Health Care Reform: Important Fraud and Abuse Provisions for ProvidersAdded by Hawley Troxell in Articles & Blogs, Health Law on April 1, 2010
In an effort to both curb and fund the cost of health care reform, the Patient Protection and Affordable Care Act (“PPACA”) contains many new provisions designed to eliminate waste and deter or punish program fraud and abuse, including those summarized below. Although a few provisions help certain provider segments, most dramatically increase the burdens on and potential liability of health care providers for non-compliance. Providers should immediately review the new requirements and take necessary steps to ensure ongoing compliance.
Reporting and Returning Overpayments (Sec. 6402). As discussed in our September 2009 Update, the Fraud Enforcement and Recovery Act (“FERA”) amended the False Claims Act (“FCA”) to expressly require the return of government program overpayments. PPACA takes FERA even further by requiring providers to report and return overpayments to HHS, the state, or relevant contractor by no later than (1) 60 days after the date the overpayment was identified, or (2) the date the corresponding cost report is due. In addition, the provider must provide a written explanation of the reason for the overpayment to HHS, the state, or applicable contractor. The failure to comply subjects the provider to liability under the Civil Monetary Penalties Law (“CMP”) and/or the FCA, including treble damages, civil penalties, and qui tam lawsuits by employees or others who are aware of the overpayment. This may be the most troubling provision in the new law because even technical non-compliance may negate entitlement to program benefits, result in an overpayment, and trigger the duty to report and repay within 60 days. The 60-day deadline apparently takes effect on January 1, 2011; however, FERA’s general repayment obligations are in effect now. It is now more important than ever that all providers who participate in government programs immediately evaluate and ensure their on-going compliance and prompt response to non-compliance.
Notice to Patients re In-Office Ancillary Services (Sec. 6003). As discussed in our most recent Update, PPACA amends the Stark self-referral law’s “in-office ancillary services” exception to require that physicians who refer Medicare or Medicaid patients for MRI, CT, or PET services performed in the physician’s office must provide written notice to the patient: (1) explaining that the patient may receive the services from other suppliers, and (2) listing other suppliers in the area who may also provide the service. Per the statute, the notice requirement applies to services rendered after January 1, 2010. Physicians who rely on the “in-office ancillary services” exception to satisfy Stark should begin immediately to provide the notice to Medicare and Medicaid patients, whether through signs, notices on consent forms, or individual notices provided when the physician refers the patient for such services.
Physician Owned Hospitals (Sec. 6001). The Stark law currently allows physicians who own or invest in a hospital to refer patients to the hospital through Stark’s “whole hospital” or “rural provider” exceptions. PPACA effectively terminates the exceptions for new physician-owned hospitals after December 31, 2010, and limits any expansion of existing physician-owned hospitals. First, to qualify for the exceptions going forward, the hospital must have physician ownership and a provider agreement in place by December 31, 2010, thereby limiting new physician-owned hospitals after that date. Second, existing physician-owned hospitals cannot convert from an ASC or increase the percentage of the total value of physician ownership or investment interests in the hospital after March 23, 2010. Furthermore, except for hospitals that satisfy certain high-Medicaid usage criteria, they generally cannot expand the number of operating rooms, procedure rooms, and beds after December 31, 2010. Going forward, physician-owned hospitals must also file certain reports; disclose ownership interests to patients, on their website, and in advertising; and comply with certain other requirements. Importantly, the new limitations arise in the context of Stark. Stark does not necessarily preclude physician ownership; it only prevents physician owners/investors from referring certain designated health services payable by Medicare or Medicaid to hospitals in which they have an ownership or investment interest. Physicians may still own or invest in hospitals so long as they do not refer patients for items or services covered by Medicare or Medicaid. As a practical matter, however, that limitation negates the utility of physician ownership arrangements. The net effect is that physician-owned hospitals must generally be established or expanded by December 31, 2010; after that, Stark will freeze the status of most physician-owned hospitals.
