Wednesday, November 24, 2010

Reverse False Claims-The Latest in False Claims Act Exposure

Earlier this week, the Department of Justice announced that it had its second largest annual recovery of civil fraud claims in history, securing $2.4 billion in settlements and judgments in cases involving fraud against the government in the fiscal year ending Sept. 30, 2009. In making this announcement, Tony West, the Assistant Attorney General for the Civil Division, reiterated that “rooting out fraud” remains one of the Justice Department’s highest priorities.” The government thanked its partners in these recovery efforts, mentioning the cooperation it receives from whistleblowers, State Departments of Justice, Medicaid Fraud Control Units, and Congress.

The reference to Congress’ role in assisting with fraud recovery efforts cannot be minimized. With the enactment of the Fraud Enforcement Recovery Act of 2009 (“FERA”) and the Patient Protection and Affordable Care Act (“PPACA,” sometimes referred to as the Healthcare Reform Act) in March of this year, Congress has significantly expanded the scope of liability for individuals and entities that receive government funds.

As a result of these reforms, one area where we are seeing considerable exposure for healthcare providers is with “reverse false claims.” There is no longer any doubt that the knowing retention of Medicare and Medicaid overpayments can serve as the basis for False Claims Act liability.

Under PPACA, health care providers are required to “report and refund” any overpayment by within 60 days after the date on which the overpayment was identified (or the date any corresponding cost report is due, whichever is later). The definition of overpayment under PPACA includes any funds received or retained under Medicare or Medicaid to which the provider is not entitled. And PPACA expressly makes the retention of any overpayment an obligation under the False Claims Act.

The Justice Department’s announcement last week that “A top priority for this administration is fighting health care fraud.” should come as no surprise to healthcare practitioners. In fiscal year 2009, health care fraud recoveries reached $1.6 billion, two-thirds of the year’s total. With the recent expansion to the Justice Department’s arsenal of recovery weapons, we will continue to see an increase in recovery efforts. Now more than ever it is essential to be vigilant in avoiding risk related to billing and collections.

Thursday, September 30, 2010

Responding to Subpoenas

Recently there has been a surprising increase in the number of subpoenas served on health care providers. Fraud investigations, overpayment investigations, licensing board investigations, carrier audits, personal injury and workers compensation claims, all generate demands for production of records (and sometimes interviews). And while subpoenas have become commonplace for medical practices, the response to a subpoena cannot be treated lightly. A subpoena, particularly one issued by a government agency such as the Office of Inspector General, State Medicaid Fraud Control Unit, or Department of Justice, reveals the existence of an investigation and the potential for significant risk. Accordingly, every health care provider should be prepared to respond appropriately to service of a subpoena. Yet few health care providers have policies in place for responding to investigations.

We recommend that every healthcare provider implement a policy for responding to investigative demands. An effective policy will identify the primary concerns and decisions that result from a demand for production of records. Among the practical and strategic considerations triggered by receipt of a subpoena are: Who in the practice should respond to the subpoena? Does the subpoena request documents that should not be produced because of confidentiality concerns, because they may be protected by privilege or some other legitimate concern? Is the subpoena improperly broad? Should an attorney be consulted?

An effective policy serves as an essential checklist to assure that proper steps are taken to respond to the subpoena. The policy should ensure that one person or department is clearly identified as responsible for responding to the investigative demand. All employees must be aware that subpoenas should be immediately forwarded to the person or department in charge. Responses should be timely and complete. However, care should be taken to review the subpoena to ensure that it is not improperly broad. It is rarely beneficial to provide more information than is requested. And any response should ensure that confidential information, patient records and attorney/client privileged information in particular, are protected. Copies of anything produced should be retained and properly labeled to avoid subsequent confusion about what was produced.

A subpoena often announces an investigation of some kind, and information contained in the subpoena itself may reveal the nature and subject of the investigation. This information can be valuable to a provider, and the policy should identify the circumstances under which and the means by which the practice will conduct an internal investigation to quickly assess risk, rectify problems early and minimize exposure.

In light of increased enforcement efforts by both government and private payors, now is the time to establish a policy, or to review your practice’s existing policy, for responding to investigative demands to ensure your practice responds to such demands as efficiently as possible and in a manner consistent with the practice’s interests.

Tuesday, July 13, 2010

Delaware Enacts New Laws Impacting Medical Professionals

In the wake of the investigation and prosecution of Dover pediatrician Earl Bradley on hundreds of counts of sexual assault and child molestation, the Delaware General Assembly passed a series of bills designed to enhance the effectiveness of regulators who license medical professionals and law enforcement officials charged with investigating and prosecuting crimes of abuse in Delaware, which bills were signed by Governor Markell on June 30, 2010. A summary of the bills can be found on the Governor's website at http://governor.delaware.gov/news/2010/1006june/20100630-legislation.shtml. Perhaps most significantly for physicians, the bills (1)require that there be another adult in the room when a physician is treating a person 15 years of age or younger and the child is disrobed or otherwise undergoing certain physical examinations, (2)provide for expedited suspensions of medical licenses if there is a threat to the public,(3) facilitate the ability of the Board of Medical Practice (now renamed the Board of Medical Licensure and Discipline) to obtain information from peer review panels, (4) impose stiffer sanctions for the failure to report physician misconduct, (5) require physicians to undergo background checks, and (6) require physicians to participate in training to recognize signs of child abuse.

