Are Medical Marijuana Dispensaries Covered Entities Under HIPAA?

I was talking to a colleague recently and she raised an interesting question – are medical marijuana dispensaries covered entities under the Health Insurance Portability and Accountability Act (HIPAA)?  I represented the Colorado Medical Marijuana Registry while at the AG’s office, so my colleagues usually come to me with medical marijuana questions.

My first follow-up was to ask what personal health information (PHI) the dispensary was holding.  After all, in my experience, most dispensaries function on a strict transaction-by-transaction business model.  A patient-customer comes in, shows his or her medical marijuana registry card and an ID, and makes the purchase in cash.  My colleague reminded me that some dispensaries have opted to go with a “wellness center” approach and offer health care services in addition to medical marijuana, and these expanded service providers sometimes will retain patient records that might fall under the PHI umbrella.

So with that resolved, I started digging a little into the underlying question.  This is actually a difficult question.  Based on second-hand reports, it appears that the Department of Health and Human Services (HHS) takes the position that because a physician “prescription” is required, a dispensary is providing health care services under the HIPAA analysis.  (Note:  This is technically inaccurate, at least in Colorado.  A physician must certify that the patient in question suffers from a chronic or debilitating disease or medical condition, but the applicable statutes and regulations avoid using the term “prescription.”)

But that isn’t the end of the inquiry.  Not all providers are covered entities under HIPAA.  In fact, as this helpful chart from the Centers for Medicare and Medicaid Services (CMS) demonstrates, the provider in question must transmit “covered transactions” electronically.  A CMS regulation, in turn, defines covered transactions to be “[a] request to obtain payment, and the necessary accompanying information from a health care provider to a health plan, for health care,” or “if there is no direct claim, because the reimbursement contract is based on a mechanism other than charges or reimbursement rates for specific services, the transaction is the transmission of encounter information for the purpose of reporting health care.”

Insurance companies don’t pay for medical marijuana, so the first of those doesn’t apply.  With respect to the second type of covered transaction, another CMS regulation specifies what will and what won’t be encompassed by the definition.  There are a dozen different examples, but it should suffice to say that all of them involve the electronic transmission of health or claims information.  And remember what I said above?  In my experience, medical marijuana dispensaries aren’t in the business of receiving or sending any health information, electronic or otherwise.  They run a storefront and fill requests for medical marijuana on a cash-only basis.  In that paradigm, because no health or claim information is transmitted electronically, the dispensary wouldn’t be a HIPAA-covered entity.

That said, if a “wellness center”-model dispensary stores patient health information and transmits it for some reason, then it’s possible that the dispensary might be a covered entity.  As noted above, HHS certainly thinks so.  But I would guess that such centers are few and far between – and it certainly would behoove individuals considering operating that model of dispensary to think about the ramifications of their decision.

A Butterfly Flaps Its Wings in Central Park and the Risk Corridors Need an Infusion of Billions of Dollars to Address a Shortfall

I saw this story a few days ago.  It involves the Centers for Medicare & Medicaid Services’ risk corridors program, which, as the article states, essentially is a regulatory mechanism designed to shift funds from insurers with a healthier population of insureds to those with an older or sicker base.  These programs – which will be in place from 2014 until the end of 2016 – have been the subject of intense criticism since last fall, though a lot of that tempered down when we started to get a good idea of what the overall policyholder demographics would be.  They require the insurance industry to contribute (on a per capita basis) $20 billion over the next three years; the federal government will match that to the tune of $5 billion, plus cover any cost overruns.

HC BLOG_exam roomWell, it turns out that there has been a recent development.  According to the Los Angeles Times article, it seems that the administration and the Department of Health & Human Services have “quietly” been reserving “billions” of dollars to cover potential shortfalls.  It suggests that one potential cause is the administration’s decision earlier in the spring to let old plans that are not Affordable Care Act-compliant stay in place for two more years.  Essentially, the story goes, healthy people with plans that are skimpier than required under the ACA elected to stay in those (cheaper) plans, while older or sick people fled to the new and more generous ACA-compliant policies.  Combine that with intense pressure by the administration on insurance companies not to implement drastic premium increases, and you have a situation where the insureds in ACA-compliant plans are older and sicker than expected, and premiums are underpriced.  For its part, the administration and CMS deny that they anticipate the funds will be needed, and instead say it’s a case of “better safe than sorry.”

