Category Archives: In the Know

Health care law encompasses a wide range of issues. Learn more about regulations, legislation and general information involving health care providers and professionals (physicians, nurses, pharmacists, therapists, mental health counselors, rehab facilities, nursing homes, DME suppliers, medical students and interns, pain management clinics, hospital administrators, etc.) including information regarding the Department of Health, professional boards (Board of Nursing, Board of Pharmacy, Board of Dentistry, Board of Medicine, etc.), DEA, AHCA (Florida Agency for Health Care Administration) and Medicare and Medicaid.

Don’t Ring in the New Year with a HIPAA Audit – Safeguard Yourself Now

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Here’s a scary reminder: There are people attempting to hack into electronic health systems every second of every day. Thankfully, most of these attempts are unsuccessful due to the preventive technologies in place to safeguard such information. However, electronic data will never be 100 percent secure.

Electronic health records promised was intended to be a tool for doctors to share patient data, reduce prescription drug errors, and allow patients convenient access to their records. However, since the transition to digital medical records, there have been concerns from patients about privacy, security and identity theft.

Recently, the Office for Civil Rights (OCR) announced that the agency will ramp up its Health Insurance Portability and Accountability Act (HIPAA) privacy and security audit program in 2015 for covered entities and business associates. These audits will focus on device encryptions, media controls, data transmission security protocols, and staff training on HIPAA policies and procedures.

Now is the time to ensure compliance.

Real World Privacy Breaches Happen All the Time.

On December 2, 2014, OCR and Anchorage Community Mental Health Services, Inc. (ACMHS), settled alleged violations of the HIPAA Security Rule. OCR started an investigation into ACMHS’s compliance with HIPAA after receiving a notification about a breach of unsecured electronic patient information affecting 2,743 individuals. The breach resulted from malware that compromised ACMHS’s information technology resources. According to the settlement, ACMHS must pay a $150,000 fine and enter into a resolution agreement and corrective action plan (CAP).

In November 2014, Beth Israel Deaconess Medical Center in Massachusetts agreed to a $100,000 settlement after a physician’s laptop was stolen from the hospital. The computer was not issued by the hospital and had not been encrypted in accordance with the hospital’s policies. However, the hospital was aware that the physician used the device. The laptop contained the health information and personal information, including Social Security numbers, of nearly 4,000 individuals. It’s alleged the hospital took three months to notify affected patients about the breach, which is a violation of HIPAA. (HIPAA requires such notifications to take place within 60 days.)

Tips to Protect Yourself and Your Business.

Again, the HIPAA audit program will be resuming after the first of the year. Accordingly, hundreds of covered entities and business associates will be receiving inquiries that could lead to an onsite audit. The audit requirements will be very difficult for organizations that have not planned in advance. Here are three easy-to-implement steps to prepare your practice.

1. Review the latest HIPAA policies and procedures. Make sure your office is meeting the latest privacy and security criteria. Identify gaps, update documents, and retrain staff on HIPAA policies and procedures. Don’t forget to document your educational efforts. Click here for a link to the latest policies and procedures.

2. Contact your business associates. Ask each of them to provide your practice with an updated Business Associate Agreement and list of all subcontractors they use. For business associates, the 2015 HIPAA audits will focus on risk analysis, risk management and updated policies and procedures for breach notification.

3. Have a risk assessment performed on your practice. To learn more about risk assessments, click here for a previous blog.

Also, a violation of the HIPAA privacy and security provisions does carry civil and criminal penalties. Anyone who is a health care professional or facility, should be aware of these legal provisions. Click here to read my previous blog.

HIPAA is Not One Size Fits All.

Protecting patient data is not a one-size-fits-all method, meaning that security measures and access to electronic records should not necessarily be uniform. There needs to be processes and check points in place at practices to ensure that the electronic health record system and its many users consistently meet HIPAA policies and procedures. Health care practices must be vigilant that when they integrate other medical practices and facilities into their organization that they extend these measures to incorporate new employees, new sites and locations, and various technologies.

