On May 31, 2017, the US Department of Justice announced a Settlement Agreement under which eClinicalWorks, a vendor of electronic health record software, agreed to pay $155 million and enter into a five-year Corporate Integrity Agreement to resolve allegations that it caused its customers to submit false claims for Medicare and Medicaid meaningful use payments in violation of the False Claims Act.
The Office of Inspector General (OIG) recently published a final rule regarding its exclusion authorities. The final rule goes into effect March 21, 2017, and expands OIG’s authority to exclude certain individuals and entities from participating in federal health care programs under section 1128 of the Social Security Act.
According to a report released last week, the Health Care Fraud and Abuse Control Program (HCFAC) returned over $3.3 billion to the federal government or private individuals as a result of its health care enforcement efforts in fiscal year (FY) 2016, its 20th year in operation. Established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) under the authority of the Department of Justice (DOJ) and the Department of Health and Human Services (HHS), HCFAC was designed to combat fraud and abuse in health care. The total FY 2016 return represents an increase over the $2.4 billion amount reported by the agencies for FY 2015.
The report serves as a useful resource to understand the federal health care fraud enforcement environment. It highlights costs and returns of federal health care fraud enforcement, providing not only amounts recovered from settlements and awards related to civil and criminal investigations but also outlining funds allocated for each departmental function covered by the HCFAC appropriation. Total HCFAC allocations to HHS for 2016 totaled $836 million (approximately $255 million of which was allocated to the HHS Office of Inspector General (OIG)) and allocations to DOJ totaled $119 million. The report touts a return on investment of $5 for every dollar expended over the last three years.
The report also includes summaries of high-profile criminal and civil cases involving claims of violations of the False Claims Act (FCA), among other claims. The cases include OIG and HHS enforcement actions as well as some of those pursued by the Medicare Fraud Strike Force, which is an interagency task force composed of OIG and DOJ analysts, investigators, and prosecutors. Successful criminal and civil investigations touch virtually all areas of the health care industry from various health care providers to pharmaceutical companies, device manufacturers and health maintenance organizations, among others.
The report follows an announcement by the DOJ last December declaring FY 2016’s recovery of more than $4.7 billion in settlements and judgments from civil cases involving fraud and false claims in all industry sectors to be its third highest annual recovery, the bulk of which, $2.5 billion, resulted from enforcement in the health care industry.
Barely a week after the U.S. Department of Health & Human Services Office of Inspector General (OIG) issued a new fraud alert about Anti-Kickback Statute compliance risks with medical director arrangements, the U.S. Department of Justice (DOJ) announced a $17 million False Claims Act settlement with a nursing home for alleged kickback violations concerning medical director arrangements.
Hebrew Homes Health Network, Inc., a Miami-Dade County nursing home network, and its former president and executive director, William Zubkoff, agreed on June 16, 2015, to settle the qui tam suit brought by Hebrew Homes’ former CFO. According to DOJ, this is the largest False Claims Act settlement for a nursing home allegedly violating the Anti-Kickback Statute.
In the settlement agreement, the government alleged that Zubkoff and Hebrew Homes devised a scheme that, from 2006 to 2013, involved hiring numerous physicians as “sham” medical directors who performed few or no actual services as a way to compensate the physicians for their Medicare referrals.
The government contended in the settlement that the following alleged facts served as “evidence proving” the alleged violations:
- Hebrew Homes drafted and provided the medical directors with uniform contracts that detailed numerous job duties for the medical director position.
- As corroborated by statements made by certain of the medical directors to the United States, the medical directors performed none, or almost none, of the job duties listed in their contracts, but nonetheless were paid the salaries provided in their contracts.
- The medical directors’ patient referrals, without exception, increased exponentially once the medical director contract and payments began.
- Hebrew Home employees recommended via e-mail increasing the salary of various medical directors because of their high number of patient referrals, and recommended decreasing the salary of, or terminating, medical directors for their lack of patient referrals.
The relator makes other allegations in the complaint to support his case, such as facilities having multiple medical directors simultaneously, the failure to require or request time records of performing services, and examples of internal communications to support the theory that directorships were used as a way to increase referrals.