My thought is that this is yet another example of how inter-related all of the different pieces of the ACA really are.  The biggest example, of course, is the relationship between Medicaid expansion and the individual insurance mandate.  Because the law was written to make everyone up to 138 percent of the modified adjusted gross income (MAGI) poverty line eligible for Medicaid, and everyone over that line required to buy insurance, the effect of U.S. Supreme Court Chief Justice John Roberts Jr.’s decision to make expansion optional created a gap in the MAGI line under which people in non-expanding states wouldn’t be eligible for Medicaid and they wouldn’t be covered by the individual mandate or (more importantly) the subsidies designed to help poorer (but not Medicaid-eligible) people purchase policies.

We’re seeing the same type of phenomenon with respect to the risk corridors.  As initially written, old ACA-noncompliant policies weren’t grandfathered in, and the young and old and sick and healthy were directed to the same exchanges.  Voila, problem solved!  But that’s not how it works anymore.  For whatever reason, the administration decided to backtrack and allow insureds on old (noncompliant) policies to keep them until 2016.  That decision – regardless of its motivations – has thrown yet another wrench in the works of a very complicated and carefully designed law.

Image courtesy of Flickr by Good Eye Might

Inferior Care for the Poor or Just Reality?

I saw this article a few days ago.  It’s very interesting.  Here’s the scoop:  Since 2008, the Department of Health Care and Human Services (DHHS) has been charged with implementing and administering the Hospital Quality Initiative.  That’s a program that pays Medicare-receiving hospitals incentive payments based on how well hospitals perform on certain quality measures or how much the hospitals’ performance improves on certain quality measures from their performance during a baseline period.  It began under the Bush administration, but in 2011, the Obama administration DHHS promulgated a beefed-up rule greatly expanding the program.

HC BLOG_docIncidentally, this is part of a broader push by DHHS to implement a variety of similar incentive programs designed to reward high-performing providers, and in some cases, penalize low-performing ones.  For example, under one of the better-known programs, the Primary Care Incentive Payment Program, doctors are eligible for a bonus of up to 10 percent of their Medicare billings if 60 percent or more of their Medicare practice consists of primary care services (CPT codes 99201 through 99215 and 99304 through 99350).  In general, experts agree that this is a promising area of health care reform.

So what’s the problem?  As noted in the linked article, hospitals and other providers that treat large numbers of poor people are a bit up in arms.  They understandably argue that poor people generally do not have the same prospects of successful health outcomes as do the non-poor, for all sorts of reasons: For example, poor people may not be able to afford their medications and they may have difficulty finding reliable transportation for follow-up visits.  Therefore, hospitals are less likely to receive performance-based incentive payments and, where applicable, more likely to be assessed performance-based penalties.

These providers respond to this perceived dilemma by proposing that the performance metrics used in the incentive programs be adjusted to reflect the demographic characteristics of their respective patient bases.  This idea has even been endorsed by the influential National Quality Forum.  DHHS isn’t so keen, though.  The agency believes a system that encourages better outcomes from hospitals and providers that treat well-off patients (and by implication, worse outcomes from those that treat more poor people) will exacerbate the “second class care” problem that afflicts health care services targeted at the poor.

I get both sides of the debate.  On the one hand, you don’t want to “penalize” providers that see a disproportionate number of poor patients – the result of that can only be to reduce the availability of health care services for those patients.  On the other hand, you don’t want to reward providers for providing an inferior level of care to those patients.  It strikes me that this might be an area for which a compromise is warranted: Incentivize hospitals and providers to strive to provide the highest level of care to all patients, including the poorest ones.

So keep the performance-based incentive standards where they are.  But let’s also reward providers for seeing more and more poor people.  Perhaps DHHS could think about an incentive to encourage that sort of patient mix – not enough to give the providers a huge windfall, but enough so that if they see a patient mix heavily populated with poor patients, and obtain relatively successful outcomes, their performance-based incentive payment would be substantially more than the one earned by a provider with a more typical (and thus richer) patient roster.

Image courtesy of Flickr by COD Newsroom

The OIG 2014 Work Plan – Thoughts and Observations on Nursing Homes

On Jan. 31, the Office of Inspector General (OIG) released its 2014 Work Plan, in which it announces and discusses the projects it intends to focus on in the coming year.  I plan to do a number of posts on the Work Plan, but I want to start with an industry that receives surprisingly little attention in the document – nursing homes.

