OIG Releases Semiannual Report to Congress – On May 28, 2021, OIG released its Semiannual Report to Congress (the Report). The Report describes OIG’s work during the 6-month semiannual reporting period of October 1, 2020, through March 31, 2021 (the Semiannual Reporting Period). Principal Deputy Inspector General Christi Grimm highlighted that OIG is “aggressively investigating pandemic-related fraud that harms individuals and jeopardizes public health efforts.”
The Report highlights OIG’s audit and investigation activities. During the Semiannual Reporting Period, OIG issued 95 reports in which HHS programs were audited and evaluated to improve efficiency and effectiveness, with an emphasis on preventing fraud and abuse. These reports identified $566.46 million in expected recoveries. The audits identified: costs which were not supported by adequate documentation; expenditures where the intended purpose was unnecessary or unreasonable; and expenditures which were questioned by OIG because of an alleged violation. OIG’s audit work additionally identified $919.97 million in potential savings for HHS, should HHS implement the entirety of the OIG’s 228 audit and evaluation programs. Further, OIG worked with the DOJ, Medicaid Fraud Control Units, and other Federal, State, and local law enforcement agencies to investigate and prosecute fraud. This investigative work led to $1.37 billion in expected investigative recoveries and 221 criminal actions during the Semiannual Reporting Period.
OIG has additionally implemented methods to promote HHS’s COVID-19 response and recovery. During the Semiannual Reporting Period, OIG: (1) analyzed onsite surveys of nursing homes during the pandemic and identified opportunities for infection control and ways to improve overall care provided to patients; (2) conducted a survey of hospitals to conduct an evaluation of how health care delivery was strained due to COVID-19; (3) partnered with six federal OIGs to analyze COVID-19 testing, including the amounts paid by Medicare Part B for these tests; and (4) alerted the public about various types of fraudulent schemes relating to COVID-19.
During the Semiannual Reporting Period, OIG found that the pandemic may be placing Medicaid beneficiaries at a greater risk of opioid misuse or overdose, as during the first 8 months of 2020, at least 5,000 Medicare Part D beneficiaries per month suffered opioid overdoses. OIG stressed that it is essential that CMS and HHS monitor trends in prescriptions for drugs for medication-assisted treatment and naloxone and take appropriate actions if the number of prescriptions begins to fall off.
The Report details specific administrative actions, public health reports, and reviews on improper payments for Medicare and Medicaid services during the Semiannual Reporting Period. OIG provides several recommendations including, but not limited to:
CMS should conduct targeted reviews of Medicare Severity Diagnosis Related Groups (MS-DRGs) and stays that are vulnerable to upcoding, as well as the hospitals that bill them more frequently;
In response to the COVID-19 pandemic, CMS should: (1) assess the results of infection control surveys in nursing homes and revise the surveys as appropriate; (2) work with the States to help overcome challenges with PPE and staffing, and (3) clarify expectations for States to complete backlogs of standard surveys and high-priority complaint surveys;
CMS should take steps to provide data to consumers regarding nursing staff turnover and take additional steps to strengthen oversight of nursing home staffing; and
CMS should work with states to expand alternative reimbursement models to address the rising costs for drugs categorized as specialty drugs.
Moreover, OIG found that in February 2021, hospitals reported that operating in “survival mode” for extended periods of time has resulted in new challenges in health care delivery, access and health outcomes. In particular, hospitals have reported that staffing shortages have impacted patient care, and exhaustion and trauma have affected staff’s mental health. Many hospitals also continue to report financial instability due to increased pandemic-related expenses and lower revenues from the decreased use of other services. OIG noted that this survey reveals longer-term opportunities for improvement to address challenges that existed before and were ultimately exacerbated by the pandemic.
The Semiannual Report is available here.
Reporter, Jennifer Siegel, Washington D.C., +1 202 626 5595, email@example.com.
OIG Provides Additional Guidance Regarding Application of Administrative Enforcement Authorities to Arrangements Directly Connected to the COVID-19 PHE – On May 24, 2021, OIG provided additional guidance in the form of an FAQ as to whether an offer or provision of cash, cash-equivalent, or in-kind incentives or rewards to Federal health care program beneficiaries who receive COVID-19 vaccinations during the PHE violate OIG’s administrative enforcement authorities (the May 2021 FAQ Guidance).
