Avoiding Healthcare & Insurance Issues
Before we can show you how to turn your practice into a Fortress and an Engine in the next Lesson, we have to show you what to avoid in your practice so that you don’t cause any insurmountable financial damage to yourself or your practice. In addition to personal lawsuits, Doc-tors need to worry about business issues as well. This is consistent with our previous discussions about the “business of medicine.”
Many physicians have a false sense of security and believe that malpractice insurance will protect them from lawsuits. We agree with you that a medical malpractice claim is not “likely” to result in a significant depletion of your estate. However, if you go to trial and lose, you could be in serious financial trouble. According to Current Award Trends in Personal Injury (Copyright 2007), half of all jury awards for medical malpractice claims in 2005 exceeded $1,184,000. The average medical malpractice jury award in 2005 was $3,830,000. If you consider that most doctors carry $1 million of per occurrence medical malpractice liability insurance, half the doctors who lose a judgment will be out at least $200,000 and the average personal loss from a judgment will exceed $2.8 million of the doctor’s own money (after insurance has paid its limits).
In addition to medical malpractice threats, there are unexpected risks that carry an even higher likelihood of causing asset depletion. As a Doctor, business issues include liability for your business as well as liability that may result from regulatory issues and administrative investigations (i.e., OPMC, HCFA, Stark, HIPAA, OIG, etc.) and contract issues (i.e., Medicare Medicaid Fraud investigations, over-billing claims, and refund audits from insurance companies). These types of claims are increasingly overshadowing the threat of medical malpractice because, unlike malpractice risks, they are usually not covered by insurance, leaving the physician to privately fund the defense costs out of pocket. In addition, mistakes in regulatory issues can even land a Doctor in jail. No other risks in this book carry such a serious threat.
In this chapter, we will discuss some of the specific healthcare and insurance related risks, explain how they can be avoided, and offer suggestions on how to protect yourself from mistakes that may occur even when you do your best to avoid them.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was originally en-acted to enhance (not guarantee) certain health care insurance coverage for Americans. HIPAA also creates a national, standardized set of rules for maintaining (security) and protecting (confi-dential) patient medical information known as PHI (Protected Health Information). The failure to institute a good faith and reasonable office compliance program, to provide privacy notice to patients concerning their rights, to protect against the unauthorized release of confidential records and implement security safeguards for data in transit and maintained in the office could potentially place physician owners, their employees (including administrative office staff) and even business associates at grave risk for monetary fines and even criminal penalties for the unauthorized disclosure of PHI which is enforced by the OCR. Such penalties and sanctions could include civil penalties and fines for each violation ($100 per violation with a maximum penalty of $25,000/year for identical penalties) and for intentional violations of the law could even include criminal penalties (i.e. fines between $50,000—$250,000 and imprisonment terms from 1 to 10 years).
A key operational element in the business of medicine is the process of billing, coding and collecting professional fees from insurance companies. In some cases the payers are insurance companies and in other cases, the payers may be Medicare or Medicaid. Aside from the United States tax code (which we will call the most complex system of rules in the history of mankind in Lesson #7), the Medicare coding system may be the most complex system of rules ever created.
Despite best efforts to train administrative staff, medical offices are regularly audited by insurance companies, Medicare and Medicaid. These audits routinely result in claims of over-billing. Many Doctors fight a losing battle against the large insurance companies (and their teams of attorneys) and ultimately have to surrender funds they previously collected for services rendered. Unfortunately, when the audit comes from Medicare or Medicaid, Doctors have more to lose than just money. A Doctor found guilty of Medicare fraud can actually go to jail. Because of the significant costs resulting from both Medicare fraud and commercial insurance carrier audits, we will examine them both separately.
