Avoiding the Pitfalls of Fraud, Waste & Abuse Compliance
Download
Report
Transcript Avoiding the Pitfalls of Fraud, Waste & Abuse Compliance
MPA Winter CE + Ski
January 12th, 2014
Jason Walker-Crawford, R.Ph. – PAAS National®, Inc.
Learning Objectives
Discuss the Medicare Part D requirements for Fraud,
Waste & Abuse Compliance (FWAC).
Discuss penalties for non-compliance with FWAC.
Provide advice and tools for pharmacies to meet
compliance requirements.
History of FWAC
Federal False Claims Act (FCA)
Enacted post-Civil War
Heavily amended in 1986
Amended multiple times
Criminal felony to submit a false claim for payment from
Federal funds
Medicare, Medicaid, TriCare, Federal Employee Program
(FEP), grants, etc.
Includes making or using a false statement
History of FWAC
FCA cont.
Criminal penalties
Civil Money Penalties (CMPs)
Up to treble (triple) damages
Qui Tam provisions
Incentives of up to 30% of settlement or judgment may be
awarded to whistleblowers
Protections in place to protect whistleblowers from retaliation
of any kind
Pharmacist as Whistleblower
Bernard Lisitza – former independent pharmacy
owner and pharmacist
Worked for Omnicare
Also did temp work at CVS and Walgreens
Filed multiple Qui Tam lawsuits against Omnicare, CVS,
Walgreens and Johnson & Johnson
Lawsuits have recovered billions of dollars in Federal
funds
Has been awarded more than $31 million
History of FWAC
Federal Anti-Kickback Statute
42 U.S.C. § 1320
Effective 1972
Prohibits providing or receiving a “kickback” for referral
of any product or service paid by Medicare or Medicaid
Any remuneration
Safe Harbors
5 years in prison
Fines up to $25,000
CMPs up to $50,000
Exclusion
History of FWAC
Anti-Kickback Statute cont.
OIG maintains list of Safe Harbor regulations
More than 20 published
Must follow regulations exactly to be “safe”
OIG will provide advisory opinions in situations that do
not meet regulations
Based on facts provided
Only opinion
Doesn’t mean practice is legal
OIG likely not to prosecute
History of FWAC
Stark Statute
42 U.S.C § 1395nn
“Stark I” – OBRA 1989
“Stark II” – OBRA 1993
AKA Physician Self-Referral Law
Prevent financial incentives for unnecessary medical
services
Prohibits ordering or referring medical services with a
financial incentive (ownership)
Provides for CMP and treble damages
Violation of Stark/Anti-Kickback
NY medical practice – 2013
Agreed to pay $1,140,260
Paid remuneration to patients in the form of “points”
Points redeemable under program for additional
medical services and products
History of FWAC
Public Law 104-191, Health Insurance Portability and
Accountability Act (HIPAA) of 1996
Established the Health Care Fraud and Abuse Control
(HCFAC) Program
Public and private health care
Under joint direction of the Department of Health and
Human Services (HHS), Office of the Inspector General (OIG)
and the Attorney General
Coordinates Federal, State and local law enforcement
History of FWAC
Medicare Modernization Act (MMA) of 2003
Created Medicare prescription drug program (Part D)
Requires plan sponsors to have a compliance program
Covers general compliance and FWAC
Plan sponsors must assure that their employees, contractors
and first-tier, downstream and related entities (FDRs) meet
requirements
Pharmacies are FDRs
History of FWAC
Deficit Reduction Act (DRA) of 2005
Enhanced the Federal False Claims Act (FCA)
Provides financial incentives to States to pass their own
FCA
Required FWAC requirements for any entity with $5
million or more in revenue per year from Medicaid
History of FWAC
MT False Claims Act
MT Code Ann. §§ 17-8-401 through 17-8-413
Originally enacted 2005
Amended 2009 and 2013
Approved by OIG October 24th, 2013
OIG approval provides incentive to State
Min penalty of $5,500 up to $11,000 per incident
Two to three times damages (claim amount)
Costs
History of FWAC
American Recovery and Reinvestment Act (ARRA) of
2009 (Stimulus)
Health Information Technology for Economic and
Clinical Health (HITECH) Act
Enhanced HIPAA
Introduced Breach Notification requirements
Increased CMPs
Up to $1.5 million per violation per year
Omnibus Final Rule
Effective March 26th, 2013
History of FWAC
Health Care Fraud Enforcement and Action Teams
(HEAT)
Began May 9, 2009
http://www.stopmedicarefraud.gov
CMS, FBI, DEA, OIG, State and local law enforcement
Medicare Fraud Strike Force, nine cities
Baton Rouge, LA; Brooklyn, NY; Chicago, IL; Dallas, TX;
Detroit, MI; Houston, TX; Los Angeles, CA; Miami-Dade, FL;
Tampa Bay, FL
In 2011, HEAT coordinated fraud takedown of $530
million in fraudulent billing
History of FWAC
Patient Protection and Affordable Care Act (ACA) of
2010 (Obamacare)
Expanded the Recovery Audit Contractor (RAC)
program to include Medicaid and Medicare Part C and
D
Additional $350 million to fight FWA
Expected to be budget neutral
FWA Recovery ≥ Enforcement Cost
History of FWAC
ACA Cont.
