Four ways to build a healthy culture of compliance. Help your clinical and operational colleagues see compliance as foundational to your healthcare organizationContinue reading
Avoid Nurse Licensure Compacts (NLC) compliance risks. Manage the changing healthcare regulations before they become enforcement actions.Continue reading
CJ Wolf, MD writes enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations.
This month’s article looks at physician coding and billing cases. It reflects remarks CJ made at HCCA’s 2022 Compliance Institute. (For more insights from the Compliance Institute, download our white paper on how compliance professionals can help healthcare institutions mitigate risk.)
Physicians are often seen as the drivers in healthcare. They examine patients, order labs and diagnostic testing. They perform procedures and surgeries, admit patients to hospitals, and document in the medical record.
If you ask physicians what they think about coding and billing, most of them will tell you this: The rules do not make sense, are hard to understand, and are constantly changing. Most of them are doing their best to apply the confusing rules as they care for patients. Some might even be billing improperly on purpose. Either way, these examples highlight the consequences of “getting it wrong.” They offer clues for compliance professionals to spot training opportunities before they become enforcement actions.
Billing for services not needed or received
In March of 2022, a New Jersey rheumatologist was convicted by a federal jury for defrauding Medicare and other health insurance programs. She had billed for services that were either unnecessary or were not provided. Court documents demonstrated the physician billed for expensive infusion medication that her practice never purchased. She also fraudulently billed millions of dollars for allergy services that patients never needed or received. The doctor will be sentenced in July for multiple counts of healthcare fraud. Each count carries a maximum penalty of 10 years.
Compliance officers should watch for:
Follow the money. If a practice is billing millions of dollars for allergies services, that code or set of codes is likely to stand out as an outlier to compliance programs monitoring all their billing data. Compliance officers should have a true sense of what their organization’s bread and butter services are. Then, they should perform regular audits of those high dollar, high volume services.
Billing for unnecessary urine drug testing
A Florida physician, serving as a medical director for a sober living facility, was found guilty of healthcare fraud. The federal jury found that he had ordered medically unnecessary urine drug tests. Court documents showed the physician unlawfully billed approximately $110 million of urinalysis (UA) drug testing services that were medically unnecessary for patients. Some of the evidence used at trial included inappropriate standing orders for UA drug tests in exchange for a monthly fee. As a condition of residency, patients had to submit to excessive and medically unnecessary urine drug testing three to four times per week.
Evidence also showed the medical director did not review the UA drug test results and did not use the UA drug tests to treat the patients. This lack of review called the necessity of the tests into question. In addition, the doctor had these same patients sent to his office so he could also fraudulently bill for services through his own practice. He faces up to 20 years in prison for healthcare fraud and wire fraud conspiracy. He faces another 10 years for each of eleven counts of healthcare fraud.
Compliance officers should watch for:
If your organization allows for standing orders, you should have a written policy that guides their use. The policy should outline the risks and benefits of the standing orders. It should describe when they are appropriate and when they are not appropriate. That policy should also outline the process for reviewing standing orders on a regular basis to determine if they are still appropriate. If it’s been more than a year since you’ve reviewed a standing order, you may want to schedule a review soon.
Modifier misuse: unbundling under modifier 25
Billing and coding modifiers can also be an area of risk for physicians. In general, most encounters are reported with one Healthcare Common Procedure Coding System / Current Procedural Terminology (HCPCS/CPT) code. Medicare generally prohibits healthcare providers from separately billing for E&M services provided on the same day as another medical procedure. The exception is if the E&M services are significant, separately identifiable, and above and beyond the usual preoperative and postoperative care associated with the medical procedure.
When the E&M service meets this definition, modifier 25 can appropriately be appended to the E&M code. When that is done, a physician is, in essence, certifying that the procedure and E&M are separate enough to meet the definition of the modifier.
A urology practice learned an expensive lesson by allegedly using modifier 25 inappropriately. The practice agreed to pay $1.85 million to resolve allegations of modifier misuse. The case was initiated by a qui tam whistleblower. Allegedly the practice used modifier 25 to improperly unbundle routine E&M services that were not separately billable from other procedures performed on the same day. As a result, the practice improperly claimed compensation from Medicare for certain urological services. The whistleblower had performed audits that allegedly showed an overall error rate for the practice of 58% with some physicians showing a 100% error rate.
Compliance officers should watch for:
Any specialty could potentially run into problems with modifier 25. Consider common clinical scenarios such as a scheduled procedure. For example, in urology a physician might schedule a patient to return to the office another day for a scope procedure or a prostate biopsy. Frequently, upon return, the procedure is performed but a significant, separately identifiable evaluation and management service might not be performed. In those cases, it would not be appropriate to bill the procedure and an E&M service, but rather only the procedure. Automatically billing an E&M with modifier 25 just because the patient was in the office would be a red flag.