As part of the settlement, Zubkoff agreed to resign as an employee of Hebrew Homes on March 23, 2015. OIG expressly reserved its exclusion rights against Zubkoff, which is an indication that OIG is considering pursuing an exclusion case against him. Hebrew Homes also agreed to enter into a five-year Corporate Integrity Agreement (CIA) with OIG, which involves OIG monitoring Hebrew Homes’ arrangements with referral sources. The CIA also requires the board of directors to hire a compliance expert to review and report on the compliance program.
The physicians who had the medical directorships were not a party to the settlement, and their potential liability was not released by the settlement. In light of OIG’s fraud alert, it remains to be seen whether OIG will pursue spin-off investigations of some physicians.
On May 6, 2015, the Office of Inspector General (OIG) for the U.S. Department of Health & Human Services (HHS) released a report on overpayments attributed to incorrect physician place-of-service coding. The report determined that Medicare potentially overpaid physicians approximately $33.4 million for incorrectly coded services that were provided from January 2010 through September 2012.
As part of their claims submissions, physicians and other Medicare suppliers are required to report the setting in which they furnish services. This setting designation (either “facility” or “non-facility”) is a decisive reimbursement factor as Medicare only reimburses physicians for overhead expenses if their services are provided in a non-facility setting (e.g., physician offices and independent clinics). The OIG report compared same-day physician and facility claims to determine how often physicians performed services in facility locations but incorrectly coded the services as performed in non-facility locations. Of $33.4 million in estimated overpayments, approximately 75 percent were made for services provided in a hospital outpatient setting but coded as a non-facility claim. The other roughly 25 percent of the overpayments were made for miscoded services provided in ambulatory surgery centers.
The OIG attributed the overpayments to physician-level internal control weaknesses as well as insufficient Medicare contractor post-payment reviews. The OIG recommended that the Centers for Medicare & Medicaid Services (CMS) direct its Medicare contractors to initiate and monitor recoveries of the overpayments identified by the report (as of December 2014, $1.75 million of the 2010 overpayments had already been recovered). Other recommendations included more comprehensive education efforts and directives for Medicare contractors to perform similar place-of-service audits on high-risk physician services and recover any resulting overpayments.
Given the report’s recommendations, physician practices and employers should ensure they are proactively managing compliance to include periodic internal audits of place-of-service coding. By doing so, providers can better protect themselves from potential overpayment liability and can make more timely decisions about corrective actions and government disclosures.
While the health care industry has accounted for a large portion of settlements and judgments involving fraud and False Claims Act (FCA) liability in recent years—68 percent of the United States’ $3.8 billion recovery in 2013 and 40 percent of the $5.69 billion recovery in 2014—the U.S. Department of Health and Human Services Office of Inspector General (OIG) and the U.S. Department of Justice (DOJ) have been primarily focused on hospitals, health care systems and large health care companies. However, recent settlement and enforcement trends reiterate that individual physicians and smaller practice groups are not immune to qui tam whistleblowers and direct investigation by the OIG.
Such was the case for Garden State Cardiovascular Specialists, P.C., (Garden State) a 12-physician group in New Jersey that just last week reached a $3.6 million settlement in United States ex rel. Cheryl Mazurek v. Garden State Cardiovascular Specialists, P.C. et al., Civil Action No. 10-4734 (D.N.J.). The settlement resolved sealed allegations that Garden State’s physicians and their NJ Medcare / NJ Heart facilities submitted claims to Medicare for various cardiology diagnostic tests and procedures (including stress tests, cardiac catheterizations and external counterpulsation). The case against Garden State and two of its principal physicians was brought by Cheryl Mazurek, who worked for Garden State’s third-party billing and coding vendor, MediGain Inc. Mazurek’s claims against MediGain, also filed under seal, have not yet been resolved.
