Law Corner

Health Care Fraud Prevention and Enforcement Efforts Result in Record-Breaking Recoveries Totaling Nearly $4.1 Billion

Largest Sum Ever Recovered in Single Year

WASHINGTON –Attorney General Eric Holder and Department of Health and Human Services (HHS) Secretary Kathleen Sebelius today released a new report showing that the government’s health care fraud prevention and enforcement efforts recovered nearly $4.1 billion in taxpayer dollars in Fiscal Year (FY) 2011. This is the highest annual amount ever recovered from individuals and companies who attempted to defraud seniors and taxpayers or who sought payments to which they were not entitled.

These findings, released today, in the annual Health Care Fraud and Abuse Control Program (HCFAC) report, are a result of President Obama making the elimination of fraud, waste and abuse a top priority in his administration. The success of this joint Department of Justice and HHS effort would not have been possible without the Health Care Fraud Prevention & Enforcement Action Team (HEAT), created in 2009 to prevent fraud, waste and abuse in the Medicare and Medicaid programs, and to crack down on the fraud perpetrators who are abusing the system and costing American taxpayers billions of dollars. These efforts to reduce fraud will continue to improve with the new tools and resources provided by the Affordable Care Act.

“This report reflects unprecedented successes by the Departments of Justice and Health and Human Services in aggressively preventing and combating health care fraud, safeguarding precious taxpayer dollars and ensuring the strength of our essential health care programs,” said Attorney General Holder. “We can all be proud of what's been achieved in the last fiscal year by the Department’s prosecutors, analysts and investigators – and by our partners at HHS. These efforts reflect a strong, ongoing commitment to fiscal accountability and to helping the American people at a time when budgets are tight.”

“Fighting fraud is one of our top priorities and we have recovered an unprecedented number of taxpayer dollars,” said Secretary Sebelius. “Our efforts strengthen the integrity of our health care programs, and meet the President’s call for a return to American values that ensure everyone gets a fair shot, everyone does their fair share, and everyone plays by the same rules.”

Approximately $4.1 billion stolen or otherwise improperly obtained from federal health care programs was recovered and returned to the Medicare Trust Funds, the Treasury and others in FY 2011. This is an unprecedented achievement for HCFAC, a joint effort of the two departments to coordinate federal, state and local law enforcement activities to fight health care fraud and abuse.

The recently-enacted Affordable Care Act provides additional tools and resources to help fight fraud that will help boost these efforts, including an additional $350 million for HCFAC activities. The administration is already using tools authorized by the Affordable Care Act, including enhanced screenings and enrollment requirements, increased data sharing across government, expanded overpayment recovery efforts and greater oversight of private insurance abuses.

Since 2009, the Departments of Justice and HHS have enhanced their coordination through HEAT and have increased the number of Medicare Fraud Strike Force teams. During FY 2011, HEAT and the Medicare Fraud Strike Force expanded local partnerships and helped educate Medicare beneficiaries about how to protect themselves against fraud. The departments hosted a series of regional fraud prevention summits around the country, provided free compliance training for providers and other stakeholders and sent letters to state attorneys general urging them to work with HHS and federal, state and local law enforcement officials to mount a substantial outreach campaign to educate seniors and other Medicare beneficiaries about how to prevent scams and fraud.

---

Opinion: FDA Regulation of Mobile Health Apps Would Be 'Death Blow'

By jsimmons

In a Washington Times opinion piece, Joel White -- executive director of the Health IT Now Coalition -- warns that "innovation and growth in mobile medical applications could come to a screeching halt if" FDA "moves forward with its proposed regulation" of mobile health apps.

He writes, "At this formative stage of emerging mobile medical applications, complicated and expensive new regulatory structures through FDA would dampen prospects for future life-saving innovations."

White notes that the "average time to approve a medical device is about three years and can cost upward of $75 million," adding, "In the software market, that is a lifetime."

In addition, if mobile apps are regulated as medical devices, they will be subject to a 2.3% tax under the federal health reform law, according to White.

He warns, "Constraints on speed to market and increased regulatory costs combined with tax-driven price increases may cause developers to move on to other, less burdensome endeavors."

White concludes, "The administration should go back to the drawing board and creatively design a 21st-century regulatory framework for innovative products," adding, "We need smart regulation for health information technology, not the same old, same old. We can and must do better"

---

Accurate Patient Records Matching—Time for HIE Leadership

By Allen Briskin and Gerry Hinkley, Pillsbury Winthrop Shaw Pittman LLP

The realization of broader scale electronic HIE has exacerbated the concern for establishing means to ensure accuracy of matching patients to their data that is accessed through an exchange. This is certainly one of the more important hurdles recognized as potentially impeding provider and patient adoption of HIE. HIE organizations are specially positioned to advance the science of patient healthcare data matching and should continue to show leadership to identify best practices and achievement of a nationally adopted approach.