Physicians and their practices need to be aware of coding and billing risks. Enforcement agencies and potential whistleblowers may identify outliers or flat-out fraud. Common mistakes may include a lack of documentation or not performing a service but billing for it anyway. Other common mistakes are billing for procedures or services that were performed but were not medically necessary and misuse of medical codes and/or modifiers.
Managing regulatory change is a critical way to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS workflow to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo.
Download our white paper on how compliance professionals can help healthcare institutions mitigate risk.
Never miss an article from YouCompli
Telehealth services and models have expanded rapidly during the pandemic. Healthcare employee burnout, the Great Resignation, and other factors are expected to further accelerate telehealth growth.
Telehealth expansion has led to significant growth in the use of interstate licensure compacts. As more healthcare professionals obtain licensure under compacts, compliance officers need to be aware of interstate licensure requirements – and their effects on patient care.
Increasing use of interstate licensure compacts
The National Council of State Boards of Nursing (NCSBN) recently published its annual report on interstate licensure. It noted 43 states and territories have enacted licensure compacts for nurses, physicians, physical therapists, emergency medical technicians, psychologists, speech therapists/audiologists, occupational therapists, and counselors.
The Nurse Licensure Compact (NLC) is an interstate agreement allowing nurses to practice in multiple states with one multistate license issued from their home state. The compact enables nurses to provide nursing services to patients located in other NLC states via telehealth without obtaining additional licenses. The NCSBN says this approach allows for greater nurse mobility, public protection, and access to care.
In addition, use of the Interstate Medical Licensure Compact (IMLC) grew by 47% in the past two years. The IMLC Commission noted “more than 8,000 licenses were issued through the compact from March 2020 to March 2021.” This is compared with nearly 4,000 licenses issued during the previous 12-month period.
With more healthcare professionals practicing across state lines, patients have more choices. And healthcare compliance officers have processes and procedures to update.
Interstate licensure compacts benefit patients
For patients, one benefit of licensure compacts includes licensing boards being able to ensure that physicians maintain professional integrity and medical standards – regardless of where they practice. As more healthcare professionals obtain licensure under compacts, patients gain greater flexibility in making care decisions.
For example, rural patients can participate in a telehealth visit with a specialist or provider at home. This saves patients the time and expense of driving long distances to see the same provider in a facility setting.
Another positive is the increased use of remote monitoring devices, such as glucose monitors, blood pressure monitors, and heart monitors. Patients can receive state-of-the-art monitoring remotely, instead of as a hospital inpatient. In turn, healthcare costs decrease and patient compliance increases.
A significant patient benefit with expanded telehealth is the inclusion of mental health services. Under the provisions of the Consolidated Appropriations Act of 2021, services for the diagnosis, evaluation, or treatment of mental health disorders may continue as telehealth services. Per the Centers for Medicaid & Medicare Services (CMS), the previous restrictions limiting telehealth mental health services to patients residing in rural areas no longer apply.
Compliance officers need to help their organizations keep up as healthcare delivery models change. Organizations will need to update everything from billing codes to human resources policies and procedures to information technology (IT) practices.
For example, compliance officers should partner with Human Resources to make sure out-of-state licensed professionals have been educated in facility policies and procedures. They also need to ensure that professionals working under licensure compacts understand the nuances of the rules and laws in the state they are working.
Compliance officers also need to work with the IT department to ensure that remote devices have been securely connected to the network. They also need to collaborate with the risk department on making sure proper medical professional liability insurance coverage has been obtained for these licensed professionals.
Compliance officers should work with Revenue Cycle on two crucial issues:
- Ensuring that the organization stays abreast of the changes to the CMS list of services payable under the Medicare Physician Fee Schedule when furnished via telehealth.
- Staying current on telehealth visit coverages and coding modifiers to decrease denials of patient charges.
As your team manages your response to continuing regulatory changes, having a system to keep up with the moving parts can help. YouCompli can support your regulatory change management process. It provides regulatory analysis to help you know what changes are coming and decide whether they affect your institution. It also provides requirements, tasks, and deadlines, in clear business English, making it easier for you to manage changes and verify that you’ve taken the proper steps.
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Get more healthcare regulatory change management right to your email!