Stark Self-Disclosure Protocol (Sec. 6409). The OIG developed a protocol to encourage providers to voluntarily self-disclose violations of the Anti-Kickback Statute and other federal fraud and abuse provisions, but the OIG program does not apply to Stark violations. PPACA cures the problem by requiring HHS to establish a self-disclosure protocol for Stark law violations by September 23, 2010. Among other things, the protocol will identify the agency to whom disclosures may be reported, and establish provisions for corporate integrity and compliance agreements.
Stark Settlements (Sec. 6409). In the past, it appeared that CMS lacked the ability to compromise repayment that may be due because of a Stark violation; instead, CMS was apparently required to impose the full statutory penalty. In conjunction with the Stark self-disclosure protocol, PPACA now authorizes HHS to settle claims related to Stark law violations for less then the full Stark law penalties if the circumstances warrant. Relevant factors include the nature and extent of the illegal practice; the timeliness of self-disclosure; cooperation in providing information; and other factors HHS may deem important. The Stark self-disclosure protocol and new authority to compromise claims are important improvements considering that technical, relatively inconsequential Stark violations could otherwise subject providers to huge repayments and penalties.
Standard for Anti-Kickback Violations (Sec. 6402, 10606). In Hanlester Network v. Shalala, 51 3d 1390 (9th Cir. 1995), the 9th Circuit held that a violation of the Anti-Kickback Statute (“AKS”) requires proof that the defendant: (1) knew about the law, and (2) intended to violate the law. PPACA negates Hanlester and confirms that a person may violate the AKS even if they do not have specific knowledge of the AKS or that their actions violate the AKS, i.e., ignorance of the law is no longer a defense. As a result, it will be easier for the government to convict an AKS defendant.
Anti-Kickback and False Claims Act Violations (Sec. 6402). To make matters worse, PPACA now confirms that AKS violations constitute false or fraudulent claims under the FCA. The change is significant for several reasons: (1) the AKS is a very broad statute applicable to virtually all transactions with potential referral sources; (2) unlike the AKS, the FCA is a civil statute, thereby lowering the government’s burden of proof to pursue a claim based on an AKS violation; (3) FCA liability exposes the provider to FCA penalties, including treble damages and civil fines; and (4) FCA claims are subject to qui tam suits by disgruntled employees, competitors, or others.
False Claims Act Defense (Sec. 1303). In the past, a defendant’s prior public disclosures may bar FCA qui tamlawsuits. Congress’s reconciliation act amends the FCA to significantly limit the “public disclosure” defense to qui tamactions, making it easier for whistleblowers and the government to assert FCA lawsuits even if the whistleblower does not have direct and independent knowledge or is not an original source of disclosure
Expanded Penalty Statutes (Sec. 6402). PPACA includes numerous provisions that expand prohibited conduct and associated penalties under several statutes, including the FCA, CMP, and health care fraud statutes.
Exception to Civil Monetary Penalties (Sec. 6402). The CMP prohibits offering remuneration to induce Medicare or Medicaid beneficiaries to utilize covered services. In one of the few PPACA provisions favorable to providers, Congress created new exceptions to the CMP to allow providers to offer programs that promote access to care and pose a low risk of harm to patients and health care programs (e.g., perhaps free transportation); coupons, rebates and other rewards from a retailer that are offered to the general public and not tied to items reimbursed under Medicare or a state health care program; unadvertised items or services for free or less than fair market value based on financial need; or Part D plan waiver for first fill copayment for a generic Part D drug. The new exceptions will allow providers to offer some cost-saving programs to beneficiaries that were previously prohibited or suspect.
Expanded RAC Audits (Sec. 6411). Pleased with the success of the recovery audit contractor (“RAC”) program, Congress is expanding RAC audits to Medicare Parts C and D and to state Medicaid programs. By December 31, 2010, states are required to put in place programs providing for RAC audits of Medicaid plans to identify and recoup overpayments. RACs are paid from amounts recovered through the audits, thus creating strong incentives to identify overpayments. The net result is that providers must not only be concerned with federal RACs, but will also have to deal with state RACs.
