Transcript Regulatory Compliance

Presented For CPA Leadership Institute
Thomas P. McGuinness, CPA, CVA
Reimer, McGuinness & Associates, PC
August 27 , 2013
 We are from the Government and we’re Here to
Help…?
-- Ronald Reagan
Famous Quote
 If you put the federal government in charge of the
Sahara Desert, in five years there’d be a shortage of
sand.
--Milton Friedman
The 1990’s, Managed Care and the
Criminalization of Medicine
 Medical costs were increasing at rates higher than
the average percentage growth of the economy
 The American consumer wanted “million dollar”
healthcare at low premiums
 Government payments for healthcare (via
Medicare and Medicaid) were increasing annually
as a % of GNP and Congress was worried
 Insurance companies were paying out ever
increasing amounts for healthcare insurance
claims and their profitability is down
Criminalization of Medicine, cont’d
 Physicians and Hospitals were receiving the bulk
of these payments
 Physicians controlled medical spending through
written orders; their businesses were highly
disjointed and known as a “cottage industry”
 Clinton Administration survey results concluded,
“Physicians shouldn’t make more than $100K per
year”
 Something had to give…
There is No Nirvana…
 There were and are abuses in the healthcare industry
 Rather than create “screens” to identify and prosecute
those that abused the rules, Congress created a
massive series of legislation to “REGULATE” medicine
 1970’s=Oil: 1980’s=Thrifts: 1990’s=Medicine
 Does this sound familiar… Enron, WorldCom, Global
Crossing, Anderson and the Accounting Profession:
2000’s=Accounting Profession
 What about the 2010’s… Wall Street
If Your Gonna Play their “Game”…

If you are a hospital, physician, manager or
consultant you better know the “Rules”
Ignorance is not bliss… intent, in most cases doesn’t
matter

1.
2.
3.
4.
Civil money penalties
Criminal penalties
Prison
All of the above
Major Legislation Affecting Physicians and
Hospitals










Medicare Fraud and Abuse
EMTALA
CLIA
Stark I
Stark II
HIPAA
Stark III
Hi-Tech Act of 2009
Individual State Legislation
PPACA and The Affordable Care Act (OBAMACARE)
Medicare Fraud and Abuse
 A large set of regulations promulgated by the Office of
the Inspector General of HHS
 The object of these regulations is to “regulate”
physicians and hospitals from engaging in activities
that over bill or fraudulently bill CMS for services
including self-referrals
 Private inurement activities in the tax exempt entity
arena
Fraud and Abuse, cont’d
 The main tools of CMS is the “post payment audit”
 The False Claims Act
 Any person convicted under this statute…
 Three times the amount of any overpayment, plus
 Mandatory penalties between $5,000 and $10,000 for each
false claim submitted (each line of a HCFA/CMS 1500 Form)
 A typical tactic of the OIG is a combined civil and
criminal investigation to crush subjects into
submission (large fines and the threat of prison for
physicians, administrators and corporate executives)
Fraud and Abuse, cont’d
 HCA Hialeah Hospital, Florida
 Convicted of overbilling Medicare for $7 million out of
$394 million in billing
 Hermann Hospital Consent Order
 In 1994 pays IRS $993,500 to keep from losing its tax
exempt status (amount of fine was equal to the amount
of tax had Hermann not been a tax exempt entity)
Emergency Medical Treatment and Active
Labor Act of 1986 (EMTALA)
 Enacted to mandate that hospitals treat patients
presenting for treatment regardless of their ability to
pay
 Also known as the Patient Anti-Dumping Act of 1986
 To assure that emergency departments treated and
stabilized patients rather than refusing treatment,
transferring or discharging them before the patient was
stabilized
EMTALA, cont’d
Penalties for non compliance:
 $2,000 for each wrongful act occurring before January 1,




1997
$10,000 for each wrongful act occurring after January 1,
1997
OIG may impose up to $15,000 for each person making a
false statement
OIG may impose up to $100,000 for each arrangement or
scheme subject to investigation
Other penalties
Clinical Lab Improvement Act (CLIA)
 CLIA was enacted in 1988 in an attempt to elevate the
standards of laboratory testing
 Enacted in response to outcry re: deaths ascribed to
false negative pap smears
 Congress decided to regulate every lab test in the US,
including those in physician offices
 These false readings ironically ended up coming from
federal labs and no problems came from UAs
CLIA, cont’d
 Result of federal regulation…
 the cost of a pap smear in NY state had over tripled by
1992
 Cost of compliance with CLIA is between $1,800 and
$9,000 per practice depending on testing performed
(waivered v. “full” lab)
 Reduced number of labs in total and in-office
laboratories in physician offices
 Reduction in competition in the lab industry
CLIA, cont’d
 There are certain lab tests that are in a physician’s
office (waivered tests) without having to comply with
the totality of CLIA regulations, but waivered labs still
need to comply, register and be subject to inspection
 Strep, UA, Glucose tolerance, pregnancy and rapid flu
 CLIA regulations are included in 242 pages
 Most Federal labs are exempt from CLIA including
the VA, public health laboratories, forensic, research
and teaching laboratories
CLIA, cont’d
 Penalties
 One year in prison
 Civil money penalties of $10,000 per day
 Exclusion from federal programs
 Infractions noted
 In 2002 there were 132 labs sanctioned*
 Out of 177,617 registered labs* - .00074%!
Source: Association of American Physicians and Surgeons, Inc.
Stark I
 A part of the Omnibus Budget Reconciliation Act of
1989 (OBRA 1989).
 Became effective in 1992 to regulate physician selfreferral for Medicare and Medicaid patients to entities
where physicians had a financial interest (direct or
indirect) ownership
 This initial legislation covered only a limited number
of clinical laboratory services, but set the stage for the
rest of the Stark law
Stark I, cont’d
Civil Penalties for noncompliance:
 Civil money penalty for each item or service (each line
of HCFA 1500 Form) of $10,000
 Civil money penalties of $15,000 for each individual for
which a false claim was made
 $10,000 for each day a prohibited relationship
continues
 $50,000 for each such act
Stark I, cont’d
Criminal penalties for noncompliance:
 Each count of a felony conviction – up to $25,000
 Up to five years imprisonment
 Or both
 Each count of a misdemeanor conviction – up to
$10,000
 Up to one year imprisonment
 Or both
Stark II


