1 / 47

Regulatory & Compliance Issues and Pitfalls

Regulatory & Compliance Issues and Pitfalls. Presented For CPA Leadership Institute Thomas P. McGuinness, CPA, CVA Reimer, McGuinness & Associates, PC August 27 , 2013. We are from the Government and we’re Here to Help…? -- Ronald Reagan. Famous Quote.

elie
Download Presentation

Regulatory & Compliance Issues and Pitfalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Regulatory & Compliance Issues and Pitfalls Presented For CPA Leadership Institute Thomas P. McGuinness, CPA, CVA Reimer, McGuinness & Associates, PC August 27 , 2013

  2. We are from the Government and we’re Here to Help…? -- Ronald Reagan

  3. Famous Quote • If you put the federal government in charge of the Sahara Desert, in five years there’d be a shortage of sand. --Milton Friedman

  4. The 1990’s, Managed Care and the Criminalization of Medicine • Medical costs were increasing at rates higher than the average percentage growth of the economy • The American consumer wanted “million dollar” healthcare at low premiums • Government payments for healthcare (via Medicare and Medicaid) were increasing annually as a % of GNP and Congress was worried • Insurance companies were paying out ever increasing amounts for healthcare insurance claims and their profitability is down

  5. Criminalization of Medicine, cont’d • Physicians and Hospitals were receiving the bulk of these payments • Physicians controlled medical spending through written orders; their businesses were highly disjointed and known as a “cottage industry” • Clinton Administration survey results concluded, “Physicians shouldn’t make more than $100K per year” • Something had to give…

  6. There is No Nirvana… • There were and are abuses in the healthcare industry • Rather than create “screens” to identify and prosecute those that abused the rules, Congress created a massive series of legislation to “REGULATE” medicine • 1970’s=Oil: 1980’s=Thrifts: 1990’s=Medicine • Does this sound familiar… Enron, WorldCom, Global Crossing, Anderson and the Accounting Profession: 2000’s=Accounting Profession • What about the 2010’s… Wall Street

  7. If Your Gonna Play their “Game”… • If you are a hospital, physician, manager or consultant you better know the “Rules” • Ignorance is not bliss… intent, in most cases doesn’t matter • Civil money penalties • Criminal penalties • Prison • All of the above

  8. Major Legislation Affecting Physicians and Hospitals • Medicare Fraud and Abuse • EMTALA • CLIA • Stark I • Stark II • HIPAA • Stark III • Hi-Tech Act of 2009 • Individual State Legislation • PPACA and The Affordable Care Act (OBAMACARE)

  9. Medicare Fraud and Abuse • A large set of regulations promulgated by the Office of the Inspector General of HHS • The object of these regulations is to “regulate” physicians and hospitals from engaging in activities that over bill or fraudulently bill CMS for services including self-referrals • Private inurement activities in the tax exempt entity arena

  10. Fraud and Abuse, cont’d • The main tools of CMS is the “post payment audit” • The False Claims Act • Any person convicted under this statute… • Three times the amount of any overpayment, plus • Mandatory penalties between $5,000 and $10,000 for each false claim submitted (each line of a HCFA/CMS 1500 Form) • A typical tactic of the OIG is a combined civil and criminal investigation to crush subjects into submission (large fines and the threat of prison for physicians, administrators and corporate executives)

  11. Fraud and Abuse, cont’d • HCA Hialeah Hospital, Florida • Convicted of overbilling Medicare for $7 million out of $394 million in billing • Hermann Hospital Consent Order • In 1994 pays IRS $993,500 to keep from losing its tax exempt status (amount of fine was equal to the amount of tax had Hermann not been a tax exempt entity)

  12. Emergency Medical Treatment and Active Labor Act of 1986 (EMTALA) • Enacted to mandate that hospitals treat patients presenting for treatment regardless of their ability to pay • Also known as the Patient Anti-Dumping Act of 1986 • To assure that emergency departments treated and stabilized patients rather than refusing treatment, transferring or discharging them before the patient was stabilized

  13. EMTALA, cont’d Penalties for non compliance: • $2,000 for each wrongful act occurring before January 1, 1997 • $10,000 for each wrongful act occurring after January 1, 1997 • OIG may impose up to $15,000 for each person making a false statement • OIG may impose up to $100,000 for each arrangement or scheme subject to investigation • Other penalties

  14. Clinical Lab Improvement Act (CLIA) • CLIA was enacted in 1988 in an attempt to elevate the standards of laboratory testing • Enacted in response to outcry re: deaths ascribed to false negative pap smears • Congress decided to regulate every lab test in the US, including those in physician offices • These false readings ironically ended up coming from federal labs and no problems came from UAs

  15. CLIA, cont’d • Result of federal regulation… • the cost of a pap smear in NY state had over tripled by 1992 • Cost of compliance with CLIA is between $1,800 and $9,000 per practice depending on testing performed (waivered v. “full” lab) • Reduced number of labs in total and in-office laboratories in physician offices • Reduction in competition in the lab industry

  16. CLIA, cont’d • There are certain lab tests that are in a physician’s office (waivered tests) without having to comply with the totality of CLIA regulations, but waivered labs still need to comply, register and be subject to inspection • Strep, UA, Glucose tolerance, pregnancy and rapid flu • CLIA regulations are included in 242 pages • Most Federal labs are exempt from CLIA including the VA, public health laboratories, forensic, research and teaching laboratories

  17. CLIA, cont’d • Penalties • One year in prison • Civil money penalties of $10,000 per day • Exclusion from federal programs • Infractions noted • In 2002 there were 132 labs sanctioned* • Out of 177,617 registered labs* - .00074%! Source: Association of American Physicians and Surgeons, Inc.

