Medicaid & Medicare
The Fraud Enforcement
GOVERNMENT ISSUE How Fraud Is Impacting Our Nationâ€™s Health Care System
The Leavitt Interview Busted Fraudsters
Feeding From The
Subsc ee ription A
Dennis Smith breaks down the gaps that require bridging in the deteriorating and complex U.S. Medicaid system.
An Interview With
The Profiler Interview â€“ A conversation with Governor Mike Leavitt, health care innovator and reform visionary
Clinical fraud expert, Michelle Higginson, gives her take on the fair distribution of services in public health care.
Trough Principle page 22
The List – 2009 National fraud prosecutions and recoveries
Health Care Market Facts & Fraud Projections – An overview of public and private costs
Chris Cook and Lee Perla explain the new Fraud Enforcement Recovery Act and the government’s intent to pursue fraud.
Red Alert – Learn the latest requirements of ARRA and the Red Flag Rule in order to keep your organization HIPAA compliant
Letter From the Editor – Profiler’s Editor-In-Chief discusses the focus of this issue.
Fraud Prevention Thatâ€™s Armed To The Teeth. Stop Fraud. Get HCI.
Profiler Magazine 10897 S. River Front Parkway Suite 200 South Jordan, Utah 84095
he topic of health care reform has fueled heated speculation and debate across the country over the past several months. Crafting a bill that garners bi-partisan or even majority support appears increasingly challenging, imparting an up-hill battle for President Obama. With heightened awareness and attention on the Government’s health care reform measures, we decided to focus this issue’s theme on public sector health needs, regulations and payment integrity implications. As we go to press with this issue, no bill is forthcoming and a cloud of controversy and doubt still frames health care reform. In this edition of Profiler Magazine, Dennis Smith discusses the steps Centers for Medicare and Medicaid (CMS) and states can take to bridge the gap of collaboration and implement an integrated approach to fraud prevention. Authors
Chris Cook and Lee Perla summarize the ramifications of the recently enacted Fraud Enforcement Recovery Act (FERA) while author Todd Frech outlines how HIPAA continues to reshape the ways payors function and work. I am also excited to share Profiler’s exclusive interview with the dynamic former Utah Governor and Health and Human Services (HHS) Secretary, Mike Leavitt. Furthermore, this issue introduces a new running feature focusing on the staggering numbers of major fraud convictions and prosecutions across the nation over the past year, which I trust you’ll find informative. Profiler Magazine is published on a semi-annual basis, so look for another issue to come across your desk during the fall of 2010. In the meantime, keep up on the latest in health fraud by visiting www.profilermag.com or email me your comments at firstname.lastname@example.org.
Toll Free: 877.619.5557 Fax: 801.285.5801
PUBLISHER HealthCare Insight email@example.com
EDITOR IN CHIEF Darin Johnson firstname.lastname@example.org
SENIOR EDITOR Deborah Evans email@example.com
ART DIRECTOR Mica Johnson firstname.lastname@example.org
ASSOCIATE EDITOR Shane Sanders email@example.com
CONTRIBUTORS Lee Perla Chris Cook Dennis Smith Michelle Higginson Todd Frech
WEBSITE www.profilermag.com Copyright © 2009 by Profiler Magazine All rights reserved. Materials may not be reproduced in whole or in part without written permission. For reprints of any article, contact the editor. *The opinions expressed by any contributors are not necessarily those of Profiler Magazine.
in civil and criminal investigations and litigation under the False
the State Childrenâ€™s Health Insurance Program (SCHIP).
Claims Act, the Anti-Kickback Act, and the Stark Law.
Todd Frech is a health IT consultant with 25 years of
Lee Perla is an associate in the Washington office of Jones Day
experience. Early in his career he was awarded the Navy
and has represented successfully government contractors,
Achievement Award for developing a database application to
corporations, and individuals in state and federal trial and
track down the cause of a salmonella infection on the USS
appellate court litigation, investigations, and administrative
represented pharmaceutical companies and health care providers
Services, which directs the $350 billion Medicaid program and
Editor in Chief
Chirs has 20 years of experience as a trial lawyer and has
State Operations at the Centers for Medicare and Medicaid
Chris Cook is a Partner in the Washington office of Jones Day.
Leavitt Partners. He was Director of the Center for Medicaid and
Dennis G. Smith is Managing Director of Medicaid Practice at
N ational Health Care Fraud Settlements, Indictments and Convictions 8
Largest Health Care Fraud Settlement In the History of the DOJ
American pharmaceutical giant Pfizer Inc. and its subsidiary Pharmacia & Upjohn Company Inc. plead guilty in September to a felony violation for the illegal promotion of certain pharmaceutical products, resulting in the largest health care fraud settlement in the history of the Department of Justice. The federal share of the civil settlement is $668,514,830 and the state Medicaid share of the civil settlement is $331,485,170. The six whistleblowers who prompted this investigation will receive payments totaling more than $102 million from the federal share of the civil recovery.
$540 $371 $154 $123 Million Million Million Million
In July, New York state and New York City agreed to pay the federal government $540 million to settle allegations they both submitted false claims for school-based health care services provided to Medicaid eligible children from 1990 to 2001. A speech therapist blew the whistle, resulting in the record False Claims settlement.
In July, 32 people were arrested in New York, Louisiana, Boston and Houston in a major health care fraud bust. They are accused of fraud schemes, including giving patients "arthritis kits," which were nothing more than unnecessary, expensive orthotics that included knee and shoulder braces, billed at $3000 - $4000 each.
In August, an Orange County, CA woman was sentenced to 10 years in prison for her role as a "capper" in a $154 million health insurance fraud scam in which she recruited 310 patients to undergo unnecessary surgeries in exchange for $2.35 million, pocketed between Nov. 14, 2001, and May 27, 2004.
