Hot Topics for 2019 in Healthcare Compliance: Part 2
Compliance continues to be an area of extreme focus for the healthcare industry. Where healthcare compliance professionals spend their time is changing as accrediting bodies and regulators find new areas that merit investigation. Healthcare’s low operating margins and tenuous financial health make it easy to say that compliance leaders need to split their attention between traditional activities and the where the future is headed.
In our efforts to identify new compliance directions, content experts from HCCS, A HealthStream Company, recently attended the Health Care Compliance Association’s 2018 Enforcement Conference. We’ve already blogged here about some of the things they learned. Here is a second list of topics that also deserve some attention:
- Enforcement Compliance: Home Health, Hospice, and Nursing Homes
Risk areas within this space remain fairly consistent with medical necessity, kickbacks and inappropriate referrals, overbilling, insufficient documentation, staff training and education, credentialing and exclusions accounting for the major findings. Inappropriate billing accounted for $250 million for general inpatient care. The OIG Office of Audit Services is now auditing agencies and intends to publish findings. This will increase transparency for consumers when looking for facilities. Medicare Administrative Contractors (MACs) are now required to prepare an annual “Improper Payment Reduction Strategy.” The intent of this program is to identify those providers who show a pattern of overbilling and provide education and training in an effort to reduce occurrences. The MACs will analyze data by providers, services, and beneficiaries. Focus audits will be initiated based on this data. This action is mandated under the Affordable Care Act and as a part of the Medicare Strike Force initiative.
- Handling a Criminal Health Care Fraud Case
This session is important for compliance professionals, not only because of the DOJ focus areas discussed, but because of the emphasis placed upon how they can prevent healthcare fraud cases. In 2017, the DOJ opened 967 new healthcare fraud investigations—439 of them were cases filed involving 720 defendants, of which 639 were convicted. The focus on healthcare fraud has never been keener. The DOJ continues its work with the opioid crisis, prescription drug fraud, and home health, as well as taking down corrupt medical professionals. The first line of defense in preventing a criminal case is the compliance program. The use of standard compliance best practices, which includes the seven elements of an effective compliance program, is a good start. The speakers recommended an annual program evaluation using the DOJ’s guidance, “The Evaluation of Corporate Compliance Programs.”
- When the Other Brother Steps Up: State Privacy Enforcement Actions
A brief history of State Privacy Enforcement begins in the 1990s, as State Attorneys General Offices begin focusing on privacy issues. California was the first state to pass data breach notification requirements in 2002. Connecticut was the first state to sue a healthcare provider for failing to secure health data as required by HIPAA in 2010. By 2018, all 50 states had enacted breach notification laws. Multiple examples of state-directed enforcement were shared showing the high dollar fines—up into the millions—healthcare entities had to pay for privacy and security breaches. Crimes ranged from failure to safeguard personal information to exposure of protected health information (PHI) on the Internet and late breach notifications.
- OIG Administrative Enforcement Update
This was another great OIG session packed with information on the Fraud Risk Indicators, exclusion, the civil monetary penalties law (CMPL), and employing excluded individuals. This section will focus on the CMPL. The OIG uses the CMPL for enforcement actions on false or fraudulent claims, arranging or contracting with an excluded person, ordering or prescribing while excluded, patient dumping, grant fraud, etc. A person or entity knows that they are under investigation when the OIG makes contact. If the OIG has made contact, they probably have evidence such as claims data to make this determination.
Download the article that summarizes learning from this HCCA Conference.