoming aware of the investigation, of significant self-disclosures made appropriately and in good faith to OIG, CMS (for Stark law disclosures), or CMS contractors (for non-fraud overpayments), this indicates lower risk.
  • Compliance Program. The absence of a compliance program that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program indicates higher risk. However, the existence of such a compliance program does not affect the risk assessment.
  • Integrity Obligations on Successor Entities

In addition to the factors above, the new policy statement addresses factors that the OIG may consider when determining whether to apply integrity obligations to a successor entity following a corporate merger or acquisition.

Protective factors for a successor entity resolving a fraud case for an acquired person include when the successor: (1) purchased the acquired entity after the fraudulent conduct occurred; (2) has an existing compliance program; (3) does not have a prior history of wrongdoing or fraud settlements with the United States; and (4) took appropriate steps to address the predecessor’s misconduct and reduce the risk of future misconduct.

Finally, the new policy statement states that, regardless of risk, the OIG may favor remedies other than exclusion when the offending person is a sole source of essential specialized items or services in a community or provides items or services for which there are no alternative or comparable sources.

The new policy statement can help guide providers to operate so as to minimize the possibility that the OIG will impose exclusion authority upon the provider as well as its employees. Key compliance considerations include organized, coordinated, and timely procedures to address self-reporting and government investigations. The entire text of the April 18, 2016 OIG revised criteria for implementing permissive exclusion authority is available here.

Please contact a member of the Benesch health care team if you have any questions about how to mitigate your exclusion risk in light of this new guidance or how to incorporate it into your existing compliance plan.

 

FCC Releases Guidance on Autodialing and Pre-Recorded Voice Calls to Wireless Phone Numbers

This past July, the Federal Communications Commission (“FCC”) released a ruling (the “Ruling”) interpreting the Telephone Consumer Protection Act (“TPCA”) restrictions on certain communications to wireless telephone numbers. The Ruling significantly restricts business’ ability to use auto-dialers and artificial / prerecorded voices for contacting wireless telephone numbers, including via text message (“automated contact system ”), prior to obtaining customer consent. Fortunately for the many health care providers who rely on this type of technology for important patient correspondence such as appointment reminders, the FCC has provided a significant exception for providers’ automated contact systems that meet certain criteria set forth in the Ruling. While the criteria are not overly burdensome, they are numerous and specific, so health care providers with automated contact systems should review them carefully to ensure ongoing compliance with the TPCA.

Following the Ruling, health care providers with automated contact systems must either obtain patient consent prior to using automated contact systems, or be sure that their automated contact system comply with the Ruling. Generally, to be exempt from obtaining prior express consent from patients calls to wireless numbers using automated contact systems:

  • must not be charged to patient-recipients;
  • must be for specific, health-related purposes;
  • must include easy opt-out options; and
  • are subject to volume and brevity restrictions.

The Ruling describes in greater detail the steps that health care providers must take to meet the above standards.

The FCC ruling is available here. Contact a member of the Benesch team if you have any questions about your automatic contact system after the FCC’s recent ruling.

Medicare Part B Reimbursement After the SGR Repeal

On April 16, 2015, President Barack Obama signed into law the Medicare Access and CHIP Reauthorization Act of 2015 and thereby repealed the sustainable growth rate (“SGR”) Medicare Part B provider reimbursement methodology, represented by the Physician Fee Schedule that had been in place for nearly twenty years. SGR reimbursement was originally intended to control Medicare costs by keeping provider reimbursement proportionate to America’s overall economic growth. This was to be accomplished by setting reimbursement ceilings and then cutting reimbursement when those ceilings were exceeded in a given year. Historically, rather than instituting these cuts as planned, Congress repeatedly delayed the implementation of reimbursement reductions through the use of repeated short term legislative patches delaying any cutbacks

This pattern of emergency stop-gap measures ended on April 16, 2015 when, in an uncharacteristically bipartisan move, Congress permanently repealed and replaced the SGR. This revised reimbursement formula includes:

  • eliminating delayed reimbursement rate reductions under the SGR;
  • from 2015 – 19, increasing reimbursement rates by 0.5%;
  • from 2020 – 25, freezing reimbursement rates; and
  • from 2026 – forward, instituting annual reimbursement rate increases based upon provider participation in one of two provider risk-sharing arrangements: (1) the Merit-Based Incentive Payment System (“MIPS”) provides for a 0.25% annual increase; or (2) Alternative Payment Models (“AMP”) provides for a 0.75% annual increase.