Also in August, a Miami man accused of Medicare fraud plead guilty. Sentencing is still pending for charges that he submitted approximately $123 million in fraudulent claims to Medicare for durable medical equipment that had not been prescribed or ordered by a physician, nor delivered to a Medicare beneficiary.
Public and Private Sector Fraud Projections
hen this issue of Profiler Magazine went to press, health care reform was still under intense debate nationwide and no resolution appeared forthcoming. Any adopted reform measure will drastically change the future public health expenditures and fraud loss estimates for decades to come. Without a clear picture of the reform ahead it is difficult to accurately project future health care spending patterns and fraud losses with any degree of certainty. However, expenditure and fraud loss increases are expected across the board as up to 45
million more Americans receive health care coverage. Excluding added health spend for reform measures (simply too early to tell), total fraud loss projections could eclipse $262 billion in 2010. A closer look at this number reveals private insurance carriers stand to lose up to $137 billion in fraudulent payments while Medicare and Medicaid fraud exposure could reach nearly $125 billion. These staggering numbers point to need for a speedy resolution on reform and anti-fraud technology.
Fraud Projections by Cost Category 2010 3% Loss
$8.7 Private: Insurance
Fraud Projections For Public Industry 2010-2014
$23.7 $15.5 $7.1
Projected Fraudulent $ (In Billions)
Federal: Medicare 3% Loss 10% Loss
*Not all cost categories are represented in this display.
Fraud Projections For Private Industry 2010-2014 Projected Fraudulent $ (In Billions)
Potential Fraudulent $ (In Billions)
3% Loss 10% Loss
CENTER FOR INSURANCE EDUCATION AND PROFESSIONAL DEVELOPMENT
Where Professionals Learn the Industry
Stop Health Care Fraud.
Start With Courses, Publications, and More from The Center
Need help preventing health care fraud? The AHIP Center for Insurance Education and Professional Development can help with courses and publications that cover everything from the fundamentals to key products, the federal and state governmental roles, and legal issues. Whether you choose a course or a publication, or focus on the Health Care Anti-Fraud Associate (HCAFA) designation, the Center has the tools you need.
LEARN. ACHIEVE. SUCCEED. www.AHIPInsuranceEducation.org 800.509.4422
AHIP, the national association representing approximately 1,300 health insurance plans providing coverage to more than 200 million Americans, is a leader in health insurance education. As the health care industry changes, you can count on us to bring you new educational programs that will help you continue to expand you industry knowledge of fraud and more. For more information on the HCAFA and other Center’s designations and courses, visit www.AHIPInsuranceEducation.org. Content and Design AHIP—All Rights Reserved: © AHIP 2009
8/28/09 8:53:27 AM
Affordable health care is an important humanitarian necessity. 12
PROFILER INTERVIEW A conversation with Governor Mike Leavitt
ecognized for being a strategic, collaborative and thoughtful leader, Mike Leavitt has certainly done his part to serve the American public. During his three terms as Governor of Utah, independent public policy analysts ranked Utah among the best-managed states in the nation – not once, not twice – but six times. Leavitt was chosen by his peers as Chairman of the National Governors Association, Western Governors Association, and Republican Governors Association due to his distinguished ability to solve problems across partisan lines. As Administrator of the United States Environmental Protection Agency (EPA), Leavitt pioneered environmental management efforts to clean up national air and water, garnering the praise of President George W. Bush and other politicians. In January 2005, Leavitt accepted the challenging role of Secretary of the U.S. Department of Health and Human Services. His four years spent furthering health and science partnerships, modernizing Medicare and Medicaid and advancing research, solidified his success as a health care innovator and welfare reformer. Profiler: As the nation’s longest-serving governor, you led the state of Utah for more than a decade. During that time, your strong focus on affordable health care helped over 400,000 uninsured Utah residents get coverage. What motivated you to strive for that achievement? Leavitt: Affordable health care is an important humanitarian necessity. It is also a prerequisite for sustainable family and national budgets. In my view, it’s proper for government to help organize systems that encourage high quality and low cost care. Profiler: You resigned the governorship of Utah in 2003 to accept the esteemed position of Administrator of the Environmental Protection Agency (EPA). While acting as the 10th EPA Administrator, you implemented higher standards for ozone, diesel fuels and other air pollutants. Why was this issue so important to you?
