If you’re a health care scofflaw – or just a little lax on the billing and reimbursement details in your medical practice – times are tough. And they’re getting tougher.
The federal government is growing aggressive in health care regulatory investigations, compliance and prosecutions in pursuit of possible fraud. Agencies are working independently and in concert to reel in fraud that seemingly has become epidemic.
Statistics bear that out. Medicare fraud alone costs the program up to $90 billion a year, according to Justice Department statistics.
Federal prosecutors filed more health care fraud cases in 2013 than in years prior, according to the Transactional Records Access Clearinghouse (TRAC) at Syracuse University.
While errors and omissions are defensible, committing them – even innocently – can be costly if the federal government launches an investigation into a medical practice’s or health care provider’s billing practices and suspects fraud. This is also true for cases of suspected HIPAA violations. Cases involving Medicare or Medicaid fraud or unlawful disclosure of private information can be protracted. Defending against such claims can be costly.
Hospitals, pharmaceutical companies, medical device manufacturers and large and small physician practice groups must hone their defenses, establish compliance and security policies, train their staff, perform risk assessments and engage experienced legal counsel to further identify areas of vulnerability – regardless of whether a federal agency has served notification of pending investigation.
Pursuit of Suspected Fraud is Growing
Make no mistake, the government is pursuing these cases. Examples of heightened investigation and prosecution reveal the huge incentive-based model for the government. For every dollar spent on ferreting out fraud, encouraging compliance or exacting a financial penalty, it’s reported that the government often gets a six- or seven-fold return. By any standard, such ROI has encouraged authorities to ratchet up the pressure and further investigate compliance issues.
This is especially true in such high-population markets as Texas, Illinois, New York, California and Florida. Reports from the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) note how durable goods manufacturers, pharmaceutical companies, health care providers and others are coming under investigators’ microscopes. In a market like South Florida (encompassing such cities as Miami, Fort Lauderdale and Boca Raton), for example, rampant suspected cases of Medicare fraud and government investigation and successful prosecution serve as Exhibit A of how pervasive the problem is.
In Florida, “pain clinics” have placed prescription fraud on the national headlines. Before the government crackdown several years ago, buyers were driving from across the East Coast to buy prescriptions for pain medications, which they then would fill and resell in their local markets.
Such extensive fraud also is evident with savvy criminal entrepreneurs who launch enterprises – and lure naïve, unsuspecting physicians to prescribe the drugs. The physicians often end up with their medical license on the hook. From narcotics to durable medical equipment and home health care services, even medical care following an alleged automobile accident, the criminals set up the enterprise, get the physician to write the prescriptions and then take their money and run when the feds come looking.
Health Care Fraud Risks for 2014
What will be the leading areas of fraud risk in 2014 and beyond? History often is a fair indicator for what’s to come. Consider these examples, as noted by the OIF, of areas of interest for federal investigators and prosecutors:
Attention paid to physician/manufacturer relationships. The $2.2 billion payment by Johnson & Johnston in November 2013 to settle criminal and civil False Claims Act violations relating to the branding and off-label promotion of certain drugs will certainly incentivize the federal government to continue looking into relationships between manufacturers and referring physicians. In this case, J&J paid kickbacks to physicians to induce them to prescribe drugs to patients. Payments took the form of speaking fees that were based upon increases in prescriptions of certain J&J drugs. The government views those arrangements as efforts by pharmaceutical and device manufacturers to undermine physicians’ medical judgments and corrupt medical decision making.
What we can expect? Expect to see greater interest in those prescribing physicians involved not only in the J&J investigation, but in other investigations involving pharmaceutical and device manufacturers. Recoveries from such enforcement efforts are intended to fund health care reform. Historically, false claims violations reportedly yield a 20:1 return on investment for the government, providing significant incentive for the government to continue pursuing these cases.
Build upon current enforcement models. The OIG will continue to build upon previously successful enforcement models, including the Medicare Fraud Strike Force, for use in other areas, such as Medicare and Medicaid program integrity and waste. The OIG will also continue to implement and refine its self-disclosure protocols.
Continued recovery of stolen or misspent funds. On average, the Health Care Fraud and Abuse Control program recovers more than seven dollars for every one dollar invested and results in criminal convictions and exclusion of dishonest providers. Accordingly, we can expect that the OIG will continue its efforts to hold fraud perpetrators accountable and to recover stolen or misspent HHS funds. The OIG intends to focus its efforts upon identifying and recovering improper payments and utilizing exclusions and referrals for debarment to protect HHS programs and beneficiaries.
Assessing qualification of participating providers and suppliers. The OIG will apply what it has learned regarding fraud vulnerabilities and prevention to advise HHS on key safeguards to prevent fraud, waste and abuse and to assess whether providers, suppliers and others are qualified to participate in government programs.
Abuse of, or poor care provided to, Medicare or Medicaid patients. In order to foster a high quality of care, the OIG will focus on promoting quality of care in nursing facilities, access to and use of preventive care and quality improvement programs.
