Corporate Integrity Agreements WINTER 2010

WINTER 2010

This is an electronic newsletter. You may go directly to an article by clicking on any title below, as well as “continued on page…” Websites & e-mail links may also be accessed by clicking on addresses.

In This Issue Corporate Integrity

Agreements..………1

Did You Know? ... 2

Medicaid Fraud Integrity Audits ... 3

Questions From the Field ... 3

NYSARC, Inc.’s 3rd Annual Corporate Compliance

Conference ... 4

Quotes of the Quarter ... 4

First HIPPA HITECH Lawsuit . 5

Spring Regional meetings……..5

Questions From the Field Continued ... 6

Recently three home care providers separately entered into a Corporate Integrity Agreement (CIA) with the NYS Office of Medicaid Inspector General. A review of these CIAs reveals some interesting dictates made by the OMIG to these providers. The level of specificity noted in these audit outcomes draws attention to the OMIG’s inclination to hyper-calibrate the provider environment through audit outcomes.

NOTE: These requirements are based on outcomes that resulted in a Corporate Integrity Agreement. The purpose of highlighting some of the below is only to shed light on the OMIG’s disposition in these matters. It is not intended to intimate that compliance officers adopt these measures or become over-zealous in developing their own policies and procedures. The complete CIAs can be found on the NYS OMIG’s website under the tabs “Compliance” then “Corporate Integrity Agreements”.

Below is a summary of some key issues as noted in the CIAs: Compliance Officer and Compliance Committees

 The Compliance Officer shall be a member of senior management of the agency;

 The Compliance Officer shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board and he/ she shall meet with the full Board in executive session at least twice a year. Further, the Compliance Officer shall not be, or be

subordinate to, the Chief Financial Officer or General Counsel, if any;

 The Staff Compliance Committee shall, at a minimum, include the Compliance Officer and other members of: finance, human

resources, clinical staff oversight (including credentialing and training), information technology, and operations;

 The Board Committee shall meet at least quarterly;

 Annually, the Board Committee shall adopt a resolution, signed by each of its members and at a minimum, the resolution shall include the following language:

“The [agency] Board Compliance Committee has made reasonable and due inquiry into the operations of [agency’s] Compliance Program, including the performance of the Compliance Officer and the Compliance Committee…… Compliance Committee has concluded that…….[agency] has

Corporate Integrity Agreements (Continued from Page 1)

Compliance News - Winter 2010

Did You Know?

In recent months a significant amount of discussion has taken place regarding the 90 day billing rule. The 90 day billing rule, set forth in both DOH regulation and DOH billing manuals, requires claims for Medicaid services to be initially submitted for payment within 90 days of the date of service. A number of legitimate exceptions to the 90 day rule may apply. For example, if a claim must first be presented to Medicare or a private insurer, and this causes a delay, the claim may be submitted to Medicaid with the proper exception code even after the original 90 days have expired. An aspect of the rules that has not received much attention, however, is the fact that providers have only 30 days from the date the billing issue was resolved to submit the claim to Medicaid. Specifically, the claim must be “submitted within 30 days from the time submission came within the control of the provider.” This means, using the same example above, that if the provider receives a denial from Medicare or the private insurer on January 25, 2010, the claim must be submitted to Medicaid no later than February 24, 2010. Providers should verify that their normal billing process can accommodate this 30 day submission rule.

implemented an effective Compliance Program to meet the requirements of New York’s medical assistance program……”

Written Standards

 At least annually the agency shall assess and update, as necessary, its policies and procedures. Within 30 days after the effective date of any revisions, the relevant portions of the revised policies and procedures should be distributed to all individuals whose job functions relate thereto;

 The agency shall periodically review the Code of Conduct to determine if revisions are appropriate and within 30 days after its distribution, each covered person shall certify, in writing, that he/ she shall abide by the revised Code of Conduct.

