Site moved to, redirecting in 1 second...

5 posts categorized "Oxygen"

December 28, 2009

Health Reform: What's a Provider to Do?

What should health care providers be doing in anticipation of the likely passage of an historic health reform bill?  There are at least three possibilities: (1) Lament the passing of the good old days and oppose it; (2) Insist that it isn't good enough because it is lacking some key provision (tort reform; SGR replacement; robust public option); or (3) Embrace it, because incrementalism works, and prepare for what's coming down the pike.

As you may guess, I would recommend taking the third approach, which requires focused preparation for the road that lies ahead.  So, what is a provider to do?

In the future, there will be pilots, demonstrations and mainstream programs trying to do more with less: providing health insurance and health care services to more people, with effectively fewer dollars per capita.  Payors -- be they public sector or private sector -- will therefore be squeezing providers.  The House and Senate versions of the health reform bill are equally clear on this point.  Providers therefore need to be proactive in preparing themselves to provide high-quality health care services at competitive rates.Instead of simply resigning themselves to negotiating percentage discounts off of current rates of payment, all providers need to be prepared to negotiate global payments, pay for performance deals, quality incentives and more -- as some forward-thinking provider organizations have been doing for some years now.

In order to be able to negotiate these terms effectively, providers must have a good handle on their own cost structure, and must begin to work at developing broader alliances of providers so as to be better positioned for negotiations with public and private payors.

In my years of experience in working with health care providers at that moment -- the point in time when folks with otherwise disparate interests realize the tremendous value of working together effectively in order to simultaneously promote better clinical outcomes for patients and better financial outcomes for providers -- I am always heartened by the epiphanies of the providers who realize that a new approach, or a new structure, can take them beyond their historical, positional, sometimes defensive attitudes, and into a future that they are able to shape and help define.

I look forward to working with more providers and provider organizations at this critical juncture so that they can be prepared for the future that will soon be upon us, and so that they can have a hand in crafting that future.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

July 15, 2009

Red Flags Rule: The FTC piles on, because HIPAA, ARRA and overlapping state laws just weren't enough

Update 5/28/10:  Red Flags? Nah ... nothin' but blue skies.  The FTC delays implementation of the Red Flags Rule yet again, to December 31.

Update 11/3/09:  The FTC announced that implementation of the Red Flags Rule will be delayed once more, this time until June 1, 2010.  The announcement came on the heels of losing a court case to the American Bar Association -- the court ruled that the rule does not apply to lawyers -- and on the heels of a legislative attempt to bar its applicability to small health care, accounting and legal practices.  Stay tuned.  

Update 7/29/09:  The FTC announced today that implementation of the Red Flags Rule will be delayed once again, this time til November 1, 2009.  The agency promises to roll out additional information targeted at low-risk entities covered under the rule.  Thus far, nothing has changed with respect to the rule and its ultimate effect, so organizations subject to the rule should take the extra time to assess their compliance needs and implement their plans in advance of November 1.

After a couple of delays, the FTC Red Flags Rule will be effective August 1, 2009.  This rule requires "creditors" under certain "covered accounts" to maintain a heightened alertness to numerous categories of "red flags" that may indicate that the consumer who is the rightful account holder is the victim of identity theft.  If a red flag is triggered, the creditor must take steps to notify the consumer and correct any inappropriate information included the creditor's records.

As you probably already know, the FTC is extending its reach with this rule (among others) into the health care sector.  (Cf. the FTC's role in enforcing certain Son of HIPAA provisions.)  The AMA has all but dropped a draft complaint on the FTC's desk, citing assorted legal precedents in its correspondence with the FTC arguing that the Red Flags Rule should not apply to physician practices.  The FTC is unmoved -- except to the extent that it has been willing to delay the effective date twice (from November 2008 to May 2009 to August 2009).

At any rate, the August 1 effective date is around the corner, and affected health care entities need to develop and implement compliance plans now, if they haven't already.  (Even the AMA says so, and has published guidance and a sample policy for members.)

A few more general comments before stepping back and examining the language of the rule and its applicability to health care providers.

The federales are taking something of a common-sense approach here, recognizing that a compliance plan needs to be tailored to the specific entity, the nature of its "covered accounts" and its operations.  Bank of America, N.A. and Springfield Medical Associates, P.C. will have very different compliance plans, because their potential red flags and the potential risks are vastly different.

