Health Law Informer

In early December, CMS released a final rule that implements certain provider (i.e., Hospitals, SNFs, physicians, etc.) and supplier (i.e., DME companies, etc.) enrollment requirements  (“Rule”). The goal of CMS’ implementation of the Rule is two-fold: to (i) “[s]trengthen program integrity;” and (ii) “help ensure that fraudulent entities and individuals do not enroll in or maintain their enrollment in the Medicare program.” The new requirements make obtaining and maintaining Medicare billing privileges for providers and suppliers more cumbersome.

For providers or suppliers treating Medicare patients, enrollment in the Medicare program is required in order to obtain Medicare billing privileges. A provider or supplier may enroll electronically using the Provider Enrollment, Chain, and Ownership System, known as PECOS, or by submitting a paper CMS enrollment form. CMS provides specific enrollment forms for institutional providers (CMS Form-855A: i.e., hospitals, SNFs); other providers (CMS Form 855-B: i.e., clinics/group practices); and physicians and other practitioners (CMS Form 855-I). Further, under Section 6401(a) of the Affordable Care Act, Medicare providers and suppliers that enrolled prior to March 25, 2011 are required to undergo a revalidation process in order to maintain their Medicare billing privileges, wherein the providers or suppliers essentially complete the applicable Medicare enrollment application as if they are a “new” provider or supplier enrollee. However, new enrollee providers and suppliers that submitted their enrollment applications on or after March 25, 2011 are exempt from this revalidation process. MACs are continuing to send out revalidation “requests” on a regular basis to enrollees until March 23, 2015.

The following selected updates to the provider and supplier enrollment requirements in the Rule parallel the recent trend of the federal government expanding its existing authority (i.e., the proposed rule to expand the OIG of the HHS’ exclusion authority) and cracking down on impermissible practices:

•  “[a]llowing revocation of Medicare billing privileges if the provider or supplier has a pattern or practice of submitting claims that fail to meet Medicare requirements”;
•  “expanding the instances in which a felony conviction can serve as a basis for denial or revocation of a provider[’s] or supplier’s enrollment”;
• “if certain criteria are met, enabling [Medicare] to deny enrollment if the enrolling provider, supplier, or owner thereof had an ownership relationship with a previously enrolled provider or supplier that had a Medicare debt”;  and
• “enabling [Medicare] to revoke Medicare billing privileges if [Medicare] determine[s] that the provider or supplier has a pattern or practice of submitting claims that fail to meet Medicare requirements.”

In addition, CMS clarified in the Rule that any final decision regarding the revocation of a provider’s or supplier’s Medicare billing privileges would come from the “CMS central office” rather than the provider’s or supplier’s MAC. CMS further explained that the re-enrollment bar does not apply to a provider’s or supplier’s failure to timely respond to a revalidation request or request for other information.

The regulations implementing this Rule will be effective February 3, 2015. For additional information regarding the new provider and supplier enrollment requirements under the Rule, contact Cozen O’Connor’s health law team.

J. Nicole Martin

More Posts

In early October, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) released a proposed rule that included, among other provisions, a proposed gainsharing regulation (“Proposed Rule”), and a specific request for comments on a definition of what it means to “reduce or limit services” under the statutory prohibition against certain “gainsharing” arrangements among hospitals and physicians. The OIG’s goal with this Proposed Rule and subsequent final rule is to “interpret the statutory [gainsharing] prohibition broadly enough to protect beneficiaries and the Federal health care programs, but narrowly enough to allow low risk programs that further the goal of delivering high quality health care at a lower cost.” More specifically, the OIG seeks to implement a “narrower interpretation of the phrase “reduce or limit services.” Industry analysts are touting the final regulation as a potential game changer in the battle to deliver “high quality health care at a lower cost.”

The existing gainsharing civil monetary penalty statute (“Gainsharing CMP”) is a law that broadly “prohibits hospitals and critical access hospitals from knowingly paying a physician to induce the physician to reduce or limit services provided to Medicare or Medicaid beneficiaries who are under the physician’s direct care.” Violation of the Gainsharing CMP by a hospital that makes such payment, and a physician that in turn knowingly accepts the payment, results in CMPs that are no greater than $2,000 per each beneficiary for whom such payment is made.

