60 Days to Pay – Has Medicare Reached the Point of No Return?0

This article first appeared in the September 2012 issue of Compliance Today, a publication of the Health Care Compliance Association.

In February the Centers for Medicare & Medicaid Services (“CMS”) clarified an oft quoted existing rule: Providers must return overpayments to Medicare within 60 days “after the date on which the overpayment was identified,” or in the alternative, “the date any corresponding cost report is due, if applicable.”[1]  For providers of any size, failure to report and return Medicare overpayments pursuant to these temporal requirements may result in potential liability under the Federal False Claims Act[2], resulting in substantial monetary penalties and the risk of being denied future claims for reimbursement.

Dating back to the American Civil War, the False Claims Act (FCA) has over time become the “primary litigative tool for combating fraud” for both federal and state governments.[3] At its core, the FCA imposes liability on anyone who “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval.”[4]  While most providers have worked within a similar time frame after identifying an overpayment, it appears that the statutory requirements under the 2010 Patient Protection and Affordable Care Act [5], as amended by the Health Care and Education Reconciliation Act[6] (collectively referred to as the Affordable Care Act or health care reform) were not enough.[7] In reaction, the February 2012 regulations now leave nothing to chance, imposing upon the health care industry detailed definitions with numerous examples to assist providers in determining exactly when the 60-day clock begins.[8]

To ensure that the seriousness of its resolve is understood, the Federal Government plans to soon have the authority to enforce this 60-day requirement for overpayments that have occurred up to 10 years in the past:

“In § 401.305(g), we are proposing that overpayments must be reported and returned only if a person identifies the overpayment within 10 years of the date the overpayment was received.  We selected 10 years because this is the outer limit of the False Claims Act statute of limitations.  We believe that the proposed 10-year lookback period is appropriate for several reasons.  First, we believe that providers and suppliers should have certainty after a reasonable period that they can close their books and not have ongoing liability associated with an overpayment.  We also believe that the length of the lookback period is long enough to sufficiently further our interest in ensuring that overpayments are timely returned to the Medicare Trust Funds.”[9]

Held to a standard of actual knowledge or “reckless disregard or deliberate ignorance” for purposes of identifying an overpayment under the new regulations, CMS notes these new requirements provide for “an incentive to exercise reasonable diligence to determine whether an overpayment exists,”[10] or more specifically, did exist at any time within the past 10 years. While this decade-long requirement may seem excessive in the context of accidental and unidentified overpayments, especially in instances when the provider was not knowingly at fault, it is an essential component in the arsenal of the U.S. Department of Health and Human Services (HHS), and factors highly in its $1.2 trillion projected budget for 2016.[11] Though at first glance they may seem heavy handed, such tools have grown from the necessity inherent in dealing with the oversight of national health expenditures (NHE) that have reached $2.5 trillion as of 2009.[12]

In the current climate of health care reform, providers would be wise to embrace industry innovations designed to improve upon overall integrity, efficiency and performance, especially since the same infrastructure with its 21st century precision may help to identify unintentional overpayments dating as far back as 2002. Federal encouragements toward bundling[13] and the Medicare Shared Savings Program[14], more commonly referred to as accountable care organizations or ACOs, offer opportunities for providers to keep up with these mounting regulatory burdens just as the national push toward electronic health records reaches “stage two.” What remains to be seen is how many of the nation’s estimated 6,100 hospitals[15] will embrace ACOs, with their multi-million dollar price tag, and be willing to dive into the 455 pages of codified “Stage Two” requirements.[16] Perhaps the better question is how many of these same hospitals have satisfied the meaningful use requirements from Stage One.

Of course, the Federal Government and its record-breaking enforcement efforts stand ready to address any industry resistance. In its 2011 fiscal year[17], the Department of Justice procured settlements and judgments in its civil fraud division in excess of $3 billion. Capping the largest three-year streak in the department’s history at a total of $8.7 billion since January 2009,[18] the Federal Government owes its recent success in part to a strategic alliance with beneficiaries.[19]  In November 2011, HHS announced a $9 million award from CMS to Senior Medicare Patrol (“SMP”) programs designed to tackle fraud by increasing awareness of Medicare beneficiaries and enabling them to spot Medicare fraud sooner. The OIG has even focused its attention on hospitals and the need to improve internal reporting systems that capture instances of patient harm.  Of the 189 hospitals surveyed by the OIG that use and often rely heavily upon incident reporting systems to identify patient harm, the outcomes were disturbing:

