The Centers for Medicare and Medicaid Services (CMS) continues to mull over the knotty problem of what it means to identify an overpayment from the government. Healthcare providers do not have the same luxury.
Five years ago, the Affordable Care Act required a provider that received an overpayment from the government to report and repay it within 60 days of identifying the overpayment. 42 U.S.C. 1320a-7(k)(d). Not satisfied with simply requiring prompt repayment, Congress also decreed that failure to make repayment within the 60-day limit creates potential liability under the False Claims Act. 80 FR 8248. In 2012, CMS stirred up controversy when it issued draft guidance implementing the 60-day rule. 77 FR 9179. The proposal was never finalized. 80 FR 8248. In an unusual move, CMS recently announced that it will postpone its rulemaking for yet another year beyond the normal three year limit. 80 FR 8247.
Like CMS, each provider must grapple with the question of whether an overpayment has been identified, even though that term is not defined in the statute. Whatever its details, the CMS rulemaking is certain to require an organization to make a reasonable inquiry into information it has received about an overpayment rather than hide its head in the sand (known legally as deliberate ignorance or willful blindness).
Although CMS may have postponed its implementing regulations, the statutory mandate is in effect. 80 FR 8248. Relators and the government have begun seeking up to treble damages by litigating against providers for failure to make timely repayment. For example, the government recently intervened after a relator sued Continuum Health Partners, Inc. in New York. See Complaint.
That litigation illustrates that relators and the Department of Justice are not waiting for CMS and neither can you. Despite uncertainty about how the regulations will try to incorporate the incredible variety of situations possible in health care, each provider must remain vigilant about identifying and returning overpayments it may have received from the government or face the enhanced penalties that may result.
News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example). And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)). Because health care data is such a hot commodity on the black market, hackers often target health care providers and other entities who have health care data. Data breaches aimed at health care information were way up last year, and attempted data breaches are only expected to increase.
Encryption, which Anthem didn’t have according to news reports, goes a long way toward securing this sensitive data. However, even with encryption, it is worthwhile for providers large and small to review existing data security/breach response policies or institute new ones targeted at current technologies. Considerations include:
- Organize your data network and know what information you have and where it is (including technologies like cloud computing, printer/copiers, and employees’ mobile devices);
- Update encryption, password, and remote access policies and ensure they are followed;
- Perform a risk assessment (and document it);
- Create a protocol to monitor unauthorized attempts to access data;
- Develop a plan to respond to a data breach, including technical, legal, and business continuation considerations;
- Plan for disclosures to employees, shareholders, individuals effected, media, and/or federal regulators as required
- Review state laws that may apply for additional reporting or safeguard requirements
For additional discussion, you can access recordings of our two-part webinar series on data security planning and response for healthcare providers, presented by Tom Zeno and Emily Root, along with Thomas Hibarger (Managing Director of Stroz Friedberg), and Justin Root, Special Agent – Cyber Crimes with the Office of Ohio Attorney General:
What Keeps You Up at Night: My Data’s Been Stolen: Now What? – Part I (materials and recording)
What Keeps You Up at Night: My Data’s Been Stolen: Now What? – Part II (materials and recording)
In 2004, the FDA promulgated requirements for drug print advertisements. FDA, 69 Fed. Reg. 6307 (May 10, 2004). Those regulations required “the entire risk-related sections of the FDA-approved professional labeling.” The FDA is now significantly changing its course because of “recent social science research” indicating that non-material information should be omitted from drug advertisements in print in order to be more effective for consumers. FDA, 80 Fed. Reg. 6998-99 (Feb. 9, 2015). Instead of listing all risks, the FDA is recommending that any print advertisement display:
- The most serious and the most common risks associated with the product, while omitting less important information.
- The indication for the use being promoted.
- The information regarding patient directives (such as “discuss with your health care provider any pre-existing conditions” or “tell your health care provider if you are taking any medications”).
- A statement that more comprehensive information can be obtained from various sources, including the manufacturer.
In addition to focusing on the most important risks, the FDA wants the information “presented in a way most likely to be understood by consumers.” However, the draft recommendation does not provide much guidance to manufacturers on how to do that. The burden will be on manufacturers to sort out what risks can be omitted and how to write in plain language “most likely to be understood by consumers.” 80 Fed. Reg. 6999.
These requirements would be permissive, and drug manufacturers could include more information if they desire. The FDA is currently seeking comments on the proposal.
The FDA’s revised draft guidance document, Brief Summary and Adequate Directions for Use: Disclosing Risk Information in Consumer-Directed Print Advertisements and Promotional Labeling for Human Prescription Drugs, details the proposed changes.
