The success of your business relies on timely billing and accurate coding. Whether you’re managing the billing for one provider or 50, it’s a complex job that must meet a variety of regulations, making it easy for medical billing companies to be the target of false claims and fraudulent crimes. As healthcare fraud continues to be a growing issue in the industry, medical billers are increasingly being held liable for their role in the submission of fraudulent claims.
Executive Director of American Medical Billing Association, Cyndee Weston, CMRS, CMCS, CPC, will provide an in-depth analysis of what can be considered fraud when submitting medical claims, how the government is enforcing guidelines, and what you can do to help protect your business as well as your practices.
kochi Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
HIPAA & OIG Compliance for Medical Billing Company Owners
1. webinar
HIPAA & OIG Compliance for
Medical Billing Company Owners
Cyndee Weston, CMRS, CMCS, CPC April 11, 2019
2. kareo.com
Agenda
2
Agenda
2
• Welcome & Introductions
• Federal Investigation and
Enforcement Efforts
• HIPAA Violations
• Resources
• How Kareo Can Help
• Your Questions
3. kareo.com 33
How to Participate Today
Type your questions
Download today’s resources
View today’s presentation
4. kareo.com 44
Connect via Social
twitter.com@GoKareo
facebook.com/GoKareo
linkedin.com/company/kareo
5. kareo.com 55
Kareo and PAHCOM
• PAHCOM has approved 1 CEU credit
• You’ll be asked at the end of the
webinar if you want a CEU certificate
• Certificates will be emailed within the
next few days
• Attendees must be logged into the
webinar to receive credit
Support For Your Professional Development
6. kareo.com 66
Speaker
• Executive Director, American Medical Billing
Association
• Over 30 years of billing, coding, compliance and
reimbursement experience
• Works with independent and doctor's office billers
to provide support, education, and resources for
AMBA members
Cyndee Weston, CMRS, CMCS, CPC
7. kareo.com
Agenda
7
Agenda
7
• Welcome & Introductions
• Federal Investigation and
Enforcement Efforts
• HIPAA Violations
• Resources
• How Kareo Can Help
• Your Questions
9. kareo.com 99
Federal Investigation and Enforcement Efforts
DOJ, HHS, 94 U.S. Attorneys investigating civil and criminal healthcare fraud and abuse
matters – 2017:
• Won or negotiated over $2.4 billion in health care fraud judgments and
settlements
• Department of Justice (DOJ) opened 967 new criminal health care fraud
investigations. Federal prosecutors filed criminal charges in 439 cases
involving 720 defendants. A total of 639 defendants were convicted of health
care fraud-related crimes during the year. Also in FY 2017, DOJ opened 948
new civil health care fraud investigations
• Investigations conducted by HHS’ Office of Inspector General (HHS-OIG)
resulted in 788 criminal actions against individuals or entities that engaged in
crimes related to Medicare and Medicaid, and 818 civil actions, which
include false claims and unjust-enrichment lawsuits filed in federal district
court, civil monetary penalties (CMP) settlements, and administrative
recoveries related to provider self-disclosure matters.
• HHS-OIG also excluded 3,244 individuals and entities from participation in
Medicare, Medicaid, and other federal health care programs. Among these
were exclusions based on criminal convictions for crimes related to Medicare
and Medicaid (1,281) or to other health care programs (309), for patient
abuse or neglect (266), and as a result of licensure revocations (973).
10. kareo.com 1010
Federal Investigation and Enforcement Efforts
Medicare Strike Force Team – 2017:
• Filed 253 indictments, information and complaints involving
charges filed against 478 defendants who allegedly billed federal
health care programs more than $2.3 billion
• Obtained 290 guilty pleas negotiated and 33 jury trials litigated,
with guilty verdicts against 40 defendants
• Secured imprisonment for 305 defendants sentenced, averaging
more than 50 months of incarceration
11. kareo.com 1111
2017 Fraud Highlights
Michigan doctor and a medical billing company convicted for their
roles in a $28 million Medicare fraud scheme for submitting
fraudulent claims for services – mainly nerve block injections –that
they knew had not been provided. The billing company co-owner was
sentenced to 10 years in prison.
