Yesterday the Office of Inspector General (OIG) added a video to its HEAT training website. The newest video outlines the OIG’s tips for implementing an effective compliance program. The six tips include:
- Foster a culture of compliance: Support your compliance program with sufficient resources. A financial commitment to compliance will show the OIG that your organization values integrity.
- Functional policies and procedures: Create policies and procedures that are up-to-date, user friendly, and specific to each job function. Include real-life compliance issues faced by your organization.
- Training: Offer compliance training often, and make it creative and current.
- Promote communication: Make your compliance department visible and approachable, talk about your organization’s non-retaliation policy in staff meetings, and solicit feedback with anonymous online surveys.
- Take appropriate corrective action: Develop a system to track and respond quickly and thoroughly, act promptly when potential issues are identified, and document corrective action. Be mindful to avoid conflicts of interest with staff involved in investigations. Track resolution of compliance issues, and familiarize yourself with the OIG self-disclosure protocol.
- Audits: Conduct regular audits in risk areas (e.g., coding, contracts, and quality of care) and investigate root causes. Review your compliance plan including whether you are meeting benchmarks and whether corrective action plans are sufficient.
The OIG video is available here.
The U.S. Department of Health and Human Services (HHS) announced yesterday that premium increases proposed by an insurer in five states were “unreasonable” and “excessive.” HHS has authority under the Affordable Care Act to review premium increases over 10% to determine if such increases are reasonable. If HHS determines that a premium increase is unreasonable, the insurance company must post a justification on its website within 10 days.
The rate increase at issue in yesterday’s announcement is a 13% increase by Trustmark Life Insurance Company which would affect approximately 10,000 residents in Alabama, Arizona, Pennsylvania, Virginia, and Wyoming. In addition, small businesses in Alabama and Arizona experienced rate increases of 27.2% and 18.1%, respectively, when combined with other rate increases over the last year. After a review by independent experts, HHS concluded that Trustmark’s rate increases were unreasonable because (1) the insurer would be spending a low percent of premium dollars on actual medical care and quality improvement and (2) Trustmark’s justifications were based on unreasonable assumptions.
This is not the first rate increase that HHS has found “excessive” under HHS’ rate review authority. HHS determined that a November 2011 12% rate increase for small businesses in Pennsylvania was excessive. A majority of states also have the authority to review rate increases to determine if they are unreasonable.
Additional information regarding HHS’ rate review authority and process is available here.
On December 31, 2011, President Obama signed the National Defense Authorization Act for Fiscal Year 2012. A conference report in this Act ends OFCCP’s push to expand its jurisdiction by way of TRICARE contracts. The new Section 715 of the conference report states that TRICARE managed care support contracts will not be considered contracts to provide health care services such that these providers become subject to OFCCP jurisdiction.
TRICARE is the Department of Defense health care program for active duty and retired military and their families. Prior to the law, the OFCCP took the position that hospitals and other health care providers that provided health care services for TRICARE were subject to affirmative action obligations and were subject to OFCCP jurisdiction because they were “subcontractors” under federal law. This legislative action should prevent the OFCCP from continuing to invoke jurisdiction over health care employers on the basis of their being TRICARE network providers.
Over the past few years, OFCCP has expanded its jurisdiction over the health care industry by taking the position that all providers who provided health care services under TRICARE network contracts were subject to OFCCP jurisdiction. In OFCCP v. UPMC Braddock, ARB Case No. 08-048 May 29, 2009 and in OFCCP v. Florida Hospital of Orlando, Case No. 209-OFC-00002 the OFCCP successfully argued that affirmative action obligations exist when a hospital provides health care services pursuant to a TRICARE contract with an HMO. As a result, a hospital that merely provided health care services to TRICARE recipients was subject to affirmative action obligations as well as subject to OFCCP jurisdiction.
