Whose Tax ID Number Should be Used to Bill for Services Under the Stark Personal Services Exception?

Can a physician group continue to bill under its tax identification number if it is providing patient services to hospital patients under a personal services arrangement with a hospital? According to CMS, the answer is yes. The services do not have to be billed under the hospital’s tax identification number.
CMS expressed the opinion that it did not matter which entity did the billing. Under the revised definition of entity, the arrangement must satisfy the personal services exception regardless of whether the group continues to do the billing under its tax identification number or whether it bills for the services on behalf of the hospital under the hospital’s tax identification number. The billing tax identification number is not relevant to whether the elements of the Stark personal services exception are met.

CMS noted, however, that if the group did the billing under its tax identification number and the proceeds were deposited into a lock box account, the group must control the lock box account. If the group does the billing on behalf of the hospital under the hospital’s tax id number, then the lock box can be controlled by the hospital.

OMIG Webinar on Effective Compliance Programs

The New York State Office of the Medicaid Inspector General (“OMIG”) held a recent Webinar on Evaluating the Effectiveness of Compliance Programs.

New York was the first state to require providers to have a compliance program. The requirement applies to hospitals, nursing homes, clinics, ambulatory surgery centers, home care providers, mental health facilities and facilities for people with mental disabilities that participate in the Medicaid program. It also applies to those providers for which the Medicaid program “constitutes a substantial portion of their business operations,” which OMIG has defined as ordering, providing, billing or claiming $500,000 or more from Medicaid in any consecutive 12-month period. The $500,000 threshold applies if a provider receives the reimbursement directly or indirectly (i.e., Medicaid managed care) from Medicaid funds. There are administrative penalties for failing to meet this requirement, including exclusion from the Medicaid program.

Beginning December 31, 2009, these providers were also required to certify to OMIG that they have an “effective compliance program.” OMIG reported that of the 60,000 Medicaid providers, 12,000 are required to certify that they have an effective compliance program. As of April 1, 2010, only 50% of those providers had provided the required certification. OMIG is contacting those who have not done so. Most who were contacted were unaware of the certification requirement or confused it with the Deficit Reduction Act of 2005 requirement to provide training on the False Claims Act to employees and vendors.
OMIG has redesigned the certification form for 2010 to address this confusion. The new form will be available on December 1, 2010 on the OMIG website.

OMIG’s next priority is to audit whether the certification is accurate. Does the provider really have an effective compliance program? The new form advises providers NOT to submit the certification if they do not have an effective compliance program.

According to OMIG, an effective compliance program will meet the following standards:
• The organization exercises due diligence to prevent and detect inappropriate conduct.
• The organization promotes a culture that encourages ethical conduct and is committed to compliance with the law.
• The compliance program is reasonably designed, implemented and enforced so that the program is generally effective in preventing and detecting improper conduct – the failure to detect a specific offense does not mean this standard is not met.

Beginning next year, OMIG will be measuring the effectiveness of a provider’s compliance programs. What are the metrics that they will use to gauge effectiveness?
1. The provider’s certification history. Has the provider submitted the required certification that it has an effective compliance program in 2009 and 2010?
2. The provider’s audit and investigation history. What has OMIG found when it audited the provider? Has the provider been the subject of an investigation or complaint? How often has the provider been the subject of a Division of Medicaid Investigation audit?
3. The provider’s self-disclosure and self-reporting history. In this regard, more is better. Those providers who have never made a self-disclosure are not detecting inappropriate conduct.
4. The provider’s billing error rate and its ability to detect obvious billing errors, such as billing for services provided after the patient’s date of death or ordered by an excluded person.
5. The provider’s refund and void history, and whether there are any reports of issues associated with rebates and net acquisition cost.
6. Whether the provider is an outlier on the card swipe program for determining a beneficiary’s Medicaid eligibility. OMIG expects providers to achieve card swipe compliance of 85 percent, monitored through post-payment audits of a provider’s claims.
7. Whether the provider accepts orders for automatic refills of supplies and other items.
8. The provider’s performance on quality of care assessments, such as Medicare’s Hospital and Nursing Home Compare Reports and Program for Evaluating Payment Patterns Electronic Report.
9. Whether the provider uses unlicensed or unqualified providers to provide services. For example, is the provider billing for the services provided by a certified alcohol and substance abuse counselor when the services are not billable unless provided by a certified social worker.
10. Whether the provider bills for medically unnecessary services or so-called “Never Events”.
11. Is the provider subject to a corporate integrity agreement or corporate compliance assessment? What is the status of its compliance with these requirements? What does the independent review organization report about the provider?
12. Is the provider the subject of any other regulatory action, such as by the Department of Health, Office of Mental Health, or Medicaid Fraud Control Unit, or a special investigation unit review by a Medicaid managed care program?
13. Does the provider do self-assessments? OMIG has provided a self-assessment tool that providers can use to do the self-assessment.

