Please be advised that contacting Ruder Ware by e-mail does not create an attorney-client relationship. If you contact the firm by e-mail with respect to a matter where the firm does not already represent you, any information which you disclose to us may not be regarded as privileged or confidential.


Accept   Cancel

Please be advised that contacting Ruder Ware by e-mail does not create an attorney-client relationship. If you contact the firm by e-mail with respect to a matter where the firm does not already represent you, any information which you disclose to us may not be regarded as privileged or confidential.


Accept   Cancel

PAL Login

linkedin.jpgyoutube.jpgvimeo.jpgtwitter_off.png View Ruder Ware

Search Results

Searching for Articles by John H. Fisher, II
John H. Fisher, II
Attorney
Wausau Office
.
Found 55 Results.

Setting Up Your Compliance Internal Reporting Mechanism

Posted on March 3, 2017, Authored by John H. Fisher, II, Filed under Health Care

One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation.  In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained.  Oftentimes providers use 24 hour compliance “hotlines,” compliance “lockboxes,” and other methods to facilitate compliance tips. Whatever system is used as part of your compliance reporting system, it is crucial employees understand they are encouraged to provide information and there is a clear prohibition against others in the organization retaliating against them for providing information.  It should also be made clear to employees that the desire of the employee to remain anonymous will be honored. Establish Compliance Reporting Process Absent a system to encourage reporting, it is hard to imagine a compliance program being found to be effective.  Effectiveness is the standard all compliance programs must meet in order to provide any risk mitigation.  All government standards for compliance require the program be “effective.”  A well designed and properly operated reporting system will help the business obtain valuable information, hopefully early on, before the issue becomes a big problem.  Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously. If information is obtained through the compliance reporting system it must be taken seriously.  Certainly not every piece of information will be reflective of a serious compliance problem and an employee could potentially have other motives for making a compliant.  Regardless, it is crucial the information be acted upon and the action be documented.  If the compliance officer concludes there were alternative motivations for the complaint, that fact should be substantiated and documented.  If an objective investigation indicates there could be a compliance issue, the matter needs to be pursued through an appropriate outcome. Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.  

Atlanta Dentist Goes to Jail for Medicaid Fraud - Do You Hear Me Now on Dental Practice Compliance?

Posted on February 21, 2017, Authored by John H. Fisher, II, Filed under Health Care

A few months ago, the Atlanta Journal-Constitution reported on the guilty plea of an Atlanta dentist for Medicaid fraud.  Just this week, the dentist was sentenced to serve a year and a half in federal prison. The dentist was alleged to have netted around $1 million in fraudulently obtained reimbursement from the Medicaid program.  As part of her plea agreement, the dentist agreed to forfeit her ill-gotten gains, including real estate she acquired using the funds. Some of the illegal activities alleged included: Having employees back-date claims for patients whose Medicaid eligibility had expired at the time the service was provided. Filing claims for services she provided on days she was not in the country; let alone in her office. The alleged activities appear to have been intentional and deliberate.  Even so, the situation is instructive on the type of risks to which a dental practice can be exposed.  Even if the dentist had not instructed employees to back-date billings it would be possible for an employee to do this on their own initiative.  The dentist under whose name the bill is submitted would still be responsible for the fraudulent billing.  Criminal intent might not be present in such a case, but repayment and potential civil penalties would certainly be assessed.  The government’s inquiry would likely focus on “what the dentist knew and when he or she knew it.”  The stakes riding on the outcome of that analysis would be potential jail time or at least enhanced penalties. So what is my point?  I recently wrote an article in which I described just some of the reasons a dental practice needs to have an effective compliance program in place.  Dental Practice Compliance Article.  The program should operate to educate staff on appropriate (and inappropriate) billing practices.  The program should include audits in areas of identified risk.  If a problem is discovered through proactive audit, appropriate corrective action should be taken promptly.  This may mean repayment and/or self-disclosure in some cases.  In other cases it may mean adjustment to policies and processes, additional training, or employee discipline.  It all depends on the circumstances. One thing is absolutely clear.  If there is a problem in your practice, you want to be the one who discovers it.  It is still not fun to deal with, but at least you are not under active scrutiny by criminal or civil enforcement agents, or even worse, a potential whistleblower.  The way to stay out in front of these issues is to have a compliance program that proactively looks for problems as a matter of routine. For some reason, many dental practices do not prioritize compliance.  Some practices believe compliance is mainly a “Medicare thing.”  That belief is wrong.  Medicaid and other governmental health programs apply, even when Medicare is not a significant source of revenue.  Compliance also goes beyond reimbursement issues.  A normal dental practice is subject to a host of federal and state statutes and regulations such as licensing requirements, insurance rules, OSHA regulations, DEA regulations, HIPAA, and state patient confidentiality laws, just to name a few.  Each of these areas present potential areas of risk and require mitigation through the operation of a systematic compliance program. I will leave it here and direct you to my previous blog article entitled “Should a Dental Practice Have a Compliance Program?” for more information.