Detroit-area medical biller was sentenced to 4 years and 2 months in
prison and ordered to pay $3.2 million in restitution for her
involvement in a $7.3 million Medicare and Medicaid fraud scheme.
Defendant submitted fraudulent bills on behalf of a co-conspirator
physician for services she knew could not have been rendered, and
for services she knew had not been rendered as billed. In exchange,
the physician paid the defendant six percent of the total billings to
Medicare and Medicaid. The physician pled guilty to a $33 million
Medicare fraud scheme and was sentenced in March 2017 to 8 years
and 5 months in prison.
12. kareo.com 1212
Federal Investigation and Enforcement Efforts
• Misrepresentation of the type or level of service provided
• Misrepresentation of the individual rendering service
• Billing for items and services that have not been rendered
• Billing for services that have not been properly documented
• Billing for items and services that are not medically necessary
• Seeking payment or reimbursement for services rendered for
procedures that are integral to other procedures performed on
the same date of service (unbundling)
• Seeking increased payment or reimbursement for services that
are correctly billed at a lower rate (up-coding)
13. kareo.com 1313
Current Federal Investigation and Enforcement Efforts
General Overview - Cases Against Billers
Billers are increasingly being held liable for their role in the
submission of false and/or fraudulent claims
Florida: In this case, a health care consultant who also served as a clinic biller was involved in
the payment of kickbacks and bribes to patient brokers and others. She received a
percentage of Medicare reimbursement as compensation. As part of her plea, she admitted
to disguising kickback payments as “outreach” or “marketing” payments through a sham
staffing company. She was sentenced to 135 months in jail and ordered to pay a $100,000
fine.
New Jersey: In a recent health care fraud case, a biller in a physician’s office was indicted for
submitting phony medical claims and pocketing much of the reimbursement when it came in.
Essentially, this biller engaged in both health care fraud and embezzlement.
Missouri: A chiropractor and his outside third-party biller plead guilty to federal health care
fraud charges for selling “custom” orthotic boots to patients covered by Medicare, Medicaid
and private payor insurance plans. To try and conceal the fraud, the third-party company
submitted the false claims under the names of several different companies.
14. kareo.com 1414
Current Federal Investigation and Enforcement Efforts
General Overview - Cases Against Billers
Illinois: The primary medical biller for a physician group was sentenced to
four years in federal prison and ordered to pay $1 million in restitution
for her role in a Medicare fraud scheme. In this case, it was alleged that
the biller routinely billed Medicare for patient oversight that wasn’t
provided. In some instances, care was billed for patients who were dead.
Arkansas: A former billing clerk at a family health clinic has been charged
with Medicaid fraud. She supposedly “knowingly made false statements”
to the Arkansas Medicaid Program that resulted in $589,000 in
overpayments. Notably, this state investigation has also resulted in the
arrest of the clinic’s Director of Operations and the former Director of
Billing. Overall, the clinic is alleged to have scammed the state Medicaid
program out of $2.2 million.
16. kareo.com 1616
HIPAA Violations
• Based on the level of negligence, can range from $100 to $50K per violation
or per record, max $1.5M per year. Criminal charge can result in jail time.
• Fines increase with the number of patients and the amount of neglect.
Lowest fines start with breaches where you didn’t know or by using
reasonable diligence, would not have known that you violated a provision.
Fines increase with willful neglect where a breach is due to negligence and
not corrected within 30 days.
• Fines
• Reasonable Cause ranges from $100 to $50,000 per incident and does not
involve any jail time.
• Willful Neglect ranges from $10,000 to $50,000 for each incident and can
result in criminal charges.
How much do HIPAA violations cost?
17. kareo.com 1717
HIPAA Violations
• Unencrypted data – most data breaches are due to stolen or lost data that
was unencrypted.
• Employee error – most important to train employees and adhere to security
policies and procedures
• Data stored on devices – nearly half of all data breaches are the result of
theft. Unencrypted laptops are the number one reason for fines. If a laptop
that is encrypted is stolen, there may not be any fines at all.