OIG only announced five areas of focus with respect to nursing homes.  The first concerns Medicare Part A billing.  OIG noted that it previously observed skilled nursing facilities (SNFs) increasingly billing for higher levels of therapy even though beneficiary characteristics remained the same; it also explained that SNFs had a high (25 percent) billing error HC BLOG_nursing home2rate.  There are two main takeaways from this.  Nursing homes need to really examine their billing practices and procedures and ask themselves if there are any systems or protocols that might improve accuracy.  And, it’s my experience that a high care level claim isn’t so much unnecessary on its face, it’s that the provider doesn’t keep or record enough information to prove that it was.  Therefore, insofar as high care level services are being billed, SNFs might think about expanding their recordkeeping practices to ensure that enough documentation is present to justify the claim.

OIG’s second area of focus involves questionable billing practices for nursing homes submitting Medicare Part B claims.  The agency specifically references stays during which benefits are exhausted or the three-day prior inpatient requirement is not met.  Obviously, that doesn’t give us much to go on.

The third area of focus is a little more specific, though probably inapplicable to most providers.  OIG indicates that it intends to focus on state agency verification of deficiency corrections.  Federal regulation requires nursing homes cited for deficiencies to provide state regulators with a plan of correction to explain how they will correct the problems.  The Centers for Medicare & Medicaid Services (CMS) State Operations Manual further requires states to verify that the cited deficiencies have been corrected.  In the Working Plan, OIG cautioned that “one State survey agency did not always verify that nursing homes corrected deficiencies.”  It’s unclear which state that was, or whether it was only the one state.  Nonetheless, I expect most states will crack down on post-correction verification.  This has two related ramifications.  When devising a plan of correction, it is essential that nursing homes be realistic.  Chances are, state surveyors will put nursing homes’ feet to the fire to make sure they take the steps they say they will.  Also, nursing homes should make sure they follow through and do what they say they will on the timetable promised.

OIG’s fourth targeted area is interesting.  It wants to evaluate the results of the CMS National Background Check Program (NBCP).  This program essentially gives states money at a 3:1 federal-state ratio (not to exceed $3 million) to help providers run comprehensive background checks on their employees.  States that participate in this program include Alaska, California, Connecticut, Delaware, Florida, Illinois, Kentucky, Missouri, New Mexico, North Carolina, Oklahoma, Rhode Island, and Utah as does the District of Columbia.  It’s interesting that the list of states is so small.  CMS has handed out tens of millions of dollars over the past several years, and most states – including Colorado – already require background checks for employees of long-term care (LTC) facilities.  The NBCP requires a more comprehensive background check system, but that seems like a lot of money to leave on the table for something states will do most of anyway.  In any event, I wouldn’t be surprised to see Colorado and a bunch of other states opt in to the NBCP or CMS make it mandatory.

The fifth area of focus involves Medicare patient hospital admissions as a result of manageable or preventable conditions at nursing facilities.  This was the subject of a 2013 OIG Report.  It’s hard to come up with a good recommendation for this one.  On the one hand, it’s probably a good thing when an LTC facility and a doctor err on the side of caution and hospitalize an ill or injured resident – to do otherwise would risk a treatable condition deteriorating.  On the other hand, though, if CMS or OIG is going to start tracking hospitalizations on a facility-by-facility basis and scrutinizing those facilities that have too high of a rate, erring on the side of caution may have real regulatory consequences.  I suppose the best thing to say is this is an issue that needs to be closely monitored going forward.

Image courtesy of Flickr by Pictures by Ann

DHHS Promulgates Rule Giving Patients Right to Receive Results Directly From Lab

Earlier in the week, the Department of Health & Human Services announced a new rule under the Health Insurance Portability and Accountability Act (HIPAA) and the Clinical Laboratory Improvements Amendment of 1988 (CLIA) giving patients the right to access test results directly from a diagnostic laboratory, instead of making them go through the physician who ordered the results.  The final rule is available here.

The quick summary of the new rule is that if a covered laboratory (which is a laboratory that conducts one or more transactions electronically – so pretty much any laboratory) keeps test results electronically, it must share those with the tested individual or his or her personal representative; if it does not have results stored electronically, it must make an electronic copy in a mutually agreeable format.  Non-CLIA labs are exempt, as well as a handful of other entities and tests.