Anyone who provides, or receives, healthcare services, could commit Medicare fraud. Fraud is defined as an intentional deception or misrepresentation that someone makes, knowing it is false, that could result in the payment of some unauthorized benefit. Abuse, on the other hand, involves actions that are inconsistent with sound medical, business, or fiscal practices. Abuse di-rectly or indirectly results in higher costs to the Medicare program through improper payments that are not medically necessary. In the eyes of investigators, fraud and abuse both have the same effect. They steal valuable resources from the Medicare Trust Fund that would otherwise be used to provide benefits to Medicare recipients.
The federal law enforcement agency responsible for investigating Medicare fraud is the Department of Health and Human Services, Office of Inspector General (HHS-OIG). In some cases, HHS-OIG may involve other agencies, such as the Federal Bureau of Investigation (FBI), the Internal Revenue Service (IRS), or the Postal Inspection Service.
Many complaints are simply misunderstandings or billing errors and can be resolved fairly easily. Some complaints help identify abusive billing practices. The Medicare contractor will educate the health care provider, collect any overpayment, and then follow up to make sure the provider does not make the same mistake again. Other complaints involve Medicare fraud. These cases often require long, complex investigations by federal law enforcement agencies.
The U.S. Attorney General’s office targets health care providers for civil and/or criminal prosecution. Some of the penalties for someone convicted of Medicare fraud are listed below.
· The False Claims Act provides fines up to $10,000, treble damages, and up to five years in prison.
· The Anti-Kickback provisions of the Social Security Act provide for fines of up to $25,000, and up to five years in prison.
· Civil monetary penalties provide for fines up to $50,000 and treble damages.
· RICO—the Racketeering Influenced and Corrupt Organization Act—has recently been used in Medicare fraud cases. Those convicted criminally can get prison terms of up to 20 years. Civil conviction under RICO provides for asset forfeiture.
· The Health Insurance Portability and Accountability Act, often called Kasse-baum-Kennedy, created a new crime called Health Care Fraud. This crime allows up to 10 years in prison, or up to 20 years if serious bodily injury results, or up to life in prison if death occurs.
· In addition to these penalties, the Department of Health Services can also exclude a health care provider from the Medicare system.
Commercial Carrier Audits
The practice of medicine has undergone a transformation with the advent of managed care healthcare delivery. Physicians need to be cognizant of the coding and billing requirements set forth by third party insurers for services rendered to ensure that their documentation satisfies the level of services provided. Managed Care organizations have recouped millions of dollars in refunds from providers who are unable to justify the level of services provided.
What physicians should realize is that a health insurer’s fundamental existence and financial success require detailed analyses of each provider’s practice patterns using information management systems that cost millions of dollars. Insurance companies make huge financial and personnel commitments to information technology over-utilization within the medical services industry.
As a result, carriers have extensive data banks that report the frequency with which each participating physician bills a particular CPT code and how that compares on a percentage basis with CPT codes billed by providers serving a similar patient population. The third party payers generate practice profiles by gathering data indicating how often a physician performs specific procedures (e.g., colonoscopy), where (s)he performs those procedures (e.g., in or out of a hospital setting), and what CPT code the physician assigns to that procedure.
All the while, insurers are comparing each physician’s practice profile to other providers. Additionally, insurers maintain data banks that compare how often a provider orders laboratory tests and which tests they order and, similarly, generate provider profiles based on this information.
Once the insurer determines that a physician or a group of physicians has billing/coding patterns that deviate from a calculated norm, the insurer will, in all likelihood, commence an expanded investigation. Unfortunately, physicians usually are unaware that their billing patterns deviate from such a norm until the insurer initiates an expanded investigation. As a result, physicians have little opportunity to amend their coding and billing practices and often are completely surprised when learning they are the subject of an insurance audit.
Each state has set up, through its Department of Health, a licensure division that has jurisdiction to investigate and prosecute matters that are perceived to be indicative of professional misconduct. This prosecution can result in sanction to a professional’s medical license. Unlike a civil proceeding where a physician can be sued for monetary damages and would be normally insured to cover damages and defense costs, most physicians don’t have insurance to protect against the cost of this potentially costly administrative proceeding.
