Opioid-related compliance enforcement actions 

Enforcement actions to beat back the opioid epidemic.

C.J. Wolf, MD provides enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations. This month’s article looks at opioid-related incidents.     

Government enforcement agencies continue to put the pressure on healthcare providers to ensure compliance with opioid prescribing guidelines. And for good reason: We saw 92,000 drug overdose deaths in the United States in 2020. A full 75% of these deaths involved an opioid. 

Multiple presidential administrations have focused on beating back the opioid epidemic. One way that is being done is by enforcement against healthcare providers who are contributing to the problem. The U.S. Department of Justice, through its Consumer Protection Branch, is pursuing both criminal and civil actions against entities and individuals committing wrongdoing throughout the prescription opioid supply chain. 

Providers investigated for overprescribing opioids 

For example, a pain management physician in Ohio was recently convicted for unlawfully distributing opioids through his clinic. The convictions involved the distribution of a controlled substance, outside the usual course of professional practice, and not for a legitimate medical purpose. The prescriptions greatly exceeded recommended dosages and were in dangerous, life-threatening combinations. For each charge, he faces a maximum penalty of 20 years in prison. The physician required clients to pay cash for prescriptions and they would often travel hundreds of miles to visit this physician’s particular clinic. During a four-and-a-half-year period, the physician prescribed over 111,000 pills to nine clients. Sentencing has not yet occurred. 

Non-physicians have also been subject to enforcement. In one case, a Maryland physician assistant was enjoined by the court from dispensing, prescribing, or administering any controlled substances. Officials specifically called out anyone, regardless of their credentials, to be aware of their responsibilities. The U.S. Attorney involved in the enforcement noted that the Controlled Substances act applies to physician assistants and nurse practitioners.

They “cannot overprescribe opioids and hide behind their affiliations with physicians in an attempt to shield themselves from criminal and civil liability.”    

U.S. Attorney Erek L. Barron for the District of Maryland.

The court’s action brought to close a civil complaint filed by the government against the physician’s assistant. Allegedly, she issued hundreds of opioid prescriptions that had no legitimate medical purpose and fell outside the usual course of professional medical practice. In some especially concerning examples, it was alleged she prescribed morphine milligram equivalent (MME) dosages exceeding 700 MME per day. By comparison, the Centers for Disease Control and Prevention (CDC) generally recommends that primary care clinicians avoid daily dosages of opioids over 90 MME daily. The court’s ruling requires she never again apply for or seek the reinstatement of her Drug Enforcement Administration (DEA) registration. DEA registration is required to prescribe controlled substances.  

Manufacturer fined for opioid kickback scheme 

It is not just prescribers coming under scrutiny from enforcement agencies. The agencies have also publicized major financial settlements with opioid manufacturers. For example, Insys Therapeutics is the manufacturer of a sublingual fentanyl spray, known as Subsys. The company allegedly participated in kickbacks and other illegal marketing schemes to influence prescribers. These schemes were intended to induce providers to write more prescriptions of the drug typically used for breakthrough cancer pain. Insys settled the allegations with the government by agreeing to pay $225 million.  

The primary alleged scheme was a sham speakers’ program. The company would recruit physicians, physician assistants and other prescribers to ostensibly participate as paid speakers about the drug. The program was simply a mechanism to funnel kickbacks to the providers. One physician assistant in New Hampshire had not written a single prescription for the drug before joining the speaker program. After signing on, he was soon writing over 670 prescriptions after being a paid speaker. A substantial number of other prescribers have also participated and have either settled financially with the government or pleaded guilty to accepting kickbacks. 

What should compliance officers do to stay ahead of opioid regulation violations? 

Compliance officers often include opioid monitoring on their workplan, to protect the wellbeing of patients and to safeguard their organizations against fines and reputational hits. Here are two strategies compliance officers can use. 

Know who the high-volume prescribers are.  

Are patients traveling longer distances to visit a particular clinic or provider? Are patients asked to pay cash for services? Are patients doctor shopping?  