Thursday, June 10, 2010

Delaware Court Upholds Restrictive Covenant in Physician Employment Agreement

In a recent Memorandum Opinion, Judge Herlihy of the Delaware Superior Court held that a restrictive covenant in a physician employment agreement that required the physician-employee to pay the medical practice employer $200,000 in liquidated damages if, during the 2-year period following termination of the agreement, the physician-employee practiced medicine or treated former patients of the employer within a 20-mile radius of the medical practice’s locations, is enforceable as a matter of law.

The medical practice, located in Sussex County, Delaware, employed the physician as an internist and pulmonologist, and it was undisputed that when he left the practice he breached the terms of the restrictive covenant by seeing former patients of the practice within a 20-mile radius of the practice’s offices. The Court held that the restrictive covenant complied with 6 Del. C. §2707, and that liquidated damages in the amount of $200,000 was a reasonable estimate of the damages caused by the physician’s breach of the restriction.

Whether the physician will actually be required to pay the practice liquidated damages, however, depends on whether the practice breached the employment agreement before the physician breached the restrictive covenant. The Court held that fact issues related to the employer’s alleged breach precluded summary judgment.

Monday, April 5, 2010

Health Care Reform Requires Immediate and Longer Lead Time Changes Regarding CT, MRI and PET Scans

As we continue to review the recently enacted Patient Protection and Affordable Care Act, what is immediately striking is the broad range of regulatory requirements that will impact health care providers. Some of these requirements will not go into effect for a year or more. However, one requirement that became effective immediately upon the President signing the bill relates to in-office referrals for CT, MRI or PET scans. The Act requires a physician who refers an individual for CT, MRI or PET (which is being provided under the in-office ancillary services exception to the Stark Law) to “inform the individual in writing at the time of the referral that the individual may obtain the services for which the individual is being referred from a person other than” the referring physician or medical practice. In addition, any medical practice providing these diagnostic imaging services must “provide [their patient] with a written list of suppliers (as defined in section 1861(d)) who furnish such services in the area in which such individual resides.”

Again, this requirement is now in effect. Be aware that another recent change regarding CT, MRI and PET will soon impact health care providers. As required by the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA), by Jan. 1, 2012, all suppliers of the technical component of advanced diagnostic imaging procedures must be accredited by an accreditation organization designated by the Secretary of Health and Human Services. MIPPA specifically defines advanced diagnostic imaging procedures as including diagnostic CT, MRI and PET scans.

The accreditation requirement applies to physicians, non-physician practitioners, and physician and non-physician organizations that are paid for providing the technical component of advanced imaging services under the Medicare Physician Fee Schedule. The accreditation requirement will apply only to the suppliers furnishing the imaging services, and not to the physician’s interpretation of the images.

CMS has designated three national accreditation organizations – the American College of Radiology (ACR), the Intersocietal Accreditation Commission (IAC), and The Joint Commission (TJC) - to accredit suppliers furnishing the technical component of advanced diagnostic imaging procedures.

CMS has promised to issue further guidance to suppliers about meeting the accreditation requirements. CMS plans to undertake a provider education outreach program to ensure that all affected suppliers understand the requirements and are able to comply with them prior to the Jan. 1, 2012 accreditation deadline.

Thursday, February 4, 2010

As of February 22, Comply with HIPAA Breach Notification Rules or Face Sanctions

The HITECH (“Health Information Technology for Economic and Clinical Health”) Act enacted last February imposed obligations on health care providers to notify patients if their protected health information was used or disclosed in a manner not permitted by HIPAA’s Privacy Rule. The U.S. Department of Health and Human Services published regulations which took effect in September 2009 specifying when and how providers have to notify patients of HIPAA breaches as well as recordkeeping requirements regarding reported HIPAA violations. When it published these “breach notification” regulations, HHS stated it would delay imposing sanctions for failure to comply with the regulations until February 22, 2010. So now is the time to familiarize yourself with the HITECH Act’s breach notification rules to avoid the prospect of hefty sanctions, ranging from a minimum of $10,000 up to $50,000 per violation, for willful neglect of the regulatory requirements.

Basically the breach notification rules require a health care provider to notify a patient if his/her protected health information (PHI) has been acquired, accessed, used or disclosed in a manner not permitted under HIPAA’s Privacy Rule which “poses a significant risk of financial, reputational, or other harm to the individual.” The form and manner of notification required under the regulations vary depending on whether a breach involves the PHI of fewer or more than 500 patients. There are certain good faith exceptions to the requirement to notify patients of PHI breaches.

The breach notification rules also require reporting of PHI breaches to HHS under certain circumstances, and impose an obligation on health care providers to document alleged HIPAA violations as well as the provider’s determination as to whether a breach occurred for purposes of the breach notification rules.

The key to compliance with the breach notification rules is establishing a procedure for receiving information about alleged HIPAA violations, evaluating whether a purported violation constitutes a breach for purposes of the notification rules, and documenting whether and how notification was provided. All documentation related to this procedure should be maintained in one location, preferably by one individual, in your practice. With February 22 just days away, it’s time to understand the HITECH breach notification rules and establish a procedure for complying with them.