Training and Education

 Each covered person shall receive at least one hour of general training annually;

 Within 120 days after the effective date [of the CIA], each relevant covered person shall receive at least three hours of specific training in addition to the above;

 Until a new relevant covered person completes his or her specific training, an agency employee who has completed the specific training shall review the relevant covered person’s work;

 If the agency uses any contractor or subcontractor to assist in patient care, submission of claims or in the hiring and screening of those responsible for patient care, including credentialing, exclusion checks and training, it shall take appropriate steps to ensure that the entity is qualified and shares the agency’s commitment to full compliance.

Self-Disclosure Program

 The agency shall maintain a log of all repayments made and shall retain such log for 6 years from the expiration of the CIA.

Ineligible Persons

 The agency shall screen all covered persons against the Exclusion Lists at least every six month.

Independent Review Organization

 The IRO shall evaluate and analyze:

Whether the agency is properly assessing the health status of all new employees to ensure that they are free from a health impairment that might interfere with their health care duties; and

Federal Medicaid Integrity Audits

The Federal Deficit Reduction Act of 2005, not to be confused with New York State’s own recent Deficit Reduction Plan, created the CMS Medicaid Integrity Program (MIP). The Medicaid Integrity Program’s goal is to reduce provider fraud, waste, or abuse in the Medicaid program. In furtherance of this goal, CMS will conduct provider audits, through a contractor, in New York in 2010. The December 2009 edition of the “Medicaid Update” announced that the Island Peer Review Organization (IPRO) will be the contractor performing these Medicaid Integrity Contractor (MIC) audits in New York.

The MIC audit objectives are to ensure that claims are paid only for:

 Covered items and services;

 Items and services provided and properly documented;

 Items and services billed using the appropriate procedure code; and

 Items and services provided in accordance with Federal and State laws, regulations and policies.

All Medicaid provider types are potentially subject to these audits. If a provider is selected for audit, the provider will receive a notification or engagement letter from IPRO. There is no limit on the number of claims that may be selected for review. Most audits are desk audits, meaning that documentation is sent off site for review. However, in some cases a field audit will be conducted at the provider’s physical location. The audits are performed using Generally Accepted Government Auditing Standards. Once the audit has been completed, IPRO will provide a draft audit report to CMS and the New York OMIG for review. Providers will also be given an opportunity to respond to the draft audit report before it becomes finalized. If an overpayment is identified, the OMIG must submit the federal share of the recovery to CMS and pursue full collection of the overpayment from the provider.

Questions

From the Field

Question: Our Executive

Director wants to know why the risk assessment tool suggests that board members should approve physician/consultant contracts before execution, but does not mention other types of contracts, many of which involve much greater amounts of money. Is there a reason for this?

Answer: The heightened concern

with physician/consultant contracts is likely due to special laws that apply in health care. These laws, kickback or anti-referral laws, are very specific when it comes to how a physician is reimbursed and how certain other health care arrangements are set up. For example, generally speaking, the physician’s contract must be in writing and it can not link reimbursement/salary to referrals or number of services provided. Also, you can not enter into a contract with a durable medical equipment supplier where they agree to pay "rent" for a storage closet that is far and above market value and is in reality an inducement for you to sell/push their product (e.g., you keep 5 wheel chairs from ABC Co. on hand and ABC rents storage space for these chairs at $500 a month).

Compliance News

“Quotes of the Quarter”

“We are prepared to listen to providers, provider groups and the members of this Committee to

improve our process and our systems, and do our work better on behalf of New York taxpayers and

Medicaid enrollees.”

Presentation by James Sheehan, Office of the Medicaid Inspector General, before the Senate Investigations Committee on January 7, 2010.

“The provider community is witnessing the application of rules without regard to the realities of

health care delivery. In this atmosphere, providers are held to standards that seriously impair their ability to carry out their core mission, the delivery of health services. The financial and human burden of the audit process is diverting scarce dollars from patient care to massive document production. Increasingly, providers are frustrated and discouraged that the state, through the OMIG, is advancing a policy that appears to pursue the goal of money recovery at the expense of quality care.”

Written testimony presented by HANYS before the Senate Investigations Committee on January 7, 2010.

