RECOVERY AUDIT CONTRACTORS TO OPERATE NATIONWIDE

The Centers for Medicare & Medicaid Services (“CMS”) recently confirmed that the Recovery Audit Contractors (“RACs”) will operate in all 50 states by the end of 2009.  RACs identify overpayments and underpayments by CMS to Medicare providers.

The permanent RAC program began with a three-year RAC demonstration project established under the Medicare Modernization Act of 2003. The Tax Relief and Health Care Act of 2006 made the RAC program permanent and authorized CMS to expand it to all 50 states by 2010.

Unlike the demonstration project, the permanent RAC program limits the medical-record review period to three years and prohibits audits on claims paid before October 1, 2007. The program also requires RACs to have a physician medical director and certified coders available to discuss denials with providers.  

 Here are some practical steps that providers should take to ensure that submitted claims meet the Medicare rules:

• Identify where improper payments have been persistent by reviewing the RACs’ Web-sites and identifying any patterns of denied claims within their own practice or facility.
• Implement procedures to promptly respond to RAC requests for medical records.
• If the provider disagrees with the RAC determination, file an appeal before the 120-day deadline.
• Keep track of denied claims and correct these previous errors.
• Determine what corrective actions need to be taken to ensure compliance with Medicare’s requirements and to avoid submitting incorrect claims in the future.

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

What is the Difference Between Consent & Authorization Under the HIPAA Privacy Rule?

The HIPAA Privacy Rule permits, but does not require, a covered entity to voluntarily obtain patient consent for uses and disclosures of protected health information (“PHI”) for treatment, payment, and health care operations. Covered entities that obtain patient consent have complete discretion to design a process that best suits their needs.

On the other hand, an authorization under the HIPAA Privacy Rule is a detailed document that gives covered entities permission to use PHI for specified purposes, which are usually other than treatment, payment, or health care operations, or to disclose PHI to a third party designated by the individual.  An authorization must specify a number of elements, including a description of the PHI to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some instances, the purpose for which the information may be used or disclosed.

The Privacy Rule requires authorization for uses and disclosures of PHI not otherwise allowed under HIPAA. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of PHI unless it also satisfies the requirements of a valid authorization.

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

Bill Seeks to Strengthen the False Claims Act

The federal False Claims Act permits a person with knowledge of fraud against the United States Government, referred to as the “qui tam plaintiff,” to file a lawsuit on behalf of the Government against the person or business that committed the fraud.  For example, an employee that learns from a colleague of fraud by his or her employer at work may bring a qui tam action against the employer.  If the action is successful,  the qui tam plaintiff is rewarded with a percentage of the recovery.

The House and Senate have approved a final version of the Fraud Enforcement and Recovery Act, which includes provisions to strengthen the False Claims Act.  President Obama is expected to sign the measure.

The changes to the False Claims Act are due to a perception among some lawmakers that recent federal court decisions may have restrained the law from achieving its intended goals.  False claims lawsuits often target hospitals, physicians and pharmaceutical companies because their businesses receive massive sums of federal dollars.

Under the new legislation, the attorney general would be required to submit an annual report to Congress about settlements made under the FCA.  This would help to assess whether the Department of Justice is using the act as it is intended and ensure that qui tam plaintiffs are protected in bringing an action.

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

Practice Management Tips for Physicians

1.  Have Contracts with Third Parties Reviewed and Have a Policy about who is authorized to sign contracts.  Permit only managing physicians to sign contracts… of any kind. This is often overlooked on simple things like a new photocopier.  The receptionist signs a contract without realizing the ramifications.  No one reviews it. No one realizes the term of the agreement.   Some agreements require the practice to notify the vendor of termination to avoid an auto renewal.  Designate someone to know the details of the office lease, the leases for the office equipment and any and all such agreements.  Track renewal terms.   On at least a quarterly basis, review the list of contracts and determine how to handle any upcoming renewals.

2.  Exercise care in selecting retirement plan investment managers.  While many CPA firms do a great job in managing retirement plan assets, we advise practices to keep the practice accounting functions and the plan investment management separate.  Use an independent accountant who is paid for accounting services and not compensated for the sale of financial products to you. 

3.  Know exactly what you are paying to any and all advisors.  While many clients dislike the bills from hourly or flat fee advisors, at least it is clear how much you are paying.  Avoid giving into the psychology of feeling like you didn’t have to pay anything because a commission came off the top and you didn’t have to write a check. There is a reason for the shift to administrative and investment expenses being paid from  plans and/or off the top.  You pay more but you feel like you paid less. Always be clear about cost.   If you are writing a check for health insurance premiums, you are paying a commission.  Do you know how much it is? 

