New Rule Expands Bases on Which Providers Can Be Excluded from Participation in Medicare

Written By Melony Anderson 

On December 3, the Centers for Medicare & Medicaid Services (“CMS”) issued a new rule that enhances CMS’s ability to exclude or remove providers from participation in Medicare.  According to a press release issued by CMS, the new rule is designed to “prevent physicians and other providers with unpaid debt from re-entering Medicare, remove providers with patterns or practices of abusive billing, and implement other provisions to help save more than $327 million annually.”

The new rule has several provisions.  The first, and most significant given CMS’s stated purpose for the rule, is as follows:

CMS may now deny enrollment if the provider, supplier or owner thereof was previously the owner of a provider or supplier that had a Medicare debt that existed when the latter’s enrollment was voluntarily terminated, involuntarily terminated or revoked AND

·   The owner left the provider or supplier that had the Medicare debt within 1 year of that provider or supplier’s voluntary termination, involuntary termination, or revocation;

·   The Medicare debt has not been fully repaid; AND

·   CMS determines that the uncollected debt poses an undue risk of fraud, waste or abuse.

There are terms under which the provider, supplier or owner thereof can avert the denial, including repaying the debt in full, or agreeing to a repayment schedule for the entire debt if the provider meets the criteria for an extended repayment schedule provided by 42 C.F.R. §401.607.

 

To illustrate how this rule may be applied, consider the following example.  Provider ABC is owned by Owner X.  ABC terminates its enrollment in Medicare.  At the time of the termination, ABC had an outstanding Medicare debt.  Owner X leaves ABC less than a year after the termination.  Thereafter, as long as ABC’s debt remains unpaid, Owner X may be excluded from participating in Medicare, either as a provider or supplier or as an owner thereof, if CMS determines that the outstanding debt poses an “undue risk of fraud, waste or abuse.”  It is not clear from the rules what CMS considers to constitute an “undue risk”, and whether that is based on a dollar figure, or some other criteria.  Owner X may avoid denial if he/she agrees to a repayment schedule for the debt, or pays the debt in full. 

The new rule also expands the bases on which CMS can deny enrollment or revoke billing privileges based on prior felony convictions.  Under the prior rule, CMS could deny enrollment to any provider, supplier or owner who was convicted of a state or federal felony in the prior 10 years.   The new rule expands that to include “managing employees”. 

CMS can now revoke Medicare billing privileges if the provider or supplier has a “pattern or practice of submitting claims that fail to meet Medicare requirements”, including the requirement that the service be reasonable and necessary.  Many commenters to the proposed rule suggested that the provision was arbitrary and subjective, granting too much discretion to CMS.  CMS responded by stating that “sporadic billing errors would not result in revocation”.  CMS does not define “pattern or practice”, but listed several factors that would be considered, including:  (1) percentage of submitted claims that were denied; (2) total number of claims denied; (3) the reason(s) for the claim denials; (4) whether there is a history of final adverse actions; (5) the time period over which the pattern has continued; and (6) how long the provider has been enrolled in Medicare.  With respect to factors (1) and (2), CMS declined to establish objective numerical thresholds. 

The new rule also provides that revoked providers must submit all remaining claims within 60 days after revocation.  Revoked providers and suppliers may now only submit a corrective action plan where the revocation was based on noncompliance with the enrollment requirements, or the enrollment application.  In other words, a revocation based on provider or supplier conduct is no longer eligible for a corrective action plan.

The new rule goes into effect on February 3, 2015.

Physical Therapists’ Board Proposes Telehealth and Dry Needling Regulations

Written by Joanne Ceballos 
In August of this year Governor Markell signed a bill overhauling Chapter 26 of Title 24 relating to the practice of physical therapy and athletic training.  Among other things, the legislation expanded the scope of practice to include telehealth and dry needling.   Further to the legislation, the Examining Board of Physical Therapists and Athletic Trainers has proposed regulations regarding standards and requirements for the practice of telehealth by physical therapists, athletic trainers, and physical therapist assistants, as well as prerequisites for the performance of dry needling by physical therapists.  Proposed Regulation 14.0 restates the statutory definition of “telehealth” as “the use of electronic communications to provide and deliver a host of health-related information and health-care services, including physical therapy and athletic training-related information and services, over large and small distances.  Telehealth encompasses a variety of health care and health promotion activities, including education, advice, reminders, interventions, and monitoring of interventions.”  The proposed regulation provides that a Delaware-licensed physical therapist, athletic trainer or physical therapist assistant may conduct a telehealth session with a patient who is located in Delaware at the time of the session after obtaining the patient’s written informed consent specifying at a minimum the risks and limitations of the use of electronic communications in the provision of care, the potential disruption of electronic communication during the telehealth session, and the potential for breach of confidentiality of protected health information using electronic communications.  The proposed regulation requires the licensee to “ensure that the electronic communication is secure to maintain confidentiality … as required by HIPAA and other applicable Federal and State laws.”  Finally, the proposed regulation specifies that all evaluations (initial, reevaluations, discharge), and every other supervisory visit, must be performed in person as opposed to via telehealth.    

