The Office of Civil Rights of the Department of Health and Human Services (“OCR”) announced the resolution of three more right of access cases, bringing the total to a whopping 41 since the start of its drive to increase compliance with this Health Insurance Portability and Accountability Act (“HIPAA”) requirement over two years ago. From small physician practices to nursing homes to health systems, OCR has spared no one in its quest to reduce patient complaints related to medical records request fulfillment. The three most recent actions all involved dental practices, with settlements ranging from $25,000 to $80,000. Each instance involved a failure to timely provide records (where the respective patient made multiple requests over a span of months to over a year), and one where the practice’s $170 copying fee exceeded HIPAA’s reasonable and cost-based standard.

In its recently published Special Fraud Alert, the Office of Inspector General (“OIG”) presented a list of suspect characteristics related to arrangements with telehealth and telemedicine companies, which may help determine the potential for fraud.

The OIG developed this list based on dozens of fraud investigations involving companies in the digital health space. The schemes investigated by the OIG varied in design and operations, as well as the types of entities and individuals involved. They implicated a whole slew of Federal laws, including, among others, violations of the Federal anti-kickback statute and the False Claims Act. These schemes raised significant fraud concerns because “of the potential for considerable harm to Federal health care programs and their beneficiaries.”

The list of suspect characteristics related to arrangements with telemedicine companies is as follows:

On August 19, 2022, the United States Departments of Health and Human Services, Labor and Treasury released final rules (“Final Rules”) revising certain provisions of their previously issued interim final rules regarding the No Surprises Act (“NSA”).

The revisions reflect some comments received on the interim final rules under the NSA that the department published in 2021, but they were made necessary because two separate federal trial courts vacated certain provisions of the department’s interim final rules regarding the use of the Qualified Payment Amount (“QPA”) in the Independent Dispute Resolution IDR process. Here are the four things you need to know about the Final Rules:

• The QPA, the plan’s median contract rate for a particular item or service, is a factor that the certified IDR entity must take into account in determining the payment that best represents the value of the item or service in dispute, along with the additional information, if any, submitted by the parties that is permissible under the NSA rules (“Additional Information”). This is a change to the interim final rules that were necessitated by the litigation challenging those rules. The vacated interim final rules established a “rebuttable presumption” that the QPA best represents the value of the item or service in dispute.

• The Final Rules do not require the certified IDR entity to select the offer closest to the QPA. Rather, they require certified IDR entities to select the offer that best represents the value of the item or service under dispute after considering the QPA and all Additional Information. This is another change to the interim final rules that were necessitated by the litigation challenging those rules.

• The Departments were clearly concerned that the certified IDR entities’ consideration of   Additional Information might lead to “double counting” information that is already factored into the establishment of the QPA and provided several examples of how double counting can be avoided while still considering non-duplicative Additional Information.

• To increase transparency as to the plans’ initial payment determinations and the certified IDR entities’ ultimate payment determinations, the Final Rule added the following requirements: 
  • A plan must provide a statement that the service code or modifier billed by the provider was downcoded; an explanation of why the claim was downcoded, including a description of which service codes were altered, if any, and which modifiers were altered, added, or removed if any; and the amount that would have been the QPA had the service code or modifier not been downcoded.
  • A certified IDR entity’s written decision must include an explanation of its determination, including what information the certified IDR entity determined demonstrated that the offer selected as the out-of-network rate is the offer that best represents the value of the item or service in dispute, including the weight given to the QPA and any Additional Information.  

The Final Rules as well as the litigation that necessitated them, are generally seen as favorable to providers, but it remains to be seen whether they will have a material effect on what providers are paid by plans for out-of-network services that are subject to the NSA.