How can you protect personal health information (PHI), medical records, and patient communication when the provider is also the patient?Continue reading
Information Blocking Rule works with HIPAA’s regulatory “right of access” provisions. Patients should have access to their health information.Continue reading
Information-blocking compliance perpetually changes. Learn how to build a compliance culture across IT, HIM, privacy, legal, medical, and nursing.Continue reading
For value-based care, avoiding information-blocking isn’t enoughContinue reading
Recent changes to Stark aim to increase coordination of patient care, modernize, and clarify rules related to the law.Continue reading
The Stark Law creates a whole set of antikickback rules that providers must understand and actively work to comply with. And with all its good intentions, the Stark Law is incredibly restrictive. In fact, even the U.S. Court of Appeals for the 4th Circuit noted that “even for the well-intentioned healthcare provider, the Stark law has become a booby trap rigged with strict liability and potentially ruinous exposure.”
The Centers for Medicare and Medicaid (CMS) and Congress have taken steps to clear up confusion and loosen the rules in some cases (See our article on exceptions for value-based care). Still, your Compliance team has a tremendous responsibility to make sure that policies match the rules and that providers understand and follow the policies.
Policies match the Stark rules
Changes to the Stark Law have been coming out practically since the law was enacted. The law, which aims to protect against kickbacks and self-referrals, has gotten complicated in the details. Congress issues amendments to help the law catch up to changing business practices. Healthcare organizations may have written policies that facilitated compliance originally. However, those may be completely out-of-date if they weren’t keeping up with the changes in the law.
For example, CMS has introduced modifications that addressed challenges with value-based care and resolve issues restricting coordinated care and health data exchange. Another modification to the law was allowing healthcare providers to accept cybersecurity tech donations from stakeholders.
While the compliance officer enforces the policies, he or she doesn’t have to live them the way those in operations do. Getting input from key stakeholders such as providers, Risk Management, and others in the C-suite can help ensure that final policies are clear. This early feedback and engagement can also help identify how the policy or regulatory changes will affect the individuals who must operate under them. Lastly, they can help identify potential operational conflicts with new policies or regulatory changes.
(See how YouCompli delivers model policies and procedures that help your organization comply.)
Providers following the Stark policies
With compliant policies in place, it’s time to help providers understand how to follow them. This is where communicating what certain key terms in a policy or regulation means in the context of the provider’s particular work becomes critically important.
Compliance officers know that “the road to success is going to run through quality of care,” says Harry Nelson, health care attorney at Nelson Hardiman. “Compliance isn’t the internal police that slows things down, but a strategic part of growth.” When it comes to making sure providers understand how to follow policies, the compliance officer has to look at the language of the policy from the providers’ perspective, not that of the compliance officer.
Here are five steps to help providers understand and follow Stark-compliant policies:
- Engage your operational leaders. Make sure the president and CEO understand the nature and intent behind Stark limitations so they can help explain and reinforce them. Give situational examples they can relate to so they understand what the key terminology means.
- Invest in training and communication. One email won’t do it with changes to Stark-related policies. Engage providers in small groups, in writing, and in person to explain nuances and answer questions about tricky scenarios. Whenever possible, use real-world scenarios to help illustrate how the regulations and policies impact them. Education and training should also be routine and ongoing with key stakeholders.
- Get feedback. Regularly check in to gather feedback from your leaders. Find out if the implemented tools and procedures are working for them, as well as to identify challenges they face. This step will help you see areas where the words on paper mean something the compliance officer had not thought of. Adapt procedures and tools if necessary.
- Encourage people to ask questions. Make sure providers and your operational leaders alike know they can use you as a sounding board for grey areas or possible violations. It’s much better if they proactively ask if a proposed arrangement is compliant. Otherwise, they may have to unwind a relationship if they find out it is not compliant.
- Promote awareness to prevent future mistakes. Once an error is made, chances are it will reoccur and lead to additional violations. As you are addressing errors, promote awareness to prevent future mistakes. For example, when you are communicating the fact that a mistake was made, go the extra step to what caused it. This will be an opportunity to find out where their confusion was and use that insight to update policies or training.
Stark compliance starts with knowing about changes to the regulations and continues with crafting policies that providers can understand and follow. Involving stakeholders in policy creation and training, and engaging tech systems to reinforce the lessons will support the long-term success of Stark-compliant policies.
Do you have the tools you need to recognize and manage regulatory change across your organization? Find out how YouCompli can help you manage and coordinate your response to regulatory change or schedule a demo.
Subscribe for blog updates
The well-intentioned but complex Stark Law has gotten some updates recently. The changes give healthcare providers greater flexibility, especially with value-based care.
The Stark Law was introduced in 1989 by United States Congressman Pete Stark (D-CA). It aims to protect Medicare and Medicaid from paying for services that may trigger conflict-of-interest concerns. This includes certain healthcare services for which physicians referred their Medicare/Medicaid patients to an organization with which they have a financial relationship. Referrals like this trigger questions about whether the patient really needed the service and raises concerns of physicians referring for their own financial benefit.