The OIG Work Plan, complemented by a Mid-Year Update last month, echoes the increased focus on issues that directly implicate physicians operating independent of hospitals and larger companies. For example, the OIG is reviewing physician coding on Medicare Part B claims for services performed in ambulatory surgical centers (ASC) and hospital outpatient departments to determine whether they properly coded the places of service. Because Medicare reimburses physicians at a higher level when services are performed in a non-facility setting (e.g., a physician’s office) versus services performed in a hospital outpatient department or (with some exceptions) in an ASC, the OIG will be closely scrutinizing site of service this year and beyond.
Whether on the billing/coding side of the equation, medical necessity or any number of focus areas for DOJ and the OIG, physicians and practice groups (even small ones) should be keenly aware of their compliance obligations under the current FCA regime. For a quick refresher on fraud enforcement trends for 2015 and beyond (along with some practical tips), you may find this article to be a helpful resource.
The Department of Health and Human Services Office of Inspector General (OIG) issued an update to its Work Plan on May 28 that included several new Medicare-related topics for OIG audit or inspection. These additions expand OIG’s work in areas that OIG has previously identified as priorities, such as hospital-based services, lab testing and Part D payments. These new topics included:
- Hospital outpatient intensity-modulated radiation therapy claims;
- Payments for clinical diagnostic laboratory tests, including the top 25 clinical diagnostic laboratory tests by Medicare expenditures in 2014. This report is required by the Protecting Access to Medicare Act; and
- Compliance with various aspects of the inpatient rehabilitation facility prospective payment system, including the documentation required 42 CFR § 412.622(a)(3) (4) and (5).
- Examining billing trends within the Part D program, especially those for opioid drugs and pharmacy billing patterns.
OIG also announced several new programmatic studies and reports, including:
- Examining hospital preparedness for public health emergencies due to high-risk infectious diseases.
- Identifying best practices and possible challenges in Accountable Care Organizations’ (ACO) use of electronic health records, such as interoperability issues.
- Whether the durable medical equipment competitive bidding program is affecting beneficiary access to certain items, citing to “anecdotal reports [that] allege that competitive bidding has led to reduced access to DME and, in turn, compromised the quality of care beneficiaries receive” as the reason for adding this review.
- Creating a portfolio report of the OIG’s Medicare Part D oversight work to summarize OIG audits, evaluations, legal opinions and investigative work, and provide progress information on recommendations to improve oversight of the program by the Centers for Medicare & Medicaid Services, plan sponsors and Medicare Drug Integrity Contractors or MEDICs. This report will likely be similar to the 2012 portfolio report highlighting OIG’s work on personal care services.
- Examining CMS’s management of the Open Payments program, including CMS’ oversight of manufacturers’ and group purchasing organizations’ compliance with data reporting requirements and whether the required data for physician and teaching hospital payments is accurately and completely displayed in the publicly available database.
Health care general counsel should review and brief their internal clients on the new Practical Guidance for Health Care Governing Boards on Compliance Oversight (Guidance), released on April 20, 2015. A joint effort by the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS), the Association of Healthcare Internal Auditors, the American Health Lawyers Association (AHLA) and the Health Care Compliance Association, the Guidance is a useful and timely resource for both the general counsel and the board.
While the Guidance does not break new ground, it updates and condenses prior publications, addressing such important compliance program considerations as:
(1) The definition of the interrelationship between, and the roles of, the organization’s audit, compliance and legal functions;
(2) Mechanisms for effective and appropriate reporting of compliance issues within an organization;
(3) Methods for identifying regulatory risks; and
(4) Means of encouraging accountability for achievement of compliance goals and objectives throughout the organization.
For a detailed analysis of the Guidance, please read “New Board Compliance Guidance Prompts General Counsel Focus.”
By McDermott’s Health Regulatory Compliance Developments Team: Michael Peregrine, Bernadette Broccolo, Joshua T. Buchman, Tony Maida, Kelsey Leingang and Laura McLane
The Office of Audit Services of the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services has begun a nationwide audit of a random sample of providers that have received incentive payments for achieving “meaningful use” under the Medicare Electronic Health Record (EHR) Incentive Program from January 1, 2011 to June 30, 2014. Medicare pays EHR incentive payments for up to five years to physicians and hospitals that achieve meaningful use of certified EHR technology each year. Providers that fail to achieve meaningful use face payment reductions beginning in 2015.