Proposed regulation 15.0 related to dry needling quotes the statutory definition, i.e., "an intervention that uses a thin filiform needle to penetrate the skin and stimulate underlying muscular tissue, connective tissues and myofascial trigger points for the management of neuromusculoskeletal pain and movement impairments; is based upon Western medical concepts; and requires a physical therapy examination and diagnosis," and clarifies that dry needling is not within the scope of practice of  athletic trainers, physical therapy assistants or physical therapy aides.  To perform dry needling, a physical therapist must have no less than two years of active clinical experience as a PT and must complete 54 hours of in-person dry needling education in a Board-approved program (PTs who have completed 25 hours of such education at the time the regulation is enacted may continue to practice dry needling but must complete the required 54 hours of education within two years).  The proposed regulation requires a physician’s referral specific for dry needling, specifies the minimum contents for written informed consent (which must include the PT’s “level of education regarding supervised hours of training in dry needling”), and addresses documentation requirements. 

A complete version of the proposed regulations can be viewed by clicking here. 

A public hearing on the proposed regulations will be held on January 27, 2015 at 4:30 p.m. in the second floor conference room A of the Cannon Building, 861 Silver Lake Boulevard, Dover, Delaware.  Written comments may be submitted to Sandra Wagner, Examining Board of Physical Therapists and Athletic Trainers, 861 Silver Lake Boulevard, Dover, Delaware 19904, by February 11, 2015. 

New Requirements for Delaware Free Standing Surgical Centers

Written By Nate Trexler
On November 1, the Delaware Department of Health and Social Services (“DHSS”) promulgated new regulations governing the licensure and operation of free standing surgical centers (“FSSCs”), more commonly referred to as ambulatory surgery centers.  The comprehensive regulatory changes became effective November 11 and raise a number of new issues for owners and potential investors of FSSCs.

Most significant of these new changes is that any modification of ownership and control (“MOC”) of a facility will result in the current license being “void,” requiring the facility to seek licensure as a new applicant.  Importantly, the regulation explicitly states that the FSSC must then meet the current design and construction standards recognized by DHSS.  “MOC” is defined by the regulations to be “a change of ownership or transfer of responsibility for the FSSC’s operation” and will occur “whenever the ultimate legal authority for the responsibility of the FSSC’s operation is transferred.”  The regulation includes a number of examples of an MOC, including the transfer of a majority interest to a new owner.

In responding to comments on this new requirement, DHSS stated that it “follows a protocol to ensure the continuity of operations during the transition.”  Licensees have not been apprised of exactly what this “protocol” is or how it actually works.  What is troubling is that the FSSC license is “void” upon an MOC; this carries rather strong connotations.  Reapplication for a license following an MOC is apparently not just about approving ownership, but reapproving the operation and physical environment of a currently operational facility, regardless of the history of quality care and excellent patient outcomes.  Before going forward with an ownership change, the facility should reach out to DHSS to understand the protocol, the time frame for approval, and the impact on the viability of the facility that relies on ongoing relationships with providers.

Also of significance is the rule that licenses will be issued for specific hours of operation and FSSCs may not operate beyond those hours.  In addition, if a prospective licensee or a currently licensed FSSC wishes to accommodate patient stays of 23 hours and 59 minutes, it must request approval in writing from the local government having jurisdiction.

Multiple commenters inquired whether the new regulations would impact a 1995 Delaware Attorney General’s opinion that exempted single specialty diagnostic endoscopy and pain management centers from licensure as FSSCs.  While DHSS would not amend the regulations to specifically exempt these facilities, it did recognize that the Attorney General’s Office opinion was still in effect.