As a compliance officer, it’s time to go back through your compliance documentation over the past two years. How are you going to unwind from these changesContinue reading
How providers stay in compliance as demand for telehealth surges. How healthcare providers are preparing for the regulatory changes that will come with the end of the public health emergency.Continue reading
Featured speakers: Craig Bennett, Vice President and Chief Compliance Officer, Boston Medical Center; Rachel Lerner, Esq., General Counsel & Chief Compliance Officer, Director, Center for the Prevention of Elder Abuse and Neglect, Hebrew SeniorLife; Maria Palumbo, Chief Compliance & Privacy Officer, Lawrence General Hospital. Moderated by Larry Vernaglia
Bennett, Lerner and Palumbo addressed the Massachusetts Health and Hospital Association’s Healthcare Legal Compliance Forum in December 2021. (Read a summary.) This recap of their remarks looks at how their Compliance teams responded to COVID and have continued to partner with their organizations to manage regulatory change. It also looks at regulatory changes they are planning for in 2022. To access the full session recording, please contact the Massachusetts Health and Hospital Association.
Initial COVID response
The panel reflected on their organizations’ initial response to COVID. “All of us had to pivot on a dime,” said Bennett. “We hadn’t had an opportunity to plan for it. Instead, we worked daily that first quarter to make sure we were as compliant as we could possibly be.” He was part of a team that looked at various waivers, platform security, privacy and other issues affected by the public health emergency to provide care safely.
Lerner had a similar experience. “We immediately convened interdisciplinary committee so we could make changes quickly. Telehealth was really new territory for us, and we had to look at our outpatient medical practice, and home- and community-based care,” she said. “Tracking COVID 19 waivers was a team sport between Legal and Compliance. We broke down some silos, and that may be one good lasting benefit of this experience.”
Palumbo and her colleagues focused on creating templates and consistency for documentation to make things as straightforward as possible for clinicians. That included having them track their patient contact time in minutes rather than defaulting to 20-minute increments. “We’re auditing these processes now to be sure we’re prepared when it gets looked at externally.”
Accessibility concerns and solutions
Palumbo illustrated how healthcare organizations had to respond to the specific needs of their communities. “Our population tends not to have computers or printers at home,” she said. It wasn’t enough to deliver COVID test results to the portal, because people needed printed results to return to work or school. Without a printer, they were stuck. “We were like the take-out line at a restaurant – we not only have to contract with the state to provide nine-lane testing, we also have a multiline drive up for picking up your covid test results because people need that hard paper.”
Building a culture of compliance
Bennett reflected on the tremendous amount of change and adaptation healthcare staff managed over the past two years. “I have to commend all hospital staff in being able to pivot and not missing a beat,” he said. His organization paused or reprioritized certain issues, but they maintained a focus on complying with regulations. That meant checking in with people regularly. That helped him assess whether people were getting the support and resources they needed related to their work. He expects to continue looking for ways to support staff. “We’ll continue to try to add flexibility to meet the needs of our staff and the needs of our patients and organization.”
Palumbo, too, is working to meet people where they are at. She recently “camped out in the cafeteria,” she said. “I couldn’t believe the results: About 350 people came to talk to me, including residents, physicians, surgeons, nurses, case managers, and housekeeping staff.” They asked about patient privacy and other compliance issues. “So much came up during COVID but we didn’t stop to work through everything or stop to talk to each other. I’ll try to do that at least once a quarter.”
New compliance issues
Palumbo walked through some upcoming regulatory changes she’s watching. This included the Medicare Final Physician Fee Schedule and noted that the Appropriate Use Criteria changes are delayed until the January first that follows the end of the pandemic. She encouraged everyone to understand the documentation requirements for using nurse practitioners for some portion of care as well as the changes to billing for surgeon and ICU provider time.
New rules also allow audio-only telehealth visits for behavioral health as long as the patient wants it and the physician documents it properly.
Balancing privacy, efficiency, safety, and cybersecurity
Lerner continues to address privacy concerns related to COVID testing and contact tracing. “We were working so hard to limit the spread of the disease in our senior living facilities,” she said. “It was hard to navigate contact tracing and privacy.” Now she is addressing cybersecurity insurance requirements, for her own organization and making sure vendors have sufficient insurance. “Moving to remote workforces and telehealth, the cybersecurity exposure is higher than it’s ever been,” she said. “For instance, people working from home might want to print documents, but we have to keep them from printing PHI at home or mailing things insecurely when someone can’t come pick it up.”
Managing regulatory change
Lerner said she spends a lot of time looking at regulatory changes to understand their implications to her organization. “It can take us a long time to decide ‘does this apply to us?’ And then figure out what to do with it. Then we have to figure out what to do with that information in bits and pieces. It is certainly a complex, ever-changing universe on that front.” She spoke of Compliance’s key role in knitting together all that information to help the organization act on it and integrate it into daily processes.
