A knock on your door: What does the government want from providers? Autumn 2006


A knock on your door: What does the government want from providers?

Feature Story , Massachusetts Medical Law Report, Autumn 2006
  
 
By Paul Cirel

Not many days go by that I don't hear from a health care provider who has just been contacted - or worse yet, visited - by government agents, demanding the production of medical charts, billing and payment ledgers, appointment books, and/or every other sort of record that providers regularly maintain.

With any luck, the question the provider asks is, "What should I do?" Often, it's "What should I have done?" Either way, the unfortunate truth is that too few heath care providers recognize that they are engaged in the most heavily regulated business in America. Fewer still know who the regulators are, or what to do when contacted by them.

This primer offers a little guidance, but not much solace, on both of those issues. (See accompanying story, "Answering the door when regulators knock," below.)

Whenever there is a knock at the door, two questions immediately come to mind: "Who's there?" and "What do you want?" When it's someone from the government who has come knocking, those two questions are even more important.

There is a veritable alphabet soup of health care regulators and weaponry: CMS (the Centers for Medicare and Medicaid Services); DMA (Division of Medical Assistance); OIG (Office of the Inspector General); MFCU (the Medical Fraud Control Unit); the AGO (Attorney General's Office); the DOJ (Department of Justice); and, well, you get the picture.

The common thread is that any regulator will surely want records, and they will probably want to talk. Before even thinking about answering the door, we need to step back and focus on why the regulators are knocking in the first place.


Fraud and abuse

The main watchwords for the government's oversight of the health care industry are "fraud and abuse."

In theory, fraud and abuse are distinguishable concepts.

Under federal regulations, "fraud" is defined as an intentional deception or misrepresentation, made with the knowledge that it could result in an unauthorized health care benefit or payment. "Abuse" is defined as practices that are inconsistent with sound fiscal, business or medical practice, which result in unnecessary costs or reimbursement for services that are either not medically necessary or were rendered below recognized professional standards.

In practice, however, there are few, if any, "abusive" practices that would not be considered fraudulent if you added the very subjective element of intent. As a result, there are no easy distinctions to be made.

Consider, for example, billing for services that were never rendered versus billing for unnecessary levels of medical evaluation and management services. Depending on the government's assessment of intent, each of those situations can be - and has been - the basis of anything from simple recoupment of overpayment to the foundation of a criminal prosecution.

In short, like Sam and Eric - the twins in "Lord of the Flies" who melded into the single being, Samneric - "fraud and abuse" has become "fraudnabuse," a single but amorphous concept describing any practice which exposes a health care provider to liability under any health care reimbursement law or regulation.

Indeed, providers should recognize that the fact that such specialized laws have been enacted - at both the state and federal level - is itself sobering proof of the depths to which the government thinks it necessary to monitor the health care industry.

Long before the current focus on health care took root, there were laws on the books that seemed adequate enough for the criminal and civil enforcement of any matter involving larceny or fraud, false claims or misrepresentations or obstruction of justice.

Now, those general laws have been augmented - if not supplanted - by specifically designed statutes aimed at prosecuting fraud and abuse in virtually every government sponsored and private health care program.


Panoply of statutes

The key aspects of all of these statutes are quite similar.

Generally, each requires some element of intent (i.e. that the conduct was engaged in "knowingly" or "willfully") and that a reimbursement claim (or statement or representation) was false in some material way.

In the context of a health care claim, materiality usually relates to an aspect of the provider's claim that impacts how much should be paid or whether it should be covered at all. Such factors might include the CPT code description of the service billed, the date, the location of the service or the skill/training of the provider.

These statutes also apply to non-providers who "cause false statements to be made." Thus, support staff who make erroneous entries on charts, superbills or travel cards that are then routed to the billing department to generate a claim also fall within the statutes' reach.

Bills don't even have to be false to prompt an investigation and prosecution.