House Republicans and Trump Administration File Joint Motion to Delay Suit Challenging Obamacare Subsidies

Posted on February 23, 2017, Authored by John H. Fisher, II, Filed under Health Care

An interesting development transpired Tuesday, February 21, 2017 in a case pending in Federal District Court in the District of Columbia that challenges subsidy payments from the Federal Treasury to support Obamacare.  The case was originally filed by House Republicans in 2014 challenging the constitutionality of the Obama administration’s authorization and payment of funds from the U.S. Treasury to subsidize insurance companies helping keep deductibles and other out of pocket costs low for low-income consumers. In May of 2016, the District Court ruled that the subsidies required Congressional authorization and the administration violated the separation of powers clause of the Constitution when it directed the payment of the subsidy funds.  The District Court issued a stay against enforcement of its order invalidating the payments to permit the Obama administration to appeal the decision.  This is where the case sat when President Trump took the oath of office. The positioning of this case changed in a very interesting way when President Trump was sworn into office in January.  At that time, President Trump was substituted as the defendant in the case.  This found the Trump administration as defendant in a case challenging the authority of his predecessor.  As defendant, the Trump administration could simply discontinue the payment of subsidies to insurers and the case would be over.  Stopping the subsidies would make the case moot.  Ending the subsidies would certainly seem to be consistent with the Trump administration’s desire to end Obamacare.  It would also seem to be consistent with the desire of House Republicans who brought the lawsuit to end the subsidies to start with.  The impact of discontinuing the cost sharing payments would likely create additional uncertainty in the insurance markets and further destabilize the Obamacare program.  Some have gone so far as to suggest ending the multi-billion dollar subsidies would create chaos in the insurance market, sharply increase premiums, and result in the withdrawal by some insurers from the program.  Taking away the subsidies would certainly require insurance companies to absorb losses attributable to low income individuals. On January 21, 2017, House Republicans and the Trump administration, who are now opposing parties in the lawsuit, filed a Joint Motion to delay a ruling in the case.  The purpose for making the joint motion was “to allow time for a resolution that would obviate the need for judicial determination” of the appeal.  The Joint Motion asks the court to extend the enforcement stay indefinitely. From a legal standpoint, the positioning resulting from the change in President is very interesting.  I will leave it to the pundits to debate what this development means or potentially signals regarding the future of Obamacare.  It is clear that Republicans (President Trump and the House Republicans) share a common goal to repeal Obamacare, yet find themselves on opposite sides of a significant Obamacare case.  It is possible the parties did not want to be seen as the owner of additional chaos to likely result from a decision on the merits or from discontinuing the subsidies by Presidential decree.  It does seem unusual that House Republicans would draw back from the result they requested at the inception of the case right at the moment their objective can be easily obtained.  With Trump in office, the objectives of the Republican House would have been met by simply ending the subsidy payments.  This is completely within the power of President Trump. Stay tuned.  This is bound to get even more interesting.

Recent Health Care Legal Developments – Looking Forward to 2017

Posted on December 29, 2016, Authored by John H. Fisher, II, Filed under Health Care

