Eleventh Circuit Extends Scope and Time Limits for People Who Sue under the Medicare Secondary Payer Act

Medicare is the Secondary Payor when other insurance is available to pay the claim. However, when the Primary Payor delays payment, Medicare will make a “conditional payment.” If the Primary Payor fails to reimburse Medicare within 60 days, Medicare and other Medicare Advantage Organizations (MAOs) can recover double damages from the Primary Payor.

This Eleventh Circuit decision opens the door to allow “downstream actors” (the physician groups who contract with MAOs to provide care) to recover double damages from the Primary Payor.

[T]he Eleventh Circuit held that “downstream actors that have made conditional payments in an MAO’s stead or that have reimbursed an MAO for its conditional payment can bring suit for double damages against the primary payer.” Included in its reasoning, the court observed that the MSPA was intended to protect Medicare and MAOs from paying for medical costs that should have been covered by a primary payer. If a downstream actor renders a conditional payment that should have been the responsibility of a primary payer, the downstream actor suffers the same financial loss.

Source: Eleventh Circuit Extends Scope and Time Limits for People Who Sue under the Medicare Secondary Payer Act


FTC sues to block $350 million sale of 2 Tenet Healthcare-owned hospitals in Memphis area

The Federal Trade Commission is suing to block Farmers Branch-based Tenet Healthcare’s $350 million sale of two hospitals in the Memphis area to another healthcare system.

I don’t know the specifics of the transaction, but the FTC likely objected after the parties filed a “Hart-Scott-Rodino Premerger Notification,” or just “Hart-Scott filing.” These filings, which must take place a certain amount of time prior to the closing of the transaction, give the FTC time to object.

Often, the FTC will object and also file an injunction in Federal Court to prohibit the transaction. The practical effect is that the preliminary injunction hearing becomes the “trial” for whether the transaction will be allowed. If the FTC is successful with the injunction, the deal is usually scuttled.

Source: FTC sues to block $350 million sale of 2 Tenet Healthcare-owned hospitals in Memphis area – Dallas Morning News


California Doctor Pleads Guilty to EKRA Violations

On September 15, 2020, Doctor Akikur R. Mohammad, a California resident and drug treatment facility owner, pled guilty before the U.S. District Court of New Jersey for violating the Eliminating Kickbacks in Recovery Act (“EKRA”), one of the country’s first convictions under this statute targeting opioid kickbacks. Enforcement under EKRA can help shed light on questions remaining concerning the statute’s broad definitions, particularly around laboratory services, and its application in light of other federal laws such as the federal anti-kickback statute (“AKS”). Thus far, known enforcement cases under EKRA have focused on opioid and drug treatment cases.

EKRA was designed to combat the opioid crisis, but in its haste to passage, the definition of “laboratory” was not sufficiently limited to those involved in substance abuse testing. The omission has cased a great amount of speculation about the DOJ’s enforcement intentions.

The full extent of EKRA’s implications still remain uncertain. Most open questions circulate around its application to clinical laboratories, but Dr. Mohammed’s guilty plea, as well as earlier enforcement in other jurisdictions have focused on opioid and drug treatment. Such experiences suggest DOJ is focused on EKRA’s intent and inclusion in the SUPPORT Act, despite potentially broader statutory language. That said, such focus does not ensure that it will not be used more broadly in the future. This plea does signal an increased focus on EKRA enforcement by DOJ moving forward. Future enforcement may provide further certainty around EKRA’s applicability to non-opioid-related lab and other services, as well as answer other questions about how the AKS safe harbors and EKRA interact.

You can read the DOJ Press Release here.

Source: California Doctor Pleads Guilty to EKRA Violations


San Antonio ER hospital sued for alleged overbilling

A former patient has sued Baptist Emergency Hospital in San Antonio and its owner alleging they fraudulently overcharged for lab work to generate higher reimbursements.

This is not a qui tam case, but rather a state court private action. The Plaintiff accuses Baptist Emergency Hospital at Shavano Park of carrying out a scheme known as “unbundling,” which is when a facility bills separately for some or all tests analyzed as part of a panel rather than billing for the panel.