The HHS OIG offers a toolkit and computer programming tools to assist healthcare entities with monitoring potentially concerning prescription patterns.

According to the HHS, “These toolkits and the accompanying computer code can be used to analyze claims data for prescription drugs and identify patients who may be misusing or abusing prescription opioids and may need additional case management or other follow up.”

Learn more about the toolkits – HHS OIG Toolkits for Calculating Opioid Levels and Identifying Patients at Risk of Misuse or Overdose.

Utilize your medical directors or clinical resources to assess compliance with opioid guidelines.  

Though clinical guidelines are not the end-all of clinical decision making, compliance programs can start with these respected guidelines when assessing opioid risks. 

Opioid clinical guideline examples include:  

While the enforcement actions noted in this article are focused on individual providers or manufacturers, healthcare organizations are under scrutiny as well. Staying aware of opioid-related regulatory changes and monitoring for compliance are critical steps you can take to protect patients and your organization.  


CJ Wolf, MD, M.Ed is a healthcare compliance professional with over 22 years of experience in healthcare economics, revenue cycle, coding, billing, and healthcare compliance. He has worked for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System, an international medical device company and a healthcare compliance software start up. Currently, Dr. Wolf teaches and provides private healthcare compliance and coding consulting services as well as training. He is a graduate of the University of Illinois at Chicago College of Medicine, earned a master’s in education from the University of Texas at Brownsville and was magna cum laude as an undergraduate at Brigham Young University in Provo, UT. In addition to his educational background, Dr. Wolf holds current certifications in medical coding and billing (CPC, COC) and healthcare compliance, ethics, privacy and research (CHC, CCEP, CHPC, CHRC).

Don’t miss the next enforcement action article from C.J. Wolf.

Register now to get email notifications from YouCompli.

Managing regulatory change is crucial to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS solution to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo. 

Get a 15-minute strategic overview of YouCompli

Physician Coding and Billing Enforcement: What to Watch For

Physician Coding and Billing Enforcement: What to Watch For
CJ Wolf, MD writes enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations.  

This month’s article looks at physician coding and billing cases. It reflects remarks CJ made at HCCA’s 2022 Compliance Institute. (For more insights from the Compliance Institute, download our white paper on how compliance professionals can help healthcare institutions mitigate risk.)

Physicians are often seen as the drivers in healthcare. They examine patients, order labs and diagnostic testing. They perform procedures and surgeries, admit patients to hospitals, and document in the medical record.  

If you ask physicians what they think about coding and billing, most of them will tell you this: The rules do not make sense, are hard to understand, and are constantly changing. Most of them are doing their best to apply the confusing rules as they care for patients. Some might even be billing improperly on purpose. Either way, these examples highlight the consequences of “getting it wrong.” They offer clues for compliance professionals to spot training opportunities before they become enforcement actions. 

Billing for services not needed or received 

In March of 2022, a New Jersey rheumatologist was convicted by a federal jury for defrauding Medicare and other health insurance programs. She had billed for services that were either unnecessary or were not provided. Court documents demonstrated the physician billed for expensive infusion medication that her practice never purchased. She also fraudulently billed millions of dollars for allergy services that patients never needed or received. The doctor will be sentenced in July for multiple counts of healthcare fraud. Each count carries a maximum penalty of 10 years. 

Compliance officers should watch for:

Follow the money.  If a practice is billing millions of dollars for allergies services, that code or set of codes is likely to stand out as an outlier to compliance programs monitoring all their billing data.  Compliance officers should have a true sense of what their organization’s bread and butter services are. Then, they should perform regular audits of those high dollar, high volume services.  

Billing for unnecessary urine drug testing 

A Florida physician, serving as a medical director for a sober living facility, was found guilty of healthcare fraud. The federal jury found that he had ordered medically unnecessary urine drug tests. Court documents showed the physician unlawfully billed approximately $110 million of urinalysis (UA) drug testing services that were medically unnecessary for patients. Some of the evidence used at trial included inappropriate standing orders for UA drug tests in exchange for a monthly fee. As a condition of residency, patients had to submit to excessive and medically unnecessary urine drug testing three to four times per week.  

