|
|
Feeley & Driscoll's OIG Update: May 2011 The Department of Health and Human Services Office of the Inspector General (HHS-OIG) was established by Congress in 1976 to identify and eliminate fraud, abuse, and waste in HHS programs and to promote efficiency and economy in departmental operations. The OIG is responsible for conducting audits, evaluations, and both criminal and civil investigations for all HHS agencies. These functions are performed by the OIG's Office of Audit Services (OAS). Feeley & Driscoll's OIG Update is a compilation of the latest and greatest additions from the OIG's website, listed in approximate order of greatness rather than lateness. This update is a monthly publication from the Healthcare Group at Feeley & Driscoll, P.C.
1. Audit of Information Technology Security Included in Health Information Technology Standards The Department's Office of the National Coordinator (ONC) provides leadership for the development and nationwide implementation of an interoperable health information technology (HIT) infrastructure. ONC is charged with guiding the nationwide implementation of interoperable HIT to reduce medical errors, improve quality, produce greater value for health care expenditures, ensure that patients' individually identifiable health information is secure and protected, and facilitate the widespread adoption of electronic health records (EHR). The OIG’s review found that ONC had application information technology (IT) security controls in the interoperability specifications, but there were no HIT standards that included general information IT security controls. General IT security controls are the structure, policies, and procedures that apply to an entity's overall computer operations, ensure the proper operation of information systems, and create a secure environment for application systems and controls. At the time of the OIG’s initial audit, the interoperability specifications were the ONC HIT standards and included security features necessary for securely passing data between EHR systems (e.g., encrypting transmissions between EHR systems). These controls in the EHR systems were application security controls, not general IT security controls. The OIG found a lack of general IT security controls during prior audits at Medicare contractors, State Medicaid agencies, and hospitals. Those vulnerabilities, combined with the OIG’s findings in this audit, raise concern about the effectiveness of IT security for HIT if general IT security controls are not addressed. The OIG recommends that ONC:
ONC concurred with the OIG’s recommendations. >Click here to view the full report 2. Areté Sleep to Pay the United States $650,000 to Resolve False Claims Act Allegations Areté Sleep LLC, Areté Sleep Therapy LLC and Areté Holdings LLC have agreed to pay the United States $650,000 to settle allegations that their sleep medicine and durable medical equipment facilities in Arizona and Texas submitted false claims to Medicare, the Justice Department announced today. Today’s settlement resolves False Claims Act allegations that, from Nov. 1, 2002, through Dec. 31, 2009, Areté made false claims to Medicare for diagnostic sleep tests performed by technicians lacking the licenses or certifications required by Medicare rules and regulations. The settlement also resolves related allegations that Areté made false claims to Medicare for medical devices resulting from these same technicians’ tests. On Jan. 26, 2011, Areté filed voluntary petitions for relief under Chapter 11 of the Bankruptcy Code in the U.S. Bankruptcy Court in the District of Arizona. Areté has agreed to pay the False Claims Act settlement from the proceeds of the sale of its assets. >Click here to view the full report 3. Review of Medicaid Reimbursement Rates for School-Based Services in West Virginia West Virginia's Department of Health and Human Resources' Bureau for Medical Services (the State agency) did not fully comply with the approved State plan. As a result, the State agency overpaid $22.8 million. The State agency included costs in the calculation of its rates for school-based services that were not included in the reimbursement methodology described in the approved State plan. These errors occurred because the State agency did not provide adequate oversight of its consulting firm, Public Consulting Group, Inc., during the rate calculation process. The OIG deducted the unallowable costs and recalculated the rates based on the reimbursement methodology described in the State agency's approved State plan. The OIG recommends that the State agency:
The State agency did not concur with the OIG’s findings and recommendations. In response to the OIG’s first recommendation, the State agency said that it "believes that operating and indirect costs were claimed in accordance with the State plan." In response to the second recommendation, the State agency said it has tried to work with CMS to determine the allowability of specific cost items, but CMS has never responded. Nothing in the State agency's comments has made us change the OIG’s recommendations or conclusion that the State agency included costs in the calculation of its rates for school-based services that were not included in the reimbursement methodology described in the approved State plan. >Click here to view the full report 4. Medicare Atypical Antipsychotic Drug Claims for Elderly Nursing Home Residents For the period January 1 through June 30, 2007, the OIG determined using medical record review that 51 percent of Medicare claims for atypical antipsychotic drugs were erroneous, amounting to $116 million. A member of Congress requested that OIG evaluate the extent to which elderly nursing home residents receive atypical antipsychotic drugs and the associated cost to Medicare. Specifically, this member expressed concern with atypical antipsychotic drugs prescribed to elderly nursing home residents for off-label conditions (i.e., conditions other than schizophrenia and/or bipolar disorder) and/or in the presence of the condition specified in the Food and Drug Administration's (FDA) boxed warning (i.e., dementia). Medicare requires that drugs be prescribed for "medically accepted indications" for reimbursement. Further, CMS sets standards to ensure that nursing home residents' drug therapy regimens are free from unnecessary drugs. The OIG also found that 14 percent of the 2.1 million elderly (i.e., age 65 and older) nursing home residents had at least 1 claim for these drugs. The OIG determined using medical record review that 83 percent of Medicare claims for atypical antipsychotic drugs for elderly nursing home residents were associated with off-label conditions and that 88 percent were associated with the condition specified in the FDA boxed warning. The OIG further determined through medical record review that 22 percent of the atypical antipsychotic drugs associated with the claims were not administered in compliance with CMS standards regarding unnecessary drugs in nursing homes, amounting to $63 million. Nursing homes' failure to comply with these standards may affect their participation in Medicare. However, nursing homes' noncompliance with these standards does not cause Medicare payments for these drugs to be erroneous. >Click here to view the full report 5. Review of Medicare Home Health Consolidated Billing for Calendar Years 2007 and 2008 The OIG estimated that durable medical equipment Medicare administrative contractors (DME MAC) failed to recover $3.4 million overpaid to DME suppliers for calendar years 2007 and 2008. For the 107 sampled line items of service, the DME MACs recovered overpayments for 49 line items, and 4 line items were not associated with a home health episode and therefore were not subject to consolidated billing. For the 54 remaining line items of service, the DME MACs had not recovered overpayments totaling $24,000 as of June 10, 2010. The Centers for Medicare & Medicaid Services (CMS) contracts with DME MACs to process and pay Medicare claims from DME suppliers. The Common Working File post-payment edit consistently identified non-routine supplies subject to home health consolidated billing. However, two of the DME MACs did not implement procedures to process and recover overpayments in a timely manner. The OIG recommends that CMS direct the DME MACs to:
CMS agreed with the OIG’s recommendations. >Click here to view the full report 6. Review of Medicare Payments Exceeding Charges for Outpatient Services Processed by Noridian Administrative Services, LLC, in Jurisdiction 2 for the Period January 1, 2006, through June 30, 2009 The OIG’s review found that of the 1,340 selected line items for which Noridian Administrative Services, LLC (Noridian), made Medicare payments to providers for outpatient services for the period January 1, 2006, through June 30, 2009, 359 were correct. Providers refunded overpayments on 51 line items totaling $478,000 before the OIG’s fieldwork. The 930 remaining line items were incorrect and included overpayments totaling $6.2 million, which the providers had not refunded by the beginning of the OIG’s audit. The deficiencies in the 930 incorrect line items included incorrect units of service; healthcare Common Procedure Coding System (HCPCS) codes that did not reflect the procedures performed; unallowable services; combination of incorrect units of service and incorrect HCPCS codes; and a lack of supporting documentation. The OIG recommends that Noridian:
Noridian concurred with the OIG’s recommendations. >Click here to view the full report 7. Review of High-Dollar Payments Processed by National Government Services for Long-Term Care Inpatient Services Provided between October 1, 2006, and December 31, 2007 Of the 126 high-dollar payments that National Government Services made to long-term care hospitals for inpatient services during the period October 2006 through December 2007, 58, or 46 percent, were inappropriate. The inappropriate payments included net overpayments totaling approximately $327,000, which the hospitals had not refunded before the start of the OIG’s audit. The 68 remaining payments were appropriate. >Click here to view the full report 8. Comparison of Third-Quarter 2010 Average Sales Prices and Average Manufacturer Prices: Impact on Medicare Reimbursement for First Quarter 2011 The OIG identified 24 Healthcare Common Procedure Coding System (HCPCS) codes with average sales prices (ASP) that exceeded average manufacturer prices (AMP) by at least 5 percent in the third quarter of 2010. Of these 24 HCPCS codes, 14 had complete AMP data (i.e., AMP data for every drug product that CMS used to establish reimbursement amounts). If reimbursement amounts for all 14 codes with complete AMP data had been based on 103 percent of the AMPs during the first quarter of 2011, the OIG estimate that Medicare expenditures would have been reduced by $10.3 million in that quarter alone. By law, OIG must notify the Secretary of Health & Human Services (the Secretary) if the ASP for a particular drug exceeds the drug's AMP by a threshold of 5 percent. If that threshold is met, the Secretary may disregard the ASP for the drug when setting reimbursement and shall