4.  Protect yourself from medical malpractice lawsuits.  Review your malpractice insurance for the best possible coverage.  Make yourself as judgment proof as possible.  Real estate, furniture and equipment should not be owned by the medical practice.  Use another entity to own valuable assets.  The assets can then be leased to the medical practice, making them less accessible to a malpractice claimant.  Each physician should engage in personal creditor protection planning.  If you are sued for medical malpractice, keep in mind that the attorney representing you works for and is paid by your insurance carrier.  Most of the time, that works well but there are circumstances where you should engage an independent lawyer.  At a minimum, keep the practice’s business lawyer in the loop on any medical malpractice suits.   Of course, the best protection is to adopt top notch practices and policies for risk management so that suits are avoided in the first place.

5.  Maintain and regularly review insurance coverage for the practice.  We often find clients do not have sufficient protection for such things as employee theft or unowned automobile liability.  Review and consider all optional coverages. 

6.  Adopt policies and procedures that ensure compliance with all applicable medical laws.  While it is likely not necessary to engage in an exorbitantly expensive compliance audit, periodic reviews of billing procedures, patient file documentation and third party financial arrangements should be conducted by a trusted advisor with appropriate skills and experience.   Consultants should be hired through your lawyer so that any reports provided stay as confidential as possible pursuant to the attorney client privilege.

7.  Review the practice compensation plan.  Be certain that the plan complies with Stark and all applicable regulatory rules.

8.  Review your malpractice insurance coverage and be certain that you are maintaining adequate limits.

9.  Review the structure of your retirement plan.  Physician plans can readily be designed in a way that avoids most testing requirements and reduces administration costs while allowing physicians to maximize their contributions to the plan.

10.  Review and update the agreements between the partners.  Unfinished or archaic agreements are a recipe for disaster when one of the group members experiences a life changing event.  What happens when a physician becomes disabled? Dies? Becomes a drug addict? Has an affair with a nurse?

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

Red Flag Rules – The Next Steps for Physicians

The red flag rules, which require creditors to implement a formal policy for detecting and preventing identity theft, also apply to the healthcare industry. The effective date for the red flag rules has been delayed until August 1, 2009. The red flag rules were authorized under “the 2003 Fair and Accurate Credit Transitions Act, which” covers “entities that regularly extend credit, or defer payment for services.” The FTC claims that physicians are considered creditors under the rules. However, the American Medical Association and several medical organizations are continuing to challenge what they believe is an overly broad legal interpretation. In the meantime, organized medicine and legal experts urge doctors to implement the necessary compliance measures. The rules require physician practices to identify red flags, or warning signs, of potential identity theft occurrences, create a corporate policy for responding to such risks, and train staff on the new policy.

Physicians should follow these practical tips when developing and implementing their identity theft prevention policies:

• Identify warning signs of potential identity theft that may occur in daily operations. Such red flags may include bills for services not rendered, inconsistent medical records, insurance claims denials or exhaustion of patient benefits.

• Outline clear procedures for detecting red flags, such as verifying patient identities, educating patients and training staff.

• Establish procedures for responding to red flags, such as gathering pertinent documentation, notifying patients or canceling transactions.

• Incorporate specified administrative requirements in the written policy, including seeking management approval, identifying a specific staff member to oversee implementation and conducting staff training.

• Review and update the identity theft prevention policy at least once a year.

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

HHS Announces Infection Control Surveys for Ambulatory Surgery Centers

To help prevent serious infections resulting from services performed in ambulatory surgical centers, the Centers for Medicare and Medicaid Services (“CMS”) will use the funds provided in the American Recovery and Reinvestment Act of 2009 (“ARRA”) to implement the nationwide application of a new infection control survey tool developed in consultation with the Centers for Disease Control and Prevention (“CDC”) and a case tracer methodology that tracks a patient’s care from admission to discharge. Additionally, CMS will use the ARRA funds to survey ambulatory surgical centers using this survey application at the rate of approximately once every three years during the national pilot program.

The particular focus on ambulatory surgical centers for this funding was chosen because the available infection control tool was developed for ambulatory surgical centers and because of the likely continuing infection control deficiencies in ambulatory surgical center settings.

The primary use of this money will be to pay for the expansion of ambulatory surgical center surveys (both in quality, time and number) using the new infection control tool and case tracer methodology. The funds will allow states to hire additional surveyors (one to four per state dependent upon ambulatory surgical center growth), which will increase a state’s capacity to maintain expected levels of ambulatory surgical center inspections while building greater capacity to use the improved survey tool nationwide.

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

American Recovery and Reinvestment Act of 2009

In order to view Mary E. Vandenack’s newest article please follow the below attached link:

http://www.pvwlaw.com/CM/Articles/American%20Recovery%20and%20Reinvestment%20Act%20of%202009%20(00085797).PDF

 © 2009 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

FTC delays enforcement of the Red Flags Rules until August 1, 2009

 

The Federal Trade Commission (“FTC”) has delayed the enforcement date of the Red Flags Rules until August 1, 2009.