Investigators have a number of tools at their disposal to obtain information after a com¬plaint is received. These include obtaining medical records, obtaining other documents pursuant to subpoena issued by the Board (such as hospital quality assurance or personnel files of the physician under investigation), interviewing witnesses, colleagues, and the physician under investigation (if he/she consents), reviewing a database of the malpractice history of the physician under investigation, and surveillance in limited instances.
When clinical issues are the basis of the complaint, the physician’s office records and hospital records will be reviewed to determine whether there is any basis to conclude that professional misconduct has occurred. Investigators will routinely review a physician’s hospital quality assurance files to determine whether the physician under investigation has other cases that might create a pattern of deficient conduct.
As an example, in 2004 the California Medical Board launched a public database informing consumers of unsubstantiated accusations of professional misconduct. With just a few keystrokes, a potential patient can learn whether a Doctor has been accused of negligence, regardless of whether there was an actual finding of negligence. According to a San Diego Union-Tribune article, “The board started posting accusations and other disciplinary actions on the Internet this week as a part of a program to make its records more accessible. So far, 327 documents regarding about two dozen Doctors have been posted, including an accusation against psychiatrist Richard Seigle, who once practiced in Carlsbad. The details in his case and in the others were filed in administrative law court and are available online. Within a year, board officials hope to have 15,000 documents online, covering license revocations and letters of reprimand involving thousands of Doctors licensed in California.”
Note that the website would not clarify which settlements were made because of an error or omission in the practice of medicine and which were settled simply because it was legally advisable due to financial reasons or if the E&O carrier simply refused to litigate.
In addition, the California Medical Board (CMB) provides an online database of Public Enforcement Documents (http://www.mbc.ca.gov), containing scanned, public record documents relating to administrative actions taken by the Board against licensed and unlicensed individuals. There is a disclaimer by the Medical Board denying any guarantee that any of the information they provide is correct and they will include accusations that may or may not be substantiated, yet they are not responsible for the use or results of making the information generally available to the public.
Further, in response to consumer-advocate groups, changes are afoot in the area of investigations of CMB complaints. Currently, professional misconduct cases are usually sent to an investigator employed directly by the board. The investigator compiles the information on a case, and then turns it over to a deputy attorney general (DAG), who may then bring a case against the professional in question. The Center for Public Interest Law (CPIL) wants to move several classes of specialized investigators into the Attorney Generals’ office and have them work directly with the DAG while they build a case. This would purportedly result in investigators gathering “more useful information”, consumer advocates contend, but may have the effect of taking away the Board’s autonomy and involvement in determining how best to investigate and discipline Doctor licensing complaints. A bill passed by the California legislature in June 2008 will have the effect of directing the California Medical Board towards this vertical enforcement model.
Stark, Stark II and Stark III
On March 26, 2004, the government released the latest version of that hydra-headed monster known as Stark II in an effort to clarify the original vaguely worded language. But the new, more precisely worded language may be more troubling for Doctors who now find it harder to meet the tougher updated standards. In addition, most states, including California, also have laws prohibiting self-referral. Typically, these laws apply to Medicaid (Medi-Cal in California), state health and workers’ compensation plans, and to private health plans.
For something as complex and sprawling as Stark, its basic message is fairly simple: You can’t refer Medicare or Medicaid patients for certain services that you—or an immediate family member—have a financial relationship to unless an exception applies. If you ignore the basic Stark prohibition, and then bill CMS for those designated health services, you may be subject to civil monetary penalties of up to $15,000 for each service plus twice the reimbursement claimed, and may be excluded from participating in Medicare and Medicaid.
As a professional, you certainly want to do everything possible to avoid these various threats. This will require you to become more educated on the issues at hand, consult an expert, and possibly change your behavior to reduce risk. Even after taking all of those steps, you will still need to prepare for inevitable mistakes. We will examine each of these steps now.
