HHS

Largest Criminal Health Care Fraud Takedown – 243 Charged and $712 Million in False Billings

Posted by Ryan Blaney on June 18, 2015
DOJ, FBI, Fraud and Abuse, HHS, Hospital, Medicare / No Comments

shutterstock_156007331

On June 18, 2015, HHS Secretary Sylvia M. Burwell and DOJ Attorney General Loretta E. Lynch announced nationwide arrests in Medicare fraud schemes amounting to approximately $712 million in false billings.  Attorney General Lynch described the strike as “the largest criminal health care fraud takedown in the history of the Department of Justice, and it adds to an already remarkable record of enforcement.”

According to the Department of Justice Press Release the takedown was led by the Medicare Fraud Strike Force and resulted in 243 individuals, including 46 doctors, nurses and licensed medical professionals, being charged with Medicare fraud.  This Strike Force targeted false billings for the following services:

  • Home Health
  • Psychotherapy
  • Physical and Occupational Therapy
  • DME
  • Pharmacy Fraud

The nationwide sweep included Florida, Texas, California, Louisiana, New York and Michigan.  Miami was a particular focus with 73 defendants charged and $263 million of false billings for home health, mental health and pharmacy services.

This nationwide sweep involved significant coordination between multiple government enforcement agencies and illustrates the government’s joint efforts to target health care fraud.  Included in the press conference were FBI Director James B. Comey, Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Inspector General Daniel R. Levinson of the HHS Office of Inspector General (HHS-OIG) and Deputy Administrator and Director of CMS Center for Program Integrity Dr. Shantanu Agrawal.

Assistant Attorney General Caldwell spoke and emphasized the Criminal Division’s increased focus on Medicare fraud stating,  “Every day, the Criminal Division is more strategic in our approach to prosecuting Medicare Fraud.  We obtain and analyze billing data in real-time.  We target hot spots – areas of the country and the types of health care services where the billing data shows the potential for a high volume of fraud – and we are speeding up our investigations.  By doing this, we are increasingly able to stop schemes at the developmental stage, and to prevent them from spreading to other parts of the country.”

For further information contact Ryan P. Blaney or any member of Cozen O’Connor’s health care team.

Ryan Blaney

Ryan represents health care and life sciences clients in a wide range of litigation, regulatory, and transactional matters, but has particular experience in the areas of privacy law compliance and health care fraud litigation. In his regulatory and transactional practice, Ryan serves public and private health care companies, academic medical centers, health systems, hospitals and physician organizations, manufacturers, medical devices, information technology and health plans

More Posts - Website

Tags: ,

OCR Announces Another HIPAA Settlement and Warns Not to Forget About Paper Records

Posted by Gregory M. Fliszar on May 04, 2015
HHS, HIPAA, OCR / No Comments

On April 27, 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that Cornell Prescription Pharmacy (“Cornell Pharmacy”) had entered into a resolution agreement to settle, without an admission of liability or wrongdoing, potential HIPAA violations. As part of the resolution agreement Cornell Pharmacy will pay $125,000 and enter into a two-year corrective action plan (“CAP”) focused on correcting the alleged deficiencies in its HIPAA compliance program.

Cornell Pharmacy is a small, single store pharmacy located in Denver, Colorado that specializes in compound medications and providing services for local hospice agencies. OCR began an investigation into the pharmacy after it received a media report from a Denver news agency that protected health information (“PHI”) belonging to Cornell Pharmacy was apparently disposed of and found in an unlocked, publically accessible dumpster. The documents were not shredded and contained the PHI of approximately 1,610 of Cornell Pharmacy’s patients.   After conducting its investigation, OCR concluded that Cornell Pharmacy failed to implement any written policies and procedures as required by HIPAA’s Privacy Rule, and further failed to provide training on the Privacy Rule to its workforce members.

This settlement is instructive as OCR again highlights the importance of having updated and comprehensive HIPAA policies and procedures in place, including policies on the proper disposal of PHI, and on training all staff on those policies and procedures.   Further, in this year of massive cyber-attacks and other breaches of electronic data, this HIPAA settlement serves to remind covered entities and business associates not to forget about protecting their paper records as well.   As stated by OCR in its press release, “Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper.” As discovered by Cornell Pharmacy, a breach or other improper disclosure of paper PHI can also result in significant consequences.

For further information please contact the author, Gregory M. Fliszar (Philadelphia, PA), or other members of Cozen O’Connor’s healthcare team.

