Medicare Compliance & Reimbursement

Recent spotlights on HIPAA breaches have shown just how many people can be impacted by one privacy slip-up, and the latest incident underscores that point. Tricare, the massive U.S. military insurer, announced last week that backup tapes from an electronic health care record went missing while in the possession of a contractor, putting about 4.9 million San Antonio-area military clinic and hospital patients at risk of a privacy breach.

According to the statement, the information on the tapes included patient data from 1992 through Sept. 7, 2011, and "may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests, and prescriptions." However, the tapes contained no financial data.

Despite the sensitive information stored on the missing tapes, the government ranks the risk of harm to patients as low because anyone attempting to access the data would have to be proficient in specific hardware and software systems. The government will not be notifying all patients who have been identified as being on the tapes, and will not provide credit monitoring and restoration services, due to the low risk that the government has assigned to the situation.

For more information, visit www.tricare.mil/mybenefit/Download/Forms/DataBreach_PublicStatement.pdf.

A Kentucky doctor may have shared vials of infusion drugs between patients, but he didn't share the savings with Medicare, the Department of Justice alleges.

The physician, who owned a bone and joint practice, agreed to pay $349,860 to settle overbilling allegations this week after a former employee alleged that he split vials of rheumatoid arthritis drug Infliximab across multiple patients, but billed Medicare as if he used a whole vial for each patient.

The physician must also pay attorney fees and expenses of the former employee who blew the whistle on his wrongdoing. The whistleblower will also get a $70,000 payment as her "relator's share" of the settlement.

To read more about this case, visit www.justice.gov/opa/pr/2011/September/11-civ-1260.html.

You've benefited from several delays in Medicaid RAC audits, but as of Jan. 1, 2012, the time will finally come when those audits will kick in.

As most readers are aware, "recovery audit contractors" (RACs), which the federal government has hired to audit physician claims, will be reviewing Medicaid claims soon thanks to last year's Patient Protection and Affordable Care Act. Although RAC audits were originally slated to impact Medicaid claims on April 1, 2011, CMS delayed that date, and did not make a subsequent announcement until Sept. 14, at which point the Federal Register posted a final rule indicating the audits will begin on Jan. 1, 2012.

In place for Medicare contractors since 2005, RACs are often referred to as medical "bounty hunters" because they make money on the improper payments they discover. Their income is specifically tied to the amount they recover, and is based on a percentage of the incorrect payments they identify.

The government projects that RAC audits could save the government over $2 billion between 2012 and 2017, and a portion of those savings will go back to the states. "If we're going to spurt jobs and economic growth and restore long-term fiscal solvency, we need to make sure hard-earned tax dollars don't go to waste," Vice President Joe Biden said in a Sept. 14 news release.

To review the Federal Register article, visit www.ofr.gov/OFRUpload/OFRData/2011-23695_PI.pdf.