One approach that has had strong appeal in many quarters is the assignment of unique patient identification numbers. In 1996, HIPAA mandated a unique individual identifier for healthcare purposes. Based on concerns that an individual identifier might be misused, HIPAA specified penalties for misuse of an individual identifier and for wrongfully obtaining or disclosing individually identifiable health information, including fines up to $250,000 and 10 years in prison. In carrying out his responsibilities under HIPAA, the Secretary of Health and Human Services (HHS) convened a process to examine individual identifier adoption and enlisted the National Committee on Vital and Health Statistics (NCVHS) to analyze the issues related to such adoption. The NCVHS recommended HHS be cautious in its approach, in large measure because of the volatility of the issue.

Meanwhile, three years after the enactment of HIPAA, Congress weighed in on the subject with the 1999 Omnibus Appropriations Act (and every Omnibus Act since, most recently 2009), that prohibit the use of funds appropriated by Congress to “promulgate or adopt any final standard under [HIPAA] for, or providing or the assignment of, a unique health identifier for an individual” until expressly authorized by Congress.

There is no legislative history supporting Congressional intent for this prohibition, but it is believed in some quarters that the identifier prohibition came about largely because of a concern that, given the abuses that have been associated with social security numbers, some by the healthcare industry itself, that yet another identifier would only serve to jeopardize patient privacy protection.

A perplexing aspect of the prohibition is its having been interpreted by some, including apparently the Obama Administration, to preclude the expenditure of appropriated funds for any purpose related in any way to unique individual identifiers for healthcare purposes, even though the Omnibus Acts have only outlawed the use of funds to “promulgate” or “adopt” a final standard for or assignment of such a number. These are terms of regulatory art connoting final action and should not preclude study and exploration.

As the need for certainty of patient record matching is increasingly and widely recognized as keen, many now argue that this prohibition should not be used to prevent the government’s study of unique identifiers, including funding research pilots and development and testing of protocols. Indeed, the results of such efforts should help Congress to determine whether technology and patient privacy sensitivities can converge to provide a safe and effective way to match records through the use of identifiers.

Not waiting for HHS to take action, the Robert Wood Johnson Pioneer Portfolio, recognizing the need for advancement with respect to the balance of patient privacy and accurate patient record matching, has granted funds to the Western Health Information Network to test the Voluntary Universal Healthcare Identifier (VUHID) system in a year-long study to be concluded in Spring 2012. The availability of research data in this regard will hopefully help to advance the conversation about identifiers.

Other approaches, supported by ONC and initially put forward by the Privacy and Security Tiger Team in February following hearings on the subject, promote the development of standardized formats for demographic data fields. The theory is if a patient data provider has to use a standardized format for a specific demographic field, when the data is received by someone trying to match a record to the patient, fields of the same data when compared will be easier to match. The Tiger Team also suggests that healthcare organizations should evaluate the effectiveness of their matching strategies to endeavor to internally improve matching accuracy; that the NHIN should mandate HIE organization achievement of acceptable matching levels and implementation of uniform policies when information is incorrectly matched; that ONC should take the lead in developing, promoting and disseminating best practices for data capture and matching accuracy; and also that the role of the individual patient in identifying matching errors should be encouraged through audit trails and simplified reporting mechanisms.

HIE organizations are specially positioned to gather experience from their constituents and address solutions for patient data matching, be they by assigning intra-HIE identifiers, refining algorithms, standardizing data fields or empowering consumers to be watchdogs of the accuracy of their patient data. Regardless of approach, HIE organizations should be advancing the science of accurate matching through pilots, research and sharing of best practices and innovative solutions.

---

Critics blast 'unnecessary' HIPAA disclosures rule

By jsimmons

[1]Fearful that doctors might be hesitant to adopt electronic health record technology, the Medical Group Management Association called on the Department of Health and Human Services to withdraw its proposed HIPAA "accounting of disclosures" rule this week. MGMA President and CEO William Jessee cited his organization's new study [2] in making the request, which determined that out of 1,400 participants, more than 90 percent deemed the rule "burdensome and unnecessary."

The accounting of disclosures regulation, mandated as part of the HITECH Act in 2009, calls for medical practices that maintain electronic health records to be able to produce a detailed report of any patient's information accessed by a staff member for any reason for the previous three years. That includes submitting claims for payment.

When asked how many patient requests for disclosure reports they had received in the past 12 months, however, 65 percent of respondents in the MGMA study answered "0 or 1 per [full-time-equivalent] physician." Another 5 percent said two to three times per FTE per year; under 4 percent said four to nine times per FTE per year; 6 percent said 10 or more times per FTE a year; and 20 percent said they didn't recall the times.

"Considering how infrequently physician practices receive these requests from patients, the proposed rule fails to meet the statutory requirement to balance the needs of patients with the burden on providers," Jessee said. "These reports, which would be required to show all electronic access to a patient's health information for up to three years, could be hundreds or even thousands of pages long, making them extremely challenging for physician practices to produce and of little practical value to the patient receiving them." Similarly, in a letter [3] to HHS, the American Health Information Management Association criticized the proposed rule, referring to it as a "significant burden" for providers. Earlier this week, the College of Healthcare Information Management Executives also slammed the rule [4], calling it "not realistic."