One major objection to the new rule is that many patients are ill-equipped to understand the test results without consulting with their physicians, and as such, they may be apt to overreact to seemingly abnormal results or false positives.  I understand where this is coming from.  Years ago, I contracted a nasty case of pneumonia training for the Boston Marathon in the dead of winter in Chicago.  This was the first (and only) time I had ever had pneumonia, and I became worried that I wasn’t recovering as fast as I’d like.  I went to a specialist, who ordered a comprehensive breathing test to make sure it wasn’t asthma.  At the lab, I blew into a bunch of tubes.  After one test, the lab tech shook her head and asked if I was a heavy smoker.  I said no, and she got a deeply concerning look on her face.  I, of course, freaked out.  The day the results were supposed to be available, I called the pulmonologist to get the bad news.  Guess what?  The results were totally normal, for someone who was recovering from pneumonia.  (I eventually started to feel normal, but it took months.)

And that’s the problem.  There are any number of conditions that can make otherwise abnormal lab results perfectly acceptable.  I’m not saying that it’s enough to make the new rule a bad one; DHHS certainly didn’t think so.  It emphasized that physicians will still be expected to consult with their patients about the results, and noted that most labs report that patients ask for the direct results only after they have already spoken with their physicians about them.  I’m not entirely sure that’s responsive – the fact that physicians still will advise their patients doesn’t really address the concern that some patients will get the results before having that conversation, and even if most patients tend to wait until they talk to the physician before directly requesting the results, some evidently do not.  But I’ll set those qualms aside.  The rule is here to stay.

It is important to make one point, though.  Given that patients are able to call the lab and get their results directly, physicians ordering tests need to do a good job up front communicating to the tested individual as to the expected results and the results that are cause for concern.  For example, in my case, the pulmonologist should have told me that given my recent pneumonia, she expected my results might show diminished lung function (assuming I had the right to directly access them), and that would be completely normal.

If you have that conversation up front, it can save a lot of stress and concern on the part of the patient, and perhaps even unnecessary testing for those eager beaver patients who don’t want to wait to consult their doctor about potentially concerning results.

When a Child Is Eligible for Medicaid But the Parent Isn’t

I saw this story over the weekend.  It discusses an unfortunate loophole in the Affordable Care Act whereby a child is eligible for Medicaid (and therefore ineligible for premium support on a state exchange), but the parents aren’t, oftentimes meaning that the family can’t go to the same doctors.  I was curious as to whether this was a problem in Colorado, so I pulled up the eligibility chart.

HC BLOG_parentHere it is.  And yes, this could be a problem, but probably only at the margins.  Children will be eligible for Medicaid if they come from a household with a modified adjusted gross income (MAGI) 142 percent of the poverty line or less.  (Note: There is a 5 percent income disregard when determining MAGI, so the child eligibility limit effectively is 147 percent.)  The exact amount depends on the size of the household, but for a family of four, it’s $2,787 a month.  Adults, in contrast, must have an MAGI less than 133 percent of the poverty line (effectively 138 percent because of the disregard).  For that same family of four, that’s a household MAGI of $2,611.  That means that if the household’s annual income is more than $32,981 and less than $35,204 (those figures add back in the income disregard), it’s going to fall in the hole where the kids have to get health coverage from Medicaid and the adults have to go on Connect for Health Colorado.

Some may object, arguing that it may be inconvenient to have different doctors, but the kids on Medicaid will get free health care.  Sure, but it’s not as big of a benefit as one might imagine.  It’s actually no benefit at all.  According to this really awesome subsidy calculator by the Kaiser Foundation, the average silver plan policy for the hypothetical four-person family in Colorado making $34,000 a year would run $1,248 in out-of-pocket costs (i.e., after the premium support subsidies) if it covered just the parents.  That same average policy would be – you guessed it – $1,248 if you add the kids.  This should make sense, because the subsidies are intended to cap out-of-pocket costs at a percentage of income, which goes up as the income increases and, in both of my examples, the family makes the same $34,000.  The actual premiums for the hypothetical family are substantially higher covering the kids – $8,324 vs. $5,338 – but the family doesn’t see them.

Here’s the craziest part of this.  Adding those two kids to their parents’ policy costs $2,986, even though the parents won’t see the increase.  But that’s still money going into the insurance company’s pocket – and for two insureds who are unlikely to cost much (kids tend to be healthy) – so the insurer will be happy to take the additional business.  And how much will it cost Medicaid to have them enroll?  According to this report from the Centers for Medicare & Medicaid Services, in 2011, the average child on Medicaid cost $2,851.  So you have a situation where the parents would prefer their children to be on their policy, the insurance company would prefer for the kids to be on the policy, and it costs the state and federal governments almost twice as much for the government to put them on Medicaid and not have them on the policy.  I can think of a few choice words to describe this mess.