Both incentive programs incorporate value-based payments beginning in 2019. First, MIPS combines and replaces existing incentive programs and provides a payment adjustment to fee-for-service reimbursement based upon a composite score made up of four categories: (1) Quality; (2) Resource Use; (3) Clinical Improvement; and (4) EHR Use. Second, AMP participants will receive a 5% of annual reimbursement bonus payment in exchange for generating sufficient revenue through qualified risk-sharing payment models, such as Accountable Care Organizations and Medical Homes.

The SGR repeal is funded by reductions in Medicare payments to hospitals and post-acute care providers, elimination of first-dollar Medigap coverage, and increases to Medicare premium cost-sharing for high income beneficiaries. Despite these cuts, the Congressional Budget Office estimates that the legislation will still add a grand total of $141 billion to the Federal deficit.

The elimination of the SGR provides some enduring stability following years of uncertainty.  After repeated, temporary SGR legislative fixes, the legislation eliminating the SGR and instituting the replacement reimbursement methodology represents a bipartisan effort to transition Federal health care program reimbursement away from traditional fee-for-service arrangements and into a new era of value-based payments. Consistent with trends in the health care industry at-large, and the Federal health care programs in particular, providers seeking meaningful reimbursement increases through Medicare Part B under the revised reimbursement methodology must meet quality metrics, whether through an incentivized fee-for-service model or through participation in alternative payment mechanisms.

For more information on health care reimbursement trends, please contact a member of Benesch’s health care team.

OIG Announces Proposed AKS and CMP Regulations

On October 3, 2014, the Office of the Inspector General (“OIG”) issued a proposed rule codifying into regulation several statutory changes to the Antikickback Statute (“AKS”) and the Civil Monetary Penalty (“CMP”) Law. Nearly all of these changes broaden permissible arrangements for certain health care and health service providers. The OIG is seeking public comment regarding how to best balance the promotion of beneficial arrangements that enhance the efficient and effective delivery of health care and promote the best interests of patients, while simultaneously avoiding payment arrangements that risk abuse of Federal health care programs or program beneficiaries. Comments about these proposed regulations are due to the OIG no later than December 2, 2014 at 5:00 p.m. EST. The proposed regulations in their entirety are available here. Selected proposed changes are described below.

Antikickback Regulations

1.   Cost-Sharing Waiver Safe Harbors. The OIG proposes to codify as regulations AKS safe harbors for certain cost-sharing waivers determined to be low risk to Federal health care programs.

a.   Safe Harbor for Part D Cost-Sharing Waivers by Pharmacies. A pharmacy waiving Part D cost-sharing for a beneficiary would qualify for the safe harbor when:
(i) the waiver is not advertised or part of a solicitation;
(ii) the pharmacy does not routinely waive the cost sharing; and
(iii) before waiving cost-sharing, the pharmacy either determines in good faith that the beneficiary has a financial need or the pharmacy fails to collect the cost-sharing amount after making a reasonable effort to do so.
Conditions (ii) and (iii) do not apply to a subsidy-eligible individual.

b.   Safe Harbor for Cost-Sharing Waivers for Emergency Ambulance Services. Emergency ambulance providers and suppliers that are paid by Medicare fee-for-service and are owned and operated by a State, a political subdivision, or a Federally recognized Indian tribe would receive AKS safe harbor protection for arrangements when:
(i) the ambulance provider or supplier is the Medicare Part B provider or supplier of the services;                                                                                                        (ii) the waiver is offered uniformly, without regard to patient-specific factors;
(iii) the waiver is not the furnishing of free services paid for by a government entity; and
(iv) the provider or supplier bears the cost of the waiver.

