|
|
 |
Healthcare Fraud & Abuse
Although fraud and abuse may affect any industry, industries financed all or in part through insurance are generally more susceptible to fraudulent and abusive activities than industries that are not so financed. Insurers generally do not directly supervise the provision of goods and services by their agents (e.g. physicians) to their beneficiaries (e.g. patients). This lack of direct supervision creates opportunities for agents and beneficiaries to game the system in various ways for their own advantage. Most insurers are large entities that are held in somewhat less than the highest esteem by the public. Those that game the system therefore often rationalize their activities as being victimless crimes. Due to the complexities of healthcare, the size of the industry, and the fragmented nature of the industry, healthcare payers face the mother-of-all potential agency exposures, and therefore face the mother-of-all potential fraud and abuse exposures (see the Agency Problems section in the Organizational Design chapter for more information on agency problems). Although the great majority of physicians and other healthcare providers are honest and conscientious, fraudulent and abusive activities occur within the industry with alarming frequency. Government payers appear to be particularly susceptible to such practices. For example, the General Accounting Office (GAO) estimates that roughly 10 percent of current Medicare payments are fraudulent. In the past, this estimate has exceeded 20 percent.
In order to reduce the incidence of fraudulent and abusive healthcare activities, the federal government has enacted and enforced a number of laws prohibiting various types of activities. Historically, the key laws have proscribed false claims and statements, bribes and kickbacks, and self-referrals in the context of Medicare, Medicaid, and other government-sponsored healthcare programs, and have provided civil and criminal penalties against offending healthcare providers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) significantly changed the legal landscape surrounding healthcare fraud and abuse. HIPAA created four new criminal healthcare offenses: Health Care Fraud, Theft or Embezzlement in Connection with Health Care, False Statements Relating to Health Care Matters, and Obstruction of Criminal Investigations of Health Care Offenses. Importantly, the new HIPAA crimes apply to fraudulent and abusive activities affecting both public and private payers. HIPAA also amended existing asset forfeiture laws to apply to the new crimes, and authorized additional funding for healthcare fraud and abuse enforcement. Since the passage of HIPAA, the Departments of Justice (DOJ) and Health and Human Services (DHHS) have significantly increased their efforts to detect and fight healthcare fraud and abuse, and healthcare fraud has become one of the DOJ's top law enforcement priorities. In 1997, the departments began issuing the Annual Report of the Attorney General and the Secretary of Health and Human Services. The reports describe significant increases in healthcare fraud-related civil cases, criminal convictions, program exclusions, and monies recovered as compared with prior years. The semi-annual reports of the DHHS Office of Inspector General (OIG) describe similar trends in the Medicare and Medicaid programs.
The great majority of physicians support the federal government's efforts to crack down on bona-fide healthcare fraud and abuse. No reputable physician condones fraudulent activities. However, many honest physicians are justifiably concerned about their own exposures in the new healthcare fraud and abuse enforcement environment. The healthcare fraud statutes are extremely broad in scope and, as written, grant considerable investigative and prosecutorial powers to the government. To this day, physicians do not typically receive any formal legal or compliance training during medical school or residency. This is true despite the fact that the federal and state governments regulate these entities, and despite the fact that the federal and state governments own a large percentage of the nation's medical training facilities. For all intents and purposes, physicians are left to their own devices to become competent in such matters. Those that perceive a need to become knowledgeable about such matters pursue any of a number of approaches to gain such competency. No matter how hard a physician works at this, however, the physician will always have an imperfect understanding of the various healthcare fraud and abuse statutes, mastery of which is probably only attained by a select group of health lawyers, and then only in highly specific areas. The DHHS OIG published its Final Compliance Program Guidance For Individual And Small Group Physician Practices in September, 2000. This document represents the government's first prospective compliance assistance for physicians.