As demonstrated throughout this blog, the risks of non-compliance simply outweigh the costs of sound preparation. If you’d like more information, contact a health law attorney experienced in these matters.

Comments?

Are you worried about the next round of HIPAA audits? Are you concerned about HIPAA violations? How are you ensuring compliance within your practice? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Van Terheyden, Nick and Faix, Rob. “Digital Health Records: Pain and Gain.” Orlando Sentinel. (December 12, 2014). From: The Orlando Sentinel News Section on page A20.

“Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case.” iHealthBeat. (November 25, 2014). From: http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case?view=print

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Internal Medicine Specialists Should Be Aware of Impending Medicare Audits

6 Indest-2008-3Coming to a medical practice near you. . . It’s scary, it’s horrible, and it could cost you a lot of money!

It’s the dreaded Comprehensive Error Rate Testing (CERT) audit.

The Horror! The Horror!

First Coast Service Options, the Medicare contractor for Florida, announced a new prepayment audit program that will impact Internal Medicine Specialists. The prepayment program is focused on Initial and Subsequent Hospital Evaluation and Management Services, CPT Codes 99223 and 99233. The program is being launched due to the high CERT error rate associated with these codes.

The audits will start on October 21, 2014.

What is the CERT Program?

CMS created the CERT program to measure the paid claims error rate for Medicare claims submitted to Medicare administrative contractors, carriers, durable medical equipment regional carriers, and Medicare Administrative Contractors (MACs). CMS receives more than two billion claims annually. The CERT program randomly selects approximately 120,000 of these claims for review to determine whether the claims were properly paid.

Statistical samples are selected and the CERT documentation contractor (CDC) submits documentation requests to those providers who submitted affected claims. Once the requested documentation has been received, the information is forwarded to the CERT review contractor (CRC) for review. The CRC will review the claims and supporting documentation to measure compliance with Medicare coverage, coding and billing rules. Click here to read my previous blog on the CERT Program.

How Internal Medicine Specialists Can Avoid CERT Audits.

First Coast is only targeting Internal Medicine Specialists as their data analysis suggests the specialty is the primary contributor to an elevated CERT error rate. Errors are normally cause by insufficient documentation to justify the service.

Healthcare providers designated as Internal Medicine with First Coast Service Options need to pay special attention to this audit program and the documentation requirements for billing 99223 and 99233 codes. If you find yourself or your practice the target of a CERT audit, click here for tips on how to respond.

Our Thoughts on the CERT Program.

In working with the CERT Program, we have been pleasantly surprised when our personal phone calls to the CERT auditors have been answered and actual accurate information provided, as well as letters and documents we provided being promptly acknowledged. Like with any other audit, however, we urge those being audited to seek the advice of an experienced health law attorney who may be able to assist in heading off and avoiding a more serious investigation or a large repayment demand.

Comments?

Have you heard of CERT audits? Has your practice encountered a CERT audit? Please leave any thoughtful comments below.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Cyber Attack at Community Health Systems Affects 4.5 Million Patients-Could This be a New Trend?

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar  in Health Law

On August 18, 2014, Community Health Systems, a Tennessee-based hospital chain that has 206 hospitals in 29 states, announced that its computer system was hacked. According to a number of news reports, an outside group of hackers, originating in China, used highly sophisticated malware and technology to steal 4.5 million patients’ non-medical data. The hackers were able to obtain patients’ names, Social Security numbers, addresses, birth dates, and telephone numbers.

According to the Orlando Sentinel, in Florida, St. Cloud Surgical Associates, St. Cloud Medical Group, and Urology Associates of St. Cloud were among the practices where medical data was stolen. The article did not mention how many patients in Florida were affected. Click here to read the story from the Orlando Sentinel.

How Community Health Systems will Handle Being Hacked.

According to The New York Times, Community Health Systems believes the attacks happened from April to June 2014. The company will be notifying affected patients and agencies under the Health Insurance Portability and Accountability Act (HIPAA).