In at least one case brought under the Medicare and Medicaid False Claims statute, the literal accuracy of the claim was not a defense. In that case, a physician was criminally convicted because the government believed that a less expensive procedure code would have been more accurate, even though the CPT code used was technically accurate in describing the service provided.


Anti-kickback

No discussion of specialized health care enforcement statutes would be complete without reference to the anti-kickback law.

The anti-kickback law was intended to ensure that all referrals be based on factors of medical necessity, skill and suitability, and not because of an economic or other business relationship between providers.

Well-intentioned as it may be, the law paints with a very broad brush. It prohibits soliciting or receiving remuneration to induce - or in exchange for - the ordering, referring or purchasing of any item or service that is reimbursable by Medicare or Medicaid. Remuneration generally means an economic benefit, and any remuneration will do. So, for example, real estate or equipment leases that are deemed to be below market value, a reduced rate for administrative or billing services and low interest loans have all been found to be prohibited forms of remuneration. So, too, have vacations, video equipment and sports tickets.

For purposes of the anti-kickback statute, the inducement of referrals need not be the only, or even the primary purpose of remuneration for it to become a kickback. Even where there are other, justifiable reasons for something of value to have been exchanged (like wanting to do business with a known and trusted colleague), if one purpose was to induce business, it violates the law.


False claims

In civil fraud and abuse cases, which are generally brought under the False Claims Act, the government's burden of proving intent is greatly reduced for two reasons.

First, as you probably know, civil cases only require proof by a "preponderance of the evidence" (legalese, meaning that something is more likely than not), as opposed to the much more exacting "beyond a reasonable doubt" standard required in criminal cases. What you probably don't know is that the civil false claims statute stacks the deck in the government's favor. The statute defines "knowingly" to include not just actual knowledge, but also what it calls "deliberate ignorance" or "reckless disregard" for the truth.

What does that mean? Well, you know those provider bulletins, newsletters and carrier manual updates that come rather endlessly in the mail? Study them carefully, because not keeping up with them is considered to be either deliberate ignorance or reckless disregard for what they say.

"But I am too busy to keep up with all that paperwork and besides, I am a good person who certainly didn't mean to defraud the government" you say? Sorry, because the civil false claims statute says: "[N]o proof of specific intent to defraud is required."

Believe it or not, there are even worse provisions of the Act. It permits private persons who claim unique knowledge of a past or present fraud (read: disgruntled employees, former business partners or competitors) to bring a civil action in the name of the government. Such whistleblower - or qui tam - suits are quickly becoming the most commonly used weapon in health care enforcement. (For a more detailed story on these cases, see Massachusetts Medical Law Report, Winter 2006, "Health care whistleblower claims on the rise.")

Why have they flourished? Successful qui tam plaintiffs are entitled to 15-30 percent of any monetary recovery by the government, including not just the recoupment amount, but also penalties of up to $10,000 for each individual false statement and triple the entire amount of damages.

Here's how it works: The whistleblower - called a "relator" - files the complaint in federal court, under seal. That means that it is not a public document and not even the defendant is served a copy of the complaint. Instead, the relator provides the complaint - along with a disclosure statement of the allegations and evidence he or she is aware of - to the government.

The complaint remains under seal while the United States Attorney's Office (often aided by OIG) investigates the allegations. Technically, the government has 60 days to review the complaint, but that time limit can be - and routinely is - extended by the court.

The purpose of the review is to allow the government to evaluate whether the allegations have merit. If the government determines there is merit, it will intervene and take over the prosecution from the relator who then sits back and waits to collect. These suits frequently remain under seal for several months - even years - while the government investigates.


The government 'knocks'

Whether it's a qui tam complaint, allegations brought to the government's attention from another source or suspect billing patterns, the methods of investigating presumed fraud and abuse do not vary much, and sooner or later they include making contact with the provider.

That contact may come in the seemingly innocuous form of a notice of audit or it may be an unsettling surprise visit from OIG/ DMA/MFCU investigators.