Increased provider/supplier review
Site visits, background checks, licensure checks,
fingerprinting
False applications may lead to exclusion from all Federal
programs
Medicaid termination for unpaid overpayments
Suspension of payments if fraud is expected!
What’s the big deal?
Why are there some many different laws all about
FWA?
It’s all about the money!
Health Care Expenditures
In 2012, health care expenditures have been estimated
to be $2.82 trillion = 17.6% GDP
In 2020, health care expenditures are projected to be
$4.6 trillion = 19.8% GDP
Fraud is estimated to be 3-10% of total dollars spent
(National Health Care Anti-Fraud Association/FBI)
Waste is estimated to be 20-30% of total dollars spent
(HHS-OIG Daniel Levinson, Inspector General – Keynote address 2012
Health Care Compliance Associations)
HHS Announces Record Breaking
Recoveries – February 11, 2013
Joint efforts to combat Health Care Fraud resulted in a
record $4.2 billion in 2012
ROI of $7.90 per dollar spent over last 3 years
Enforcement efforts have recovered $14.9 billion in the
last four years, compared to $6.7 billion over the prior
four years.
OIG Semiannual Report to
Congress – Spring 2013
First half of FY 2013 (October 2012 – March 2013)
Recoveries of $3.8 billion
1,661 new individuals or entities excluded from Federal
programs.
What is Fraud?
Knowingly and willfully executing, or attempting to
execute, a scheme or artifice to defraud any health care
benefit program or to obtain (by means of false or
fraudulent pretenses, representations, or promises)
any of the money or property owned by, or under the
custody or control of, a health care benefit program.
18 U.S.C. Section 1347
Examples of Possible Fraud
Intentionally submitting false information in order to
get money or a benefit
Billing for items that were not purchased or picked up
Prescription forging, altering or shorting
Switching to a more expensive dosage form to increase
the amount of reimbursement
Submitting claims for entire amount on partial fills
were the balance is not picked up
Chain Drug Store
settles for $35 million
In 2008 a major drug chain settled for $35 million for
switching Medicaid patients from tablets to capsules
of the same drug to increase the amount they were
reimbursed
Another major drug store chain paid $21.1 million to
settle the same claim for submitting more expensive
Ranitidine capsules instead of tablets
The qui tam plaintiff received $4.3 million for his share
of the federal and state settlement
What is Waste?
Waste is the overutilization of services, or other
practices that, directly or indirectly, result in
unnecessary costs to the Medicare program. Waste is
generally not considered to be caused by criminally
negligent actions but rather the misuse of resources.
(CMS, Prescription Drug Benefit Manual Chapter 9 –
Compliance Program Guidelines, Section 20)
Waste is a misuse of resources or to spend carelessly
Examples of Possible Waste
Overbilled quantities – submitting for a quantity larger
than what is allowed by the plan or ordered by the
prescriber
Dispensing a 90 day supply that is discontinued after
30 days
Billing an incorrect day supply resulting in the patient
receiving a larger quantity than allowed
Dispensing a 60 gram tube of ointment when a 15 gram
tube would be sufficient
Auto-refills when the previous supplies not exhausted
What Waste Looks Like
$11,000 of
unused
medication
from mail
order
What is Abuse?
Abuse includes actions that may, directly or indirectly
result in: unnecessary costs to the Medicare program,
improper payment, payment for services that fail to
meet professionally recognized standards of care, or
services that are medically unnecessary. Abuse
involves payment for items or services when there is no
legal entitlement to that payment and the provider.
