How CGX Laboratories Can Be Compliant
Medicare began providing coverage for genetic cancer screening (CGX) in 2018. While this was a positive development for testing laboratories, some labs that have been billing Medicare for CGX have run into compliance issues. If your testing laboratory bills Medicare for CGX, this article provides an overview of what you need to know.
Roger Bach (former DOJ-OIG)
For clinical testing laboratories and other healthcare service providers that bill Medicare and other government benefit programs, compliance is a persistent concern. Each program has its own unique billing rules and procedures, and the standards for determining when screenings and other services are (and aren’t) covered are often difficult to discern. There are other legal and practical issues as well; and, for labs that fail to maintain complete compliance, the consequences can include recoupments, fines, loss of Medicare eligibility, and even criminal prosecution.
CGX Testing Laboratory Compliance Documentation, Implementation, and Event Response
How can testing laboratories ensure that they remain federally compliant? What is unique about Medicare compliance with regard to billing for genetic cancer screenings (CGX)? What does it take to build and implement an effective CGX compliance program? Here are some of the key issues that CGX laboratories need to address in order to avoid costly penalties in the event of a Medicare audit or investigation:
1. Compliance Program Guidance from the U.S. Department of Health and Human Services’ Office of Inspector General (OIG)
The U.S. Department of Health and Human Services’ Office of Inspector General (OIG) has published compliance recommendations specifically for clinical testing laboratories. In its Compliance Program Guidance for Clinical Laboratories, the OIG lists seven “fundamental elements” of an effective compliance program. While this guidance applies to testing labs’ compliance efforts generally, as CGX is currently a hot topic in Medicare fraud enforcement, it is particularly important for labs that provide genetic cancer screening services to ensure that their practices are compliant in all aspects.
The OIG’s seven recommendations for an effective laboratory compliance program are:
- Written Compliance Documentation – “[D]evelopment and distribution of written standards of conduct, as well as written policies and procedures that promote the clinical laboratory’s commitment to compliance (e.g., by including adherence to compliance as an element in evaluating managers and employees) and that address specific areas of potential fraud, such as marketing schemes.”
- Chief Compliance Officer – “[D]esignation of a chief compliance officer and other appropriate bodies (e.g., a corporate compliance committee) charged with the responsibility of operating and monitoring the compliance program.”
- Training and Education – “[D]evelopment and implementation of regular, effective education and training programs for all affected employees.”
- Internal Reporting – “[M]aintenance of a process, such as a hotline, to receive complaints, and the adoption of procedures to protect the anonymity of complainants.”
- Internal Response – “[D]evelopment of a system to respond to allegations of . . . illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies [or applicable law].”
- Internal Audits and Monitoring – “[U]se of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas.”
- Investigation and Remediation – “[I]nvestigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals.”
Within each of these seven areas, CGX laboratories must thoroughly assess their needs and develop compliance policies, procedures, and protocols that are custom-tailored to the unique aspects of their business, commercial relationships, Medicare billing practices, and human resources management. In order to be effective (both in terms of preventing violations and in terms of providing an effective defense during Medicare audits and investigations), laboratory compliance programs need to be heavily customized, and testing labs need to effectively foster an internal culture of compliance.
While employees who make mistakes resulting in potential legal exposure must be disciplined accordingly, employees must also feel comfortable coming forward when issues arise. This can be a delicate balance; and, to achieve this balance, CGX laboratories should work with outside counsel with regard to both compliance program development and compliance program implementation.
2. Clinical Testing Laboratories’ Role in Establishing Medical Necessity for CGX Testing
Many testing laboratory owners and managers believe that it is the responsibility of the physicians who order CGX screenings and other tests to make a determination with regard to medical necessity (medical necessity is a fundamental requirement for Medicare reimbursement eligibility). While this is partially true, testing laboratories play a central role in establishing and documenting medical necessity as well. As the OIG explains (emphasis added):
“Laboratory compliance plans should ensure that claims are only submitted to [Medicare] for services that the laboratory has reason to believe are medically necessary. Upon request, a laboratory should be able to provide documentation . . . supporting the medical necessity of a service the laboratory has provided and billed to [Medicare]. We recognize that laboratories do not and cannot treat patients or make medical necessity determinations. However, there are steps that such facilities can and should take to help maximize the likelihood that they only bill [Medicare] for tests that meet the reimbursement rules . . . .”