Leavitt: My primary task as head of the EPA was to protect the health of our nation’s citizens. Over the past 50 years in the United States, nothing has contributed more to the longevity and health of people than improving the quality of our water and air. Balancing the regulatory powers of the national government with the need for economic vibrancy is a challenge in any situation. It was particularly important in leading the EPA. Profiler: In January 2005, President George W. Bush nominated you to succeed Tommy Thompson as the 20th Secretary of Health and Human Services (HHS). What was your initial reaction when you learned of this nomination? Leavitt: My family and I had been eating dinner at a neighbor’s house one Sunday afternoon. I was sent to our home to get some ice and found the phone ringing when I entered. When I answered, the White House operator said, “Could you stand by for a call from the President?” President Bush came on the line and informed me he was making some changes in the Cabinet. He asked if I would you be willing to move over the Health and Human Services. “Of course,” I replied. The President then asked me to be at the White House early the next morning to be sworn in as Secretary of HHS. The President and I had worked together on health and human service issues when he was Governor of Texas. I had been Chairman of the National Governors Association, representing the states in negotiations with Congress and the White House. I knew there would be much to learn when I accepted the Secretary role, but felt confident I could do the job. Profiler: As HHS Secretary, you managed the largest civilian department in the federal government. What lessons did you learn from that aspect of your tenure? Leavitt: HHS is a large department with a wide diversity of responsibilities. The budget was $750 billion and there were 70,000 employees. Most people recognize Medicare, Medicaid, the FDA, Centers of Disease Control and the National
Institutes of Health. However, those are only 5 of 27 agencies that make up HHS. I learned that in an organization that large, it is important for the leader to collaboratively develop a unifying vision and then organize the various departments to support that vision. At HHS, we developed a 5000 day vision that expressed our long term aspirations, and a 500 day plan which laid out what we needed to do in the short run to bring the long term vision about. I also learned the importance of effective teamwork to coordinate and align the interests of different parts of the government. Profiler: What is the single biggest problem with American’s health care system today? Leavitt: I will summarize our challenges by pointing to three flaws. First, care is not coordinated among different providers. I call this the silo syndrome. This is well illustrated by the number of different bills that flow from one procedure or stay in a hospital. All providers are operating independently and the lack of coordination produces higher costs, lower levels of service and confusion for all involved. The second flaw is that our payment systems reward poor quality and superior quality in the same manner. Worse yet, there is no way for the average consumer to know if the care they receive is high or low quality. We need transparent systems of cost and quality comparison. The third flaw is poorly aligned incentives. Everyone in the system is provided with an incentive for “more”, rather than “better”. Patients have little sensitivity to price because their insurance company pays the bill. Health care providers get rewarded by volume of care, not the value of their care. I call this “chronic more”.
There is no way for the average consumer to know if the care they recieve is high or low quality Profiler: Health care reform is on everyone’s mind as our nation braces for some large changes. What does successful reform look like in your eyes? Leavitt: Many people aspire to see the government actually operate health care systems. In my experience of running large government health care organizations, when the administration steps beyond determining rules of the market and begins to make decisions in lieu of consumers, costs go up and quality of care goes down. In my opinion, a successfully reformed health care system would provide the American people a choice of insurance plans to select from and the government would subsidize
those in hardship. Successful reform would change the way we reimburse health care providers so they would get paid for better care, not more care. In real reform, consumers would be a bigger part of purchasing and paying for their care. Most importantly, real reform would begin to deal with the disastrous financial mess our neglect of Medicare’s solvency has created. Profiler: You’ve been recognized for unleashing the power of technology to improve the health care system. What other technological advances would you like to see used to improve care and manage costs? Leavitt: Technology will continue to change the face of health care in the future. Genetic technologies will make therapies more personalized, predictive and participatory. Information technologies will allow every American access to their own medical records and help providers lower costs and increase quality. Consumers will also have access to more information about the cost and quality of available health care alternatives. Profiler: Rumor has it that your love of the web led you to becoming the first cabinet-level blogger in U.S. history back in 2007. What prompted you to begin a blog? Leavitt: I’m told that I was the first Cabinet official to use a blog. It took time but it proved rewarding at many levels. Starting a blog provided abundant feedback to ideas and allowed me to communicate quickly and efficiently with various constituencies. The employees of HHS found it useful because I often reported on my activities and the news media often turned to my blog to understand my thinking on various issues. Critics found it a convenient way to express their discontent. Writing forces me to use words to crystallize my instincts, so I found blogging to be a very useful tool. Profiler: You have certainly done your part to ensure a better future for all Americans. What achievement are you most proud of when looking back at the various accomplishments you helped facilitate throughout your career in government? Leavitt: As I reflect on my public service, it has become clear to me that legacies aren’t evident quickly. I was once in the Oval Office with President George W. Bush. He pointed to a portrait of George Washington on the wall and said, “I just finished a book about George Washington. He was the first President. I am the forty-third. Historians are still arguing about what his legacy was. I probably don’t need to spend a lot of time trying to define mine.” Sixteen years in public service has produced lists of things I take private satisfaction in. However, years ago I was determined to achieve three over-arching goals: 1. Leave things better than I found them. 2. Plant seeds for the next generation. 3. Give it all I have. I am most satisfied that I accomplished all three.
“THE DIFFERENCE BETWEEN A MISTAKE AND FRAUD CAN MEAN JAIL.”
- Dennis Smith
The Road to Medicaid Reform
ighting fraud is like building a bridge - it needs to be done from both ends at the same time to ensure a solid result. It must start with unyielding decks, dense enough to support the final structure. This beginning stage is where we currently find ourselves as a nation, approaching the perilous task of reforming our health care system. To state the obvious, risk is inherent to the $360 billion Medicaid program. Waste, fraud and abuse come in many different forms. Fraud does not represent the total or even a majority of improper Medicaid payments. But how many “mistakes” does it take before improper payments become abuse? And how much abuse is tolerated before a referral is made to the state Medicaid Fraud Control Unit? The difference between a mistake and fraud can mean jail. Medicaid program officials on the front lines of defense against waste, fraud and abuse, do not determine whether an improper payment is fraudulent. Prosecuting an individual for fraud is a determination that is made by the U.S. Department of Justice or a state attorney general. In order to be able to make a fraud referral, Medicaid officials need correct and complete information, including both real time and comparative data. Medicaid currently spends approximately $1 billion per day. It is typically the single largest health plan in a state. If it were a corporation, it would rank among many states’ largest enterprises. Medicaid is far more complex to adminis-
by Dennis Smith
ter than Medicare or private health plans. For example, there are only a few ways in which an individual becomes eligible for Medicare. Eligibility workers in Medicaid, however, may have to learn 30-50 different eligibility categories. Medicare and private health plans typically pay for core services such as inpatient hospital services, physician services, etc. Medicaid pays for these services, as well as many others. Across the U.S., more than 60 different services are billed as Medicaid home and community based services. No other program or plan pays for home and community based services as Medicaid does. It has been estimated that between 5 and 10 percent of Medicaid expenditures are erroneous, which means taxpayers are losing $50-$100 million per day. It‘s hard to imagine any private enterprise could absorb such losses. Before rushing to judgment, however, consider the crises which spread from the American housing industry through the financial sector and beyond over the past few years. Despite enormous investments in highly specialized (and highly compensated) personnel and sophisticated mathematical models, trillions of dollars in value were lost. Yet, how many individuals involved in the financial meltdown were prosecuted for fraud? The answer is very few. Much of the losses were caused by mistakes in judgment, incorrect or
inaccurate information, flawed predictive models and poor decisions in recovery efforts. One inescapable lesson of the financial crisis should be the recognition that technology actually helped spread mistakes faster while making the crooks smarter. Those same vulnerabilities apply to Medicaid as well. Are the problems in the financial sector an excuse for waste, fraud and abuse in Medicaid? Absolutely not. The
“TECHNOLOGY ACTUALLY HELPED SPREAD MISTAKES FASTER...”
