Gabriel L. Imperato (gabriel.imperato@nelsonmullins.com) is the Managing Partner of the Fort Lauderdale office of Nelson Mullins Riley & Scarborough and the Team Leader of the firm’s Health Care Criminal and Civil Enforcement, Litigation, and Compliance Practice. He is board certified as a specialist in health law by the Florida Bar. Ariel J. Cavazos (ariel.cavazos@nelsonmullins.com) is an Associate Attorney in the Orlando office of Nelson Mullins Riley & Scarborough and is on the firm’s Health Care Criminal and Civil Enforcement, Litigation, and Compliance Team.
While 2020 will undoubtedly always be referred to as the 21st century’s annus horribilis, the world experienced a similarly devastating pandemic more than a century ago. The pandemic of 1918 infected more than 500 million people, killing at least 50 million people worldwide.[1] While the pandemic of 1918 was fought and defeated with far fewer resources, healthcare providers were not tasked with navigating that pandemic with today’s overwhelming guidelines and laws set in place to defend against potential fraud, waste, and abuse. Today, the healthcare provider entities and systems combatting COVID-19 are burdened with federal and state regulations and a plethora of compliance standards, all while adapting to a new way to provide care and, in turn, ensuring adequate testing and treatment are received.
The Centers for Medicare & Medicaid Services (CMS) has provided emergency waivers and flexibilities, essentially providing a safety mask for healthcare entities and systems navigating the compliance world amid the COVID-19 pandemic. As we see vaccines distributed at a higher and more effective rate, the thought of normalcy has resurfaced, triggering the necessary discussions regarding what will happen once the public health emergency expires. Moreover, what would the healthcare compliance world’s layout look like once the “masks” come off?
With more than 30 million cases and more than half a million deaths related to COVID-19 in the United States,[2] it is no surprise that many of the recent works plans of the U.S. Department of Health & Human Services Office of Inspector General (OIG) cover a significant number of pandemic-related items.
As known to any practitioner in the healthcare fraud and abuse sector, the OIG publishes work plans with monthly updates that set forth various projects, including OIG audits and evaluations that are underway or planned for the fiscal year and beyond by OIG’s Office of Audit Services and Office of Evaluation and Inspections.[3] It is imperative to monitor potential risk areas outlined by the Work Plan to guarantee compliance for a healthcare provider entity and system.
This article explores several general fraud and abuse topics and highlights issues relevant to the ongoing COVID-19 pandemic, including various telehealth services the OIG is monitoring with a magnifying glass. These items range from home health to behavioral health services; the Coronavirus Aid, Relief, and Economic Security (CARES) Act resources; and other laboratory testing and billing concerns.
The current ticket items addressed in the OIG Work Plan
Besides items related to the ongoing pandemic, the OIG Work Plan sets forth various projects, including OIG audits and assessments underway or planned to be addressed during the fiscal year. These projects include topics such as risks and concerns regarding fraud, waste, and abuse; extended inpatient hospital overnight stays; home health services, laboratory services, and billing; psychotherapy services; and opioid and compound drug–related issues.
Fraud, waste, and abuse
Medicare requirements for the billing of orthotic braces have been an item heavily scrutinized by the OIG in the past, resulting in findings of improper payments for orthotic braces that were not medically necessary and not documented properly pursuant to Medicare requirements. Therefore, it is no surprise to hear that the saga continues as the OIG now plans to compile prior OIG audits, evaluations, and investigations of orthotic braces paid for by Medicare to identify trends in payment compliance and fraud vulnerabilities in this orthotic brace space.[4] The OIG previously focused on the lack of proper documentation to ensure medical necessity, among other key items. Those OIG reports outlined several documents that are necessary to avoid future compliance issues. Some of those documents included, but were not limited to, a written order detailing the need for orthotic braces from a treating physician and supporting documents indicating the orthotic brace’s delivery to the intended beneficiary. It can be assumed that the OIG plans to follow a similar road map as it did with past reviews; therefore, it would be advantageous to familiarize oneself with past OIG reports related to orthotic braces.