This needs to be fixed ASAP.  Yes, the number of Colorado households in the couple-thousand-dollar sweet spot probably won’t be enormous, but everyone would benefit if we could avoid this fiasco.

Image courtesy of Flickr by Spirit-Fire

More on the ACA’s Contraceptive Coverage Mandate – Exempt vs. Eligible or Accommodated Employers

This story from last week about the U.S. Supreme Court’s temporary stay of the Affordable Care Act contraceptive coverage mandate reminded me about an opinion issued by a federal judge in the Northern District of Indiana on Dec. 20, 2013, which reminded me that I should post an update to a post I did several weeks ago.  (Full disclosure: I clerked for the judge in the Indiana case, Chief Judge Philip P. Simon, and he’s definitely in the running for “World’s Best Boss.”)  To summarize one of the main points of that post:  I was curious as to why the Department of Health and Human Services was treating churches (and other houses of worship) differently than non-church religious organizations with respect to the ACA’s requirement that (most) employers provide health insurance policies with a contraceptive coverage benefit.  That seemed problematic to me.

It turns out that the situation is more complicated than I envisioned, though the basic point stands.  In fact, there are not just twoHC BLOG_birth control2 types of employers for ACA religious exemption purposes – there are three.  In addition to secular employers (that do not object to providing contraceptive coverage) and houses of worship (which are completely exempt from the coverage requirement), there are employers that are “eligible” or “accommodated.”  These are religious-themed or religious-oriented entities that are not churches or synagogues or the like – for example, religious universities such as Notre Dame (the plaintiff in the Indiana case), Catholic student organizations, or hospitals owned by religious groups.  According to the final federal regulations, these groups must (1) oppose providing coverage for some or all of the contraceptive services required to be covered under the ACA and the accompanying ERISA statutes; (2) be organized and operated as nonprofit entities; (3) hold themselves out as religious organizations; and (4) self-certify that they satisfy three additional criteria.

These accommodated or eligible employers don’t have to provide insurance including contraceptive coverage to their employees.  They do, however, have to certify to DHHS that they will not provide that coverage.  At that point, the insurer or third-party administrator (TPA) must exclude contraception from the employer’s group policy, but then it must pay for the employees’ contraceptive services on its own without charging an additional fee or premium.  That may sound onerous, but the insurer or TPA is then permitted to deduct its federally facilitated exchange fees (i.e., the 3.5 percent fee paid by insurers to participate on the national insurance exchange).  In this way, the intent of the contraceptive coverage mandate is satisfied, but the eligible or accommodated employer isn’t spending its own money to provide objectionable coverage to its employees.

So then what’s the eligible or accommodated employers’ complaint?  That’s where it gets a little more abstract.  Remember, the accommodation process is kick-started by the employer’s self-certification that it’s an eligible entity.  Some employers argue that doing so effectively causes their employees to receive contraceptive coverage (albeit not paid for by the employers), which they believe to be immoral.  That’s the basis for their lawsuits.

And how have they fared?  That’s a mixed bag.  In the Northern District of Indiana case, Notre Dame lost.  Judge Simon essentially held that the act to which the school objected – providing contraceptive coverage to its employees – was being performed by another entity (the insurer or TPA), and thus Notre Dame was not suffering any burden.  He didn’t buy the argument that the physical act of submitting the required self-certification facilitated contraceptive coverage, thus violating Notre Dame’s deeply held religious or moral convictions.  This is at odds with Zubik v. Sebelius, a decision handed down Nov. 21, 2013, by the Western District of Pennsylvania, which reached a different result.  Judge Arthur J. Schwab held that being forced to provide information that would be used for a purportedly “immoral purpose” is, in fact, a burden to a religious organization.  He also relied on the seeming unfairness in treating houses of worship differently than what he called “good works (faith in action) employers.”

It’s beyond the scope of this blog to evaluate which opinion is more persuasive.  On the one hand, employers do a lot of things that theoretically might “facilitate” their employees’ use of contraception.  If Notre Dame pays its employees, for example, there’s always a chance that some of those individuals might take their hard-earned money and purchase birth control.  That looks an awful lot like “facilitation,” and it’s hard to see where you’d draw the line separating what’s allowed and what’s not.  On the other hand, the judge in the Western District of Pennsylvania has a good point that it’s a bit worrying that the government is distinguishing between houses of worship and other religious-affiliated entities – it’s almost like it’s classifying various organizations as “religious enough” (or not) to be exempted from the ACA contraception mandate altogether.  (In fairness, I think the thought process behind that distinction is that there are a lot more nonmember employees of religious hospitals and universities than churches.)