Step 1: Educate Yourself
More often than not, mistakes are unintentional. Doctors often make mistakes because they were unaware of the issues and how to manage them. It is important for you to continue to read your professional journals, attend the seminars offered by your association, and send your administrative staff to the appropriate programs. In addition, you should consider reading our other recent book for physicians.
Risk Management for the Practicing Physician©, from Guardian Publishing, is accredited for four hours of Category I CME Credit in Risk Management for all specialties in all 50 states. Co-written by a practicing physician, an attorney and a financial advisor, this 99-page monograph includes chapters on: providing care in today’s malpractice environment, liability and the doctor-patient relationship, managing diagnosis-related liability, minimizing risks of miscommunication, managing high risk communication areas, managing the dangers of drug therapy, non-medical liability risks for the practicing physician, and liability in the new health care delivery system.
You can purchase this book by using the tear away discounted order form in the Appendix of this book or you can go to www.forcaliforniadoctors.com and order the book online.
Step 2: Find An Expert To Help You
No matter how much effort you make to understand the rules, it is unlikely you will be able to stay abreast of all of the developments and changes while trying to practice medicine and run a busy practice. There are law firms who have teams of people studying the latest legislative changes. In some cases, these firms are involved in lobbying for and drafting legislation. It is in every Doctor’s best interest to have a healthcare attorney on retainer. When you understand that any mistake you may make could result in civil and/or criminal penalties, you will recognize the importance of having an expert on your team to give you advice on every element of your practice’s operations.
Step 3: Change Your Behavior
After reading Risk Management for the Practicing Physician©, attending all of the appropriate seminars, and consulting with your healthcare attorney, you are likely to identify a number of areas where you should make changes to reduce your risk. These changes may include creating an effective confidentiality and security compliance program to help avoid the penalties and sanctions that apply for noncompliant programs (with respect to HIPAA). You may need to change your referral process to comply with Stark. You may have to hire additional staff or a specialty consulting firm to make sure you are properly billing and coding so that you avoid claims of over-billing. This may help protect you from having to pay to defend yourself in Medicare fraud or insurance company audits.
Step 4: Prepare For Inevitable Mistakes
Once you have made all the changes to your operations that were suggested by Risk Management for the Practicing Physician©, your healthcare attorney, and your practice consultants, you will be much less likely to be sued. However, accidents and mistakes happen. When they do, you need to be protected.
The first step to protecting assets is structuring your practice properly. If your practice is not structured properly, mistakes by you or anyone working at your practice could lead to losses of personal and practice assets. Lesson #5 will explain the core strategies that you should adopt at the practice level.
The second step is to employ all of the personal asset protection techniques offered in Lesson #6. In many healthcare law claims, the Doctors can be found personally liable for the judgments even if they have a corporation. For this reason, you need to protect personal assets—most effectively by using exempt assets (see Chapter 5-6).
The third step to protect assets from healthcare lawsuits is to consult with a healthcare attorney. Any significant change to the structure or operation of your practice—like creating an agreement between Doctors, opening a new practice location, or making structural changes to your business—you should begin by consulting a healthcare attorney. It is also a wise strategy to execute a practice audit every 12 to 24 months. This review will help save you unnecessary fines and fees and keep you out of jail. Can you think of any better goals than those?
In medical school, you learned about anatomy and about practicing the clinical side of medicine. When you got into private practice, you had to figure out that you were also a business owner and learn to negotiate what can often be a dangerous business landscape. As a successful Doctor, you have all of the clinical risks of being a Doctor, all of the risks of being an employer AND the specific risks of Healthcare law that only apply to medical practices. Compounded and navigated without proper consultation, these risks can cost you a great deal of money or even time served in jail.
Unless you don’t care about money and you don’t mind going to jail, you must take these risks very seriously. By educating yourself and by hiring specialists (see Lesson #3) to assist you, you can effectively manage these risks so that you can worry less and enjoy your practice more. In the next Chapter, we will discuss the other employment issues that weren’t taught to you in medical school or residency.