The OIG announced its intention to conduct these audits in its Work Plan for FY 2015. The OIG stated that it will review certain, but not all, meaningful use measures to determine whether providers received incentive payments in error. Among the measures covered by the OIG audits is the core meaningful use measure that requires providers to conduct a comprehensive security risk analysis in accordance with the Health Insurance Portability and Accountability Act Security Rule.
OIG is sending audit notice letters requesting specific information and documents, including documentation of compliance with the particular meaningful use measures under review, to each provider in the audit sample. Providers should have documentation for each of the measures such as measure calculation reports printed from the provider’s EHR system, security risk analysis reports, and dated screen prints that demonstrate that the provider met the measure during the meaningful use reporting period or otherwise by the applicable deadline.
When responding to the OIG audits, providers should be mindful that deficiencies identified for one physician in a physician group or one hospital within a multi-hospital system, may apply to the other physicians and hospitals using the same EHR system and/or implementing meaningful use in the same way. Thus, the incentive payments at risk in an audit may be greater than the payments to the particular provider being audited.
The OIG audits are in addition to the meaningful use audits conducted by Figliozzi & Company, the outside audit contractor of the Centers for Medicare and Medicaid Services. Unlike the Figliozzi audits, which cover a MU attestation for a single meaningful use reporting period, the OIG audits cover incentive payments paid from January 1, 2011 through June 30, 2014. 2011 is the first year that Medicare paid EHR incentive payments. For more information about the Figliozzi meaningful use audits, see “What Have We Learned from Audits under the Medicare EHR Incentive Program?”
Last week, the U.S. Departments of Justice (DOJ) and Health and Human Services (HHS) announced that the Health Care Fraud and Abuse Control (HCFAC) Program has recovered over $27.8 billion since its inception in 1996. In FY 2014 alone, with a collective budget of $571.7 million, HCFAC efforts recovered $3.3 billion from individuals and companies facing allegations of fraud related to health care. Jointly directed by the Attorney General and Secretary of HHS, HCFAC seeks to:
- Coordinate federal, state and local law enforcement efforts relating to health care fraud and abuse with respect to health plans;
- Conduct investigations, audits, inspections and evaluations relating to the delivery of and payment for health care in the United States;
- Facilitate enforcement of all applicable remedies for such fraud; and
- Provide education and guidance regarding compliance with current health care law.
Over the past three years, for each dollar spent on health care-related fraud and abuse investigations the government has recovered $7.70. In other words, HCFAC efforts since 2012 have given the United States a staggering 770 percent return on investment.
Utilizing a two-pronged approach to combat fraud and abuse, ushered in with new authorities granted by the Affordable Care Act (ACA), the United States is increasingly implementing cross-departmental preventative measures to curtail health care fraud and abuse, and reduce “pay and chase” efforts initiated after payments are made on claims that are identified as potentially fraudulent. For example, the Health Care Fraud Prevention and Enforcement Action Team (HEAT)—a program jointly initiated in 2009 by DOJ and HHS—now investigates cases using real-time data analysis to identify fraudulent claims before payments are made to the provider. This real-time analysis could replace lengthy subpoena, production and account assessment; correspondingly, investigators are moving much faster from fraud identification, to arrest and prosecution. The HEAT program is charged with the following:
- Marshaling significant resources across government to prevent waste, fraud and abuse in the Medicare and Medicaid programs;
- Reducing “skyrocketing” health care costs and improving the quality of care;
- Highlighting best practices by providers and public sector employees; and
- Building upon existing partnerships between DOJ and HHS, like HCFAC’s Medicare Fraud Strike Force.
As a complement to the HEAT program’s efforts on the civil side, the Medicare Fraud Strike Force program utilizes investigative and analytical resources from the HHS Office of the Inspector General (HHS-OIG), the Federal Bureau of Investigation (FBI), and DOJ’s Criminal Division’s Fraud Section. Initially launched as a pilot program in selection regions, Strike Forces now operates in nine geographic areas—Brooklyn, NY; Chicago, IL; Dallas, TX; Detroit, MI; Houston, TX; Los Angeles, CA; Miami, FL; Southern Louisiana; and Tampa, FL. Strike Force prosecutors have filed over 963 cases, obtained 1,443 guilty pleas and 191 jury trial convictions, and sent 1,197 defendants to an average imprisonment of 47 months. In FY 2014, DOJ opened 924 new criminal health care fraud investigations so this trend will continue in years to come.