- Dennis Smith
purpose of providing this reference is to illustrate that human knowledge, even aided by 21st technology, is imperfect and incomplete. Rather than excusing the flaws in Medicaid, it points more convincingly to the imperative that elected and unelected officials must multiply their efforts to safeguard the $360 billion in spending that is at risk. In addition, they must acquire the latest tools to prevent the losses in the first place. In order to fight back, decision-makers need complete end-to-end information. In Federal Fiscal Year 2008, the states spent about $18.6 billion just to administer the Medicaid program (federal and state funds combined). Of this amount, approximately $2.3 billion, or 12.6 percent, of total administrative expenditures was spent on the design, development, installation or operation of Medicaid Management Information Systems (MMIS) and other information systems. An MMIS assists states in the management of claims processing, management of recipient and provider eligibility, recoupment of funds from
other liable third parties, detection of fraud and abuse (SURS), program reporting and provides a basis for monitoring the quality of care in the program. Despite MMIS implementations, errors continue to persist for a number of reasons. In some states, all claims are still not submitted electronically, leaving them vulnerable to human error. Many claims aren’t even paid through a state’s MMIS, thereby losing the benefit of an important layer of review and accountability. Complicated provider coding procedures clash against complicated payment rules. Eligibility systems in some states are decentralized as county responsibilities and local governments still lag behind in the adoption of state-of-the-art technology. To make matters worse, a provider or a beneficiary may be caught in a disagreement between Medicare and Medicaid as to which program is responsible for a claim. Incidences of waste, fraud and abuse continue to persist because some elected officials at all levels of government are not willing to invest in the technology or procedures that can prevent them. It is estimated that states will spend nearly $20 billion to administer Medicaid in Fiscal Year 2010. Spending at this level to run a program that still incurs 5 to 10 percent losses should signal to everyone involved in the funding and management of the program that they must consider whether a reallocation of administrative resources is in order to adequately protect the financial integrity of the program. It has already been determined that Medicaid should be subject to “The Improper Payments Information Act of 2002” (IPIA). The IPIA directed the Office of Management and Budget (OMB) to identify federal programs that are “… susceptible to significant erroneous payments …” On July 15, 2009, the Centers for Medicare and Medicaid Services (CMS) released yet another revision of how it intends to comply with the IPIA in the Federal Register. The CMS proposed rule, Medicaid Program and Children’s Health Insurance Program (CHIP); Revisions to the Medicaid Eligibility Quality Control and Payment Error Rate Measurement Programs, illustrates the difficulties involved in reaching consensus between federal and state officials on how to measure improper payments. The regulatory process has already taken five years and a final rule still has not been adopted. Congress made statutory changes in early 2009 which directed a new course for the program. Under this latest proposed rule, CMS has delineated ten types of data processing errors, nine types of medical review errors and nine types of eligibility errors. Historically, the emphasis in Medicare and Medicaid has been to
Identify risk drivers. Act on that intelligence. Report on the results. Control healthcare costs. Verisk Health, a global leader in risk management, leverages your data to deliver deep analytics that you can use to effect positive change in your organizationâ€” controlling costs and improving health outcomes. We then give you the ability to report on those changes and accurately measure the results. See how Verisk Health helps to manage risk and control costs at www.veriskhealth.com. For a one-to-one conversation, call 866.292.6971.