Another ticket item worth mentioning in the fraud and abuse area is the OIG’s intent to perform on-site reviews of a select sample of Medicaid Fraud Control Units (MFCUs).[5] This review will ensure MFCUs’ adherence to federal regulations, policy, and performance standards and collect and analyze performance data to provide continued guidance on better practices for MFCUs.
The two-midnight rule
Contrary to the OIG’s previous position on discontinuing short-stays audits, it has announced its intent to begin auditing short-stay claims again and, when appropriate, recommend overpayment collections.[6] Although this announcement conflicts with the OIG’s previous statements on short-stay audits, this revival of audits comes as no surprise, particularly since prior OIG audits identified millions of dollars in overpayments for inpatient claims with short lengths of stay. Instead of billing the stays as inpatient claims, the OIG determined several stays should have been billed as outpatient claims, resulting in a lower payment.
OIG plans to commence audits of hospital inpatient claims concerning the two-midnight rule in order to reduce inpatient admission errors. The audit will examine whether inpatient claims with short lengths of stay were billed incorrectly as an inpatient or whether the claims should have been billed as outpatient or outpatient with observation. While doing so, the OIG also plans to review policies and procedures for enforcing the two-midnight rule at the administrative and contractor level.
Home health compliance
Recent OIG reports disclosed high error rates at individual home health agencies (HHAs).[7] These reports identified improper payments of home health claims of beneficiaries who were not homebound or did not require skilled services. To ensure home health claims are paid in accordance with federal requirements, the OIG plans to continue its review of various aspects of the home health prospective payment systems, including a medical review of the documentation required in support of the claims paid by Medicare. In past reviews, the OIG selected a stratified random sample of 100 home health claims and submitted these claims for medical review to determine medical necessity and whether proper coding requirements were present. To avoid an overpayment situation, an HHA must develop a robust compliance practice to ensure best practices.
Medicare Part B
OIG plans to focus on claims made under Medicare Part B for laboratory and psychotherapy services. Both have been equally affected by the COVID-19 pandemic and were previously audited by the OIG. During the audits of both service lines, the OIG discovered significant risks of noncompliance with Medicare billing requirements and evidence of insufficient documentation, which led to improper billing for services not medically necessary or covered. As a result of the alarming discoveries uncovered during the past audits, the OIG plans to continue its investigation of Medicare Part B payments for laboratory and psychotherapy services to identify providers at risk for overpayment and correct poor documentation practices, among other areas of concern.
Medicare Part B payments for laboratory services
The laboratory billing process is notoriously complex and has also been inherently challenging. OIG previously conducted audits, investigations, and inspections that identified billing areas for clinical laboratory services at risk for noncompliance with Medicare billing requirements. In a continuance of an investigation to ensure compliance with billing requirements, among other essential compliance items, the OIG plans to review Medicare payments for clinical laboratory services to determine compliance.[8] OIG will focus its efforts on claims for clinical laboratory services that may be at risk for overpayments by reviewing claim line modifiers for a code pair, genetic testing, and urine drug testing services for evidence of improper use. These issues continue to also be a basis for claims brought by whistleblowers under the False Claims Act.
Medicare Part B payments for psychotherapy services
In addition to laboratory services, including testing, Medicare Part B also covers certain psychotherapy services, and recently it has been doing so on an expanded basis. In 2016, Medicare Part B allowed approximately $1.2 billion for a wide range of psychotherapy services, including individual and group therapy. OIG discovered that $185 million was inappropriately permitted for outpatient mental health services, which included psychotherapy services.[9] OIG further uncovered signs of insufficient documentation and evidence of services Medicare paid for that were either not covered or medically necessary. As a result of the OIG’s previous findings, it plans to review Part B payments for psychotherapy services to determine whether they were allowable according to Medicare documentation requirements.