Finally, in one brief sentence, the new regulations provide that a license is subject, at any time, to revision or revocation by the State.  Unlike regulations that govern licensure of other types of facilities and health care providers, this regulation does not tie the revision or revocation to any specific reason (such as violation of the regulations) or detail any process due to the licensee to challenge such a decision.  The State Administrative Procedures Act does not apply to DHSS in regard to process for case decisions or judicial review of such decisions.

FSSC prospective licensees, current licensees, and potential investors in these facilities should review the new regulations carefully.  The former regulations were wholly rewritten, and in addition to the above, the new regulations set forth requirements relating to the governing body, administration and personnel, medical staff, and nursing services, among other things.  Current licensees should be aware that they are not grandfathered under the prior regulations, and will be subject to compliance with all new regulatory requirements.  
 

The regulations can be reviewed here.

HHS Office of Inspector General Fraud and Abuse Focus: FY 2015 Work Plan

Written By Nathan Trexler

Each year, the Office of Inspector General (“OIG”) at the Department of Health and Human Services announces the agency’s new and continuing initiatives to combat health care fraud and abuse.  The annual OIG Work Plan helps health care providers understand new, and some recurring, areas that the OIG believes are key in the fight to protect the federal fisc.  We have previously discussed such key initiatives to help Delaware providers identify and focus on potential areas of compliance risk before issues arise (2012, 2013, 2014).

The OIG released its FY 2015 Work Plan on October 31, and our review has revealed some key initiatives:

Physicians and other Practitioners:

• Anesthesia services and payments for personally performed services.  The OIG plans to review Part B claims for personally performed anesthesia services to determine whether claims met Medicare requirements and to determine whether services reported with the “AA” service code modifier met Medicare requirements.
• Ophthalmologist inappropriate and questionable billing.  In 2010, Medicare allowed more than $6.8 billion for services provided by ophthalmologists.  The OIG will review claims data to identify potentially inappropriate and questionable billing for services during calendar year 2012.
• Physician place-of-service coding errors.  The OIG will review coding on Part B claims for services performed in ASCs and hospital outpatient departments.  The OIG has previously determined that physicians are not always correctly coding nonfacility places of services, which may result in higher payments.
• Chiropractic services.  The OIG announced its continued intentions related to chiropractic services.  The agency previously discovered inappropriate payments and will continue its review to determine whether payments for chiropractic services were claimed in accordance with Medicare requirements.  The OIG has identified one example of a chiropractor with a 93% error rate and inappropriate Medicare payments of nearly $700,000.  The OIG plans to make recommendations to reduce Medicare vulnerabilities with respect to chiropractic services.
• Diagnostic Radiology.  The OIG will review high-cost diagnostic radiology tests to determine medical necessity and the extent to which utilization has increased.
• Independent clinical lab billing requirements.  The OIG plans to review Medicare payments to independent labs to determine compliance with billing requirements, and use the results to identify clinical labs that routinely submit improper claims in order to identify overpayments for recoupment.

Hospitals

• New inpatient admission criteria.  The OIG will continue to focus on how the two-midnight rule is impacting hospital billing and examine the variability among hospitals.
• Oversight of provider-based status.  Since provider-based status allows facilities to bill as hospital outpatient departments, it can result in high Medicare payments for services furnished at the facility and may increase beneficiary coinsurance liability.  The OIG will determine whether provider-based facilities are meeting CMS criteria.
• Inpatient claims for mechanical ventilation.  The OIG will review Medicare payments for inpatient claims with certain MS-DRG assignments that require mechanical ventilation.  The purpose of the review is to determine whether hospitals’ DRG assignments and Medicare payments were appropriate.

Hospice and Home Health   

• Hospices in assisted living facilities and hospice general inpatient care.  The OIG continues to scrutinize hospice billings, which are also a focus for False Claims Act relators, and will review the use of hospice general inpatient care to determine whether the level of care is being misused.
• Home health prospective payment system requirements.  Prior OIG work found that one in four home health agencies had questionable billing and CMS has designated newly enrolling agencies as high-risk providers.  With that in mind, the OIG will continue to review and scrutinize HHA documentation to determine whether it supports claims paid by Medicare.

