The new CMS “Two-Midnight Rule,” which is intended to provide greater clarity regarding when inpatient hospital admissions are generally appropriate for Medicare Part A payment, goes into effect today. However, in order to address widespread concern among hospitals and doctors about the new rule, CMS officials announced last Thursday that government recovery auditors will delay scrutiny of short inpatient stays for 90 days while providers get acclimated to the new policy. This CMS policy, which was issued as a proposed rule in March and as a final rule on August 2, is in part a response to hospital complaints that auditors were denying large numbers of claims for inpatient care because the auditors believed the patient could have been considered an outpatient under observation status (Medicare pays less for outpatient services than inpatient care).
In an attempt to clarify billing for inpatient stays, CMS now says that a physician must sign an admitting order, which must be “supported by the physician admission and progress notes, in order for the hospital to be paid for hospital inpatient services under Medicare Part A.” When the physician “expects to keep the patient in the hospital for only a limited period of time that does not cross 2 midnights, the services are generally inappropriate for payment under Medicare Part A, regardless of the hour that the patient came to the hospital or whether the patient used a bed.”
Auditors reviewing claims are instructed to presume that stays lasting two midnights or longer are reasonable and necessary and will qualify for higher payment under Medicare Part A. However, stays lasting less than two midnights will not be presumed to qualify as inpatient stays and instead will be paid under Medicare Part B, which covers outpatient services.
In a New York Times column, Obamacare’s Other Surprise, Thomas L. Friedman wrote that health data is “creating a new marketplace and platform for innovation – a health care Silicon Valley – that has the potential to create better outcomes at lower costs.” The growth of this new industry is due, in large part, to the federal health care law’s financial incentives for groups of doctors, hospitals, and other health care providers that can prove they’re more efficient and higher in quality than competitors.
The idea behind all of this is that if the government provides the public with health data it has already collected on things such as quality and prices, innovators will turn it into new tools that advance health and lower costs across the system. In fact, a lot of the new technology being developed has been expanded by a decision of the Department of Health and Human Services (“HHS”) to make data available that had been gathered over the years, but had not been accessible in computer readable forms that could be used to improve health care. Last month, HHS hosted the Health Data Initiative Forum IV which has come to be known as “Health Datapalooza.” The conference is a forum that features the newest and most innovative uses of health data. Events at last month’s conference included a contest to come up with the best health app on the spot and a hack-a-thon to see who could come up with a brilliant way to use Medicare claims data.
It’s hard to know whether the questions about health care costs and quality can be answered by the next great app, but the momentum for this type of innovation has definitely started.
The OIG released the Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in the Federal Health Care Programs last week. The prior Bulletin from 1999 left many unanswered questions, such as the scope of a provider’s obligation to screen employees and contractors and how a provider discloses to the OIG when it discovers that it has employed or contracted with an excluded entity or person. This latest bulletin provides a laundry list of recommended “best practices” when it comes to screening and re-screening employees and contractors, and the bulletin directs providers to use the OIG’s self-disclosure protocol to report employment of or contracting with an excluded person.
The OIG’s best practices guidance includes the following:
- Use the OIG’s List of Excluded Individuals and Entities (LEIE). The LEIE has undergone extensive updates and revisions in the past several years to make it a more user-friendly experience and a more efficient process for providers to check.
- Screen Early and Often. Providers should check the LEIE prior to employing or contracting with persons and periodically check the LEIE (the OIG recommends checking the LEIE monthly) to determine the exclusion status of current employees and contractors.
- Cast a Broad Net. The OIG recommends that providers frequently inventory contractual arrangements to determine whether the entity and/or persons providing the items or services should be screened. If an item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program (or if the entity or person directs the provision of items or services payable by a Federal health care program), then the best mechanism for limiting civil monetary penalty (CMP) liability is to screen all persons that perform under that contract or that are in that job category.
- Double-Check Contractors. The OIG recommends that providers screen everyone – even nurses provided by a staffing agency. However, if the entity providing the individuals is contractually responsible for screening, the OIG recommends, at the very least, that providers validate that the contractor is conducting such screening on behalf of the provider (e.g., by requesting and maintaining screening documentation from the contractor).
