When the first laboratory-confirmed COVID-19 case was reported by the CDC on Jan. 22, 2020, it was difficult to predict that an ensuing global pandemic would last for more than half the year, with no clear end in sight. Approximately one week after the initial CDC report, the U.S. Department of Health and Human Services (HHS) declared a public health emergency, followed by the national emergency declaration in March. Together, these COVID-19 emergency declarations set in motion an array of regulatory waivers and emergency funding for healthcare providers that was largely unprecedented in modern times.
Although these emergency measures were implemented with good intentions for the public and healthcare community at large, providers must be prepared for audits in several overlapping areas due to their corresponding risks for fraud and abuse.
CARES Act Provider Relief Funds
The Coronavirus Aid, Relief, and Economic Security (CARES) Act was signed into law on March 27, 2020, allocating more than $100 billion in funding for eligible providers in their medical response to COVID-19. The Paycheck Protection Program and Health Care Enhancement Act followed, adding an additional $75 billion to this provider relief fund (PRF).
These emergency funds were distributed to certain providers by the HHS beginning in April 2020. The PRF payments are separated into general, targeted, and uninsured distribution categories. Providers are required to attest to compliance with certain terms and conditions before they can accept the funds. If a provider retains the funds without an affirmative attestation, the HHS deems that to be an attestation to comply with the PRF’s terms and conditions.
Each PRF payment has its own terms and conditions, with common requirements for recipients to use the funds as reimbursement only for healthcare-related expenses or lost revenue attributable to COVID-19; to maintain and submit documents (as required or upon request) sufficient to demonstrate that the funds were used properly; to abstain from balance billing any COVID-19-related treatment, or any uninsured patient for whom the provider seeks reimbursement for COVID-19-related treatment; to not seek collection of out-of-pocket payments from a presumptive or actual COVID-19 patient greater than what the patient would have otherwise been required to pay if the care had been provided by an in-network provider; and to maintain all records for at least three years from the final date of fund expenditure.
Although emergency measures were implemented with good intentions for the public and the healthcare community at large, providers must be prepared for audits in several overlapping areas due to their corresponding risks for fraud and abuse.
The terms and conditions expressly state: “Recipient acknowledges that the Recipient’s full compliance with all Terms and Conditions is material to the Secretary’s decision to disburse funds to the Recipient. Non-compliance with any Term or Condition is grounds for the Secretary to recoup some or all of the payments made.” This language is critical because it sets up false claims liability for fund recipients who don’t comply with the terms and conditions.
The terms and conditions also indicate that provider–recipients of these funds must promptly submit records and cost documentation upon HHS request and fully cooperate with audits by the HHS, the Office of the Inspector General (OIG), or the Pandemic Response Accountability Committee. On June 30, 2020, HHS warned that significant anti-fraud monitoring of the funds would occur and that OIG would provide oversight to ensure the funds were used appropriately.
HHS has noted forthcoming reporting requirements and instructions for general and targeted distribution payments exceeding $10,000. An online reporting system is expected to open on Jan. 15, 2021. In addition, HHS has indicated varying audit requirements for recipients of annual federal awards exceeding $750,000.
Best Practices: Although many guidelines have been relaxed and waivers implemented during this public health emergency, it’s strongly recommended that providers maintain supporting documentation for the use of these funds. Providers should:
- Separate each type of relief fund payment into its own account to track expenses;
- Review specific requirements for each relief fund payment’s terms and conditions;
- Create digital and/or paper files for each relief fund payment and related services;
- Assign a point person or accountant to conduct preliminary or random reviews of patient records and document relief fund payment expenditures; and
- Consult with an attorney to review records and ensure compliance with all requirements.
Waivers and Flexibility
Starting in March 2020, HHS and CMS released numerous blanket waivers and emergency flexibility for healthcare providers during the COVID-19 public health emergency. These include:
- CMS provider/practitioner cross-state practice and relaxed enrollment requirements;
- CMS reductions in certain paperwork, record documentation, and signature requirements;
- CMS waivers for various Stark law (prohibiting physician self-referrals) arrangement sanctions;
- CMS physician supervision flexibility for certain procedures and practitioners; and
- CMS Medicare fee-for-service (FFS) flexibility for physician and hospital services.
CMS clearly stated its focus on maintaining oversight for activities occurring during the public health emergency and will continue to monitor for accurate billing practices by coordinating with state survey agencies, OIG, and the U.S. Government Accountability Office. The OIG similarly announced in June 2020 that it would increase its focus on reviewing provider claims related to COVID-19 add-on testing due to the potential for fraud and abuse that may result from CMS waivers for provider ordering of COVID-19 tests.
In late March 2020, CMS suspended most Medicare FFS medical reviews, including for pre-payment medical reviews conducted by Medicare administrative contractors (MACs) under the Targeted Probe and Educate program, as well as post-payment reviews conducted by MACs, supplemental medical review contractors, and recovery audit contractors. In July, CMS indicated its intent to discontinue this enforcement discretion beginning Aug. 3, 2020, regardless of the public health emergency status. On Aug. 4, 2020, CMS posted a physician fee schedule proposed rule in the Federal Register soliciting comments on extending or enshrining some temporary changes.
Providers should prepare a compliance plan to transition public health emergency waiver activities back to standard practices at the official end of the public health emergency.
Best Practices: Providers should prepare a compliance plan to transition public health emergency waiver activities back to standard practices at the official end of the public health emergency, maintain thorough documentation of all public health emergency services, and promptly conduct a preliminary review of all claims submitted directly following the end of the public health emergency.
If selected for an FFS review of public health emergency-related claims, providers should discuss with their MAC any COVID-19-related hardships they have experienced that could affect audit response times. Providers should likewise contact an attorney to examine any letters or notices of claims potentially selected for review to best prepare for possible appeals or other adverse actions.
Telemedicine and Telehealth Services
The COVID-19 pandemic has vastly accelerated the use of telehealth. This particular area of healthcare is extraordinarily ripe for audit activity due to the sharp increase in its use and the potential for errors in coding and billing applied to the wide range of new services and waivers, and also for differences in government and commercial payer coverage and reimbursement. The primary changes in public health emergency telemedicine include:
- State and CMS waivers that permit interstate practice and additional types of authorized providers;
- HIPAA enforcement discretion for use of certain non-public-facing audio or video communication products;
- DEA waiver of in-person evaluation for remote prescribing of certain controlled substances;
- OIG flexibility for providers to reduce or waive beneficiary cost sharing;
- CMS flexibilities allowing both provider and patient remote or at-home service locations;
- CMS flexibility to allow audio-only services;
- CMS waivers extending many services to new patients; and
- CMS waivers increasing reimbursement for virtual patient visits.
Providers should anticipate rigorous review of telemedicine services at the state and federal levels. OIG noted in June and July 2020 that it intends to review Medicare and Medicaid telehealth activity and reimbursement during the COVID-19 public health emergency. The OIG isn’t alone in its interest in suspected telehealth fraud and abuse; CMS and other federal and state agencies will likely engage in audits.
Best Practices: Providers who used or increased telemedicine and telehealth services during the public health emergency should consider conducting internal and external compliance checks for specific billing and coding practices, developing or enhancing compliance programs and policies for continued virtual service documentation, and requiring training or updated policy review for clinicians and coding staff prior to submitting future claims.
Steven M. Harris, Esq., is a nationally recognized healthcare attorney with McDonald Hopkins LLC. Contact him at email@example.com.
Reprinted with permission from the American College of Rheumatology.