How much do HIPAA violations cost?
18. kareo.com 1818
Current Concerns – HIPAA Criminal Prosecutions
Criminal cases based on improper HIPAA breaches are growing
(2018). A Massachusetts Gynecologist, was originally accused of accepting $23,500 in
“speakers fees” from a pharmaceutical firm. She was also accused of permitting a
pharma representative to access patient records, supposedly to more efficiently
complete pre-authorization forms for insurance companies refusing to approve
prescriptions for two new drugs the company was promoting. Initially charged with
violating the federal Anti-Kickback statute, the government later dropped that charge
and moved forward with alleged violations of HIPAA and of lying to federal
investigators. She was convicted in April 2018 and faced up to two years in jail. In
September 2018, the Court agreed to place her on probation.
(2018). A former Clerk of the Veteran Affairs Medical Center in Long Beach, California,
was found to have stolen the PHI of 1030 patients on hard drives in his home. He was
also found to have stolen more than $1000 in supplies. While the government could
have pursued this case federally, it was ultimately steered through the state courts. In
June 2018, he plead guilty to identity fraud, he was sentenced to three years in state
prison.
19. kareo.com 1919
Current Concerns – HIPAA Criminal Prosecutions
(2018) A Pennsylvania Patient Information Coordinator has been named in a six-count
indictment for wrongfully accessing and disclosing the protected health information of
111 patients. The government contends that she was not authorized, and had no
legitimate work reason to access the information. She also disclosed the information
to three individuals “with intent to cause malicious harm.” If found guilty on all counts,
she faces up to 11 years in jail and fines up to $350,000.
(2016) A Customer Service Representative working at a Tampa hospital was convicted
of illegally accessing the PHI of more than 600 hospital patients. The defendants and
her accomplices then used that information to file 29 false tax returns seeking refunds
totaling $226,000. She was prosecuted for violations of HIPAA and wire fraud. She
plead guilty in 2016 and was sentenced to 37 months in prison.
(2016) A Respiratory Therapist at an Oregon hospital was convicted by a federal jury of
wrongfully accessing individually identifiable health information. At trial, federal
prosecutors suggested to the jury that Ms. Knapp was attempting to find out what type
of medication patients were being prescribed so that she could steal the drugs either
for herself or someone else. She was not charged with theft of drugs or identity theft.
She faced up to one year in prison and was ultimately placed on probation for two
years.
21. kareo.com 2121
Other Risk Areas
1. Does Your Billing Contract Protect Your Business Interests? When is
the last time you reviewed your contract? Are you meeting your
statutory obligations with respect to HIPAA Security Risk Analysis
requirements, PCI Compliance, Exclusion Screening, collecting Co-
Payments and Deductibles from Patients, etc.?
2. Percentage Billing Concerns. It is illegal to bill on a percentage basis
in your state? Are you sure?
3. Is Your Billing Company Required to be Registered to Conduct
Business in Your State? New Jersey is aggressively cracking down on
billing companies that have failed to register. Texas is now requiring
the provider to register the biller of record, the biller must register
and you cannot bill on percentage for Medicaid claims.
22. kareo.com 2222
Options if Provider Refuses to Comply with the Law
1) If the government pursues you for individual liability, do you have
indemnification coverage?
2) Do you have E&O Liability Coverage?
3) Ultimately, you may have only a limited number of choices if
providers refuse take action:
- Continue to work for the company, despite the fact that wrongdoing is
taking place.
- Terminate contract
- Terminate contract and file a complaint with the affected payors
23. kareo.com 2323
Quick Review
• The government expects health care providers, suppliers AND Billing Companies to
have an effective Compliance Program in place.
• Self-audits are not just encouraged, they are required if a company wants to be
viewed as a good corporate citizen.
• Potential overpayments must be promptly investigated and returned to the
appropriate payor.
• Educate your Physicians and other Management on individual accountability.
• Your Compliance Program must be more than a paper tiger. Is it effective? What
role do you play in its oversight and implementation?
• Document your efforts to fully comply with applicable statutory and regulatory
requirements.