Evidence also showed the medical director did not review the UA drug test results and did not use the UA drug tests to treat the patients. This lack of review called the necessity of the tests into question.  In addition, the doctor had these same patients sent to his office so he could also fraudulently bill for services through his own practice. He faces up to 20 years in prison for healthcare fraud and wire fraud conspiracy. He faces another 10 years for each of eleven counts of healthcare fraud.  

Compliance officers should watch for:

If your organization allows for standing orders, you should have a written policy that guides their use. The policy should outline the risks and benefits of the standing orders. It should describe when they are appropriate and when they are not appropriate.  That policy should also outline the process for reviewing standing orders on a regular basis to determine if they are still appropriate.  If it’s been more than a year since you’ve reviewed a standing order, you may want to schedule a review soon.   

Modifier misuse: unbundling under modifier 25 

Billing and coding modifiers can also be an area of risk for physicians. In general, most encounters are reported with one Healthcare Common Procedure Coding System / Current Procedural Terminology (HCPCS/CPT) code. Medicare generally prohibits healthcare providers from separately billing for E&M services provided on the same day as another medical procedure. The exception is if the E&M services are significant, separately identifiable, and above and beyond the usual preoperative and postoperative care associated with the medical procedure.   

When the E&M service meets this definition, modifier 25 can appropriately be appended to the E&M code. When that is done, a physician is, in essence, certifying that the procedure and E&M are separate enough to meet the definition of the modifier. 

A urology practice learned an expensive lesson by allegedly using modifier 25 inappropriately. The practice agreed to pay $1.85 million to resolve allegations of modifier misuse. The case was initiated by a qui tam whistleblower.  Allegedly the practice used modifier 25 to improperly unbundle routine E&M services that were not separately billable from other procedures performed on the same day. As a result, the practice improperly claimed compensation from Medicare for certain urological services. The whistleblower had performed audits that allegedly showed an overall error rate for the practice of 58% with some physicians showing a 100% error rate.  

Compliance officers should watch for:

Any specialty could potentially run into problems with modifier 25. Consider common clinical scenarios such as a scheduled procedure. For example, in urology a physician might schedule a patient to return to the office another day for a scope procedure or a prostate biopsy. Frequently, upon return, the procedure is performed but a significant, separately identifiable evaluation and management service might not be performed. In those cases, it would not be appropriate to bill the procedure and an E&M service, but rather only the procedure.  Automatically billing an E&M with modifier 25 just because the patient was in the office would be a red flag. 

Conclusion 

Physicians and their practices need to be aware of coding and billing risks. Enforcement agencies and potential whistleblowers may identify outliers or flat-out fraud. Common mistakes may include a lack of documentation or not performing a service but billing for it anyway. Other common mistakes are billing for procedures or services that were performed but were not medically necessary and misuse of medical codes and/or modifiers.  


CJ Wolf, MD, M.Ed is a healthcare compliance professional with over 22 years of experience in healthcare economics, revenue cycle, coding, billing, and healthcare compliance. He has worked for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System, an international medical device company and a healthcare compliance software start up. Currently, Dr. Wolf teaches and provides private healthcare compliance and coding consulting services as well as training. He is a graduate of the University of Illinois at Chicago College of Medicine, earned a master’s in education from the University of Texas at Brownsville and was magna cum laude as an undergraduate at Brigham Young University in Provo, UT. In addition to his educational background, Dr. Wolf holds current certifications in medical coding and billing (CPC, COC) and healthcare compliance, ethics, privacy and research (CHC, CCEP, CHPC, CHRC).

Managing regulatory change is a critical way to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS workflow to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo.

Download our white paper on how compliance professionals can help healthcare institutions mitigate risk.

Never miss an article from YouCompli

Telehealth expansion: Interstate licensure compacts benefit patients 

YouCompli Woman reviewing interstate licensure compacts for telehealth

Telehealth services and models have expanded rapidly during the pandemic. Healthcare employee burnout, the Great Resignation, and other factors are expected to further accelerate telehealth growth.  

