We have been hearing reports from colleagues around the country of increased activity by CMS Zone Program Integrity Contractors (ZPICs).  ZPICs, like RACs and MACs, are contract auditors hired by CMS to detect and investigate payments made under the Medicare system.  Unlike MACs and RACs, ZPICs’ primary mission is to seek out potentially fraudulent or abusive practices and to turn over the results of their investigations to the OIG for criminal or civil prosecution.

In addition to more traditional sources for identifying fraud, such as complaints and referrals from law enforcement, ZPICs use data analysis to identify trends in claims that may signal fraud.  They have access to the CMS National Claims Data, allowing them to identify specific providers whose billing falls outside of local trends.  ZPICs are also able to review entire histories of individual patients and identify claims that do not seem consistent with the patient’s history.  They may also select audit subjects on general fraud alerts issued by other types of auditors.

ZPICs have the power to perform both pre-payment and post-payment audits.  They perform both Medical Reviews, which focus on coverage/coding issues for determinations of medical necessity, and Benefit Integrity reviews, which focus on possible fraudulent billing activity.  ZPIC audits are typically unannounced, or performed upon short notice.  They may include site visits.  The findings of an audit may be reported to the OIG without any prior notice to the provider.

ZPICs activities can lead to provider and supplier exclusions, pre-review suspension of payments, recovery of overpayments, and referrals of providers, suppliers, and beneficiaries to law enforcement officials.  Even a claim that has previously been subject to RAC denial and recoupment may be identified by the ZPIC and prosecuted for fraud by the OIG.  ZPIC audits typically are not random.

We have not seen ZPIC activity in Michigan yet.  However, with CMS’s increased focus on integrity in recent years, it is surely only a matter of time before ZPIC audits will begin in our state.  Providers should start soon to develop procedures for responding to contacts from ZPICs and, of course, continuing their efforts to maximize compliance with accounting and billing requirements.

If you have questions, contact Chris Garfield or Brian Kaser.

517.374.9008

December’s In Focus highlights two interesting news items that appeared on our desks recently.

Health Reform and the Supreme Court:  What’s Hiding in the Weeds

The Supreme Court will hear oral arguments in the challenges to the Affordable Care Act (“ACA”) in March, 2012.  The general press has reported exhaustively on the contests over the so-called “individual mandate” to purchase health insurance meeting federal requirements.  There is a less well known issue in the case that we think means even more in the Administration’s drive to federalize all of health care.

The Court agreed to hear arguments on whether the ACA’s expansion of mandatory Medicaid eligibility and coverage unconstitutionally coerces state governments in their exercise of a traditionally state function.  The states argue that Medicaid, while legally and technically a voluntary program, is too good of a deal for any state to pass up, and that the strings attached to taking the money (in the form of regulations) are mandatory as a practical matter, and thus impose unconstitutional restrictions on the states.

The fact that the Court agreed to hear this argument is important, because in the past it has refused to find regulations attached to voluntary programs to be coercive (e.g., federally imposed speed limits in the Interstate Highway System).  Commentators wonder whether that historical reliance on technical voluntariness may be up for reassessment.  A reversal or limitation of that established position could lead states to challenge other programs, including antidiscrimination requirements included in federal funding of state programs implementing Title VI of the Civil Rights Act, the Age Discrimination Act, and the Individuals with Disabilities Act.

For further detail, please contact Chris Garfield.

Worst Passwords

Forbes.com released an article listing the 25 “worst” computer passwords.  They include the ten most commonly used passwords: password, 123456, 12345678, qwerty, abc123, monkey, 1234576, letmein, trustno1, and dragon.  The entire list is available at: http://finance.yahoo.com/news/25-worst-passwords-2011-revealed-202955980.html.

Many programs and sites offer best practices for formulating passwords, and Forbes reiterated those.  It also reminded that a password should not be a name, a slang word, or any word in the dictionary, and that it should not include any part of the user’s name or email address.

Last week our home Wi-Fi installer combined our surname and address to “secure” our home network.  Apparently, he is not a Forbes reader.  (Brian Kaser)

Brian Kaser – Christopher Garfield – April Streeter

517.374.9008

RAC TO ADDRESS MICHIGAN NURSING HOMES

CGI Technologies and Solutions, Inc., the CMS Region B Recovery Auditor (“RAC”), recently announced the first SNF-related RAC audit initiative covering Michigan nursing homes.