• Review your position. Are you saddled with accountability but have no ability to
properly monitor, evaluate and direct remedial changes in programs in your areas
of responsibility?
• When a problem is identified, what steps are you taking?
24. kareo.com 2424
Resources
• Privacy Rule
• Security Rule
• Enforcement Rule
• Final Omnibus rule
• Breach Notification Rule
• View the Combined Regulation Text - PDF
- (As of March 2013) This is an unofficial version that presents all the
HIPAA regulatory standards in one document. The official version of all
federal regulations is published in the Code of Federal Regulations (CFR)
- View the official versions at 45 C.F.R. Part 160, Part 162, and Part 164
• Other HIPAA Administrative Simplification Rules are administered and
enforced by the Centers for Medicare & Medicaid Services, and include:
- Transactions and Code Sets Standards
- Employer Identifier Standard
- National Provider Identifier Standard
25. kareo.com 2525
Resources
• Business Associates
• Sample Business Associate Agreement
• Frequently Asked Questions on Business Associates
• Learn more about business associate contracts
• Explaining Business Associate Agreements
• How Does De-Identification Work?
• Protecting Against Ransomware Attacks
• **HealthIT.gov (multiple great resources)
• **Individuals Rights to Access & Obtain their PHI (offers physician
CEUs)
26. kareo.com 2626
Resources
• Guide to Privacy and Security of Electronic Health Information [PDF –
1.3 MB]
- ONC tool to help small health care practices in particular succeed
in their privacy and security responsibilities. The Guide includes a
sample seven-step approach for implementing a security
management process
• Security Risk Assessment (SRA) Tool
- HHS downloadable tool to help providers from small practices
navigate the security risk analysis process
• Security Risk Analysis Guidance
- OCR’s expectations for how providers can meet the risk analysis
requirements of the HIPAA Security Rule
• HIPAA Security Toolkit Application
- National Institute of Standards and Technology (NIST) toolkit to
help organizations better understand the requirements of the
HIPAA Security Rule, implement those requirements, and assess
those implementations in their operational environment
27. kareo.com 2727
Resources
• Certified Health IT Product List
- ONC’s authoritative, comprehensive listing of complete
Electronic Health Records (EHRs) and EHR modules that have
been tested and certified under the ONC Health IT (HIT)
Certification Program
• Sample Business Associate Contract Provisions
- OCR sample Business Associate (BA) contract language to help
Covered Entities (CEs) more easily comply with the HIPAA
Privacy Rule
• TEMPLATE - Model Notices of Privacy Practices (NPPs)
- ONC and OCR’s customizable NPPs for use by providers and
health plans
• Mobile Devices – Keeping Health Information Private and Secure
- ONC’s web page dedicated to resources for helping providers
protect and secure health information on mobile devices
28. kareo.com 2828
Conclusion
• There are a multitude of laws regarding fraud and abuse and HIPAA
• Be diligent in addressing issues and in training your staff and the
providers you work with. Strive to meet all the requirements
• Find good team members that can help you implement the steps
necessary to prevent issues
Questions?
Cyndee Weston, CMRS, CMCS, CPC
American Medical Billing Association
www.americanmedicalbillingassociation.com
www.facebook.com/ambanet
cyndeew@ambanet.net
29. kareo.com 2929
About Kareo
#1 Cloud-Based Software Platform for
Medical Billing Companies and Their Customers
Complete business management solution for billing, clinical,
and patient engagement
Over 1,600 medical billing companies use Kareo nationally
• More than 50,000 physicians rely on Kareo
Dedicated business unit for medical billing companies
• Solution Consultants
• Account Managers
• Customer Support
550 employees headquartered in Irvine, CA
Call (866) 231-2871
30. kareo.com 3030
How to Participate Today…
Type your questions
-- Questions After the Webinar --
888.775.2736 x1
sales@kareo.com
31. kareo.com 3131
Connect with Kareo
Stop by and say hi!
Kareo @GoKareo GoKareo
3353 Michelson Drive, Suite 400
Irvine, CA 92612
(888) 775-2736