Expanded Investigative Authority of OIG (Sec. 6402, 6408). PPACA grants the OIG greater authority to access information relevant to fraud and abuse investigations, including HHS data, provider records, or beneficiary information. Providers who fail to grant timely access to records may be fined $15,000 for each day of access is denied. The OIG will also have authority to subpoena witnesses for testimony in exclusion cases.
Sharing Information and Databases (Sec. 6402). PPACA contains numerous provisions that create and/or allow the sharing of information in databases to help identify program waste, fraud and abuse. Government investigators will have access to the databases in the enrollment and investigation of providers.
Suspension of Payments Pending Investigation (Sec. 6402). PPACA now allows HHS to suspend payments to a provider or supplier pending an investigation of a credible allegation of fraud against the provider. The net effect is that the government may cut off or cripple cash flow when providers may need funds to defend against an investigation, thereby effectively putting added pressure on providers to capitulate rather than fight fraud and abuse investigations.
Reduced Time to Submit Claims (Sec. 6404). Retroactive to January 1, 2010, the maximum time to submit Medicare claims is reduced from three years to one year after the date of service. For services rendered before January 1, 2010, claims must be filed no later than December 31, 2010. HHS is authorized to issue regulatory exceptions to the one-year deadline. Providers should immediately take steps to identify and submit old claims before the end of the year.
Mandatory Compliance Plans (Sec. 6401). In the past, compliance plans were highly recommended but not required. Going forward, HHS will require providers to establish a compliance program as a condition of enrollment in Medicare, Medicaid and CHIP. HHS must issue regulations or guidelines defining the specific providers affected, applicable standards, and timelines for compliance. It is not clear to what extent the requirement will apply to providers who are currently enrolled; however, given the new mandates as well as corresponding penalties for regulatory non-compliance, it is clear that effective compliance plans are essential.
Enrollment Screening and Fees (Sec. 6401). By September 23, 2010, HHS must develop procedures for screening providers and suppliers enrolling in Medicare, Medicaid, and CHIP. The screening must include licensure checks, but may also include other items such as background checks, fingerprinting, unannounced site visits, etc. The screening will apply to entities subject to revalidation by September 2010; to new enrollees by March 2011; and to others who are currently enrolled by March 2012. Beginning in 2010, institutional providers and suppliers will be charged a $500 enrollment fee to help cover the costs of screening, which fee is subject to annual CPI adjustments. Certain Medicaid providers and suppliers may obtain a hardship waiver. PPACA originally imposed a $200 fee for enrollment of individuals, but the reconciliation act eliminated the individual fees.
Additional Enrollment Processes (Sec. 6401-6402). Beginning March 2011, enrollees must not only disclose information about themselves, but also affiliates with uncollected debt or that have been suspended or excluded from participating in federal health care programs. Civil penalties may be imposed against those who make false statements on the enrollment application. HHS is authorized to establish procedures by which HHS may, during an initial provisional period ranging from 30 days to one year, subject certain new enrollees to increased oversight, which may include prepayment reviews, payment caps, etc. HHS is also authorized to place a moratorium on enrollment of certain types of new providers or suppliers if necessary to prevent waste, fraud, or abuse. The moratorium is not subject to judicial review. HHS will likely use its authority to target certain providers or supplier types that are prone to waste, fraud or abuse.
Physicians Required to Be Enrolled to Order Certain Services (Sec. 6405). Effective July 1, 2010, physicians must be enrolled in Medicare to order DME, home health services, and other services identified by HHS and payable by Medicare.
Face-To-Face Encounters Before Certification for DME and Home Health Services (Secs. 6407, 10605). Effective January 1, 2010, the physician, physician’s assistant, nurse practitioner, or clinical nurse specialist must perform a face-to-face encounter before certifying DME, home health services, and other services identified by HHS for claims covered by Medicare.
