Tag: compliance
With the Appropriate Use Criteria program slated to go into effect in 2023, healthcare providers shoud implement new alerts for prior authorizations.
Healthcare data breaches are nothing new, but their size and frequency are increasing: CVS Health lost over a billion search records when a third party accidentally made an online database publicly accessible in March 2021. A ransomware data breach at prescription management vendor CaptureRx affected over a million patients at 17 healthcare providers in February 2021. More than 3.47 million individuals and at least 10 healthcare organizations were affected by a massive data breach at file transfer company Accellion, which spanned multiple global industries in December 2020. Further illustrating the risks to healthcare organizations, Scripps Health in San Diego was hit with two class-action lawsuits that assert that the organization should have done more to protect patient data. If upheld, it will set a precedent for healthcare organizations to be held legally responsible for failing to protect data – to the tune of $1000 per patient. The direct monetary cost of fines and lawsuits, however, may ultimately be a secondary concern as damaged reputation is often a more difficult setback to overcome. Patients increasingly approach healthcare as “consumers” and a breach – or a poorly managed breach situation – might prompt them to look elsewhere for care. “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.” The growing frequency and scale of health information breaches means it’s no longer sufficient to say, “we’re careful with our health data – this won’t happen to us.” Medical identities are extremely valuable, which makes them an attractive target to cybercriminals. In addition, the sudden increase in virtual care and remote working during the pandemic has created new vulnerabilities in data security. A recent FBI alert that a major ransomware group is targeting the healthcare sector with phishing attacks is a cl reminder that healthcare organizations can’t relax when it comes to cybersecurity. It’s a case of “when, not if” a healthcare organization will have to deal with a breach. Prevention is the goal, but preparation is the smart strategy. Shifting from data breach prevention to preparedness During the pandemic, the volume of data being shared within and between healthcare organizations sky-rocketed, as providers offered more virtual care services and workforces became more distributed. While these innovations meant access to healthcare and work could continue safely, the shift to cloud-based data sharing and storage, means the data perimeter is much broader and tougher to secure – if there remains a perimeter at all. Data must be secured at the device- and employee-level now. While prevention is better than cure, the hard truth for healthcare cybersecurity teams is that they’re increasingly likely to have to deal with a breach. Unfortunately, many organizations don’t have the technology, resources, or time to prevent breaches all the time, at every access point. Chris Wild, vice president at Experian Health, says: “We’re seeing an increased frequency of cyber threats across the whole industry. Hardly a week goes by that we don’t hear of a health system under attack from hackers or ransomware. The statistics show us there’s a health data breach nearly every single day, so it’s just a matter of time before it impacts any one provider, pharmacy, payer or physician group.” Instead of focusing solely on prevention, healthcare organizations need a strategy to prepare for what happens when a breach occurs. If they don’t, they risk a long, public struggle to contain the breach, resulting in brand damage, patient loss, and financial consequences in the form of fines and lost revenue. Building a data breach response plan Recovering from a data breach requires a speedy and thorough response. With a plan in place, action can be taken as soon as the dreaded call comes in. Knowing exactly what needs to be done to meet HIPAA notification requirements, helps reassure consumers and regulators alike that every effort is being made to contain the breach. Not only will this help minimize fines, but it will also mitigate against the reputational damage caused by the security breach. A breach is bad enough but compounding the negative impact of exposed data by failing to provide sufficient support to worried consumers is even worse. Wild says: “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.” A robust response plan calls for C-suite engagement, clear success metrics, and regular pressure-testing. Above all, it must be flexible to adapt to whatever size and type of breach occurs. The best support for the worst-case scenario A data breach response plan isn’t going to prevent the breach itself, but it can help a healthcare organization take the right steps in the aftermath. Having serviced thousands of data breaches over the last 17 years, Experian Health’s Reserved Response™ program is based on real world experience and has evolved as the threats and consequences have increased. In a recent survey, clients using Reserved Response reported 15% fewer data security incidents than those who did not. Furthermore, any incidents that did occur tended to be smaller in scale. Because the risk and impact of data breaches is trending upwards, this year Experian Health has introduced a new Reserved Response Hub. This digital, self-service tool helps to prepare and test a data breach plan, including: the new and improved 2021 Data Breach Response Guide downloadable readiness reading materials tried and tested notification templates a pre-breach incident checklist access to Experian’s full Reserved Response service, which provides support before or after a breach to ensure regulatory compliance and support for those impacted. Reserved Response can help healthcare organizations put together a data breach preparedness plan in as little as three days.
