Table of Contents
In a new memo, top CMS attorneys say the agency can’t base enforcement actions on guidance, such as Medicare manual provisions, unless it’s rooted in laws or regulations, but it’s a little vague what they mean by enforcement actions.
The Oct. 31 CMS memo, which surfaced in late November, states that HHS’s and CMS’s ability to bring enforcement actions “predicated on violations” of payment policies “is restricted” to payment policies that were promulgated through notice and comment rulemaking in the wake of the Supreme Court’s June 2019 decision in Azar v. Allina Health Services, et al. Enforcement actions can still be brought based on internet-only manuals (IOMs) and preambles in regulations if they are “closely tied to statutory or regulatory requirements,” the memo stated. But “to the extent the IOMs and similar guidance set forth payment rules that are not closely tied to statutory or regulatory standards, the government generally cannot use violations of that guidance in enforcement actions, because under Allina, it was not validly issued,” according to the memo, which was written by CMS Chief Legal Officer Kelly Cleary and Deputy General Counsel Brenna Jenny. They noted, for example, that enforcement actions based exclusively on local coverage determinations (LCDs) “are generally unsupportable.”
The CMS attorneys were asked for their opinion about the impact of the landmark Allina decision on Medicare payment rules and “compliance actions” by top administrators, including Alec Alexander, the director of CMS’s Center for Program Integrity. The Supreme Court decision, which may forever change the way the health care industry gets CMS guidance, said that CMS is required to use the rulemaking process, with its notice and comment period, to make “substantive” changes to policies that affect payment, although the same isn’t true for “procedural” changes.
While guidance can’t be the “sole basis for an enforcement action,” the CMS lawyers said it can be germane for other purposes, such as proving “scienter” (i.e., intent) or materiality in a False Claims Act (FCA) lawsuit.
The juxtaposition of enforcement actions based solely on guidance documents versus laws or regulations in the CMS memo echoes the position of the Department of Justice (DOJ) in the January 2018 Brand memo, says attorney Asher Funk, with Polsinelli in Chicago. “It’s a counterpart to the Brand memo,” he says.
The DOJ memo, which was issued by then-Associate Attorney General Rachel Brand, said that “Department litigators may not use noncompliance with guidance documents as a basis for proving violations of applicable law in [affirmative civil enforcement] cases,” such as FCA complaints. “The Department may continue to use agency guidance documents for proper purposes…. For instance, some guidance documents simply explain or paraphrase legal mandates from existing statutes or regulations, and the Department may use evidence that a party read such a guidance document to help prove that the party had the requisite knowledge of the mandate. However, the Department should not treat a party’s noncompliance with an agency guidance document as presumptively or conclusively establishing that the party violated the applicable statute or regulation.”
Lawyer: CMS Definition Is Ambiguous
That was welcome news for providers, but it only addressed liability under the FCA. “It didn’t address overpayment liability, audits or the imposition of sanctions” by CMS or the HHS Office of Inspector General, Funk says. CMS, however, is entering that territory, however equivocally, he says. The memo only defines enforcement actions in a footnote, saying “enforcement actions may include overpayment collections based on audits, but generally do not include routine claims and cost report procedures.”
Funk says he’s “shocked” that CMS left the definition so ambiguous and stuck it in a footnote. “They seemed to gloss over a critical thing, or CMS has a good understanding in their own minds of what an enforcement action should be, but didn’t put it on paper,” he says. As a result, at the moment it’s unclear whether, for example, post-payment audits of medical necessity will stand unless there’s a violation of Social Security Act requirements. Probably Medicare auditors have enough “black-letter law” to support their reviews, “but they can’t just say you didn’t comply with a local coverage determination or manual provision.”
Funk also wonders whether enrollment falls under the definition of an enforcement action. “Could an action to terminate or revoke a provider be considered an enforcement action? It’s a gray area,” he says.
CMS may elaborate on the definition of enforcement actions, because the footnote goes on to say, “We encourage consultation with the Office of the General Counsel regarding questions about whether an action constitutes an enforcement action.”
When providers receive overpayment demands or other enforcement actions from CMS, Funk advises them to determine the basis and whether it’s a statute, regulation, manual or other guidance (e.g., LCD). Understanding the source that fuels the overpayment demand is the first critical step to challenging it, he says. If the overpayment demand is based on a combination of regulations and guidance, “it may be permissible.”
Contact Funk at email@example.com.