The hospital system is now working with a security company to investigate the incident and help prevent future attacks. Federal law enforcement agents are also investigating the incident. Click here to read the entire article from The New York Times.

Because this breach affected more than 500 individuals, it will soon be posted on the Office for Civil Rights (OCR) Department of Health and Human Services’ (HHS) Wall of Shame. The law requires that any breach involving 500 or more individuals be publicly posted. To learn more on the Wall of Shame, click here for my previous blog.

Protect Your Practice As Best You Can From Cyber Attacks.

Cyber hacking in the medical community appears to be a crime of opportunity. Quickly there are becoming two types of companies: those that have been hacked and those that will be hacked.

While there is no way to guarantee protection from extrusion and external sources, there are steps that can be taken. For medical practices, many of these are required as part of a HIPAA risk assessment. Some areas to focus on include:

-    Background checks;
–    Comprehensive policies and procedures;
–    Vigilance when it comes to monitoring and data-leakage prevention tools; and
–    Employee education.

Medical practices are going to become bigger targets as the health care industry transitions to electronic health records. In addition, the hacking community is figuring out it is easier to hack a hospital or private practice, than it is a bank and you get the same information. To learn more on HIPAA risk assessments, click here.

Comments?

How do you protect your medical practice from hackers? Do you have regular risk assessments? Why or why not? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Perlroth, Nicole. “Hack of Community Health Systems Affects 4.5 Million Patients.” The New York Times. (August 18, 2014). From: http://nyti.ms/1pFpujC

Kutscher, Beth. “Chinese Hackers Hit Community Health Systems; Other Vulnerable.” Modern Healthcare. (August 18, 2014). From: http://bit.ly/1BxsLqH

Jacobson, Susan. “St. Cloud Medical Patients’ Information Among Millions Stolen in Cyber Attack.” (August 18, 2014). From: http://www.orlandosentinel.com/business/os-hospital-data-breach-st-cloud-20140818,0,3157319.story

Rose, Rachel. “Protecting Your Medical Practices From Cyber Threats.” Physicians Practice. (July 17, 2014). From: http://www.physicianspractice.com/blog/protecting-your-medical-practice-cyberthreats

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

The RACs, They’re Back! The Return of Medicare Recovery Audits

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

All good things must come to an end. This includes the two-month hiatus from Recovery Audit Contractors (RACs) that healthcare professionals enjoyed. The Centers for Medicare and Medicaid Services (CMS) is restarting audits of Medicare fee-for-service claims on a limited basis. The program has been suspended since June 1, 2014, due to expired contracts.

CMS announced the return of RACs on August 4, 2014.

Click here to read the latest announcements on Medicare recovery audits from CMS.

From what we have heard, there were serious problems with some of the audits that had been conducted by the RACs and CMS desired to start over with a clean slate. Just saying!

What Does Limited Basis Mean?

According to CMS, current RACs will conduct a limited number of automated reviews and a small number of complex reviews on certain claims including, but not limited to:

- Spinal fusions;
– Outpatient therapy services;
– Durable medical equipment;
– Prosthetics;
– Orthotics; and
– Supplies and cosmetic procedures.

RACs will not conduct any inpatient hospital patient status reviews for now. In the past, short inpatient stays accounted for 91 percent of the money the program recovered for Medicare.

Controversial Program.

According to an article on HealthData Management, in February 2014, members of congress argued that parts of the RAC program are unfair and violate the way that the Medicare program was intended to operate by raising out-of-pocket costs for beneficiaries. To address this concern, CMS established a provider relations coordinator to increase program transparency. This was announced in June 2014, so it is too soon to determine if this position will help providers affected by the medical review process. Click here to read more from HealthData Management.

Healthcare providers have complained that they are fed up with Medicare recovery audits tying up crucial funds and physician time in endless appeals. Currently, appeals can take up to five years. There is also a two-year moratorium in place preventing new appeals from being filed. You may remember my previous blog on the enormous backlog of Medicare recovery audit appeals. Click here to read that post.