The pandemic dominated healthcare in 2020, but it won’t be recognized as a reason to delay complying with CMS’ price transparency mandate, which went into effect on Jan. 1, 2021. A recent study conducted by HealthAffairs indicated that 65 of the 100 largest hospitals in America had not complied as of February 2021. And new reports from CMS suggest $300 daily fines will follow if CMS warning letters have no impact, in addition to the possible public exposure of facilities failing to be compliant. There are a number of reasons why price transparency has generated so much attention – both before and during the COVID pandemic. Consumer advocates point to other transactional experiences, such as auto and home purchases, where understanding the price is complicated, but achieved. There’s been a lot of research on price transparency’s impact on patients, as well; helping consumers understand healthcare billing reduces the stress of their financial experiences. Transparent pricing makes sense in many cases for providers, too. They may benefit from patients being able to plan for the costs of care, which can result in fewer missed payments and write-offs. For these reasons and others, price transparency has been a hot topic for the last few years. The Centers for Medicare and Medicaid Services (CMS) final rule on price transparency became effective on January 1, 2021, requiring hospitals to give patients clear information about their medical costs, including a list of charges for the hospital’s 300 most shoppable services, so patients can make informed decisions. Payers are expected to provide similar pricing information beginning January 1, 2022. The spotlight on healthcare pricing seems unlikely to dim any time soon. What does this mean for providers and payers? Price transparency is here to stay There were legal challenges made against the price transparency final rule, questioning federal authority and invoking constitutional rights violations, but the DC Circuit Court dismissed the claims in December 2020. Arguments against the current mandate are not limited to disputing legal authority, suggesting that government should not interfere with private sector pricing – and that complex pricing information could create the opposite effect of confusing consumers. In fact, many providers and payers voice support for price transparency, but not as put forward by the final rule. Despite this, consumer demand for pricing clarity before delivery of services continues to grow and current government regulation is the most far-reaching attempt so far to remedy this. A few state legislatures are moving forward with their own regulations, which could prompt more local collaborations between providers and payers to clarify out-of-pocket cost estimates. Achieving the level of transparency that CMS and consumer groups hope for will be challenging, but attempts to find common ground are growing. What will price transparency look like under the Biden Administration? Since President Biden entered the White House, the trend towards transparent pricing has continued. Provider compliance has been slow – many pointing to 12 months of battling COVID as the primary reason – prompting legislative pressure to step up audits and penalties. CMS has already started issuing noncompliance warning letters and, while it may modify the ruling under a new administration, there’s no sign of any plans to reverse the policy. Consumer action groups have voiced concerns that the regulation falls short, citing the difficulty a consumer may have trying to find pricing at provider web sites. Other consumers are limited to payer-negotiated rates and have little choice but to stick with their current providers. Making information available is likely an early step toward what price transparency will ultimately look like, but making that information easy to find, understand and act on is what consumers value – and what many providers and payers say they want to provide in a more customized, less one-size-fits-all application. A marketing strategy for price transparency As patients bear more responsibility for healthcare costs, they’ve come to expect a consumer experience that affords them greater control and choice. A Pioneer Institute study found that 70% of healthcare consumers want to see pricing information before undergoing a medical procedure. Actively communicating a commitment to price transparency can be a powerful marketing strategy to attract and retain loyal consumers. Not surprisingly, this messaging resonates more with user-friendly tools to guide patients through their financial journey and make sense of charges. Many providers believe they’re complying with the final rule but may actually be vulnerable to penalties because their pricing files are in user-unfriendly formats. A web-based pricing tool can help solve for this by offering patients accurate estimates and recommended payment plans before or at the point of service. Similarly, a text-to-mobile tool, such as Patient Financial Advisor, can send automated text messages to patients with personalized estimates and bills. Keeping an eye on healthcare price transparency More tools are now available to help patients make sense of their billing and it’s becoming easier for providers and payers to create a patient financial experience that’s supportive from the start. Not only will this help patients understand their cost of care (and with that understanding likely comes better collections performance), it’ll help reduce the risk of uncompensated care ¬– and avoid penalties as the final rule takes root. The Biden Administration’s focus on consumer-friendly healthcare services will likely keep price transparency at the forefront. What that looks like over the next few years depends on regulatory and market forces, but providers and payers alike will benefit from offering solutions that make sense for their organizations and patient populations. Find out how Experian Health’s price transparency tools could help your organization with the transition.
EHNAC HNAP accreditation provides a 'seal of approval' indicating Experian Health exceeds industry-established standards and complies with HIPAA regulations.
