Physicians and hospitals across the country continue to be under close scrutiny by the Department of Justice (DOJ) for billing fraud and medical misuse. Since 2007, Medicare Fraud Strike Force teams have brought together a multi-agency team consisting of the Office of Inspector General (OIG), the DOJ, Offices of the United States Attorneys, the Federal Bureau of Investigation (FBI), local law enforcement, and others, to fight Medicare fraud related to medical necessity, clinical appropriateness and inaccurate billing.
Each year, the Office of Inspector General of the U.S. Department of Health & Human Services (HHS) also publishes a work plan that identifies federal focus on misuse. The 2015 work plan continued a focus on inpatient and outpatient cardiac procedure fraud and abuse; this focus was initiated in the 2005 work plan, which began a review of cardiac procedures that involved stents. The focus was to determine if the services submitted for Medicare reimbursement were medically necessary and supported by adequate documentation, and is ongoing for other cardiac procedures.
This October, the DOJ announced that it had settled with 457 hospitals in 43 states for allegedly inappropriately implanting ICDs in Medicare patients as it relates to the guidelines set by the National Coverage Determination (NCD).1 The settlement total was more than $250 million. Medicare’s NCD guidelines state that ICDs should not be implanted in patients who recently suffered a myocardial infarction within 40 days or had coronary artery bypass surgery or angioplasty within 90 days; it is important to note that the physicians performing these procedures may have followed the ACC/AHA/HRS Guidelines for device implantation, but the CMS NCD guidelines for ICDs have not been updated since 2005, and therefore, are based on outdated medical necessity criteria.
This investigation was targeted under the False Claims Act, and the hospitals were identified in a lawsuit filed in federal district court in the Southern District of Florida by Leatrice Ford Richards, a cardiac nurse, and Thomas Schuhmann, a health care reimbursement consultant. Richards and Schuhmann, as qui tam relators, have reportedly received more than $38 million from the settlement.
Qui Tam Lawsuits
The False Claims Act allows private parties to file an action on behalf of the United States; these qui tam relators are more commonly known as “whistleblowers”. In 1998, the Centers for Medicare & Medicaid Services (CMS) began paying rewards to individuals who reported tips that led to the recovery of funds. The whistleblower is entitled to a percentage of the recovery of the penalty and will vary based on the nature of the case. The DOJ recovered $333 million in fiscal 2014 settlements and judgments in cases involving hospitals. In just 3 cases involving cardiac procedures, the government recovered $85 million based on claims involving procedures performed in cardiac catheterization and electrophysiology labs. Of the $5.69 billion the government recovered in fiscal year 2014, nearly $3 billion was related to lawsuits filed under the qui tam provisions of the False Claims Act. During the same period, the government paid $435 million to those who exposed fraud and false claims by filing a qui tam complaint.2
OIG Investigative Process
The success of this nationwide investigation by the DOJ is leading to speculation that the approach used will be a new model for future investigations. Based on the False Claims Act, the ICD investigation focused on two allegations:
- Hospitals provided services that were not medically necessary because they had not met the clinical conditions of a Medicare NCD.
- The patient admission to the hospital was not medically necessary under CMS admission standards.
The investigative process used for the ICDs was different than previous investigations because most hospitals voluntarily provided their compliance information and internal communications (emails). Also, the hospitals’ in-house counsel worked directly with the DOJ attorneys, which led to a cooperative approach with open communication during the case reviews and in-depth discussion around the clinical issues. The initial medical chart reviews were conducted by the hospitals, with the findings reviewed by the DOJ. The hospitals were also allowed to submit additional documents on rebuttal. The DOJ provided a final assessment of their findings, the “DOJ Resolution Model Summary Chart”, that detailed which procedures would be allowed and others that were disqualified as well as where enforcement of the False Claims allegation would result in repayment to CMS.
Use of Predictive Analytics
The HHS OIG are using predictive analytics in its fight against health care fraud and abuse. The strike force specifically studied and developed risk models to determine who might bill for questionably high volumes of procedures. For the ICD investigation, the DOJ most likely used the NCDR database to initially identify providers with a high volume of these procedures. CMS has access to the registry data due to its requirement that hospitals submit data to the registry as a condition of payment.