  18. Stark I • A part of the Omnibus Budget Reconciliation Act of 1989 (OBRA 1989). • Became effective in 1992 to regulate physician self-referral for Medicare and Medicaid patients to entities where physicians had a financial interest (direct or indirect) ownership • This initial legislation covered only a limited number of clinical laboratory services, but set the stage for the rest of the Stark law

  19. Stark I, cont’d Civil Penalties for noncompliance: • Civil money penalty for each item or service (each line of HCFA 1500 Form) of $10,000 • Civil money penalties of $15,000 for each individual for which a false claim was made • $10,000 for each day a prohibited relationship continues • $50,000 for each such act

  20. Stark I, cont’d Criminal penalties for noncompliance: • Each count of a felony conviction – up to $25,000 • Up to five years imprisonment • Or both • Each count of a misdemeanor conviction – up to $10,000 • Up to one year imprisonment • Or both

  21. Stark II • Enacted as Part of the Omnibus Budget Reconciliation Act of 1993 (OBRA 1993) • Became effective January 1, 1995 to expand the initial legislation by identifying eleven specified services, called “Designated Health Services” Clinical laboratory services (80000 series CPT codes) Physical therapy services (97000 series and some HCPCS level 2 codes) Occupational therapy services (same codes as PT)

  22. Stark II, cont’d • Radiology services, including MRI, CAT scans and ultrasound services (but not nuclear medicine) • Radiation therapy services and supplies (some 70000 series codes, but not nuclear medicine) • Durable medical equipment and supplies • Parenteral and enteral nutrients, equipment and supplies • Prosthetics, orthotics and prosthetic devices and supplies • Home health services • Outpatient prescription drugs • Inpatient and outpatient hospital supplies

  23. Stark II, cont’d • Specified that a physician could not refer (request or order) tests or services for Medicare or Medicaid patients where the physician (or immediate family member) has a financial relationship • Created the “incident to” definition – services performed by ancillary employees or other group practice doctors under the supervision of a qualified Medicare provider

  24. Stark II, cont’d • Group practice exception – regulation discusses what constitutes a group practice • Unprecedented regulation of the structure and internal workings of physician groups • Single legal entity • Two physician test • Substantially all services test • Distribution of income and expenses • Unified business test • Compensation test • Patient encounter test • In office ancillary exception – law permits doctors to offer DHS that supplement routine patient care – in the same building where the physician otherwise provides services

  25. Stark II, cont’d • Caused a massive dump of ownership interests in MRI and CT centers across U.S. and created such a glut in those markets that many investors lost most of their investment due to the oversupply of centers for sale on the market. • Created scenarios where collaborative efforts to efficiently use assets became illegal activities overnight. • Dictated how physicians can set compensation – how they split their own ancillary revenue pie! Name another business where this occurs…

  26. Stark II, cont’d Penalties for noncompliance • Up to $15,000 for each service plus twice the reimbursement claimed • Exclusion from Medicare and Medicaid programs

  27. Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Enacted to allow employee insurance to move with employees when they change jobs • Enacted during the time when Congress was addressing Universal Health Insurance coverage for “All” Americans • Other stated “remedies” within the Act were provisions to combat fraud and abuse in health insurance and health care delivery and for the confidentiality and security of patient data

  28. HIPAA, cont’d Embedded in the Act were provisions for the privacy and security of patient data • Privacy rule • Published December 28, 2000 • Major goal was to assure that individuals’ health information is properly protected while allowing the flow of health information and promote high quality health care • The Rule applied to health plans, health clearinghouses and to any health care provider who transmits health information in electronic form • Business Associate contracts for contractors For entire Rule: http://www.hhs.gov/ocr/hipaa

  29. HIPAA - Reality • The origin of HIPAA healthcare provisions • “Printer’s Full Employment Act” • Cost to physicians and hospitals… approximately $10 billion in basic compliance costs • Created a whole new set of “experts”… HIPAA consultants

  30. HIPAA, cont’d • Security Rule—took effect in 2005 • Rule applies to electronic protected health information (EPHI), which is individually identifiable health information in electronic form • Electronic safeguards • Physical safeguards • Technical safeguards

  31. HIPAA, cont’d • Eight Keys to consider in complying with the Security Rule • Obtain and maintain senior mgmt support • Develop and implement security policies • Conduct and maintain inventory of EPHI • Be aware of political and cultural issues raised by HIPAA • Conduct regular and detailed risk analysis • Determine what is appropriate and reasonable • Documentation • Prepare for ongoing compliance

  32. HIPAA Enforcement • Penalties for noncompliance • Civil penalties are $100 per failure to comply with a Privacy Rule requirement and cannot exceed $25,000 per year for multiple violations of the identical Rule • Criminal penalty is $50,000 and up to one year in prison for false pretenses and up to $250,000 and ten years imprisonment for sale or transfer for personal gain or malicious harm (i.e. Britney Spears & Farrah Fawcett unauthorized medical record access at California hospital) • Doctor fined $7,500 for document filed in wrong patient’s chart • Has anyone been exposed to an actual HIPAA violation?