2.   AKS Remuneration Exceptions. The OIG proposes to codify as regulations two recent statutory exceptions to the definition of remuneration.

a.   Medicare Coverage Gap Discount Program Exception. Applicable drugs provided at a discount to applicable beneficiaries under the Medicare Coverage Gap Discount Program would be excepted from the AKS definition of remuneration if the drug manufacturer is a compliant participant in the Medicare Coverage Gap Discount Program.

b.   Local Transportation Services Exception. Excepted from the AKS definition of remuneration would be free or discounted local (no more than 25 miles away) transportation made available by an individual or entity to established patients who are Federal health care program beneficiaries for the purpose of obtaining medically necessary items or services when:
(i) the individual or entity providing the transportation services does not primarily supply health care items and bears the cost of the transportation services;
(ii) the availability of transportation services is not determined in a manner related to the volume or value of Federal health care program business;
(iii) the transportation services are not air, luxury, or ambulance-level services; and
(iv) the transportation services are not marketed or advertised and drivers or others arranging the transportation are not paid per beneficiary transported.

Civil Monetary Penalty Regulations

1.   CMP Remuneration Exceptions. The OIG proposes to codify as regulations recent statutory exceptions to the CMP rule definition of remuneration. The proposed regulations additionally provide proposed definitions of terms intended to help interpret these exceptions. Proposed exceptions to the CMP rule definition of remuneration include:

(a)   Reductions by a hospital of the copayment amount for covered outpatient department services to no less than 20% of the Medicare outpatient department fee schedule.

(b)   Remuneration promoting access to care and posing a low risk of harm to patients and Federal health care programs.

(c)   Retailer rewards programs consisting of coupons, rebates, or other rewards from a retailer offering items or services on equal terms to all members of the public and which are not tied to the provision of other items or services reimbursed in any part by Medicare or an applicable State health care program.

(d)   The offer of certain items or services for free or at less than fair market value after making a good faith determination that the recipient is in financial need and when the items or services are not advertised.

(e)   Certain copayment waivers for the first fill of a covered Part D generic drug for beneficiaries enrolled in the Medicare Prescription Drug Plan or the Medicare Advantage Part D Plan.

2.   Gainsharing Prohibition. The OIG proposes codify the statutory gainsharing prohibition that forbids hospitals from knowingly making a payment to a physician as an inducement to reduce or limit services provided to Medicare or Medicaid beneficiaries under the care of that physician. In doing so, the OIG acknowledges that it seeks to strike a balance that interprets the prohibition broadly enough to protect Federal health care program beneficiaries, and narrowly enough to allow low risk programs that further the goal of delivering high quality health care at a lower cost. Furthermore, in the proposed regulations the OIG acknowledges that it has previously allowed certain gainsharing arrangements through its advisory opinion process and that it seeks comment regarding an interpretation of the statute that permits the implementation of low risk, beneficial gainsharing arrangements.

If you have questions about these proposed regulations, or about fraud and abuse compliance for Federal health care program participants generally, contact Heather E. Baird, or any member of the Benesch Health Care Department.

Changes Coming to Nursing Home Compare

The Centers for Medicare and Medicaid Services (“CMS”) has announced that the Nursing Home Compare Five Star Quality Rating System will soon undergo some changes. The rating system has experienced recent criticism for relying too heavily on self-reported data and CMS is taking action. A facility’s star rating, from one to five stars, is based upon three categories of information, “onsite inspections,” “quality measures,” and “staffing levels.” Currently, the only category that is not self-reported is onsite inspection.

