Category: Physicians Practice

Historically, aside from using common sense, no one really thought too much about protecting patient health information. Speaking with many physicians on the subject, the opinions seem unanimous: It is hard to believe the government doesn’t have anything better to worry about.

The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To implement this mandate, the Office of Civil Rights piloted a program to perform test audits of covered entities to assess privacy and security compliance. Audits conducted during the pilot phase began November 2011 and should conclude in December 2012. Here’s more information about the pilot program.

Yet, if it seems strange that the government should involve itself with physician/patient privacy, it seems stranger still that the Office of Civil Rights should be given the task of enforcement. Historically, federal civil rights statutes protect citizens from government (and in some cases, private) infringement upon rights protected by the bill of rights and the 13th and 14th Amendments. These are normally “citizenship” rights, which cannot be infringed upon by the government. As any Constitutional Law scholar can attest, however, there is no Constitutional right to physician/patient confidentiality. In fact, HIPAA confers no private cause of action of any kind, (hence, no rights, civil or otherwise) upon a citizen whose privacy expectations have been violated.

The HIPAA Privacy Rule, among other things, regulates the use and disclosure of Protected Health Information (PHI) held by “covered entities” (generally, healthcare clearinghouses, employer-sponsored health plans, health insurers, and medical service providers that engage in certain transactions.) By regulation, HHS extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of “business associates.” PHI is any information held by a covered entity which concerns health status, provision of healthcare, or payment for healthcare that can be linked to an individual. This is interpreted rather broadly and includes any part of an individual’s medical record or payment history. Covered entities must disclose PHI to the individual within 30 days upon request. They also must disclose PHI when required to do so by law, such as reporting suspected child abuse to state child welfare agencies.

A covered entity may disclose PHI to facilitate treatment, payment, or healthcare operations without a patient’s express written authorization. Any other disclosures of PHI require the covered entity to obtain written authorization from the individual for the disclosure. However, when a covered entity discloses any PHI, it must make a reasonable effort to disclose only the minimum necessary information required to achieve its purpose.

Penalties for the non-compliant can be severe. In April, Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, Ariz., agreed to pay the HHS a $100,000 settlement amount after an Office of Civil Rights’ investigation found that the physician practice was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible. This follows a $1 million fine handed down in 2011 against Massachusetts General Hospital, after an employee inadvertently left 192 patient records on a subway train.

Yet, if “patient confidentiality” is not an historically protected right under the Constitution, why is the Office of Civil Rights involved in the first place in protecting patient records?

This is actually a two-part question, with the answer to the question “Why is the government involved in privacy?” making more practical sense than the answer to the question “Why is the Office of Civil Rights involved in something which isn’t a civil right?” The reason the government is involved at all, lies in the fact HHS decided it could save a great deal of money by switching to an expensive electronic system. Yet, a great deal of Congressional hand-wringing concerned the fear of public blow-back if all those binary “ones and zeros” ever got loose. So Congress decided upon a plan whereby the government would reap the financial savings from a new electronic system, but lay blame at the feet of providers if anything went wrong.

As to the question, “Why is the Office of Civil Rights involved?” apparently Americans are very protective of their civil rights — even nonexistent ones. If the government wanted to be taken seriously, (and in the beginning, no one did,) what better way to add cache, than to pretend that accidentally leaving records on a subway somehow is a matter for the Office of Civil Rights?

We know there is no civil rights violation, because HIPAA creates no private right to sue for a violation of HIPAA’s confidentiality provisions. (Anyone who has ever tried has been thrown out of court.) Any fines recovered for violations belong to the government — not the patient. Rather than a private right, a patient must file a written complaint with the HHS Secretary through the Office of Civil Rights. It is then within the secretary’s administrative discretion whether to investigate complaints and conduct compliance reviews to determine whether covered entities are in compliance. 45 C.F.R. §§ 160.306, 160.308 (2010). Therefore, any claim for invasion of privacy under HIPAA fails as a matter of law.

Naturally, the lack of a financial motive tends to dampen patient enthusiasm for vindication of their “civil rights;” the end result being, auditors are required — because no one else has really ever cared too much about protecting PHIs prior to HIPAA. Nevertheless, for the foreseeable future, all of this will surely mean more headaches, once the pilot audit program concludes, and the full wave of inspections begins.