- The LEIE is the Best Resource. Although providers may choose to check the General Services Administration’s System for Award Management and other systems that report sanctions or adverse actions taken with respect to health care practitioners (e.g., the National Practitioner Data Bank) to obtain information about other types of sanctions reported in that database, the OIG recommends that providers use the LEIE as the primary database for purposes of exclusion screening for potential and current employees and contractors.
In light of the possibility of the imposition of CMPs against providers that employ or enter into contracts with excluded persons, providers should take note of the OIG’s latest guidance and consider updating their screening policies and procedures.
Last month, the Department of Justice (DOJ) announced that it had entered into a $25.5 million settlement with Intermountain Health Care, Inc. (Intermountain), Utah’s largest health system with 22 hospitals and more than 4,500 physicians, to resolve self-reported violations of the Stark Law and the False Claims Act. The claims at issue primarily involved compensation arrangements using impermissible payment formulas with employed physicians, alleged fair market value shortcomings in physician lease arrangements, and other physician compensation or services agreements that were oral or insufficiently memorialized in writing per regulatory requirements.
Interestingly, as reported in an article in the Salt Lake Tribune on April 3, 2013, Intermountain’s leadership initiated a year-long internal review of employment agreements and lease agreements within its system after, according to Intermountain’s chief medical officer, a group “went to a three-day conference on [2007 updates to the Stark law] and came home from that and said, ‘We need to look at our processes,’” and, thereafter, “started picking up rocks and finding things underneath.” While the vast majority of the claims included in the DOJ settlement appear to be what some may consider legal “technicalities” rather than part of a grand plan to game the health care system, Intermountain’s voluntary settlement highlights how even perceived “technicalities” continuing over a period of years can have a tremendous, negative financial impact on any health care provider, even one who tried to do the right thing once it became aware of such deficiencies.
A voluntary compliance plan should be tailored to your organization and, at a minimum, should include the following key components: designation of an active compliance officer or committee; robust and clear compliance standards and procedures; regular internal review, monitoring and auditing; compliance training, education and communication across the organization; protocols for receiving and responding to detected shortfalls and prompt correction action; consistent and regular enforcement; and procedures to review and update the organization’s compliance plan on a timely basis when necessary.
The Office of Inspector General (OIG) released an updated provider self-disclosure protocol (SDP) last week, which replaces the original SDP issued in 1998 and various OIG Open Letters that provided additional guidance on the program. The OIG outlined what it considers to be some significant benefits to disclosing potential fraud through the SDP:
- The OIG explained that it has “instituted a presumption against requiring integrity agreement obligations,” which can be very expensive for providers to implement.
- The OIG explained that its general practice is to require a minimum multiplier of 1.5 times the single damages at issue even though under the CMP law the OIG may assess up to 3 times the single damages.
- The OIG discussed the overpayment rule proposed by CMS last year and noted that the time for repayment of an identified overpayment will be tolled for the disclosing party.
Health care providers are eligible to use the SDP to resolve liability arising from the potential violation of federal criminal, civil, or administrative laws for which CMPs are authorized, but matters involving simple overpayments or errors as well as matters involving potential liability under the Stark law only are not eligible for resolution through the SDP (Stark law matters should be disclosed to CMS under the Stark Self-Referral Disclosure Protocol).
The upshot is that the updated SDP formally adopts many practices that have become fairly standard throughout the history of the program. Although the information may not be entirely new, the updated SDP more clearly outlines the OIG’s expectations for self-disclosing potential fraud and provides for a streamlined resolution of potential liability.
Section 501(r) was added to the Internal Revenue Code by the Patient Protection and Affordable Care Act in order to expand and clarify the federal requirements for tax-exempt hospitals by establishing new standards relating to community health needs assessments; financial assistance policies; and hospital charges, billing, and collection practices. The IRS has issued proposed regulations on the requirement that tax-exempt hospitals conduct community health needs assessments (the “CHNA”) and adopt implementation strategies at least once every three years. A hospital that fails to meet the CHNA requirements for any taxable year is subject to a $50,000 excise tax. The proposed regulations, which were formally published last Friday, also provide long-awaited detail on the penalties hospitals may face for failing to meet any of the requirements in Section 501(r).