With CMPs for Employing Excluded Individuals on the Rise, Providers Should Review Their Exclusion Check Policies

Written By Joanne Ceballos

Over the past three months the Office of Inspector General of the U.S. Department of Health and Human Services (“OIG”) has imposed civil monetary penalties (“CMP”) on 13 health care providers who employed individuals excluded from participating in Medicare and Medicaid.  Most of these CMPs (10) were imposed on health care providers who self-reported the issue to the OIG, which likely explains the rise in these types of matters.  The CMPs ranged from $10,000 imposed against a surgery center to $1.9 million levied against a diagnostic laboratory and imaging company.  With the average amount of settlements with the OIG for employing excluded individuals in the range of $275,000, providers who bill Medicare and Medicaid should review their policies and processes for screening their employees and contractors against the OIG’s List of Excluded Individuals and Entities (“LEIE”) at http://exclusions.oig.hhs.gov/.

Two fundamental considerations in formulating an exclusion check policy are (1) who should be screened, and (2) how frequently should screening occur?

With respect to the first issue, providers may wonder whether they only need to screen individuals who will be rendering patient care services that will be billed to federal health care programs.  Federal exclusion laws and regulations prohibit payment by a federal health care program for items or services furnished by, at the medical direction of, or upon prescription by an excluded individual.  Moreover, excluded individuals may not serve in a management role or provide administrative services to an entity that bills federal health care programs unless such services are wholly unrelated to federal health care programs.  An excluded individual may, however, have an ownership interest in a health care provider that bills federal health care programs but the individual and provider may be subject to CMPs if the individual provides management or administrative services to the provider.  As a practical matter, therefore, an exclusion check policy should provide for screening of owners, management, administrative and clinical employees, as well as independent contractors.

As to the frequency of screening, no federal statute or regulation expressly requires screening, let alone that it be conducted at particular intervals.  Screening, however, is obviously a provider’s first line of defense in avoiding a CMP for employing an excluded individual.  The OIG recommends screening upon hire and “periodically” thereafter.  In its Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs, the OIG does note that the LEIE is updated monthly, so monthly screening “minimizes potential overpayment and CMP liability.”  In 2011, the Centers for Medicare and Medicaid Services (“CMS”) issued regulations requiring states to screen Medicaid providers on a monthly basis.  Some states have, in turn, imposed a monthly screening obligation on their Medicaid providers.  Although Delaware’s Division of Medicaid and Medical Assistance does not currently require Medicaid providers to conduct monthly exclusion checks of their employees and contractors, frequent checks are obviously preferable.  Whatever a provider decides with respect to how often to conduct exclusion checks, the important thing is to establish a regular exclusion check process and follow it.   

HIPAA Compliance: Two Things to do Going Forward

Written By Joanne Ceballos 

Since the publication over 20 months ago of the HIPAA Final Omnibus Rule, there has been no shortage of recommendations and advice to health care providers from trade organizations, industry consultants, attorneys and the Office of Civil Rights of the U.S. Department of Health & Human Services (“OCR”) about the steps providers should take in order to achieve HIPAA compliance.  Last week marked a final deadline for Omnibus Rule compliance—September 23, 2014, was the date by which covered entities were required to update their agreements with business associates to include certain provisions required under the Rule.  

Despite the volume of available guidance, health care providers may not appreciate that the process they went through over the past year should be repeated on a regular basis. In particular, covered entities are required to review and modify their HIPAA security measures “as needed to continue provision of reasonable and appropriate protection of electronic protected health information [ePHI].”  45 CFR 164.306(e).  In other words, providers who create, store or transmit ePHI should conduct another HIPAA Security Risk Assessment when they make changes to their information systems, or when they are apprised of new potential external threats to existing systems.  The failure of providers to reassess their HIPAA security measures following changes in IT infrastructure and applications was a recurring deficiency discovered during OCR’s Pilot HIPAA Audit program, and will be a focus of the new round of audits OCR is beginning this fall.  Providers can minimize the possibility of having an outdated Security Risk Assessment by simply planning to conduct one on a regular basis, perhaps annually or biannually depending on the size of the covered entity’s operations.    

Another aspect of HIPAA compliance that providers should repeat on a regular basis is training regarding the requirements of the HIPAA Privacy and Security Rules.  While HIPAA regulations do not expressly require training to be conducted at prescribed intervals, another focus of the OCR’s audits this fall will be whether covered entities have provided training on the HIPAA standards that are necessary or appropriate for a workforce member to perform his/her job duties.  As with any type of training, in order for HIPAA training to be effective in facilitating employees’ understanding of the regulatory requirements in the context of their job duties, it should be conducted with some regularity, and at least on an annual basis.  Employees who handle medical records requests should receive more in depth training about the patient rights’ provisions of the HIPAA Privacy Rule.