Read Article on Physicians Practice

An accountable care organization (ACO) is the latest federal attempt to rescue Medicare from financial ruin. (The “Final Rule” can be found here.) Similar to the failed HMO model of the late 1990s, groups of providers may form relationships which tie provider reimbursements to quality metrics and reductions in the total cost of care for an assigned population of patients. Under the ACO model, physicians and providers are responsible for the care of at least 5,000 patients, and may earn incentive bonuses if costs savings are realized.

Because the formation of “relationships” and the payment of “incentives” implicate Stark Law, the Anti-Kickback Statute, and certain medical rules of ethics, HHS may be required to tweak current rules, prior to full implementation. Stark Law, 42 U.S.C. 1395nn, forbids physician self- referral, if the physician has any financial relationship with a provider to whom the patient is referred. Similarly, the Anti-kickback 42 U.S.C. §1320a-7b prohibits splitting fees between providers, similar to AMA Ethics Code 6.02-6.04.

On the ground, physicians are understandably uneasy. Not only is it expensive to form ACOs, but if the government now proposes allowing physicians and providers to enter contracts with one another, and accept “fee splitting” arrangements, authority must be absolutely clear.

The AMA Code of Medical Ethics does speak to the issue of HMO/ACO plans. (See, Opinions on “Conflicts of Interests Under Capitation,” (Opinion 8.051) and “Financial Incentives and the Practice of Medicine,” (Opinion 8.054)) These were added to the Stark Law Statute, but were more designed to satisfy concerns that a switch from fee-for-service to a capitation/incentive plan would lead to: 1.) under treatment to earn incentives; or 2.) the available funds under a capitation plan might run out, and lead to treatment without any compensation, or unsustainably low reimbursements.

According to AMA Opinion 8.054, for example, while a physician may consider the “availability of affordable care” needs of society as a whole, the “first obligation is to the patient . . .which must override consideration of reimbursement mechanism or specific financial incentives applied to a physician’s clinical practice.” Further, “Physicians …should evaluate financial incentives associated with participation in a health plan before contracting with the plan… to ensure that patient care is not compromised by unrealistic expectations for utilization [how much care is delivered] or by placing that physician’s payment for care at excessive risk [the risk that the money will run out and the physician will not be paid if appropriate care is delivered.].”

Because the new ACO Shared Savings Plans are optional and do not replace traditional fee-for-service models, physicians could be in a position to refer both ACO member/patients as well as those who are covered by traditional plans to the same hospital or clinic with whom the physician has an ACO relationship. The question under Stark Law and the Anti-Kickback Statute isn’t the referral or treatment of patients covered within the ACO. The question is the referral of everyone else. For example, if in a given year, the ACO does not meet its target, and in fact loses money, there may be incentive to refer other non-ACO patients between members. This is termed in government speak, to “capture a stream of referrals.”

What is missing from current Stark Law and Anti-Kickback regulations is express authority for physicians to enter ACO contracts and make referrals of everyone else, without fear of enforcement action. Clearly Congress or HHS will resolve this issue in the near future. Until clearer guidance is in place, however, the potential costs savings to the government under the ACO scheme may be frustrated.

Read Article on Physicians Practice

Last week, I discussed the six reasons physicians are opting-out of the Medicare program. This week, let’s talk about how it is done. First, the disclaimer: Before you make this decision, talk to your SPORE (Spouse, Priest or Rabbi, and Everyone else.) Second, you need a health lawyer of your own. Reading how to do something in a magazine, doesn’t count. However, if you wish to read more on the subject (who wouldn’t) one of the most ardent supporters of opting out is Timothy C. Kriss, M.D who published, “Opting Out Of Medicare: Practical Tips for Opting Out,” for the American Association of Physicians and Surgeons.

Part of the problem for physicians participating in the Medicare Part B program, is the convoluted prohibition on billing a beneficiary for services. A very good 17-page paper on the details and history of opting out was written by William Buczko Ph.D., and may be found on the CMS website. According to Buczko while it is possible to balance bill patients, most providers opt-in and receive payments directly from the government. The trade-off is that physicians who do not follow the protocol for opting-out, cannot contract directly with the Medicare beneficiary — even those willing to pay out of pocket for top-line care. Congress changed this with the Balanced Budget Amendment of 1997 for most providers, and added more with the Medicare Prescription Drug Improvement Act of 2003, which is covered in great detail in Buczko’s paper.

Mechanically, opting out involves three things: (1) informing Medicare that you are “opting- out” at the appropriate deadline (and by following opt-out procedure); (2) contracting with a beneficiary; and (3) following the rules in order that you do not lose your opt-out status.

