Regulatory Compliance

Regulatory & Compliance Issues and PitfallsPresented For CPA Leadership InstituteThomas P. McGuinness, CPA, CVAReimer, McGuinness & Associates, PCAugust 27 , 20131

We are from the Government and were Here to Help?-- Ronald Reagan2Famous QuoteIf you put the federal government in charge of the Sahara Desert, in five years thered be a shortage of sand.--Milton Friedman3The 1990s, Managed Care and the Criminalization of MedicineMedical costs were increasing at rates higher than the average percentage growth of the economyThe American consumer wanted million dollar healthcare at low premiumsGovernment payments for healthcare (via Medicare and Medicaid) were increasing annually as a % of GNP and Congress was worriedInsurance companies were paying out ever increasing amounts for healthcare insurance claims and their profitability is down

4Criminalization of Medicine, contdPhysicians and Hospitals were receiving the bulk of these paymentsPhysicians controlled medical spending through written orders; their businesses were highly disjointed and known as a cottage industryClinton Administration survey results concluded, Physicians shouldnt make more than $100K per yearSomething had to give

5There is No NirvanaThere were and are abuses in the healthcare industryRather than create screens to identify and prosecute those that abused the rules, Congress created a massive series of legislation to REGULATE medicine1970s=Oil: 1980s=Thrifts: 1990s=MedicineDoes this sound familiar Enron, WorldCom, Global Crossing, Anderson and the Accounting Profession: 2000s=Accounting ProfessionWhat about the 2010s Wall Street 6If Your Gonna Play their GameIf you are a hospital, physician, manager or consultant you better know the RulesIgnorance is not bliss intent, in most cases doesnt matterCivil money penaltiesCriminal penaltiesPrisonAll of the above7Major Legislation Affecting Physicians and HospitalsMedicare Fraud and AbuseEMTALACLIAStark IStark IIHIPAAStark IIIHi-Tech Act of 2009Individual State LegislationPPACA and The Affordable Care Act (OBAMACARE)

8Medicare Fraud and AbuseA large set of regulations promulgated by the Office of the Inspector General of HHSThe object of these regulations is to regulate physicians and hospitals from engaging in activities that over bill or fraudulently bill CMS for services including self-referralsPrivate inurement activities in the tax exempt entity arena9Fraud and Abuse, contdThe main tools of CMS is the post payment auditThe False Claims ActAny person convicted under this statuteThree times the amount of any overpayment, plusMandatory penalties between $5,000 and $10,000 for each false claim submitted (each line of a HCFA/CMS 1500 Form)A typical tactic of the OIG is a combined civil and criminal investigation to crush subjects into submission (large fines and the threat of prison for physicians, administrators and corporate executives)

10

11

12Fraud and Abuse, contdHCA Hialeah Hospital, FloridaConvicted of overbilling Medicare for $7 million out of $394 million in billingHermann Hospital Consent OrderIn 1994 pays IRS $993,500 to keep from losing its tax exempt status (amount of fine was equal to the amount of tax had Hermann not been a tax exempt entity) 13Emergency Medical Treatment and Active Labor Act of 1986 (EMTALA)Enacted to mandate that hospitals treat patients presenting for treatment regardless of their ability to pay Also known as the Patient Anti-Dumping Act of 1986To assure that emergency departments treated and stabilized patients rather than refusing treatment, transferring or discharging them before the patient was stabilized14EMTALA, contdPenalties for non compliance:$2,000 for each wrongful act occurring before January 1, 1997$10,000 for each wrongful act occurring after January 1, 1997OIG may impose up to $15,000 for each person making a false statementOIG may impose up to $100,000 for each arrangement or scheme subject to investigationOther penalties

15Clinical Lab Improvement Act (CLIA)CLIA was enacted in 1988 in an attempt to elevate the standards of laboratory testingEnacted in response to outcry re: deaths ascribed to false negative pap smearsCongress decided to regulate every lab test in the US, including those in physician officesThese false readings ironically ended up coming from federal labs and no problems came from UAs16CLIA, contdResult of federal regulation the cost of a pap smear in NY state had over tripled by 1992Cost of compliance with CLIA is between $1,800 and $9,000 per practice depending on testing performed (waivered v. full lab) Reduced number of labs in total and in-office laboratories in physician officesReduction in competition in the lab industry17CLIA, contdThere are certain lab tests that are in a physicians office (waivered tests) without having to comply with the totality of CLIA regulations, but waivered labs still need to comply, register and be subject to inspectionStrep, UA, Glucose tolerance, pregnancy and rapid fluCLIA regulations are included in 242 pagesMost Federal labs are exempt from CLIA including the VA, public health laboratories, forensic, research and teaching laboratories18CLIA, contdPenaltiesOne year in prisonCivil money penalties of $10,000 per dayExclusion from federal programs Infractions notedIn 2002 there were 132 labs sanctioned*Out of 177,617 registered labs* - .00074%!

