The Top 12 Mistakes When it Comes to Healthcare Compliance
“The one thing I’ve seen in thousands of healthcare audits and federal investigations is that every healthcare provider has critical misconceptions about compliance. No, having HIPAA policies does not shield you against billing mistakes or accusations of fraud. But, yes, you can effectively protect your license, your reputation, and your freedom against the mistakes of internal and third-party billing administrators.” – Dr. Nick Oberheiden, Founding Attorney
“It is beyond our comprehension why doctors and other healthcare providers continue playing Russian Roulette. Although they are (or should be) well aware of the dramatic increase in the number of fraud prosecutions targeting healthcare business owners, the vast majority of physicians still do not have adequate compliance programs in place.” – Joe Brown, Former U.S. Attorney & Former District Attorney
12 Reasons Why Your Healthcare Business or Medical Practice Need a Compliance Program
Under the federal healthcare system, all healthcare businesses and medical providers are subject to a complex web of laws, rules, and regulations. Failing to comply with any of these sources of authority can lead to recoupments, fines, loss of program eligibility, and even federal imprisonment. So, how can you protect your business or practice and keep yourself out of prison? Here are 12 critical mistakes that all Medicare, Medicaid, and Tricare-participating companies and providers need to avoid:
12. Poor Documentation
Unfortunately, being a good doctor does not provide assurance against being targeted in an audit or investigation. No matter how good of a doctor you are, and no matter how clearly a patient is in need of the diagnosis and treatment you provide, if you do not document your services in accordance with the applicable program billing guidelines (i.e. Medicare, Medicaid, or Tricare), you are at risk for being targeted for federal healthcare fraud. There is an enormous difference between a patient needing and qualifying for a nuclear stress test, a compound prescription, a DME device, or home health services on the one hand, and a physician adequately documenting this need for program billing purposes on the other.
We have represented physicians and other providers in well over 2,000 audits and healthcare fraud investigations; and, in the vast majority of cases, lack of documentation has been a central issue. Oftentimes, physicians take handwritten notes or use cookie-cutter descriptions that fall short of what is necessary to demonstrate compliance. The lesson learned after representing so many doctors is that careful documentation is absolutely essential to avoiding civil and criminal penalties, and what most doctors consider “adequate” actually falls far short of what is needed to avoid federal scrutiny.
11. Mischaracterizing Employees (W-2s) and Independent Contractors (1099s)
Proper classification of employees (who receive W-2s) and independent contractors (who receive 1099s) is a matter of federal tax law, and improperly classifying billing administrators, consultants, marketers, and other individuals who provide services to your business or practice can trigger liability in the healthcare fraud arena as well. The primary issue here involves improperly classifying individuals as independent contractors. The Internal Revenue Service (IRS) views this as an illicit attempt to avoid employment taxes, and the Office of Inspector General (OIG) and other agencies view it as an attempt to skirt the federal prohibitions on improper use of program-reimbursed funds.
As a general rule, any percentage-based compensation arrangement with an independent contractor is going to garner federal scrutiny and potentially trigger liability under the Anti-Kickback Statute, the Stark Law, the False Claims Act, or one (or more) of the various other federal laws that apply to program-participating healthcare providers. Other types of fee arrangements that appear to base 1099 contractors’ compensation on the volume of business referred are red flags for federal authorities as well.
10. Utilizing Unlawful Marketing Contracts
Marketing is an important factor for all businesses. However, marketing techniques that are commonplace (and perfectly legal) in other industries can trigger severe consequences in the healthcare arena. Marketing contracts with individuals, agencies, and businesses that promise access to Medicare, Medicaid, and Tricare beneficiaries are particularly problematic, as virtually any compensation tied to the volume of referrals for program beneficiaries will be viewed as a violation of the Anti-Kickback Statute, the False Claims Act, and other federal laws.