Tuomey Healthcare System

I have written previously about the Stark compliance dilemma. The potential liabilities under the law are significant and, if pursued, could easily bankrupt a hospital. Many in the healthcare community, if they are aware of the problem, are skeptical. They tend to believe that the government would never seek to bankrupt a hospital just because it violated the Stark law. The Board of Tuomey Healthcare System in Sumter, South Carolina begs to differ.

In response to the opening of a competing ambulatory surgery center, Tuomey (through subsidiaries) entered into part-time employment agreements with 17 surgeons for a 10-year term. The physicians were hired through a wholly owned LLC. The agreements required the surgeons to exclusively perform outpatient surgery at the hospital’s surgery center. The amounts paid to the physicians under the agreements were determined to be fair market value by a compensation consultant and Tuomey obtained two legal opinions that the agreements did not violate the Stark law.

One of the physicians in the community who was offered the deal filed a qui tam lawsuit claiming that the agreements violate the Stark law and the False Claims Act. The federal government intervened in the suit.The Tuomey Board of Trustees has alleged that this physician was disgruntled because he wanted more money than what the consultant had opined was fair market value.

The government alleged that the agreements did not meet the Stark exception for bona fide employment arrangements because the physician’s compensation was determined in a manner that took into account the volume or value of referrals and the arrangements were not commercially reasonable absent the referrals. Specifically, the physicians were offered employment in response to competition and were paid bonuses without regard to their productivity and received full-time employee benefits (health insurance, malpractice, CME, and cell phone) even though they were only part-time employees. The government challenged the determination of the consultant that the compensation was fair market value and criticized the form of the opinion.

The hospital and government did not settle the case and it went to trial. The government sought damages of over $300 million. After a month-long trial, the jury found that Tuomey violated the Stark law but not the False Claims Act. The judge awarded the government $44 million for the Stark violation. If the case were brought today, the government would be able to prove a violation of the False Claims Act once it proved the Stark violation and the failure to repay the payments Tuomey had received in violation of the Stark law.

Tuomey has appealed the verdict. The court has ordered a new trial on the False Claims Act liability and the government is expected to again seek $300 million in damages for violation of the False Claims Act. It will be interesting to see whether Tuomey decides to settle the case and, if so, how much it will have to pay to do so.

Sheehan’s Top Ten Implications for Medicaid Program Integrity

I attended the Fall Meeting of the New York State Bar Association’s Health Law Section on Saturday, October 23, 2010. The program was entitled Health Care Reform: Understanding the Implications. It was an informative program and a good opportunity to network with members of the New York State Health Care bar.

Jim Sheehan, the New York State Medicaid Inspector General, was one of the presenters. He gave his top 10 implications for New York State Medicaid Program Integrity:

10. OIG Fiscal Year 2010-11 Workplan. The workplan has a number of items that focus on New York health care providers. Mr. Sheehan noted that OIG equated meeting the conditions of participation with qualifying for Medicare payment in some of its descriptions of workplan items, which OMIG has been criticized for doing in its audits.

9. New York State’s health care reform implementation website. Mr. Sheehan and other presenters encouraged everyone to visit this site to learn about New York’s efforts to implement federal health care reform.

8. Prescriptions for Oxycodone. Medicaid pays for this drug, which is at the center of a health care crisis. Too many people are dying from an overdose, and the street value of the drug is incentivizing unscrupulous beneficiaries, physicians and pharmacies to commit fraud to make a quick buck.

7. PPACA Sunshine Act Provisions. Drug, medical device, biological, and medical device companies have to report direct payments over $10 to physicians and teaching hospitals beginning March 31, 2013. This information will be made available to the public. Some drug companies have been making this information available already under the terms of their corporate integrity agreements.

6. Media Focus on Physician Payments from Drug Companies. Organizations like Pro Publica will be publicizing this information and using media outlets to inform the members of the public. Doctors should be ready for questions from their patients.

5. Medicaid RACs. CMS is rolling out the rules for Medicaid recovery audit contractors this fall. OMIG hopes to have a contract in place early next year. As Mr. Sheehan noted, adding yet another auditor to the mix is overkill at this point.

4. The most expensive piece of medical equipment is a doctor’s pen. CMS has issued regulations (42 CFR § 424.516(f)) that requires physicians to keep orders for certain services (home health, DME, prosthetics and orthotics) for seven years. The medical records must document the required face-to-face encounter for home care certifications and DME.

3. Credentialing and Exclusion. PPACA requires states to deny or terminate enrollment of any provider or supplier who has been terminated by another state’s Medicaid program or Medicare. Mr. Sheehan noted the use of the word “terminated” rather than “excluded,” and questioned whether they mean the same thing. In New York, OMIG can terminate a provider without cause and without any due process.

2 and 1. Retention of Ovepayment = False Claim. PPACA obligates a provider to report and return any overpayments to CMS, the State, the fiscal intermediary or carrier within 60 days after the date the overpayment is identified or the date of any corresponding cost report. The failure to return an overpayment within the required 60 day period is defined as a false claim.