Gregory M. Fliszar

Greg focuses his practice on health law and handles a variety of health law litigation and regulatory and compliance matters for a number of different types of health care providers, including hospitals, hospices, mental health providers and physician groups. He has significant experience with HIPAA and privacy issues and has counseled insurance company clients on understanding their obligations under the Medicare Secondary Payer Act.

More Posts - Website

Tags: , , , , , , , , , , , ,

Another Health Plan Hit By Massive CyberAttack and Class Actions Follow

Coming fresh off the heels of the Anthem data breach Premera Blue Cross announced on March 17th that it was the victim of a “sophisticated” cyberattack that may have exposed the personal information of approximately 11 million of its members.  Premera has approximately 6 million members residing in the State of Washington, 250,000 members residing in Oregon and 80,000 members residing in Alaska.  Premera stated that the cyberattack began sometime in May of 2014 but was not discovered until the end of January 2015.   According to Premera, the information exposed may include social security numbers, bank account information, and medical and financial information, including clinical information.

Three state insurance commissioners (Washington, Oregon and Alaska) have already launched a joint investigation and a market conduct examination of Premera related to the breach.  The joint investigation will include on-site reviews of Premera’s financial books, records, transactions, and Premera’ cybersecurity.  The Washington Insurance Commissioner has expressed concern over the length of time (approximately six weeks) it took for Premera to notify his office of the attack.  Alaska’s governor ordered all state agencies to review their online security safeguards as well as those put in play by their business associates.  Premera is also conducting an internal forensic investigation by a cybersecurity firm and is cooperating with the FBI in a criminal investigation.

Combined with the cyberattacks on Community Health Systems and Anthem, this is the third large attack on a member of the health care industry announced in the last seven months, and these three breaches may have collectively impacted approximately 95.5 million people.   As these attacks illustrate, health information is now a high priority target for cybercriminals.  Currently a complete health record may be worth at least ten times more than credit card information on the black market as health records often include a wealth of personal information that can be used for identity theft and to file false health insurance claims.  Further, the data security protections currently in place in the health care industry tend to lag behind those in the banking and financial sector, which makes the information vulnerable to attack by those who view the valuable information as “low hanging fruit.”

Similar to the Anthem and the Community Health Systems breaches, Premera was immediately hit by a proposed class action accusing Premera of negligence and inadequate security.  The March 26, 2015 Complaint alleges that Premera breached its duty of care by failing to secure and safeguard the personal and health information of its members and negligently maintaining a system that it knew was vulnerable to a security breach.  The Complaint further alleges that Premera has a duty to secure and safeguard the personal health information of its members under HIPAA and its failure to implement security and privacy safeguards was a violation of HIPAA.  The Complaint also alleges violations of state consumer protection laws and data disclosure laws.

As evident by the Anthem and Premera breaches, a single security incident resulting in a data breach can have significant consequences for health care companies and business associates that include government investigations, class action lawsuits, and a hit to the organization’s reputation.  To manage this risk, we encourage all companies handling health information to conduct comprehensive risk assessments and to create, review and update their data security policies and procedures to ensure that they are doing enough to adequately protect the health information maintained on their IT systems and elsewhere in their organization.

Ryan Blaney

Ryan represents health care and life sciences clients in a wide range of litigation, regulatory, and transactional matters, but has particular experience in the areas of privacy law compliance and health care fraud litigation. In his regulatory and transactional practice, Ryan serves public and private health care companies, academic medical centers, health systems, hospitals and physician organizations, manufacturers, medical devices, information technology and health plans

More Posts - Website

Tags: , , ,

HHS Ups The Ante: Announces Percentages And Time Frames On Goals For Medicare Pay-For-Value Efforts

Posted by Chris Raphaely on January 27, 2015
Accountable Care Organizations, Affordable Care Act, CMS, HHS, Medicaid, Medicare / No Comments

On January 26, 2015, the Secretary of the United States Department of Health and Human Services (“HHS”), Sylvia Mathews Burwell, announced two important goals for the Department:

  1. Increase the percentage of Medicare provider payments that are made through alternative payment models based on how well the providers care for patients, rather than the amount of care provided. The percentage goals for these alternative payment models are 30% by 2016 and 50% by 2018.
  2. Tie virtually all Medicare fee-for-service payments (85% in 2016 and 90% in 2018) to quality and value.