substitute the payment amount with the lesser of either the widely available market price or 103 percent of the AMP. This is OIG's 20th report comparing ASPs to AMPs. Although OIG has consistently recommended that CMS develop a price substitution policy and subsequently lower reimbursement for drugs that meet the 5-percent threshold, no price substitutions have been made to date. In July 2010, CMS published a proposed rule that, among other things, specified the circumstances under which AMP-based price substitutions would occur. However, the agency has opted not to finalize the price substitution policy from the proposed rule. The remaining 10 of 24 HCPCS codes also met the 5-percent threshold in the third quarter of 2010 but did not have AMP data for every drug product that CMS used when calculating reimbursement. For 2 of the 10 codes, price reductions may be legitimately warranted because missing AMPs likely had little influence on the pricing comparison results for these codes. The OIG could not compare ASPs and AMPs for an additional 48 HCPCS codes because AMP data were not submitted for any of the drug products that CMS used to calculate reimbursement. Manufacturers for 7 percent of those drug products had Medicaid drug rebate agreements and were therefore generally required to submit AMPs. The OIG will continue to work with CMS to evaluate and pursue appropriate actions against manufacturers that fail to submit required pricing data. >Click here to view the full report 9. Performance Data for the Senior Medicare Patrol Projects: May 2011 Performance Report The Senior Medicare Patrol Projects receive grants from AoA to recruit retired professionals to serve as educators and resources in helping beneficiaries to detect and report fraud, waste, and abuse in the Medicare program. At least 1 project is located in each of the 50 States, as well as in the District of Columbia, Puerto Rico, Guam, and the Virgin Islands. In 2010, the 55 Senior Medicare Patrol Projects had 4,964 active volunteers. These volunteers educated beneficiaries in 8,300 group education sessions and held 70,789 one-on-one counseling sessions. Medicare funds recovered that were attributable to the projects were $22,262 and total savings to Medicare, Medicaid, beneficiaries, and others were $39,031. The projects had almost a 12-percent increase in the number of active volunteers in 2010, compared to the number in 2009. Despite this fact, total savings to Medicare, Medicaid, beneficiaries, and others decreased from $214,060 in 2009 to $39,031 in 2010, for an 82-percent decrease. The OIG continues to emphasize that the number of beneficiaries who have learned from the Senior Medicare Patrol Projects to detect fraud, waste, and abuse, and who subsequently call the OIG fraud hotline or other contacts cannot be tracked. Therefore, the projects may not be receiving full credit for savings attributable to their work. In addition, the projects are unable to track substantial savings derived from a sentinel effect whereby fraud and errors are reduced by Medicare beneficiaries' scrutiny of their bills. >Click here to view the full report 10. Review of Medicare Payments Exceeding Charges for Outpatient Services Processed by Palmetto GBA, LLC, in Jurisdiction 1 for the Period January 1, 2006, through June 30, 2009 The OIG review found that of the 1,323 selected line items for which Palmetto GBA, LLC (Palmetto), made Medicare payments to providers for outpatient services for the period January 1, 2006, through June 30, 2009, 926 were incorrect. The incorrect line items included overpayments totaling $7.5 million, which the providers had not refunded by the beginning of the OIG’s audit. The incorrect line items included incorrect units of service, Healthcare Common Procedure Coding System (HCPCS) codes that did not reflect the procedures performed, a combination of incorrect units of service and incorrect HCPCS codes, unallowable services, and lack of supporting documentation. The 397 remaining line items were correct. The providers attributed the incorrect payments to clerical errors or to billing systems that could not prevent or detect the incorrect billing of units of service and other types of billing errors. Palmetto made these incorrect payments because neither the Fiscal Intermediary Standard System nor the Common Working File had sufficient edits in place during the OIG’s audit period to prevent or detect the overpayments. The OIG recommends that Palmetto:
In written comments on the OIG’s draft report, Palmetto provided information on actions that it had taken or planned to take to address the recommendations. >Click here to view the full report 11. Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight The OIG’s review found that the Centers for Medicare & Medicaid Services' (CMS) oversight and enforcement actions were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the Health Insurance Portability and Accountability Act of 1996 Security Rule. As a result, CMS had limited assurance that controls were in place and operating as intended to protect electronic protected health information (ePHI), thereby leaving ePHI vulnerable to attack and compromise. Both the Social Security Act and the Security Rule require a covered entity, defined as a health plan, health care clearinghouse, or health care provider that transmits any health information in electronic form, to:
The OIG’s audits of 7 hospitals throughout the Nation identified 151 vulnerabilities in the systems and controls intended to protect ePHI, of which 124 were categorized as high impact. These vulnerabilities placed the confidentiality, integrity, and availability of ePHI at risk. Outsiders or employees at some hospitals could have accessed, and at one hospital did access, systems and beneficiaries' personal data and performed unauthorized acts without the hospitals' knowledge. The OIG recommends that the Department's Office for Civil Rights (OCR) continue the compliance review process that CMS began in 2009 and implement procedures for conducting compliance reviews to ensure that Security Rule controls are in place and operating as intended to protect ePHI at covered entities. OCR did not comment on the OIG’s specific findings and stated that it had considered the OIG’s recommendations. OCR also noted that it maintains a process for initiating covered entity compliance reviews in the absence of complaints and that it had used this process to open compliance reviews as a result of the OIG’s hospital audits. Although OCR stated that it maintains a process for initiating covered entity compliance reviews in the absence of complaints, it provided no evidence that it had actually done so. >Click here to view the full report 12. Verification of Hillcrest Baptist Medical Center's Refund of Place-of-Service Overpayments for Calendar Years 2007 through 2009 The OIG determined that Hillcrest Baptist Medical Center (the Hospital) submitted claims with overpayments totaling $122,000 for physician services for calendar years 2007 through 2009. The Hospital, billing on behalf of its physicians, incorrectly coded these claims by using non-facility place-of-service codes for services that actually were performed in one of the Hospital's outpatient facilities. >Click here to view the full report 13. Review of Medicare Payments to Prescription Drug Plans on Behalf of Deceased Enrollees The OIG’s review found that the Centers for Medicare & Medicaid Services (CMS) made approximately $3.61 million of unallowable payments on behalf of deceased Medicare enrollees to prescription drug plan sponsors for coverage periods after the enrollees' months of death. CMS made improper payments for 1,500 of the 2.7 million deceased enrollees (far less than 1 percent of the enrollees who died). As of January 31, 2010, $3.61 million in improper payments remained uncollected. CMS's systems categorized these enrollees as alive or as having different dates of death than those listed in the Social Security Administration's death master file. Although CMS had correctly stopped payments for the vast majority of deceased enrollees, its systems did not always identify and prevent the improper payments. In addition, CMS did not always recover payments made on behalf of deceased enrollees on a timely basis. The OIG recommends that CMS:
CMS concurred with the OIG’s recommendations but said that it believed it had recovered the $3.6 million in payments made for deceased Medicare enrollees. Nothing in CMS's comments caused us to change the OIG’s findings or recommendations. As of January 2010, CMS had not recouped the payments. >Click here to view the full report 14. Review of Select Medicare Conditions of Participation and Costs Claimed at Richards Memorial Hospital from October 1, 2004, through September 30, 2007 The OIG’s review found that Richards Memorial Hospital (the hospital) was noncompliant with a Medicare Condition of Participation (CoP), reported unallowable costs in its Medicare cost reports, and did not properly disclose related-party rental costs. Contrary to Federal regulations, the hospital did not comply with a Medicare CoP because it did not maintain current and active network agreements with other hospitals during the OIG’s audit period. The hospital also reported approximately $1 million of unallowable costs in its FYs 2005, 2006, and 2007 Medicare cost reports. Specifically, the hospital reported $804,000 in unsupported costs, $198,000 in un-allocable costs, and $58,000 in costs unrelated to patient care. Additionally, the hospital did not properly disclose $213,000 in related-party rental costs in its Medicare cost reports. The OIG recommends that the hospital:
In written comments on the OIG’s draft report, the hospital disagreed with the OIG’s first recommendation, did not specifically address the second recommendation, and concurred with third recommendation. >Click here to view the full report 15. Two Miami-Area Corporations Plead Guilty to More than $200 Million Medicare Fraud Two Miami-area corporations, American Therapeutic Corporation (ATC) and Medlink Professional Management Group Inc., pleaded guilty today in U.S. District Court in Miami for a fraud scheme that resulted in the submission of more than $200 million in fraudulent claims to Medicare, the Departments of Justice and Health and Human Services (HHS) announced. According to court documents, ATC is a Florida corporation headquartered in Miami that operated purported partial hospitalization programs (PHPs) in seven different locations throughout South Florida and Orlando, Fla. A PHP is a form of intensive treatment for severe mental illness. Medlink is a Florida corporation headquartered in Miami that purported to act as a “management company” for health care businesses. In reality, ATC and a related company, the American Sleep Institute (ASI), were Medlink’s only clients. ATC and Medlink are each charged with conspiracy to commit health care fraud in a superseding indictment unsealed on Feb. 15, 2011. ATC is also charged in the superseding indictment with health care fraud and conspiracy to defraud the United States and to pay and receive illegal health care kickbacks. |
Useful Links
|