Mr. Sheehan made a distinction between two different types of overpayment situations at a nursing home. In one case, the nursing home discovers that it billed for services after the beneficiary had passed away (must return payment within 60 days of discovery). In the other case, the nursing home has advised the state that its rate was overstated in a prior year, but the state had not made the necessary adjustment. In that case, the obligation to return the overpayment is either satisfied by the report to the State or has not arisen yet because there has not been a reconciliation of the applicable cost report.

Mr. Sheehan has announced previously that OMIG will not enforce the 60-day repayment obligation until January 1, 2011. He expects a submission under OMIG’s self-disclosure protocol to toll the 60-day period. He isn’t sure yet whether OMIG will have the discretion to compromise any portion of the obligation to repay the overpayment or even work out a repayment plan with the provider.

CMS Self-Referral Disclosure Protocol

CMS issued its Self-Referral Disclosure Protocol on September 24, 2010. CMS mandated that CMS establish the SDRP when it passed the Affordable Care Act in March 2010. The purpose of the SRDP is to provide a process for health care providers to self-disclose potential and actual violations of the federal Stark law. Although CMS was given the authority to compromise the amounts owed due to a violation of the Stark law, it declined to directly exercise that authority in the SRDP. This significantly undercuts the utility of the SRDP to providers.

The Stark Compliance Dilemma

To establish a violation of the Stark law, the government needs to show:
• A financial relationship exists between a physician or a physician’s immediate family member and an entity that provides designated health services;
• The financial relationship does not fit within any of the Stark exceptions;
• The physician has referred a Medicare beneficiary to the entity for a designated health service; and
• The entity has billed Medicare for that service.

Unlike the Anti-kickback Statute, which requires some proof of intent to violate the statute, the Stark law is a strict liability statute and does not require any proof of intent.

The penalties for violating Stark include a civil monetary penalty of up to $15,000 per claim and possible exclusion from the Medicare and Medicaid programs. In addition, the entity has an obligation to refund any amounts paid by Medicare or the beneficiary.

The failure to refund any amounts paid can also constitute a violation of the federal False Claims Act, which was amended in 2009 to extend liability to knowingly and improperly avoiding an obligation to repay a known overpayment. The penalties for violating the False Claims Act are a civil penalty of up to $11,000 plus 3 times the amount of the damages.

Thus, a violation of the Stark statute, which has its own high penalties, can now lead to even further penalties under the False Claims Act. It also subjects the organization to qui tam suits by private plaintiffs attempting to collect the amounts owed under the statutes on behalf of the government. A number of plaintiff’s firms are actively soliciting qui tam plaintiffs who have knowledge of Anti-Kickback and Stark violations.

The amount of the potential pentalties under the Stark statute, particularly when combined with the penalties under the False Claims Act, are astronomical and often disproportionate to the harm caused by a violation. This disproportionality was noted by the American Health Lawyers Association, Public Interest Committee in its Stark white paper issued in August 2009:

Given the structure of the Law, innocent or highly technical violations can result in ruinous liability. For example, an administrator’s oversight in securing a physician’s signature can trigger the referral pohibition. The unlucky hospital is consequently prohibited from billing Medicare for all services ordered by that physician and if bills have been submitted, any amounts collected from the Medicare program are subject to recoupment. If the omission is not discovered for months or years, the hospital’s recoupment exposure mounts with each patient admitted and serivce ordered by the physician.

Compromising Stark Violations

Although Congress gave CMS the authority to reduce the amount due and owing for Stark violations, CMS chose not to directly exercise this authority in the SRDP. CMS is requiring a disclosing party to estimate the total amount of Medicare claims that were submitted in violation of the Stark law. The SRDP lists the factors that CMS will consider in reducing that amount:
1. The nature and extent of the improper or illegal practice;
2. The timeliness of the disclosure;
3. The cooperation in providing additional information related to the disclosure;
4. The litigation risk associated with the matter disclosed; and
5. The financial position of the disclosing party.

This approach provides cold comfort to a disclosing party. Even if CMS agrees to reduce the amount to 1% of the unlawful Medicare claims that were submitted, 1% of a big number is still a big number. Disclosing parties also have no way of estimating what the percentage reduction will be before they make the submission. This uncertainity will make it difficult for CFOs and auditing firms to account for the potential liability in year-end financial statements.

CMS has also reminded providers that they have an obligation to refund any amount owed to the Medicare beneficiaries who were the subject of the claims. It is not clear that CMS believes it has the ability to compromise these refund obligations. The SRDP states that any amounts collected must be refunded. Even if the amount of such refunds were reduced by the same percentage as the Medicare claims, there is a significant administrative burden associated with finding the current addresses for these patients, cutting the checks and tracking that the checks have been cashed. Any uncashed checks would need to be paid over to the State’s abandoned property department.

CMS could have addressed the disproportionality problem directly by establishing a schedule showing what the penalty would be for different types of so-called technical violations, such as allowing an existing agreement to lapse or failing to have a signed agreement in place prior to making any payments. This would have provided some certainty to providers on how much they would owe if they used the SRDP to report such violations. CMS’s unwillingness to do so has greatly diminished the utility to providers of using the SRDP to achieve Stark compliance and avoid a potential qui tam claim.