What Exactly is a RAC?

RACs are often referred to as “bounty hunters.” They are private companies contracted by CMS, used to identify Medicare overpayments and underpayments, and return Medicare overpayments to the Medicare Trust Fund. Since the program began in 2009, it has brought in more than $8 billion in allegedly fraudulent, wasteful and abusive payments to healthcare providers.

How to Prepare for a Medicare Recovery Audit.

There is no such thing as a routine Medicare audit. The fact is that there is some item you have claimed as a Medicare provider or the amount of claims Medicare has paid in a certain category that has caused you or your practice to be audited.

I previously wrote a blog highlighting some of the actions we recommend you take in responding to a Medicare audit. The most important step you should take is to consult an experienced health law attorney early in the audit process to assist in preparing the response. Click here to read more on how to respond to a Medicare audit.

We Told You RACs Would Be Back.

RACs apparently caught $3.7 billion in allegedly wasteful payments that Medicare made to healthcare providers in 2013, and was allegedly on pace to bring back $5 billion this year. That’s why the government was eager to get RACs back to work.

It is extremely common for state and federal regulators to enforce even the smallest violations, resulting in investigations, monetary fines and penalties. If found in violation, you will not only have to pay fines and face disciplinary action, you will also lose revenue because you will have to spend time dealing with the investigation, instead of practicing medicine. Whether you are trying to prevent Medicare and Medicaid audits, Zone Program Integrity Contractor (ZPIC) audits, or any other kind of healthcare audits, there are steps you can implement in your practice today that may save you down the line. Click here to read more on self audits.

Comments?

What do you think about the return of Medicare recovery audits? What are you thoughts on Recovery Audit Contractors? Please leave any thoughtful comments below.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Demko, Paul. “Controversial Medicare Recovery Audits Make Limited Return.” Modern Healthcare. (August 5, 2014). From: http://www.modernhealthcare.com/article/20140805/NEWS/308059962/controversial-medicare-recovery-audits-make-limited-return

Goedert, Joseph. “CMS Restarts Parts of the RAC Program.” HealthData Management. (August 5,2014). From: http://www.healthdatamanagement.com/news/CMS-Restarts-Parts-of-the-RAC-Program-48553-1.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Sexual Misconduct by Rogue Employees Can Cost Big Money: Your Responsibility as an Employer

2 Indest-2009-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Johns Hopkins Health System agreed to shell out $190 million to more than 7,000 women and girls, in one of the largest settlements ever in the United States involving sexual misconduct by a physician.

A gynecologist, practicing in a Baltimore-based Johns Hopkins Hospital, one of the nation’s most prestigious medical institutions, was accused of using a tiny camera to secretly take videos and pictures of his patients. The doctor worked at the hospital for 25 years, but was fired after admitting to the misconduct and surrendering his recording devices to authorities.

This is a chilling example of how employers can be held responsible for “rogue” employees clearly not working under the consent of the employer. In general, employers have a responsibility to properly supervise their employees’ actions. As in this case, failure to do so can cost millions.

Background of the Case.

According to the Wall Street Journal, a co-worker tipped off Johns Hopkins officials that the gynecologist was wearing a pen around his neck that looked like a camera. In February 2013, an investigation revealed that the gynecologist secretly used the device in question to photograph and videotape thousands of women and girls during pelvic exams. The investigation found that the doctor’s camera captured 1,200 videos and 140 images of his patients, that were then stored on his computer. The doctor was fired in February 2013, and committed suicide days later.

Click here to read the entire article from the Wall Street Journal.

“Rogue” Employee.

In this case, Johns Hopkins states that insurance will cover the entire $190 million settlement. The preliminary agreement is awaiting final approval from a judge. In a statement, Johns Hopkins’ attorney said that the hospital was unaware of the doctor’s conduct, and that he had become a “rogue” employee. The hospital sent out letters of apology to the gynecologist’s patient list, calling the incident a “breach of trust.”