First HIPAA HITECH Lawsuit

The Connecticut Attorney General has announced a first of its kind lawsuit against Health Net for failing to secure private medical records and failing to notify individuals exposed by the security breach. In the past, only federal officials had the authority to directly pursue HIPAA violations but under the American Recovery and Reinvestment Act of 2009, known as “HITECH”, State Attorneys General may now sue HIPAA violators. Health Net, a Connecticut health insurer, learned in May 2009 that a portable computer disk drive containing protected health information, social security numbers, and bank account numbers for approximately 446,000 enrollees was missing. The data was not encrypted or otherwise protected from access. Health Net waited six months before posting a notice regarding the lost data on its website and notifying affected individuals by mail. The Attorney General is seeking monetary penalties and to require Health Net to encrypt any data contained on a portable electronic device. Health Net has stated that there is no evidence that the lost data has been misused and has offered free credit monitoring services and identity theft insurance to affected individuals.

Spring Regional Meetings:

Upper Northeast Region: Essex County Chapter, March 22, 2010

Southeast Region:

Rockland County Chapter, March 26, 2010

Central Region:

Onondaga County Chapter, March 29, 2010

Western Region:

Monroe County Chapter, March 31, 2010

Northeast Region:

Albany County Chapter, April 19, 2010

All meeting will be held from 10:30 am —2:00 pm

Lunch will be served.

Compliance News is a publication of NYSARC, Inc., 393 Delaware Avenue, Delmar, NY 12054

Phone: 518-439-8311 Fax: 518-439-1893 E-mail: [email protected] Website: www.nysarc.org

Compliance News

Questions from the Field:

In the MR/DD field, this is not as big an issue as it would be say in a hospital setting. A Chapter may have a relationship with a medical director and maybe a psychiatrist. In a hospital setting, there can be literally thousands of arrangements with physicians, DME providers, pharmacies, etc. Nonetheless, if you do have an arrangement with a physician, a medical supply company, a pharmacy or other health care related entity, these arrangements should be in writing and should be reviewed by an experienced health care attorney. Even unintentional violations of the law in this area can result in significant fines and penalties.

Question: I am touching base regarding a recent memorandum distributed by OMRDD (#2009-05) regarding the acceptance of a QMRP signature (vs. a physician) on annual LCED re-determinations. Before we make any changes to our process, can you provide us what information you have gathered regarding this change thus far? Is/will this be acceptable in the eyes of the OMIG? We certainly do not want to make any changes without researching the potential drawbacks of such a change.

Answer: The December 14, 2009 communication from Gary Lind is an official policy statement issued by our primary regulatory body and as such, it should be accepted by the OMIG. Also, OMRDD's stated position in this memo is consistent with the recently revised HCBS waiver renewal that became effective on October 1, 2009. Specifically, the revised waiver provides:

“The annual LOC redetermination must be reviewed and approved by a Qualified Mental Retardation Professional (QMRP) who is familiar with the participant's functional level or a physician (or physician's assistant or nurse practitioner if so authorized by a physician).”

It is also interesting to note that the waiver specifically includes a one month audit grace period for LECD renewal. Since this waiver was signed off on by the federal government, the audit grace period should also be accepted by OMIG:

“OMRDD requires an annual level of care redetermination (i.e., every 12 months) for all waiver participants to ensure that the person continues to meet the ICF/MR level of care. However, from an OMRDD audit perspective, OMRDD allows an additional one month time period to obtain the reviewers (i.e., Qualified Mental Retardation Professional or physician or physician's assistant or nurse practitioner if so authorized by a physician) approval signature on the redetermination form.”

Despite the above waiver language, the OMIG's audit protocol does currently call for a physician signature. We simply don't know how much communication on this issue has taken place between OMRDD and the OMIG or how quickly the OMIG updates its audit protocols. For this reason, those providers who are earlier on the OMIG's audit schedule may have to argue, explain or even challenge the OMIG on this issue.

Tania F. Seaburg, Esq.

Associate Executive Director for Corporate Compliance Email: [email protected]

Ken Winston, LMSW, CHC Corporate Compliance Officer Email: [email protected]