Clinical and predictive analytics | Enterprise reporting | HEDIS reporting Normative database benchmarking | Healthcare risk management solutions
pay claims quickly, in part to offset provider complaints against low reimbursement rates. “Pay and chase” policies have allowed cracks in the payment system to be exploited by those willing to play the odds against getting caught. More waste flows through the system because providers and politicians alike become rather irate when the federal government or a state tries to recoup funds a year or two after payment was erroneously made. Accordingly, Medicare or Medicaid might rely on provider education rather than recoupment efforts, meaning significant tax dollars are lost. During the 1990s, there was strong public support for welfare reform in part because abuses of the system were noticeable to the public. But, in Medicaid, various types of abuse are often hidden from view, in part, because of conflicting goals. Program integrity may be compromised when eligibility simplification fails to capture sufficient information about an applicant. When a Medicaid recipient demands a brand name drug over a generic, the generosity of the taxpayers is being taken for granted. That is not considered to be fraud, but it’s certainly an example of excess cost. Seeking care in a hospital emergency room for routine care is another form of excess cost, but correcting such behavior could risk a lawsuit. We don’t typically think of missing a doctor’s appointment, seeking care from multiple providers or noncompliance with a physician’s orders as abuse, but they contribute to cost shifting and increase expenditures further downstream. States are required to maintain certified fraud surveillance systems. Being able to sort through claims 18 to 24 months after the fact has its utility, but it also has limitations. Trying to unearth the fraud or stop improper payment months after it has already occurred is like using the Pony Express in this age of the Internet. If Medicaid is going to be successful in changing the behavior of providers and recipients, it must understand what is happening on a real time basis. As health care reform legislation proposes to inject another trillion dollars of taxpayers’ money into the system, many Americans are asking whether current waste, fraud and abuse should be eliminated, or at the very least, reduced. They are right to do so. But simply increasing the penalties is not likely to deter those truly intent on defrauding the federal government and risks a backlash from honest providers. Improper payments have to be attacked from both the front end and the back. To mitigate the risk of improper payments, every Medicaid claim should be traceable and matched to ensure that the program properly paid for a Medicaid service provided to a legitimate Medicaid recipient in the correct amount. It should always pay claims correctly—not one dollar more or one dollar less. That objective, however, requires the upfront investment to prevent an improper claim from being paid in the first place. Medicaid needs the latest tools and strong partnerships to fulfill its competing goals. Problems that could have been averted often are the result of a break in the accountability chain. Over the years,
when confronted “WHICH IS WORSE with a crisis of the day, I often asked WE KNEW OR myself and others, “Which is worsewe knew or we didn’t WE DIDN’T KNOW?” know?” Processing a claim correctly is key - Dennis Smith to ensuring accountability. The DNA of the Medicaid program can be identified through the $1 billion in claims that are processed day after day. The more we know about each of those claims at each step, individually and collectively, the greater the likelihood that waste, fraud or abuse can be prevented or, if necessary, successfully prosecuted. Most of our investments should focus on preventing an improper payment from ever being made. Claims can also inform us about performance and quality of care. Lower quality of care increases costs in the long run. This is where improved technology comes in. Although Medicaid has been investing in technology, there are limits to what such tools can do. When faced with a clear choice between “yes” or “no,” well written software will get the right answer at a percentage equal to hand soap purity. For example, we seldom have disputes with the ATM machine. But medical care is not always so clear cut. Determining whether a procedure was medically necessary may involve shades of gray, which means the machines still need a human touch. Medicaid is overwhelmed with demands from all sides. Even though the federal government pumped $87 billion into Medicaid over a two year period through the American Recovery and Reinvestment Act of 2009 (ARRA), states are still facing $230-300 billion deficits. Half the states still made program cuts in Medicaid in 2009 and half have proposed Medicaid cuts for 2010. The ARRA did not solve the problems of Medicaid. At best, it simply postponed the day of reckoning. In many respects, the ARRA only meant that states would make reductions elsewhere in their budgets. States face a budget cliff when the temporary funds expire in December 2010. Every state must re-examine whether every Medicaid dollar is properly spent, not only to stop the criminals, but to ensure the integrity of the entire program on a daily basis. A few headline grabbing raids or fraud prosecutions are not enough to stop the steady drip of dollars going down the drain through other forms of waste, errors and abuse. Now is the time for states to plan and prepare for the loss of those funds by adopting new tools and applying the proper human reviews to increase the value of our investment in Medicaid. By bridging the information gaps that we currently face, we can strengthen our health care system. As it has in other sectors of our economy, harnessing the power of information will improve quality and lower costs in health care.
by Michelle Higginson, RN
Distribution of Services in Public Health Care
deally, health care access should be based on principles of medical necessity and fairness. Treatment should be guided by evidence-based practice and cost effectiveness. Currently, public health care disbursement is driven by emotion and politics, which has resulted in waste, abuse and inefficiency. Review of state Medicaid guidelines and coverage reveals little consensus as to what services and treatments should be provided by publicly funded programs. Monitoring and oversight of how services are utilized and paid is frequently lacking. In his book Critical: What We Can Do about the Health Care Crisis (2008), former U.S. Senator Tom Daschle proposes the concept of a ‘Federal Health Board’ as a mechanism for determining what services should be covered under a universal public health plan, how much should be paid and recommendations regarding “clini-
cally valuable and cost effective” services. As many Americans are resistant to having the federal government decide the services and treatments they can receive, it is doubtful that this idea will be implemented. However, Daschle’s basic idea has merit. There is certainly need for both equity in the distribution of health care services and focus on clinically validated practice. However, this should be founded on the entrepreneurial free-market system that is proven to produce higher quality, money-saving solutions rather than bureaucracy. “Feeding at the public trough” most likely has a negative connotation in our self-reliant society, but understanding of the principle behind the phrase helps illustrate the necessity. A trough, the long, narrow container used to feed a large herd of animals, ensures that all receive an adequate portion, resulting in nutrition and health for the
entire herd. If all the food is merely dumped in a pile rather than distributed evenly, the largest and strongest are more likely to seize it first, leaving little or nothing for the smaller or weaker animals. Unfortunately, this is too often the case with current public health care options. There’s frequently no rhyme or reason to the way health care services are apportioned. The loudest voices seem to take the largest share. Health care reform is a manyheaded monster that must be approached from various angles. Part of the solution could lie in redistributing access and coverage by applying the principle of the trough. The revision of state-specific coverage guidelines which have the potential to ensure equal access and availability to public care for all who need it could greatly improve the health care industry. An equally important part of
The loudest voices seem to take the
he solution is independent oversight and monitoring of public health care service allocations, as demonstrated by the recent dismal performance audit of one western state’s Medicaid program. The Office of the Legislative Auditor General recommended that improved methods of pre-authorization, auditing and cost recovery be implemented to reduce waste, abuse and fraud in that state. It can safely be assumed that other states face similar issues with their own Medicaid programs. Clinical fraud detection experts see claims on a daily basis for services that simply do not make medical or economic sense; claims that violate the principles of fairness and necessity, making them wonder why such wasteful things are done with public health care dollars. They witness variation in coverage limitations between states, allowance of services that are contrary to published state
Reimbursing non-covered services, either explicitly or implicitly
Allowing overutilization of services
Not requiring administration contracts to match state guidelines
Paying all claims as billed rather than utilizing clinical review and editing
Not requiring or supporting clinical care guidelines and disease management protocols
guidelines and other abusive methods that are not monitored or limited at all. Recent audit’s backup the argument that allowing public programs to monitor themselves is inefficient and wasteful. Prior authorization processes, claims review and recoupment of overpayments can be more efficiently managed by a competitive, independent contractor model than by a bureaucratic agency. Implementation of clinical validation services for revision of state guidelines, administration contracts, distribution of services, best practice recommendations and monitoring of how services are utilized leads to impressive savings in health care expenditures. The input of clinical experts in applying the trough principle to the distribution of public health care services is necessary to ensuring improved access and health for all participants.