If you are a provider who has invested time and effort over the past year reinvigorating your HIPAA compliance program, preserve the value of your investment by conducting risk assessments and training on an ongoing basis.

Physician Supervision Requirements under CMS Regulations - False Claims Act Cases on the Rise

Written By Melony Anderson
In 2013, the Department of Justice collected over $3.8 billion in qui tam and non-qui tam settlements and judgments under the False Claims Act (“FCA”).  Of the total amount collected, $2.7 billion, or 70% were in cases in which the Department of Health and Human Services (“HHS”) was the primary client agency.  In comparison, cases from the Department of Defense represented just 1% of the total collections.  Surprisingly, the total numbers for 2013 were actually slightly lower than 2012 numbers.  In 2012, total collections were $4.9 billion, with HHS cases representing $3.1 billion, or 63%. 

Notwithstanding the slight decrease in total judgments and settlements, it is clear that one type of case under the FCA is beginning to account for an increasing portion of the total:  cases where the government has alleged that the services were not properly supervised by a physician or a qualified non-physician provider (“NPP”), such as a licensed physical therapist.  

CMS regulations define three types of physician supervision: 

·        General supervision:  the physician or NPP must be available by telephone. 

·        Direct supervision:  the physician or NPP must be “immediately available” and “interruptible” throughout the performance of the procedure.  The physician or NPP does not need to be present in the room.  CMS will not explicitly define “immediate” but has said that the requirement is not met where the physician or NPP is “so physically far away…from the location where…outpatient services are being furnished that he or she could not intervene right away.” 

·        Personal supervision:  the physician or NPP must be in the room during the procedure.    

In order to bill Medicare or Medicaid for certain services, the service must have been appropriately supervised under these definitions.  The government takes the position that services billed but not properly supervised are not “reasonable and necessary” and are, therefore, false claims.  For example, MRIs with contrast require direct supervision.  Although the supervising physician need not be in the room during the treatment, the physician must be “immediately available” somewhere on the premises.  What is more, it is not enough that any physician or NPP is immediately available – the supervising physician or NPP must have within his or her State scope of practice and hospital privileges the ability to perform the service or procedure.   

The following recent settlements provide some insight into the types of services where the government is paying close attention: 

·        A Florida hospital and doctor group settled with the government for $3.5 million.  The allegations in that case were that the group billed Medicare, Medicaid and TRICARE for radiation oncology services (which require direct supervision) that were performed without the necessary supervision.  In particular, the government alleged that the services were often performed while the defendant doctors were on vacation or were working at another radiation oncology clinic.  

·        In April 2013, a North Carolina neurologist and his practice paid $2 million to resolve allegations under the False Claims Act that the neurologist had improperly billed for intravenous immunoglobulin therapy services, which require direct supervision.  The government alleged that the services had been performed by registered nurses when the neurologist was not present in the office suite.  There were no allegations that any patients had been harmed; what is more, in many instances there were other physicians on site and the neurologist himself was, in his words, “no more than 8 seconds away” from the office suite. 

·        A Georgia-based collection of companies settled a False Claims Act case for $1.2 million in April 2013.  The allegations in that case were that the companies had billed for contrast MRI procedures where only clerical staff and technicians were onsite.   

It is worth noting that most, if not all, of the major settlements involved physician supervision over services that require direct supervision, rather than general or personal.  This is perhaps not surprising:  general and personal supervision are clearly and understandably defined, whereas CMS has declined to provide specific time or distance limits that would meet the definition of “immediate” and “interruptible” for direct supervision.  

Direct supervision is required for most outpatient services.  The following is a non-exclusive list of services that require direct supervision:  

·        Diagnostic services furnished to outpatients, including drugs and biologicals required in the performance of those services (for example, MRIs with contrast);

·        IV therapy services, such as chemotherapy

·        Physical and occupational therapy (a licensed therapist must provide direct supervision)

·        Pulmonary, cardiac and intensive cardiac rehabilitation;

·        Glaucoma screening examinations; and

·        Services and supplies provided “incident to” a physician’s services in a non-institutional setting (such as a physician’s office)     

Understanding the level of supervision that a particular service or treatment requires is extremely important, particularly for health care providers who bill for services that they do not perform themselves.  The consequences for billing for services where the requisite level of supervision was not present could be dire and could include not only significant financial liability, but exclusion from federally funded healthcare programs.