Experian Health helps organizations remain compliant with laws and regulations while improving population health and ensuring collections.
Avoid fines and penalties: Make sure your debt collection agencies are compliant
Collections OptimizationTo keep your healthcare practice out of legal trouble and clear of costly fines, ensure debt collection agencies comply with relevant laws and regulations.
To avoid Civil Monetary Penalty (CMP) liability, health care entities need to routinely check the LEIE to ensure that new hires and current employees are not on Office of the Inspector General’s (OIG) excluded list. Mandatory exclusions: OIG is required by law to exclude from participation in all Federal health care programs individuals and entities convicted of the following types of criminal offenses: Medicare or Medicaid fraud, as well as any other offenses related to the delivery of items or services under Medicare, Medicaid, SCHIP, or other State health care programs; patient abuse or neglect; felony convictions for other health care-related fraud, theft, or other financial misconduct; and felony convictions relating to unlawful manufacture, distribution, prescription, or dispensing of controlled substances The effects of an exclusion are outlined in the Updated Special Advisory Bulletin on the Effect of Exclusions From Participation in Federal Health Programs, but the primary effect is that no payment will be provided for any items or services furnished, ordered, or prescribed by an excluded individual or entity. This includes Medicare, Medicaid, and all other Federal plans and programs that provide health benefits funded directly or indirectly by the United States (other than the Federal Employees Health Benefits Plan), but the primary effect is that no payment will be provided for any items or services furnished, ordered, or prescribed by an excluded individual or entity. This includes Medicare, Medicaid, and all other Federal plans and programs that provide health benefits funded directly or indirectly by the United States (other than the Federal Employees Health Benefits Plan. Search individuals in the Exclusions Database: https://exclusions.oig.hhs.gov/ Review the Updated Special Advisory Bulletin: https://oig.hhs.gov/exclusions/files/sab-05092013.pdf
National Health Care Fraud Takedown Results in Charges against 301 Individuals for Approximately $900 Million in False Billing
ComplianceMost Defendants Charged and Largest Alleged Loss Amount in Strike Force History 6/22/16 Attorney General Loretta E. Lynch and Department of Health and Human Services (HHS) Secretary Sylvia Mathews Burwell announced today an unprecedented nationwide sweep led by the Medicare Fraud Strike Force in 36 federal districts, resulting in criminal and civil charges against 301 individuals, including 61 doctors, nurses and other licensed medical professionals, for their alleged participation in health care fraud schemes involving approximately $900 million in false billings. Twenty-three state Medicaid Fraud Control Units also participated in today’s arrests. In addition, the HHS Centers for Medicare & Medicaid Services (CMS) is suspending payment to a number of providers using its suspension authority provided in the Affordable Care Act. This coordinated takedown is the largest in history, both in terms of the number of defendants charged and loss amount. Attorney General Lynch and Secretary Burwell were joined in the announcement by Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, FBI Associate Deputy Director David Bowdich, Inspector General Daniel Levinson of the HHS Office of Inspector General (OIG), Acting Director Dermot O’Reilly of the Defense Criminal Investigative Service (DCIS), and Deputy Administrator and Director of CMS Center for Program Integrity Shantanu Agrawal M.D. The defendants announced today are charged with various health care fraud-related crimes, including conspiracy to commit health care fraud, violations of the anti-kickback statutes, money laundering and aggravated identity theft. The charges are based on a variety of alleged fraud schemes involving various medical treatments and services, including home health care, psychotherapy, physical and occupational therapy, durable medical equipment (DME) and prescription drugs. More than 60 of the defendants arrested are charged with fraud related to the Medicare prescription drug benefit program known as Part D, which is the fastest-growing component of the Medicare program overall. “As this takedown should make clear, health care fraud is not an abstract violation or benign offense – It is a serious crime,” said Attorney General Lynch. “The wrongdoers that we pursue in these operations seek to use public funds for private enrichment. They target real people – many of them in need of significant medical care. They promise effective cures and therapies, but they provide none. Above all, they abuse basic bonds of trust – between doctor and patient; between pharmacist and doctor; between taxpayer and government – and pervert them to their own ends. The Department of Justice is determined to continue working to ensure that the American people know that their health care system works for them – and them alone.” “Millions of seniors depend on Medicare for essential health coverage, and our action shows that this administration remains committed to cracking down on individuals who try to defraud the program,” said Secretary Burwell. “We are continuing to put new tools and additional resources to work, including $350 million from