Tricky regulations stir up questions about what constitutes overpayment and when disclosure is needed
If there is insufficient address information for the individual, you also must post the breach on your Web site or publish it with major print or broadcast media. Additionally, you must notify the secretary of Health and Human Services (HHS).
If the breach involves more than 500 individuals, the notice must be sent immediately to HHS and will be posted on the HHS Web site. If the breach concerns fewer than 500 individuals, then you may submit an annual log of the breach with all other breaches you may have experienced in that year.
Perhaps the most significant disclosure requirement facing providers today is when to disclose overpayments, wrongful billing, noncompliance, or fraud of the Medicare and Medicaid programs, including the wrongful employment of excluded persons, and the anti-kickback statute and physician anti-referral laws (Stark laws). Due to the evolving nature of these laws, providers and compliance officers are challenged every day to determine when and to where to disclose noncompliance.
OVERPAYMENT GRAY AREA
For example, the 1998 OIG SDP set forth how to disclose a problem with Medicare billing that is significant enough to be a violation of the law. The question remains as to the gray area between what constitutes an overpayment and when a matter requires self-disclosure. To further complicate the matter, the OIG in 2006 and 2008 encouraged providers to use self-disclosure protocol (SDP) for Stark violations.
However, in 2009, the OIG stated that the SDP should only be used for a Stark violation if there is also an anti-kickback violation. There appears to be no formal process for disclosing Stark violations, which do not have an anti-kickback violation. Government representatives recently suggested at a national conference that these claims can be brought to your U.S. Attorney. Unlike the SDP, there is no protocol to assist a provider with the process and the possible outcomes related to self-disclosure.
If you become aware of a breach of privacy or any of the billing regulations, including fraud and abuse and Stark, evaluate all of your options regarding disclosure. Always conduct a thorough investigation and audit of the situation under the attorney/client privilege in order to fully assess the penalties that may be imposed. Research any possible laws, rules, regulations, or guidance that might help your position concerning perceived noncompliance.
Anthea R. Daniels is a Calfee, Halter & Griswold LLP partner.
Briana Contreras, an editor of Managed Healthcare Executive, spoke with Fred Turner, CEO of Curative, in this month’s episode about the challenges middle-class Americans face in dealing with medical debt, exploring the causes behind it and the impact on overall health.
Listen
Bridging the Diversity Gap in Rare Disease Clinical Trials with Harsha Rajasimha of IndoUSrare
November 8th 2023Briana Contreras, an editor with Managed Healthcare Executive, spoke with Harsha Rajasimha, MD, founder and executive chairman of IndoUSrare, in this month's episode of Tuning in to the C-Suite podcast. The conversation was about how the disparity in diversity and ethnicity in rare disease clinical trials in the U.S. has led to gaps in understanding diseases and conditions, jeopardizing universal health, and increasing the economic burden of healthcare.
Listen