In fact, the OIG actually goes one step further, suggesting that clinical testing laboratories may be responsible for ensuring that physicians know when screenings qualify as medically necessary:
“[P]hysicians must be made aware that Medicare will only pay for tests that meet the Medicare definition of ‘medical necessity’ and . . . laboratories  are in a unique position to deliver this information to their physician clients. In our opinion, laboratories can and should advise physicians that when they instruct the laboratory to seek Medicare reimbursement for tests ordered, they should only order those tests that they believe are medically necessary for the diagnosis and treatment of their patients.”
As the rules and generally-accepted practices regarding CGX are still developing, testing labs must be extremely careful to ensure that all genetic cancer screenings billed to Medicare fall within the letter of the definition of medical necessity. While the Centers for Medicare and Medicaid Services (CMS) provided some guidance on this issue when CGX became Medicare-eligible last year, the billing rules regarding CGX are complex, and testing labs will need to work with experienced compliance counsel to ensure that they are meeting their obligations as established by CMS, the OIG, and federal law.
3. Compliant Relationships with Physicians, CGX Equipment Suppliers, Marketers, and Other Third Parties
While the OIG’s Compliance Program Guidance for Clinical Laboratories and the Medicare billing rules for CGX are two important sources of regulatory guidance, clinical testing laboratories face compliance concerns under various federal statutes as well. Among these statutes, two of the most-significant are the Anti-Kickback Statute and the Stark Law.
The Anti-Kickback Statute is the broader of these two laws, and it applies to all healthcare service providers that bill Medicare for reimbursements. Under the Anti-Kickback Statute, testing laboratories, lab owners, physicians, and other individuals can face civil or criminal penalties for entering into written or unwritten agreements that entail Medicare-reimbursed funds being used to pay kickbacks, referral fees, or other improper forms of “remuneration.”
Although not all financial relationships involving referrals are illegal (the Anti-Kickback Statute’s prohibitions are subject to a number of “safe harbors”), many are. Furthermore, due to the specificity of the Anti-Kickback Statute’s safe harbors, relationships with ordering physicians, CGX equipment suppliers, marketers, and other third parties must typically be structured with a specific safe harbor in mind. Standing orders, telemedicine CGX orders, commission-based compensation, and other similar types of issues are typically viewed as “red flags” for Anti-Kickback Statute violations by the OIG, CMS, and other federal authorities, and they can often trigger invasive audits and investigations.
The Stark Law is similar to the Anti-Kickback Statute in that it applies to Medicare beneficiary referrals; however, it is more limited in its scope. The Stark Law only applies to physicians and their related entities, and it only includes provisions for civil enforcement. Even so, Stark Law violations can have severe consequences; and, for CGX laboratories that are fully or partially owned (directly or indirectly) by physicians, Stark Law compliance needs to be top of mind.
4. Medicare Billing and Coding Compliance for CGX Screenings
Of course, no Medicare compliance discussion would be complete without mentioning billing and coding compliance. While medical necessity is a key aspect of billing and coding compliance for CGX laboratories, there are numerous other issues to consider as well. Whether a laboratory relies on in-house billing personnel or contracts with a third-party billing administrator, when it comes to billing for CGX, any billing mistakes have the potential to draw federal scrutiny. This includes mistakes such as:
- Submitting an incorrect billing code
- Billing for a CGX screening at an incorrect reimbursement rate
- Billing for CGX screenings not actually performed
- Billing for CGX when a lower-cost screening was actually performed
- Billing for a CGX screening that has not been approved by the U.S. Food and Drug Administration (FDA)
Even when a CGX laboratory utilizes the services of a third-party billing administrator, the laboratory still remains directly responsible for Medicare billing and coding compliance. Laboratories can mitigate some of their risk by negotiating appropriate protections into their contracts with billing administrators; however, the OIG and CMS have made clear that delegating coding responsibility does not relieve providers of their compliance duties. Due to the relative newness and high cost of CGX screenings, in today’s world, testing laboratories must be especially careful to avoid billing and coding mistakes that can trigger CGX fraud investigations.
Speak with a Federal Attorney at Oberheiden, P.C. about CGX Laboratory Compliance
Do you have questions about federal CGX laboratory compliance? Are you concerned that your laboratory’s CGX billings could be a liability in the event of a Medicare fraud audit or investigation? To speak with a federal compliance attorney at Oberheiden, P.C. in confidence, call 888-680-1745 or request a free assessment online today.