Click here to read all of the statements from Johns Hopkins Medicine in regard to this incident.

Employer’s Responsibility.

The lawsuit against Johns Hopkins alleged that the hospital failed to properly supervise the doctor and should have known of his alleged misconduct.

This situation brings up an interesting point, even though the employee was acting on his own accord, the health system would still likely have been held liable if the case was not settled.

Employers are generally “vacariously liable” for their employees’ actions. The basic idea of vicarious liability or the doctrine of respondeat superior is that an employer is held responsible for the negligent acts of its employee that cause injuries to a third party, provided that such acts were committed during the course of and within the scope of the employment.

To establish that the employee’s conduct was within the scope of employment:

1. The conduct must have occurred substantially within the time and space limits authorized by the employment;
2. The employee must have been motivated, at least partially, by a purpose to serve the employer; and
3. The act must have been of a kind that the employee was hired to perform.

In certain circumstances, including the example of the gynecologist, an employer’s vicarious liability can extend to intentional or even criminal acts committed by the employee.

Vicarious liability is a powerful concept and, as evident by the Johns Hopkins case, can result in an employer being responsible for significant sums of money. Employers should institute policies which curb activities that could be injurious to others. The employer has a responsibility to monitor employees and immediately investigate any suspicious activity.

Despite the fact that Johns Hopkins acted quickly, the hospital system will still most likely be left holding a settlement sum of $190 million for actions of an employee.

Comments?

As an employer, how do you make sure your employees aren’t acting on their own or violating company policies and procedures? Please leave any thoughtful comments below.

Contact Health Attorneys Experienced in Health Law and Employment Law.

The Health Law Firm represents both employers and employees in the health care industry in defending allegations of sexual misconduct and other complaints from employees and patients. We represent employers in unemployment compensation hearings, in defending against EEOC (discrimination) complaints, and in defending litigation involving wage and hour disputes, as well as other types of contract or employment litigation. We also can investigate such allegations and attempt to negotiate settlements where warranted. Our attorneys represent individuals and institutions in litigation, civil or administrative, state or federal.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at http://www.TheHealthLawFirm.com.

Sources:

Linderman, Juliet. “Hopkins Pays $190M in Pelvis Exam Pix Settlement.” Associated Press. (July 22, 2014). From: http://apne.ws/UquXOI

Levitz, Jennifer. “Johns Hopkins Agrees to $190 Million Exam-Photos Settlement.” Wall Street Journal. (July 21, 2014). From: http://online.wsj.com/articles/johns-hopkins-hospital-agrees-to-190-million-exam-photos-settlement-1405961572

Johns Hopkins Hospital. “Statement from Johns Hopkins Medicine on the recent news surrounding Nikita Levy, M.D.” Hopkins Medicine. (July 21, 2014). From: http://www.hopkinsmedicine.org/news/Nikita_Levy.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Why Have You Received a Denial on Your Medicare Enrollment Application?

GFI Blog LabelBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law and Christopher E. Brown, J.D., The Health Law Firm

Did you receive a denial on your Medicare enrollment application and can’t figure out why? You may be surprised to find out that even the smallest punctuation error, such as a missing comma or period, could be the reason Medicare rejected your application.

The Centers for Medicare and Medicaid Services (CMS) will deny Medicare applications of physicians, medical groups, home health agencies (HHAs), pharmacies and durable medical equipment (DME) suppliers because the name on file with the National Plan & Provider Enumeration System (NPPES) is not the same legal business name as reported to the Internal Revenue Service (IRS). The use of punctuation marks and abbreviations in your name with NPPES could produce a no match in the CMS records. It is imperative when filling out the Medicare enrollment forms that you use the exact legal business name on file with the IRS.

The easiest way for a health care provider or facility to apply for enrollment or make changes to enrollment information is to use the internet-based Provider Enrollment Chain and Ownership System (PECOS). Click here to utilize PECOS.