The practice of medicine is an inherently subjective and human endeavor, and humans are innately fallible. Unfortunately, as written, the healthcare fraud statutes do not appear to take these factors appropriately into account, nor do the statutes appear to offer reasonable prospective or retrospective protections to physicians. In the medical billing arena, for example, no matter how hard a practice tries to play by the rules, discrepancies will always occur between payers and practices, simply because so many billing rules are either undefined or ambiguous. Many individuals may play a role in the claim creation and submission process, and any party may through ignorance or accident introduce errors or interpretations to which an investigator might take exception. Physicians are the "captains of the ship" in their practices, and bear ultimate responsibility for any allegedly fraudulent activities that occur within their practices. Investigators typically have some discretion in deciding how to proceed in such cases. An aggressive investigator may feel that there is no such thing as an innocent mistake, and may not offer the physician an opportunity to simply repay the amount in dispute. An aggressive investigator may view the physician as guilty until proven innocent (in a hearing or in court). There are few physicians practicing today that are not in some way responsible for at least one act that might be held to be fraudulent by an investigator. Therefore, there are few physicians practicing today that are beyond the reach of the healthcare fraud and abuse statutes.
The goals of this chapter are two: to familiarize physicians with the key criminal and civil healthcare fraud and abuse statutes; and to discuss fraud and abuse compliance programs for medical practices. The next section discusses the HIPAA criminal healthcare fraud statutes. Subsequent sections cover other important criminal and civil healthcare fraud statutes. The chapter concludes with a section on compliance programs. This chapter is intended only to familiarize physicians with certain pertinent healthcare fraud laws and issues, and is not intended to offer any form of specific legal advice to physicians in search of such. Physicians are urged to seek competent counsel, or to consult other resources, to obtain specific healthcare fraud-related advice and assistance.
The HIPAA Statutes
HIPAA defines four new criminal healthcare fraud offenses:
Health Care Fraud (18 USC 1347): "Whoever knowingly and willfully executes, or attempts to execute, a scheme or artifice -
- to defraud any health care benefit program; or
- to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program,
in connection with the delivery of or payment for health care benefits, items, or services, shall be fined under this title [up to $250,000 per offense] or imprisoned not more than 10 years, or both.
Theft or Embezzlement in Connection with Health Care (18 USC 669): "Whoever knowingly and willfully embezzles, steals, or otherwise without authority converts to the use of any person other than the rightful owner, or intentionally misapplies any of the moneys, funds, securities, premiums, credits, property, or other assets of a health care benefit program, shall be fined under this title or imprisoned not more than 10 years, or both; but if the value of such property does not exceed the sum of $100 the defendant shall be fined under this title or imprisoned not more than one year, or both."
False Statements Relating to Health Care Matters (18 USC 1035): "Whoever, in any matter involving a health care benefit program, knowingly and willfully -
- falsifies, conceals, or covers up by any trick, scheme, or device a material fact; or
- makes any materially false, fictitious, or fraudulent statements or representations, or makes or uses any materially false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry, in connection with the delivery of or payment for health care benefits, items, or services, shall be fined under this title or imprisoned not more than 5 years, or both."
Obstruction of Criminal Investigations of Health Care Offenses (18 USC 1518): "(a) Whoever willfully prevents, obstructs, misleads, delays or attempts to prevent, obstruct, mislead or delay the communication of information or records relating to a violation of a Federal health care offense to a criminal investigator shall be fined under this title or imprisoned not more than 5 years, or both. (b) As used in this section the term "criminal investigator" means any individual duly authorized by a department, agency, or armed force of the United States to conduct or engage in investigations for prosecutions for violations of health care offenses."
In everyday practice, the statutes pertaining to Health Care Fraud and False Statements Relating to Health Care Matters are of the greatest importance to physicians. It is worth noting that 18 USC 1035 covers both oral or written statements. It is also worth noting that a physician may be charged with obstruction under 18 USC 1518, even if the matter under investigation does not ultimately warrant criminal prosecution.
Other Criminal Statutes
In addition to the HIPAA fraud statutes, physicians are subject to a number of other federal criminal fraud and abuse statutes. These other criminal statutes include the nine existing statutes that are strengthened by HIPAA, plus one section of the Public Health and Welfare code.