As we are coming close to the end of another year, I thought it might be good to pull together some of the health law articles and blogs we produced during 2016.  Ruder Ware's Health Care Focus Team puts out a lot of information on a variety of different blog sites.  This is in addition to our newsletter and our more comprehensive “Blue Paper” series. With a change in government we will see substantial changes in health law in the upcoming years.  While no single source will be able to cover all of these developments, our coverage tends to bring things down to the “street level” for providers.  You can sign up for our newsletter or go to one or more of our blogs and grab the RSS feed to follow our analysis of what is going on in the industry. Sign up for our Health Law Newsletter (E-Version) Here are some of the articles and information from 2016. 300 Pages of New Regulations Ruining Health Care Attorney Lives Across the Country 60 Day Repayment Rule Affordable Care Act ACO Primary Care Exclusivity Requirement - Not As Broad As Some Believe Ambulatory Surgery Center Advisory Opinions Antitrust Law Application In Rural Areas- Hospital Mergers Antitrust Market Analysis In Provider Integration Antitrust Policies Avoiding Spillover - Clinically Integrated Networks Auditing Physician Payments For Stark Law Bundled Payment Arrangements for Clinically Integrated Networks Certification of Investigation of Individual Wrongdoing Under the Yates Memorandum Clinical Integration Readiness Analysis CINs CMS Releases Final Rules Under Medicare Shared Savings Program CMS Releases the First Comprehensive Overhaul of Nursing Home Conditions of Participation in Over 25 Years False Claims Act Basics – Known Overpayment Becomes False Claim False Claims Act Liability - Conditions of Participation and Conditions of Payment Final Rule Under the Medicare Shared Savings Program Released HHS Releases Inflation Adjusted Federal Civil Penalties How Should Compliance Process Integrate the Yates Memorandum? Incident To Billing Rules Changed In New CMS Regulations Major Revamp of Nursing Home Regulations Proposed By CMS Medicare Shared Savings Program Changes Under 2016 Physician Fee Schedule Regulations Medigap PHO Discount Program Receives OIG Approval New Federal Prosecution Standards Require Revisions to Investigation Policies Off-Campus Provider-Based Departments Neutrality OIG Fraud Alert - Medical Director Compensation Arrangements Outpatient Surgery Article On Using A Safe Surgery Checklist Population Health Management and Clinical Integration President Signs the 21st Century Cures Act Primary Care Integration Strategies - Divisional Group Practice Mergers Provider Self-Disclosure Decisions – Voluntary Disclosure Process Referral Requirements - Can Employed Doctors Be Required to Make Referrals? Reimbursement for Telemedicine and Telehealth Services Telemedicine Credentialing By Proxy When Can Violation of a Condition of Participation Result in False Claims Act Liability? Update on Escobar’s Materiality Standard

The Case of the Very Very Impossibly Long, Terrible, Horrible, No Good, Very Bad Day

Posted on February 28, 2017, Authored by John H. Fisher, II, Filed under Health Care

