Avoid being drawn into billing fraud
It is challenging enough to ensure compliance with Medicare billing rules within your own organization, but don't forget that you also can be drawn into someone else's scam. Federal authorities are cracking down on billing fraud that originates outside your hospital, and if you aren't careful, you can be caught up in the prosecution, with all the attached liability.
Just recently the U.S. Attorney's Office in Los Angeles charged 20 people with fraudulent Medicare billing in seven cases that totaled $26 million in unneeded or undelivered medical equipment, the result of a joint investigation by the FBI, the U.S. Department of Health and Human Services (HHS) and the California Attorney General's office. One 30-year-old man from Long Beach was arrested for allegedly recruiting relatives and members of the Brook Street Gang, based in Santa Ana, to act as owners for fake medical supply companies, which billed Medicare $11.2 million for unneeded wheelchairs and equipment. In another case, the owners and employees of four medical suppliers, who live in Inglewood, Los Angeles, the San Fernando Valley, and Las Vegas, were arrested for allegedly billing Medicare more than $12 million for equipment that either was given to people who did not need it, never supplied, or billed on behalf of dead patients.
Such brazen fraud likely would not go unnoticed by a risk manager if it originated within the organization, but it still is possible to get involved in these schemes unless you take the right precautions, says Brian D. Roark, JD, an attorney with the law firm of Bass, Berry and Sims in Nashville, TN.
"On the criminal side, the federal government is devoting significant resources to prosecuting street-level fraud cases where Medicare or Medicaid is billed for services not rendered, such as individuals setting up fake medical supply companies," he says. "Additionally, the government is employing increasingly sophisticated investigative techniques to spot fraud, such as using data mining to find aberrations in claims-filing patterns and using prepayment claims editing to compare new claims to previous claims and detect fraud in almost real time. Some of the primary areas of focus by the government are on durable medical equipment [DME], prosthetics, orthotics and supplies, home health agencies, and infusion therapy."
Roark also points out that the Fraud Enforcement and Recovery Act of 2009 (FERA) made significant amendments to the False Claims Act (FCA), which is the primary civil enforcement tool for health care fraud. The result of the FERA amendments was to expand liability under the FCA, take away certain defenses previously available to defendants, make it easier for the government to share information with qui tam whistle-blower plaintiffs, and expand whistle-blower protections.
"The FERA amendments likely will increase the number of FCA lawsuits brought against health care providers," Roark says.
Roark says a key way to avoid involvement in such fraud is to make compliance the responsibility of the entire organization and provide mechanisms for employees to raise any compliance concerns.
Fraud cases of all types are on the rise because of the economic turndown, says Frank Pinder, president, Fraud & SIU Services, GlobalOptions Group Inc., an investor relations firm in New York City. When times are tough, people look for any way to keep the cash flowing, and that means more scams.
"The number of fraud cases has dramatically increased. Risk managers in this environment have to be very proactive in detecting fraud," Pinder says. "You have to be, because everyone who is dishonest is trying to figure out ways to scam the system."
Even the appearance of fraud can be costly, says attorney Alan Lambert, MD, JD, an attorney in the New York City office of the law firm Butzel Long. Once impropriety is alleged, the provider may have to bring in outside auditors and legal counsel, with the meter running.
"While you may wind up with a satisfactory outcome, it can be a tremendous cost to your institution and your reputation, even if you did nothing wrong," he says. "So, it is important to remember that it is not enough to stay away from outright fraud. You need to steer clear of situations that, while not fraudulent, are close enough or create suspicions that could lead to an investigation somewhere down the line."
Lambert cautions against the mistaken notion that the health care provider won't be liable for an outside vendor's fraud as long as you were dealing with that vendor in good faith.
"In fact, the government sees the provider as the originator of a Medicare or Medicaid claim and therefore responsible, at least to some degree, for what happens afterward," Lambert says. "They are, in fact, responsible for what happens with other links in the chain, with regard to fraud or the appearance of impropriety."
Pinder says auditing and oversight from outside auditors can detect what amounts to obvious fraud, once someone actually takes the time to look. For instance, he says health care providers can become the victims of scam artists who bill for fraudulent treatment of workers' comp patients.
"We would send an investigator out to the clinic to see that the vendor is what they say they are, that the equipment supposedly used on this patient actually exists," Pinder says. "Then, we would interview the actual patient to make sure they were really treated with that piece of equipment. Risk managers can do the same sort of facility inspection, whether it is a clinic or a DME vendor."
Be on the lookout for the hallmarks of a scammer's way of business. If the business address is a post office box, proceed cautiously. DME vendors are required to have a showroom in which all its products are on display, so a risk manager can send an investigator over to verify that the equipment exists and that the business appears legitimate, Pinder says.
"That may take an hour of time and a couple hundred dollars, but it can save you a tremendous amount of money on the back end," he says. "When your investigator gets there and finds an empty warehouse, you know right away that you've got a scam. A legitimate operation will have no problem showing you around, showing you its records for shipping equipment to a particular patient. If a company balks at showing you that documentation, you need to stop all transactions and assume it's a fraudulent [company] until they prove otherwise."
Health providers can avoid some types of patient fraud through address/phone/name matching and running patient identifiers against the Social Security Administration's Death Master File, says Christopher Chenoweth, chief information officer and founder of CDYNE Corp. in Chesapeake, VA, which provides information technology services.
"There are web services that can be implemented by IT personnel directly into the patient management system, so that when patients are processed initially or sign in to view health records online their information can be compared to the Death Master File to weed out deceased-person identity theft, and reverse lookups can be performed instantaneously in real time by phone and address for verification."
Lambert also recommends being on the lookout for situations in which one employee at your institution oversees a significant revenue stream with an outside vendor.
"If you have a multimillion-dollar revenue cycle dealing with ordering supplies, for instance, you want to make sure it's not just one employee involved from beginning to end and who can engage in some kind of corrupt practice," Lambert says. "With others involved, the fraud becomes more difficult, as they would have to co-opt others into the scheme. And that oversight should feed back into the compliance program and the whistle-blower hotline."
For more information on avoiding fraud, contact:
Brian D. Roark, JD, Bass, Berry and Sims, Nashville, TN. Telephone: (615) 742-7753. E-mail: firstname.lastname@example.org.
Frank Pinder, President, Fraud & SIU Services, GlobalOptions Group, Inc., New York City. Tele- phone: (888) 550-4211. E-mail: fpinder@global options.com.
Alan Lambert, MD, JD, Attorney, Butzel Long, New York City. Telephone: (212) 905-1513. E-mail: email@example.com.
Christopher Chenoweth, Chief Information Officer, CDYNE Corp., Chesapeake, VA. Tele- phone: (800) 984-3710. E-mail: firstname.lastname@example.org.