Enacted as Part of the Omnibus Budget
Reconciliation Act of 1993 (OBRA 1993)
Became effective January 1, 1995 to expand the initial
legislation by identifying eleven specified services,
called “Designated Health Services”
Clinical laboratory services (80000 series CPT codes)
Physical therapy services (97000 series and some HCPCS level
2 codes)
Occupational therapy services (same codes as PT)
Stark
II, cont’d

Radiology
services, including MRI, CAT scans and







ultrasound services (but not nuclear medicine)
Radiation therapy services and supplies (some 70000
series codes, but not nuclear medicine)
Durable medical equipment and supplies
Parenteral and enteral nutrients, equipment and
supplies
Prosthetics, orthotics and prosthetic devices and
supplies
Home health services
Outpatient prescription drugs
Inpatient and outpatient hospital supplies
Stark II, cont’d
 Specified that a physician could not refer (request or
order) tests or services for Medicare or Medicaid
patients where the physician (or immediate family
member) has a financial relationship
 Created the “incident to” definition – services
performed by ancillary employees or other group
practice doctors under the supervision of a qualified
Medicare provider
Stark II, cont’d
 Group practice exception – regulation discusses what
constitutes a group practice
 Unprecedented regulation of the structure and internal workings of
physician groups







Single legal entity
Two physician test
Substantially all services test
Distribution of income and expenses
Unified business test
Compensation test
Patient encounter test
 In office ancillary exception – law permits doctors to offer
DHS that supplement routine patient care – in the same
building where the physician otherwise provides services
Stark II, cont’d
 Caused a massive dump of ownership interests in
MRI and CT centers across U.S. and created such a
glut in those markets that many investors lost
most of their investment due to the oversupply of
centers for sale on the market.
 Created scenarios where collaborative efforts to
efficiently use assets became illegal activities
overnight.
 Dictated how physicians can set compensation –
how they split their own ancillary revenue pie!
Name another business where this occurs…
Stark II, cont’d
Penalties for noncompliance
 Up to $15,000 for each service plus twice the
reimbursement claimed
 Exclusion from Medicare and Medicaid programs
Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
 Enacted to allow employee insurance to move with
employees when they change jobs
 Enacted during the time when Congress was
addressing Universal Health Insurance coverage
for “All” Americans
 Other stated “remedies” within the Act were
provisions to combat fraud and abuse in health
insurance and health care delivery and for the
confidentiality and security of patient data
HIPAA, cont’d
Embedded in the Act were provisions for the privacy
and security of patient data
 Privacy rule
 Published December 28, 2000
 Major goal was to assure that individuals’ health
information is properly protected while allowing the
flow of health information and promote high quality
health care
 The Rule applied to health plans, health clearinghouses
and to any health care provider who transmits health
information in electronic form
 Business Associate contracts for contractors
For entire Rule: http://www.hhs.gov/ocr/hipaa
HIPAA - Reality
 The origin of HIPAA healthcare provisions
 “Printer’s Full Employment Act”
 Cost to physicians and hospitals… approximately $10
billion in basic compliance costs
 Created a whole new set of “experts”… HIPAA
consultants
HIPAA, cont’d
 Security Rule—took effect in 2005
 Rule applies to electronic protected health information
(EPHI), which is individually identifiable health
information in electronic form
 Electronic safeguards
 Physical safeguards
 Technical safeguards
HIPAA, cont’d
 Eight Keys to consider in complying with the Security
Rule