CGI will be reviewing SNF consolidated bills with service dates from July 1, 2008 to the present looking for services that were billed separately, but which should have been included in the SNFs’ consolidated billing.

For guidance on Consolidated Billing, see Chapters 6 and 20 of the Medicare Claims Processing Manual.

In other Recovery Audit news, CMS announced that, effective January 1, 2012, RACs will no longer issue demand letters for the overpayments they identify.  Those will now be issued by Medicare Administrative Contractors (“MACs”), based on RAC audits, following the same process MACs follow for other payment recoupment.  The demand letters will include the name and contact information for the RAC that made the determination, however, and questions about the RAC decision must still go to the RAC where, possibly, they will be answered.  Appeals from demand letters will still be going into the same administrative appeal process provided for non-RAC denied claims.

OUTSIDE CONTRACTORS AND THE ELDER JUSTICE ACT

Brian Kaser has been part of a discussion among members of the LeadingAge national legal committee regarding the reach of the Elder Justice Act (EJA), which requires virtually any nursing home owner or operator to notify each “covered individual” every year of that individual’s obligation to report certain crimes or suspected crimes against any resident.  Most nursing facilities are familiar with that requirement.

The question in the committee was what steps a facility must take to “annually notify” a covered individual who is an “agent” or “contractor” of the facility.  CMS has not issued guidance.  The consensus of the committee was that it is likely that the term would be interpreted to mean a non-employee who actually provides services to or on behalf of the facility and comes into resident areas.  Thus, a “contractor” might include an independent custodial or therapy company.  The term would not include suppliers of food, pharmacy, fuel and other goods.  For the most part, the members agreed that sales representatives, even those whose companies have contracts with a facility, are not “contractors” under the meaning of the statute.

It is possible to make divisions so fine that the cost of administering them outweigh the burden of broad compliance.  Where a facility sends out its own 1099 forms every year, it can easily include a copy of the notice required by the EJA, and thus every “contractor,” whether more like a vendor or more like a contracted employee, can receive the required notice, and the obligation can be fulfilled.  A more elaborate strategy would be to require each contractor to acknowledge the EJA and its requirements in each written contract, or in its Business Associate Agreement.

Many facilities have also heard from consultants and other lawyers that the extreme frequency with which suspected offenses against residents will be pouring into sheriffs’ offices suggest that facilities should prepare their local law enforcement staff to hear these reports.  If the facility establishes a reporting protocol with local law enforcement, that protocol can be furnished to the contractor along with the annual notice, as well.

For more information, please call 517.374.9008

Brian Kaser – Christopher Garfield – April Streeter

Healthcare organizations live amidst a web of contracts.  Most have fixed terms, after which the parties are free to renew the relationship or not, as they please.  Alternatively, contracts without a fixed term can provide for termination without cause, usually upon some agreed upon prior notice.  A third group of contracts renew automatically for successive terms unless one party timely notifies the other of its intent to end the relationship.  These contracts are commonly called “evergreen.”

We have long been skeptical of evergreen contracts.  In our experience, evergreen terms are often simply a tool to bind customers to a contractor.  When coupled with difficult conditions for escaping the contract for non-performance, an evergreen arrangement can be a costly indenture.  Some managers prefer evergreen contracts, however, because they avoid paying for goods or services without an underlying agreement, an important thing when an auditor inspects the records.

Our view on evergreen contracts has changed over the last several months with respect to one group of contracts: Agreements between institutions and physicians who refer patients or other business to them.  In most cases the expiration of an agreement has little consequence, if the parties continue to perform as if it remains in effect.  Where a referring physician is involved, however, the expiration of a written agreement can cause the relationship to fall outside the protection of the Stark II law, and render all the referred business unpayable by Medicare or Medicaid.

Stark II allows and protects financial relationships with physicians if the relationship is stated in a written agreement having a term of at least one year.  The legal professional press has reported CMS and Office of Inspector General actions against institutions who have allowed their physician contracts to expire; even though such “violations” of Stark II are technical and inadvertent, money penalties have been paid.