the Affordable Care Act, for health care fraud prevention and enforcement efforts. Thanks to the hard work of the Medicare Fraud Strike Force, we are making progress in addressing and deterring fraud and delivering results to help ensure Medicare remains strong for years to come.” According to court documents, the defendants allegedly participated in schemes to submit claims to Medicare and Medicaid for treatments that were medically unnecessary and often never provided. In many cases, patient recruiters, Medicare beneficiaries and other co-conspirators were allegedly paid cash kickbacks in return for supplying beneficiary information to providers, so that the providers could then submit fraudulent bills to Medicare for services that were medically unnecessary or never performed. Collectively, the doctors, nurses, licensed medical professionals, health care company owners and others charged are accused of submitting a total of approximately $900 million in fraudulent billing. “The Medicare Fraud Strike Force is a model of 21st-Century data-driven law enforcement, and it has had a remarkable impact on health care fraud across the country,” said Assistant Attorney General Caldwell. “As the cases announced today demonstrate, the Strike Force’s strategic approach keeps us a step ahead of emerging fraud trends, including drug diversion, and fraud involving compounded medications and hospice care.” “These criminals target the most vulnerable in our society by taking money away from the care of the elderly, children and disabled,” said Associate Deputy Director Bowdich. “The FBI is committed to working with our partners and the public to stop fraud and ensure that healthcare dollars are used to help the sick, and not line the pockets of criminals.” “While it is impossible to accurately pinpoint the true cost of fraud in federal health care programs, fraud is a significant threat to the programs’ stability and endangers access to health care services for millions of Americans,” said Inspector General Levinson. “As members of the joint Strike Force, OIG will continue to play a vital role in tracking down these criminals and seeing that justice is done.” “DCIS, in partnership with our fellow federal investigative agencies, will continue to uncompromisingly investigate and bring to justice the people who perpetrate these criminal acts,” said Acting Director O’Reilly. “Their actions threaten to cripple our vital national health care industry, and place our citizenry at risk. We will remain vigilant.” “Taxpayers and Congress provided CMS with resources to adopt powerful monitoring systems that fight fraud, safeguard program dollars, and protect Medicare and Medicaid,” said Deputy Administrator and Center for Program Integrity Director Agrawal. “The diligent use of innovative data analytic systems has contributed or led directly to many of the law enforcement cases presented here today. CMS is committed to its collaboration with these agencies to keep federally-funded health care programs safe and strong for all Americans.” The Medicare Fraud Strike Force operations are part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The Medicare Fraud Strike Force operates in nine locations and since its inception in March 2007 has charged over 2,900 defendants who collectively have falsely billed the Medicare program for over $8.9 billion. Including today’s enforcement actions, nearly 1,200 individuals have been charged in national takedown operations, which have involved more than $3.4 billion in fraudulent billings. Today’s announcement marks the second time that districts outside of Strike Force locations participated in a national takedown, and they accounted for 82 defendants charged in this takedown. Source: www.justice.gov
The U.S. Department of Health and Human Services (DHHS) Office of Inspector General (OIG) recently released an updated Mid-Year Work Plan for fiscal year 2016. The updated Work Plan summarizes new and ongoing reviews and activities that OIG plans to pursue in the current year and beyond. This edition of the Work Plan describes OIG audits and evaluations that are underway or planned, and certain ongoing legal and investigative initiatives. Summaries of 9 new review activities to be awar of follow: CMS’ Implementation of New Medicare Payment System for Clinical Diagnostic Laboratory Tests – Mandatory Review We will assess CMS’s ongoing activities and progress toward implementing CMS’s new Medicare payment system for clinical diagnostic laboratory tests. CMS is required to replace its current system of determining payment rates for Medicare Part B clinical diagnostic laboratory tests with a new market-based approach that will use rates paid to laboratories by private payers (Protecting Access to Medicare Act of 2014, § 216). OIG is also required to conduct analyses of the implementation and effect of the new payment system Intensity-Modulated Radiation Therapy We will review Medicare outpatient payments for intensity-modulated radiation therapy (IMRT) to determine whether the payments were made in accordance with Federal requirements. IMRT is an advanced mode of high-precision radiotherapy that uses computer-controlled linear accelerators to deliver precise radiation doses to a malignant tumor or specific areas within the tumor. Prior OIG reviews have identified hospitals that have incorrectly billed for IMRT services. In addition, IMRT is provided in two treatment phases: planning and delivery. Certain services should not be billed when they are performed as part of