Recently, Brian Ritchie, the Acting Deputy Inspector General for Evaluation and Inspections, testified before the Subcommittee on Energy, Healthcare and Entitlements. The hearing, titled “:Medicare Mismanagement: Oversight of the Federal Government’s Efforts to Recapture Misspent Funds”, focused in part on the Medicare provider appeals process. The Medicare appeals process is currently suffering from huge backlog and delays due to an increase in the number of appeals by Medicare Part A providers. The Center for Medicare & Medicaid Services (CMS), which is responsible for ensuring that Medicare makes accurate payments, contracts with Recovery Auditor Contractors (RACs). RACs receive a commission when they identify and recover/return improper Medicare payments. Each year, it is estimated that $50 billion is improperly paid from the Medicare program. In August of 2013, the Office of the Inspector General (OIG) published a study which revealed that in FYs 2010 and 2011, RAC audits identified improper payments of $1.3 billion, of which $768 million was recovered. RACs and other program contractors now play a major role in the government’s efforts to curve fraud, waste and abuse.
However, in recent years, there has been a strong surge in the number of successful appeals from Recovery Auditor overpayment determinations. This dramatic increase in appeals has caused higher administrative burdens on the entire judicial system. It was found that two percent (2%) of providers account for one-third (1/3) of all Administrative Law Judge (ALJ) appeals, with a few providers seemingly appealing almost every reimbursement denial. One reason for the surge is due to the high level of success Part A providers have received at the ALJ level. The probability of receiving a favorable decision at the ALJ level by Part A providers is approximately 56% according to recent testimony. In agency comments released by CMS dated 06/12/13, there are several likely factors which attribute to the high appeal success rate: 1) ALJ are not bound by the CMS manual and local coverage determinations; 2) ALJ interpret Medicare policy less strictly; 3) ALJ are less specialized in the Medicare program and do not have clinicians on staff; 4) there is a low cost to appeal.
Because so many RAC determinations have been overturned, this calls into question the viability of RACs in the future. Recent lawsuits have surfaced which challenge the appeals process, which in turn put more pressure on CMS to take corrective action. We will see what develops from the higher scrutiny pertaining to this issue.
A study conducted by Stephen W. Heath, MD, MPH found that there is a correlation between our increasing litigious society and the reason litigants file malpractice claims. Continuous consumer advertisements targeting medical providers has become commonplace. As such, a 2010 report by the American Medical Association found that 60 percent of doctors over the age of 55 have been sued at least once. Moreover, medical malpractice jury awards are 17 time higher than general tort awards according to the U.S. Department of Justice Bureau of Justice Statistics. With the high probability of experiencing a medical malpractice claim, medical providers should address the risk of financial loss systematically. By focusing on high risk areas such as informed consent, informed refusal and patient documentation, a provider can reduce the risk of claims filed against his or her medical practice. It is equally important to implement new policies, procedures and forms that address high risk areas. Finally, research studies show that patients rarely bring tort actions against providers they like. For this reason, conducting patient satisfaction surveys should play a role in a provider’s risk management strategy.
The Impact of Social Status on Negotiations
Have you ever been in a negotiation where the other party’s reasoning was not economically rational? This white paper aims to take your negotiating skills to the next level by focusing on unspoken social motivations.
Special Message to Atlanta Area Medical and Dental Providers.
If you enjoy reading our compliance posts and wish to receive additional information, we are providing for a limited time a free on-site training session on recent HIPAA developments. Go to http://www.icomply360.com to sign up.
On February 24, 2014, the Department of Health and Human Services announced its plans to conduct a pre-audit survey of up to 1,200 HIPAA “covered entities” and “business associates” to determine whether such entity is suitable for the HIPAA Audit Program conducted by the Office of Civil Rights (OCR). The pre-audit will potentially collect recent data about the number of patient visits, use of electronic information, revenue and business locations. The pre-audit information will be shared with the OCR, who is mandated to conduct audits of covered entities and business associates to assess compliance with the Privacy, Security and Breach Notification Rules under HIPAA.
Expansion of HIPAA Requirements under Final Rule
The Omnibus Final Rule, which became effective March 26, 2013, increased penalties for violations of HIPAA, signaling to affected parties heightened regulatory scrutiny. The Final Rule expanded the regulatory requirements of HIPAA in several ways. For instance, the Final Rule made business associates of covered entities directly liable for compliance with certain requirements under privacy and security rules. The Final Rule also expanded certain patient rights and adopted the HITECH breach notification requirements pertaining to unsecured protected health information. We have recently seen the Department of Health & Human Services enforce these provisions in a recent settlement with Concentra Health Services, a subsidiary of Humana. Concentra agreed to pay more than $1.7 million to HHS due to a breach in security from unencrypted stolen laptops.
Being Prepared and in Compliance
What all this means is that health providers and their business associates should be prepared by engaging in proper risk assessments to identify, evaluate and correct vulnerabilities in the protection of patient health information. In previous posts, we made the comment that it is no longer sufficient to have a compliance program in name only. We add to this by stating that regulations require covered entities to review its policies and procedures so that vulnerabilities are corrected. Boilerplate policies not reflective of the security risks present at the provider’s practice is wholly insufficient. Policies and procedures should be implemented in response to identified vulnerabilities. The public comment period regarding the HIPAA pre-audit survey closed on April 25, 2014. We will attempt to make updates on pre-audit surveys as information is made available.