Prescription fraud. The OIG sees this as a public safety issue deserving a high priority. The focus will likely be on drug diversion, the substitution of generic drugs for name brands, short-counting pills, filling prescriptions without a refill and then billing Medicaid or other third-party payors. This kind of fraud could also include billing for drugs never dispensed.
Recovery of over-payments. The OIG will continue with its hospital auditing program, focusing upon common billing and payment errors and the recovery of over-payments.
Data security, integrity of electronic health records and privacy. The OIG previously discovered security breaches and data stored by CMS contractors with more than 5,000 Medicare physician identifiers and 300,000 Medicare beneficiary numbers known to be compromised. This information is often used by fraud perpetrators to submit false claims.
Additionally, the OIG intends to look into how the funds spent on the Medicare and Medicaid DHR incentive programs was used by the recipients of those funds. Physician recipients of those funds must be able to demonstrate meaningful use of the certified EHR systems acquired with those funds. The focus will be on the misuse of EHR systems, including, for example, use of cut-and-paste features and auto fill templates (a.k.a. cloned records) which, while reducing paperwork burdens can also be misused, according to the OIG, to fabricate information, resulting in improper payments and corrupted patient records.
HIPAA enforcement. Following the implementation of the parts of the HITECH Act that went into effect in September 2013, the Office of Civil Rights (OCR) is expected to begin to aggressively enforce HIPAA. The OCR has made auditing a high priority following recent criticism by the OIG for failing to meet federal requirements relating to the oversight and enforcement of HIPAA rules.
This can affect otherwise compliant and dutiful physicians whose office staff inadvertently reveal private patient information to unauthorized individuals such as an ex-spouse when the practice wasn’t informed of a divorce. Ensuring staff compliance with office policies and federal HIPAA requirements can help avoid complaints, investigations and enforcement actions.
Whistleblower activity. In light of the significant interest in the activities of Edward Snowden, we may likely see a number of whistleblowers coming out of the woodwork in the coming years. Potential whistleblowers come virtually from anywhere, often from trusted employees and contractors.
Review of referral patterns. New health care delivery systems encouraged by the Affordable Care Act, including accountable care organizations and other collaborative arrangements, may encourage the formation of arrangements with the potential to violate antitrust, anti-kickback and self-referral laws and regulations.
Physician charting and documentation practices. Clinical laboratories and diagnostic imaging facilities have long come under pressure by CMS contractors with respect to documentation of medical necessity for diagnostic testing. If the physicians fail to provide adequate documentation supporting the medical necessity of tests and procedures ordered, the labs and imaging facilities may be on the hook for refunding Medicare payments for services later determined to be medically unnecessary.
As labs and imaging facilities begin to push back on being held responsible for the inability of physicians to provide adequate documentation, expect Medicare to refocus on the physicians in an effort to encourage more diligent documentation practices. This would also apply to physicians who admit patients to the hospital over a period of time that spans at least two midnights. CMS considers shorter stays as either outpatient or observation stays and pays for them at a lower rate. Two-night stays are generally categorized as inpatient stays, the medical necessity for which must be clearly documented by the physician. CMS has announced that it will conduct pre-payment reviews of inpatient admissions beginning October 1, 2013 and post payment reviews after April 1, 2014.
Federal investigators’ interest in possible fraud will affect all levels of health care delivery. Regardless of whether an organization is actively engaging in fraud, gets lured into illegal activities or suffers from poor administrative practices such that their efforts are deemed suspicious, investigators’ interest will be piqued just the same.
How to Avoid Investigators’ Attention
If you’re a health care provider, ignore these trends at your own peril.
From prescribing and billing to adherence to patient privacy requirements, what was permissible or acceptable in the past could invite suspicion today.
For example, in 2013, the OIG came down hard on the Office of Civil Rights for not setting up systems and auditing programs to check on providers to ensure protection of patient health care information. Health care attorneys regularly receive calls from patients complaining that their HIPAA rights have been violated. As noted above, while attorneys often will advise callers to take their complaints to the OCR, the otherwise compliant physician has been put at risk.
From physicians to executives with health care providers and vendors, a consultation with a health industry lawyer can help establish compliance programs, policies and procedures and office training to ensure ongoing compliance.
In a recent presentation before the American Health Lawyers Association, a representative of the Office of Civil Rights mentioned that providers have had the past decade to come into compliance with the privacy and security rules. According to the OCR, time is up and the gloves are off. Expect audits and investigations to rise.
Hospitals, pharmaceutical companies, medical device manufacturers and large and small physician practice groups must hone their defenses. This includes:
- Establishing policies and procedures, implementing security and privacy measures, training their staff, and paying attention to HIPAA requirements.
- Performing risk assessments to identify areas of weakness and bolstering defenses to ensure compliance.
- Engaging experienced legal counsel to further identify areas of vulnerability and to protect the interests of the organization, regardless of whether a federal agency has served notification of pending investigation.
As the federal government increases its pursuit of cases of suspected fraud or patient privacy violations, health care providers who bill the government or are tasked with complying with regulations must make a conscious, concerted effort to ensure compliance.
The stakes are getting higher. As a health care executive or provider, you have to ask yourself: Can your organization or practice afford even the suspicion of fraud?