DOJ Continues to Pursue False Claims Act Litigation to Combat Health Care Fraud
Armed with the False Claims Act (FCA), the United States has pursued criminal and civil investigations implicating nearly every facet of the health care industry, including:
- Medical Device Companies
- Pharmaceutical Companies
- Prescription Drug Fraud
- Medical Clinics
- Dental Practices
- Medical Equipment and Supplies
- Skilled Nursing Facilities
- Home Health Care
- Professional Counseling
- Managed Care Organizations
- Chiropractic Services
- Physical Therapy
- Hospice Care
- Identity Theft
- Ambulance Transportation Fraud
HCFAC’s efforts translated into $2.3 billion in settlements and judgments in FY 2014, generating a total of $15.2 billion in recoveries resulting from health care fraud allegations since January 2009.
HHS-OIG Coordinates with Medicare Strike Force and Other Enforcement Actions
With a FY 2014 budget of approximately $213 million, HHS-OIG investigations resulted in 867 criminal actions against individuals or entities and 529 civil actions, including FCA and unjust-enrichment lawsuits filed in Federal district court, civil monetary penalties settlements, and administrative recoveries resulting from provider self-disclosures. HHS-OIG also excluded 4,017 individuals and entities from Medicare, Medicaid and other federal programs in California, Louisiana, North Carolina, Pennsylvania and Texas. Finally, HHS-OIG engaged in audits and evaluations to identify focus areas where there is a high incidence of questionable or improper conduct in Medicare and Medicaid. In FY 2014, HHS-OIG identified dozens of issues, including:
- Beneficiaries not lawfully present in the United States;
- Improper payments for evaluation and management (E&M) services;
- Ambulatory surgical services payment differential in Medicare; and
- Electronic Health Record fraud vulnerabilities.
CMS Continues to Promulgate Program Integrity Strategy for Medicare, Medicaid and the Children’s Health Insurance Program
In support of its strategic goal of improving program integrity for Federal health care programs, CMS is guided by four major principles—prevention, detection, transparency and accountability, and recovery. With just over $250 million in FY 2014 funding, CMS engaged extensively in each focus area.
In support of its prevention efforts, CMS utilized its ACA-established authority to enact moratoria on new home health and ambulance enrollments in fraud “hot spot” areas of the country. In FY 2014, the moratoria were focused on Broward County, FL and several counties in Michigan and Texas and were extended to ground ambulance suppliers in the Philadelphia area. CMS also utilized the following prevention tools:
- One Program Integrity
- Compromised Number Checklist
- The Command Center
- DME Initiatives
- Correct Coding Initiative
- State Readiness
CMS’ detection efforts included strengthened program integrity activities in Medicare Advantage and Medicare Part D. These efforts were complemented by marketing surveillance activities, including secret shopping and compliance actions.
The Secretary of HHS’ key initiative to improve transparency and accountability, is the Healthcare Fraud Prevention Partnership, which works to bring together public and private, federal and state-level individuals, and organizations combatting health care fraud across all payers.
With regard to recovery efforts, CMS continued to use its authority to suspend payments to providers during investigations of “credible allegations of fraud” and may also suspend payments if “reliable information of an overpayment exists.” Among several other efforts, CMS has also designated field offices in the HEAT cities of Brooklyn, Los Angeles and Miami to coordinate with law enforcement, facilitate data analysis and expedite suspension requests.
This latest report from HCFAC re-emphasizes the continued and ever-growing threat to providers and other companies involved in the delivery of health care in the United States. As we first reported last month, DOJ and HHS will continue to obtain high returns on the United States’ investment in prosecutorial resources, so the health care industry should prepare for increasingly innovative investigation and enforcement activity in the coming year.