Other Reasons Why a Medicare Enrollment Application can be Denied.

Here are some more situations that can cause a provider’s application to be denied:

1. The form CMS-855 or PECOS certification statement is unsigned; is undated; contains a copied or stamped signature; or for the paper form CMS-855I and form CMS-855O submissions, someone other than the physician or non-physician practitioner signed the form.
2. The submitted paper application is an outdated version.
3. The applicant failed to submit all of the forms needed to process a reassignment package within 15 calendar days of receipt.
4. The form CMS-855 was completed in pencil.
5. The wrong application was submitted (for example: a form CMS-855B was submitted for Part A enrollment).
6. If a web-generated application is submitted, it does not appear to have been downloaded from the CMS website.
7. The health care provider sent in an application or PECOS certification statement via fax or e-mail when he/she was not otherwise permitted to do so.
8. The health care provider failed to submit an application fee (if applicable to the situation).

Update All of Your Information with Medicare.

If you are already a Medicare provider, I urge you to personally go into the PECOS and NPPES and print out a copy of the existing information to check it.

If anything is incorrect, including an incorrect or incomplete name for your medical group, corporation or business, immediately fix this. Everything should be consistent. All of your state licenses and corporation/company information on file with your Secretary of State should also contain the same information as well.

Incorrect Information Could Lead to the Termination of Your Medicare Provider Number.

The consequences of not checking your information on file are severe, and can include termination of your Medicare provider number and billing privileges.

The effect of this termination includes:

- You are prohibited from reapplying to Medicare for at least two years.
– You may have to pay back any money received from the Medicare program since the effective date of the termination (often many months prior to the notification letter).
– Other auditing agents may be notified such as the Medicare Zone Program Integrity Contractors (ZPICs) and the state Medicaid Fraud Control Unit (MFCU).
– You may no longer contract with Medicare or anyone who does.
– You may and probably will be terminated from the approved provider panels of health insurance companies with which you are currently contracted.
– You may and probably will be terminated from skilled nursing facilities (SNFs) and HHAs with which you have contracts.
– You may and probably will have your clinical privileges terminated by hospitals or ambulatory surgical centers (ASCs).

To read our recommendations on what to do if your Medicare provider number is terminated, click here to read my previous blog.

Comments?

Did you know that even the smallest punctuation errors could lead to a denial of your application for Medicare enrollment? Have you ever had an issue enrolling in the Medicare program? Please leave any thoughtful comments below.

Don’t Wait Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The lawyers of The Health Law Firm routinely represent physicians, medical groups, clinics, pharmacies, durable medical equipment (DME) suppliers, home health agencies, nursing homes and other healthcare providers in Medicare and Medicaid investigations, audits and recovery actions. They also represent them in preparing and submitting corrective action plans (CAPs), requests for reconsideration, and appeal hearings, including Medicare administrative hearings before an administrative law judge. Attorneys of The Health Law Firm represent health providers in actions initiated by the Medicaid Fraud Control Units (MFCUs), in False Claims Act cases, in actions initiated by the state to exclude or terminate from the Medicaid Program or by the HHS OIG to exclude from the Medicare Program.

Call now at (407) 331-6620 or (850) 439-1001 or visit our website www.TheHealthLawFirm.com.

About the Authors: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

Christopher E. Brown, J.D., is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

CMS in the Hot Seat for Lax Oversight of Medicaid Managed Care Organizations

LLA Headshot smBy Lenis L. Archer, J.D., M.P.H., The Health Law Firm

For years, each state has kept an eye on its own Medicaid managed care plans, while the Centers for Medicare and Medicaid Services (CMS) is required to monitor how well each individual state is doing. However, a recent Government Accountability Office (GAO) report claims CMS is sleeping on the job. The report, released on June 20, 2014, stresses the need for more federal oversight of these plans.