Abuse may involve obtaining an improper payment,
but does not require the same intent and knowledge as
fraud.
Examples of Possible Abuse
Using an override code to force a claim to go through
early
Filling a prescription after expiration
Splitting prescriptions to obtain additional dispensing
fees
Changing to an incorrect diagnosis code in order to
receive payment
Fraud vs. Abuse
Did you do it intentionally?
Can you prove that you didn’t?
Repeated abuses are often considered to be intentional
frauds in the eyes of the auditors
Once or twice = oops
Twenty = Fraud
Basics of FWAC
Prevent! Detect! Correct!
Required to adopt and implement an effective
compliance program
CMS requires 7 core elements
33 sub-elements
Much more than just training!
The 7 core elements are:
1.
2.
3.
4.
5.
6.
7.
Written Policies, Procedures and Standards of
Conduct;
Compliance Officer, Compliance Committee and High
Level Oversight;
Effective Training and Education;
Effective Lines of Communication;
Well Publicized Disciplinary Standards;
Effective System for Routine Monitoring and
Identification of Compliance Risks; and
Procedures and System for Prompt Response to
Compliance Issues
Element I:
Written Policies, Procedures and Standards of
Conduct
Standards of Conduct
AKA “Code of Conduct” (CoC)
State the principles and values by which you operate
Expectation that ALL employees will act in an ethical
manner
Noncompliance and potential FWA is reported
Reported issues are addressed and corrected
Compliance is everyone’s responsibility!
Element I:
Written Policies, Procedures and Standards of
Conduct
Policies and Procedures
Detailed and Specific
Describe operations of Compliance Program
Reporting structure
Training requirements
Investigation and remediation
Element I:
Written Policies, Procedures and Standards of
Conduct
Distribution of P&P and Code of Conduct
Compliance program not effective unless distributed to
employees
Within 90 days of hire
Updates
Annually
Can distribute manually or electronic
Need proof of distribution
Signed acknowledgement
Element II:
Compliance Officer, Compliance Committee and
High Level Oversight
Compliance Officer
Should be full-time employee
Experience with compliance
Recommend manager or direct report
Duties:
Aware of daily activities
Develop and Implement compliance program
Coordinate internal reviews and investigations
Maintain reporting mechanisms
Exclusion list checking
Element II:
Compliance Officer, Compliance Committee and
High Level Oversight
Compliance Committee and Governing Body
Oversee and advise Compliance Officer and Program
Plan sponsors = large committees, varied backgrounds
FDRs = may be the Compliance Officer + Owner and/or
Managers
Element II:
Compliance Officer, Compliance Committee and
High Level Oversight
Senior Management Involvement
Senior management must be involved with Compliance
Program to be effective
Ensure Compliance Officer has credibility, authority and
resources needed to operate the program
Compliance Officer must report to senior management
any compliance issues
Element III:
Effective Training and Education
General Compliance Training
ALL Employees (includes temps and volunteers)
Within 90 days of hire and annually
Classroom, online or attestation that have read and
received CoC and P&P
Must have proof of training (sign-in, attestation or
certificates)
Element III:
Effective Training and Education
General Compliance Training cont.
Contents of training:
Review of P&P and CoC
Identifying potential noncompliance (examples)
Reporting noncompliance
Review disciplinary policies
Disclosing conflicts of interest
Confidentiality (HIPAA/HITECH)
Element III:
Effective Training and Education
Fraud, Waste and Abuse Training
Only requirement deemed to have been met thru Part B
accreditation
Only employees that are involved in the administration
or delivery of Medicare benefits
Within 90 days of hire and annually
May be required as corrective action to noncompliant
employees
May be tailored to specific job functions
Sponsors required to provide training to FDRs
May use CMS’ FWA training module
Element III:
Effective Training and Education
Fraud, Waste and Abuse Training cont.
Contents of Training:
Laws and regulations (False Claims Act, Anti-Kickback
statute, HIPAA/HITECH, etc.)