This announcement puts hard numbers on the goal to move away from traditional fee-for-service Medicare payments that has been stated generally since at least 2010 when the Affordable Care Act was enacted. By clearly delineating specific figures for alternative payment models, such as accountable care organizations and bundled payment arrangements, from those figures for payment methods, HHS has made it clear that providers should be thinking not just about different forms of payment but different forms of organizations and relationships with other providers. Alternative payment models generally require coordination among different types of providers who may not otherwise be related to each other.

While the announced goals focus on the Medicare fee-for-service system, it is clear that HHS intends the impact of these goals to be far broader. Ms. Burwell also announced the creation of a Health Care Payment Learning and Action Network to facilitate a public-private sector partnership to “continue to build on our work with state Medicaid agencies, private payers, employers, consumers and other partners,” while welcoming the fact that “our partners in the private sector have the opportunity to be even more aggressive” in establishing alternative payment models and pay-for-value compensation systems. On the same day as Ms. Burwell’s announcement, the Centers for Medicare and Medicaid Services released a fact sheet stating that it is taking action with a goal to spend “our health dollars” more wisely, citing the importance of the goal for patients, families, providers, tax payers, employers, states and insurance companies, and making it clear that HHS and CMS fully intend to have their efforts to transform health care delivery and payment systems to reverberate well beyond the Medicare program.

Chris Raphaely

Chris joined Cozen O’Connor’s Philadelphia office in 2014 as co-chair of the Health Care Practice Group. Prior to joining the firm, Chris served as deputy general counsel to Jefferson Health System and general counsel to the system’s accountable care organization and captive professional liability insurance companies.

More Posts

Tags: , , , , , , ,

CMS Releases Final Rule That Increases Difficulty of Medicare Enrollment

Posted by J. Nicole Martin on December 16, 2014
CMP, HHS, Medicaid, Medicare / No Comments

In early December, CMS released a final rule that implements certain provider (i.e., Hospitals, SNFs, physicians, etc.) and supplier (i.e., DME companies, etc.) enrollment requirements  (“Rule”). The goal of CMS’ implementation of the Rule is two-fold: to (i) “[s]trengthen program integrity;” and (ii) “help ensure that fraudulent entities and individuals do not enroll in or maintain their enrollment in the Medicare program.” The new requirements make obtaining and maintaining Medicare billing privileges for providers and suppliers more cumbersome.

For providers or suppliers treating Medicare patients, enrollment in the Medicare program is required in order to obtain Medicare billing privileges. A provider or supplier may enroll electronically using the Provider Enrollment, Chain, and Ownership System, known as PECOS, or by submitting a paper CMS enrollment form. CMS provides specific enrollment forms for institutional providers (CMS Form-855A: i.e., hospitals, SNFs); other providers (CMS Form 855-B: i.e., clinics/group practices); and physicians and other practitioners (CMS Form 855-I). Further, under Section 6401(a) of the Affordable Care Act, Medicare providers and suppliers that enrolled prior to March 25, 2011 are required to undergo a revalidation process in order to maintain their Medicare billing privileges, wherein the providers or suppliers essentially complete the applicable Medicare enrollment application as if they are a “new” provider or supplier enrollee. However, new enrollee providers and suppliers that submitted their enrollment applications on or after March 25, 2011 are exempt from this revalidation process. MACs are continuing to send out revalidation “requests” on a regular basis to enrollees until March 23, 2015.

The following selected updates to the provider and supplier enrollment requirements in the Rule parallel the recent trend of the federal government expanding its existing authority (i.e., the proposed rule to expand the OIG of the HHS’ exclusion authority) and cracking down on impermissible practices:

  •  “[a]llowing revocation of Medicare billing privileges if the provider or supplier has a pattern or practice of submitting claims that fail to meet Medicare requirements”;
  •  “expanding the instances in which a felony conviction can serve as a basis for denial or revocation of a provider[’s] or supplier’s enrollment”;
  • “if certain criteria are met, enabling [Medicare] to deny enrollment if the enrolling provider, supplier, or owner thereof had an ownership relationship with a previously enrolled provider or supplier that had a Medicare debt”;  and
  • “enabling [Medicare] to revoke Medicare billing privileges if [Medicare] determine[s] that the provider or supplier has a pattern or practice of submitting claims that fail to meet Medicare requirements.”