As I noted in my prior post, my guess is that this will be resolved in the next several months when the Supreme Court hands down its decision in Sebelius v. Hobby Lobby Stores.  I just wanted to elaborate a bit on the precise details of the regulatory regime that DHHS is using to determine who must provide contraceptive coverage and who is exempt from that mandate, and what the alternatives to coverage are.

Image courtesy of Flickr by Monik Markus 

Expanding on an Interesting False Claims Act Proposal

This article popped up on one of my news feeds recently.  It discusses a proposal by a few Washington, D.C., law firms to drastically revise the federal False Claims ActHere is the proposal in its entirety.  As you can see, it’s a hodgepodge of proposed defendant-friendly fixes, most of which (1) reduce the amount that can be recovered under the FCA; (2) reduce the share of qui tam relators; or (3) make it more difficult to prove an FCA charge.  I’m not going to spend much time on those.  Instead, I want to focus on a really interesting suggestion involving whistleblowers and corporate compliance departments.

HC BLOG_filesFirst, though, a bit of background.  Those who are familiar with the FCA can skip ahead.  The FCA is a Civil War-era statute initially designed to stop wartime fraud on the government.  (Incidentally, the linked article by Professor Krause is very short and – like virtually all of her stuff on health law, and especially the FCA – worth a read.  In fact, the background that follows is heavily based on her article.)  From the outset the FCA contained a unique qui tam provision that allowed private citizens, called “relators,” to bring suit on the government’s behalf and share in the proceeds.  In 1943, it was amended to bar so-called “parasitic” lawsuits based on information or knowledge already in the government’s possession.

Then came the rise of our labyrinthine administrative state.  In the face of massive allegations of fraud (especially in the defense industry), Congress significantly amended the FCA in 1986 to make it a more useful fraud-combatting tool.  It raised the statutory penalties from $2,000 to $11,000 plus treble damages per violation, increased whistleblower protection, and expanded the qui tam provision to include a bigger relator share and liberalize who may sue.

Given the emergence of Medicare and Medicaid as major – and growing – parts of the federal budget (for example, Medicare has gone from 8.5 percent to a projected 16.9 percent in 2020), it probably isn’t surprising that the FCA increasingly has been used to combat health care fraud.  By the late 1990s, the clear majority (61 percent) of FCA qui tam lawsuits involved those sorts of claims.  In 2008, for example, there were 228 qui tam lawsuits resulting in nearly $10 million in recoveries for the relators alone.  In 2009, total health care fraud recoveries by the government reached $1.6 billion.  Common theories of recovery under the FCA include:

  • outright mischarges (where providers bill for services that were not provided – so basically quintessential fraud);
  • medical necessity fraud (where providers submit bills for services provided but not medically necessary);
  • certification fraud (where providers bill for services improperly certified as compliant, often because they violate the federal Anti Kickback Statute or Stark Law anti-referral provisions);
  • substandard services fraud (where the provider bills the government for worthless or near-worthless services);
  • reverse false claims fraud (where a provider lies to the government to reduce any amounts it would otherwise owe); and
  • a host of other creative types of claims.

So what is the problem with an aggressive anti-fraud regime, particularly in the health care context?  Perhaps the most prominent criticism involves the lack of basic fairness inherent in a system where federal prosecutors can bring a “corporate death penalty” to the table by threatening the imposition of monetary penalties and (oftentimes) the exclusion altogether from the Medicare and Medicaid programs.  Put simply, when facing that sort of existential dilemma, many – if not most – health care providers decide to “roll over” and pay whatever the government is asking.  In that way, FCA claims become less of a deterrent against wrongful conduct, and more of an occasional but unpleasant cost of doing business.

That takes us back to the article and proposal linked at the top.  As I noted, the authors argue for a number of changes to narrow the FCA. They would make it harder for qui tam plaintiffs to bring FCA suits; make it harder for FCA plaintiffs to win the suits that are brought; and reduce the amount recoverable in successful suits, for the relators and the government.