Reporting FWA
Protections for reporting FWA
Types of FWA (examples)
Maintain training records for 10 years
Time, attendance, topic, certificates and/or test scores
Element IV:
Effective Lines of Communication
Effective Lines of Communication Among the
Compliance Officer, Compliance Committee,
Employees, Governing Body and FDRs
Ways to communicate information from the Compliance
Officer to others
Officer’s name, location, and contact information
Changes to P&P, CoC, laws and regulations
Methods of communication
Written, email, website, or meetings
Element IV:
Effective Lines of Communication
Communication and Reporting Mechanisms
Must have P&P and CoC that requires reporting of
suspected or detected noncompliance or FWA
Must maintain confidentiality
Allow anonymous reporting
Prohibit retaliation or retribution (no-tolerance policy)
User friendly, easy to access
Element IV:
Effective Lines of Communication
Enrollee Communications and Education
Plan sponsor requirement only
Must educate Medicare enrollees on identifying and
reporting potential FWA
Element V:
Well-Publicized Disciplinary Standards
Disciplinary Standards
Clear and specific disciplinary standards
Contents:
Expectation to report noncompliant, unethical or illegal
behavior
Participate in required training
Timely, consistent and effective enforcement
Disciplinary action must be appropriate to seriousness of the
violation
Retraining, suspension, termination
Element V:
Well-Publicized Disciplinary Standards
Methods to Publicize Disciplinary Standards
Must publicize disciplinary standards to all employees
Methods:
Newsletters
Staff Meetings
General Compliance Training
Intranet
Posters
Element V:
Well-Publicized Disciplinary Standards
Enforcing Disciplinary Standards
Maintain records for 10 years
Date reported
Description of violation
Date of investigation
Summary of findings
Disciplinary action taken and date
CMS encourages that de-identified disciplinary actions
be reported to employees
Demonstrate importance of Disciplinary Standards
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
Routine Monitoring and Auditing
Compliance Officer must conduct
Monitoring = regular review of operations to ensure
compliance
Auditing = formal review based on a set of standards (P&P,
laws and regulations)
Address areas at risk
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
Development of a System to Identify Compliance Risks
Conduct an assessment of risk
Complexity of work
Past compliance issues (audit results)
Chapter 7 – Quality Assurance
Credentialing
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
Development of the Monitoring and Auditing Work
Plan, Audit Schedule and Methodology
What audits will be performed?
When will audits be conducted?
Who will conduct audits?
How will audits be conducted?
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
Audit of Operations and Compliance Program
Review pharmacy operations to ensure compliance
Review compliance program
Modify P&P and program as appropriate
Track and document compliance efforts
Report compliance success and noncompliance to
employees
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
OIG/GSA Exclusion
OIG LEIE: Office of the Inspector General List of
Excluded Individuals and Entities
http://exclusions.oig.hhs.gov
GSA EPLS: General Services Administration Excluded
Parties Lists System
Moved to SAM (System for Award Management) website
http://www.sam.gov
OIG Exclusion
Search up to 5
individuals at a time
Allows SSN/EIN
verification
Provider records
also contain
NPI/UPIN if
available
GSA Exclusion
Search only 1
individual at a time
Need to contact the
excluding agency to
confirm
Exclusions often not
related to health
care
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
OIG/GSA Exclusion cont.
“Federal funds may not be used to pay for services,
equipment or drugs prescribed or provided by a
provider, supplier, employee or FDR excluded by OIG or
GSA.”
Must screen PRIOR to hire and at least Monthly
Any employee, temporary employee, volunteer, consultant,
governing body member or FDR
Ensure that not excluded or become excluded
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
OIG/GSA Exclusion cont.
Mandatory Exclusions: Previous fraud, patient neglect
or abuse, felony convictions relating to unlawful
manufacture, distribution, prescribing or dispensing of
controlled substances
Permissive Exclusions: Misdemeanor convictions for
above, Pharmacy License suspension for reasons bearing
on professional competence, financial integrity –
providing unnecessary or substandard services,
engaging in unlawful kickback arrangements, defaulting
on a health education loan or scholarship obligations
Element VI:
Effective System for Routine Monitoring, Auditing and
Identification of Compliance Risks
OIG/GSA Exclusion cont.