Medicare Part D
The current OIG Work Plan continues to include several items that focus on opioid and compound drugs–related issues, including oversight of opioid prescribing in selected states and the rapid growth and spending surrounding compound drugs.
As spending for compound drugs, particularly topical drugs, continues to grow, and the OIG continues to encounter an increasing number of potential fraud issues related to compounded drugs, which warrant investigations, the OIG plans to conduct a risk assessment of CMS’ oversight of pharmacies compounding drugs for a beneficiary.[10] This review is to aid the OIG in determining whether systemic vulnerabilities affect the integrity of Medicare Part D and, as a result, place pharmacies at risk of not meeting federal and state requirements.
In addition to the growing concerns with compound drugs, the OIG focuses its efforts on the opioid crisis, which remains prevalent during any public health emergency, including the COVID-19 pandemic.
In February 2021, the OIG published a report concerning opioid use in Medicare Part D during the onset of the COVID-19 pandemic.[11] However, this report was limited to the first eight months of 2020, finding that about 5,000 Medicare beneficiaries per month suffered an opioid overdose as the pandemic advanced, the number of beneficiaries receiving naloxone fluctuated, the number of beneficiaries receiving short-term opioid prescriptions declined, and the number of beneficiaries receiving drugs for medication-assisted treatment of opioid use increased. Approximately 220,000 beneficiaries received high amounts of opioids in the first eight months of the COVID-19 pandemic.
With such an alarming first look at the opioid use and treatment during the COVID-19 pandemic, the OIG plans to continue the analysis until year-end.[12] OIG’s continuum of this analysis will provide information on opioid use among beneficiaries enrolled in Medicare Part D in 2020. Additionally, it would provide 2020 data on Part D spending for opioids and the numbers of beneficiaries who received extreme amounts of opioids through Part D and those who appeared to be doctor shopping. The objective is to identify prescribers who ordered opioids for large numbers of these beneficiaries in hopes of identifying patients who are at risk for overdose or abuse.
COVID-19–related updates
As expected, the OIG Work Plan is heavily inundated with items associated with the ongoing pandemic. After reviewing the current OIG Work Plan in detail, one gets the impression that the OIG plans on investing a significant number of resources for conducting audits, assessment, and, if necessary, investigations into areas and services most affected by the public health crisis. The OIG Work Plan addresses several categories of telehealth services, including but not limited to telehealth for Medicare, home health, and behavioral health. Telehealth seems to be a hot topic and on the OIG’s radar as discussions concerning CMS officials’ receptiveness to the permanence of COVID-19 waivers and flexibilities related to certain telehealth services.
Other areas related to the COVID-19 pandemic where assessments and audits are underway are laboratory services and the CARES Act. With laboratory services, the OIG is focusing on testing and billing issues as a result of the challenges many independent laboratories encountered when providing COVID-19 testing. Regarding the CARES Act, the OIG is focusing on the proper allocation of resources to eligible providers.
Telehealth during a public health emergency
Considering the ongoing global pandemic, the OIG is focusing its efforts on the following key areas related to telehealth.
Telehealth for Medicare services
OIG plans to focus its attention on Medicare Parts B and C data, reviewing the use of telehealth services in Medicare during the COVID-19 pandemic.[13] OIG will look at the extent to which Medicare beneficiaries are using telehealth services, how the use of these services compares to the use of the same services delivered in person, and the different types of providers and beneficiaries using telehealth services. Further, the OIG will review and analyze providers’ billing patterns for telehealth services and describe providers’ key characteristics that may pose a program integrity risk to the Medicare program. These reviews were triggered by the recent changes made by CMS, which enabled Medicare beneficiaries to access a broad array of telehealth services without having to set foot in a healthcare facility.[14]
Since CMS plans to make some changes responsive to the COVID-19 pandemic permanent, the OIG also intends to focus its resources on state Medicaid programs that have expanded telehealth services options. With the OIG’s growing concerns regarding proper state oversight of these telehealth services, it will assess whether Medicaid agencies and providers complied with federal and state requirements for telehealth services under the national emergency declarations and whether the states gave providers adequate guidance on telehealth requirements.[15]
While there is no argument that healthcare providers’ ability to continue to care for patients via telehealth has been instrumental during the COVID-19 pandemic, discussions concerning telehealth services being expanded beyond the public health emergency to provide care for Medicare beneficiaries causes concern for the OIG, thus triggering OIG audits. In fact, the OIG plans on conducting a series of audits of Medicare Part B telehealth services. OIG plans to break these audits into the following two phases:[16]
-
Phase one will “focus on making an early assessment of whether services such as evaluation and management, opioid use order, end-stage renal disease, and psychotherapy…meet Medicare requirements.”