9. Failing to Establish Medical Necessity
Perhaps the biggest shift in federal healthcare fraud investigations in recent years has been the government’s enhanced focus on the issue of “medical necessity.” Over the past several years, the federal government has taken the position that the medical judgment of prescribing and ordering physicians and the professional experience of pharmacists, lab technicians, and business owners is subject to scrutiny.
Take, for example, the resurgence of compound medications. Praised by many physicians and pharmacists as effective tools for avoiding opioid prescriptions, federal investigators have prosecuted compounding pharmacists and prescribing physicians nationwide for allegedly supplying “medically-unnecessary” compound drugs.
The same is also true for opioids. Physicians across the country have had their offices raided based upon allegations fraudulently prescribing opioids, diverting opioid medications, and engaging in other violations of the Controlled Substances Act. In each case, the government has assumed that targeted physicians acted outside of the scope of their practice and violated accepted standards of care by providing patients with “medically unnecessary” opioid drugs.
When proving medical necessity, adequate documentation is imperative. If you do not have clear written documentation as to why a medication was prescribed, you are never going to convince auditors or federal investigators that it was medically necessary. Physicians, pharmacists, and other providers should have clear, practice-wide protocols for prescribing, storing and dispensing medications, and they should ensure that these protocols (i) adhere to the applicable program billing guidelines’ definition of “medical necessity,” and (ii) are followed practice-wide on a consistent basis.
8. Disregarding the Patient
At the end of the day, the federal healthcare laws, rules, and regulations that apply to program-participating providers are designed to protect the patient. The government’s stated goal is to allow patients to see doctors of their choice without concern that they may be biased in their professional judgement due to financial conflicts of interest. With this in mind, the U.S. Department of Justice (DOJ) pursues civil and criminal healthcare law violations whenever it determines that prosecution is necessary for the protection of patients’ rights and the integrity of the entire healthcare system.
Any medical decision, any referral, any physician joint-venture, any investment in a medical practice, and any operational measure will always be judged by this patient-first standard. The government wants patients to make informed decisions, to choose between providers, and to understand why a compound prescription might not be filled by the CVS or Walgreens down the street but by a pharmacy 2,000 miles away. With these underlying principles in mind, for healthcare providers and businesses, transparency and disclosure are of utmost importance, and any apparent attempts to obfuscate information – from patients or from the federal government – are going to be heavily scrutinized in the event of an audit or investigation.
At Oberheiden, P.C., in addition to helping our clients adopt structure compliant business relationships and adopt necessary policies and procedures, we also help them understand what level of transparency is needed. We can help you understand what you need to disclose, what you don’t, and how to prove to auditors and investigators that you have met your legal obligations.
7. Entering into Sham Contracts
All healthcare providers need referrals, and many are looking for creative ways to obtain them without drawing the federal government’s attention. However, many of the federal agents and prosecutors who are responsible for enforcing the nation’s healthcare laws are extremely good at what they do, and they know when a relationship is legitimate and when one is a sham.
One of the most-common forms of sham contracts that continues to get doctors and healthcare businesses in trouble is the “medical director” or “consultant” agreement. While these agreements are ostensibly intended to allow companies to obtain expert medical advice and guidance from physicians without entering into an employment relationship, they are often used as fronts for illegal referral arrangements. If the true financial purpose of a medical directorship or consultancy is to incentivize patient referrals, then it is going to trigger government scrutiny regardless of the language written into the parties’ agreement.
6. Failing to Secure Legal Protections in Billing and Coding Agreements
If your healthcare business or medical practice is like most, you rely on an outside billing company to process your Medicare, Medicaid, and Tricare reimbursement requests and to send invoices to private insurers. While you might assume that the billing company will be liable if it makes a mistake, are you certain that this is the case?