Determining what does and what does not constitute a payment designed to reduce or limit services can be difficult, particularly because, as HHS has taken pains to point out, the statute technically prohibits payments from hospitals to physicians to limit any services, not just medically necessary services. However, as far back as 2005 the Medicare Payment Advisory Commission and the Chief Counsel to the OIG have supported gainsharing when safeguards are in place to evaluate risks posed by such programs, including “measures that promote accountability, adequate quality controls, and controls on payments that may change referral patterns,” and to date, the OIG has approved 16 gainsharing arrangements through the advisory opinion process.

More recently, under Section 3022 of the Affordable Care Act, the secretary of HHS established  waivers under the Medicare Shared Savings Program (MSSP) with respect to the Gainsharing CMP under certain conditions. These waivers have limited applicability as they apply only to accountable care organizations that participate in the MSSP. The final gainsharing regulations presumably will cover all hospitals and could potentially have a much broader impact upon hospital physician compensation arrangements. Overall, the Proposed Rule and the OIG’s request for comments on what should and should not constitute prohibited payments from hospitals to physicians to reduce or limit services is yet another example of how the regulatory  landscape is changing to adapt to a reimbursement model that is evolving from a fee-for-service dominated model to one in which pay-for-performance will play a much larger role.

The comment period closed under the Proposed Rule in early December, and the final rule is expected in 2015.

J. Nicole Martin

More Posts

In response to the recent Ebola outbreak in West Africa and in light of patients being treated in several hospitals in the U.S., the HHS, OCR (OCR) recently issued a HIPAA Bulletin to remind us that HIPAA covered entities and business associates must maintain the privacy of protected health information (PHI) even in emergency situations (“Guidance”). According to the OCR, the Guidance serves as a reminder “that the protections of the [HIPAA] Privacy Rule are not set aside during an emergency.”

The OCR explains that the HIPAA Privacy Rule requires a balance between the protection of the privacy of PHI against the necessary uses and disclosures of such information “to treat a patient, to protect the nation’s public health, and for other critical purposes” during emergency situations.  Although the OCR introduces no new requirements under the HIPAA Privacy Rule, the Guidance lays out the circumstances under which patient information may be shared in emergencies, such as for/due to:

•  Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
• Disclosures to the Media or Others Not Involved in the Care of the Patient/Notification
• Imminent Danger
• Public Health Activities (i.e., to a public health authority; at the direction of a public health authority, to a foreign government agency; and to persons at risk)
• Treatment

The OCR reminds us that most disclosures require covered entities to make “reasonable efforts to limit the information disclosed to that which is the ‘minimum necessary.’” Further, covered entities are also required to: (i) implement “reasonable” safeguards necessary to protect PHI from intentional/unintentional uses and disclosures that are impermissible under HIPAA; and (ii) continue to apply administrative, physical and technical safeguards to protect e-PHI under the HIPAA Security Rule.

Further, according to the OCR, under the Project Bioshield Act of 2004 and Section 1135(b)(7) of the Social Security Act, the Secretary of HHS may waive certain HIPAA Privacy Rule provisions during public health or other emergencies. Such limited waivers require both the President to declare an emergency or disaster and the Secretary of HHS to declare a public health emergency. Additional information regarding the limited waivers appears in the Guidance.

As Ebola remains an emergency of both national and international concern, it not surprising that federal agencies continue to publish updated Ebola guidance. This Guidance reminds all of us, especially covered entities and business associates, that even in emergency situations, patient privacy must be protected, unless the limited waiver is invoked, and if not, covered entities and business associates will face consequences for violating the HIPAA Privacy Rule. For additional information regarding the HIPAA Privacy Rule in the context of emergency situations, see the HHS website.  Also see similar guidance (Bulletin and Bulletin  published by HHS in 2005 in response to Hurricane Katrina.

J. Nicole Martin

More Posts

According to the World Health Organization, the Ebola outbreak is “the biggest and most complex . . . in history,” and in August, the World Health Organization declared the Ebola outbreak in West Africa to be a “Public Health Emergency of International Concern.” Following news last week that New Jersey and New York each announced Ebola exposure and quarantine measures, on Monday, the CDC published updated interim guidance for the monitoring and movement of persons with potential exposure to the Ebola virus (“Guidance”). According to the CDC, the Guidance is updated to include the addition of the following:

•  A “low (but not zero) risk” category;
•  A “no identifiable risk” category;
•  Modifications to the recommended public health actions in each of the high risk, some risk and low (but not zero) risk categories; and
• Recommendations for specific groups and settings (i.e., healthcare workers providing care to Ebola patients in U.S. facilities and healthcare workers providing care to Ebola patients in countries with widespread transmission).