Telehealth expansion has led to significant growth in the use of interstate licensure compacts. As more healthcare professionals obtain licensure under compacts, compliance officers need to be aware of interstate licensure requirements – and their effects on patient care. 

Increasing use of interstate licensure compacts 

The National Council of State Boards of Nursing (NCSBN) recently published its annual report on interstate licensure. It noted 43 states and territories have enacted licensure compacts for nurses, physicians, physical therapists, emergency medical technicians, psychologists, speech therapists/audiologists, occupational therapists, and counselors. 

The Nurse Licensure Compact (NLC) is an interstate agreement allowing nurses to practice in multiple states with one multistate license issued from their home state. The compact enables nurses to provide nursing services to patients located in other NLC states via telehealth without obtaining additional licenses. The NCSBN says this approach allows for greater nurse mobility, public protection, and access to care.  

In addition, use of the Interstate Medical Licensure Compact (IMLC) grew by 47% in the past two years. The IMLC Commission noted “more than 8,000 licenses were issued through the compact from March 2020 to March 2021.” This is compared with nearly 4,000 licenses issued during the previous 12-month period.  

With more healthcare professionals practicing across state lines, patients have more choices. And healthcare compliance officers have processes and procedures to update.  

Interstate licensure compacts benefit patients 

For patients, one benefit of licensure compacts includes licensing boards being able to ensure that physicians maintain professional integrity and medical standards – regardless of where they practice. As more healthcare professionals obtain licensure under compacts, patients gain greater flexibility in making care decisions.  

For example, rural patients can participate in a telehealth visit with a specialist or provider at home. This saves patients the time and expense of driving long distances to see the same provider in a facility setting.   

Another positive is the increased use of remote monitoring devices, such as glucose monitors, blood pressure monitors, and heart monitors. Patients can receive state-of-the-art monitoring remotely, instead of as a hospital inpatient. In turn, healthcare costs decrease and patient compliance increases.  

A significant patient benefit with expanded telehealth is the inclusion of mental health services. Under the provisions of the Consolidated Appropriations Act of 2021, services for the diagnosis, evaluation, or treatment of mental health disorders may continue as telehealth services. Per the Centers for Medicaid & Medicare Services (CMS), the previous restrictions limiting telehealth mental health services to patients residing in rural areas no longer apply.  

Compliance considerations 

Compliance officers need to help their organizations keep up as healthcare delivery models change. Organizations will need to update everything from billing codes to human resources policies and procedures to information technology (IT) practices.  

For example, compliance officers should partner with Human Resources to make sure out-of-state licensed professionals have been educated in facility policies and procedures. They also need to ensure that professionals working under licensure compacts understand the nuances of the rules and laws in the state they are working. 

Compliance officers also need to work with the IT department to ensure that remote devices have been securely connected to the network. They also need to collaborate with the risk department on making sure proper medical professional liability insurance coverage has been obtained for these licensed professionals.  

Compliance officers should work with Revenue Cycle on two crucial issues:  

  • Ensuring that the organization stays abreast of the changes to the CMS list of services payable under the Medicare Physician Fee Schedule when furnished via telehealth. 
  • Staying current on telehealth visit coverages and coding modifiers to decrease denials of patient charges.  

As your team manages your response to continuing regulatory changes, having a system to keep up with the moving parts can help. YouCompli can support your regulatory change management process. It provides regulatory analysis to help you know what changes are coming and decide whether they affect your institution. It also provides requirements, tasks, and deadlines, in clear business English, making it easier for you to manage changes and verify that you’ve taken the proper steps. 

Denise Atwood, RN, JD, CPHRM 
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC 

Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.  


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  


Get more healthcare regulatory change management right to your email!

How is your healthcare organization keeping up with changes in regulations? Read more about our regulatory monitoring process or schedule a demo

Get a 15-minute strategic overview of YouCompli