Written By Nate Trexler
This blog is the second post in a series discussing the Centers for Medicare and Medicaid Services’ Final Rule regarding the obligation to report and return Medicare overpayments. The first post discussed the basic requirement to report and return Medicare overpayments and two highlights of the rule—when an overpayment is “identified” and the 6-year lookback period. The first post can be viewed here. In this post, we discuss the impact of the rule on providers’ compliance initiatives (or lack thereof).
As we said in the first post, a
provider must report and return overpayments within 60 days of identification
of an overpayment or the date any corresponding cost report is due. “Identification” is defined as when a person has,
or should have through the exercise of reasonable diligence, determined and
quantified the amount of the overpayment.
A person “should have determined” that the person received an overpayment
if the person fails to exercise “reasonable diligence” and the person, in fact,
received an overpayment. CMS believes
that this definition provides an incentive for providers to exercise reasonable
diligence in determining whether an overpayment exists. Otherwise, CMS believes that providers may
avoid compliance efforts that might uncover overpayments.
So, if a provider received an
overpayment, but failed to conduct “reasonable diligence,” the overpayment is
deemed to be “identified” and clock starts to tick on the report and return
requirement. CMS did not define
“reasonable diligence” in the final rule.
Importantly, however, CMS stated in its commentary that “reasonable
diligence” includes proactive compliance efforts as well as the timely investigation
of credible information regarding potential overpayments. In regard to proactive compliance efforts,
CMS stated that undertaking no such efforts or minimal efforts to monitor claim
accuracy could/would subject the provider to liability under the rule based on
the failure to exercise “reasonable diligence.”
In other words, if a provider received an overpayment, but had no actual
knowledge of such overpayment, the provider may still be exposed to liability
if the provider engaged in no or minimal compliance activities to monitor the
accuracy of Medicare claims.
What does this mean for providers,
particularly Delaware physicians? The
final rule does not require the adoption of a compliance program. As in the past, CMS recognizes that compliance
activities necessarily (and appropriately) vary based on the provider’s type
and size. However, it is clear that CMS
believes providers have a “clear duty” to engage in proactive compliance
efforts. What remains unclear is whether
the government and whistleblowers will attempt to bolster False Claims Act
complaints by latching onto a provider’s failure to engage in any (or minimal)
proactive compliance measures, even in the absence of actual knowledge of an
overpayment.
Regardless of the False Claims Act
implications of this Final Rule, what is clear is that the trajectory of the government’s
scrutiny in guarding against Medicare fraud, waste, and abuse continues put the
onus to identify and return overpayments on the providers who receive them. Proactive compliance measures remain the best
way to avoid the enforcement radar.
Delaware providers should consider the types of measures they should be
taking to ensure the accuracy of their claims.
But what should Delaware providers do once a proactive compliance audit reveals an overpayment? In the next post in this series, we will discuss the process of investigation when a provider receives “credible information” regarding a potential overpayment.