More concerning are subpoenas for records and testimony to be given to a grand jury or federal agent. Downright terrifying is the execution of a search warrant at the provider's office.

All occur more often than many providers imagine and, regardless of how or when that first contact comes, the investigation started well before the government arrived.

By the time that first contact comes, questionable billing patterns and claims have already been targeted and analyzed. If the investigation was generated by an outside person, that individual will have been interviewed, along with others the investigators reasonably believe will maintain secrecy until they are ready to contact the provider.


Answering the door when regulators knock
A primer for physicians on responding – carefully

When regulators come knocking, the most common type of contact is a notice of audit.

Just like there is no such thing as a routine traffic stop, there is no such thing as a routine audit. When CMS (the Center for Medicare and Medicaid Services) or the OIG (Office Inspector General) or DMA (Division of Medical Assistance) sends a request for certain patients' medical records, the provider should assume there is a common denominator to those claims that leads the government to suspect fraud or abuse.

Of course, not responding is not an option. Failure to respond will result in the withholding of payments, debarment and the service of a subpoena for the same (and probably more) records.

One piece of good news is that extending the deadline for responding is usually an option, and more time is almost always necessary to make a thorough and informed response.


Complete records

The first task in preparing to respond to an audit is to ensure that the records are complete. The only way to do that thoroughly is to compare each medical record with its corresponding billing record. Remember, those billings are where the government's investigation began.

A sample checklist before sending in any records might include: Is there a note for each visit? If a lab test or X-ray was ordered, is the report in the chart? If a consult was billed, is there a report to the referring physician? If a referral was made, is there an entry documenting it?

A couple of notes of caution in producing records. First and foremost, never create or alter a missing or wanting entry or document.

Nothing will lead more quickly to an obstruction of justice prosecution than the production of tampered records. If the records are less than thorough, the provider can address those issues in a cover letter or addendum that explains and provides the missing information. If that becomes necessary, such additional information should be submitted only with the assistance of counsel.

Second, audit requests frequently ask for particular dates of service rather than complete medical files. Those requests can be traps for the unwary.

Of course, medical records - and a physician's knowledge of a patient - are cumulative in nature. As a result, isolated entries may not adequately reflect the complexity of the patient's medical history or the physician's medical decision making, both of which affect which evaluation and management service level was billed.

Isolated service dates also run the risk of overlooking relevant test results, X-ray reports or consultations. So, while less is usually best when dealing with the government, this may be an instance where a provider is better served by producing more documents than requested. Of course, that, too, is a decision best made with the assistance of counsel.

One last point in responding to an audit. If at all possible, do not produce original records and make copies if you must do so.


Surprise visits

What if investigators show up, without a warrant, asking to look at records and to speak with you? This much is certain: It's not because they just happened to be in the neighborhood.

They have an agenda and, if they did not call first to make an appointment, it also includes the element of surprise. This is a situation in which the answer to "Who's there?" matters a lot.

By law, OIG and MFCU (Medical Fraud Control Unit) investigators are entitled to "immediate access" to a provider's office to examine records. Failure to grant such access can result in program exclusion and/or payment withholding.

However, "immediate" means within 24 hours - not the moment they arrive. And examining records means examining records; it does not mean conducting interviews. Also, the request to examine records must be in writing, even if it's delivered in person.

Faced with a surprise visit, the prudent provider will not answer any questions, but will politely explain that it is a bad time, and ask to schedule a return appointment at the investigator's convenience (within 24 hours if they so request). The provider should then immediately call a lawyer.

At that point, ground rules can be established for the return visit. For starters, the provider should explain that investigators' presence during office hours could compromise patient care (and HIPAA confidentiality), and that they should come back during non-patient hours - even if it means in the evening.

That is a hard request to turn down, and may well result in leaving more than 24 hours to prepare.

Second, request a list of the records to be examined in advance. If they provide the list, it will allow an abbreviated review for completeness and perhaps some advanced insight into their agenda. If they decline to provide a list, insight of a different sort will be gained.