I don’t think these proposals are very interesting.  Don’t get me wrong; some or even all of them probably are advisable as a policy matter.  I suspect that a lot of health care providers facing FCA claims would probably think so.  But are they really going to result in a productive discussion?  It’s going to be a purely political quagmire, in which we’ll see whether a motivated special interest group can overcome the inevitable demonization of what will be painted as a “pro-fraud” proposal.  I’ll just say that this sort of realpolitik analysis isn’t exactly in my bailiwick.

There is one aspect, however, that is more intriguing, at least to me.  The proposal’s authors include a recommendation to expand the qui tam provision to go beyond lawsuits brought in court.  Instead, they argue, qui tam recoveries (they suggest 10 percent) should be permitted when relators bring the alleged deficiency to the attention of internal compliance departments, and that deficiency results in a voluntary self-disclosure.  This is really clever.  One obvious impediment to whistleblowers is the fear that they will ruin their careers by running to law enforcement with allegations of wrongdoing on the part of their employers.  (Yes, there are legal protections against this.  They aren’t always effective, and maybe more importantly, they aren’t always perceived by whistleblowers to be effective.)  By incentivizing them to go to internal compliance departments, that barrier is largely removed.

But why stop at the FCA?  There are a number of (nonfraud) situations in which an overpayment has been received by a provider and it must pay back the money.  Why not expand the proposed qui tam internal reporting regime to those?  I understand that all of this is easier on paper than it is in real life.  The original FCA proposal, for example, contemplates what might happen if the compliance department refuses to take action (the relator would be able to bring an FCA lawsuit in that case).  In the broader overpayment context, there would need to be some safeguard against the relator becoming aware of overpayments and letting them rack up before informing the compliance department.  There also would need to be hypervigilance about a plan among two or more employees whereby one would permit the overpayment and the other (or others) would report it.

The bottom line remains the same, though.  The insight that everyone benefits from an internal reporting process – employees because they don’t risk alienating their employers (as much), providers because they can manage and disclose the conduct on their own terms, and even the government because it will encourage more reporting – is a valuable one.  It’s certainly worth pursuing further.

Image courtesy of Flickr by Andrew Michael Nathan

Another Day, Another “Temporary” Medicaid Suspension Post

This isn’t that recent, but I was reading something else that reminded me of the ongoing proceedings involving alleged Medicaid fraud in the New Mexico behavioral services industry.  Knicole Emanuel has written and presented on this.  Just as we saw with (alleged) orthodontic fraud in Texas in 2012, and as we are seeing with the substance abuse treatment industry in California, last summer New Mexico Medicaid regulators became aware of possible fraud in a particular field, and they responded with a large-scale effort to shut down many or most of the providers in the industry.  This campaign had the added wrinkle that New Mexico apparently decided to go the extra mile and bring in a new company to take over management of the target facilities.  So there wasn’t even a pretense of “temporarily” suspending payments or licenses – New Mexico Medicaid just wanted the people running the operations out of the business, and the sooner the better.

This reminded me that I owe everyone a proposal on how to address the problems inherent in using temporary suspensions as de facto Medicaid provider exclusions (but with a lower burden of proof, and without many of the due process protections afforded to providers before they can be excluded).  If you recall, the problem is that it’s very hard to reconcile two fundamental principles. First, we don’t want to let shady providers continue to bilk Medicaid out of taxpayer dollars by running a fraudulent operation, and we certainly don’t want to keep paying them for services we suspect might be fraudulent.  And second, it is wildly unfair to use temporary suspensions as an easier-to-prove substitute for provider exclusion from the Medicaid program.

This actually isn’t all that novel of a dilemma.  There are many situations where we want to make sure that an entity suspected of wrongdoing doesn’t continue to engage in it or profit from it, but at the same time, we don’t want to see the entity cease to exist as a viable operation, at least without a manageable wind-down.  In the health care context, the most obvious example is a nursing home or other long-term care facility that is tagged with an unacceptable number of deficiencies during a survey.  On the one hand, the state licensing agency is usually unwilling to let the facility try to fix the problems itself.  On the other hand, shutting down a nursing home can be an enormously difficult and painful process.  It’s not like you can just turn the sign on the door to “CLOSED” – you usually have to find beds for hundreds of hard-to-transport patients, which can be a nightmare for them and their families.  In those cases, the licensing agency often will bring in an outside consultant to prepare and implement a plan of correction.  Here is an example of one such company providing those sorts of services.  The independent consultant will sometimes even stay at the company for some set period of time to monitor compliance.  And this is just an industry-specific example of the broad corporate compliance monitor trend that has emerged over the past decade or so.