OIG typically expresses concerns regarding the provision of anything of value to Federal health care program beneficiaries intended to induce the utilization of reimbursable items or services-remuneration. In the May 2021 Guidance, OIG states that it is aware that healthcare providers and entities are offering “incentives and rewards” to individuals who receive the COVID-19 vaccine. Such rewards include food, concert tickets, and cash. OIG acknowledges that “certain incentives and rewards may promote broader access to and uptake of COVID-19 vaccinations.”
In the limited context of the COVID-19 PHE, OIG states that an arrangement whereby a provider, supplier, or managed care organization offers a Federal healthcare program beneficiary receiving the COVID-19 vaccine dose a reward or incentive, is a “low risk” arrangement under the Federal Anti-Kickback Statute and the civil monetary penalty laws (CMP Laws) if the following safeguards are met:
the incentive or reward is furnished in connection with receiving a required dose of a COVID-19 vaccine (which could include either one or two doses, depending on vaccine type);
the vaccine is authorized or approved by the FDA as a COVID-19 vaccine and is administered in accordance with all other applicable Federal and State rules and regulations and the conditions for the provider or supplier receiving vaccine supply from the Federal government;
the incentive or reward is not tied to or contingent upon any other arrangement or agreement between the entity offering the incentive or reward and the Federal health care program beneficiary;
the incentive or reward is not conditioned on the recipient’s past or anticipated future use of other items or services that are reimbursable, in whole or in part, by Federal health care programs;
the incentive or reward is offered without taking into account the insurance coverage of the patient (or lack of insurance coverage) unless the incentive or reward is being offered by a managed care organization and eligibility is limited to its enrollees; and
the incentive or reward is provided during the COVID-19 public health emergency.
OIG also emphasized that incentives and rewards currently offered to Federal health care program beneficiaries who receive the COVID-19 vaccine and are paid for by entities that are not affiliated or connected with any health care industry stakeholder have minimal risk under the Federal Anti-Kickback Statute, and to the extent it is implicated, the CMP Laws. OIG is continuing to accept additional inquiries regarding the application of its administrative enforcement authorities.
Reporter, Michelle Huntsman, Houston, +1 713 751 3211, firstname.lastname@example.org.
Home Health Agency Unable to Block HHS From Recouping $2.8 Million in Alleged Overpayments – An Arizona District Court judge held last week that the court lacked subject-matter jurisdiction over a home health agency’s (HHA) procedural due process claim because the HHA had failed to present its claim to HHS first and had not exhausted its administrative remedies before seeking judicial review. The court granted the HHS Secretary’s motion to dismiss and denied the HHA’s motion for preliminary injunction.
While waiting for an Administrative Law Judge (ALJ) hearing, the Arizona-based HHA filed a complaint alleging a procedural due process violation and motion for preliminary injunction in federal court to stop HHS from recouping approximately $2.8 million in alleged overpayments while the HHA awaited an ALJ hearing. Due to a backlog of Medicare appeals, the wait time for an ALJ decision is approximately three to five years. Once a qualified independent contractor affirms the Medicare Administrative Contractors’ initial coverage determination and before the ALJ renders a decision, HHS can recoup overpayments from a provider. The HHA in its complaint alleged a procedural due process violation based on the statutory requirement that an ALJ hearing must be provided within 90 days of a request and sought a stay of the Secretary’s recoupment of overpayments before the ALJ hearing.
The Secretary must issue a “final decision” before a federal court has subject-matter jurisdiction over claims arising under the Medicare Act pursuant to 42 U.S.C. § 405(g). In Matthews v. Eldridge, 424 U.S. 319 (1976), the Supreme Court stated that a “final decision” has two conditions: (1) a nonwaivable element that the claim must be presented to the Secretary (the presentment requirement) and (2) a waivable element that the administrative remedies must be exhausted (the exhaustion requirement).
The first issue that the court addressed was whether the HHA presented the claim to the Secretary. The defendant argued that the HHA did not present its constitutional due process claim to the Secretary and the HHA argued that it only needed to present its overpayment claim not its constitutional claim to the Secretary. Both parties’ arguments were based on conflicting interpretations of the Ninth Circuit’s decision in Haro v. Sebelius, 747 F.3d 1099 (2014). The HHA argued that it did not need to bring its procedural due process claim because a constitutional claim is different from the claims against an agency’s policies that were raised in Haro and required to be presented to the agency first. Ultimately, the court found this argument unpersuasive and held that the HHA’s due process claim was collateral to its overpayment claim and, therefore, must be presented to the agency before being brought in federal court. The court noted that other circuits, including the Fifth Circuit, have found that the federal court has jurisdiction over due process claims similar to the HHA’s constitutional claim, but that the district court was bound by the Ninth Circuit’s limiting interpretation of the Eldridge presentment requirement set forth in Haro.