-
Phase two will “include additional audits of Medicare Part B telehealth services related to distant and originating site locations, virtual check-in services, electronic visits, remote patient monitoring, use of telehealth technology, and annual wellness visits to determine whether Medicare requirements are met.”
Telehealth for behavioral health services
One healthcare area that has benefited from telehealth from both a patient and provider perspective is mental and behavioral health. The need for mental and behavioral health services has become increasingly necessary amid the current public healthcare crisis. Furthermore, telehealth has aided in eliminating one of the biggest obstacles individuals encounter when seeking mental and behavioral health services: transportation.
In light of the increased use of telehealth to provide health assessment, diagnosis, intervention, and consultations across numerous locations, the OIG is reviewing the use of this telecommunication technology. Specifically, the OIG plans to analyze how state Medicaid programs and managed care organizations use telehealth to provide behavioral health services in selected states.[17] The OIG’s review will focus on the following items:
-
The challenges selected states face while “using telehealth to provide behavioral health services to Medicaid enrollees;”
-
The “extent to which States assess the effects of telehealth on access, cost, and quality and monitor telehealth to provide behavioral health services; and”
-
How selected states “use telehealth to provide behavioral health services in Medicaid managed care.”
As telehealth’s role for behavioral health services evolves, healthcare provider entities and systems would be advised to remain up to date of future decisions concerning telehealth services as it becomes a more permanent fixture in the new, post-pandemic world we live in.
Telehealth for home health services
There is no argument that the expansion of telehealth’s footprint, which enables providers with the ability to deliver home health services, has been essential for our vulnerable adult population during this COVID-19 pandemic; yet, it also has not been without its challenges. During the pandemic, CMS’ 2021 final rule[18] has allowed HHAs to use telehealth technologies to provide care to home health patients. However, there have been difficulties procuring necessary equipment, supplies, implementing treatment plans, and ensuring adequate staffing. As a result, the OIG will provide insights into the strategies HHAs have used to address the challenges presented by the COVID-19 pandemic by conducting a nationwide study.[19]
OIG has also taken a particular interest in the payment of claims for home health telehealth services and ensuring those services were administered and billed in accordance with Medicare requirements.[20] In that, the OIG has expressed its plan to report as overpayments any services that were improperly billed. OIG will evaluate home health services provided by HHAs during the public health emergency to determine which types of skilled services were furnished via telehealth and whether those services were administered and billed under Medicare requirements.
This particular area of services provided via telehealth should be closely observed, as the discussion concerning CMS’ receptiveness to the idea of maintaining the expansion of home health telehealth services beyond the public health crisis continues.
Laboratory services during a public health emergency
Laboratory tests, most typically covered under Medicare Part B, are essential during any public healthcare emergency because these tests are used for early detection, diagnosis, monitoring, and treatment of diseases and viruses such as COVID-19. During the COVID-19 pandemic, it became quite apparent that many independent laboratories were encountering challenges in providing COVID-19 testing. As a result, the OIG conducted a preliminary analysis of laboratory services, including testing, during the pandemic, which showed that the number of non-COVID-19 tests billed for Medicare Part B beneficiaries decreased compared with the six months before the COVID-19 pandemic.[21]
Therefore, the OIG plans to carry out additional audits on Medicare Part B laboratory services used during the COVID-19 pandemic, first focusing on the pandemic’s effect on non-COVID-19 testing and then focusing on the aberrant billing of COVID-19 testing during the pandemic.
