Focus On Compliance
Abby Pendleton, Esq. and Jessica L . Gustafson, Esq.
The Health Law Partners, P.C., Southfield, MI
It is estimated that over 1.2 billion claims will be submitted to Medicare during fiscal year 2010 alone(1). This means that Medicare will process 4.5 million claims per work day, 574,000 claims per hour, and 9,579 claims per minute. Because of this volume, Medicare contractors process most claims without investigation or even reviewing medical records. As a result, the Medicare Trust Funds are vulnerable to the submission of false and fraudulent claims. Because of this, the Department of Justice (“DOJ”), the Department of Health and Human Services (“HHS”) and the Centers for Medicare and Medicaid Services (“CMS”) have taken steps to combat activities perceived to constitute Medicare fraud. Within this highly-regulated environment, it is important that health care providers focus on compliance, so that submitted claims can withstand any government scrutiny that may arise. This article will outline some of the initiatives taken by the DOJ, HHS and CMS to fight Medicare fraud and abuse and will identify rules all Medicare providers should remember when submitting claims to Medicare.
Increased Auditing Activity
As noted by President Obama in a recent White House Memorandum, “Reclaiming the funds associated with improper payments is a critical component of the proper stewardship and protection of taxpayer dollars, and it underscores that waste, fraud, and abuse by entities receiving Federal payments will not be tolerated.” Describing Medicare’s Recovery Audit Contractor (“RAC”) program, President Obama stated his support for the use of “Payment Recapture Audits” to identify improper Medicare payments(2).
Medicare claims are subject to increasing audit scrutiny. Not only do Medicare Affiliated Contractors (“MACs”) (or Medicare Carriers and Intermediaries) conduct their own audits, but also Medicare’s RAC program is now operational nationwide (and has recently been expanded to include Part C and Part D claims), and Zone Program Integrity Auditors (“ZPICs”) (or Program Safeguard Contractors (“PSCs”)) are conducting nationwide benefit integrity audits. Health care providers must be cognizant of this increased claims scrutiny and conduct themselves accordingly.
Civil False Claims Act Liability
Codified at 31 U.S.C. § 3729 (a), the Civil False Claims Act (the “Act”) is the government’s primary enforcement tool against providers. The Act prohibits any person from “knowingly” making, using, or causing to be made or used “a false record or statement to get a false or fraudulent claim paid or approved by the Government.” The Act defines the term “knowingly” to include a person having actual knowledge; acting in deliberate ignorance of the truth or falsity of the information; and acting in reckless disregard of the truth or falsity of the information. No proof of specific intent to defraud is required(3). On May 20, 2009, the Act was amended by the Fraud Enforcement and Recovery Act of 2009 (“FERA”). FERA amended the Act to extend liability under the Act to a provider who knowingly retains an overpayment, even if no false or fraudulent claim is actually submitted to the government. The Patient Protection and Affordable Care Act of 2010 (“PPACA”) requires that a known overpayment be reported and returned within 60 days from the date the overpayment is identified. Any overpayment retained after this date gives rise to liability under the Act. Any person found in violation of the Act is liable for treble damages, plus a penalty of not less than $5,000 and not more than $10,000 for each claim submitted(4). In 2009 alone, more than $1 billion was recovered under the Act(5).
(3) 31 U.S.C. § 3729 (b).
(4) 31 U.S.C. § 3729 (a).
There are many activities that give rise to liability under the Act. Among other activities, examples include not only billing for services that were not performed, but also performing inappropriate or unnecessary procedures in order to increase Medicare reimbursement; upcoding; bundling and/ or unbundling services; and retaining known overpayments.
Note, there are also laws that give rise to criminal responsibility (as opposed to just civil liability). For example, the Criminal False Claims Act, codified at 18 U.S.C. 287, states that:
Whoever makes or presents to any person or officer in the civil, military, or naval service of the United States, or to any department or agency thereof, any claim upon or against the United States, or any department or agency thereof, knowing such claim to be false, fictitious, or fraudulent, shall be imprisoned not more than five years and shall be subject to a fine... (6).