Hospital staff did not report 86 percent of events to incident reporting systems, partly because of staff misperceptions about what constitutes patient harm. Of the events experienced by Medicare beneficiaries discharged in October 2008, hospital incident reporting systems captured only an estimated 14 percent. In the absence of clear event reporting requirements, administrators classified 86 percent of unreported events as either events that staff did not perceive as reportable (62 percent of all events) or that staff commonly reported but did not report in this case (25 percent).”[20]

Early adopters of the finest technological advances the industry has to offer may avoid the looming threat of health care’s newest, most ominous acronyms:  RACs, MACs, MICs and ZPICs. Under the aegis of the Medicare Prescription Drug, Improvement, and Modernization Act (MMA)[21], Congress directed HHS to conduct a three-year demonstration program using Recovery Audit Contractors (“RACs”) to detect and correct improper payments within Medicare. By all government accounts, the original RAC demonstration program was successful, ending with more than $1.03 billion recovered. According to CMS, approximately 96% of these payments were overpayments collected from providers (85% of which were collected from hospital providers), and the remaining 4% were underpayments.

The Deficit Reduction Act of 2005 (DRA)[22], took the partnership between the CMS and the States to a new level by introducing RAC-like audits for Medicaid.  The Medicaid Integrity Program (MIP) offers a unique opportunity to identify, recover and prevent inappropriate Medicaid payments.  Medicaid Integrity Contractors (“MICs”) work with CMS to carry out this program.  It is also designed to support the efforts of State Medicaid agencies through a combination of oversight and technical assistance.

Recently introduced Medicare Administrative Contractors (MACs) conduct medical reviews to prevent improper payment of inpatient hospital claims, while Zone Program Integrity Contractors (ZPICs) look at billing trends and patterns in an attempt to uncover Medicare fraud and inefficiencies. CMS has organized the seven jurisdictional zones for ZPICs to comport with the multiple MAC jurisdictions, hoping that ZPICs will assist in preserving the integrity of Medicare.[23]

There is a certain degree of irony in the fact that the nation’s preeminent health care system, which was originally designed to protect America’s aging population, may end up killing the very infrastructure from which it has sprung. In April 1959, the U.S. Department of Health, Education, and Welfare (“HEW”) first raised the fundamental question that remains unanswered 53 years later, as health care reform enters its third year:

“The rising cost of medical care, and particularly of hospital care, over the past decade has been felt by persons of all ages. Older persons have larger than average medical care needs.  As a group they use about two-and-a-half times as much general hospital care as the average for persons under age 65, and they have special need for long term institutional care. Their incomes are generally considerably lower than those of the rest of the population, and in many cases are either fixed or declining in amount. They have less opportunity than employed persons to spread the cost burden through health insurance. A larger proportion of the aged than of other persons must turn to public assistance for payment of their medical bills or rely on ‘free’ care from hospitals and physicians. Because both the number and proportion of older persons in the population are increasing, a satisfactory solution to the problem of paying for adequate medical care for the aged will become more rather than less important. In our society the existence of a problem does not necessarily indicate that action by the Federal Government is desirable. The basic question is: Should the Federal Government at this time undertake a new program to help pay the costs of hospital or medical care for the aged, or should it wait and see how effectively private health insurance can be expanded to provide the needed protection for older persons?”[24]

Before Medicare, federal funds flowed across  the  nation as states made much-needed disbursements consistent with Congressional requirements. In many ways Medicare’s predecessor, the Hospital Survey and Construction Act (the “Hill Burton Act”), forced communities and their local hospitals (many of which were doctor owned at the time) to work together, pooling these government grants as well as their own resources and equipment in order to stay in business.[25]

At the time, providers viewed this infusion of capital in the context of communities, rather than individual hospitals. If a local hospital needed new equipment, its leadership went to other nearby facilities or the community as a whole to fill the gap, and collectively these institutions could share in the federal funds disbursed under the aforementioned Act.[26] In many ways, 1965 found Medicare leaving the totality of America’s hospitals as isolated as critical access hospitals appear today, gradually eliminating the ability for sharing clinical resources, at least to the extent an expectation of compensation was concerned.

In the past, it was initially America’s rural hospitals that predicted Medicare’s prospective payment system would be its ultimate demise. In a statement by Republican Congressman Norman D. Shumway from California: “One area of particular concern is the impact of the prospective payment system on rural hospitals.  Such hospitals have frequently complained that the prospective payment system does not accurately reflect the increased hospital market basket since [fiscal year] 1984.”  Congressman Shumway noted that many experts in the industry concluded “with chilling thought that if inadequate Medicare reimbursement is allowed to continue, hospitals will be forced to go out of business, jeopardizing the health care – and economic stability – of rural America.”[27]

Twenty-five years later, Medicare finds itself going through a transformation that rivals the impact of its formal introduction on the existing health care structure in 1965, and not just rural and community hospitals, but also some of their larger, urban counterparts, still wait on “life support” across the nation. Medicare may not bear the ultimate blame over the decades, but the ways in which the program has served as a weathervane for the health care industry make it an easy target.  Moreover, the Federal Government’s recent well-publicized determination to eliminate health care fraud and waste has sent a message to the industry, and clarification of the 60-day overpayment reimbursement requirement underscores the speed with which the OIG intends to deliver its message.

