Evolving compliance laws require careful review
Tricky regulations stir up questions about what constitutes overpayment and when disclosure is needed
If there is insufficient address information for the individual, you also must post the breach on your Web site or publish it with major print or broadcast media. Additionally, you must notify the secretary of Health and Human Services (HHS).
If the breach involves more than 500 individuals, the notice must be sent immediately to HHS and will be posted on the HHS Web site. If the breach concerns fewer than 500 individuals, then you may submit an annual log of the breach with all other breaches you may have experienced in that year.
Perhaps the most significant disclosure requirement facing providers today is when to disclose overpayments, wrongful billing, noncompliance, or fraud of the Medicare and Medicaid programs, including the wrongful employment of excluded persons, and the anti-kickback statute and physician anti-referral laws (Stark laws). Due to the evolving nature of these laws, providers and compliance officers are challenged every day to determine when and to where to disclose noncompliance.
OVERPAYMENT GRAY AREA
For example, the 1998 OIG SDP set forth how to disclose a problem with Medicare billing that is significant enough to be a violation of the law. The question remains as to the gray area between what constitutes an overpayment and when a matter requires self-disclosure. To further complicate the matter, the OIG in 2006 and 2008 encouraged providers to use self-disclosure protocol (SDP) for Stark violations.
However, in 2009, the OIG stated that the SDP should only be used for a Stark violation if there is also an anti-kickback violation. There appears to be no formal process for disclosing Stark violations, which do not have an anti-kickback violation. Government representatives recently suggested at a national conference that these claims can be brought to your U.S. Attorney. Unlike the SDP, there is no protocol to assist a provider with the process and the possible outcomes related to self-disclosure.
If you become aware of a breach of privacy or any of the billing regulations, including fraud and abuse and Stark, evaluate all of your options regarding disclosure. Always conduct a thorough investigation and audit of the situation under the attorney/client privilege in order to fully assess the penalties that may be imposed. Research any possible laws, rules, regulations, or guidance that might help your position concerning perceived noncompliance.
Anthea R. Daniels is a Calfee, Halter & Griswold LLP partner.
Is Journavx a Step Forward In Pain Management or a Repeat of Past Mistakes?
March 25th 2025In a Q&A with Josef Witt-Doerring, M.D., former FDA medical officer in the division of psychiatry and the founder and CEO of TaperClinic, he shares the potential benefits and risks of the alternative non-opioid pain medication, expressing that while it could help cut down on opioid use, its long-term impact is unclear.
Read More
Breaking Down Health Plans, HSAs, AI With Paul Fronstin of EBRI
November 19th 2024Featured in this latest episode of Tuning In to the C-Suite podcast is Paul Fronstin, director of health benefits research at EBRI, who shed light on the evolving landscape of health benefits with editors of Managed Healthcare Executive.
Listen
In this latest episode of Tuning In to the C-Suite podcast, Briana Contreras, an editor with MHE had the pleasure of meeting Loren McCaghy, director of consulting, health and consumer engagement and product insight at Accenture, to discuss the organization's latest report on U.S. consumers switching healthcare providers and insurance payers.
Listen