On June 9, 2010, a Texas pain management physician was indicted on charges of health care fraud. The government is seeking the forfeiture of the physician’s assets and a monetary judgment of $41.8 million. The 99-count indictment alleges that the physician caused to be submitted to Medicare, Medicaid TRICARE and the Texas Workers’ Compensation Commission claims for reimbursement for peripheral nerve injections, facet injection procedures, and Level four office visits, which were never performed (7).
(6) In addition to the Criminal False Claims Act, other statutes giving rise to criminal responsibility include (among others)Obstruction (18 U.S.C. § 1516), Mail Fraud and Wire Fraud (18 U.S.C. § 1341 and 1343), Conspiracy to Defraud the Government(18 U.S.C. § 286), RICO (18 U.S.C. § 1961 et seq.), and Making and Causing to be Made False Statements or Representations (42 U.S.C. § 1320a-7b(a)).
Health Care Fraud Prevention And Enforcement Action Team (“HEAT”)
While acknowledging the success the government has experienced combating Medicare fraud and abuse through the Civil False Claims Act and other statutory enforcement mechanisms, the government still desires to do more. In May 2009, the DOJ and HHS announced the creation of the Health Care Fraud Prevention and Enforcement Action Team (“HEAT”). The mission of HEAT is to prevent fraud, waste and abuse in the Medicare and Medicaid programs. HEAT will build upon and strengthen existing programs to combat Medicare and Medicaid fraud, waste and abuse.
One activity taken by HEAT is to develop Strike Teams in metropolitan areas with high rates of health care fraud and abuse. To date, Strike Teams are operational in Baton Rouge, Louisiana; Brooklyn, New York; Detroit, Michigan; Los Angeles, California; and the Miami-Dade and Tampa Bay areas of Florida. These Strike Teams have been instrumental in obtaining numerous health care fraud indictments and convictions in these areas.
Focus On Compliance
1. Physician practices must adopt and implement effective compliance programs.
While previously the adoption and implementation of a compliance plan was “voluntary” for physician practices, the Patient Protection and Affordable Care Act of 2010 (“PPACA”), mandates that providers and suppliers adopt a compliance program containing certain “core elements” as a condition of Medicare enrollment. Pursuant to a recently- issued proposed rule, published in the September 23, 2010 Federal Register(8), CMS has proposed that physicians’ compliance plans contain the following elements (comprised of the elements described in the U.S. Federal Sentencing Guidelines Manual):
- A physician practice must develop and distribute written policies, procedures and standards of conduct to prevent and detect inappropriate behavior;
- A physician practice must designate a chief compliance offer (and other appropriate bodies) to operate and monitor the compliance program. The compliance officer and/or other governing body must report to high level personnel;
- The physician practice must use reasonable efforts not to include any individual in a position of authority that the organization knew or should have known has engaged in illegal activities or conduct inappropriate for an individual in such a position;
- The physician practice must develop and implement regular and effective education and training programs for the governing body, all employees and agents, as appropriate;
- The physician practice must maintain a complaint process, which protects the anonymity of complainants and protects whistleblowers from retaliation;
- The physician practice must develop a system to respond to allegations of improper conduct and enforce appropriate disciplinary action against employees who have violated internal compliance policies, statutes, regulations and Federal health care program requirements; and
- The physician practice must use audits and/or other evaluation techniques to monitor compliance and reduce identified problem areas; and
- The physician practice must investigate and remedy identified systemic problems, including making any necessary modifications to the organization’s compliance and ethics program.
2. A physician is legally responsible for claims submitted under his or her billing number.
Physicians are legally responsible for all claims submitted under their billing numbers. This is true even if a physician uses an in-house or outside coder and biller for the submission of claims. Accordingly, physicians must ensure that they stay educated and apprised of billing activities taken on their behalf.
3. A physician is responsible for knowing Medicare policy.
Physicians are legally responsible for knowing Medicare policies regarding the services and procedures they perform, including policies on documentation. Pursuant to federal regulations, a physician will be deemed to have knowledge of a Medicare coverage policy if the Medicare Affiliated Contractor (“MAC”) (i.e., Medicare Carrier or Intermediary) provides actual notice to the physician regarding coverage; if CMS has provided notices related to the subject service (e.g., Manual issuances, bulletins or other written guides); and/or if a National Coverage Decision has been adopted with respect to the service (9).