While TRICARE should no longer create the basis for affirmative action obligations or OFCCP jurisdiction, the OFCCP may find other ways to expand jurisdiction. Further, health care providers may become subject to OFCCP jurisdiction due to other federal contract or subcontract obligations. For that reason, health care employers should always review their contracts with counsel to determine if they will create new OFCCP compliance obligations.
The U.S. Department of Justice (DOJ) recently filed a brief to the U.S. Supreme Court defending the constitutionality of the individual mandate provision of the Affordable Care Act (ACA).
The DOJ’s brief delineates the administration’s main legal arguments:
- The minimum coverage provision of the ACA falls “well within” Congress’ commerce power. In making this argument, the DOJ contends that Congress has broad power under the Commerce Clause and the Necessary and Proper Clause to enact economic regulation. Further, the DOJ contends that the minimum coverage provision is an integral part of a comprehensive scheme of economic regulation, and the provision itself regulates the economic conduct with a substantial effect on interstate commerce.
- The minimum coverage provision is independently authorized by Congress’ taxing power. The DOJ argues that the provision operates as a tax law, and the validity of an assessment under Congress’ taxing power does not depend on whether it is denominated a tax.
Briefs due later in January and February address other issues involved. The Health Law team at von Briesen will continue to monitor and report on the progress of the ACA challenge, including additional briefs by the parties.
The Centers for Medicare & Medicaid Services (CMS) announced yesterday an interim final rule that adopts standards for electronic funds transfers (EFT) under HIPAA. According to CMS, the standards could reduce administrative costs for physicians, hospitals, and private and government health plans by up to $4.5 billion over the next ten years.
The final rule outlines two standards that health plans must comply with in order to use EFT to transmit health care claim payments to providers. First, health plans must use a standard format when ordering, authorizing, or initiating an EFT with their financial institutions. Second, the rule outlines the data content to be contained within the EFT.
The interim final rule is the second in a series of regulations mandated by the Affordable Care Act (ACA). Under the ACA, CMS is required to issue regulations designed to streamline health care administrative transactions, encourage greater use of standards among providers, and increase the efficiency of standards. Yesterday’s rule follows a July 2011 interim final rule (76 FR 40458) establishing operating rules for patient eligibility for coverage and health care claim status.
According to CMS, future rules will address the following: (1) a standard unique identifier for health plans; (2) a standard for claims attachments; and (3) requirements that health plans certify compliance with all HIPAA standards and operating rules.
Covered entities must use the health care EFT standards by January 1, 2014. A fact sheet on the interim final rule is available here. CMS is accepting comments on the rule via mail, hand delivery, or electronic submission.
Retirement Plans Subject to ERISA Vesting Standards Must File Form 8955-SSA by January 17, 2012
Section 6057(a) of the Internal Revenue Code (the “Code”) requires plan administrators of retirement plans subject to the vesting standards under the Employee Retirement Income Security Act of 1974 (“ERISA”) to report information regarding separated participants with deferred vested benefits that have not commenced. Plan administrators previously met this requirement by filing Schedule SSA as an attachment to the plan’s Form 5500 annual return/report. The Department of Labor (“DOL”) removed Schedule SSA from Form 5500 for plan years beginning on or after January 1, 2009.
The IRS, in coordination with the Social Security Administration, developed Form 8955-SSA as a stand-alone form that is to be used to comply with Code Section 6057(a) for plan years beginning on or after January 1, 2009. Plan administrators of plans, including 403(b) plans, subject to the ERISA vesting standards must file Form 8955-SSA. In addition, plan administrators of government, church, and other plans that are not subject to ERISA’s vesting standards may elect to voluntarily file the Form 8955-SSA.
Generally, the due date for filing a Form 8955-SSA is the last day of the seventh month following the end of the plan year (the same as the due date for a Form 5500). Plans required to file Form 8955-SSA for the 2009 and/or 2010 plan years, however, have until the later of January 17, 2012 or the due date for filing the Form 8955-SSA for the 2010 plan year to do so. A plan sponsor may not obtain an extension of the January 17, 2012 due date. For subsequent plan years, plan administrators may file Form 5558 to obtain a 2-1/2 month extension of the time to file a Form 8955-SSA.