YouCompli sponsored MHA’s 2021 Healthcare Legal Compliance Forum. We provide a complete solution to help healthcare compliance organizations manage regulatory change. Find out more about YouCompli.
Subscribe to get the latest articles about healthcare regulatory changes.
A good Compliance department doesn’t need to be huge with a lot of people and formal processes,” Callahan said. “A good department is one that has a real effect when they ask leadership to make a change.Continue reading
We can all agree that 2020 was a year filled with surprises. The emergence of COVID-19 brought restrictions, which made the business of healthcare even more challenging. But then came the saving grace: telemedicine!
Even though telemedicine has been around in some form since the 1900s, its popularity exploded during the midst of the pandemic. With millions of people stuck indoors due to government lockdowns, health care providers turned to telemedicine options to provide desperately needed health care.
According to Doximity, a social media networking service for medical professionals, only 14 percent of Americans utilized telemedicine before the pandemic. But since the outbreak, telemedicine usage skyrocketed by 57 percent. Among patients suffering from chronic conditions, the number of virtual care visits increased by a staggering 77 percent!
The increase in telemedicine accessibility also means healthcare providers can potentially face compliance issue pitfalls, which could land them in trouble with the United States government. Before COVID-19 became a household name, Medicare and Medicaid upheld strict rules regarding payment for telemedicine services. For instance, reimbursement for telemedicine services was limited to patients residing in areas of the country with limited healthcare.In an attempt to slow the spread of COVID-19, government payors loosened these restrictions.
Unfortunately, telehealth services’ widespread use brought an uptick in COVID-19 related scams that specifically target healthcare providers offering this service. Such illegal activity caught the attention of the Department of Justice (D.O.J.).
A primary focus of the D.O.J. is a government agency that mostly focuses on telehealth arrangements that implicate the Anti-Kickback Statute. The statute forbids transactions designed to corrupt medical judgment by rewarding referrals for Medicaid and Medicare services. In the past year, more than $4.5 billion in false claims were connected to telemedicine. And over 100 healthcare professionals were charged with submitting fraudulent claims to Medicare, Medicaid, and private insurance companies.
New changes to the Stark and Anti-Kickback Statutes that were long in the works took effect on January 19, 2021. The regulation updates are designed to eliminate regulatory and administrative barriers that hindered movement towards a value-based health care system. The updated rules also offer healthcare providers more flexibility to coordinate and improve patient care while maintaining safeguards against overutilization and inappropriate incentives.
The Stark Exceptions finalized three new exceptions for value-based arrangements between healthcare providers and payor systems like Medicaid and Medicare. These exemptions are solely based on the quality of delivered patient care instead of the volume of services. For example, healthcare providers face at least a 10 percent financial risk for failure to achieve value-based goals. In comparison, the Anti-Kickback Statute requires at least a 5 percent financial risk for value-based arrangements.
Physicians’ practices should express caution when offering telemedicine services to steer clear of trouble with the government. As with traditional in-person healthcare, it’s best to avoid doing business with third-party companies that give money in exchange for referrals.
Here are a few guidelines physicians should consider avoiding getting on the D.O.J.’s naughty list.
- Consult with counsel before entering into any outside business relationships.
- Establish guidelines for physical examinations and prescribing practices.
- Monitor the prescribing habits of their physicians and nurse practitioners.
- Adopt data analytic tools to identify any abnormal billing behavior.
Physicians considering telemedicine should also consider the following tips to stay compliant.
Practicing Telemedicine Across State Lines.
Usually, state governments require practicing physicians to conduct telemedicine sessions within the state they are licensed. But in some states, this stipulation is relaxed due to COVID-19 to make healthcare more accessible. But physicians must contact their state’s medical board for updated information concerning this topic.
Healthcare providers are still expected to obtain consent before providing telehealth services. Besides requesting written or verbal consent from patients, providers should make patients aware of the risks and benefits of receiving telehealth services.
Use Caution When Prescribing Medication.
Because of COVID-19, the Drug Enforcement Administration (D.E.A.) allows registered practitioners to use prescribed medication to patients via telemedcicine technology. Physicians must adhere to the following conditions:
- Prescribed medication(s) must be for a legitimate medical purpose.
- The telehealth session is conducted using a two-way, audio-visual, interactive communication system.
- The practitioners must practice healthcare within Federal and State law.
Only time will tell whether or not telemedicine will continue to grow in the upcoming months. But doctors should continue to use caution when using this technology to serve the public.
See YouCompli in Action
Easier, faster, more effective compliance is possible