RECOVERY ACT of 2009 T
by Chris Cook & Lee Perla
he Fraud Enforcement and Recovery Act (“FERA”), enacted on May 20th, 2009, expanded the federal government’s ability to investigate and prosecute fraud by amending key civil and criminal fraud provisions and appropriating nearly half a billion dollars for increased enforcement. FERA’s most far reaching change, however, will likely be its amendments to the False Claims Act (“FCA”). Because of these provisions, a wide range of previously exempt business transactions are now subject to potential liability.
Under the new law, any person or entity that submits a claim to virtually any recipient of federal funds faces a potential FCA lawsuit ... Before FERA, the FCA imposed liability for false statements made to the government or false statements made to induce the government to pay a false claim. After FERA, the FCA purports to impose liability for false claims made to any recipient of federal funds, regardless of whether the entity presented the false claim to the government or otherwise meant for the government to pay the allegedly false claim. FERA also purports to expand liability for retaining money owed to the government. Before FERA, retaining money owed to the government could result in liability only if the entity used a false statement for the purpose of concealing, avoiding, or decreasing an obligation to the government. After FERA, plaintiffs in FCA actions (known as “relators”) likely will argue that any entity that failed to repay the government may be liable under the FCA even without having made any false statement whatsoever. Before FERA, most courts had held that only false statements “material” to the government’s decision to
pay a claim could be actionable under the FCA. FERA, however, made materiality an explicit element for two of the FCA’s seven liability subsections. FERA also resolved a split among the courts on how such a materiality requirement should be applied. Some courts regarded a false statement as material only if the government would not have paid the claim if it had known of the inaccuracy. FERA rejected that and defined “material” as anything “having a natural tendency to influence, or being capable of influencing, the payment or receipt of money or property.” Under FERA, a falsity may now be considered “material” even if it had no impact on the government’s payment decision. FERA makes three other significant amendments to the FCA. First, it expands protection for “whistleblowers.” Second, it lets the government give relators access to information gained from government subpoenas. And lastly, it expands the statute of limitations for FCA actions, specifying that government complaints “relate back” to earlier whistleblower complaints. 25
Liability For Dealings With Any Recipient of Federal Funds Although the government may initiate an action on its own, most FCA actions are brought by relators, private parties suing on the government’s behalf. As incentive, the FCA lets successful relators keep 15-30% of the money recovered on the government’s behalf. An entity may be liable for up to three times the amount of the government’s damages and $11,000 per false claim if that entity is found to have violated any of the FCA’s seven liability provisions, re-codified at 31 U.S.C. § 3729(a)(1)(A)-(G). Historically, however, most relators assert a theory of liability under former subsections (a)(1) and (a)(2). Former subsection (a)(1) (now § 3729(a)(1)(A)) imposed FCA liability on anyone who “knowingly present[ed], or cause[d] to be presented, to an officer or employee of the United States Government or a member of the Armed Forces of the United States a false or fraudulent claim for payment or approval.” Courts interpreted this as requiring “presentment” of a claim to the government. Thus, merely submitting a false claim to a recipient of federal funds would not have created liability under the pre-FERA FCA. The defendant must have submitted or caused another to submit a false claim to the government. In contrast, former subsection (a)(2) (now § 3729(a)(1)(B)) focused on the intended payment source. Anyone who used a false statement to get a false claim paid by the Government violated subsection (a)(2). Although this provision contained no presentment requirement, mere payment by a federal grantee would not create liability. Liability attached only with a finding that the defendant intended the false statement to induce payment by the government. Thus, under either former subsection (a)(1) or (a)(2), FCA liability existed only for entities that presented a claim to the government or induced payment by the government. FERA, however, changed that significantly. FERA eliminated the “presentment requirement” so that the FCA now attaches liability without regard to whether the government received a false claim or the defendant meant to induce payment by the government. Under the law as amended, anyone who does business with virtually any recipient of federal money could face potential FCA exposure irregardless of whether false claims are actually submitted to the government. Additionally, FERA removed the language “to get a false or fraudulent claim paid or approved by the Government” from the former subsection (a)(2), directly abrogating the Supreme Court’s decision in Allison Engine Co. v. United States ex rel. Sanders, 128 S.Ct. 2123, 2129-30 26
(2008). Relying on the language that FERA deleted, a unanimous Court in Allison Engine held that imposing liability without evidence of an intent to extract payment from the government “would expand the FCA well beyond its intended role of combating fraud against the Government.” Id. at 2128. After FERA, however, relators may contend that the FCA now provides a cause of action for false statements made to virtually any recipient of federal money regardless of whether the entity ever intended to induce payment by the government.