Many physicians believe that Medicare policies address billing and coding issues only; this simply is not true. Physicians must keep in mind that Medicare policies address not only billing and coding practices but also documentation. As a best practice, physicians should set up a system to obtain, distribute, provide education regarding and maintain information relevant to the services and procedures provided.
(9) 42 C.F.R. § 411.06 and Medicare Claims Processing Manual (CMS Pub. 100-04), Chapter 30, § 40.1.
4. If billing “incident to,” a physician must understand the “incident to” rules.
Medicare policy recognizes that physicians often receive assistance from non-physician practitioners (i.e., nurse practitioners, physician assistants, etc.) in the course of providing services to their patients. Where such services are an integral, although incidental part of the physician’s professional service; commonly rendered without charge or included in the physician’s bill; of a type that are commonly furnished in the phy- sician’s offices or clinics (i.e., not in the hospital setting); and furnished by a phy- sician or by auxiliary personnel under the physician’s direct supervision, such services may be billed “incident to” the physician’s service and are reimbursed at 100 percent of the physician fee sched- ule. Although anesthesia providers do not bill services “incident to,” some pain practices choose to take advantage of this concept.
In order to bill for “incident to” services, the physician must employ or contract with the non-physician practitioner. In addition, the physician must have an existing physician-patient relationship; that is, the physician must first conduct an initial visit with the patient to establish the physician-patient relationship prior to billing any services pursuant to the “incident to” guidelines. Further, the physician must directly su- pervise the services rendered. In order to provide “direct supervision” as required by Medicare, the supervising physician need not be in the same room with the non-physician practitioner; however, the physician must be present in the office suite and immediately available to pro- vide assistance and direction throughout the time the practitioner is performing services.(10).
In the course of appealing numer- ous recent post-payment audit determi- nations, this office has seen an increase in denials related to “incident to” ser- vices. For example, in one recent audit with which this office was involved, the Medicare contractor denied numerous services billed “incident to” the physi- cian’s services, where the physician had not visited the patient to conduct an initial patient visit, and accordingly there was no existing physician-patient rela- tionship. All visits were performed by a nurse practitioner and billed “incident to” the physician’s service. Although “in- cident to” remains an acceptable way to bill Medicare for services incidental to the physician’s services rendered by non- physician practitioners, physicians must be cognizant of the rules surrounding such services, and ensure that such ser- vices (and, importantly, the supervision provided) are fully documented.
(10) 42 C.F.R. § 410.26 and Medicare Benefit Policy Manual (CMS Pub. 100-02), Chapter 15, § 60 et seq.
5. Services a physician provides must be medically necessary in order to obtain Medicare reimbursement.
Social Security Act confers to patients entitlements to a range of medical services defined by broad categories. Pursuant to Sections 1831 and 1832 of the Social Security Act, Medicare Part B provides coverage for a variety of services not covered under Medicare Part A. The Social Security Act also describes exclusions from coverage, most notably including payment for expenses incurred for items or services that are not reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member. Generally speaking, a service may be covered if it is reasonable and necessary under Section 1862 (a) (1) (A) of the Social Security Act.
Auditors and medical reviewers routinely deny claims on a post-payment basis because an item or service is found not to be medically necessary. This office has seen an increase in post-payment audits of pain practices over the past year, several of which are being conducted by Zone Program Integrity Contractors (“ZPICs”) (or Program Safeguard Contractors (“PSCs”). It is essential that when a physician documents a service performed, such documentation must establish for the reviewer of the medical necessity for the service rendered.
6. Documentation is key.
In order to establish the medical necessity for the service performed, documentation must be thorough. According to the Office of Inspector General (“OIG”) Compliance Program for Individual and Small Group Physician practices, “[O]ne of the most important physician practice compliance issues is appropriate documentation of diagnosis and treatment. Physician documentation is necessary to determine the appropriate medical treatment for the patient and is the basis for coding and billing determinations.”(11).