Financial support and resources for providers during a public health emergency
The CARES Act and the Paycheck Protection Program and Health Care Enhancement Act[22] appropriated $178 billion for the Provider Relief Fund (PRF) to support healthcare providers affected by the COVID-19 pandemic.[23] These funds were beneficial for providers in rural areas and skilled nursing and other longer-term care facilities.
OIG plans to review the allocation of these provider funds through an audit of a statistical sample of providers that received general or targeted distributions to determine whether providers that received PRF payments complied with specific federal requirements and the terms and conditions for reporting and expending PRF funds.[24]
Furthermore, the OIG plans to audit the disbursement of provider relief funds through the CARES Act to determine the effectiveness of the U.S. Department of Health & Human Services control over the awarding and disbursement of $50 billion in PRF payments to hospitals and other providers, among other disbursements of PRF.[25] The purpose of this audit is to ensure that payments were correctly calculated and disbursed to eligible providers.
Conclusion
The OIG Work Plan outlines the key areas the government believes are significant in the healthcare compliance workspace. Further, it aids healthcare provider entities and systems in navigating an already complex system by providing insight into the government’s focus areas with respect to fraud, waste, and abuse for the coming fiscal year.
In light of the COVID-19 pandemic, where so many changes occurred, it would be advisable to take advantage of this road map the OIG provides to ensure practical steps are taken to ensure services, operations, and billing practices adhere to Medicare and Medicaid requirements. The OIG Work Plan can help develop compliance programs simply by pulling from the OIG ticket items for that year. It can also help develop audit plans and educate medical staff and leadership on ongoing OIG activities; however, the OIG Work Plan should not be the sole resource depended upon when building or refining a compliance program.
The CMS waivers and exceptions established during the COVID-19 pandemic have opened new possibilities for the world of healthcare compliance by providing a certain level of flexibility concerning patient care and an upsurge of revenue for some healthcare areas. Nevertheless, this public health emergency will inevitably expire, along with many of its waivers and exceptions. Therefore, in anticipation of the majority of the waivers and exceptions reverting to a pre-pandemic status, it would be advantageous to identify areas within a healthcare entity or system subject to risks. A few small changes now can help reduce the risk of an overpayment demand or a False Claims Act investigation. In other words, be prepared when the masks come off!
Takeaways
-
Use the Office of Inspector General (OIG) Work Plan as a framework: Treat it as a road map to start or redevelop a compliance program.
-
Develop an attack plan for 2021–2022: Prioritize action items for 2021, considering the public healthcare crisis, starting with assessing items that may not have been a focal point in 2020 to ensure compliance and avoid False Claims Act investigations.
-
Get a head start: Once the public health emergency expires, some telehealth service waivers and exceptions will expire, and some will become permanent. It would be advisable to start identifying which waivers and exceptions for particular services will expire along with the public health emergency and which will not, and how that will affect your business model plan.
-
Rely on other resources to identify and manage organizational risks: The OIG Work Plan is an essential source for compliance professionals to identify and manage their organizations’ risks. However, the OIG Work Plan should only be used in conjunction with the array of False Claims Act cases and their underlying bases. Furthermore, compliance professionals should review the OIG Work Plan while relying on the OIG’s Compliance Program Guidances according to their industry healthcare sector. Relying on False Claims Act settlements and Compliance Program Guidances will enable an organization to anticipate potential False Claims Actions by identifying those signs early.
-
Identify the need for experts, if and when needed: As we transition back to the world of healthcare compliance, post-COVID-19 pandemic, the compliance issues associated with the topics mentioned in this article can be challenging to navigate; therefore, accessing the appropriate expertise to assess these matters is critical.