First Step: Opting Out
Inform Medicare that you will be opting out. Here’s a guide from the AAPS to help.

You should notify your patients that you are opting out of Medicare, and file a copy of an affidavit with each carrier that has jurisdiction over the claims that the physician or practitioner would otherwise file with Medicare, no later than 10 days after entering into first private contract.

In the words of CMS, “Participating physicians and practitioners may opt out if they file an affidavit that meets the criteria and which is received by the carrier at least 30 days before the first day of the next calendar quarter showing an effective date of the first day in that quarter (i.e., January 1, April 1, July 1, October 1).” [From CMS Benefit Policy Manual (Rev. 147, 08-26-11) Sec. 40.17] Note that a participating physician must give his or her carrier 30-days’ prior notice by sending in the opt-out affidavit with an effective date of the beginning of the next quarter.

Second Step: Private Contracts
You will need a patient contract specifically tailored to Medicare Part B beneficiaries. Again, the above link contains a sample contract, which should clearly state that the patient agrees to be responsible, whether through insurance or otherwise, to make payment in full for the services, and acknowledges that physician will not submit a Medicare claim for the services and that no Medicare reimbursement will be provided.

Third Step: After You Opt-Out
Install procedures to ensure that your office never files a Medicare claim, and never provides information to a patient that enables him to file a Medicare claim. Mark your calendar to send in a new “opt out” affidavit every two years to maintain your status.

Finally, a process getting out from under Medicare’s immensely convoluted bureaucracy could never be complete without a complex set of rules published in a CMS manual defining what it means to “Fail to Maintain” opt-out status:

     Failure to Maintain Opt-Out Occurs if during the opt-out period:
     ? The physician/practitioner has filed an affidavit in accordance with §40.9 and has signed private contracts in accordance with §40.8 but, the physician/practitioner knowingly and willfully submits a claim for Medicare payment (except as provided in §40.28) or the physician/practitioner receives Medicare payment directly or indirectly for Medicare-covered services furnished to a Medicare beneficiary (except as provided in §40.28); (For specific information about Chapter 15, sections 8 and 28, refer to http://www.cms.hhs.gov/Manuals/downloads/bp102c15.pdf on the CMS website. The sections of Chapter 15 that are revised by CR6081 are attached to CR6081.)
     ? The physician/practitioner fails to enter into private contracts with Medicare beneficiaries for the purpose of furnishing items and services that would otherwise be covered by Medicare, or enters into private contracts that fail to meet the specifications of §40.8; or
     ? The physician/practitioner fails to comply with the provisions of §40.28 regarding billing for emergency care services or urgent care services; or
     ? The physician/practitioner fails to retain a copy of each private contract that the physician/practitioner has entered into for the duration of the opt-out period for which the contracts are applicable or fails to permit CMS to inspect them upon request.

To see the official instruction (CR6081) issued to your carrier or A/B MAC visit the CMS website.

Read Article on Physicians Practice

Practice Notes blogger and attorney Martin Merritt points out that September 1 is the current deadline for physicians who wish to opt out of Medicare. And he notes “record numbers are doing just that.”

Merritt provides six reasons physicians are dropping Medicare patients:

1. Forced Pay Cuts. By many estimates, Medicare reimbursement falls far below the cost of providing services.
2. Bureaucratic Nightmare. It’s difficult for physicians to document a patient file sufficiently to satisfy CMS.
3. RAC Auditors. Physicians must return payments, long after the claim has been paid, often because an auditor “with a financial interest in contradicting the physician overrules the doctor.”
4. Stark Law. No Medicare means no need to comply with Stark Law. As a result, physicians can engage in any free-enterprise arrangement, as long as it complies with medical ethics rules.
5. Whistleblowers. As with Stark Law, without Medicare there are no whistleblowers to deal with.
6. Criminal Prosecution. The OIG has redefined fraud to mean “anything the OIG doesn’t like, under the mantra ‘fraud, waste, and abuse.’”

Read Article on Physicians Practice

September 1, 2012 is the current deadline for physicians who wish to opt out of Medicare —and record numbers are doing just that. According to a recent survey by the Texas Medical Association, the number of Texas physicians accepting Medicare patients dropped from 78 percent in 2000, to 58 percent in 2012. Texas is one of the few states that keeps Medicare opt-out information. HHS’ Office of Inspector General (OIG) in January reported it couldn’t pin down the extent of the problem nationally because Medicare and its contractors don’t keep adequate data on physicians who opt out.