Source: Association of American Physicians and Surgeons, Inc.19Stark IA part of the Omnibus Budget Reconciliation Act of 1989 (OBRA 1989). Became effective in 1992 to regulate physician self-referral for Medicare and Medicaid patients to entities where physicians had a financial interest (direct or indirect) ownership This initial legislation covered only a limited number of clinical laboratory services, but set the stage for the rest of the Stark law

20Stark I, contdCivil Penalties for noncompliance:Civil money penalty for each item or service (each line of HCFA 1500 Form) of $10,000Civil money penalties of $15,000 for each individual for which a false claim was made$10,000 for each day a prohibited relationship continues$50,000 for each such act

21Stark I, contdCriminal penalties for noncompliance:Each count of a felony conviction up to $25,000 Up to five years imprisonmentOr bothEach count of a misdemeanor conviction up to $10,000 Up to one year imprisonmentOr both22Stark IIEnacted as Part of the Omnibus Budget Reconciliation Act of 1993 (OBRA 1993)Became effective January 1, 1995 to expand the initial legislation by identifying eleven specified services, called Designated Health Services Clinical laboratory services (80000 series CPT codes)Physical therapy services (97000 series and some HCPCS level 2 codes)Occupational therapy services (same codes as PT)23Stark II, contdRadiology services, including MRI, CAT scans and ultrasound services (but not nuclear medicine)Radiation therapy services and supplies (some 70000 series codes, but not nuclear medicine) Durable medical equipment and suppliesParenteral and enteral nutrients, equipment and suppliesProsthetics, orthotics and prosthetic devices and suppliesHome health servicesOutpatient prescription drugsInpatient and outpatient hospital supplies

24Stark II, contdSpecified that a physician could not refer (request or order) tests or services for Medicare or Medicaid patients where the physician (or immediate family member) has a financial relationshipCreated the incident to definition services performed by ancillary employees or other group practice doctors under the supervision of a qualified Medicare provider25Stark II, contdGroup practice exception regulation discusses what constitutes a group practiceUnprecedented regulation of the structure and internal workings of physician groupsSingle legal entityTwo physician testSubstantially all services testDistribution of income and expensesUnified business testCompensation testPatient encounter testIn office ancillary exception law permits doctors to offer DHS that supplement routine patient care in the same building where the physician otherwise provides services

26Stark II, contdCaused a massive dump of ownership interests in MRI and CT centers across U.S. and created such a glut in those markets that many investors lost most of their investment due to the oversupply of centers for sale on the market.Created scenarios where collaborative efforts to efficiently use assets became illegal activities overnight.Dictated how physicians can set compensation how they split their own ancillary revenue pie! Name another business where this occurs 27Stark II, contdPenalties for noncomplianceUp to $15,000 for each service plus twice the reimbursement claimedExclusion from Medicare and Medicaid programs28Health Insurance Portability and Accountability Act of 1996 (HIPAA)Enacted to allow employee insurance to move with employees when they change jobsEnacted during the time when Congress was addressing Universal Health Insurance coverage for All AmericansOther stated remedies within the Act were provisions to combat fraud and abuse in health insurance and health care delivery and for the confidentiality and security of patient data 29HIPAA, contdEmbedded in the Act were provisions for the privacy and security of patient dataPrivacy rulePublished December 28, 2000Major goal was to assure that individuals health information is properly protected while allowing the flow of health information and promote high quality health careThe Rule applied to health plans, health clearinghouses and to any health care provider who transmits health information in electronic form Business Associate contracts for contractors

For entire Rule: http://www.hhs.gov/ocr/hipaa30HIPAA - RealityThe origin of HIPAA healthcare provisionsPrinters Full Employment ActCost to physicians and hospitals approximately $10 billion in basic compliance costsCreated a whole new set of experts HIPAA consultants31HIPAA, contdSecurity Ruletook effect in 2005Rule applies to electronic protected health information (EPHI), which is individually identifiable health information in electronic formElectronic safeguardsPhysical safeguardsTechnical safeguards

32HIPAA, contdEight Keys to consider in complying with the Security RuleObtain and maintain senior mgmt supportDevelop and implement security policiesConduct and maintain inventory of EPHIBe aware of political and cultural issues raised by HIPAAConduct regular and detailed risk analysisDetermine what is appropriate and reasonableDocumentationPrepare for ongoing compliance

33HIPAA EnforcementPenalties for noncomplianceCivil penalties are $100 per failure to comply with a Privacy Rule requirement and cannot exceed $25,000 per year for multiple violations of the identical RuleCriminal penalty is $50,000 and up to one year in prison for false pretenses and up to $250,000 and ten years imprisonment for sale or transfer for personal gain or malicious harm (i.e. Britney Spears & Farrah Fawcett unauthorized medical record access at California hospital) Doctor fined $7,500 for document filed in wrong patients chartHas anyone been exposed to an actual HIPAA violation?