An evergreen contract with a physician or physician group can avoid that particular problem by never expiring without affirmative action by one party or the other.  We continue to recommend, however, that when contracting with physicians, healthcare institutions negotiate a no-cause termination procedure, effective at least after the first term.  Otherwise, all the faults of evergreen contracts will be present, tying the institution irrevocably to the contracting physician, regardless of the quality of the relationship, for full successive terms of the agreement.

For more information, please call 517.374.9008

Brian Kaser – Christopher Garfield – April Streeter

General media have widely reported a May, 2011 report by the DHHS Office of Inspector General (OIG) in which that office argued that antipsychotic medications are being misused and overprescribed that in nursing homes .^[1] Most OIG reports get little public attention, but this one has provoked an unusual public exchange of views in editorial pieces by Daniel Levinson, the DHHS Inspector General, and Daniel Carlat, a psychiatrist and professor of medicine at Tufts University (and blogger).  In addition, Mr. Levinson has been quite visible in electronic media and in the New York Times addressing the issue.  Mr. Levinson appears to be breaking new ground by posting editorial comment in addition to his office’s official report.  His opinion piece carries the usual “personal views only” disclaimer, but it appears prominently on the OIG website.^[2]

The editorial by Mr. Levinson was the opening challenge in this public debate.  He claims that 88% of antipsychotic medications administered in nursing homes are provided to individuals with dementia.  The study did not say why that was so, Mr. Levinson said, but he stated that qui tam (whistleblower) lawsuits, many assisted by the OIG, “suggest” that drug manufacturers drive the pattern by promoting off-label use of their medications.  The larger part of the editorial recounts several cases the OIG has brought against off-label marketing, emphasizing the Risperdal and Zyprexia cases.  He urged physicians to use their “best medical judgment” to solve the problem.

The Levinson piece leaves the reader wondering whether the OIG’s concern is the risks and benefits of antipsychotic medications for dementia sufferers or the amount Medicare could recover from suppression of their use.  Dr. Carlat clearly sees it as the latter.

Dr. Carlat’s response^[3] accused Mr. Levinson of “ratcheting up the rhetoric” in his editorial interviews.  The doctor bemoaned Mr. Levinson’s “astonishingly poor understanding of the workings of medical care in general and psychiatric care in particular.”  He took aim at the editorial’s focus on off label prescribing, noting that many drugs are commonly, and legally, prescribed for off label use,  and regularly reimbursed for, while not payable under the Levinson analysis.

Dr. Carlat defended the use of psychoactive medications for agitation in dementia patients partly on the grounds that there is no FDA-approved medication for the condition, a fact Dr. Carlat ascribes partially to the high cost of FDA-required studies.  Agitation is often due to psychosis, he claimed, and can be dangerous to patients, staff and families.  He asserted that more “government auditors” will not solve the problem, but that expansion of effective and humane treatments for dementia is needed.  Mr. Levinson has not responded to Dr. Carlat’s comments.

Will this unusual public debate affect providers?  In our view the editorial signals a heightened OIG interest in prohibition of and recovery for off-label medication use by CMS and OIG.  The OIG seldom undertakes any enforcement initiative without advance notice to the public in some form and this clearly is such a signal.^[4]

CMS has little effective capacity to control directly the prescribing behavior of physicians, because it does not pay physicians for the medications.  But is can decline to pay those who supply medications under circumstances of which it disapproves.  Instead of “retail” auditing of physicians, it can reach suppliers and nursing homes’ claims on a more “wholesale” basis.  One can easily conclude that the OIG, or perhaps Congress itself, will soon try to force CMS to start collecting diagnosis data to support prescriptions and medications administered in licensed facilities.  (CMS has rejected so far the OIG report’s recommendation to that effect.)

Recovery audit contractors are an apt method to implement the off-label review that the OIG seeks, however.  RACs are not active in nursing homes in Michigan yet, but when they enter the field, we expect that this will be a common field for recovery.

For more information, please call 517.374.9008

Brian Kaser – Christopher Garfield – April Streeter

[2] http://www.cnn.com/2011/OPINION/05/31/levinson.nursing.home.drugs/index.html

[3] http://www.cnn.com/2011/OPINION/05/31/carlat.nursing.home.drugs/index.html

[4] The OIG annual Work Plan is a common source of guidance for compliance officers.