Unfortunately, health care has never been known for responding quickly to problems.  This latest cluster of fraud and abuse regulations, combined with the nationwide push toward reimbursement based upon performance rather than cost does not bode well for smaller facilities (rural and community hospitals). Indeed, a hospital’s chance of survival in Medicare’s new world may ultimately depend on the sophistication and implementation of its core systems, both technical and practical, with little room for error.  In this vein, Medicare’s Hospital Value-Based Purchasing Program may create a disadvantage for freestanding community and rural hospitals that lack the resources of larger, better funded institutions, making it difficult for them to both implement and monitor the components established by Medicare to be eligible for reimbursement based on quality and performance.

Technology may in the long run provide an opportunity to level the playing field, but such implementations in health care can run years behind practical advances. For example, though both the Federal Government and California have recognized telemedicine as a way to reverse the declining health of the rural health system, such recognition occurred well over a decade ago,[28] and existing laws governing telemedicine today are still not entirely “hospital friendly.”[29] Such hindrances are especially important in today’s world of electronic health records, where straddling the fence between harmless information and sensitive data is no longer an easy task, and the repercussions for the slightest transgression can be severe.[30]

Even as technology provides opportunities, corresponding HIPAA violations can be devastating. If a provider had no prior knowledge that a HIPAA violation occurred, the civil penalty may range from $100 to $25,000 for each violation.[31] When a HIPAA violation has been due to reasonable cause, the civil penalty may range from $1,000 to $100,000.[32] In the case of a willfully negligent HIPAA violation, the penalty may range from $10,000 to $250,000.[33] In fact, HHS may impose cumulative penalties for all violations “of identical requirement or prohibition during a calendar year,” up to $1,500,000.[34]  And finally, in the case of an “intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, the penalty may not exceed $250,000, imprisonment up to 10 years, or both.”[35]

The systemic problems facing the Medicare system today should not be underestimated, especially when escalating health care expenses threaten the system’s future sustainability.  Institutional survival, however, is also an undeniably critical component in the delivery of health care, especially if future Medicare beneficiaries intend to access the health care services to which they are entitled under any Federal health program.  Fully understanding the alternative deviates slightly from tenets of medicine and science, and perhaps is better phrased by philosopher George Berkeley:  “But, say you, surely there is nothing easier than for me to imagine trees, for instance, in a park […] and nobody by to perceive them. […] The objects of sense exist only when they are perceived; the trees therefore are in the garden […] no longer than while there is somebody by to perceive them.”[36]

[1]        42 U.S.C. § 1320a-7k(d)(2).

[2]       42 U.S.C. § 1320a-7k(d)(3).

[3]       United States v. Boeing Co., 9 F.3d 743, 745 (9th Cir. 1993) (quoting Senate Judiciary Committee, False Claims Amendments Act of 1986, S. Rep. No. 345 (1986), reprinted in 1986 U.S.C.C.A.N. 5266).

[4]        31 U.S.C. § 3729(a)(1)(A).

[5]        Pub. L. 111-148.

[6]        Pub. L. 111-152.

[7]        See Section 6402(a) of the Affordable Care Act, entitled “Reporting and Returning of Overpayments.”

[8]        77 Fed. Reg. 9179, 9181-82 (Feb. 16, 2012).

[9]    Id. at 9184. The proposed regulations offer several examples to assist providers in understanding when an overpayment has been identified, including the discovery of an excluded individual providing services on behalf of the provider, the fact that a patient death occurred prior to the serve date on a claim, or in the instance of an internal audit that uncovers an overpayment, id. at 9182, at any time within the past ten years.  Id. at 9184.

[10]      Id. at 9182.

[11]    Figures from the Federal Government’s Office of Budget and Management (OBM) and the U.S. Government Printing Office (GPO).

[12]     See Micah Hartman, Anne Martin, Olivia Nuccio, Aaron Catlin, Health Spending Growth at a Historic Low in 2008, 29, No. 1 Health Affairs 147-48 (Jan. 2010) (citing Centers for Medicare & Medicaid Services, National health expenditure accounts: definitions, sources, and methods used in the NHEA 2008).

[13]      See Affordable Care Act § 3023.

[14]      See 42 C.F.R. Part 425.