Retention of Government Overpayments FERA made two substantive changes to the “reverse false claims” provision, now codified at § 3729(a)(1)(G). These changes complicate a recipient’s responsibility for accurately recording and accounting for government payments. First, FERA amended the former subsection (a)(7) to conform with the amended subsection (a)(1)(B). Now, the FCA purports to impose liability even if the entity never meant for an allegedly false statements to result in the retention of a government overpayment. Second, FERA expanded liability for reverse false claims by imposing liability for the retention of overpayments. Liability under the former subsection (a)(7) had been dependent on the submission of a false statement. FERA eliminated that requirement and further specified that the duty to repay the government need not have become fixed for liability to attach. Now, a relator may argue that an entity receiving interim payments can incur FCA liability for the “knowing” retention of overpayments even prior to reconciling its books. Because “knowingly” may include reckless disregard, relators can file suit and potentially force an entity to defend itself in protracted litigation even if the entity never knew it had been overpaid by the government.
Broadly Defined Materiality FERA codified a broadly defined “materiality” element into subsections (a)(1)(B) and (a)(1)(G). In suits under those subsections, FERA makes alleged false statements actionable only if they “hav[e] a natural tendency to influence, or [are] capable of influencing, the payment or receipt of money or property.” This change resolved a split among the courts. Under this definition, a falsity may be considered material even if it had no actual impact on the government’s payment decision. At least in some cases, this may lessen significantly the evidentiary burden on the government or the relator.
The NHCAA Institute for Health Care Fraud Prevention
Ma r k Your Calendar! November 16-20, Mandalay Bay Resort, Las Vegas
NHCAA Profiler Ad.indd 1
9/21/09 5:00 PM
Other FCA Amendments In FERA FERA makes three other significant amendments to the FCA. First, FERA expanded whistleblower protection to include employees, not just of the government, but also of the government’s contractors and agents. Such a whistleblower, at least in theory, may now initiate a prolonged and costly employment suit merely by alleging that he tried to stop a FCA violation. The whistleblower need not, however, actually initiate an FCA suit. Second, FERA expanded the FCA’s statute of limitations. FERA created an exception to normal tolling doctrines so that, for statute of limitations purposes, the government’s later-filed allegations are treated as if filed when the relator began its case. This makes it easier for the government to wait years before advising the defendant that it has been sued. Third, FERA allows relators access to documents and information produced to the government in response to a Civil Investigative Demand (“CID”). This access creates potential problems, including greatly heightened confidentiality risks. Additionally, relators might now supplement entirely speculative allegations with just enough government information for an otherwise frivolous suit to survive dismissal.
Some Changes Apply Retroactively Most of FERA’s amendments apply to suits based on conduct occurring on or after May 20, 2009. FERA, however, purports to make its changes to subsection (a)(1)(B) apply retroactively to cases pending on June 7, 2008, two days before the Supreme Court announced its decision in Allison Engine. The changes to the FCAspecific relation-back provisions apply retroactively to cases pending on May 20, 2009. At best, these retroactive provisions threaten to resurrect previously determined lawsuits.
Consequences FERA’s changes to the FCA, coupled with the nearly half a billion dollars appropriated for enforcement, underscore the government’s intent to pursue perceived fraud against the United States. This has implications for anyone who does business with the myriad entities now
receiving federal funds. Companies that have not previously considered their exposure to liability from the government should take a hard look at their potential liability. Under the new law, any person or entity that submits a claim to virtually any recipient of federal funds faces a potential FCA lawsuit without regard to whether the underlying allegedly improper conduct had any impact on the United States treasury. FERA will undoubtedly lead to increased litigation risk and attendant costs. When coupled with the government’s investment in enforcement, it makes good business sense to review existing compliance programs as soon as possible.
FERA will undoubtedly lead to increased litigation risk and attendant costs. 28
Is Your Organization HIPAA Compliant?
When Bill Clinton checked into New YorkPresbyterian Hospital (NYP) for his 2004 heart surgery, he registered under a pseudonym to protect his privacy. Fourteen highly resourceful and intensely curious members of the hospital’s staff gained access to his medical record anyway. At facilities throughout the country, celebrities and public figures as diverse as George Clooney, Farrah Fawcett, Britney Spears and the “Octomom” have also had the privacy of their medical records compromised. Snooping isn’t by any means limited to the famous. In another case at NYP, an employee was arrested for selling the information of at least 50,000 patients. At the University of California - Berkeley, hackers gained access to a medical database containing the records of 160,000 students, alumni and their families. Government agencies aren’t faring any better. When a data analyst violated Veterans Administration policy and took home a laptop that was subsequently stolen, the personal health information of more than 25 million U.S. veterans fell into the hands of the thieves. 30
by Todd Frech
t’s ironic that President Clinton himself signed into law a major piece of legislation designed to prevent precisely the kind of breach that occurred at NYP. That law, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, was a major step forward, but it’s not without flaws and shortcomings. It’s so broad and ambiguous that all health care organizations, from singlephysician practices to large insurance companies and third-party administrators (TPAs), have had a difficult time determining how to comply. Lawmakers in some states have taken action to provide more comprehensive or specific protections for health care consumers. Assembly Bill 1298, passed in California in 2007, requires covered entities to notify patients when information is lost, stolen or inappropriately released. Although state-specific privacy regulations have closed some loopholes in the regulation to better protect patients, they also, unfortunately, have created confusion. The Bush administration introduced the concept of “addressable implementation,” which allows an organization to determine which sections of the regulation apply to it, and to institute alternative methods of compliance. Making some of HIPAA’s requirements “addressable” predictably adds to the confusion about the regulation and, in some cases, results in potentially inappropriate security measures. The American Reinvestment and Recovery Act of 2009 (ARRA) tightens HIPAA’s protections by requiring notification to patients of a breach in their health records, by increasing regulation of business associates, by defining more rigorous standards of compliance and by greatly limiting the use of patients’ health information for marketing purposes. Before ARRA, covered entities found it difficult, if not impossible, to monitor the activities of their business associates. Some business associates operate off-shore and aren’t accessible or open to inspection by covered entities. Even if a business associate inappropriately disclosed or released health information, the covered entity would have been responsible for any fines. Business associates are now tied into HIPAA directly, rather than being responsible to a covered entity. They are legally required to meet standards for protecting health information or face fines and other punishments. The challenge for many organizations involved in an inappropriate release is determining whether they were, or were not, the source of the information. In the absence of clear evidence showing which organization was responsible for the disclosure of the information; it is difficult to