The Plaintiff visited the hospital in December 2018. Although the hospital accepted his insurance, he received a “laboratory” bill for $4,500 nine months later. Most of the charge was related to a metabolic panel and a liver function test, together consisting of multiple components. The suit alleges that the components were billed individually rather than as a complete panel, resulting in a higher bill.

A “Pricing Transparency Document” posted on the hospital’s website in 2018 showed the cost of a basic metabolic panel as almost $754. Only seven of the eight tests in the panel were performed, the suit says, but Keslar was billed nearly $1,221, according to the suit.

The petition alleges that this same unbundling practice is occurring across all Baptist Emergency Hospital facilities. Plaintiff is seeking certification of a class-action.

Source: San Antonio emergency hospital sued for alleged overbilling


Office of the National Coordinator for Health IT Extends Compliance Deadlines under Interoperability Final Rule

In an effort to provide additional relief to a health care system strained by the COVID-19 pandemic, the Office of the National Coordinator for Health IT (“ONC”) released an Interim Final Rule with Comment Period (“IFC”) on October 29, 2020 that extends the compliance dates under the 21st Century Cures Act Interoperability, Information Blocking, and ONC Health IT Certification Program Final Rule (the “Final Rule”) and offers some technical corrections and clarifications.

Of particular interest to health care providers, health IT developers and health information networks and exchanges, the IFC extends for five months (from November 2, 2020 to April 5, 2020) the deadline to comply with the Final Rule’s information blocking provisions. The Final Rule also extends the compliance timeframes to meet the updated 2015 Edition Health IT certification criteria, and the Conditions and Maintenance of Certification requirements under ONC’s Health IT Certification Program.

Source: Office of the National Coordinator for Health IT Extends Compliance Deadlines under Interoperability Final Rule


OCR Settles Tenth Investigation in HIPAA Right of Access Initiative

Riverside Psychiatric Medical Group (“RPMG”) has agreed to take corrective actions and pay $25,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. RPMG, based in Riverside, California, is a group practice specializing in child and adolescent psychiatry, geriatric psychiatry, neuropsychiatry, psychology, and substance use disorders.

OCR received a complaint from a patient alleging that RPMG failed to provide her a copy of her medical records despite multiple requests to RPMG beginning in February 2019. Shortly after receiving the complaint, OCR provided RPMG with technical assistance on how to comply with the HIPAA Right of Access requirements and closed the matter. In April 2019, however, OCR received a second complaint alleging that RPMG still had not provided the complainant with access to her medical records.

“When patients request copies of their health records, they must be given a timely response, not a run-around,” said OCR Director Roger Severino.

Source: OCR Settles Tenth Investigation in HIPAA Right of Access Initiative


OIG Semiannual Report to Congress

OIG issued its Semiannual Report to Congress summarizing the activities of the Department of Health and Human Services (HHS), Office of Inspector General (OIG), for the 6-month period ending on March 31, 2020.

The OIG noted that during this reporting period, there were 443 criminal actions, 370 civil actions, 903 exclusions, and an expected $1.51 billion in investigative recoveries and $605.2 million in expected audit recoveries.

Of particular import to the COVID-19 pandemic, the Principal Deputy Inspector General noted that OIG will diligently investigate fraud related to the public health emergency:

OIG is investigating and holding accountable those who would exploit the emergency to defraud the public and HHS programs, including through fraudulent marketing schemes for COVID-19 tests, identity theft, and submission of false claims for payment. Building on longstanding work focused on emergency preparedness and response, OIG is undertaking and planning oversight of HHS’s COVID-19-related programs to ensure that program requirements are met to protect patient health and safety, that taxpayer funds invested to provide relief to providers and care to patients are not misspent, and that critical infrastructure supporting an effective emergency response is secure. OIG is working to provide the public and policymakers in HHS and Congress with sophisticated analyses and relevant, reliable, and actionable data and information.