With the implementation of the Affordable Care Act (ACA), the Medicaid program is expected to expand significantly. Most of the new beneficiaries enrolled in managed care are covered almost entirely by federal funds. The need for federal oversight in this area is of growing importance to ensure accountability of taxpayers’ dollars.

To read the entire report from the GAO, click here.

Report Findings: MCOs Need to be Watched by the Feds.

The persistent theme of the GAO report is that CMS and the Department of Health and Human Services (HHS) have done little to control the integrity of managed care organizations (MCOs). Federal programs have delegated managed care supervision to each individual state, but fail to provide needed guidelines and resources. CMS has not updated its MCO program guidance since 2000.

The report found neither state nor federal programs are well positioned to identify improper payments made to MCOs. Further, these programs are unable to ensure that MCOs are taking appropriate actions to identify, prevent or discourage improper payments.

For example, the report looked at state program integrity (PI) units and Medicaid Fraud Control Units (MFCU) from seven states. These anti-fraud groups admitted to primarily focusing their efforts on Medicaid fee-for-service claims. Meanwhile, claims made to MCOs have flown under their radar.

GAO Recommendations.

The GAO recommends that CMS:

- Require states to conduct audits of payments to and by MCOs;

- Update its managed care guidance program integrity practices and effective handling of MCO recoveries; and

- Provide states with additional support in overseeing MCO program integrity.

The GAO also suggests that CMS increase its oversight, especially as states expand their Medicaid programs. The GAO report recommends CMS take a bigger role in holding states accountable to ensure adequate program integrity efforts in the Medicaid managed care program. If CMS does not step up to the plate, the report predicts a growing number of federal Medicaid dollars will become vulnerable to improper payments.

The Future of MCOs.

If this report is taken seriously, be assured that audits of MCOs will become more frequent and extensive. If CMS ramps up their efforts, claims could be reviewed in detail by Medicaid integrity contractors. Now is the time to verify you are in compliance and receiving proper payments; before CMS turns the magnifying glass on you or your facility .

Comments?

What do you think of the GAO’s assessment of MCOs? Do you think CMS needs to step up and provide more oversight? Please leave any thoughtful comments below.

Contact Health Law Attorneys Experienced in Handling Medicaid Audits, Investigations and other Legal Proceedings.

Medicaid fraud is a serious crime and is vigorously investigated by the state MFCU, the Agency for Health Care Administration (AHCA), the Zone Program Integrity Contractors (ZPICs), the FBI, and the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS). Other state and federal agencies, including the U.S. Postal Service (USPS), and other law enforcement agencies often participate. Don’t wait until it’s too late. If you are concerned about possible violations and would like a confidential consultation, contact a qualified health attorney familiar with medical billing and audits today. Often Medicaid fraud criminal charges arise out of routine Medicaid audits, probe audits, or patient complaints.

The Health Law Firm’s attorneys routinely represent physicians, dentists, orthodontists, medical groups, clinics, pharmacies, assisted living facilities (AFLs), home health care agencies, nursing homes, group homes and other healthcare providers in Medicaid and Medicare investigations, audits and recovery actions. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Sources:

Mullaney, Tim. “Federal Government Needs to Boost Medicaid Managed Care Oversight, GAO Says.” McKnight’s Long-Term Care & Assisted Living. (June 20, 2014). From: http://www.mcknights.com/federal-government-needs-to-boost-medicaid-managed-care-oversight-gao-says/article/356779/

Adamopoulos, Helen. “GAI Calls on CMS to Increase Medicaid Managed Care Oversight.” Becker’s Hospital Review. (June 20, 2014). From: http://www.beckershospitalreview.com/finance/gao-calls-on-cms-to-increase-medicaid-managed-care-oversight.html

Bergal, Jenni. “Advocates Urge More Government Oversight of Medicaid Managed Care.” Kaiser Health News. (July 5, 2013). From: http://www.kaiserhealthnews.org/stories/2013/july/05/medicaid-managed-care-states-quality.aspx?referrer=search

About the Author: Lenis L. Archer is as attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.