HIM CH 10
Starklaw
(or physician self referral law) prohibits a physician from referring certain health service to "an entity in which the physician (or member of immediate family) has an ownership or investment or with which the physician has a compensation arrangement, unless and exception applies.
Exclusion Provisions
A component of the social security act, indicates that the OIG has the authority to "exclude individuals from participating in federal healthcare programs and will not pay for items or services furnished by an excluded individual or entity."
Whistleblower
A false claims statue also protects whistleblowers. The following whistleblower protections are provided to employee's who are: discharged, demoted, harassed, or otherwise discriminated against. They come out and say something is wrong. They may get a portion of the money back. They use "in qui tam actions" = "any persons or entities with idence of fraud against federal programs or contracts may file a qui tam lawsuit on behalf of the US government.
Incident report
A form used to record these unplanned or unusual occurrences in detail. Some incidents require risk management plans at the hospital strategic level, known as contingency planning.
Most important component of prevention of identity theft
An organizations plan on how to incorporate these elements in day-to-day activities by alerting staff to watch for red flags such as suspicious personal identifying information.
Abuse
CMS defines abuse as provider practices that are inconsistent with sound fiscal , business, or medical practices, and result in an unnecessary cost to the Medicaid program, or in reimbursement for services that are not medically necessary or that fail to meet professionally recognized standards for healthcare. It also includes beneficiary practices that result in unnecessary cost to the medicaid program. This is both direct and indirect practices. Common example is billing for services that are not consistent with the standards of medical necessity.
HEAT
Health Care Fraud Prevention and Enforcement Action Team) Identify fraud perpetrators and those preying on Medicare and Medicaid beneficiaries
False Claims Act (FCA)
Imposes liability on any person who submits a claim to the federal government that they know is false. The FCA prosecutes healthcare providers who demonstrate a pattern of coding for overcharging claims for payment to CMS.
Fraud
Intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. It includes any act that constitutes fraud under applicable federal or state law.
Centers for Medicare and Medicaid Services (CMS)
Is an agency of the department of Health and Human Services. They develop compliance program guidance specific to Medicare fee-for-service contractors to promote adherence to all Medicare statutory and regulatory requirements.
Identity theft
Is another component of fraud in healthcare. It is a, " fraud attempted or committed using identifying information of another person without authority. When it occurs in context of medical care, it is known as medical identity theft.
Contingency planning
Is one component of a much broader emergency preparedness process that includes items such as business practices, operational continuity, and disaster recovery planning.
Waste
It is not a legally defined term, but CMS identifies it as "over utilization, under utilization, or misuse of resources. It is not intentional or criminal.
MICs
Medicaid Integrity Contractors) Review Medicaid claims to determine potential provider waste or abuse, identify overpayments, and provide education to providers on payment integrity and quality of care issues.
MACs
Medicare Administrative Contractors) Perform prepayment reviews to ensure services provided Medicare beneficiaries are covered and medically necessary
Office of Inspector General
Mission is to protect the integrity of department of health and human services (HHS) programs, operations, and the health and well-being of the people served. The OIG'S four goals are: fight fraud, waste and abuse; promote quality and safety; secure the future; and advance innovation.
3 major categories of threats
Natural threats: (floods, earthquakes) Technical/manmade: (mechanical, biological) Intentional acts: (namely, terrorism, computer security, and such)
Corporate Integrity Agreements (CIAs)
Negotiated by the OIG with healthcare providers and other entities. "As part of the settlement of federal healthcare program investigations, providers or entities agree to the obligations in exchange for the OIG to not seek their exclusion from participation in federal healthcare programs. Remediatation activities are intended to offer providers another chance to prove they are worthy of participating in federal healthcare programs. CIA's generally do not result from unintentional errors and are imposed where there is evidence of intentional fraud.
In the United States
Noncompliance in healthcare can lead to civil or criminal penalties.
Medical Identity Theft
Occurs when someone uses another person's name or insurance information to get medical treatment, prescription drugs, surgery, or even healthcare organizations using another person's information to submit false bills to insurance companies. In order to stop this they enforce Reg Flags Rules.