Fraud Statutes Strengthened by HIPAA
HIPAA significantly broadens the scope of nine existing criminal fraud statutes to include offenses against health care benefit programs, as that term is defined in 18 USC 24. Fortunately, these statutes cover offenses that are for the most part already captured in the four HIPAA healthcare fraud statutes. The nine existing criminal fraud statutes that are strengthened by HIPAA are as follows:
False, Fictitious or Fraudulent Claims (18 USC 287): "Whoever makes or presents to any person or officer in the civil, military or naval service of the United States, or to any department or agency thereof, any claim upon or against the United States, or any department or agency thereof, knowing such claim to be false, fictitious or fraudulent, shall be imprisoned not more than five years and shall be subject to a fine in the amount provided in this title."
Conspiracy to Commit Offense or to Defraud United States (18 USC 371): "If two or more persons conspire either to commit any offense against the United States, or to defraud the United States, or any agency thereof in any manner or for any purpose, and one or more of such persons do any act to effect the object of the conspiracy, each shall be fined under this title or imprisoned not more than five years, or both."
Embezzlement and Theft (18 USC 664): Any person who embezzles, steals, or unlawfully and willfully abstracts or converts to his own use or to the use of another, any of the moneys, funds, securities, premiums, credits, property, or other assets of any employee welfare benefit plan or employee pension benefit plan, or of any fund connected therewith, shall be fined under this title, or imprisoned not more than five years, or both."
Theft or Bribery Concerning Programs Receiving Federal Funds (18 USC 666)-this statute does not appear to apply to many physicians, and is rather long. Those interested in the statute should go to the US Code website and read it.
Statements or Entries Generally (18 USC 1001): "Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully -
- falsifies, conceals, or covers up by any trick, scheme, or device a material fact;
- makes any materially false, fictitious, or fraudulent statement or representation; or
- makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry;
shall be fined under this title or imprisoned not more than five years, or both."
False Statements and Concealment of Facts in Relation to Documents Required by the Employee Retirement Income Security Act of 1974 (18 USC 1027): "Whoever, in any document required by title I of the Employee Retirement Income Security Act of 1974 (as amended from time to time) to be published, or kept as part of the records of any employee welfare benefit plan or employee pension benefit plan, or certified to the administrator of any such plan, makes any false statement or representation of fact, knowing it to be false, or knowingly conceals, covers up, or fails to disclose any fact the disclosure of which is required by such title or is necessary to verify, explain, clarify or check for accuracy or completeness any report required by such title to be published or any information required by such title to be certified, shall be fined under this title, or imprisoned not more than five years, or both."
Mail Fraud: Frauds and Swindles (18 USC 1341): "Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations or promises, or to sell, dispose of, loan, exchange, alter, give away, distribute, supply, or furnish or procure for unlawful use any counterfeit or spurious coin, obligation, security, or other article, or anything represented to be or intimated or held out to be such counterfeit or spurious article, for the purpose of executing such scheme or artifice or attempting so to do, places in any post office or authorized depository for mail matter, any mater or thing whatever to be sent or delivered by the Postal Service, or deposits or causes to be deposited any matter or thing whatever to be sent or delivered by any private or commercial interstate carrier, or takes or receives therefrom, any such matter or thing, or knowingly causes to be delivered by mail or such carrier according to the direction thereon, or at the place at which it is directed to be delivered by the person to whom it is addressed, any such matter or thing, shall be fined under this title or imprisoned not more than five years, or both."
Fraud by Wire, Radio, or Television (18 USC 1343): "Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than five years, or both."
Offer, Acceptance, or Solicitation to Influence Operations of Employee Benefit Plan (18 USC 1954)-this statute does not appear to apply to many physicians, and is rather long. Those interested in the statute should go to the US Code website and read it.