Maintenance of Records (Sec. 6406). Effective July 1, 2010, HHS is authorized to exclude physicians and suppliers who fail to maintain or allow HHS to access documentation related to written orders, requests, or certifications for DME, home health services, or other items identified by HHS.
Adjusting Payments to Related Entities (Sec. 6401). HHS is authorized to adjust payments to any enrollee to satisfy past-due obligations. In doing so, HHS may not only look to the debts of the enrollee, but also any debts of any affiliated entity with the same taxpayer ID number as the enrollee.
Tax-Exempt Hospital Requirements (Sec. 9007). PPACA imposes additional documentation and reporting requirements for 501(c)(3) hospitals, including conducting community health needs assessments and implementation strategies; establishing and publishing a financial assistance policy with limits on charges; and establishing a policy for providing emergency medical care. Hospitals are prohibited from taking extraordinary collection efforts against patients until they determine whether the patient satisfies the financial assistance policy. Hospitals that fail to comply with the new provisions may face an excise tax of $50,000. The new requirements apply to tax years beginning after March 23, 2010, except that the community health needs assessment applies to tax years after March 23, 2012. HHS must review the hospital’s report concerning community benefit activities at least once every three years
Reporting of Prescription Drug Samples (Sec. 6004). Effective April 1, 2012, manufacturers and authorized distributors of prescription drugs must file an annual report documenting drug samples distributed to physicians.
Reporting of Certain Payments to Physicians (Sec. 6002). Effective March 31, 2013, manufacturers of drugs, devices, biologicals, or medical supplies must file an annual report documenting (1) certain payments or transfers of value to physicians, and (2) physician ownership or investment interests in the manufacturer. An unintentional failure to report may result in civil penalties ranging from $1,000 to $10,000 for each payment, transfer. A knowing failure to report may result in civil penalties ranging from $10,000 to $100,000 for each payment, transfer or interest not reported. Subject to limited exceptions, the information submitted in the reports will be available on an internet website.
Long Term Care Requirements (Secs. 6101-6201). PPACA includes numerous new provisions relating to long term care, including additional reporting and notification requirements; mandatory compliance and ethics programs; background checks and fingerprinting; staff training; complaint processes; civil monetary penalties; and new demonstration projects and databases.
State Mandates. PPACA extends many of the provisions identified above to states by requiring that state Medicaid programs implement many of PPACA’s fraud and abuse enforcement provisions.
Medical Malpractice Liability (10607). PPACA does not establish any limits on medical malpractice liability or mandate tort reform; however, it does appropriate $50 million in grants to states to develop, implement, and evaluate alternatives to current tort litigation.
Summary. PPACA’s fraud and abuse provisions are, to put it mildly, very troubling. Many provisions will be subject to future regulations; we will have to evaluate the regulations to determine how the provisions will be implemented. However, providers cannot wait for the regulations to step up compliance activities. If they have not already done so, providers should evaluate and, as necessary, redouble their efforts to ensure that they remain compliant with existing government regulations governing state and federal health care programs to mitigate their increased exposure resulting from health care reform.
We will be providing additional information about PPACA provisions in upcoming conferences for industry organizations, many of which are identified in our “Upcoming Events” section. In the meantime, if you have questions about these or other legal issues, please contact a member of our Health Law group or 208.344.6000.
More Health Law Blog Posts
- 10/15/20—Tom Mortell moderates Idaho Business Review Breakfast Series Panel
- 04/02/20—The Idaho Patient Act: What it means for Idahoans
- 03/25/20—Idaho’s Hospitals – What the Governor’s Waiver of DHW Rules Means to Your Facility
- 03/17/20—An Overview of Involuntary Mental Health Holds in Idaho
- 05/09/18—What the Medicaid Expansion Ballot Initiative Could Mean for Idaho
- No upcoming events.