In addition, CMS clarified in the Rule that any final decision regarding the revocation of a provider’s or supplier’s Medicare billing privileges would come from the “CMS central office” rather than the provider’s or supplier’s MAC. CMS further explained that the re-enrollment bar does not apply to a provider’s or supplier’s failure to timely respond to a revalidation request or request for other information.

The regulations implementing this Rule will be effective February 3, 2015. For additional information regarding the new provider and supplier enrollment requirements under the Rule, contact Cozen O’Connor’s health law team.

J. Nicole Martin

Nicole assists accountable care organizations, health care systems, long term care providers (e.g., skilled nursing facilities, continuing care retirement communities), behavioral and mental health providers, medical device manufacturers, physician practices, and pharmacies with their compliance, regulatory, and transactional needs. Nicole’s practice includes providing clients with counsel regarding telehealth laws, HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws.

More Posts - Website

Tags: , , ,

OIG Releases Proposed Gainsharing Regulation

Posted by Chris Raphaely on December 15, 2014
CMP, HHS, Medicaid, Medicare, OIG / No Comments

In early October, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) released a proposed rule that included, among other provisions, a proposed gainsharing regulation (“Proposed Rule”), and a specific request for comments on a definition of what it means to “reduce or limit services” under the statutory prohibition against certain “gainsharing” arrangements among hospitals and physicians. The OIG’s goal with this Proposed Rule and subsequent final rule is to “interpret the statutory [gainsharing] prohibition broadly enough to protect beneficiaries and the Federal health care programs, but narrowly enough to allow low risk programs that further the goal of delivering high quality health care at a lower cost.” More specifically, the OIG seeks to implement a “narrower interpretation of the phrase “reduce or limit services.” Industry analysts are touting the final regulation as a potential game changer in the battle to deliver “high quality health care at a lower cost.”

The existing gainsharing civil monetary penalty statute (“Gainsharing CMP”) is a law that broadly “prohibits hospitals and critical access hospitals from knowingly paying a physician to induce the physician to reduce or limit services provided to Medicare or Medicaid beneficiaries who are under the physician’s direct care.” Violation of the Gainsharing CMP by a hospital that makes such payment, and a physician that in turn knowingly accepts the payment, results in CMPs that are no greater than $2,000 per each beneficiary for whom such payment is made.

Determining what does and what does not constitute a payment designed to reduce or limit services can be difficult, particularly because, as HHS has taken pains to point out, the statute technically prohibits payments from hospitals to physicians to limit any services, not just medically necessary services. However, as far back as 2005 the Medicare Payment Advisory Commission and the Chief Counsel to the OIG have supported gainsharing when safeguards are in place to evaluate risks posed by such programs, including “measures that promote accountability, adequate quality controls, and controls on payments that may change referral patterns,” and to date, the OIG has approved 16 gainsharing arrangements through the advisory opinion process.

More recently, under Section 3022 of the Affordable Care Act, the secretary of HHS established  waivers under the Medicare Shared Savings Program (MSSP) with respect to the Gainsharing CMP under certain conditions. These waivers have limited applicability as they apply only to accountable care organizations that participate in the MSSP. The final gainsharing regulations presumably will cover all hospitals and could potentially have a much broader impact upon hospital physician compensation arrangements. Overall, the Proposed Rule and the OIG’s request for comments on what should and should not constitute prohibited payments from hospitals to physicians to reduce or limit services is yet another example of how the regulatory  landscape is changing to adapt to a reimbursement model that is evolving from a fee-for-service dominated model to one in which pay-for-performance will play a much larger role.

The comment period closed under the Proposed Rule in early December, and the final rule is expected in 2015.

 

Chris Raphaely

Chris joined Cozen O’Connor’s Philadelphia office in 2014 as co-chair of the Health Care Practice Group. Prior to joining the firm, Chris served as deputy general counsel to Jefferson Health System and general counsel to the system’s accountable care organization and captive professional liability insurance companies.

More Posts

Tags: , , , , , , , , , , ,

With a New Year Rolls in a New OIG Work Plan

Posted by Robert A. Chu on December 12, 2014
ACA, HHS, HIPAA, Medicaid, Medicare, OIG / No Comments

Recently, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) released its Work Plan for Fiscal Year 2015 (“Work Plan”).  The OIG protects the integrity of HHS programs by identifying fraud and abuse and by suggesting improvements to HHS programs.  The Work Plan informs the public of new and ongoing reviews that OIG plans to pursue during the current fiscal year.