  33. HIPAA Violation • A person calls a patient the night before a life threatening surgery and tells the patient that he should not have the described surgery with the named surgeon. Rather, he should revisit his named family physician and obtain names of other much more skilled surgeons than the named surgeon.

  34. Stark II, Phase III (Stark III) • CMS Published final rulemaking on September 5, 2007 • Becomes effective December 4, 2007* • Does not further restrict permitted financial relationships with and interests held by physicians • Revises definition of “incident to” services to clarify that it includes both services and supplies that meet the incident to requirements • *The “stand in the shoes” provision was revisited and delayed until 12/4/08 the application to academic medical centers and integrated not for profit organizations

  35. Stark III, cont’d • Validated that a physician in a group practice may receive a productivity bonus for supplies (including drugs), assuming they properly qualify and are billed on an “incident to” basis • Expressly states that diagnostic tests cannot qualify as “incident to” services • Therefore, x-ray, laboratory tests and other diagnostic tests may not be billed as “incident to” services. • Specify that productivity bonuses can be based directly on services “incident to” the physician’s personally performed services… even if those services are otherwise DHS referrals.

  36. Stark III, cont’d • This is a critical clarification as it relates to physician compensation in group practices and especially where productivity bonuses are concerned. • Eliminates the Safe Harbor Method of Establishing Fair Market Value of personal services (based upon use of Surveys) • Permits medical group to impose non-competes to protect its asset (disallowed in Stark II) • Removes office space rentals from the FMV exception because CMS felt office space leases have been subject to abuse

  37. Stark III, cont’d • CMS appeared to also exclude the per unit of service or “per click” rental payments. This would have the effect of up-ending many legitimate arrangements entered to do business—a later clarification allowed this arrangement to continue in certain circumstances • Does allow physician retention payments in certain circumstances (underserved areas, etc.)

  38. Stark III… updated penalties • Denial of payment for a service that is the subject of a violation • Refund of payment via recoupment • $15,000 per service, civil money penalty • $100,000 civil money penalty for each arrangement considered to be a circumvention scheme

  39. HITECH Act of 2009 • Provides new data breach rules • To the affected patient • To the media if the breach is big • To HHS • De-identified and “secured” (encrypted) data breaches need not be reported • If PHI has been compromised, reporting is required • “Hide” Rule allows for a patient who pays in full, out of pocket for a service to request provider NOT to disclose information to patient’s insurer

  40. HITECH Act, cont’d • We, as consultants are required to fully comply with the HIPAA Security Rule if we receive PHI. • We, as consultants are required to perform a risk assessment of PHI Security and have a compliance plan and procedures in place.

  41. HiTech Act--Enforcement • State attorneys general can pursue HIPAA violations, not just HHS OIG • Individual victims of HIPAA violations may participate in recovery of penalty funds • Increases high end of penalties to $1.5 million

  42. Individual State Legislation • As a participant/consultant in this field you will need to be familiar with the regulations in the State(s) in which you perform services • Find one or more good healthcare attorneys in your area • Use these attorneys as sources for Federal and State regulations and as resources for yourself and clients • Review State Dept. of Insurance enforcement criteria • Review State OIG healthcare statutes • Again… Ignorance IS NOT Bliss… it’s malpractice at a minimum

  43. OBAMACARE • The Patient Protection and Affordable Care Act was signed into law by President Obama on March 23, 2010 • The law was challenged in Federal Court as being unconstitutional under the Commerce Clause • There are currently waivers that have been allowed for Employers such as McDonald’s, large insurers such as Aetna and Cigna and 185 union plans covering approximately 1 million employees. • There is also waiver for certain religious groups that believe insurance is “gambling” (Muslims and Quakers to name a few)

  44. OBAMACARE, Cont’d • Only time will tell whether this Law will be allowed to proceed… and a class on this Law by itself would take more time than available within this session. Congress is currently and quietly trying to exempt itself from the law… you can make your own conclusions… • Healthcare reform is needed… however the mechanism to provide such reform is still the subject of intense debate • There are no easy answers… but there are severe penalties for providers that do not “play well” with the Government…

  45. Conclusion • Obtain copies of the rules we work with • Read and understand the rules as best you can • Don’t get too cute… you can go to jail too! • Enlist the assistance of one or more qualified health care attorneys and don’t be afraid to utilize them • Pray that the HHS Boogie Man stays away!! • Good Luck to each of you!!!

More Related