How Fraud and Abuse Cases Arise in a Medical Practice It is no secret many doctors work very long days.  Some days are worse and some are better than others.  As a compliance lawyer, my job is to attempt to prevent doctors from having Terrible, Horrible, No Good, Very Bad Days.  In my experience, this type of day happens when the Office of Inspector General shows up at your door asking for all sorts of information about your billing practices.  Sometimes, the OIG appears based on analysis of statistics that indicate anomalies in your practices.  One anomaly, which I describe more below, results from analysis indicating you have been working Very Very Impossibly Long Days.  The Terrible, Horrible, No Good, Very Bad part comes later, when you are investigated for billing fraud. Individuals who are involved in billing and coding know very well how difficult and subtle the process is.  Coding must reflect what has been recorded in the medical record.  Some areas of coding are very nuanced.  In some practices, the difference between a correct and a fraudulent billing can be as subtle as how deep the skin was penetrated when removing a lesion. I've read recent articles that seem to indicate the biggest worry facing medical practices is a review by a Recovery Audit Contractor and a return of an identified overpayment.  This may have been the case several years ago, but enforcement practices have changed over the years and the volume of cases impacting physicians has greatly increased in recent years.  Even if criminal standards are not present, civil cases can be nearly as devastating to a physician personally and financially. When I talk about an increase in fraud and abuse prosecutions, I do not mean to imply the target of prosecution is a criminal.  In my experience that is rarely the case.  In the Fraud and Abuse area there is “fraud,” meaning a deliberate attempt to overbill or inflate reimbursement, and there is “abuse,” which can occur without the physician having actual knowledge anything wrong has occurred.  In fact, some cases of “abuse” are based on imputing knowledge of a circumstance that a government enforcement agency believes a provider “should know” through the diligent operation of an effective compliance program. I certainly have had people come to me to assist them in situations that could be fraudulent.  The more typical case involves a much more subtle oversight, failure to diligently conduct proactive auditing, inadequacy in documenting the medical file, or the failure to take prompt action after initially discovering an error.  These types of things fall more in the category of “stuff that happens” rather than deliberate fraud.  Even though not fraudulent, these types of occurrences can be viewed as “abusive” and can result in investigation and penalties if not handled properly.  Most of these things can be prevented by engaging in a proactive compliance program, but that is another story. So, what type of thing triggers the Federal government to really start digging into your business; and not with a happy face?  There can be a variety of circumstances that commence “special” treatment by government enforcement.  An example of this type of situation involves what I refer to as the “very, very long and impossibly difficult day.”  This type of day occurs when your coding would indicate you worked more hours than exist in a day.  An example of when this can occur involves coding for procedures that involve cumulative time components that add up to indicate that you worked an impossible number of hours. You can also catch the eye of government enforcers when you perform more of certain types of procedures than norms would indicate.  In other-words, if you show statistics that are outliers from the usual practice, it is very possible you will be asked to explain these deviations at some point in your career.  You might be able to explain the situation, but this is how you get the attention of the Federal government. Another typical case involves a billing problem you discover and self-disclose.  Federal law requires a known overpayment be repaid within 60 days after it is discovered.  Failure to meet this time limitation subjects the overpayment to imposition of additional penalties under the False Claims Act.  The application of the FCA effectively triples the amount of overpayment and adds between $11,000 and $22,000 per claim to the price tag.  A simple overpayment can easily become a false claim if repayment (or self-disclosure) is not made within 60 days of when you gained knowledge. Recent legal changes make it much more likely this will occur at some point.  Increases in False Claims Act penalties and other available sanctions has made health care fraud prosecution a profitable business for the Federal government.  Reports indicate that Federal enforcement agencies receive an 8 time return on every dollar they spend on pursuing health care fraud.  This was before the recent increases in federal penalties.  Federal enforcement agencies do not tend to wait for proof that they can convince a jury of your guilt before pursuing a case.  Instead, they use civil enforcement to leverage a settlement instead of requiring criminal burden of proof.  If you are facing potential False Claims Act penalties, you are strongly motivated to settle with the Office of Inspector General. When the types of problems that cause you to have a Terrible, Horrible, No Good, Very Bad Day occur or are discovered, it is critical they be handled properly starting at the moment of discovery.  The situation is not going to go away on its own.  The only solution is to proactively handle the situation with the hope you will avoid exposure to more damages than the simple overpayment amount.  This all needs to be done on an immediate timeframe.  There is little time to waste.  In reviewing these situations, I sometimes find there is an ambiguity in the rules or an incorrect application of the rules that resulted in a perceived problem.  The first step is confirmation that proper procedures were used to determine the overpayment.  Once confirmed, a decision must be made whether to self-disclose to the government or whether a repayment can be made without formal self-disclosure.  This decision is often complicated and may require development of additional facts through investigation.  It is critical the investigation be performed properly to avoid further potential risk exposure.

Compliance Officer and Legal Counsel Relationships

Posted on February 9, 2017, Authored by John H. Fisher, II, Filed under Health Care