Costs of Employing Excluded Individual
CMPs of up to $10,000 for each item or service
Recovery up to three times the amount claimed
Exclusion
Self-Disclosure Protocol
Reduce recovery to 1.5 times amount paid
Can prevent exclusion
Limited to $10,000 minimum
Examples of Exclusion
2012: Hy-Vee Pharmacies, Iowa
Agreed to pay $831,871.61 for allegedly violating CMP
Law
Employed an individual that they knew or should have
known was excluded
2013: Atmore Community Hospital, Alabama
Self-disclosed potential violation by employing an
excluded individual
Agreed to pay $10,996.20
Element VII:
Procedures and System for Prompt Response to
Compliance Issues
Conducting a Timely and Reasonable Inquiry of
Detected Offenses
Investigation into any issue of noncompliance or FWA
ASAP – no later than 2 weeks after identified
Element VII:
Procedures and System for Prompt Response to
Compliance Issues
Corrective Actions
Correct the cause of FWA or noncompliance
Must include a timeframe to complete
Detailed in writing
Consequences of failing to implement
May include termination
Monitor implementation
Element VII:
Procedures and System for Prompt Response to
Compliance Issues
Procedures for Self-Reporting Potential FWA and
Significant Noncompliance
Voluntary
Recommended for an effective compliance program
Can report to OIG
CMS-Issued Fraud Alerts
Sent to plan sponsors
Fraud schemes identified by CMS or law enforcement
Plan sponsors must respond:
Review contracts with providers
Consider termination
Review claims
May recover claims involved
FWA Investigation
Could withhold payment
Fraud Suspect??
2012: Fraud Alert?
Many “Sunshine” pharmacies in Florida
No common ownership
Began to receive FWA investigation notices
Many received notices from multiple plan sponsors
Some plans were withholding payment of claims
Still allowing processing
Plan sponsors unwilling to disclose any information
Fraud Suspect??
2013: Florida pharmacist convicted of Fraud against
Medicare, Medicaid and TRICARE
Operated 3 stores in Florida named “Sunshine”
NBI MEDIC
National Benefit Integrity Medicare Drug Integrity
Contractor
Health Integrity, LLC
Only MEDIC that is responsible for Part D and C
program compliance
Investigate and monitor plan sponsor compliance and
FWA
Could result in a FDR (pharmacy) audit
Plan sponsors will also refer suspected FWA for
investigation
CMS Sanctions
January 15th, 2013
SilverScript (CVS/Caremark)
Immediate suspension of marketing and enrolling new
members
Failed to enroll beneficiaries into correct plans
Failed to calculate cost-sharing correctly for LIS
Resulted in millions of members leaving pharmacies
without needed medications
CMS Sanctions
November 21st, 2013
Health Alliance Plan (MI)
CMP of $423,200
Failed to provide transition supply due to formulary
Billed patients incorrectly for premiums and late fees
Failed to provide appropriate notices to patients
How do they know if I’m
compliant?
2008-2009: Plans first started asking for attestation for
completion of FWA training
2012: Major revisions to Chapter 9 & 21
2013: Catamaran attestation requires pharmacy to
attest to ALL 7 elements of Chapter 9 & 21.
Catamaran has begun onsite compliance audits
30 minute onsite audit
Check for compliance:
7 elements, HIPAA, licensing requirements, DEA, liability
insurance, OBRA ‘90, storage (include fridge temps)
Penalties for being noncompliant
2012: CVS/Caremark began fining pharmacies $100
that did not complete the online attestation or retain
proof of completion
Plans to issue fines up to $500 for 2013 attestations
TERMINATION!
Assessment Questions
Which Federal law included Qui Tam provisions
allowing a whistleblower to initiate suit on behalf of
the government?
A. Health Insurance Portability and Accountability Act
B.
C.
D.
E.
(HIPAA)
Stark Statute
False Claims Act (FCA)
Patient Protection and Affordable Care Act (ACA)
All of the above
Assessment Questions
Which Federal law prohibits a physician from referring
or ordering health care products or services in which
they have a financial relationship?
A. Health Insurance Portability and Accountability Act
B.
C.
D.
E.
(HIPAA)
False Claims Act (FCA)
Patient Protection and Affordable Care Act (ACA)
Stark Statute
All of the above
Assessment Questions
My pharmacy has been deemed to have met all of the
requirements for FWAC through DMEPOS
accreditation.
A. True
B. False
Assessment Questions
The following apply to checking exclusion lists:
A. Only the OIG list has to be checked since GSA isn’t
healthcare related
B. Exclusion lists must be checked within 90 days of hire
and at least annually
C. Exclusion lists must be checked prior to hire and at
least monthly
D. A and B
E. A and C
Assessment Questions
Your Code of Conduct must include which of the
following?
A. Compliance is everyone’s responsibility
B. Principles and values in which you operate
C. That everyone will act ethically
D. Potential FWA and noncompliance is reported
E. All of the above
Questions?
MPA Winter CE + Ski
January 12th, 2014
Jason Walker-Crawford, R.Ph. – PAAS National®, Inc.