Just before the ball dropped to start the new year, the Centers for Medicare & Medicaid Services approved the Recovery Audit Contractor (RAC) to identify and recoup improper payments for durable medical equipment, home health and hospice care on a national basis (known as region 5). The contract, dated December 30, 2014, is the first one issued since Recovery Audit contracts were halted last summer. Providers must be vigilant when responding to an audit both because of the value of claims being questioned, but also because these audits can lead to civil and criminal fraud investigations.
Fortunately, the new contract incorporates changes addressing provider concerns with prior RAC arrangements, and these changes will apply to all future contracts with RACs. Other contracts have been delayed because of contract protest litigation.
Notable changes to the contracts will include:
- Limiting the size of Additional Document Requests based upon the denial record of the provider; lower denial rates mean lower document limits;
- Limiting the look back-period to six months from the date of service for hospital claims submitted within three months of the date of service;
- Imposing a 30 day delay to allow for a discussion request by the provider before a RAC can send a denial to be processed by the Medicare Administrative Contractor;
- Withholding payment of the contingency fee to the RAC until after a claim has gone through the second level of appeals; and
- Requiring RACs to maintain an accuracy rate of at least 95% and penalizing RACs for high overturn rates on appeal.
A detailed list of the changes can be found here.
On December 29th, the IRS released final regulations regarding Internal Revenue Code Section 501(r). Section 501(r) was added to the Code as part of the Accountable Care Act and imposes certain requirements on charitable hospitals. In general, the final regulations provide guidance on hospital obligations under Section 501(r), define the types of entities that must comply with these obligations, and describe the consequences for failing to meet Section 501(r)’s requirements.
More specifically, the final regulations include provisions addressing the following:
- A definition of what constitutes a “hospital organization” and “hospital facility” under Section 501(r);
- Guidance relating to minor errors and omissions under Section 501(r)’s disclosure requirements;
- Provisions regarding the preparation and documentation of Community Health Needs Assessments (“CHNAs”);
- Guidance regarding development of a Financial Assistance Policy (“FAP”), including eligibility criteria, publicizing the FAP, and development of emergency care policies;
- Limitations on charges to FAP eligible individuals; and
- Limitations on billing and collection activities relating to FAP eligible individuals.
The final regulations relating to Section 501(r) will be applicable to hospital facilities for the taxable year beginning after December 29, 2015. A copy of the final regulations may be found here.
The Centers for Medicare and Medicaid (“CMS”) issued a proposed rule broadening the definitions of “representative” and “spouse” in its Medicare and Medicaid conditions of participation and conditions of coverage in response to United States v. Windsor, 570 U.S. 12 (2013) — the U.S. Supreme Court decision striking down Section 3 of the Defense of Marriage Act (DOMA), which banned federal benefits for same-sex spouses, as unconstitutional.
This proposed rule will apply to all hospitals, ambulatory surgical centers, hospices, long-term care facilities, and community mental health centers as a condition for participation in the Medicare and Medicaid programs. Under the proposed rule, institutions that participate in Medicare and Medicaid must respect same-sex spouses’ decisions to designate their spouse as a “representative” or “spouse” as long as the couple is legally married “under the law of the state, territory, or foreign jurisdiction where the marriage was entered into.” CMS followed other administrative agencies that have used the place of celebration as the test for a valid marriage. This “state of celebration rule” extends to same-sex couples who reside in or seek treatment in a state that does not legally recognize their marriage. Now all spouses, regardless of sexual orientation, will be able to participate in various aspects of their spouse’s health care, including visitation and decision-making.
As the proposed rule currently reads, there are no exemptions for small or religious-based institutions. However, this issue may not be as charged as it once was, as one catholic health-care network will be offering health care benefits to same-sex spouses and domestic partners as of January 2015, which leads to the inference catholic institutions may no longer desire to use sexual orientation as a basis to treat individuals differently. Although it is only one at this point, others may soon follow suit. Moreover, it may be difficult to challenge this broad rule, as the Secretary of Health and Human Services’ (the “Secretary”) authority stems from various provisions of the Social Security Act, which authorizes the Secretary to establish requirements necessary in the interest of the health and safety of patients and agencies are given high deference in the rule-making process.
This proposed rule is open for comment for 60 days.
With the end of the year in sight, Congress remains busy in the health policy arena. Partisan talking points are expected to fly on Tuesday, when Chairman Darrell Issa (R-CA) will chair one of his final hearings in the House Committee on Oversight and Government Reform focused on the Affordable Care Act. Economist Jonathan Gruber, who has been reported as saying the “stupidity of the American voter” aided the White House in passing the health reform law, is expected to appear before the Committee. Marilyn Tavenner, Administrator of the Centers for Medicare and Medicaid Services (CMS), is also expected to testify. Administrator Tavenner will likely be asked about Obamacare implementation issues, including the misreported Obamacare enrollment figures that came to light after the midterm elections.