The court also held that even if the HHA had met the presentment requirement, the court still lacked jurisdiction because HHA had not met the second and third prongs of Eldridge’s three part test for waiving the administrative exhaustion requirement – making a colorable showing that denial of relief would cause the HHA irreparable harm and futility of pursuing administrative remedies. The HHA argued that it would face irreparable harm if the overpayment amount was recouped before the ALJ hearing because it would face bankruptcy. Although the HHA asserted in its pleadings that it would face certain bankruptcy and have to lay off its staff while awaiting the ALJ hearing, the court found that the HHA’s failure to apply to CMS for an extended repayment plan and not providing the court with financial statements or evidence of impending financial ruin undercut HHA’s showing of irreparability. In addition, the court noted that the HHA’s decision not to escalate its appeal and bypass the ALJ backlog further undermined the HHA’s argument that the administrative appeals process would be futile and cause irreparable harm.
A copy of the opinion is available here.
Reporter, Taylor Whitten, Sacramento, +1 916 321 4815, email@example.com.
Clinical Laboratory Agrees to Settlement with HHS for Potential HIPAA Security Rule Violations Despite Not Being Involved in Data Breach – On May 25, 2021, HHS announced that Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), agreed to a $25,000 settlement and adoption of a comprehensive Corrective Action Plan for potential violations of the HIPAA Security Rule. Peachstate is a CLIA-certified laboratory that provides diagnostic and laboratory tests, including clinical and genetic testing. HHS initiated a HIPAA compliance review of Peachstate following a data breach involving Peachstate’s affiliate. Peachstate ultimately settled with HHS despite not being involved with the data breach that prompted the compliance review.
A data breach of unsecured PHI by Peachstate’s merger-partner, Authentidate Holding Corporation (AHC), triggered the Peachstate compliance review. On January 7, 2015, the Department of Veteran Affairs reported a data breach involving a telehealth services program managed by its business associate, AHC. On August 31, 2016, HHS initiated a compliance review of AHC to determine its compliance with the HIPAA Privacy and Security Rules related to the data breach. During the compliance review of AHC, HHS learned that AHC and Peachstate entered into a “reverse merger” in January 2016, whereby AHC acquired Peachstate. HHS then decided to conduct a review of Peachstate’s laboratories to assess their compliance with the HIPAA Privacy and Security Rules.
During the compliance review, HHS “found systemic noncompliance with the HIPAA Security Rule” and determined that Peachstate failed to:
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI;
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level identified in its risk analysis or assessment;
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic PHI; and
Maintain documentation of policies and procedures to comply with the HIPAA Security Rule standards.
As a result of the compliance review, Peachstate agreed to a $25,000 monetary settlement and to adopt a comprehensive three-year Corrective Action Plan, which includes:
Conducting an enterprise-wide risk analysis;
Reviewing and revising written policies and procedures, subject to HHS review and approval;
Distributing the HHS-approved written policies and procedures to its workforce;
Providing HIPAA training for each workforce member who has access to PHI; and
Designating an individual or entity to monitor and review the entity's compliance with the Corrective Action Plan.
Peachstate did not admit to liability under the settlement terms. The HHS Resolution Agreement and Corrective Action Plan are available here.
Reporter, Dennis Mkrtchian, Austin, +1 512 457 2068, firstname.lastname@example.org.
Also in the News:
Chambers USA Recognizes King & Spalding With Top Rankings in 2021 Guide — Chambers USA has recognized King & Spalding as having one of the top healthcare practice groups in the United States in its annual guide. The firm was ranked among “The Elite” nationwide healthcare practices, with a Band 2 nationwide ranking. The firm also earned Band 1 practice-group rankings in Georgia, Texas, and Washington, D.C., as well as a Band 3 ranking in California. A total of eighteen King & Spalding lawyers received individual rankings in healthcare. Rob Keenan, Mark Polston, Phillip Street, and Rick Zall each earned a Band 1 individual ranking in their respective markets. Other lawyers earning individual rankings include Jim Boswell, Steve Goff, Catherine Greaves, Tom Hawk, Dan Hettich, Stephanie Johnson, Chris Kenny, Juliet McBride, Mike Paulhus, Kathy Poppitt, Adam Robison, Kristin Roshelli, Kim Roeder, and Craig Smith. Across all practice groups, the firm earned a total of 65 practice group rankings and 179 individual lawyer rankings. King & Spalding’s press release announcing the rankings is available here.