Regardless, investigators are not entitled to unfettered access to records or to the office.

They do not have carte blanche to rummage through patient files. Rather, they can only examine specifically identified patient charts. Also, they can be limited to an isolated location because, while the investigators are entitled to examine Medicare and Medicaid patient records, the provider is obliged to ensure the confidentiality of all other patient records.

Finally, investigators are allowed to examine and copy records, but not to remove originals. Likely, they will bring their own portable copy machine. Regardless, it is important to keep track of every record they examine.


The subpoena

More common than a surprise visit is the receipt of a subpoena. That is especially so since the advent of HIPAA, which authorizes the DOJ (the Department of Justice) to issue administrative subpoenas. Previously, subpoenas could only be issued on behalf of a grand jury as part of a criminal investigation.

On the state level, the Massachusetts Attorney General's office has increasingly been using its own administrative subpoena powers - called civil investigative demands (CIDs) - in state matters that have not percolated to the grand jury level.

Whether issued administratively or through a grand jury, subpoenas can compel the production of far more than medical charts.

At a minimum, they often include billing and payment ledgers, payroll accounts, bank records, appointment books and vendor files. Such subpoenas are usually directed to a "keeper of records" who is also required to provide testimony to authenticate the records.

Subpoenas almost always signal a well-developed and targeted investigation, and the only sensible response is to immediately contact counsel (who will likely be able to negotiate some relief, if only in time and volume).

If there's one thing a provider should not do upon receiving a subpoena, it is to call the investigator or prosecutor whose name and number is often on the cover sheet before consulting an attorney.


Search warrants

The most serious and intrusive investigative contact the government can initiate is a search warrant.

Search warrants must be approved by a judge, based on a sworn affidavit by law enforcement personnel detailing why they believe it is likely that a crime has been committed and that evidence of that crime will be found in the location to be searched.

In health care fraud and abuse investigations, a search warrant usually suggests the presence of an informant or qui tam relator with recent and fairly intimate knowledge of the office.

Such a warrant also suggests that the government has alleged exigent circumstances; e.g., that if the records were simply subpoenaed they would be altered or destroyed by the provider beforehand.

If law enforcement officers show up with a search warrant, counsel must be contacted immediately. Make no attempt to interfere with the search but, at least until counsel arrives, be watchful.

Warrants do contain limits, including: The precise physical area to be searched, the materials that the agents are authorized to seize; the time frame, including the number of days after the issuance in which it must be executed, and the time of day (usually, between 6 a.m. and 10 p.m.) during which it must be served.

That is not to suggest that a provider engage in any substantive communication with the agents executing the search. Warrants do not compel answers to any questions, and no information should be volunteered.

Also, search warrants do not authorize government agents to detain anyone, and employees are therefore free to leave. But, while search warrants do not authorize interviews, neither do they prevent them.

In other words, employees can agree to be interviewed, and under no circumstances should they be instructed not to be. Instead, it is best left to counsel to provide the employees with information about their rights.

In the meanwhile, the provider should do no more than keep track of who was interviewed and, if possible, what was said. At the conclusion of the search, the agents are required to leave an inventory of every item seized.


One final word

Of course, not every fraud and abuse audit investigation or prosecution results in a penalty, sanction or conviction.

But they all do produce a fairly high level of anxiety and frequently a need to overcome an ill-conceived first step by the provider.

All too often that initial contact is mishandled because, other than thinking it can't happen to me, the provider had never thought about what to do if it did happen.

You should think about it because, to paraphrase Hyman Roth, this is the business you've chosen.

Paul Cirel is a partner at Dwyer & Collora in Boston. He focuses his practice on the representation of health care professionals including individual physicians, corporate providers and group practices.

 

--------------------------------------------------------------------------------

Lawyers Weekly, Inc., 41 West Street, Boston, Massachusetts, 02111, (800) 444-5297
© 2006 Lawyers Weekly Inc., All Rights Reserved.