[15]   In 1990 there existed an estimated 6,522 hospitals (including short stay, critical access, and non-short stay facilities), whereas by 2010 that number had dropped to 6,169 (see Centers for Medicare & Medicaid Services, Center for Strategic Planning) [15], a nearly 6% decrease in comparison to the 16% increase in Medicare enrollees during that same twenty year time period. See Centers for Medicare & Medicaid Services, Office of the Actuary. The combined increase in utilization and decrease in number of hospitals is especially significant in California, where health care spending has grown exponentially over time.  California’s population has continued to increase even as the number of hospitals statewide has decreased, resulting in close to a 10% reduction in the number of hospital beds in California between 2002 and 2009.  See, e.g., Hsia, Renee Y., M.D., Factors Associated with Closures at Emergency Departments in the United States, 305 (19) JAMA 1978 (May 18, 2011) (noting that emergency department visits in the U.S. have increased by as much as 30%).

[16]     77 Federal Register 13697 (Mar. 7, 2012).

[17]     The Federal Government’s fiscal year ended September 30, 2011.

[18]     Justice Department Recovers $3 Billion in False Claims Act Cases in Fiscal Year 2011, U.S. Department of Justice, Office of Public Affairs (Dec. 19, 2011).

[19]    In May 2009, the DOJ and HHS created the Health Care Fraud Prevention and Enforcement Action Team (HEAT).  See Attorney General Holder and HHS Secretary Sebelius Announce New Interagency Health Care Fraud Prevention and Enforcement Action Team, HHS Press Release (May 20, 2009).  For years 2010 and 2012, HHS’ discretionary budget for health care fraud and abuse control was $311 million and $581 million, respectively.  This $270 million increase in discretionary funding was designed to save $10.3 billion over ten years by preventing and prosecuting health care fraud. HHS’ mandatory funding through the Health Care Fraud and Abuse Control (HCFAC) account is $6.5 billion between 2012 and 2016. See HHS Budget, 2011.

[20]      Hospital Incident Reporting Systems Do Not Capture Most Patient Harm, Dept. of Health and Human Services, Office of the Inspector General (Jan. 2012).

[21]       Pub. L. 198-173.

[22]       Pub. L. 109-171.

[23]       See, e.g., Reporting Issues Hinder CMS Oversight of Program Integrity Contractors, 44 Gov’t Contractor ¶ 384 (Nov. 22, 2011).

[24]       U.S. Department of Health, Education, and Welfare (Apr. 1959) (emphasis added).

[25]       See generally Hochban, Jacquelyn, The Hill Burton Program and Changes in Health Services Delivery, Inquiry 8 (Spring 1981); Lave, Judith R., The Hospital Construction Act: 1948-1973 (American Enterprise Institute for Public Policy Research, 1974).

[26]       See generally id.

[27]       Prepared statement of Representative Norman D. Shumway to the Honorable Edward R. Roybal, Chairman of the House Committee on Aging (1987).

[28]     See Roberts, Ann David,  Telemedicine: The Cure for Central California’s Rural Health Care Crisis? 9 San Joaquin Agric. L. Rev. 141 (1999).

[29]     California law, for example, has numerous obstacles with which providers must comply before employing the technology of telemedicine.  Section 2209.5(c) of the California Business and Professions Code provides:

“Prior to the delivery of health care via telemedicine, the health care practitioner who has ultimate authority over the care or primary diagnosis of the patient shall obtain verbal and written informed consent from the patient or the patient’s legal representative. The informed consent procedure shall ensure that at least all of the following information is given to the patient or the patient’s legal representative verbally and in writing:  (1) The patient or the patient’s legal representative retains the option to withhold or withdraw consent at any time without affecting the right to future care or treatment nor risking the loss or withdrawal of any program benefits to which the patient or the patient’s legal representative would otherwise be entitled.  (2) A description of the potential risks, consequences, and benefits of telemedicine.  (3) All existing confidentiality protections apply. (4) All existing laws regarding patient access to medical information and copies of medical records apply. (5) Dissemination of any patient identifiable images or information from the telemedicine interaction to researchers or other entities shall not occur without the consent of the patient.”

[30]     See, e.g., Cal. Bus. & Prof. Code § 2290(f) (“The failure of a health care practitioner to comply with this section [2290] shall constitute unprofessional conduct.”).

[31]      42 U.S.C. § 1320d-5(a)(3)(A).

[32]      42 U.S.C. § 1320d-5(a)(3)(B).

[33]      42 U.S.C. § 1320d-5(a)(3)(C).

[34]      42 U.S.C. § 1320d-5(a)(3)(D).

[35]       42 U.S.C. § 1320d-6(b).

[36]      George Berkeley, A Treatise Concerning the Principles of Human Knowledge (1734).

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.