Hot Topics in Compliance

Transcription

1 Hot Topics in Compliance Jay P. Anstine, JD Lyn Snow, BSW, MPA, CHC Sara Iams, JD Audience Participation Change of format this year If you know it shout it! 1

2 2013 OIG Activity 2

3 2013 OIG Activity Work Plan DRG Payment Window Provider-Based Compliance Special Alerts & Guidance Physician-Owned Distributorships Self-Disclosure Protocol Exclusion Guidance Other Advisory Opinions Report on Hospital Observation Services OIG Self-Disclosure Protocol Overview of OIG Self-Disclosure Protocol (SDP) Process for providers to voluntarily disclose potential violations of federal law which may result in CMP liability Available to all providers and suppliers Not available for Stark Law-only disclosures (CMS s SRDP) Original SDP published in October 1998 (63 Fed. Reg ); Open Letters (2006, 2008, 2009) Since 1998: 800 disclosures, recovering $280 million* Updated OIG SDP effective April 17,

4 OIG SDP, cont. Relatively clear process and submission requirements Clarity on damages (1.5 multiplier is the floor) Reduced likelihood of Corporate Integrity Agreement (CIA) Mitigate 60-day overpayment exposure Must specifically identify the laws violated Must acknowledge the potential violation with no guarantee of being accepted to the SDP OIG will coordinate with DOJ and CMS No False Claims Act release Minimum 1.5 multiplier for damages Physician-Owned Distributorships (PODs) OIG Special Fraud Alert (March 26, 2013) PODs are entities that derive revenue from selling medical devices that their physician-owners use in procedures at hospitals or ASCs OIG: PODs are inherently suspect under the antikickback statute Consistent with pattern of heightened scrutiny Special Fraud Alert on Joint Ventures (1989) Universal Shockwave Services Settlement (2010) (lithotripsy) Senate Finance Committee (2011) 4

5 PODs, cont. AKS Risk for Hospitals/ASCs Hospitals purchase of devices from PODs seen as securing physician-owner referrals Ways to Mitigate Risk in Contracting with a POD Written purchase agreement Pricing (FMV, better or equal to terms with nonphysician-owned vendors, no variation with referrals) No leveraging of referrals by physicians Not exclusive /physicians given choice in products * Commercially reasonable warranties, return policies Require physician disclosure of POD ownership* OIG Special Advisory Bulletin on Exclusion What Who Where When Why Screening for exclusion from Federal health care program participation ANYONE providing services directly or indirectly payable by a Federal health care program (entities, employees, temps, volunteers, drivers) OIG s List of Excluded Individuals and Entities (LEIE) GSA (incorporates LEIE) All 50 states At your discretion but monthly is safest Payment for services denied CMP Liability 5

6 OIG Exclusion, cont Did you know Over 5,400 people are currently excluded due to defaulting on student loans (govt.-backed) * Source: ModernHealthcare.com: Exclusion Efforts (May 18, 2013) Exclusion follows the person An excluded pharmacist remains excluded even if obtains and works under a separate health care license (e.g., MD) An excluded provider may refer a patient to a nonexcluded provider HIPAA 6

7 HIPAA OMNIBUS Effective Sept. 23, 2013 High Level Changes Business Associates Marketing & Fundraising Sale of PHI Right to request restrictions Electronic Access Breach Notification GINA 7

8 Other Modifications Research Notice of Privacy Practices Decedents Student Immunizations Breach Notification Requirements Breach Notification Requirements 8

9 New Omnibus rule requires the Risk Assessment to Include, at a Minimum: Nature & Extent of PHI Involved Who Received or Accessed the PHI Potential the PHI was Actually Viewed or Acquired Extent to Which the Risk to the PHI was Mitigated Burden of Proof on CEsto: Demonstrate required notifications have been provided, or Demonstrate a use or disclosure of unsecured PHI did not constitute a breach. Have written policies & procedures regarding breach notification Train employees on policies & procedures Develop appropriate sanctions for noncompliance 9

10 Breach Requirements Notify individual by first class mail or , if individual has agreed to receive such notices electronically If entity unable to locate > 10 individuals must post on home page of website, or provide notice on broadcast media or major print where individuals are likely to reside Notice must be provided no longer than 60 days following discovery of breach The Breach Notices Must contain a tollfree number individuals can call to determine if their PHI was involved in the breach 10

11 Notification to the Secretary of HHS Breaches of > than 500 must be reported to the same time the notice is given to the affected individuals Breaches of < 500 may be kept on a log and reported no later than 60 days after the end of the calendar year HIPAA Patient Rights Notice of Privacy Practices (NPP) Request for Privacy Protections Access and/or Obtain Copy of Records Request Amendment to Records Accounting of Disclosure Notice of Breach of PHI Restrict Information to Health Plan if Paying out-of Pocket Receive electronic copies of medical records 11

12 Not in Omnibus HITECH Accounting of Disclosure Rule HITECH Minimum Necessary Guidance HIPAA/CLIA Patient Access to Laboratory Test Reports Rule HITECH Distribution of Penalties to Harmed Individuals State Regulatory Update 12

13 Health Insurance Exchange? Marketplace? True or False A Health Insurance Exchange is different from a Health Insurance Marketplace? False DHHS changed the name of the new individual insurance plan market from Health Insurance Exchange to Healthcare Marketplace in January Source: The Hill, Healthwatch, 1/20/13 Colorado 2013 Key Legislation ACA Implementation: HB : Health Ins. Alignment w/ Fed Law HB : Funding-Colorado Marketplace New Medicaid Reporting Requirements HB : Inspections of Medicaid Providers SB : Medicaid Fraud, Waste & Abuse Prevention SB : Uniform Prior Authorization-Drug Benefits 13