In Mid-April CMS formally announced two initiatives that may affect Michigan providers, especially those serving elderly and dually eligible individuals.  The announcements came in an April 14, 2011 press release.

Pilot Program Grants for Dual Eligibles

First, CMS announced that Michigan is one of 15 states to be awarded federal funding to develop plans for coordinated services for dual eligibles.  The grant program is a two-phase plan; further grants may be available for implementation of plans that the states develop.  The maximum amount of grant is $1 million.   CMS did not announce the amount awarded to our state.  CMS described its requirements this way:

Under the State Demonstrations to Integrate Care for Dual Eligible Individuals, selected states will be awarded up to $1 million ­­to design strategies for implementing person-centered models that fully coordinate primary, acute, behavioral and long-term supports and services for dual eligible individuals.

The similarity to accountable care organization (ACO) philosophy is fairly obvious in this program;  while ACOs are primarily said to be intended to address cost savings in Medicare, because so many Medicare subscribers are dual eligibles, ACOs are bound to cover much of the same ground that would be required in any multi-level integration of the two public payment systems.

New Rule for Section 1915 Waivers

Second, the press release announced a new proposed rule establishing criteria for CMS 1915 waivers for expansion of HCBS programs.  The announcement appears at 76 FR No. 73, pp. 21311 – 21317.  CMS has opened the comment period, which closes on June 14, 2011.        The proposed rules are intended primarily to convey CMS’s “expectations” regarding person-centered care in waiver programs.

By combining currently separate types of waivers, the Rule could share some of the political sensitivity that attends Medicaid block grant proposals, in that it may well bring out competing interests in the Medicaid program, among seniors, mental health and disabled persons.   The latter group were a significant force in the formation of the rules, according to LeadingAge’s policy staff.

Of special interest to providers of services is the definition of “community.”   The narrow definition in the proposed rule excludes any building or campus where “institutional” services are also provided.  That could encompass co-location of community based and residential programs, and may well affect CCRCs and agencies whose sites include assisted living buildings, putting HCBS out of the reach of individuals who reside in them.

For more information, please call 517.374.9008

Brian Kaser – Christopher Garfield – April Streeter

On March 31, 2011, several federal agencies began releasing their proposed rules, guidance, and requests for public comments related to the Accountable Care Organization (ACO) provisions of the Accountable Care Act (ACA).

Under the ACO model, a group of providers work together to coordinate care for Medicare beneficiaries in an effort to reduce overall costs and improve patient care.   Because an ACO is responsible for coordinating care across many health care settings, it could be suspect under several regulatory schemes, ranging from anti-trust to Stark and the Anti-Kickback Statute.

The proposed rules and other materials released on March 31 are our first glance at how CMS, the OIG, the IRS and the FTC, among others, will revise or reinterpret their rules to allow ACOs to operate.  The publications released on March 31, 2011 are:

• CMS Proposed Rule for Medicare Shared Saving Program: Accountable Care Organizations, 42 CFR 425

Available Here

• CMS/OIG Notice (with comment period) on Waivers of Stark, Anti-Kickback Statute and Civil Monetary Penalty Provisions related to Accountable Care Organizations
  

Available Here

• Joint Notice (with comment period) for the Federal Trade Commission and Department of Justice on Anti-trust Enforcement Policy

Available Here

• IRS Request for Comments regarding application of tax-exempt organization provisions to providers participating in ACOs

Available Here

• CMS Fact Sheets on several ACO topics including, Patient Centered Care, Compliance Concerns, Quality of Care, and a Summary of the Proposed Rule

Available Here

We will continue to follow developments in this area and provide more detailed summaries of these regulatory matters as we continue our review.

For further information on the published material, contact Brian Kaser or Chris Garfield at (517) 374-9008.

CMS has issued a final rule, effective March 25^th, 2011, implementing new screening requirements for Medicare, Medicaid, and CHIP programs providers and suppliers[1].  Under the new rule, published at 76 Fed.Reg 22, CMS will place newly enrolling and revalidating providers and suppliers into one of three screening categories, which will determine the procedures to be used by the Medicare Administrative Contractor (MAC) in processing applications for enrollment or revalidation.  The categories are determined by the level of risk of fraud, waste, and abuse that CMS determines apply to each type or supplier or provider.