developing an IMRT plan. Medicare Home Health Fraud Indicators We will describe the extent that potential indicators associated with home health fraud are present in home health billing for 2014 and 2015. We will analyze Medicare claims data to identify the prevalence of potential indicators of home health fraud. The Medicare home health benefit has long been recognized as a program area vulnerable to fraud, waste, and abuse. OIG has a wide portfolio of work involving home health fraud, waste, and abuse. National Background Check Program for Long-Term-Care Employees We will review the procedures implemented by participating States for long-term-care facilities or providers to conduct background checks on prospective employees and providers who would have direct access to patients and determine the costs of conducting background checks. We will determine the outcomes of the States’ programs and determine whether the checks led to any unintended consequences. This mandated work will be issued at the program’s conclusion as required, which is expected to be 2018 or later. Outpatient Outlier Payments for Short-Stay Claims We will determine the extent of potential Medicare savings if hospital outpatient stays were ineligible for an outlier payment. CMS makes an additional payment (an outlier payment) for hospital outpatient services when a hospital’s charges, adjusted to cost, exceed a fixed multiple of the normal Medicare payment (Social Security Act (SSA) § 1833(t)(5)). The purpose of the outlier payment is to ensure beneficiary access to services by having the Medicare program share in the financial loss incurred by a provider associated with individual, extraordinarily expensive cases. Prior OIG reports have concluded that a hospital’s high charges, unrelated to cost, lead to excessive inpatient outlier payments. Skilled Nursing Facility Prospective Payment System Requirements We will review compliance with the skilled nursing facility (SNF) prospective payment system requirement related to a 3-day qualifying inpatient hospital stay. Medicare requires a beneficiary to be an inpatient of a hospital for at least 3 consecutive days before being discharged from the hospital, in order to be eligible for SNF services (SSA § 1861(i)). If the beneficiary is subsequently admitted to a SNF, the beneficiary is required to be admitted either within 30 days after discharge from the hospital or within such time as it would be medically appropriate to begin an active course of treatment. Prior OIG reviews found that Medicare payments for SNF services were not compliant with the requirement of a 3-day inpatient hospital stay within 30 days of an SNF admission. Potentially Avoidable Hospitalizations of Medicare and Medicaid Eligible Nursing Home Residents for Urinary Tract Infections We will review nursing home records for residents hospitalized for urinary tract infections (UTI) to determine if the nursing homes provided services to prevent or detect UTIs in accordance with their care plans before they were hospitalized. A CMS-sponsored study identified UTIs as being associated with potentially avoidable hospitalizations and found that UTIs are generally preventable and manageable in the nursing home setting. UTIs acquired during the course of health and medical care could indicate poor quality of care. In a hospital setting, there are payment implications for hospital-acquired catheter-associated urinary tract infections. Nursing homes must develop and follow comprehensive care plans addressing each resident’s care needs, which includes urinary incontinence (42 CFR § 483.25(d)). Physician-Administered Drugs for Dual Eligible Enrollees We will determine whether Medicare requirements for processing physician-administered drug claims impact State Medicaid agencies’ ability to correctly invoice Medicaid drug rebates for dual eligible enrollees. Dual eligible describes individuals who are enrolled in both Medicare and Medicaid. States are required to collect rebates on physician-administered drugs. To collect these rebates, State agencies must submit to the manufacturers the National Drug Codes for all single-source drugs and for the top 20 multiple-source physician-administered drugs. For dual eligible enrollees, covered Medicare Part B prescription drugs received in a hospital outpatient setting (which include physician-administered drugs) require a copayment, which Medicaid is generally responsible for paying. If a State agency paid any portion of a drug claim to the provider, the State agency must then invoice the eligible drugs for rebate and the manufacturer would thus be liable for payment of the rebate. State Medicaid Fraud Control Unit FY 2015 Annual Report We will analyze the statistical information that was self-reported by the MFCUs for FY 2015, describing in the aggregate the outcomes of MFCU criminal and civil cases. We will identify common themes from onsite reviews of the 50 MFCUs that were published from FY 2011 through FY 2015. We will identify the potential costs and benefits of creating MFCUs in jurisdictions that currently do not have a Unit. OIG’s mission is to protect the integrity of HHS programs, as well as the health and welfare of program beneficiaries. In fulfillment of this mission, we promote provider compliance, recommend program safeguards, and follow up on those recommendations ...” — Inspector General Daniel R. Levinson The OIG Mid-Year Workplan can be reviewed here: https://oig.hhs.gov/reports-and-publications/archives/workplan/2016/WorkPlan_April%202016_Final.pdf