The CDC further explained that the Guidance provides a “framework for determining appropriate public health actions based on risk factors and clinical presentation.” The Guidance also includes a reference chart outlining recommended public health actions based on exposure category. The CDC correctly noted that primary jurisdiction to address this matter remains with state and local authorities. Under the Tenth Amendment to the U.S. Constitution, states have police power to protect the health (i.e., public health/infectious disease control, including quarantine) of its population.

As Ebola remains a “Public Health Emergency of International Concern,” it is likely that additional and/or updated Ebola guidance will be published by the CDC, as well as orders issued by other states and local authorities.

J. Nicole Martin

More Posts

The CDC recently announced stricter guidelines on the use of personal protective equipment for United States healthcare workers providing healthcare services to patients with Ebola (“Guidelines”). According to the CDC, the Guidelines have three core principles:

• All healthcare workers undergo rigorous training and are practiced and competent with personal protective equipment, including putting it on and taking it off in a systemic manner
• No skin exposure when personal protective equipment is worn
• All workers are supervised by a trained monitor who watches each worker putting personal protective equipment on and taking it off.

Continue reading…

J. Nicole Martin

More Posts

On Friday October 10, 2014, the Department of Justice (DOJ) and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) jointly announced a $38 million settlement with a skilled nursing facility (SNF), Extendicare Health Services Inc. (Extendicare) and its subsidiary Progressive Step Corporation (ProStep). Extendicare owns and operates 146 SNFs in eleven states. Prostep offers Extendicare residents occupational, physical and speech rehabilitation services.

The settlement stemmed from allegations in two qui tam cases: United States ex rel. Lovvorn v. EHSI, et. al. C.A. 10-1580 (E.D. Pa); and United States ex rel. Gallick et al., v. EHSI et al., C.A. 2:13cv-092 (S.D. Ohio). The allegations were that Extendicare (1) “billed Medicare and Medicaid for materially substandard nursing services that were so deficient that they were effectively worthless”; and (2) “billed Medicare for medically unreasonable and unnecessary rehabilitation therapy services.” Continue reading…

J. Nicole Martin

More Posts

CMS approved Pennsylvania’s Medical Assistance (“Medicaid”) waiver request entitled Healthy Pennsylvania (“Waiver” or “Healthy Pennsylvania”) by letter dated August 28, 2014.  Governor Tom Corbett and the Pennsylvania Department of Welfare submitted the waiver application in February. The approval paves the way for a five-year demonstration project that begins on January 1, 2015 and is intended to “expand access to coverage to adults in Pennsylvania with incomes through 133 percent of the federal poverty level.” The Waiver includes changes that will be implemented through state Medicaid plan amendments and the demonstration project.

Waiver Priorities

• Improving access;
• Ensuring quality; and
• Providing affordability.

Waiver Objectives

• Promoting access to health insurance through the private insurance marketplace;
• Encouraging healthy behaviors and appropriate care, including early intervention, prevention, and wellness; and
• Increasing quality of care and efficiency of the health care delivery system.

Waiver Highlights (applicable to individuals enrolled in Medicaid and Healthy PA PCO)

• Inclusion of a private coverage option, Healthy PA PCO, which will make coverage available through a private commercial market that will operate outside of the Pennsylvania’s federally-run exchange
• Commercial insurance carriers, who are likely to be HealthChoices MCOs, will offer at least two health plans for individuals eligible for Healthy PA PCO
• Inclusion of Medicaid plan options categorized as “low risk” or “high risk” (these plans are not yet finalized and the parameters will be subject to negotiation with CMS)
• No premiums are required in year one
• Monthly premiums are required in year two for eligible individuals who have incomes greater than 100% of the federal poverty level (up to 2% of their income with the ability to reduce the premium based on healthy behaviors)
• Individuals enrolled in Healthy PA PCO and Medicaid will pay an amount equal to currently existing Medicaid copayments in year one of Healthy Pennsylvania’s implementation
• Elimination of copayments, except for $8 co-payments for non-emergency visits to emergency rooms, beginning in year two of Healthy Pennsylvania’s implementation

The Hospital & Healthsystem Association of Pennsylvania recently announced its support of Healthy Pennsylvania’s goals. Despite those who oppose Healthy Pennsylvania because among other reasons, it is viewed as not being the “traditional” Medicaid expansion as envisioned by the Affordable Care Act, Governor Tom Corbett anticipates that Healthy PA PCO will increase access to health care for over 600,000 eligible Pennsylvanians. Notably, CMS did not approve the proposed work search requirement, which would have required certain adults to undertake work search activities in order to qualify and remain eligible for health coverage under Healthy Pennsylvania. According to CMS, the approval of Pennsylvania’s Waiver makes it one of 28 states, including the District of Columbia, to expand Medicaid.