Implementation Date

These new provisions apply to newly enrolling providers beginning March 25, 2011.  For suppliers and providers who are already enrolled the rules apply to revalidations beginning on March 25, 2011.  For Medicare providers and suppliers, this will impact current providers and suppliers whose 5-year revalidation cycle (3-year for DMEPOS) require revalidation on or after March 25, 2011 and before March 23, 2012.

Medicare Screening

Most Medicare providers and suppliers are in the “limited” risk category.  The screening procedures for them are unchanged.  They include:

1.      Verification of provider/supplier-specific Medicare requirements;

2.      License verification;

3.      Data base checks to verify information of practitioners, owners, authorized officials, delegated officials, or supervising physicians;

The “moderate” risk category includes: hospice organizations, physical therapy (including physical therapy groups and portable x-ray providers), and currently enrolled (revalidating) home health agencies.  For providers and suppliers in the “moderate” risk category, in addition to the current procedures, the enrollment/revalidation process will include:

4.      Unscheduled or unannounced site visits to assure that suppliers and providers are operational, meet Medicare Standards, and have not changed location without informing CMS.

Providers and suppliers in the “high” risk category include:  Newly enrolling home health agencies and newly enrolling suppliers of DMEPOS.  A new enrollment includes reenrollment after a change of ownership.  For providers and suppliers in the “high” risk category, the screening, in addition to the procedures for “limited” and “moderate” risk suppliers and providers, will eventually include:

5.      Fingerprint-based criminal history checks of law enforcement repositories for all owners, authorized or delegated officials, or managing employees of the supplier or provider.  This provision will be further clarified by further guidance, and will be required 60 days after that guidance is issued.[2]

Medicaid and CHIP program Screening

States may rely on the screening conducted by the MAC to meet the provider screening requirements of Medicaid and CHIP, and of course may impose higher standards.  States will use the same screening levels determined by CMS for types of suppliers and providers recognized by Medicare.  For suppliers and provider types not recognized by Medicare, states are required to do their own risk assessment and to assign those suppliers and providers to risk categories.

Additional Provisions

Application Fees: under the rule, applications for new enrollment, the establishment of a new practice location, and revalidation require an application fee.  For calendar year 2011, that fee is $505.  While this is required beginning March 25, 2011, there may be a delay in instituting these fees.  Check with your MAC.

Moratorium on New Medicare Providers: CMS may impose a moratorium on enrollment of new providers and suppliers of a particular type, or the establishment of new practice locations of a particular type, in a particular geographic area, based upon CMS’ assessment of risk of abuse by type and area.

The Final Rule is available here.

If you have questions, please feel free to contact Brian Kaser or Chris Garfield at Brian Kaser, PLC – (517)374-9008.

[2] The actual start of the fingerprint process will come after detailed procedures are developed by CMS.

A recent high-profile settlement between the Department of Health and Human Services Office of Civil Right (“OCR”) and Massachusetts General Hospital (“Hospital”) for alleged violations of the HIPAA Privacy and Security Rules illustrates some risks of government intervention in HIPAA cases.  The Corrective Action Plan that resulted as a part of that settlement signals a pattern in OCR settlement demands, and may serve as a guide to other providers as they implement, review, and refine their own HIPAA policies.

In 2009, a Hospital employee left paper billing encounter forms on the subway, after taking them home for weekend work.  The records contained protected health information (“PHI”) on 192 individuals. They were not recovered.

The Hospital settled with OCR for $1 million and agreed to complete a three year “Corrective Action Plan.”  The Plan requires the Hospital to do all of the following:

1.     Develop, maintain, and revise its policies and procedures governing the physical removal of PHI from the Hospital’s premises, and addressing the use of encrypted laptops and USB drives;

2.     Train all employees regarding the revised HIPAA policies and procedures and train all new hires within 15 days of employment;

3.     Review the training annually and make sure it is consistent with changes in federal law, Health and Human Services (“HHS”) guidance or revisions to its own policies and procedures; and

4.     Use the Hospital’s Director of Internal Audit Services to conduct assessments and monitor implementation of compliance with the Corrective Action Plan as the “Monitor.”  Significantly, OCR required that the Monitor not be the Hospital’s Privacy Officer or Compliance Officer, as OCR has allowed with other facilities.

