The process of Medicare contractors – such as Zone Program Integrity Contractors (ZPIC) and Recovery Audit Contractors (RAC) – issuing adverse medical review findings and Medicare Administrative Contractors (MAC) subsequently demanding repayment of alleged overpayments can be very daunting for providers. This is particularly true when Medicare contractors employ statistical sampling methodologies which expand overpayment sums to a designated universe of claims beyond just the actual claims reviewed. A few thousand dollars worth of claims suddenly becomes tens or even hundreds of thousands of dollars. In many instances, providers will choose to appeal adverse determinations, ready to defend the good faith provision of services based on the medical needs of its patients. Understanding the financial implications and timeline of an overpayment assessment is hugely important. Should the provider pay the overpayment up front? If the provider can’t pay the overpayment sum immediately, how can it work with Medicare to repay the sum in a financially feasible manner? What if the provider doesn’t want to repay the overpayment – what steps will Medicare take? These questions are best addressed in reverse order.
I. Recoupment: Short-term Strategies for Delaying
Medicare expects providers to repay any overpayment as quickly as possible. If Medicare does not receive payment within 40 calendar days from the date of the MAC’s first demand letter, Medicare will recoup the full overpayment amount beginning on day 41, meaning the overpayment will be recovered from current payments due or from future claims submitted. There are multiple ways to delay recoupment, including by submitting a rebuttal to your MAC within 15 days of the initial demand letter (no guarantee) and filing appeal requests for the first two levels of appeal within specified time frames. Specifically, a provider must file the first level appeal – called the redetermination level – within 30 days of the initial demand letter to prevent recoupment through the time that a redetermination decision issues. If the redetermination decision is unfavorable, the provider must file the second level appeal – called the reconsideration level – within 60 days of the redetermination decision. If the reconsideration decision is also unfavorable, Medicare will initiate recoupment 30 days after the reconsideration decision is issued. If the reconsideration is partially favorable, and the overpayment sum requires recalculation, recoupment will begin 30 days after the recalculated demand.
It is important for providers to understand that even while recoupment is stalled, interest accrues starting with the date of the initial demand letter and is assessed every 30 days thereafter. While capitalization does not occur, the interest rate is quite high, at 10.50% as of January 21, 2015. Even if a provider is successful at postponing recoupment, the reality is that if a provider is at all unsuccessful through the first two levels of the Medicare administrative appeals process, recoupment will begin if the provider does not repay the overpayment and the provider likely must wait years to have a hearing scheduled before an Administrative Law Judge. Given that interest accrues and recoupment delay measures are really a short-term strategy, providers should use these tactics to buy time for serious financial planning. If a provider can repay some or all of the overpayment upon demand, the provider can lower or prevent the interest penalty, not to mention control the repayment process.
II. Extended Repayment Schedule or Cede to Recoupment?
A provider can set up an Extended Repayment Schedule (ERS) at any time once the first demand is made. If an unfavorable reconsideration decision is issued and the provider has not repaid the overpayment or established an ERS, the provider has two choices: allow Medicare to recoup or request an ERS. As long as a provider continues to appeal, Medicare cannot refer the debt to the Department of Treasury. Interest continues to accrue during recoupment and recoupment can be devastating to a provider whose payer mix is heavily weighted toward Medicare, effectively halting income. If an ERS is put into place, interest accrual ceases. Medicare also takes into consideration the financial hardship that an overpayment debt obligation imposes on a provider, and depending on whether the debt imposes a “hardship” or an “extreme hardship” on a provider, the ERS can be as long as 60 months. For a provider who is not a sole proprietor, the ERS application process can be tedious. The list of documents needed to support financial hardship is extensive, including balance sheets, income statements, cash flow statements, and lists of restricted cash funds, investments, and notes and mortgages payable. If a provider cannot establish genuine hardship, an ERS will be rejected or modified to reflect what Medicare believes is an appropriate repayment schedule based on the provider’s financials. Any repayments made under an ERS do not accrue interest in favor of the provider, if the provider is successful at reducing or eliminating the overpayment upon appeal; likewise, interest does not accrue in favor of Medicare either.
III. Controlling the Overpayment: Paying the Overpayment Upon Demand
If a provider is able to repay some or all of the overpayment upon demand, the provider has better control over the repayment process during the administrative appeals process, even if the provider adamantly disagrees with the overpayment assessment. The provider can avoid or limit recoupment and interest accrual. The provider will get its money back if it wins on appeal, though not with interest. Of course, if the provider does not win, Medicare keeps the money.
It is important for providers to understand the financial landscape of an overpayment demand. A provider familiar with the recoupment timeline and repayment options can immediately assess its finances and determine the best strategy for addressing the alleged overpayment during the administrative appeals process.
Do you have the policies and procedures in place to effectively deal with a Medicare Recoupment? Have you received correspondence from a ZPIC or RAC auditor and have delayed responding?
Lorraine Ater, Esq. is a health law attorney with the boutique firm, Liles Parker, Attorneys & Counselors at Law. Liles Parker has offices in Washington DC, Houston TX, McAllen TX and Baton Rouge LA. Our attorneys represent health care professionals around the country in connection with government audits of Medicaid and Medicare claims, licensure matters and transactional projects. Need assistance? For a free consultation, please call: 1 (800) 475-1906.
(December 31, 2010): In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010. Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:
Compliance Risk Number 1: Increased “HEAT” Activity and Enforcement: Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT). These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions. HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.
As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:
- Filed charges against more than 800 defendants.
- Obtained 583 criminal convictions.
- Opened 886 new civil health care fraud matters.
- Obtained 337 civil administrative actions against parties committing health care fraud.
- Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies.
President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program.These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented. Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.
Compliance Risk Number 2: Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims: As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million. In 2011, we should expect to see:
- The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
- The reliance of both contractors and the government on data mining will continue to grow. Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
- An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.” In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.
Are you ready for an unannounced / unanticipated site visit or audit? When is the last time that you have conducted an internal review of your billing / coding practices? Are you aware of the hidden dangers when conducting these reviews? In 2011, your Compliance Officer may very well be your most important non-clinical staff member. Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.
Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs). In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations. Instead, the information gathered is often sparse and similar for each of the patients treated. Take care before converting your practice or clinic to an EMR system. Include your Compliance Officer in the selection and review process.
Compliance Risk Number 4: Physician Quality Reporting Initiative (PQRI) Issues: Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate. As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered. Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.
Compliance Risk Number 5: Medicaid Integrity Contractors (MICs) and Medicaid Recovery Audit Contractors (MDRACs): In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States. Notably, the information and documentation requested has often been substantial. Medicaid providers must now also contend with MDRACs. As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011. Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.
Compliance Risk Number 6: HIPAA / HITECH Privacy Violations: Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).
- Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
- Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.
As of mid-2010, there had been 93 breaches affecting 500 or more individuals. The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million. Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records. Many of these thefts could have been avoided with appropriate security. The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement. Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.
Compliance Risk Number 7: Increased Number of Qui Tams Based on Overpayments: Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.
This law creates a minefield for physicians and other Medicare providers. First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later. Of course, the legislation does not actually explain what it means to “identify” an overpayment.
From a “risk” standpoint, this change is enormous. Disgruntled employees try to file a Qui Tam (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion. While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case. Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.
Compliance Risk Number 8: Third-Party Payor Actions: Third-party (non-Federal) payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents. Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs). Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services. If so, their SIU opens a new investigation against the provider.
Compliance Risk Number 9: Employee Screening: With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare. As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded. In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.
Compliance Risk Number 10: Payment Suspension Actions: Last, but not least, we expect the number of payment suspension actions to increase in 2011. In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions. Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.
As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements. Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution. Providers must take compliance seriously if they hope to thrive in 2011.
Liles Parker attorneys provide health law guidance and advice to health care providers around the country. Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations. Should you have questions regarding these and other issues, give us a call for a free consultation. We can be reached at 1 (800) 475-1906.
(December 11, 2010): Earlier this week, HHS-OIG announced that it had assessed significant civil monetary penalties (CMPs) against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. Medicare exclusion screening is essential.
I. The Failure to Conduct Proper Medicare Exclusion Screening Activities Can Result in Significant CMPs.
The provider paid $376,432 to resolve these allegations. As Lewis Morris, Chief Counsel to the Office of Inspector General stated:
“Providers self-disclosing such violations will ultimately pay lower settlement amounts. . . But in cases initiated by the government — such as this one — providers will, as a matter of course, be required to pay more to resolve the matter.’
As Mr. Morris further noted:
“This case illustrates yet again that OIG will pursue CMPs when providers have employed an excluded person for the furnishing of items or services paid for by Federal health care programs,”
Notably, this matter was referred to HHS-OIG for investigation by the State Medicaid Fraud Control Unit (MFCU).
II. Lessons to be Learned.
This case illustrates a number of important lessons for all health care providers who participate in Federal Health Benefits Program, regardless of size. These lessons include:
Medicare exclusion screening of your employees is easy and quick: It takes very little effort for a provider to screen current and prospective employees against HHS-OIG list of excluded parties and GSA’ s list of parties who have been debarred from participation in Federal contracts. Notably, the failure to screen employees can be quite costly.
No mention of actual fraud or overpayment was mentioned in this case. Nevertheless, the employment of excluded individuals was found to be quite serious by HHS-OIG: HHS-OIG won’t hesitate to pursue civil monetary penalties against a provider who employs excluded individuals, despite the fact that no mention is made of any wrongful billings. Regular screenings of your employees should be made to ensure that none of your employees have been excluded from participation.
The government is serious about self-disclosing problems: HHS-OIG’s Chief Counsel went out of his way to point out that provider’s who self-disclose will ultimately pay a lower amount of damages to the government. While we recognize the government’s preference in this regard, should you identify a problem, you should contact legal counsel before making a self-disclosure. HHS-OIG’s voluntary disclosure protocol has a number of requirements that should be fully assessed prior to deciding to make a disclosure under the program. To be clear, if you owe money to the government, you must pay it back. The issue to be resolved is how to go about returning any monies to which you are not entitled. Depending on the circumstances, a provider may be better off working with their Medicare Administrative Contractor to resolve a problem. In other cases, HHS-OIG’s protocol may be the best option. Every situation is different and should be carefully assessed before action is taken.
Federal and State law enforcement teams are coordinating their actions and findings: Notably, these violations were first identified by a State MFCU who then contacted HHS-OIG. Similarly, we are seeing State Medical Boards advising ZPICs of actions they are taking against licensed health care providers. In several cases, the State Medical Board found that the provider was either not providing adequate supervision over subordinate Nurse Practitioners and Physician Assistants. The ZPIC has then used this as a basis to argue that the claims did not qualify for Medicare coverage.
In summary, health care providers should continually be reviewing their compliance efforts to ensure that basic mistakes such as the ones in this case (failure to properly conduct Medicare exclusion screening procedures of employees) do not occur.
Robert W. Liles serves as Managing Partner at Liles Parker. Robert and our other health law attorneys represent health care providers around the country in connection with compliance and other health law issues. Should you have questions about a health law issue, feel free to call us for a free consultation. We can be reached at: 1 (800) 475-1906.