Affected health care providers need to understand that the Red Flag Rule requirements overlap with HIPAA and state privacy law requirements (and looming Son of HIPAA requirements in ARRA), but will not be satisfied by implementation of existing privacy policies and compliance plans.  Review of the intersection of existing policies and procedures with the new rule's requirements is the first order of business.

As with any other new regulatory scheme, preparing a compliance plan and putting it on the shelf won't cut it.  The rule calls for regular monitoring of the plan and issues that arise by a senior manager.  Furthermore, best practices would dictate the training of staff to deal with individual issues and, most importantly, with the affected consumers.

Even if not clearly subject to the Red Flags Rule, providers should undertake to comply, for a couple of interrelated reasons:

  • Good patient PR.  Data security is top of mind these days.  Much of the effort required under the rule should be expended anyway simply to respond to market pressures calling for improved data security.
  • Potential liability.  The creative trial attorney will seek to use the Red Flags Rule as establishing a standard of care for the stewardship of personal information.  The incensed jury will go along.  The health care provider caught in the middle between thieves and victims may be the only perceived deep pocket available.

OK, so what is a "creditor" and what is a "covered account?"

Any entity that accepts payment other than payment in full at the time of service is a creditor.  Health care providers that go the cash-on-the-barrelhead route aren't creditors; all others are creditors.

The FTC Guide defines covered accounts as follows: either

  • a consumer account you offer your customers that’s primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions; or
  • any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.” Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. Unlike consumer accounts designed to permit multiple payments or transactions – they always are “covered accounts” under the Rule – other types of accounts are “covered accounts” only if the risk of identity theft is reasonably foreseeable.

Any creditor with covered accounts must have a red flags rule compliance plan in place with policies and procedures for dealing with "red flags" -- i.e., signs that personal information may have been compromised.  The World Privacy Forum suggests that the following red flags are the ones most applicable in the health care context:

• A complaint or question from a patient based on the patient’s receipt of:
   o a bill for another individual
   o a bill for a product or service that the patient denies receiving
   o a bill from a health care provider that the patient never patronized or
   o a notice of insurance benefits (or Explanation of Benefits) for health services never received.
• Records showing medical treatment that is inconsistent with a physical examination or with a medical history as reported by the patient.
• A complaint or question from a patient about the receipt of a collection notice from a bill collector.
• A patient or insurance company report that coverage for legitimate hospital stays is denied because insurance benefits have been depleted or a lifetime cap has been reached.
• A complaint or question from a patient about information added to a credit report by a health care provider or insurer.
• A dispute of a bill by a patient who claims to be the victim of any type of identity theft.
• A patient who has an insurance number but never produces an insurance card or other physical documentation of insurance.
• A notice or inquiry from an insurance fraud investigator for a private insurance company or a law enforcement agency.

If a situation is flagged, a creditor must take steps to mitigate the risk of identity theft or continued identity theft.  Again, the World Privacy Forum notes:

There need to be uniform but appropriately flexible answers to these questions:

  • What do we do when a patient claims fraud is in their files?
  • What do we do when a patient says the bills are for services she did not receive?
  • What do we do for patients and other impacted victims when we uncover a fraudulent operation?
  • When we have a real case of medical identity theft, how can we work with patients to fix the records and limit future damages?
  • What do we do when a provider has altered the patient records?
  • How do we handle police reports and requests for investigation from victims?

The answers to these questions need to viewed not just from the provider’s perspective, but also from the victim’s perspective, which can differ substantially.

There are a number of useful resources available for health care providers seeking to take stock of their situation, establish Red Flags Rule compliance policies and procedures, and undertake staff training on the subject.  For example, the FTC, the AMA and the World Privacy Forum have all released valuable guidance documents (all linked to above) that would assist any organization with coming into compliance. 

As with any effort of this sort, it is often valuable to have someone outside the organization come in to review existing policies, procedures and workflow in order to highlight potential risks and opportunities for improvement.  The HealthBlawger and members of the HealthBlawger's virtual consulting network are available to come in and assess, plan and help implement compliance strategies for organizations large and small touched by the Red Flags Rule.

Whatever the size or nature of your business, please take a moment to consider how the Red Flags Rule may apply to its operations, and how it may relate to other regulatory schemes such as HIPAA and state laws.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

December 02, 2007

Oxygen and Medicare: plus ca change . . .

. . . plus c'est la meme chose.  I am shocked, shocked, to learn from the newspaper of record that Medicare is overpaying for oxygen and related equipment and supplies.  Seems the OIG reported on the self-same issue over a year ago.

