The Health Care Compliance Association (HCCA) convened its 2018 Compliance Institute (Compliance Institute) in April. Nineteen representatives from various federal health care agencies spoke at the multi-day event, including the Department of Health and Human Services (HHS) Inspector General, Daniel Levinson. Levinson and other government representatives discussed the emergence of key health care issues. The opioid crisis, electronic health record (EHR) fraud, and telehealth and telemedicine have become top government enforcement priorities for 2018.
Preventing and Enforcing Opioid Abuse
The opioid crisis garnered the most attention at the April Compliance Institute, with more than a dozen government and non-government presenters providing comments on the topic. The opioid focus did not come as a surprise since President Trump declared the opioid epidemic a public health emergency in October 2017, prompting HHS and other agencies to take action on enforcing opioid related measures. As a result, there has been an increase in legislative, regulatory, and enforcement actions at both the state and federal level. For example, Attorney General (AG) Jeff Sessions announced in January that the Drug Enforcement Agency (DEA) was increasing its focus on pharmacies and prescribers that dispense unusual or disproportionate amounts of such drugs. The AG has also created the Prescription Interdiction and Litigation Task Force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Additionally, the Department of Justice (DOJ) and the Office of Inspector General (OIG) both presented on the Medicare Fraud Strike Force’s largest ever health care fraud “take down” which involved opioid related charges. The charges were announced in July 2017 and consisted of enforcement actions against 412 defendants in 41 different judicial districts, including 115 doctors, nurses, and other licensed medical professionals. These individuals were all together responsible for over $1.3 billion in false billings. Of those charged, over 120 defendants, including doctors, were charged for their roles in prescribing and distributing opioids and other dangerous narcotics.
Addressing Electronic Health Record Fraud and Telehealth and Telemedicine Billing
The second most addressed topic at the Compliance Institute was the cyber security of protected health information (PHI). Cyber security constituted the Office for Civil Rights’ (OCR) main presentation topic, and was also alluded to in seven other presentations on cyber threats, including presentations centered on compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security standards. OCR reported that since 2009, there have been 2,178 reports of breaches affecting over 500 files and more than 300,000 reports of breaches affecting fewer than 500 files. OCR responded to over 170,000 complaints that resulted in over 25,000 corrective action measures. They are expecting about 17,000 new complaints this year. The top ten recurring issues were the following: 1) Disclosure of sensitive paper information; 2) Business Associate agreements; 3) Risk analysis; 4) Failure to manage risks; 5) Lack of transmission security; 6) Failure of ongoing auditing; 7) No patching of software; 8) Insider threats; 9) Improper disposal of records; and 10) Insufficient backup of information and contingency planning.
Several Compliance Institute sessions also focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws. The DOJ provided statistics that indicated the continuing increase in the number of qui tam cases from 426 cases in 2015 to around 500 cases in 2017. The qui tam cases averaged about $2.5 billion per year in settlements. Further, new cases were reported on Meaningful Use Program fraud while additional cases of this type remain in the investigation process.
The DOJ and OIG also reported on their increased enforcement actions in the areas of telehealth and telemedicine. Currently, most of the cases focus on claims billed for services that do not qualify as telehealth or telemedicine. Since Medicare only covers certain services in these areas, providers should carefully follow the Centers for Medicare and Medicaid Services (CMS) guidance on what services are covered, and under what circumstances.
Emerging Health Care Compliance Issues for 2018
These government enforcement priorities, taken together with the 2018 Compliance Benchmark Survey (Survey) results, provide us with interesting insights regarding emerging health care compliance issues. The Survey results did not mention the opioid crisis since it was just becoming a national issue at the time the Survey was conducted. However, HIPAA Security and cyber security issues were listed as compliance officers’ highest priorities. The DOJ and OIG’s primary regulatory and enforcement priority remains targeting corrupt arrangements with referral sources, even though this area only ranked fifth in priority for survey respondents. The other major and continuing enforcement priority relates to claims submissions, which compliance officers ranked as their third highest priority.
Our Compliance Experts Can Help Support Your Program
Strategic Management Services has experts with over 40 years of experience managing and assessing health care compliance programs. If you would like to speak to one of our consultants about your organization’s individual needs, contact us online or give us a call at (703) 683-9600.Subscribe to blog