Take, for example, a physician who refers a Medicare/Medicaid patient for an x-ray to a medical imaging facility. The facility then bills Medicare for that service. This may seem appropriate unless the physician has a financial interest in the medical imaging facility.
The law faced criticism, however, for being too rigid. According to Henry Casale, partner at Horty Springer, “providers have found that the Stark Law is deceptively simple to summarize, but compliance has proven to be difficult and complex.”
Casale went on to say that “Stark said that ‘the only way to protect healthcare consumers from unnecessary referrals is to impose a bright line rule.’ The Stark Law prohibits a physician from making referrals for certain Designated Health Services (DHS) payable by Medicare or Medicaid to an entity with which the physician (or an immediate family member) has a direct or indirect financial relationship (ownership or compensation). It also prohibits the entity from filing claims with Medicare or Medicaid for those referred DHS, unless the financial relationship complies with an exception to the Stark Law.”
New value-based exceptions
New exceptions under Stark allow for physicians to refer Medicare/Medicaid patients to entities they have a financial relationship with and that are part of a value-based program, in some cases. Additionally, the physician may receive remuneration, such as cost savings payments, so long as the requirements of the new exception are met.
According to Casale, “The Stark value-based rules cover both cash and in-kind remuneration and do not include the term ‘Fair Market Value’.” These rules have a number of requirements, but those requirements decrease as the value-based physician participants assume more financial risk. The greatest flexibility is when the physician participants agree to assume full financial risk. (This includes capitation and global budget payment arrangements.) The requirements increase if the physician participants assume only “meaningful” financial risk. (The physician is responsible to repay or forego no less than 10 percent of the total value of the remuneration the physician receives under the value-based arrangement.) The requirements are greatest where the physicians are not at financial risk.
“The Stark value-based rules are a significant improvement,” Casale said. “But they do leave a number of questions unanswered.” They also differ markedly from the OIG’s value-based safe harbor regulations that were published the same day, especially where the physicians are not at financial risk. Here the OIG only provides safe harbor protection for in-kind remuneration while the Stark rules permit both cash and in-kind remuneration.
“So while the Stark rules provide guidance and significant flexibility,” Casale said, “providers need to also consider the OIG’s much more narrow view of value-based arrangements.”
Rules related to Stark and anti-kickback legislation have been evolving for decades. These recent changes reflect an effort to add greater flexibility with value-based care and help keep the law responsive to current business practices in healthcare.
How is your healthcare system adapting to keep up with changes to rules from the Stark Law and other fluid regulations? Read more about how YouCompli can help you stay on top of regulatory changes or schedule a demo.
Subscribe to receive updates from YouCompli
Patients and providers alike flocked to telehealth in 2020. Before the COVID-19 pandemic began, fewer than one percent of Medicare primary care visits (PCV) were conducted via telehealth. By April 2020 that number had risen to 43 percent. (See the data.)
This spike was in response to fear of spreading the virus, of course. But it was only possible because healthcare organizations worked so hard to adjust to meet the ongoing patient needs. The federal government helped by announcing a public health emergency that eased key rules.
Compliance professionals worked across their organizations to make sure that everyone understood and complied with documentation, coding and confidentiality requirements. For example, compliance professionals collaborated with clinical teams to ensure telehealth workflows were HIPAA compliant. And, given the potential for abuse and scrutiny, providers who bill Medicare/CMS took extra care to document visits properly.
Telehealth has been hugely popular with patients and has led to better visit compliance, particularly for uninsured and underinsured populations. Telehealth has improved patient care by allowing convenient appointments from the comfort of home via a smartphone, tablet, or computer. Another benefit is that telehealth has the potential to expand health care access to underserved populations by eliminating traditional barriers to care such as transportation needs, distance from specialty providers, and approved time off from work. These visits were essential for patients with limited mobility. And of course, there’s the most immediate and urgent benefit of telehealth: reducing the spread of COVID-19 by limiting person-to person-contact.
The work for the Compliance team and colleagues across the organization was significant. They had to determine how to maintain confidentiality, obtain consent, and determine proper billing codes. Despite the enormity of this task, the effort seems to be worth it. Patients are reporting that telehealth helps them take better care of themselves. According to Medical Economics:
- 93% of patients would use telehealth to manage prescriptions, and
- 91% shared telehealth would help them stick to appointments, manage prescriptions and refills, and follow wellness recommendations.
Providers seem to feel that they have worked through a lot of the challenges of telehealth compliance, especially when internet connections are stable. Nicole Craig is a Family Nurse Practitioner at Children’s Rehabilitative Services in Phoenix. She says compliance guidance helps providers “know what has to be documented in the chart to protect ourselves from things such as improper billing and coding.” And, “in 2021 the billing is now different. Getting help from Compliance allows providers to bill time-based care. We have to understand the billing rules and compliance factors in order to follow them, especially during telehealth visits.”
For most PCVs, telehealth proved to be an efficient way to provide care. This method limited in-person visits to those instances where the patient needed a hands-on physical assessment or diagnostic testing.
Isabella Porter, JD, director of Compliance at District Medical Group, Inc., is confident that 2020 created a rebirth of telehealth. She also sees a new appreciation of this method of care delivery which healthcare will not abandon once the pandemic is deemed “over.” And she knows that her team will be a big part of her organization’s success. “I do believe that in the context of telemedicine during COVID-19, our Compliance department’s assistance with telehealth workflows lead to overall better patient outcomes during the pandemic,” she said.