Are there cases in which the Medicare payment is appropriate?  Sure, but there are many in which it is not.  CMS can thinly slice payments in so many other areas, so the federales could do the same for oxygen, rather than go with a one-size-fits-all approach (XXL).

Update 12/3/07:  The American Association for Homecare has posted a rebuttal to the NY Times article linked to above.

-- David Harlow

June 01, 2007

OIG issues the Compendium of Unimplemented OIG Recommendations

Read the full Compendium.  Or just take a look at the priority recommendations.  There's something for everyone. 

The OIG scopes out its "priority" recommendations as being "comprised of both monetary and non-monetary recommendations, representing various time frames. The list comprises three categories: savings, integrity and efficiency, and quality of care." 

The quantified "priority" unimplemented OIG recommendations would save over $6bln if implemented.

The OIG announcement follows: 

The "Compendium of Unimplemented Office of Inspector General Recommendations" combines the "Red Book" (unimplemented monetary recommendations) and the "Orange Book" (unimplemented nonmonetary recommendations) into one publication. The "Red Book" focused on significant Office of Inspector General (OIG) cost-saving recommendations that had not been fully implemented. The "Orange Book" focused on unimplemented recommendations to improve HHS programs. Full implementation of the recommendations in this compendium could achieve substantial savings and increase the effectiveness of the Department’s programs.

Each narrative contains a background summary, findings, recommendation(s), status, report number(s), and report issue date(s). In the case of monetary recommendations, there is also an estimate of the savings that may be achieved by implementing the recommendations. The estimated value of each monetary recommendation is based on the specifics of each review and not extrapolated beyond the scope of the original review. The actual savings to be achieved depends on the specific legislative, regulatory, or administrative actions. However, the estimates provide a general indication of the magnitude of savings possible.

-- David Harlow

November 12, 2006

OIG advisory dings existing and proposed home oxygen arrangements of DME supplier

The OIG issued a negative advisory opinion earlier this month. A DME supplier requested confirmation that providing free home oxygen before patients qualify for Medcare coverage, and overnight oximetry testing services free of charge, would not be considered illegal remuneration to a person in a position to order or purchase covered goods or services.

At first blush, one wonders why this request was ever submitted in the first place.  Most advisories conclude -- unsurprisingly, based on the arrangements presented -- that while the arrangement technically is not within a safe harbor, the government believes that adequate safeuards against inappropriate overutilization/remuneration are in place and so the arrangement will be permitted.  The writing of the advisory is surely influenced by the ultimate outcome already determined by the OIG, but the arrangements described in this opinion seemed particularly doomed to failure from the outset.

CMS and Congress have come down hard on the DME suppliers in general, and oxygen suppliers in particular.  (The same may be said for various state Medicaid programs as well.)   

Consider, for example, the September OIG report on reimbursement for oxygen concentrator rentals.  Among other things, the report notes that the acquisition cost of an oxygen concentrator is under $600, yet DME suppliers are paid equipment rental payments for up to 36 months -- which may total over $7,000 (beneficiary copayments may exceed $1,300 over 36 months), and which are not justified by the industry position that the apparent unreasonable profit is appropriate and is required in part to cover inflation and maintenance costs. 

The industry position is further detailed here, and includes the typical complaints that the government is using old cost data, and that the sample of beneficiaries surveyed by OIG is too small to be statistically valid and is not representative.  In addition, the implication that most, if not all, oxygen concentrators are used by beneficiaries for more than 36 months is disputed.

The OIG report notes that 25% of all Medicare DME expenditures are oxygen-related.  And while DME expense pales in comparison to inpatient hospital expenditures (the industry offers the comparison of $7 and change per diem for home oxygen, vs. $4,500+ per diem for Medicare inpatient hospital expense; the numbers may be accurate, but are they comparable?), over the years CMS has focused on provider and supplier groups whose services consume successively smaller chunks of the Medicare dollar and at the aggregate level the DME dollars are significant.

There are industry- and CMS-supported changes on the legislative agenda for the future, and with the changed face of Congress it will be interesting to see what happens.

The background helps to contextualize the advisory request (oxygen suppliers seeing themselves as being under attack), but doesn't explain to my satisfaction the request itself. 

A better solution (which is already in place with respect to certain other covered services) -- perhaps one being pursued by the industry in tandem with the advisory request -- would be making determinations of medical necessity for home oxygen retroactive, so that beneficiaries who truly require home oxygen therapy may be provided the oxygen before the paperwork goes through.  Suppliers would then be at risk only for oxygen provided to those beneficiaries who do not eventually receive a finding of medical necessity.

-- David Harlow