Public Health and Welfare Code
42 USC 1320a-7b describes criminal penalties for acts involving federal health care programs. Some of these acts are covered by the HIPAA legislation. Under 42 USC 1320a-7b, it is a felony, punishable by up to five years imprisonment and a fine of up to $25,000 to, among other things: 1) knowingly and willfully make or cause to be made any false statement or representation of a material fact in any application for any benefit or payment under a federal health care program; 2) to knowingly and willfully make or cause to be made any false statement or representation of a material fact for use in determining rights to such benefit or payment; and 3) to present or cause to be presented a claim for a physician's service knowing that the individual who furnished the service was not licensed as a physician. It is a misdemeanor, punishable by up to one year's imprisonment and a fine of up to $10,000, for any person other than the provider of an item or service (e.g. an office assistant) to commit these offenses. It is a felony, punishable by up to five years imprisonment and a fine of up to $25,000, to solicit, receive, offer or pay illegal remunerations (including kickbacks, bribes, and rebates) in connection with the delivery of healthcare under a federal health care program.
Civil Fraud Statutes
Physicians are more likely to face civil fraud investigation than criminal fraud investigation. Physicians are subject to many civil fraud statutes. The important civil statutes include The False Claims Act, and three sections of the Public Health and Welfare Code.
The False Claims Act
The False Claims Act (FCA) [31 USC 3729 et seq.] establishes civil monetary liability for certain acts involving false claims and statements. A physician may be liable under 31 USC 3729 if he, among other things, knowingly submits a false or fraudulent claim to a government payer, or makes or uses a false record or statement to get a false or fraudulent claim paid or approved by a government payer. If a physician is found liable under the FCA, he may be subject to a civil penalty of between $5,000 and $10,000 per claim, plus three times the amount of damages that the government sustains due to his actions, plus the government's costs for civil litigation. The FCA applies the "knows or should know" standard to determine civil liability. Under this standard, the government need not prove that a physician intentionally filed an improper claim in order to assess civil penalties. The "knows or should know" standard is justified based on the argument that one should not be allowed to engage in acts of "deliberate ignorance" or "reckless disregard." 31 USC 3730 contains provisions for so-called qui tam or "whistleblower" suits. In a qui tam action, a private individual may bring suit against a physician on behalf of the government for alleged violations of the FCA, and receive a percentage of the proceeds of litigation, plus reasonable expenses and attorneys' fees.
Public Health and Welfare Code
42 USC 1320a-7a (The Civil Monetary Penalties Law, or CMPL) describes civil monetary penalties for certain acts involving federal health care programs. The risk area of greatest importance to physicians involves improperly filed claims. Under the CMPL, a civil monetary penalty of up to $10,000 may be imposed for each improperly filed claim, in addition to any other penalties that may be prescribed by law. The definition of improperly filed claims includes claims where an item or service was not provided as claimed, claims representing a pattern or practice of up-coding, and claims that are false or fraudulent. Civil liability under the CMPL is also determined using the "knows or should know" standard, so no proof of specific intent to defraud is required. For illegal remuneration (e.g. inducements and kickbacks), a penalty of up to $50,000 per act may be imposed under the CMPL. The CMPL defines illegal remuneration to include routine waivers or non-collections of coinsurance and deductible amounts (or any part thereof), and transfers of goods or services for free or for other than fair market value.
42 USC 1320a-7 sets out the criteria for mandatory and permissive exclusion from participation in federal health care programs (e.g. Medicare and Medicaid). The four criteria for mandatory exclusion are: 1) conviction of program-related crimes; 2) conviction related to patient abuse; 3) felony conviction relating to health care fraud; and 4) felony conviction relating to controlled substances. Depending upon the circumstances, mandatory exclusion may be permanent or for a period of up to ten years. In cases meeting the criteria for permissive exclusion, the Secretary of the DHHS has some discretion in deciding whether to exclude a person or entity from participation in federal health care programs. There are currently fifteen criteria for permissive exclusion, including certain misdemeanor convictions, license revocation or suspension, improper billing practices, failure to provide medically necessary services, failure to grant immediate access to records, and defaulting on a health education loan or a scholarship obligation. On December 24, 1997, the DHHS OIG published a notice regarding criteria for implementing permissive exclusion from federal health care programs, which provides a comprehensive framework that may be applied to physicians in reaching such decisions [62 Federal Register 67392].