For more information regarding the Waiver, please contact Mark Gallant, Chris Raphaely, or J. Nicole Martin.

J. Nicole Martin

More Posts

With little fanfare just before the Labor Day weekend, CMS announced a program in which it would enter into administrative agreements with eligible providers in exchange for the providers’ withdrawal of pending appeals (“Settlement Process”). This announcement follows massive backlogs in administrative appeals resulting from retroactive denials of inpatient claims by Medicare contractors, including recovery auditor contractors (“RAC”), as well as a lawsuit brought by the American Hospital Association challenging these delays. Under the Settlement Process, CMS is willing to pay “68% of the net allowable amount” for eligible claims within 60 days. According to CMS, eligible providers should submit requests to participate in the Settlement Process by October 31, 2014, and eligible providers may file for an extension of time to request a settlement if they are unable submit requests by the end of October. Although this Settlement Process holds promise for certain providers, it does not apply to all providers or all claims.

Eligible Providers

Only acute care hospitals and critical access hospitals may participate in the Settlement Process. The following providers are not eligible to participate:

• Cancer hospitals;
• Children’s hospitals;
• Inpatient rehabilitation facilities;
• Long-term care hospitals; and
• Psychiatric hospitals that are paid under the inpatient psychiatric facility prospective payment system.

CMS may exclude eligible providers from participating in this Settlement Process if they are subject to pending False Claims Act litigation or investigations.

Eligible Claims

Only the following claims are eligible:

• Claims for dates of admissions prior to October 1, 2013;
• Claims for patients that were not Medicare Part C enrollees; and
• Claims that are pending appeals of inpatient-status claim denials, which were rejected by Medicare contractors, including RACs.

An eligible provider may select the eligible claims it would like to settle, while continuing to appeal certain other claims.

For more information regarding the Settlement Process, please contact Mark Gallant, Chris Raphaely, or Ryan Blaney.

J. Nicole Martin

More Posts

Daily news stories about data breaches and enforcement actions seem to be the new norm, so it’s no surprise that people may start to believe that hackers have won the war and that no personal health information is safe. But exactly how many breaches have been reported in the last several years? And were the breaches the result of nefarious plots or just plain incompetence? About how many HIPAA investigations has the government actually launched?

Rest assured, Congress has been asking similar questions as well. The HITECH Act requires the Department of Health and Human Services Office for Civil Rights (OCR) to submit annual reports to Congress that provide contextualized information about incident rates and government action; OCR published its most recent two reports on Breaches of Unsecured Protected Health Information (Breach Report) and HIPAA Privacy, Security, and Breach Notification Rule Compliance (HIPAA Compliance Report).  In addition to including cumulative data, the reports cover relevant activities that occurred between January 1, 2011, and December 31, 2012. Continue reading…

J. Nicole Martin

More Posts

The United States Department of Justice (DOJ) recently announced the settlement of two qui tam whistleblower lawsuits against Omnicare Inc., the largest nursing home pharmaceutical and pharmacy services vendor in the nation. The suits alleged that Omnicare gave significant discounts to skilled nursing facilities in exchange for lucrative referrals and pharmacy provider contracts. This $124.24 million settlement is the largest ever in a “swapping” case brought under the Anti-Kickback Statute.

In addition to its size, this settlement is noteworthy because DOJ had initially declined to intervene in the underlying suits and relators pursued the claims independently. That go-it-alone decision was so resoundingly vindicated in Omnicare, it is likely that this case will encourage other whistleblowers to follow a similar course of action. Relators have long had the right to continue False Claims Act litigation without governmental participation. DOJ’s decision whether to intervene or not was traditionally (although not explicitly stated) viewed as a reflection of the strength of the whistleblower’s allegations.  With the increase in whistleblower complaints, the limitations on the number of cases that DOJ can put resources on, statutory changes, the rise of a specialized qui tam bar, and big dollar victories like this may significantly increase the number of independent qui tam lawsuits. Continue reading…

J. Nicole Martin

More Posts