For Fiscal Year 2015 and beyond, OIG intends to focus on emerging payment, eligibility, management, and IT systems security vulnerabilities in the ACA programs, such as the health insurance marketplace.  OIG stated that it would also focus on the efficiency and effectiveness of payment policies in inpatient and outpatient settings, for prescription drugs, and in managed care.

Some specific new items of note include: (1) identifying clinical laboratories that routinely submit improper Medicare claims, (2) reviewing the rate of and reasons for transfers from group homes or nursing facilities to emergency departments as a potential indicator of poor quality, (3) identifying Medicaid MCO payments made on behalf of deceased or ineligible beneficiaries, and (4) assessing the extent to which hospitals comply with the contingency planning requirements of HIPAA.

The Work Plan is a valuable resource annually published by the OIG for providers to identify potential compliance risk areas.

Cozen O’Connor recently published another blog of the Work Plan with the Work Plan’s specific focus on HIPAA and/or information technology that the OIG will examine and address during Fiscal Year 2015.

Robert A. Chu

Rob is a member in the Health Law Practice Group. He primarily represents health care clients in Medicare, Medicaid, and third-party payor reimbursement disputes. Rob also counsels health care clients on regulatory and compliance issues. He was selected as a Super Lawyers Rising Star (Health Care) for 2016-2018.

More Posts - Website

Tags: , , , , , , , , , , , , ,

OIG’s New Work Plan Focuses on the Security of Health Information

Posted by Gregory M. Fliszar on December 04, 2014
CMS, HHS, HIPAA, OIG / No Comments

On October 31, 2014, The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Work Plan for fiscal year (FY) 2015.  The Work Plan summarizes “new and ongoing reviews of activities that OIG plans to pursue with respect to HHS programs and operations during the current fiscal year and beyond.”  In the Work Plan OIG identified several areas related to HIPAA and/or information technology that it will examine and address during FY 2015.

As a new addition to the Work Plan, OIG will determine the extent to which hospitals comply with the contingency requirements of HIPAA.  HIPAA’s Security Rule requires covered entities and their business associates to have in place a contingency plan that establishes policies and procedures for responding to an emergency or other event (such as, for example, natural disasters, system failures, terrorism) that damages systems containing electronic protected health information (ePHI).  These policies and procedures must, at a minimum, include data backup plans, data recovery plans and plans to continue to protect the security of ePHI while operating in emergency operations mode.  In the Work Plan OIG advises that it will compare contingency plans used by hospitals with government and industry recommended practices. 

As part of the Work Plan, OIG will continue to examine whether the Centers for Medicare & Medicaid Services’ (CMS) oversight of hospitals’ security controls over networked medical devices is sufficient to protect ePHI.   The OIG noted that computerized medical devices such as dialysis machines, radiology systems and medication dispensing systems that use hardware, software and networks to monitor a patient’s condition and transmit and/or receive data using wired or wireless communications pose a growing threat to the security and privacy of personal health information. 

OIG also plans to continue to perform audits of covered entities receiving incentive payments for the use of electronic health records (EHRs) and their business associates (including cloud providers) to determine whether they are adequately protecting ePHI created or maintained by certified EHR technology.  In addition, OIG will review the adequacy of CMS’ oversight of states’ Medicaid system and information controls.  Prior OIG audits found that states often fail to have in place adequate security features, potentially exposing Medicaid beneficiary information to unauthorized access.

As to future endeavors, the Work Plan stated that other areas under consideration for new work include the security of electronic data, the use and exchange of health information technology, and emergency preparedness and response efforts.  In addition, OIG advises that in FY 2015 and beyond, it will continue to focus on IT systems security vulnerabilities in health care reform programs such as health insurance marketplaces. 

Gregory M. Fliszar

Greg focuses his practice on health law and handles a variety of health law litigation and regulatory and compliance matters for a number of different types of health care providers, including hospitals, hospices, mental health providers and physician groups. He has significant experience with HIPAA and privacy issues and has counseled insurance company clients on understanding their obligations under the Medicare Secondary Payer Act.