It’s a good thing. While concern about the coronavirus will recede, providers and patients alike will want to continue some telehealth visits. Healthcare leaders will work collaboratively to ensure their organizations can continue to offer this important option.
Keep on top of regulations affecting telehealth and make sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more.
Subscribe to receive updates from YouCompli
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Telehealth is almost as old as the telephone itself. In 1879 – just three years after Bell patented the telephone – an article in Lancet described the concept and advocated its adoption.
A law that’s even older can trigger many telehealth audits today. The 1863 False Claims Act (FCA) was enacted to keep profiteering contractors from defrauding the Union army. It can trigger serious problems for hospitals that don’t take proactive steps to make sure their telehealth practices are audit-proof.
That’s because the 2010 Affordable Care Act updated the FCA to make healthcare providers liable for “retention of any overpayments” from Medicare and Medicaid. This even includes overpayments resulting from accident or error. Indexing penalties for inflation each year, a requirement added in 2015, increased hospital liabilities. This puts liabilities at three times the amount of the overpayment(s) plus $11,803 to $23,607 for each instance. (Some 29 states and the District of Columbia have additional False Claim laws.)
These laws’ implications and requirements touch every part of the hospital. Keeping the whole organization in compliance means that all departments have to work together.
New laws, new regs, new worries for telehealth
Even before COVID, the government audited claims from what was then a smaller, rural telehealth system. Regulators found a trend of incorrect payments to doctors outside rural areas, who were therefore ineligible to receive them.
Telehealth is on the latest Office of the Inspector General (OIG) work plan, too. The OIG will be addressing remote patient monitoring by telehealth as an area of concern.
The public health emergency, with its series of 90-day waivers, made it possible for telehealth to grow so fast. Now, as the COVID emergency ebbs, Congress is considering making its current, expanded status permanent. (Two bills were introduced in May. One would enable audio-only telehealth services for Medicare enrollee. The other would expand telehealth for Medicaid and Children’s Health Insurance Programs.)
That’s good. But with laws come regulations covering acceptable types, locations and forms of delivery of telehealth services. And with regulations come scrutiny and audits. That can create challenges, especially with the specter of FCA liability in the background.
The best way to cope with audits is to prevent the need for them in the first place. Here are six steps to follow:
- Know what you’re up against. Keep up to date with all the developing federal and state regulations, waivers, and other requirements. That in itself can take up most, if not all, of your personal and your compliance team’s time.
Related: Find out how a team of expert compliance professionals and a nationally respected law firm track and analyze the latest regulatory changes, keep you updated, and give you actionable ways to adapt your process.
- Inventory your waivers. Which waivers do you rely on, in which departments and facilities? Do the providers and staff that they apply to know about them? And who makes sure the requirements are met and documents it?
- Check your records. One of the biggest causes of noncompliance isn’t malice. It’s error. Did an accidental typo in Coding result in an incorrect claim? Does everyone in Billing know which states require what reimbursement levels for telehealth services? Are certain telehealth records missing? Who’s responsible for keeping the signed doctors’ orders and documents that establish medical necessity? Do patients and services meet billing guidelines? Do you have a telehealth compliance policy? Does it need changing? Start conducting spot-checks to find out.
Related: Find out about state requirements for telehealth billing.
- Audit your process. Another big cause of noncompliance is miscommunication – particularly the assumption that someone else is taking care of something. So put together an internal audit team, with each department represented. That way, each can learn from the other. Hold an entrance conference to highlight what you learned from your spot checks, define the internal audit’s scope, set expectations, and assign specific tasks and timelines.
- Fix whatever’s broken. Reconvene the internal audit team and communicate the findings. Together, use that input to find opportunities to correct or cure what’s wrong in your process. Then, create a Corrective Action Plan (CAP) that will include needed education, training, policy, and process changes. Monitor your CAP over time, to see how it’s working and to spot anything else that needs fixing.
- Rebill and repay. If your internal audit and CAP were successful, you’ll have discovered missing or insufficient documentation. Report it. You may have also have found instances of incorrect payments. Rebill and repay. Yes, it will cost your hospital money. But not nearly as much as a full-blown government audit. A Department of Justice investigation could end up costing you time, legal fees, and FCA triple damages.
Patient demand for telehealth isn’t going away. Neither are the costs of noncompliance with telehealth regulations. As the public health emergency expires, fines from regulators and denial of claims from payers are sure to add up. The best way for your healthcare organization to solve these potentially massive financial problems is to work together to prevent them. Proactively partnering with colleagues in all relevant departments, your compliance team can lead the efforts to identify and fix issues before they become major problems. That way, you’ll be able to provide the telehealth services patients want in compliance with what the regulations demand.
It’s a big effort to keep your compliance champions connected and communicating. See how YouCompli can help you manage the rollout of new regulations and verify best efforts to regulators and your board. YouCompli is the only healthcare compliance software combining actionable regulatory analysis with a simple SaaS workflow.