Finally, 42 USC 1395nn (a.k.a. the "Stark Laws") describe civil monetary penalties for illegal physician referral activities. If a physician, or an immediate family member of a physician, has an ownership, investment, or compensation relationship with an entity that provides "designated health services," it is illegal for the physician to refer patients to that entity for services where payment may be made by a federal healthcare program, unless the relationship is subject to a statutory or regulatory exception. Designated health services include the following:
- Clinical laboratory services
- Physical therapy services
- Occupational therapy services
- Radiology services, including MRI, CT, and ultrasound services
- Radiation therapy services and supplies
- Durable medical equipment and supplies
- Parenteral and enteral nutrients, equipment, and supplies
- Prosthetics, orthotics, prosthetic devices, and supplies
- Home health services
- Outpatient prescription drugs
- Inpatient and outpatient hospital services
There are number of exceptions to the Stark Laws, including in-office ancillary services, ownership in a publicly-traded company, and legitimate compensation arrangements with a designated health service entity. Under the Stark Laws, a civil monetary penalty of up to $15,000 may be assessed for each improper claim, plus certain other fines.
Compliance Programs
Physicians are subject to a wide variety of criminal and civil healthcare fraud statutes. As written, some of these statutes appear to be quite broad, and somewhat ambiguous. Some of these statutes grant considerable investigative and prosecutorial powers to the government. Now more than ever, physicians require mechanisms to ensure that their healthcare delivery, documentation, and billing efforts are in line with existing fraud and abuse statutes, and are consistent with generally accepted medical and business practices. In other words, every medical practice requires a healthcare fraud compliance program.
If a practice decides to implement a compliance program, the practice should model the program around the DHHS OIG physician guidance. The final version of the physician guidance was published in September, 2000. The guidance is rather long, and it is beyond the scope of this chapter to provide a detailed analysis of the guidance. Interested readers should simply download the document from the DHHS OIG website, or from the Downloads area on this website. However, a few key points about the guidance should be made. As written, the healthcare fraud and abuse laws terrify many physicians. In the guidance, the DHHS OIG sets a more conciliatory tone regarding healthcare fraud investigation and enforcement. For example, the guidance distinguishes between fraudulent and "erroneous" claims, and states that healthcare fraud investigators consider innocent billing errors to be erroneous claims. With an erroneous claim, the practice must refund erroneously claimed funds, but the practice will not face criminal or civil prosecution. At first glance, the conciliatory tone of the OIG guidance may lead many physicians to breathe a sigh of relief. Unfortunately, the distinction between a fraudulent and an erroneous claim is somewhat semantic. That is, the distinction hinges on the interpretation of terms like "reckless disregard" and "deliberate ignorance." It stands to reason that different investigators may have different definitions of these terms, which might lead one investigator to find a claim to be fraudulent when another investigator would find the claim to be erroneous. Time will tell whether the conciliatory tone of the OIG guidance translates into bona-fide enforcement relief for physicians.
The OIG physician guidance states that an effective physician compliance program should contain the so-called "seven elements" common to other healthcare fraud compliance guidances. These seven elements are:
- Conducting internal monitoring and auditing
- Implementing complianc and practice standards
- Designating a compliance officer or contact
- Conducting appropriate training and education
- Responding appropriately to detected offenses and developing corrective action
- Developing open lines of communication
- Enforcing disciplinary standards through well-publicized guidelines
In the guidance, the OIG recognizes that implementation of all elements of an effective compliance program may not be feasible for all medical practices. The OIG encourages practices to make reasonable efforts to establish effective compliance programs.