More Posts - Website

Tags: , , , , , , , , , , , , ,

OCR Publishes Bulletin Regarding Privacy in Light of Ebola Outbreak

Posted by J. Nicole Martin on November 18, 2014
CDC, HHS, OCR / No Comments

In response to the recent Ebola outbreak in West Africa and in light of patients being treated in several hospitals in the U.S., the HHS, OCR (OCR) recently issued a HIPAA Bulletin to remind us that HIPAA covered entities and business associates must maintain the privacy of protected health information (PHI) even in emergency situations (“Guidance”). According to the OCR, the Guidance serves as a reminder “that the protections of the [HIPAA] Privacy Rule are not set aside during an emergency.”

The OCR explains that the HIPAA Privacy Rule requires a balance between the protection of the privacy of PHI against the necessary uses and disclosures of such information “to treat a patient, to protect the nation’s public health, and for other critical purposes” during emergency situations.  Although the OCR introduces no new requirements under the HIPAA Privacy Rule, the Guidance lays out the circumstances under which patient information may be shared in emergencies, such as for/due to:

  •  Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
  • Disclosures to the Media or Others Not Involved in the Care of the Patient/Notification
  • Imminent Danger
  • Public Health Activities (i.e., to a public health authority; at the direction of a public health authority, to a foreign government agency; and to persons at risk)
  • Treatment

The OCR reminds us that most disclosures require covered entities to make “reasonable efforts to limit the information disclosed to that which is the ‘minimum necessary.’” Further, covered entities are also required to: (i) implement “reasonable” safeguards necessary to protect PHI from intentional/unintentional uses and disclosures that are impermissible under HIPAA; and (ii) continue to apply administrative, physical and technical safeguards to protect e-PHI under the HIPAA Security Rule.

Further, according to the OCR, under the Project Bioshield Act of 2004 and Section 1135(b)(7) of the Social Security Act, the Secretary of HHS may waive certain HIPAA Privacy Rule provisions during public health or other emergencies. Such limited waivers require both the President to declare an emergency or disaster and the Secretary of HHS to declare a public health emergency. Additional information regarding the limited waivers appears in the Guidance.

As Ebola remains an emergency of both national and international concern, it not surprising that federal agencies continue to publish updated Ebola guidance. This Guidance reminds all of us, especially covered entities and business associates, that even in emergency situations, patient privacy must be protected, unless the limited waiver is invoked, and if not, covered entities and business associates will face consequences for violating the HIPAA Privacy Rule. For additional information regarding the HIPAA Privacy Rule in the context of emergency situations, see the HHS website.  Also see similar guidance (Bulletin and Bulletin  published by HHS in 2005 in response to Hurricane Katrina.

 

J. Nicole Martin

Nicole assists accountable care organizations, health care systems, long term care providers (e.g., skilled nursing facilities, continuing care retirement communities), behavioral and mental health providers, medical device manufacturers, physician practices, and pharmacies with their compliance, regulatory, and transactional needs. Nicole’s practice includes providing clients with counsel regarding telehealth laws, HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws.

More Posts - Website

Tags: , , , , , , , , , , , ,

Skilled Nursing Facility Reaches Largest Failure of Care Settlement in DOJ History

Posted by J. Nicole Martin on October 13, 2014
DOJ, HHS, Medicaid, Medicare / No Comments

On Friday October 10, 2014, the Department of Justice (DOJ) and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) jointly announced a $38 million settlement with a skilled nursing facility (SNF), Extendicare Health Services Inc. (Extendicare) and its subsidiary Progressive Step Corporation (ProStep). Extendicare owns and operates 146 SNFs in eleven states. Prostep offers Extendicare residents occupational, physical and speech rehabilitation services.

The settlement stemmed from allegations in two qui tam cases: United States ex rel. Lovvorn v. EHSI, et. al. C.A. 10-1580 (E.D. Pa); and United States ex rel. Gallick et al., v. EHSI et al., C.A. 2:13cv-092 (S.D. Ohio). The allegations were that Extendicare (1) “billed Medicare and Medicaid for materially substandard nursing services that were so deficient that they were effectively worthless”; and (2) “billed Medicare for medically unreasonable and unnecessary rehabilitation therapy services.” Continue reading…

J. Nicole Martin

Nicole assists accountable care organizations, health care systems, long term care providers (e.g., skilled nursing facilities, continuing care retirement communities), behavioral and mental health providers, medical device manufacturers, physician practices, and pharmacies with their compliance, regulatory, and transactional needs. Nicole’s practice includes providing clients with counsel regarding telehealth laws, HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws.

More Posts - Website

Tags: , , , , , , , , ,