Due to the risks involved in improperly billing Medicare, Medicaid, Tricare, and private health insurers, billing companies will usually attempt to pass off ultimate liability to their clients. However, while billing company agreements often protect the billing company, it is the client (your business or practice) that should be protected. If you provide your notes to your billing company, it should have an obligation to translate your notes appropriately, and it should seek clarification when there are questions. It should not simply make what it thinks is a “best guess” and then leave your business or practice exposed to government scrutiny. There are ways you can protect yourself during the contracting (or re-contracting) process; but, if you fail to do so, don’t be surprised when federal agents come knocking at your door.
5. Believing that Having HIPAA Policies Means Compliance
If you have skipped ahead, you may have noticed that lack of HIPAA compliance is not on our list. HIPAA is arguably the most-common and best-known healthcare statute, and compliance is almost universal among healthcare providers. As a result, while HIPAA compliance is undeniably important, it also rarely comes up as an issue during federal healthcare fraud audits and investigations.
On the same token, having a HIPAA compliance program does not mean that your healthcare business or practice is fully compliant. In context, HIPAA is just one small component of a comprehensive compliance program. If your business or practice is HIPAA compliant, that is a good start, but you are still at risk for billing fraud, prescription drug fraud, and various other types of federal healthcare fraud investigations.
4. Underestimating Insurance Audits
Until recently, an insurance audit was a matter of random selection. In today’s world, it is a targeted fraud investigation from the beginning. Instead of having an office manager handle the audit who does not understand the risks involved, providers need to hire experienced defense counsel who can ensure that the audit does not turn into a full-blown government inquiry and a referral to the U.S. Attorney’s Office.
3. Telemedicine Violations
Can telemedicine work? Yes. Is it safe to assume that telemedicine in its current format is compliant? Rarely.
Why is this the case? Quite frankly, the federal government’s current telemedicine regulations are five years behind today’s technology. Telemedicine as a concept is great and it absolutely has the potential to revolutionize medicine. However, there is a big difference between calling a local doctor offering primary care telemedicine services to treat flu symptoms or a skin rash (which is the focus of the current telemedicine regulations) and the national telemedicine practices that are being targeted by the DOJ.
With modern telemedicine practices, when a patient is connected with a telemedicine provider, the patient does not choose who he or she sees. The telemedicine doctor does not have an existing doctor-patient relationship, and he or she receives a triage report from a non-medical assistant who interviewed the patient. No physical exam is provided (because it is not possible), and triage takes anywhere from two to ten minutes. Upon reviewing the triage report, the physician connects with the patient and provides a consultation, diagnosis, and treatment plan.
While there is nothing inherently wrong with this model of patient care, from a legal perspective it exists in a minefield. In many cases, the physician does not know in which state the patient resides, nor does he or she know what insurance the patient carries. The patient may reside in a state in which the doctor is not licensed to practice medicine. The patient may be a federally-funded patient and the doctor may be unaware or unfamiliar with the relevant program billing and “medical necessity” regulations. The physician also routinely sees the same kind of patients, contrary to a traditional physician practice where patients with varying needs come for treatment. All patients come to the doctor with the same request: compound drugs, medical devices, or other specialized services or equipment. The doctor receives information from the telemedicine company that are prefiltered and geared towards medical necessity and receives $25 to $50 per consultation – not knowing that the entire structure is designed to churn out bills for program reimbursement.
Although this certainly does not describe all telemedicine practices, the DOJ assumes that it does – unless and until convinced otherwise. As a result, it is incumbent upon telemedicine providers to affirmatively demonstrate that their businesses and practices are Medicare, Medicaid, and Tricare-compliant.
2. Lack of Oversight and Contractual Protections
As a healthcare provider, you cannot escape your obligation to comply with federal law. You cannot rely on ignorance as a defense, and you cannot delegate your compliance obligations to a third-party billing company. Ultimately, you need to comply, and you cannot wash your hands of compliance by delegating responsibilities.
A related concern is the fact that third-party services providers – and potentially even your internal employees – will not necessary share your personal commitment to compliance. No matter how good your intentions are, if you trust someone who should not have been trusted, this ultimately falls on you. From hiring marketing companies that buy lists of Medicare beneficiaries and then present them as legitimate leads to engaging billing administrators that are unfamiliar with the latest updates to the Medicare, Medicaid, or Tricare billing regulations, if fraudulent billings originate with your business or practice, federal authorities are going to come after you.