Keeping in mind that auditors and claim reviewers oftentimes are nurse reviewers without specific expertise in a physician’s practice area, it is essential that documentation paint a picture for the reviewer of medical necessity. Each note should establish the medical necessity for the service provided. Specifically:
- The record should be complete and legible;
- Each encounter should include the reason, relevant history, exam findings, prior test results, assessment, clinical impression or diagnosis, plan of care, date and identity of the observer. Records should take into account any applicable National Coverage Decision or Local Coverage decision;
- If not documented, the rationale for ordering a test or service should be easily inferred, and past and present diagnoses should be accessible.
By way of example, with respect to pain management physicians, documentation of visits should include the patient’s diagnosis; the patient’s pain history; a description of prior treatments and the patient’s response to each treatment; the rationale for the encounter; documentation of the location and intensity of pain; any other information required by a Medicare Local Coverage Decision; and any other information that will help establish the medical necessity for the service or procedure performed.
One key issue for anesthesia providers is to ensure appropriate documentation of compliance with the medical direction requirements. Pursuant to 42 C.F.R. § 415.110 (b):
The physician alone inclusively documents in the patient’s medical record that the conditions set forth... have been satisfied, specifically documenting that he or she performed the pre-anesthetic exam and evaluation, provided the indicated post-anesthesia care, and was present during the most demanding procedures, including induction and emergence where applicable.
CMS has not provided specific instruction regarding the way that this documentation must be accomplished. There are numerous ways that medical direction can be documented (e.g., individual attestation statements with a comment section; a combination of attestation statements and time line initialing; handwritten notations with no formal attestations; etc.). Whichever way is chosen, documentation should establish that the anesthesiologist fulfilled its regulatory obligations with respect to all of the following responsibilities:
- The anesthesiologist performed the pre-anesthetic exam and evaluation;
- The anesthesiologist prescribes an anesthesia plan;
- The anesthesiologist participates in the most demanding procedures of the anesthesia plan including, if applicable, induction and emergence;
- The anesthesiologist ensures that any procedures in the plan that he or she does not perform are performed by a qualifying individual;
- The anesthesiologist monitors the course of the anesthesia at frequent intervals;
- The anesthesiologist remains physically present and available for the immediate diagnosis and treatment of emergencies; and
- The anesthesiologist provides post-anesthesia care, as indicated.(12)
(11) 65 Fed. Reg. 59434 at 59440 (October 5, 2000).
(12) 42 C.F.R. § 415.110.
8. Physicians may not routinely waive co-payments.
Physicians must not routinely waive copayments. Routinely waiving copayments could result in potential Civil False Claims Act violations (e.g., liability arises under when a claim misstates an “actual charge”). Routinely waiving copayments also could create exposure under the Anti-Kickback Laws (e.g., advertising to waive co-payments in order to solicit new patients). The waiver of copayments is allowed in special circumstances in consideration of a patient’s financial hardship. If a physician chooses to waive a co-payment for this reason, the physician should document the hardship and document the physician’s collection efforts.
9. Credit balances must be returned.
A physician may not keep monies that are not owed to him or her. Credit balances must be returned. As noted above, the Fraud Enforcement and Recovery Act of 2009 (“FERA”) amended the Civil False Claims Act to extend liability to a provider who knowingly retains an overpayment, even if no false or fraudulent claim is actually submitted to the government. The PPACA expanded on the amendments made by FERA to the Act and requires that an overpayment be reported and returned within 60 days from the date the overpayment is identified. Any overpayment retained after this date gives rise to liability under the Act. For these reasons, it is imperative that credit balances are returned.
All physicians must be cognizant of the increased scrutiny under which Medicare claims are reviewed. In the highly-regulated health care environment, physicians are well advised to keep compliance activities in the forefront and keep the billing tips outlined herein in mind when submitting claims to Medicare and other payors.
Abby Pendleton and Jessica L. Gustafson are partners with the health care law firm of The Health Law Partners, P.C. in Southfield, Michigan. The firm represents hospitals, physicians, and other health care providers and suppliers with respect to their health care legal needs. Pendleton and Gustafson specialize in a number of areas, including but not limited to: Recovery Audit Contractor (RAC), Medicare, Medicaid and other payor audit appeals, healthcare regulatory matters, compliance matters, reimbursement and contracting matters, transactional and corporate matters, and licensing, staff privilege and payor de-participation matters. They can be reached at email@example.com and firstname.lastname@example.org.