Last summer, the FTC announced that it would consider health care providers to be creditors when they accept insurance and bill patients after services are provided for any amounts that insurance does not pay; or if the health care providers regularly allow patients to set up payment plans after services have been performed. The FTC originally planned to begin enforcement of the Red Flag Rules on November 1, 2008, but due to concerns expressed by MGMA and others in the health care industry, the enforcement date was postponed until May 1, 2009.

As a result of continued advocacy efforts, the FTC announced on April 30, 2009, it will further delay enforcement until August 1, 2009 in order to give creditors and financial institutions additional time to develop and implement written identity theft prevention programs. The FTC also announced that it will soon release a template to assist entities with a low risk of identity theft in complying with the Red Flag Rules.

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

How to Identify Red Flags

 

A healthcare provider’s Identity Theft Prevention Program should identify red flags in four main categories: (1) suspicious documents; (2) suspicious personally identifying information; (3) suspicious activities; and (4) notices from victims of identity theft, law enforcement authorities, insurers, or others suggesting possible identity theft. 

 

All employees who interact with patients must be aware of things to look for in the following areas:

 

Suspicious documents

 

• Has a new patient provided identification documents that look altered or forged? 
• Is the photograph or physical description on the ID inconsistent with what the patient looks like? 
• Did the patient provide other documentation inconsistent with what he or she has told an employee – for example, an inconsistent date of birth or a chronic medical condition not mentioned elsewhere?  

 

Suspicious personally identifying information

 

• If a patient provides information that does not match what an employee has learned from other sources, it may be a red flag of identity theft. 
• For instance, if the patient provides a home address, birth date, or Social Security number that does not match information on file or from the insurer, this may indicate fraud.

 

Suspicious activities

 

• Is mail returned repeatedly as undeliverable, even though the patient continues to show up for appointments? 
• Does a patient complain about receiving a bill for a service that he or she didn’t get? 
• Is there an inconsistency between a physical examination or medical history reported by the patient and the treatment records? 

 

Notices from victims of identity theft, law enforcement authorities, insurers, or others suggesting possible identity theft

 

• Has the provider or an employee received word about identity theft from another source? 
• All employees must heed warnings from others that identity theft may be ongoing.

 

Although the above list provides some examples of things to look for to identify red flags, it is not intended to be an exhaustive list.  Instead, employees must continuously be aware of any signs of identity theft relevant to the healthcare provider’s practice and share this information with others involved in the Identity Theft Prevention Program.

 

 

 © 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

 

CMS ANNOUNCES IT WILL DISCONTINUE PHASE II OF ELECTRONIC HEALTH RECORDS DEMONSTRATION

 

On April 7, 2009 CMS announced that, as a result of the incentive provisions for physicians to encourage the adoption of health information technology in the American Recovery and Reinvestment Act of 2009 (“ARRA”), CMS will change its plans for implementing the electronic health records (“HER”) Demonstration.  CMS will continue implementation of Phase I of the EHR Demonstration program on schedule.  CMS will continue working with Phase I community partners and practices, including local kick off meetings for more than 400 selected practices in May, 2009. The demonstration will begin as planned on June 1, 2009 and continue through May 21, 2014. However, CMS has decided to discontinue Phase II of the EHR demonstration, which originally was planned to begin operations in mid-2010.  

 

 

The EHR demonstration initiative aims to reward delivery of high-quality care supported by the adoption and use of electronic health records in physician practices. This initiative expands upon the foundation created by the Medicare Care Management Performance (“MCMP”) Demonstration. The goal of the demonstration is to foster the implementation and adoption of EHRs and health information technology (“HIT”) more broadly as effective vehicles to improve the quality of care provided and to transform the way medicine is practiced and delivered.    As part of the EHR demonstration, all participating primary care physician practices will be required to have a Certification Commission for Healthcare Information Technology (“CCHIT”)-certified EHR by the end of the second year. (CCHIT is the recognized certification authority for EHRs and their networks.)  Physician practices must, as part of the demonstration, utilize the EHR to perform specific minimum core functionalities that can positively impact patient care processes, (e.g., clinical documentation, ordering of lab tests, recording lab tests, and recording of prescriptions).  The core incentive payment is based on performance on the quality measures, with an enhanced bonus based on the degree of HIT functionality used to manage care.    On June 10, 2008 CMS announced its selection of 12 community partners in defined sites to help CMS implement the EHR demonstration. The approved community partners in each site represent diverse groups of organizations including varied HIT stakeholder collaborations, medical societies, primary care professional organizations and health departments. Phase I includes the following 4 sites: Louisiana, Southwest Pennsylvania, South Dakota (and some counties in bordering states), and Maryland and the District of Columbia. Recruitment of physician practices in the four Phase I sites was initiated on September 2, 2008, and the enrollment period closed on November 26, 2008. Over 800 eligible applications were received from interested practices in the four Phase I sites.      © 2009 Parsonage Vandenack Williams LLC   For more information, contact info@pvwlaw.com