1. No Demonstrated Efforts to Comply
From contracting with marketers and billing companies to engaging in compound pharmaceutical and telemedicine practice, the key to avoiding recoupment liability in audits and fending off charges during a federal investigation is to demonstrate your efforts to comply. If you cannot demonstrate that you have made good-faith efforts to comply, you are not going to be able to defend yourself – regardless of the veracity of the allegations against you. Adopting a comprehensive healthcare compliance program means understanding your business’s or practice’s risks; addressing them effectively with detailed contracts, policies, and procedures; and, implementing these contracts, policies, and procedures in your business or practice through corporate structuring, employee training, and other appropriate means.
The Top 5 Mistakes Tricare/VA Addiction Centers Need to Avoid
While we are on the subject of compliance, we would be remiss not to address the recent trend of healthcare providers establishing VA addiction centers focused specifically on treating veterans who are on Tricare. The fact that many of these centers are hugely profitable has garnered the attention of providers from all segments of the healthcare industry – and it has garnered the attention of federal authorities as well. Federal authorities are current targeting VA addiction centers in Arizona, California, Colorado, Florida, Nevada, and Texas, among other states.
VA addiction centers that bill Tricare face a number of compliance burdens; and, with enhanced scrutiny from the DOJ and the U.S. Department of Defense (DOD), these centers must be absolutely certain that their compliance programs are protecting them. For example, here are the top 5 mistakes that VA addiction centers need to avoid when billing Tricare:
- Billing and Coding Errors – Tricare is subject to different billing and coding rules than Medicare and Medicaid; and, for VA addiction centers, using the wrong modifier in your Tricare billings will almost certainly lead to intense federal scrutiny.
- Improper Use of Non-Profits – Establishing a non-profit to cover veterans’ Tricare deductibles and co-pays is a common mistake made by VA addiction center owners as well. From a federal compliance perspective, this creates numerous issues, and it is a red flag for federal authorities.
- Relying on Billing and Coding Agreements – Due to the rise in popularity of VA addiction centers, some companies have begun advertising themselves as “specialists in Tricare.” However, this is typically nothing more than a marketing strategy, and it does not actually reflect any special or in-depth knowledge of the Tricare billing regulations. For VA addiction centers that fail to secure appropriate contractual protections, relying on these billing and coding companies can lead to substantial exposure and liability.
- Entering into Illegal Marketing Agreements – Just like other types of healthcare providers, VA addiction centers that rely on illegal agreements with marketers can face Anti-Kickback Statute and False Claims Act investigations. While percentage-based compensation arrangements are among the most-common violations, a host of other types of arrangements violate these and other laws as well.
- Failing to Adopt a Comprehensive Compliance Program – Once again, documentation is absolutely essential to avoiding exposure to civil and criminal penalties in federal healthcare fraud audits and investigations. When auditors or investigators come knocking at your door, being able to point to your VA addiction center’s documented policies and procedures, implementation efforts, and compliant contractual relationships will be essential to preventing the audit or investigation from leading to a referral to the U.S. Attorney’s Office for prosecution for Tricare fraud.
Speak with Attorney Dr. Nick Oberheiden – Call or Text 24/7 (Including Weekends)
If you are serious about compliance, you should contact attorney Dr. Nick Oberheiden, founder of Oberheiden, P.C. as soon as possible. Dr. Oberheiden and his team of experienced former federal agents and prosecutors know what auditors and investigators are looking for – and they know how to protect healthcare companies and medical providers through proactive Medicare, Medicaid, and Tricare compliance. To get started with a free and confidential assessment of your business’s or practice’s existing compliance efforts, call or text Dr. Oberheiden at 888-680-1745 or request an appointment online now.