To address potential weaknesses in the current system, CMS will be implementing improvements to Nursing Home Compare. Look for increased numbers of quality measures that are not solely based on self-reported data and also for staffing information that will be electronically collected quarterly and verified against payroll records. Also expect the addition of new quality indicators, such as staffing turnover and retention and rate of antipsychotics use. This revised rating system is intended to provide greater transparency and objectivity for individuals seeking information on Nursing Home Compare.

A fact sheet from CMS summarizing these new improvements is available here.

Nursing Home Abuse and Neglect Compliance Trails Federal Requirements

The Department of Health and Human Services Officer of Inspector General (“OIG”) released a report this month titled, “Nursing Facilities’ Compliance with Federal Regulations for Reporting Allegations of Abuse and Neglect.” The report examines reporting practices for abuse and neglect in nursing facilities across the country. The OIG study found:

• 85% of nursing homes reported to the OIG at least one allegation of abuse or neglect in 2012;
• 76% of nursing homes maintained policies that address Federal regulations for reporting both allegations of abuse or neglect, and investigation results (95% of facilities maintained policies that address Federal regulations for reporting allegations of abuse or neglect only);
• 61% of nursing homes had documentation supporting the facilities’ compliance with Federal regulations under Section 1150B of the Social Security Act requiring (a) annual notification of covered individuals about their obligation to report any reasonable suspicion of a crime, and (b) the posting of a notice regarding employees’ rights to file a complaint; and
• 53% of allegations of abuse or neglect and the subsequent investigation results were reported as Federally required.

In light of these statistics, nursing homes should thoroughly review their abuse and neglect policies and practices. A robust and thoughtful abuse and neglect prevention program both protects nursing home residents and the facility. The following considerations may be helpful in reviewing a facility’s compliance with abuse and neglect requirements.

• Existing policies should be accessible, understandable, and implementable for all staff.
• Policies should be reviewed to ensure they are consistent with Federal regulations, especially regarding regulatory requirements for reporting investigation results.
• Staff (including owners, operators, employees, managers, agents, or contractors of nursing facilities) must be educated about their reporting obligations in the event of an allegation of abuse or neglect or when they reasonably suspect a crime has occurred in the facility under Section 1150B. Staff must also be notified about their right to file a complaint under Section 1150B of the Social Security Act.
• Remember to carefully document staff education about rights and responsibilities under Section 1150B.
• Verify policies regarding abuse and neglect are correctly and consistently implemented.

The full OIG report is available here: https://oig.hhs.gov/oei/reports/oei-07-13-00010.pdf.

4.5 Million Patients’ Information Stolen by Hackers

Community Health Systems Inc. (“CHS”), a Tennessee-based hospital provider, has reported it was the target of data hackers who were able to obtain identification information belonging to approximately 4.5 million CHS patients. According to some sources, this is the second-largest HIPAA breach ever. The company has been cooperating with Federal law enforcement authorities pursuing the individuals responsible for hacking into CHS’s system. In response to this breach, CHS is working to notify those individuals whose information was stolen and assisting them with identity theft protection as well as working with a security firm to thoroughly investigate the breach.

Healthcare providers that maintain or transmit electronic protected health (“ePHI”) information must not only be careful about how they use and disclose ePHI, they must also be wary of criminal attacks coming from outside their organization. Even simple identification information such as names, phone numbers, and social security numbers are protected by HIPAA. As part of ongoing HIPAA compliance, providers should assess and document the risk of breach of ePHI and the safeguards in place to prevent a breach. The more technical safeguards a provider has implemented for its ePHI (such as encryption, firewalls, and unauthorized or unusual access alerts), the less likely hackers will be able to infiltrate records and, in the event they infiltrate anyway, the easier for a provider to make a good case that it took all reasonable steps to safeguard its patients’ PHI, or at least to mitigate harm caused by a breach. Providers must consider all aspects of HIPAA, including both the Privacy Rule and the Security Rule, and make sure their HIPAA compliance programs are operational and complete.