Obtain and maintain senior mgmt support
Develop and implement security policies
Conduct and maintain inventory of EPHI
Be aware of political and cultural issues raised by HIPAA
Conduct regular and detailed risk analysis
Determine what is appropriate and reasonable
Documentation
Prepare for ongoing compliance
HIPAA Enforcement
 Penalties for noncompliance
 Civil penalties are $100 per failure to comply with a Privacy
Rule requirement and cannot exceed $25,000 per year for
multiple violations of the identical Rule
 Criminal penalty is $50,000 and up to one year in prison for
false pretenses and up to $250,000 and ten years
imprisonment for sale or transfer for personal gain or
malicious harm (i.e. Britney Spears & Farrah Fawcett
unauthorized medical record access at California hospital)
 Doctor fined $7,500 for document filed in wrong
patient’s chart
 Has anyone been exposed to an actual HIPAA
violation?
HIPAA Violation
 A person calls a patient the night before a life
threatening surgery and tells the patient that he
should not have the described surgery with the named
surgeon. Rather, he should revisit his named family
physician and obtain names of other much more
skilled surgeons than the named surgeon.
Stark II, Phase III (Stark III)
 CMS Published final rulemaking on September 5, 2007
 Becomes effective December 4, 2007*
 Does not further restrict permitted financial
relationships with and interests held by physicians
 Revises definition of “incident to” services to clarify
that it includes both services and supplies that meet
the incident to requirements
 *The “stand in the shoes” provision was revisited and delayed until 12/4/08 the
application to academic medical centers and integrated not for profit organizations
Stark III, cont’d
 Validated that a physician in a group practice may
receive a productivity bonus for supplies (including
drugs), assuming they properly qualify and are billed
on an “incident to” basis
 Expressly states that diagnostic tests cannot qualify as
“incident to” services
 Therefore, x-ray, laboratory tests and other diagnostic tests
may not be billed as “incident to” services.
 Specify that productivity bonuses can be based directly on
services “incident to” the physician’s personally performed
services… even if those services are otherwise DHS
referrals.
Stark III, cont’d
 This is a critical clarification as it relates to physician
compensation in group practices and especially where
productivity bonuses are concerned.
 Eliminates the Safe Harbor Method of Establishing
Fair Market Value of personal services (based upon use
of Surveys)
 Permits medical group to impose non-competes to
protect its asset (disallowed in Stark II)
 Removes office space rentals from the FMV exception
because CMS felt office space leases have been subject
to abuse
Stark III, cont’d
 CMS appeared to also exclude the per unit of service or
“per click” rental payments. This would have the effect
of up-ending many legitimate arrangements entered
to do business—a later clarification allowed this
arrangement to continue in certain circumstances
 Does allow physician retention payments in certain
circumstances (underserved areas, etc.)
Stark III… updated penalties
 Denial of payment for a service that is the subject of a
violation
 Refund of payment via recoupment
 $15,000 per service, civil money penalty
 $100,000 civil money penalty for each arrangement
considered to be a circumvention scheme
HITECH Act of 2009
 Provides new data breach rules



To the affected patient
To the media if the breach is big
To HHS
 De-identified and “secured” (encrypted) data breaches
need not be reported
 If PHI has been compromised, reporting is required
 “Hide” Rule allows for a patient who pays in full, out of
pocket for a service to request provider NOT to
disclose information to patient’s insurer
HITECH Act, cont’d
 We, as consultants are required to fully comply with
the HIPAA Security Rule if we receive PHI.
 We, as consultants are required to perform a risk
assessment of PHI Security and have a compliance
plan and procedures in place.
HiTech Act--Enforcement
 State attorneys general can pursue HIPAA violations,
not just HHS OIG
 Individual victims of HIPAA violations may participate
in recovery of penalty funds
 Increases high end of penalties to $1.5 million
Individual State Legislation
 As a participant/consultant in this field you will need
to be familiar with the regulations in the State(s) in
which you perform services
 Find one or more good healthcare attorneys in your
area
 Use these attorneys as sources for Federal and State
regulations and as resources for yourself and clients
 Review State Dept. of Insurance enforcement criteria
 Review State OIG healthcare statutes
 Again… Ignorance IS NOT Bliss… it’s malpractice at a
minimum
OBAMACARE
 The Patient Protection and Affordable Care Act was
signed into law by President Obama on March 23, 2010
 The law was challenged in Federal Court as being
unconstitutional under the Commerce Clause
 There are currently waivers that have been allowed for
Employers such as McDonald’s, large insurers such as
Aetna and Cigna and 185 union plans covering
approximately 1 million employees.
 There is also waiver for certain religious groups that
believe insurance is “gambling” (Muslims and Quakers
to name a few)
OBAMACARE, Cont’d
 Only time will tell whether this Law will be allowed to
proceed… and a class on this Law by itself would take
more time than available within this session. Congress
is currently and quietly trying to exempt itself from the
law… you can make your own conclusions…
 Healthcare reform is needed… however the
mechanism to provide such reform is still the subject
of intense debate
 There are no easy answers… but there are severe
penalties for providers that do not “play well” with the
Government…
Conclusion
 Obtain copies of the rules we work with
 Read and understand the rules as best you can
 Don’t get too cute… you can go to jail too!
 Enlist the assistance of one or more qualified health
care attorneys and don’t be afraid to utilize them
 Pray that the HHS Boogie Man stays away!!
 Good Luck to each of you!!!