“As described in the NCD, indications for the primary prevention of sudden cardiac arrest require that data be reported on patients receiving ICDs. In January 2005, CMS established the ICD Abstraction Tool through the Quality Network Exchange (QNet) as a temporary data collection mechanism. On October 27, 2005, CMS announced that the American College of Cardiology’s National Cardiovascular Data Registry (ACC-NCDR) ICD Registry satisfies the data reporting requirements in the NCD. Hospitals will need to transition to the ACC-NCDR ICD Registry by April 2006.”3
Quality of Care Corporate Integrity Agreements
For some institutions, the national Health Care Fraud and Abuse Control Program, jointly managed by the U.S. Attorney General and the HHS, authorizes the OIG to enter into Corporate Integrity Agreements (CIA) with hospitals and physicians who have been investigated and found in violation of a variety of civil False Claims statutes. The OIG examines information submitted by providers to determine whether their compliance processes are appropriate, to identify problems, and create a method for corrective action. When the OIG determines action is necessary, they impose sanctions in the form of stipulated penalties or exclusions; however, when a provider or entity enters into a CIA, the OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other federal health care programs.
Every CIA has many of the same stipulations, but each one addresses the specific issues identified. A quality-of-care CIA typically lasts 5 years and includes requirements to:
- Hire a compliance officer/appoint a compliance committee;
- Develop written standards and policies;
- Implement a comprehensive employee training program;
- Retain an Independent Review Organization (IRO) to conduct annual reviews;
- Establish a confidential disclosure program;
- Restrict employment of ineligible persons;
- Report overpayments, reportable events, and ongoing investigations/legal proceedings; and
- Provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities.4
It is at this point that organizations seek an IRO to provide an unbiased review of the specifications of the CIA and audit patient charts for necessity. IROs work with hospital leadership and legal counsel.
Released September 9, 2015, a memo entitled “Individual Accountability for Corporate Wrongdoing”5 from the Deputy Attorney General Sally Quillian Yates specifies that individuals will be held accountable for corporate crimes. Specifically, for a corporation to receive any credit for cooperation, they must provide any relevant facts about the individuals involved in misconduct “regardless of their position, status or seniority.”5 The increasing prosecution and sentencing of physicians and hospital executives is evident that fraud enforcement is here to stay.
What Can You Do?
How can hospitals avoid future False Claims Act liability? As this ICD investigation shows, guidelines used by CMS can be outdated, and to validate medical necessity, hospitals must have compliance safeguards in place. These safeguards may include but not be limited to the use of protocols, checklists, usage/tracking reports, peer review programs, and chart audits to review documentation. In addition, consider educating physicians and caregivers on the Medicare coverage rules and how these may be different from clinical practice guidelines. Most importantly, always have in place a process to follow.
- Nearly 500 Hospitals Pay United States More Than $250 Million to Resolve False Claims Act Allegations Related to Implantation of Cardiac Devices. Department of Justice, Office of Public Affairs. Published October 30, 2015. Available online at http://www.justice.gov/opa/pr/nearly-500-hospitals-pay-united-states-more-250-million-resolve-false-claims-act-allegations. Accessed November 13, 2016.
- Justice Department Recovers Nearly $6 Billion from False Claims Act Cases in Fiscal Year 2014. Department of Justice, Office of Public Affairs. Published November 20, 2014. Available online at http://www.justice.gov/opa/pr/justice-department-recovers-nearly-6-billion-false-claims-act-cases-fiscal-year-2014. Accessed November 13, 2016.
- ICD Registry. CMS.gov. Published March 6, 2015. Available online at https://www.cms.gov/Medicare/Medicare-General-Information/MedicareApprovedFacilitie/ICDregistry.html. Accessed November 13, 2016.
- Corporate Integrity Agreements. Office of Inspector General, U.S. Department of Health & Human Services. Available online at http://oig.hhs.gov/compliance/corporate-integrity-agreements/. Accessed November 13, 2016.
- Individual Accountability for Corporate Wrongdoing. U.S. Department of Justice, Office of the Deputy Attorney General. Published September 9, 2015. Available online at http://www.justice.gov/dag/file/769036/download. Accessed November 13, 2016.