Tip: Make a good faith effort to comply with the spirit of the law.
Don’t get waylaid by compliance folklore and miss the risk-management boat. Read on to get the facts before you find your practice high and dry.
1. The “attorney or coder or consultant told me it was OK” provides a solid defense. The reality is that as a provider, it’s your practice and you send the bill and are responsible for it. But a provider that can show it attempted to comply could defeat an allegation of criminal intent in a government prosecution.
Obtain this in good faith: The government is going to have a very hard time proving criminal intent if you have a written opinion from an attorney saying that what you’re doing isn’t a legal violation. This is called good faith reliance upon the advice of counsel. And a good faith effort in that regard means you consult an attorney who specializes in the particular area for advice before implementing a practice.
Caveats: Good faith reliance on the advice of an attorney only works in gray areas, however. For example, it wouldn’t work if something is obviously illegal like accepting or paying $50 per Medicare referral.
What about opinions provided by accountants and consultants who aren’t attorneys? Because you are relying on the attorney’s expertise in applying the law to facts and reaching a conclusion, relying upon a legal opinion from an accountant and/or a consultant is not the same.
2. A healthcare provider can’t face false claims liability for failing to detect accidental overpayments. The truth is that keeping overpayments is a false claim if you knew or should have known the circumstances creating the problem. The legal catch phrase there, of course, is “should have known.”
The way the FCA [False Claims Act] operates, the level of ‘knowledge’ you must have regarding an overpayment means that you were something more than merely negligent in retaining the funds. But drawing the precise line between being merely negligent in retaining funds (which does not result in FCA liability) — and being reckless or deliberately ignorant (which does create FCA liability) — is a difficult one to do.
Example: Suppose a provider submits a batch of claims and receives substantial payment for them, but the provider doesn’t have audit or compliance procedures to detect overpayments. In that case, the government will likely claim the provider is being reckless if it failed to return an overpayment — even if the provider was ‘totally unaware’ of receiving it.
On the other hand, say a hospital with compliance procedures in place receives several hundred thousand dollars each month in federal healthcare payments. And despite the hospital’s best efforts, it fails to detect an overpayment that came to less than one percent of the revenue. Under these circumstances, the hospital would have a very good FCA defense that even if it were negligent in failing to identify the overpayment, it was not reckless or deliberately ignorant — so no FCA liability should be imposed.
3. Low-volume providers have only a remote chance of ending up on the government’s radar screen. Not true, now that the RACs and MACs, etc., use computers to detect potentially problematic billing. Computer searches don’t care if you have 50 patients or 8,000 patients — the program looks at the codes and billing patterns. The government also has so many statistics that it can see a “blip” when a provider doesn’t conform to the norm in the marketplace.
Easy pickings: It doesn’t cost the government a lot of money to run data analysis to identify providers with certain errors.
4. The RACs aren’t likely to directly target labs, small practices, or hospice providers. Although RAC websites clearly show they are focused on hospitals, that doesn’t mean that other providers can ignore the law.
Keep in mind: The RACs’ activities free up a bunch of auditors to audit other providers outside of hospitals, and the Government Accountability Office has even suggested this as a response to the RACs focusing on “big ticket” providers.
The Medicaid RACs are also rolling out next year, so providers can’t bet those auditors will target hospitals only.
5. You don’t have to comply with a law before the government issues regs. People don’t realize that they are expected to comply with a statute when it goes into effect, even if the government hasn’t issued regulations yet. Providers should make a good faith effort to comply with the spirit of the law at least. For example, the HIPAA regulations had many specific requirements to ensure protected health information (PHI) didn’t get into the wrong hands, but even before that, covered entities should have made some effort to protect PHI by locking offices and filing cabinets.