So why can’t we do that in the context of a Medicaid temporary suspension?  If there is “reliable evidence” or “credible allegation” of fraud – though not necessarily enough to support an immediate provider exclusion sanction absent further investigation – why not give the provider subject to the suspension the option of paying for an independent consultant or compliance monitor to come in and oversee operations until the investigation is resolved?  This monitor could make sure that the provider is conducting a legitimate business, and it could make sure the provider reserves enough money to satisfy any penalty or sanction that might be assessed.  This solution even would have the added benefit of signaling the providers most likely to be committing fraud – obviously, they won’t want an independent observer coming in and having full access to their books.

Now, a few caveats.  First, in cases where the suspected fraud is particularly egregious and/or uncontroverted, this shouldn’t affect the ability of Medicaid regulators to come in and shut down blatant criminals.  But they can do that under the existing provider exclusion framework; if that’s too difficult or onerous for regulators, it’s a problem, but one that should be addressed directly by changing that framework.  Second, there is no dispute that it will be tough to strike the balance between releasing enough withheld claims to give the provider the funds they need to maintain operations, while at the same time, making sure there is enough money held back to account for any fraudulent claims (or even just to reimburse Medicaid for any nonfraudulent overpayments, which in my experience, often is really what’s going on).  The devil is in the details on that score, and it’s going to have to be figured out on a case-by-case basis by the state, the company under investigation, and the independent consultant/monitor.

Finally, even under this sort of regime, the temporary suspension power should still be used judiciously.  It’s expensive to hire a skilled professional to come in and basically run a health care provider for months or (potentially) years at a time.  Some smaller – though ultimately innocent – providers no doubt will be driven out of the business, just as they are now.  But that’s the best compromise I can think of, at least for now.

Yet Another Lawsuit Filed in Colorado Attacking the Affordable Care Act’s Contraception Mandate

This lawsuit was filed yesterday.  It is yet another action claiming that the Affordable Care Act’s contraception mandate is unconstitutional and violates the Religious Freedom Restoration Act.  This appears to be the fourth lawsuit filed in the District of Colorado alone.  Michael Norton and the Colorado branch of the Alliance Defense Fund really seem to be taking advantage of the Tenth Circuit’s Hobby Lobby decision, which held that the first two preliminary injunction requirements – likelihood of success and irreparable harm – were met with respect to a private business’s efforts to enjoin the ACA’s contraception mandate.

HC BLOG_birth controlThe only real wrinkle in the most recent case is the organization bringing it.  The main plaintiff, the Fellowship of Catholic University Students, is not technically a church, organization of churches, or the like, so the religious employer exemption to the Affordable Care Act’s contraception mandate does not apply.  That doesn’t make a lot of sense.  Without opining on the ultimate issue of whether private employers generally should be able to refuse to provide insurance covering various ACA-required services on religious grounds (other than to say that I think the constitutional case is easy, but the RFRA case isn’t), it strikes me that insofar as the Department of Health and Human Services is exempting churches from the contraception mandate, it should also exempt explicitly religious – and especially sectarian – organizations as well.

Here’s what I don’t understand, though.  Why is the ADF bringing case after case in Colorado?  It’s not like we aren’t going to get a definitive answer on the constitutionality of the ACA contraception mandate in the near future.  Indeed, the Supreme Court agreed to hear the Hobby Lobby case just last week.  That almost certainly will resolve the issue once and for all.  Now, I suppose it’s possible that the Supreme Court could render a narrow decision that might allow FOCUS to distinguish itself from the purely commercial plaintiff in that case, but that seems exceedingly unlikely to me (though I should note that others have a different view).  But rather than tie up the busy federal courts with case after case that is likely to be mooted out by next June, why not just wait until then to see what happens?

I get that the owners and managers of these corporations probably don’t want to have to provide contraception coverage in the interim.  Given the existing Tenth Circuit precedent, DHHS really should consider postponing the contraceptive coverage mandate – at least for employers in Colorado, Oklahoma, New Mexico, Kansas, Utah and Wyoming – until the Supreme Court has its say.  And maybe I’m a bit biased because I experienced how much work it is for a federal judge and his or her chambers to handle a preliminary injunction request.  But this all just seems like a colossal – and pointless – waste of time for everyone involved.

Image courtesy of Flickr by Nate Grigg