track the release back to its source. The Federal Trade Commission’s Red Flag Rule may eliminate some of this ambiguity. It requires organizations to develop proactive processes for monitoring access to health information and to notify patients of breaches of privacy. For organizations that haven’t yet implemented sophisticated processes or systems for monitoring, an inappropriate release of protected information may serve as the first indication that their security measures are inadequate. Arguably, if NYP had put sufficient monitoring processes in place, it would have been impossible for the identities of 50,000 patients to have been stolen. Implementation of tightened policies leads to a challenge. Many health care organizations use systems that have been eclipsed by newer technology or are no longer supported by vendors. These legacy systems, surprisingly common in health care organizations, may lack the sophisticated analysis tools needed for meaningful and proactive monitoring of private information. The privacy and security of information is only as good as the weakest link — and legacy systems often prove to be that weakest link. Some systems have been upgraded with add-on software, but these stopgap implementations may not meet the requirements of ARRA and the Red Flag Rule. To further complicate and confuse matters, the Red Flag Rule supersedes parts of HIPAA, as do certain state laws and regulations. ARRA has re-enforced other parts. Any given organization or entity may be bound by two, three or more state and/or federal competing requirements for the protection of a patient’s health information. Organizations must
Any given organization or entity may be bound
by two, three or more state and/or federal competing requirements for the protection of a patient’s health information.
somehow harmonize all of these requirements and develop a coherent strategy for compliance. Funding for guidance and enforcement activities has been insufficient to ensure the correct implementation of the regulation, even if its requirements had been better defined. HIPAA was not released per se — it escaped. In the beginning, the funding provided for education, guidance, support or enforcement was limited. CMS didn’t conduct an inspection until 2008, five years after the initial implementation. In those five years, reliable guidance and rigorous, or even casual, inspections would have helped both the industry and the government gauge HIPAA’s effectiveness. Now that the United States Department of Health and Human Services (HHS) and Centers for Medicare and Medicaid Services (CMS) have funding to manage compliance, perhaps HIPAA can provide some true benefit to patients. Any health care organization — especially one that has access to identity theft-friendly items such as social security numbers and dates of birth — must establish a workflow that protects health information while also allowing providers and staff the immediate and unfettered access required for safe and efficient health care operations. For example, a clinical employee may need to respond to various patients located throughout a facility or hospital; it would be inefficient and dangerous for this person to be restricted from seeing patient information as needed. Emergency department personnel undoubtedly need access to information stored in a facility’s systems for patients who arrive in the ER. Although it’s absolutely critical that a facility’s workflow allow for access, such access creates a channel through which a patient’s private information may be at risk. Payors and TPAs face the same problems; many employees need access to sensitive patient information in order to review medical records and process claims. The combination of very sensitive data and large employee bases make it nearly impossible for some organizations to protect health and financial information effectively. What is the answer? How do organizations protect patient information from inappropriate release? This is a complex question that will be answered differently for each organization, but there are some basic concepts that every covered entity and business associate should include as part of their HIPAA and Red Flag program implementation.
According to a recent article in For the Record, the cost of losing a laptop may be as high as $50,000. However high the monetary cost to an organization may be the damage to trust and reputation is incalculable. Tracking mobile media, such as laptops, flash drives and external hard drives is extremely difficult. These devices are easily lost or stolen and require close monitoring. The simplest and most foolproof protection is prohibition. If protected health information is never loaded onto a mobile device, then it can’t be compromised if the device is lost. It may be an extreme measure, but there are few reasons to remove large amounts of information from an organization’s offices. If information must be taken off-site, an organization should have a set of clear and well-thought-out policies concerning the use of portable storage devices. By all means, users must sign devices in and out in some sort of tracking log and the organization must know what information has been removed. This documentation, as well as periodic follow up, will enable the organization to exercise greater control of this risky process. Organizations must also protect against employee theft. HIPAA requires regular assessments to ensure that policies and procedures are effective, and the Red Flag Rule requires strict and comprehensive proactive monitoring. Random and thorough scrutiny of employee access to information should include not only technical reviews of access logs, but also close inspections of the workplace to identify inappropriately managed health information. Inspections may be a touchy subject with employees; some may view the process as meddling, micromanaging or a lack of trust on the part of the employer. Ensuring that inspections are carried out at all levels of the organization, from the front-line employee to the CEO, will demonstrate the organization’s commitment to following both the letter and the spirit of the law. This is just the beginning of what will be an everchanging environment as health care evolves in response to the next wave of transformation, including electronic personal health records and the use of email to communicate with patients. As our population ages and the need increases for sharing information among a wide variety of physicians, specialists, facilities, insurance companies and TPAs, we will need proper, clear-cut guidelines in place to strike a balance between privacy and efficiency.
tection is ro p of ro p ol fo t os m d n a st le p m The si is never on ti a rm fo in h lt ea h ed ct te ro p If prohibition. t be n’ ca it en th e, ic ev d e il ob m a loaded onto st. compromised if the device is lo 32
10897 S. River Front Parkway Suite 200 South Jordan, UT 84095 P 877-619-5557 F 801-285-5801 firstname.lastname@example.org