14 2013 Key Legislation ACA Implementation: Wyoming HB 0203-Health Benefit Exchange Study/Select Committee Medicaid Reform SF0060: Authorizes increased Fraud Prevention SF0083: Creates Wyoming Medicaid FCA 2013 Key Legislation ACA Implementation: Utah Hybrid Federal/State Run Marketplace HB 391-Prohibiting Medicaid Expansion Medicaid Reform: HB 315-Medicaid Inspector General SB 20- Medicaid Security Breach Legislation 14

15 2013 Key Legislation ACA Implementation: New Mexico HB 168-State Run Marketplace Immunization Reporting SB 58-Mandatory Medicaid Fraud Prevention: 2012 HB 66 Medicaid Fraud Prevention & Detection-DIED HB 80-Medicaid False Claims Act-DIED Colorado Legislature Sources ntpages.nsf/homesplash?openform Wyoming Legislature Utah Legislature New Mexico Legislature 15

16 Federal Regulatory Update Stark & Medicaid Does the Stark Law Apply to Medicaid : a) Directly b) Indirectly c) Not at all d) Unclear 16

17 Stark & Medicaid, cont. DOJ s Theory Statute prohibits FFP for Medicaid services if furnished pursuant to a referral that would be prohibited in Medicare context. (42 U.S.C. 1396b(s) Provider causes Medicaid to submit a false claim to federal government when it seeks payment for such services. What To Watch For U.S. ex rel. Baklid-Kunz v. Halifax Medical Center U.S. ex rel. Osheroff v. Tenet Healthcare Corp. Two-Midnight Rule for Hospital Admissions Inpatient vs. Outpatient/Observation Shands Healthcare ($26 million) Beth Israel ($5.3 million) Morton Plant Mease Healthcare ($10.1 million) 2014 IPPS Final Rule intends to clarify the guidelines for appropriate inpatient admissions: Two-Midnight Benchmark Two-Midnight Presumption 17

18 Two-Midnight Rule, cont. Benchmark Reasonable expectation of inpatient stay crossing two-midnights = justification for admission Used by admitting practitioner/hospital Clock starts with first outpatient service Presumption Inpatient stays of >2 midnights will be presumed generally appropriate Used by CMS auditors Clock starts with physician order for inpatient services Two-Midnight Rule, cont. CMS Follow-Up Guidance Implementation period Oct. 1 to Dec. 31, 2013 No MAC or RAC review of claims spanning two or more midnights No RAC scrutiny of claims spanning one midnight or less during this time (and no retroactive scrutiny, per Open Door Forum) MACs will conduct prepayment probe sample (10-25 claims) for education purposes 18

19 Inpatient Order Requirement True or False There is no difference between a physician order for inpatient services and a physician certification for inpatient services FALSE Inpatient Order Requirement Physician Orders (historically) Hospital Conditions of Participation require physician recommendation for admission Statute requires physician certification for inpatient services furnished over a period of time Physician Orders (as of Oct. 1, 2013) CMS also requires physician admission orderin the medical record as a condition of Part A payment Order must be supported by physician admission and progress notes in the medical record Must be furnished at or before the time of admission 19

20 Inpatient Orders, cont. Order Requirements Order verbiage must indicate specific intent to admit as an inpatient ( Admit to Tower 7 insufficient) Verbal orders CMS: hospital should not submit a claim for Part A payment until the verbal admission order is documented and authenticated in the medical record Verbal order must be countersigned by the practitioner who gave the verbal order* Social Media Social Media 20

21 Many social network users are communicating in their virtual underwear with few inhibitions 21

22 22

23 No it is not acceptable for physicians or licensed independent practitioners to text orders for patients to the hospital or other healthcare setting. This method provides no ability to verify the identity of the person sending the text and there is no way to keep the original message as validation of what is entered into the medical record. The Joint Commission November 10, 2011 maintain physical control of your mobile device/computer 23

24 unsecured networks unintentional disclosure 24

25 Does Your Agency or Organization Have a Social Media Policy?? Colorado Law Update On May 12, 2013, Colorado s governor signed H.B into law to forbid employers from requiring or requesting that prospective and current employees disclose their username and password to their personal social media accounts. 25

26 Other States Several other states have codified similar laws, including Maryland, Illinois, California, Michigan, Utah, New Mexico (which ostensibly applies to prospective employees only), and Arkansas. A number of other states and the U.S. Congress have introduced such legislation. Using Social Media to Enhance Ethics and Compliance Policies Training Education Supervisor Responsibility 26

27 Sources: References Center for the Application of Substance Abuse Technologies, Reno, Nevada Looking ahead

28 What s Out/What s In for Compliance in 2014 What s Out. What s In Work Plan Work Plan Traditional Inpt vs. Obs 2 Midnight Rule Harm Threshold Low Probability Phys Owned Spec Hosp? Phys Owned Distributors Big Pharma Settlements? Big Hospital Settlements? HIPAA Privacy : I thought you should know You better lawyer Up! ACA Implementation ACA Fraud What Hot Topics Do you have? New Stories? Rumor Mill? Hypo s? Any Questions? 28