Source: OIG Semiannual Report to Congress – Oct 2019–March 2020


Justice Department accuses Anthem of Medicare fraud

Yet another allegation of Medicare Advantange risk adjustment fraud, this time by Anthem. I wrote about the government’s case against Cigna here.

The case alleges that Anthem falsely certified the accuracy of the diagnostic data it sent to the Centers for Medicare and Medicaid Services, causing CMS to calculate risk-adjustment payments to the insurer based on inflated diagnosis information. For example, Anthem submitted an ICD-9 diagnosis code for active lung cancer for one patient, but its chart review program did not substantiate the diagnosis, according to court documents.

Source: Justice Department accuses Anthem of Medicare fraud


Private Schools and the Intersection of HIPAA and FERPA

My wife works as an Administrative Assistant at a local private school. As you might expect, they take very seriously their responsibility to help stop the spread of COVID-19 in the community. As part of their efforts, they require students who were in direct contact with persons diagnosed with COVID-19 to quarantine at home, away from the other students.

The school does a good job of communicating with parents. They send out regular email with statistics on the number of students or faculty diagnosed with COVID-19 and the numbers currently quarantining. Of course, they don’t disclose any names or other identifying information because of privacy concerns.

As a school, are they legally not allowed to disclose that kind of information, or are they refraining because of a more general concept of privacy?

That question is not so easy to answer because it depends on the interplay of two federal statutes — HIPAA and FERPA. Most people know that HIPAA covers the privacy of medical records. The Family Educational Rights and Privacy Act (FERPA), on the other hand, protects the privacy of student educational records. One or the other, or neither, apply to schools.

As a general rule, HIPAA does not apply to schools. HIPAA applies to health care providers who exchange electronic information, health plans, and health information clearinghouse. Even if the school has a nurse on-site, it is usually not considered a health care provider. There are certain exceptions, but they are not common. For instance, a school that provides health care to students in the normal course of business, such as through its health clinic, is also a “health care provider” under HIPAA. However, many schools that meet the definition of a HIPAA covered entity do not have to comply with the requirements of the HIPAA Rules because the school’s only health records are considered “education records” or “treatment records” under FERPA.

FERPA is a Federal law that protects the privacy of students’ “education records.” FERPA affords parents certain rights regarding their children’s education records maintained by educational agencies and institutions and their agents to which FERPA applies. These include the right to access their children’s education records, the right to seek to have these records amended, and the right to provide consent for the disclosure of personally identifiable information (PII) from these records, unless an exception to consent applies.

FERPA applies to educational agencies and institutions that receive Federal funds under any program administered by the U.S. Department of Education. An educational agency or institution subject to FERPA may not disclose the education records, or PII from education records, of a student without the prior written consent of a parent or the student, unless an exception applies.

Private and religious schools at the elementary and secondary levels generally do not receive funds from the U.S. Department of Education and are, therefore, not subject to FERPA. Neither will HIPAA apply unless one of the uncommon exceptions exists. Of course, private schools should still be mindful of the privacy of their students and just because HIPAA or FERPA does not apply does not mean the school should make those disclosures. However, private schools do have more flexibility in handling these situations than do most public institutions.

Source: Joint Guidance on the Application of FERPA and HIPAA to Student Health Records


CMS Encourages Faster COVID-19 Diagnostic Testing

CMS is changing its payment methodology to encourage higher throughput of COVID-19 diagnostic testing. Previously, CMS would reimburse $100 per test

Starting January 1, 2021, Medicare will pay lower the base rate to $75. However, if the laboratory can complete the test within two (2) calendar days from the date the specimens is collected, CMS will reimburse an additional $25 for a total of $100 per test.

To be entitled to this $25 incentive, the laboratory must: a) complete the test in two calendar days or less, and b) complete the majority of their COVID-19 diagnostic tests that use high throughput technology in two calendar days or less for all of their patients (not just their Medicare patients) in the previous month.

Source: Press release: CMS Changes Medicare Payment to Support Faster COVID-19 Diagnostic Testing