Read more…
The U.S. Department of Justice (DOJ) announced yesterday that GE Healthcare Inc. will pay $30 million plus interest in order to settle allegations that its subsidiary, Amersham Health Inc., violated the False Claims Act (FCA). According to the DOJ, Amersham Health violated the FCA by causing Medicare to overpay for a radiopharmaceutical used in cardiac diagnostic imaging procedures.
The radiopharmaceutical, Myoview, is used to detect heart disease and see blood flow in images of hearts. The drug is distributed in multi-dose vials, and the number of doses available from the vials is part of the formula used to determine Medicare payment rates for the drug. The DOJ claims that Amersham Health provided false or misleading information regarding the number of doses available from vials, which, in turn, caused the federal government to pay artificially inflated Medicare rates for the drug.
The settlement arises from a 2006 qui tam whistleblower lawsuit filed under the FCA. The whistleblower sold a drug called Cardiolite, a competitor of Myoview. The whistleblower will recover $5.1 million from the DOJ’s $30 million recovery.
Many articles have been written about the legal and business risks associated with the use of social media and web-based email services. However, the risk of using social media is heightened in the health care industry in light of a health care entity’s legal and regulatory obligations to protect the privacy and security of health care information. Health care entities need to be particularly familiar with the risks of using social media in the health care industry and methods for reducing those risks.
The DQA October 24, 2011 Memorandum
On October 24, 2011, the Wisconsin Division of Quality Assurance (“DQA”) issued numbered memorandum 11-026 entitled, “Using Social Media Platforms, such as Twitter, Facebook, MySpace and LinkedIn”. The Memo is available at www.dhs.wisconsin.gov/rl_DSL/Publications/11-026.htm.
The DQA definition of “Social Media” includes what one would normally consider social media, as well as “free and unencrypted web-based email services” such as Yahoo and Gmail, and web-based calendars. The purpose of the Memo is to “provide guidance to providers on the fast-changing landscape of the internet and the impact of using social networking and social media as a communications tool”.
DQA released the Memo to address concerns raised about (1) health care entities and their staff using web-based email accounts (e.g., Gmail) or web-based calendars (e.g., Yahoo Calendars) to convey patient or resident care information; and (2) health care entity staff members sharing protected health information on FaceBook.
The DQA notes that inappropriate use of Social Media or use of Social Media without adequate security protections may violate a patient’s or resident’s privacy rights. Moreover, DQA emphasizes that Social Media sites are now major targets of the hacker underground, creating further risk of a network security breach. DQA also warns health care entities of the potential for criminal and civil risks of using Social Media, (including criminal prosecution or civil actions under HIPAA) because it is the United States Department of Health and Human Services Office of Civil Rights—and not the Division of Quality Assurance—which has jurisdiction over such violations.
Read more…
Earlier today, both the U.S. House of Representatives and Senate passed a two-month extension to the doc-fix. If Congress had not approved the extension, Medicare reimbursement would have been reduced by 27.4% as of January 1, 2012. The bill also includes a two-month extension of the payroll tax cut and federal unemployment benefits.
A recent case, U.S. v. Chavez, underscores the fact that federal criminal prosecution is not limited to Medicare and Medicaid fraud. A physician was recently sentenced to approximately six years in prison after he plead guilty to defrauding private insurance companies through false and fraudulent billing practices.
Earlier this year, Armando Chavez, M.D. was indicted on multiple counts of mail fraud and conspiracy in the Southern District of Texas. Prosecutors based the charges on the following fraudulent billing practices: waiving or reducing co-payments as an incentive for patients to seek treatment from Dr. Chavez; overbilling; unbundling billing codes; and billing insurance companies for services that were never performed. In addition to jail time, Dr. Chavez must also pay almost $4 million in restitution.