The OIG has identified a number of healthcare fraud risk areas for physicians. In the guidance, the OIG highlights four general physician risk areas:
- Coding and billing
- Reasonable and necessary services
- Documentation
- Improper inducements, kickbacks and self-referrals
For each general risk area, the guidance identifies specific risk areas that have been among the most frequent subjects of investigations and audits by the OIG.
The OIG guidance suggests that a compliance program should be a "do-it-yourself" project for the typical small medical practice. That is, the typical small medical practice may create an effective compliance program without much outside assistance. Of course, each practice must decide for itself whether to obtain compliance-related assistance and, if so, how much assistance to obtain. In order to reach this determination, and in order to set the compliance initiative in motion, the practice might begin by designating its compliance officer. The compliance officer should take responsibility for the design, implementation, and monitoring of the practice's compliance program. In the typical practice, many individuals might serve as the compliance officer. As pointed out in the Revenue Czar sections in the Economics and Finance chapter, however, the practice's revenue czar is the ideal compliance officer candidate.
Once the compliance officer has been selected, he should review the OIG guidance, paying particular attention to the seven elements and the specific physician risk areas. The compliance officer should identify the subset of specific compliance risk areas that applies to his practice. The compliance officer should take an initial "snapshot" of the practice's operations, in order to establish a compliance baseline, and in order to identify areas where the practice may not be in compliance with the OIG guidance. Next, the compliance officer should create a compliance program proposal, and submit that proposal to the shareholders for their consideration. Together, the compliance officer and the shareholders should refine the proposed program, and determine whether the practice requires outside assistance. Once the shareholders have approved the program, the compliance officer should implement the program. During the implementation phase, the compliance officer should orient all providers and staff members to the program, paying particular attention to the providers. As discussed in the Revenue Czar sections in the Economics and Finance chapter, the practice's providers must document (and code, if the providers do their own coding) their encounters properly if the practice is to minimize its fraud exposure. Once the compliance officer has established the compliance program, he must monitor the program, and modify the program when indicated.
For the typical small medical practice, the compliance officer should find it relatively easy to establish policies for most of the specific risk areas identified in the OIG guidance (e.g. billing for no-shows, double-billing, unbundling, routine waivers of co-pays regardless of need, and kick-backs). However, the compliance officer may find it difficult to establish policies that meaningfully address certain risk areas (e.g. up-coding, and providing adequate documentation to support the medical necessity of services). To help address the up-coding issue, the compliance officer might establish a set of internal coding guidelines for common types of office visits, paying particular attention to encounters where providers do not typically interact much with patients (e.g. medication refills, injections, blood pressure checks, dressing changes, and the like). If the practice sees HCFA-insured patients, the compliance officer might also review the HCFA evaluation and management (E/M) documentation guidelines, and summarize these guidelines for the practice's providers. Regarding documentation of the medical necessity of services, the compliance officer should encourage providers to document their encounters such that an auditor may easily appreciate the indications for different tests and services. To create a truly effective compliance program, the compliance officer must audit the practice's charts and superbills on a periodic basis. Based upon these audits, the compliance officer may identify provider-specific opportunities for improvement, and individualize his feedback for each provider.
The OIG guidance provides a great starting point for the development of an effective medical practice fraud compliance program. In addition to this guidance, the compliance officer might take advantage of other Web-based resources. The Health Care Financing Administration (HCFA) maintains various fraud and abuse materials on the Plans and Providers page of its website. The American Health Lawyers Association (AHLA) maintains several resources on its website that might assist physicians in developing an effective compliance program. The AHLA has indicated that it will publish a model physician compliance manual (MPCM) during 2001. The AHLA indicates that the manual will cover fraud and abuse issues, as well as a host of other legal issues of importance to medical practices. The AMA provides information regarding healthcare fraud and abuse, and compliance programs, in the legal section of its website. The Health Care Compliance Association (HCCA) maintains extensive compliance-related information and links on its website. In the February, 2000 edition of its ClaimsRx publication, Norcal Mutual Insurance Company provides an excellent discussion of fraud and abuse compliance programs for medical practices.
|
|