By actively monitoring, revising, and training on their HIPAA policies, providers can minimize the risk of crippling monetary penalties.  Massachusetts General could have protected itself with an enforced policy requiring that PHI removed from a secured office space or digital device, especially if taken from the provider’s premises, be carried only on a secure (encrypted) device.

For further information on compliance issues, contact Brian Kaser or Chris Garfield at (517) 374-9008.

Brian Kaser – Christopher Garfield – April Streeter

517.374.9008

Medicare Payment – Skilled Nursing Facilities

Upholding the ruling of the Medicare Appeals Council (MAC), a federal court in Minnesota has ruled that a Medicare Advantage (MA) beneficiary’s enteral gastric (g-tube) feedings met the requirements necessary to qualify for Medicare post-hospital SNF care.  The court’s rationale is described below.

The insurer, supported by Maximus Federal Services and a DHHS Administrative Law Judge, held that because CENAs documented periodic checks of the g-tube, the services were not performed entirely by nurses, as the regulation requires.  The court ruled, however, that nurse initials documenting RN or LPN administration of the nutrition showed compliance with the requirement that the services be furnished on a daily basis by qualified persons.

A main objection by the insurer was that the resident’s pre-admission hospitalizations were made upon admitting diagnoses of pneumonia, and that the g-tube feeding was administered in the SNF for impaired swallowing, and not the “admitting” diagnosis as required by the payment regulations.  (In one of the SNF admissions in question, the resident’s post-hospitalization respiratory condition was documented as “stable” and “PLOF” while the feedings continued.)  The court found that the record contained evidence that the beneficiary’s g-tube feeding needs and his pneumonia both stemmed from a stroke, and that that was the condition for which he was either hospitalized or immediately admitted to SNF care.  Readers of the opinion should remember that the reviewing court did not independently find that fact, but ruled only that there was “substantial evidence” to support the conclusion.  In another case, with a less adventurous or creative presentation in favor of payment, another result might be had.  The case shows, however, that persistence can pay off in Medicare payment cases.

The case is United HealthCare Insurance Co. v. Sebelius, D. Minn., 09-019-27, January 7, 2011, and can be found in the CCH Medicare and Medicaid Guide.

Reminder on “generic” Advance Beneficiary Notices

A September, 2010 decision from a federal District Court in Maryland is a reminder to providers and suppliers of what an Advance Beneficiary Notice (ABN) must contain in order to be effective.  At issue were certain DME items furnished to a beneficiary, under circumstances in which Medicare coverage of the devices was uncertain.  The ABNs at issue stated:

The [BIO-1000] is not the subject of either an affirmative coverage or non-coverage Medicare policy. Accordingly, it is unclear what criteria Medicare will use when evaluating whether the device was reasonable and medically necessary for you. Medicare will not pay for a device it does not deem reasonable and medically necessary.

The Court wrote that  “Generic ABNs” are defined as “routine ABNs to beneficiaries which do no more than state that Medicare denial of payment is possible,” citing the Claims Processing Manual, Ch. 30, §40.3.6.1.  On the other hand, it stated, an ABN may successfully protect the supplier from liability if it “specif[ies] the service and a genuine reason that denial by Medicare is expected.”  The Court criticized the supplier’s ABNs because, according to the Court, they stated only that “Medicare will not pay for a device it does not deem reasonable and medically necessary.”  This was a generic statement that does not provide sufficient details concerning the “genuine reason that denial by Medicare is expected,” according to the Court.

The supplier also argued that because CMS had not issued any definitive ruling on the medical necessity of the DME at issue, it should be excused any shortcoming in the ABN.  Here, the supplier’s own caution was its downfall.  The Court relied upon HCFA Ruling 95-1 (noting that where a provider issues “written notice of the likelihood of Medicare payment denial for a service or item to the beneficiary,” this constitutes “sufficient evidence that the provider knew or should have known that the services or items would be denied).  Because the supplier submitted ABNs to its beneficiaries, the Court ruled that it knew that its subsequent claims would likely be denied coverage, and therefore could not transfer liability to CMS.  The regional MAC’s issuances on coverage, while not definitive as to all of CMS, were sufficient notice of noncoverage to support a more specific ABN, the Court believed.

The case is Almy v. Sebelius, U.S. Dist. Ct., D. MD, no. RDB-089-1245 (2010), reported at CCH 303545.