The proposed regulations are largely consistent with earlier guidance provided in IRS Notice 2011-52; however, the nonprofit hospital community will likely be pleased with the regulations because they allow hospitals some discretion in determining how best to satisfy the CHNA requirements. For example, if hospitals define their communities to be the same and meet certain other requirements, the regulations permit hospitals to collaborate in conducting a CHNA and to adopt a joint CHNA report as well as a joint implementation strategy.
The most anticipated news offered by the proposed regulations is that an organization will not automatically jeopardize its tax exemption due to minor compliance issues. While the regulations provide that a hospital that fails to meet one or more of the requirements of Section 501(r) may have its section 501(c)(3) status revoked depending on the facts and circumstances, the regulations state that minor errors that are due to reasonable cause and are corrected within a reasonable time upon discovery will not be considered a failure to meet a Section 501(r) requirement. In addition, a hospital’s failure to meet a Section 501(r) requirement that is neither willful nor egregious also will be excused if the hospital promptly discloses and corrects such failure.
The IRS said it continues to welcome public input on the new requirements. Comments and requests for a public hearing must be received by July 5, 2013.
During the course of an integration negotiation, both hospital executives and physicians focus much of their attention on financial matters, and perhaps rightfully so. However, a strong governance model may be the key to the long-term success of the relationship. Many integrated physicians will often point to governance, and not compensation, as the reason why their arrangement ultimately succeeded or failed. Not surprisingly, most physicians are concerned that they will lose practice autonomy following an integration, so certain aspects of practice operations will often continue to be overseen by the physicians, including schedules, personnel decisions, coordinating time off and administering the physician’s compensation system as permitted by law. In order to advance the strategic goals of integration, physicians should be willing to become involved in certain aspects of hospital service line operations, and hospitals should be willing to engage physicians to become involved, including overseeing and improving clinical operations and efficiencies, developing quality standards, assisting with both budgets and strategic plans, and overseeing other service line functions. This work often leads to the greatest success of any integrated relationship. Therefore, in order to lay the foundation for a successful integrated relationship, both hospitals and physicians should devote time to the creation of a governance model that is able to address and respond to both day-to-day practice issues and operational and strategic service line issues.
Alabama State Senator Arthur Orr introduced a bill last week that would establish a State False Claims Act, which would authorize private parties to file actions on behalf of the State as qui tam plaintiffs. Similar to the Federal False Claims Act (FCA), the damages against a business found to have defrauded the State under the proposed Alabama legislation would be trebled. Therefore, the private plaintiff, if the Attorney General chooses not to intervene, could receive as much as 30% of the recovered amount.
Senator Orr is the chair of the Senate General Fund Budget Committee, and the bill has been assigned to his committee. Although it is too early to know the bill’s chance for success, the fact that the bill was filed by a member of the Senate leadership and assigned to the committee that he chairs is cause for some attention.
The Office of Inspector General determines whether states have false claims acts that qualify for a federal financial incentive under the Social Security Act. Those states deemed to have qualifying laws receive a 10% increase in their share of any amounts recovered under such laws. To qualify for the financial incentive, a state’s false claims act must:
- Establish liability to the state for false claims, as described in the FCA, with respect to Medicaid spending;
- Contain provisions that are at least as effective in rewarding and facilitating qui tam actions as those described in the FCA;
- Contain a requirement for filing an action under seal for 60 days with review by the State Attorney General; and
- Contain a civil penalty that is not less than the amount of the civil penalty authorized under the FCA.
Under current Alabama law, prosecutors may bring criminal actions when there has been fraud or abuse against the Alabama Medicaid Program, but there is no similar civil action. It seems likely that Senator Orr’s primary purpose in filing this bill is to permit Alabama to recover the 10% bonus recovery paid by the federal government to states with qualify false claims acts. However, it appears that if this bill was passed, it would permit qui tam lawsuits against any entity that does business with the State, making this bill a concern for any company that does business with the State.