Washington continues to focus on the global treatment of Ebola. This past week, the Centers for Disease Control and Prevention identified a preliminary list of hospitals that have the resources, capacity, and preparation to treat Ebola patients. President Barack Obama is pressing Congress to authorize $6.2 billion in emergency funding to fight the virus in the United States and abroad. The Senate Committee on Foreign Relations, Subcommittee on African Affairs will also hold a hearing to hear testimony on keys to success for the international response.
Some lawmakers and outside groups are requesting a delay of the ICD-10 coding system implementation, which was originally set for 2013. If this movement gains enough traction, applicable delay language may be attached to a spending bill or other significant legislation.
While a permanent sustainable growth rate (SGR) patch is not expected to be passed before the holidays, such legislation will likely be taken up in the first months of the 114th Congress, before the current patch expires on March 31, 2015.
This Week’s Hearings:
- Tuesday, December 9: The House Committee on Oversight and Government Reform will hold a hearing titled “Examining Obamacare Transparency Failures.” The House Committee on Energy and Commerce, Subcommittee on Health will hold a hearing titled “Setting Fiscal Priorities.”
- Wednesday, December 10: The House Committee on Energy and Commerce, Subcommittee on Health will hold a hearing titled “Examining FDA’s Role in the Regulation of Genetically Modified Food Ingredients.” The Senate Committee on Foreign Relations, Subcommittee on African Affairs will hold a hearing titled “The Ebola Epidemic: The Keys to Success for the International Response.”
Accountable Care Organizations (ACOs) Proposed Rule Released
On Monday, December 1, CMS released the “Medicare Program; Medicare Shared Savings Program: Accountable Care Organizations” Proposed Rule. This proposed rule provides modifications to Accountable Care Organizations (ACOs) under the Medicare Shared Savings Program. The proposed rule makes changes to the current program by: clarifying and establishing new definitions of terms; adding a procedure for ACOs to renew their participation agreements; adding, clarifying, and revising the beneficiary assignment algorithm; expanding the types of beneficiary-identifiable data that would be given to ACOs in reports under the program, as well as simplifying the opt-out process for claims data sharing; and adding or modifying policies to encourage increased participation in risk-based models. CMS is soliciting comments from ACOs and other stakeholders on the use of telehealth technologies for the coordination of care for assigned beneficiaries.
Squire Patton Boggs attorneys recently published an article that discussed three anti-fraud elements of the Affordable Care Act (ACA) regarding maintaining financial integrity of the health insurance exchanges. Looking at those provisions, some may erroneously conclude that the ACA dramatically increased the damages that may be imposed for false claims made in connection with the exchanges. The article analyzes the three anti-fraud elements and concludes that only two made it into law: (1) the FCA is explicitly applicable to the exchanges; and (2) the conditions of eligibility for an insurer are material to the company’s entitlement to payments. The effort to impose treble-treble damages failed to make it into law, even though it was included in the legislation that passed.
It’s another record haul for the United States Department of Justice! In FY 2014, the DOJ ensured the collection of more than $ 24 billion from civil and criminal actions. The False Claims Act yielded a substantial portion of that total by having its own record setting recovery of $ 5.69 billion.
Healthcare fraud recoveries under the False Claims Act amounted to $ 2.3 billion, which makes this the fifth consecutive year in which such recoveries totaled more than $2 billion. The DOJ considers this “steady, significant and continuing success” attributable to the administration’s high priority fighting health care fraud.
Attorney General Holder, warning that these stiff penalties for white-collar misconduct will continue, said: “The False Claims Act was enacted both to protect vital taxpayer dollars and deter those who would misuse public funds. The department will continue to enforce the law aggressively to ensure the integrity of government programs designed to keep us safer, healthier and economically more prosperous.”
Whistleblowers continued to account for most false claims actions, and they netted a neat $435 million as a result of their complaints. This is certain to encourage the growing trend for more such complaints to be filed, especially by disgruntled employees.
“Be prepared” — that’s the take away. A robust compliance program is far cheaper to implement and execute than dealing with a fraud allegation that will cost large sums to investigate and defend. If you have any question about the adequacy of your compliance program, now is the time to examine and update it, if necessary. Your organization does not want to be part of next year’s record-breaking statistics.
In a recent blog post, we urged providers to ready themselves for publication of the 340B mega rule. The Health Resources and Services Administration (HRSA), however, has halted publication of that rule indefinitely. HRSA made this decision a month after the Pharmaceutical Research and Manufacturers of America (PhRMA) launched a new lawsuit challenging HRSA’s latest “interpretive rule” concerning treatment of orphan drugs. HRSA published its “interpretive rule” after PhRMA won a lawsuit that voided HRSA’s previous substantive 340B rule making on the issue.
HRSA will likely wait until 2015 before it issues proposed guidance for notice and comment that will address key policy issues regarding the integrity of the 340B program. HRSA is also planning to issue proposed rules pertaining to civil monetary penalties for manufacturers, calculation of the 340B ceiling price, and administrative dispute resolution.