The eight categories of risk:
Operational: Healthcare should follow the IOM's six aims for healthcare. Operational risks can result from inadequate or failed internal processes. Clinical/patient safety: Risks can include failure to follow evidence-based practice and errors such as medication-related mistakes, hospital acquired conditions, and serious safety events. Strategic: Risks are associated with the strategic direction of the organization. Risks include failure to adapt, health reform, customer priorities, conflicts of interest, marketing of sales, etc. Financial: Focus on financial sustainability. Risks are malpractice, insurance credit, and billing. Human capital: Workforce including retention and turnover , workers compensation, and productivity. Legal/regulatory: Risks are failure to identify and manage legal, regulatory, and statutory mandate on the local, state, and federal level. Technology: Risks with hardware or software Hazard: Risks with facility management, parking, or natural disasters.
Emergency medical treatment and labor act (EMTALA)
Otherwise known as the patient antidumping statute, was enacted by congress in 1986 as part of the consolidated omnibus budget reconciliation act (COBRA). All patients must receive care no matter what beneficiaries they have. If the hospital violates EMTALA they may be subject to a civil monetary penalty or termination from a participation agreement with CMS.
Corporate Compliance
Program desgined to help detect and prevent the violations of fraud, waste, and abuse. They assure the employee's adhere to ethical conduct, corporate compliance programs conform to the goals of the OIG.
Civil Monetary Penalties Law
Provides punitive fines imposed by a civil court to organizations that profit from illegal or unethical activities. An example would be billing for services that were not medically necessary, which is classified as healthcare abuse.
RACs
Recovery Audit Contractors) Work with a mission of reducing Medicare improper payments through detection and collection of overpayments, the identification of underpayments, and the implementation of actions that will prevent future improper payments
Reg Flag Rule
Requires many businesses and organizations to implement a written identity theft prevention program designed to detect the "red flags" of identity theft in day to day operations, take steps to prevent the crime, and mitigate its damage. The intent is to deter identity theft and have a plan in place for quick detection if suspicious activity is suspected.
Potentially compensable events (PCE)
Risk management prevents this and reduces the liability from injuries or accidents. A PCE is an event (like an accident or injury or medical error) that may result in financial liability for a healthcare organization. Organizations that have effective policies and procedures for reporting accidents and injuries have the opportunity to correct system problems before major incidents occur like saving a patient from injury or death.
Center for Program Integrity (CPI)
Serves as the central point for CMS's program integrity mission.
Internal drivers and monitoring measures:
continually reviewing fraud and abuse surveillance plans maintaining system hardware and software upgrades conducting risk assessments monitoring marketing practices enforcing policies and procedures providing prompt response to compliance issues such as reporting and findings from compliance reviews and audits Another internal driver of compliance is the proactive review of coding, contracts, repayment, and post-payment, and third party monitoring of transactions.
Healthcare Fraud Statue
identifies that it is illegal to defraud any healthcare benefit program or to obtain fraudulent funds or property by any of the healthcare benefit programs.
Anti-Kickback Statute (AKS)
makes knowingly offering, paying, soliciting, or receiving any remuneration that rewards referrals for services reimbursable by a federal program a criminal offense. The only offense exception to the statute is the Safe Harbor Regulations that describe various payment and business practices that shall not be treated as a criminal offense under the anti-kickback statutes and serve as an exclusion, such as an investment interest. In this case the AKS will not treat the arrangements as offenses.
Risk Management
process of planning, organizing, directing, and controlling resources to achieve given objectives when events are scheduled. Its purpose is to protect an organization and its assets against negative risks, including accidental losses.
OIG workplan
sets forth various projects to be addressed during the fiscal year by the Office of Audit Services, Office of Evaluation and Inspections, Office of Investigations, and Office of counsel" to the Inspecter General including projects planned by CMS. Issued at the beginning of each fiscal year.
Compliance officers
ultimately responsible for making sure employee's adhere to the code of conduct and to provide timely reporting of compliance violations. Although a distinction exists between unintentional mistakes and fraud, sound prevention and detection processes should be incorporated into compliance plans. They identify and locate primary law sources to assist in this process. The main themes from the code of conduct include: healthcare fraud, abuse, and waste.
External fraud surveillance approaches:
whistleblower incentives, data mining and data validation, working with CMS federal contractors, and other audits such as those for complaints. Some of the general government auditors are HEAT, MACS, MICS, RACS. External audits are conducted by both the state and federal governments to combat fraud and abuse, as well as to focus on improving government programs and services.