34HIPAA ViolationA person calls a patient the night before a life threatening surgery and tells the patient that he should not have the described surgery with the named surgeon. Rather, he should revisit his named family physician and obtain names of other much more skilled surgeons than the named surgeon.

35Stark II, Phase III (Stark III)CMS Published final rulemaking on September 5, 2007Becomes effective December 4, 2007*Does not further restrict permitted financial relationships with and interests held by physiciansRevises definition of incident to services to clarify that it includes both services and supplies that meet the incident to requirements

*The stand in the shoes provision was revisited and delayed until 12/4/08 the application to academic medical centers and integrated not for profit organizations 36Stark III, contdValidated that a physician in a group practice may receive a productivity bonus for supplies (including drugs), assuming they properly qualify and are billed on an incident to basisExpressly states that diagnostic tests cannot qualify as incident to servicesTherefore, x-ray, laboratory tests and other diagnostic tests may not be billed as incident to services. Specify that productivity bonuses can be based directly on services incident to the physicians personally performed services even if those services are otherwise DHS referrals.

37Stark III, contdThis is a critical clarification as it relates to physician compensation in group practices and especially where productivity bonuses are concerned. Eliminates the Safe Harbor Method of Establishing Fair Market Value of personal services (based upon use of Surveys)Permits medical group to impose non-competes to protect its asset (disallowed in Stark II) Removes office space rentals from the FMV exception because CMS felt office space leases have been subject to abuse

38Stark III, contdCMS appeared to also exclude the per unit of service or per click rental payments. This would have the effect of up-ending many legitimate arrangements entered to do businessa later clarification allowed this arrangement to continue in certain circumstancesDoes allow physician retention payments in certain circumstances (underserved areas, etc.)

39Stark III updated penaltiesDenial of payment for a service that is the subject of a violationRefund of payment via recoupment$15,000 per service, civil money penalty$100,000 civil money penalty for each arrangement considered to be a circumvention scheme40HITECH Act of 2009Provides new data breach rulesTo the affected patientTo the media if the breach is bigTo HHSDe-identified and secured (encrypted) data breaches need not be reportedIf PHI has been compromised, reporting is requiredHide Rule allows for a patient who pays in full, out of pocket for a service to request provider NOT to disclose information to patients insurer

41HITECH Act, contdWe, as consultants are required to fully comply with the HIPAA Security Rule if we receive PHI.We, as consultants are required to perform a risk assessment of PHI Security and have a compliance plan and procedures in place.42State attorneys general can pursue HIPAA violations, not just HHS OIGIndividual victims of HIPAA violations may participate in recovery of penalty fundsIncreases high end of penalties to $1.5 million HiTech Act--Enforcement43Individual State LegislationAs a participant/consultant in this field you will need to be familiar with the regulations in the State(s) in which you perform servicesFind one or more good healthcare attorneys in your areaUse these attorneys as sources for Federal and State regulations and as resources for yourself and clients Review State Dept. of Insurance enforcement criteriaReview State OIG healthcare statutesAgain Ignorance IS NOT Bliss its malpractice at a minimum

44OBAMACAREThe Patient Protection and Affordable Care Act was signed into law by President Obama on March 23, 2010The law was challenged in Federal Court as being unconstitutional under the Commerce ClauseThere are currently waivers that have been allowed for Employers such as McDonalds, large insurers such as Aetna and Cigna and 185 union plans covering approximately 1 million employees. There is also waiver for certain religious groups that believe insurance is gambling (Muslims and Quakers to name a few)

45OBAMACARE, ContdOnly time will tell whether this Law will be allowed to proceed and a class on this Law by itself would take more time than available within this session. Congress is currently and quietly trying to exempt itself from the law you can make your own conclusionsHealthcare reform is needed however the mechanism to provide such reform is still the subject of intense debateThere are no easy answers but there are severe penalties for providers that do not play well with the Government

46ConclusionObtain copies of the rules we work with Read and understand the rules as best you canDont get too cute you can go to jail too!Enlist the assistance of one or more qualified health care attorneys and dont be afraid to utilize themPray that the HHS Boogie Man stays away!!Good Luck to each of you!!!

47