Why are so many physicians opting out of Medicare?

Forced Pay Cuts
Doctors have suffered steep Medicare payment cuts every year for more than 10 years. Although Congress temporarily postponed a 29 percent cut in 2012, physicians face a nearly 30-percent cut Jan. 1, 2013. By many estimates, Medicare reimbursement rates fall far below the cost of providing services. Medicare prohibits physicians from balance billing patients. Thus providers must look to, (and as some allege “overcharge”) privately insured and uninsured patients, simply to remain solvent.

Bureaucratic Nightmare
It was difficult enough prior to the Affordable Care Act (ACA) for a physician to document a patient file sufficiently to satisfy CMS that prescribed care was correct and properly coded. The ACA continues the steady march toward even more arcane bureaucratic “metrics” which take into account “patient outcomes” and effectiveness of treatment before payment can be sought. An entire cottage industry has sprung up, offering sophisticated computer systems and processes, aimed solely at making the documentation of treatment — not the treatment itself — more satisfying to CMS. This bureaucracy is no better exemplified than by reference to the list of acronyms on the CMS website: 198 Medicare acronyms – and that’s just the ones which begin with the letter “R.”

RAC Auditors
As complex as documentation rules can be, payment of a claim by CMS was often the only way a physician could be sure he or she got it right. Getting paid is just the beginning. In 2003, the government began unleashing an army of Recovery Audit Contractors (RACs). RAC auditors are supposed to review patient files and billing records to identify both over- and under-payments. Not surprisingly, given that RAC auditors are compensated a percentage for finding over-payments, 97 percent of RAC findings favor the government. This means physicians must return payments, long after the claim has been paid, often because a non-physician auditor with a financial interest in contradicting the physician has overruled the doctor.

Stark Law
Since its passage in 1989, most every physician has some understanding that Stark Law prohibits referrals to outside providers, if the physician has an ownership interest in the provider. But in the 1980s, when the government paid 80 percent of the amount of a physician’s fees, most did not mind so much, being told by the government with whom they could go into business. In 2012, the government uses a pay scale which often pays a scant 20 percent of the charges. Physicians must seek outside income from investment in ASCs, PODs, DME suppliers, and a whole host of other acronyms. But Stark Law only applies if a physician accepts or refers Medicare patients. Without Medicare, there is no Stark Law, and physicians are free to engage in any free-enterprise arrangement, limited only by medical ethics rules.

Whistleblowers
One of the most vexing things about accepting Medicare dollars, is the operation of the whistleblower provision of the False Claims Act. This law allows employees of physicians, and virtually anyone else, to file an action on behalf of the federal government, with the promise of collecting 15 percent to 30 percent of the award. It is normally the most disgruntled, intractable, problem employees who file these cases. Although the vast majority of these cases are dismissed with no payment, defense can be hugely expensive. As with Stark Law, many physicians are discovering, without Medicare, there are no whistleblowers.

Criminal Prosecution
The OIG lists on its website the 10 Most Wanted Medicare Fugitives. Without exception, these violators have non- Anglo-Saxon surnames (African, Arab, and Russian names appear frequently.) One could argue this list is carefully designed to invoke nationalistic prejudice, leading to a belief that all the OIG does is protect the U.S. Treasury from hordes of foreign financial criminals. Nothing could be further from the truth. Since its creation in 1987, the OIG has been busy redefining “fraud” to mean anything the OIG doesn’t like, under the mantra “fraud, waste, and abuse.”

Perhaps most poignant is a report from the Texas Medical Association quoting a family practitioner who says the “straw that broke the camel’s back” landed in 2009. The physician, Chris Noyes, MD, recalls, “I had a patient who moved from out of state to be with his kids. He had lung cancer when he came in, and he ultimately died. We wrote off a fairly large balance,” Noyes said. “Two years after he died, we got a letter from Medicare saying they had overpaid for a flu shot for him by $2 and they wanted the money back with interest and a penalty, and if I didn’t pay it all within 30 days they would prosecute me.”

There was a time, in the old west, when the sheriff was in charge of escorting “snake oil” salesmen to the edge of town. Today, there is a new sheriff in town, the OIG and its posse of RAC auditors and whistleblowers. Each use allegations of wrongdoing to ration care, as if the problem will go away, if there is no one left to treat the elderly and permanently disabled.