Senator Orrin Hatch spoke on the floor of the Senate at the end of last week about the need for health entitlement reforms to be part of a deficit reduction package. As Ranking Member of the Senate Finance Committee, which has jurisdiction over Medicare and Medicaid, Senator Hatch’s speech is an important addition to the discussion around reforming federal health spending. According to a press release, Hatch said:
“If we’re serious about addressing our nation’s debt, Medicare and Medicaid need structural reforms. Today, I want to lay out five specific reform proposals that can help to rein in entitlement spending and put our nation on a better fiscal course. These are reasonable, rational ideas that have all enjoyed bipartisan support over the years. I believe they should be included in any deficit reduction package.”
Below are the policies Senator Hatch proposed:
1. Raise the Medicare eligibility age for seniors from 65 to 67 years of age. The eligibility age would gradually increase each year by two months until it reaches the new eligibility age of 67 years within a decade.
2. Limit Medigap plans from covering initial out-of-pocket expenses. The rationale here is that lowering unnecessary utilization will reduce Medicare costs over time.
3. Reform Medicare beneficiary cost-sharing and establish a catastrophic limit. Reform Medicare cost-sharing into a single combined annual deductible for both Medicare Part A and B services, establish a uniform coinsurance rate for amounts above the deductible, and institute an annual catastrophic cap.
4. Institute Medicare competitive bidding. The federal government would continue to define a package of required benefits that would constitute comprehensive Medicare coverage. However, each year, private insurers and traditional Medicare would submit bids to provide guaranteed Medicare benefits. The government would then provide, on behalf of each senior, a risk-adjusted payment based on those competitive bids in their area of the country. Seniors who choose plans that cost less than the government payment would get the difference back through lower premiums or additional health benefits.
5. Establish per capita caps on Medicaid spending. Medicaid spending limits (per-person cap) would be set by beneficiary eligibility categories and adjusted for patient health condition.
While it seems many would agree that Medicare reform is a topic that merits discussion and attention, it is difficult to know which, if any, of Senator Hatch’s proposals translates into the actual dollars and figures needed to sustain a Medicare program that is beneficial to the country’s aging population. These proposals are not brand new ideas, and, while not as dramatic as some other proposals, they each contemplate broad changes to Medicare. Interested parties will certainly have strong opinions about the effectiveness of these proposals. It will be interesting to see which proposals garner adequate support and whether the proposals take shape during this congressional session.
The long wait for the HIPAA Final Omnibus Rule is finally over, and it covers a broad range of HIPAA issues, including:
- The Breach Notification Rule;
- The HIPAA Enforcement Rule, implementing changes mandated by the HITECH Act;
- The Privacy and Security Rules, implementing changes mandated by the HITECH Act, as well as other changes to the Privacy Rule proposed in July 2010; and
- The Privacy Rule, implementing changes required by the Genetic Information Nondiscrimination Act.
The final rule does not address the changes proposed in the notice of proposed rulemaking issued in May 2011 that would make changes in the requirements for accounting of disclosures and create the right for an individual to receive an access report.
In its press release, HHS stated that the final rule “greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.” Further, the HHS Office Civil Rights Director Leon Rodriguez said in a press release, “[t]his final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.” Among other things, the final rule:
- Makes provisions of the Privacy and Security Rules applicable to business associates as well as the subcontractors of those business associates.
- Establishes new limits on how protected health information (“PHI”) can be used for marketing and fundraising. Some of the new provisions differ from the provisions in the proposed rule. Except for refill reminders and similar communications, treatment and health care operations communications for which a covered entity or business associate receives remuneration is considered marketing.
- Prohibits the sale of PHI without authorization (subject to certain exceptions).
- Changes the definition of “breach” for purposes of the Breach Notification Rule. An acquisition, access, use or disclosure of PHI in violation of the Privacy Rule is now presumed to be a breach – requiring notification to the individual, to HHS, and, in some instances, to the media – unless the covered entity or business associate can demonstrate that there is a low probability that the PHI has been compromised based on a risk assessment that must include consideration of certain factors.
- Prohibits most health plans from using or disclosing genetic information for underwriting purposes.
The final rule will be effective on March 26, 2013, and compliance with the new HIPAA provisions will be required by September 23, 2013. Health care providers should spend time analyzing the final rule over the coming months because even though it provides additional time (up to one additional year) for covered entities and business associates to finalize new business associate agreements, many current policies, processes and agreements will need to be revised in order to be compliant with the final rule’s requirements.