Pulmonology Coding Alert

Compliance:

3 Recent Cases Show Pulmonology Fraud Vulnerabilities

Secure your practice’s compliance plan to ensure audit success.

Between Medicare, Medicaid, and HIPAA, auditors are stepping up their reviews of medical practices nationwide, prompting pulmonology practices to remain vigilant and button up their documentation and recordkeeping. If you’d like some insight into the types of cases being prosecuted in this specialty, we’ve got the details of three pulmonology-specific compliance reports that were brought to light over the past few years which can help you determine what not to do if you’d like to avoid fraud.

1. Employee Not Licensed

A Conn. pulmonary practice landed in hot water last year after its medical assistant — who was performing x-rays — was found to have no medical license. The unlicensed MA had worked for the practice and performed x-rays for five years before being discovered — the two pulmonologists who own the practice subsequently had to pay thousands in fines.

The physicians said they were not aware that they were doing anything wrong. The case was brought to the attention of the government after a former employee blew the whistle on the practice.

The takeaway: Know the law and what it allows each type of practitioner to do in your practice. In addition, don’t relax your hiring standards for anyone, even if the employee says they have performed a certain responsibility — such as x-rays — elsewhere. State law in one region may be different than the law where your practice is, so just because someone has experience with a particular service doesn’t mean it’s legal to let them do it. You should ensure that your new hires are appropriately licensed and credentialed, that they’re contracted with your insurers, and that they haven’t been excluded from any payers.

When evaluating employees’ licensure status, also review multiple databases and cross-reference the information against your state licensure database as well as the OIG’s excluded provider database.  

You can also investigate software solutions that provide real-time tracking of employees’ licensure status. For example, some software products will track employees’ status in real time. The system looks for discrepancies between background information reported by the employee’s record and outside databases.

If the software program finds a problem, the system will alert anyone the organization wants alerted, including the administration and/or the employee himself. The software monitors license information, DEA certification, HHS Office of Inspector General and federal sanctions, criminal complaints, as well as malpractice complaints reportable to state or federal databases.

If you detect an employee practicing without an active license, you should immediately stop the person from providing care within the organization. At that point, anything the unlicensed care provider does subjects the practice to increased liability for negligent credentialing — and obviously for payment recovery from payment sources.

2. Procedures Not Performed

A Texas-based physician specializing in pulmonary critical care and internal medicine faces up to ten years in prison after being convicted for his role in a healthcare fraud ring earlier this year. The doctor and two partners owned a home health firm, and he allowed his Medicare identification number to be used when the firm submitted Medicare claims. Several of the claims indicated that the doctor conducted visits lasting 90 minutes or more when in actuality they only took 15 or 20 minutes. In addition, he submitted claims for one day’s worth of service that would have required him to work a startling 205 hours — nearly ten times the number of hours in a day.

The takeaway:  Coders must always cross-check any codes billed against the documentation. If it isn’t in the record, you cannot report the services. In this case, the offending doctor would have easily been discovered if the practice had performed semiannual audits, so ensure that your practice is on an appropriate audit schedule to catch any such issues.

You can either perform a prospective audit (in which your practice examines new claims before you file them) or a retrospective audit (when your practice examines paid claims). A prospective audit helps you identify and correct problems before sending the claim, which could mean you’ll discover incorrect coding or charges that would otherwise have been missed. Keep in mind that this type of chart audit can potentially delay billing, however.

Retrospective chart audits do not delay billing, but causes your office to be reactive by refiling claims, rather than proactive in finding problems before you submit the claim.

Best bet: Your practice must determine for itself what types of audits your staff can reasonably complete and what effects on claim submission timing and cash flow the practice can handle.

3. Using HIPAA for Non-Medically Necessary Reasons

A Calif. hospital sued several pediatric pulmonologists two years ago, alleging that they accessed electronic health records and obtained patient data, and then left the hospital’s employment and attempted to bring those patients into their new practice.

At issue was whether the pulmonologists accessed the patient records for a non-medically necessary reason, which is considered a HIPAA breach.

The takeaway: All practices and facilities should perform risk assessments to identify security threats. In addition, review and revise your security and privacy policies at least on an annual basis and whenever there is a relevant change in the law.

You can also raise privacy and security awareness within your organization by providing regular updates on privacy matters, including email blasts, posters, and/or in-service lunch training sessions. Centralize information about policies and procedures and helpful links, and consider sending emails about opportunities for additional training and learning.

Key: Ultimately, management needs to cultivate and support a privacy culture and the privacy message should filter down into the workforce ranks. Make sure you train employees to keep their eyes open and report suspicious behavior of other employees that may pose a security threat.