In Texas, those accepting Medicare dropped from 78 percent to 58 percent in a decade. Medicaid numbers are even worse, with only 31 percent of physicians participating. Nationwide, this trend will continue, unless something is done to reinvigorate enthusiasm on the part of providers. At the moment, the government is steaming full speed ahead, in the opposite direction.

Next week, I’ll detail the mechanics of how physicians can opt out of Medicare.

Find out more about Martin Merritt and our other Practice Notes bloggers.

Read Article on Physicians Practice

The case seemed “open and shut.” At least until June 26, 2012, when a California federal district judge threw out Gonzalez v. Planned Parenthood of California, on the grounds that overcharging the government isn’t always illegal. Filed as a qui tam whistleblower case by a former chief financial officer, the claim was simple: Planned Parenthood had been overcharging California Medicaid (Medi-Cal) for nearly a decade, because the provider billed Medi-Cal more than “actual cost” for contraceptives administered to patients.

Many private practice physicians live in fear of being informed by a benefits utilization review auditor that one of a physician’s billing practices is actually forbidden by a federal or state program manual. Worse, because the failure to comply with program guidelines automatically constitutes a violation of the False Claims Act, repayment of the amount of the claim plus a penalty of as much as $11,000 per bill may be assessed. This fear is compounded by the OIG’s recent testimony before Congress that many physicians are falsely accused, because Medicaid auditors don’t understand Medicaid law.

In the recent California case, Planned Parenthood actually did violate the provisions of the benefit manual, but argued that such a violation was not necessarily a False Claims Act violation, unless the company also lied about the claim. Under the Medi-Cal Family Planning Procedures Manual, Planned Parenthood could bill the government no more than “cost” for contraceptive devices. Planned Parenthood obtained contraceptives at a discount, but did not pass the savings on to the state. Cases of this nature can be prosecuted administratively or through whistleblower lawsuits.

Government enforcement agencies much prefer the administrative route for several reasons. First, in an administrative action, the people making the rules are in charge of enforcement. Second, there is no immediate “referee.” Finally, a provider can be summarily punished, simply for resisting. In the usual case, for example, the Office of Inspector General will normally take the position that a failure to comply with any HHS dictate triggers a violation. Letters are sent, audits performed, and a bill is presented to the provider. Even if the provider doesn’t agree, the threat of huge penalties, criminal prosecution, freezing of assets, and threats of program exclusion mean resistance is largely futile.

A whistleblower lawsuit on the other hand, comes with a federal judge who is called upon immediately to decide if the conduct is actually illegal. Here, District Judge Howard Matz agreed with the defendant, “No case creates or imposes [False Claims Act] liability merely where one overcharges the government — the overcharging must be committed in conjunction with a false statement that is a lie.”

Matz observed that Planned Parenthood never tried to hide the fact that it had not followed the government’s billing manual, but instead, “with consistent candor and truthfulness,” openly did not comply. Nor did Planned Parenthood “lie” or misrepresent that the amounts billed were based upon actual cost. Therefore, the bills presented were not “false.”

The court then reviewed the whistleblower’s “False Certification” claim. Such a claim might be valid if a provider had certified each bill complied with the provisions of the Claims (“FPACT”) Manual, when it did not. However, the court dismissed this claim because “Plaintiff does not even allege that Defendants signed the FPACT manual. What Defendants did allegedly sign was the Provider Agreement, which did not require or amount to a promise to comply with every provision in the manual.”

The Gonzalez opinion highlights the problem of a lack of judicial oversight in the ongoing battle between medical providers and governmental agencies. In the absence of court opinions to the contrary, a government agency will normally take a most aggressive view — both of its own rule-making power, and what behavior it believes violates those rules. Judicial review of administrative enforcement actions is often impossible because settlements are frequently coerced by threats of program exclusion, or the staggering $11,000 per-claim penalty under the False Claims Act.

In many cases, it seems almost better to be sued by a whistleblower. It is only where a qui tam relator beats the government to the punch that a court is called upon to decide immediately, in a pre-litigation Motion to Dismiss, whether questionable conduct actually violates the law.

Case: P. Victor Gonzalez v. Planned Parenthood, No. CV 05-8818 AHM (FMOx), U.S. Dist. Ct. C.D. Calif.

Martin Merritt is a Dallas-based attorney, representing physicians, practices, and others in cases involving Stark Law, state and federal regulations, Medicare fraud and abuse compliance, as well as transactions and contracts. E-mail him here.

Read Article on Physicians Practice