I am often asked my opinion whether a general counsel can also serve in the role of compliance officer.  At first blush, it seems the general counsel would be a perfect fit for the role because of general knowledge of regulations applicable to the organization.  Clients are often surprised when I tell them it is not appropriate to assign the compliance role to the general counsel.  In fact, there is a lot of support for the proposition that assigning these responsibilities to legal counsel makes a compliance program less effective.  It also runs the risk of making the general counsel less effective in the legal counsel role. The reason legal counsel should generally not fill the compliance role arises from differences in the role each professional plays within an organization.  Legal counsel is an advocate for the organization.  When compliance issues come up, legal counsel advocates the position of the client.  The compliance officer on the other hand, is responsible for proactively looking for compliance problems and designing appropriate ways to correct discovered problems.  The roles go hand in hand in many ways, but what happens when it is legal counsel who structured a deal in a manner that does not comply with applicable regulations?  In cases like this, legal counsel is in an inherent conflict of interest. In all but the very smallest organizations that clearly cannot absorb the cost of two separate functions, there presents increased compliance risk to the organization for legal counsel to also be the prime individual responsible for compliance within the organization. Dividing the compliance and legal counsel functions is clearly the “best practice” when it comes to organizational compliance.  This conclusion is supported by comments from the Office of Inspector General (OIG), reading the Federal Sentencing Guidelines (FSG), the position taken by the government in Corporate Integrity Agreement fraud and abuse settlements, and general ethical standards that apply to the general counsel. The case for dividing the functions of legal counsel and compliance officer and creating a separate compliance office with direct line of authority to the Board or a Committee of the Board is quite compelling. In fact, many organizations who previously ran the compliance role through the office of general counsel are now reviewing this practice and making changes to their organizational structure and compliance plans. A study done by the American Health Lawyers Associations and the Office of Inspector General in 2004 concluded at that time, only 20% of health care organizations polled had their compliance function under the authority of their legal counsel’s office.  It is safe to say in view of more recent pronouncements by the OIG and by comments made in the Supplemental Compliance Guidance for Hospitals released in 2005, the percentage of “dual role” organizations is now less than that figure. The first source to be examined when defining the role of the compliance officer within an organization is the FSG. The FSG do not specifically mention a compliance officer per se, but require the compliance and ethics program be assigned to “high-level” personnel. As organizations first began creating compliance programs in response to the FSG, oftentimes the responsibility was assigned to legal counsel.  This seemed to be a natural outgrowth of the function of the office of legal counsel. In that regard, it made organizational sense because the office of legal counsel had resources and personnel in place to implement the compliance program without creating an entirely new organizational division. Over time, the assignment of compliance functions to legal counsel began to raise questions and concerns whether legal counsel was in fact “high level” personnel.  Additionally, questions were raised as to the degree that giving legal counsel the dual role of compliance officer and legal counsel sufficiently conveys the appearance of the importance the organization placed on compliance. As a result, some lawyers and compliance experts began to question whether creating a “dual role” compliance officer put the organization at risk of not receiving benefits afforded under the FSG if the organization was ever in a position to need these benefits. The OIG made its position clear for legal counsel to not exercise a dual role. An examination of many recent Corporate Integrity Agreements entered between providers and the OIG clearly demonstrates the OIG’s position on this matter. Most CIAs outline the role and position of the compliance officer in the organization. The standard language used by the OIG is as follows: “The Compliance Officer shall be a member of senior management of [Provider], shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors of [Provider], and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer.” [Emphasis Added] Although the FSG do not affirmatively address dual role situations, Commentary to the Sentencing Guidelines state “applicable industry practice or the standards called for by any applicable governmental regulations” are factors to be considered. Failure to follow these standards “weighs against a finding of an effective compliance and ethics program.” At the same time, both the FSG and the OIG Compliance Guidance recognize size of the organization is a factor in judging the level of compliance. This recognizes that in cases where an organization is small and fewer resources are available, the organization can meet its obligations without necessarily creating a structure that separates the roles between legal counsel and the compliance office. However, there is no precise definition of whether an organization is a “small organization” that can fulfill its compliance functions in less formal ways or a “large organization” that will be expected to devote suitable resources to create a completely separate compliance function. This uncertainty leaves an organization’s board of directors without precise guidance concerning an appropriate structure given the size and nature of its organization.  At the same time, best practice, given available resources, is to separate the compliance and legal counsel functions.  The potential consequences of failing to use an appropriate structure for the size of the organization is increased penalties in the event of organizational criminal misconduct; so the consequences can be quite serious.

Defining the Duty of the Board of Directors over Compliance Functions

Posted on March 22, 2017, Authored by John H. Fisher, II, Filed under Health Care

I recently posted a blog article about a document released by the Department of Justice entitled “Evaluation of Compliance Programs.”  As the title of the document might suggest, the DOJ release covers a variety of issues it looks at when evaluating the effectiveness of compliance programs.  The document includes some guidance on how a corporate board should view its responsibilities for corporate compliance.  The direction applies to health care boards, but extends to boards that oversee other types of businesses as well. A few practical points can be gleaned from the DOJ guidance regarding the practical application of board responsibilities over compliance. Direct reporting from the compliance officer to the board of directors is an essential element of an effective compliance program.  The direct reporting relationship should be set forth in policy, but the board should assure that reporting is actually occurring on an ongoing basis.  Regular means more than just once or twice per year.  Compliance should appear as a regular board agenda item.  Even if there are no compliance events to report, the compliance officer should be available to answer questions and/or make presentations to further the board’s awareness of the compliance function. The direct reporting relationship should not be contaminated by intervention of management, general counsel, or any other party.  The direct reporting relationship must be directly to the board and the compliance officer should not feel impeded in any way from exercising the direct reporting relationship. Be careful not to leave loose ends.  If a compliance issue is present, the board should assure the compliance process is followed through resolution.  Just learning about an issue is not enough.  The compliance function should be accountable to the board for follow-through on all significant compliance issues. Compliance environment is critical and the board should insist on measurement or other methods to ensure an open compliance environment exists throughout the organization. Availability of compliance expertise or support for the board enhances effectiveness.  Corporate boards might consider placing a compliance professional on their board of directors.  At a minimum, the board should be supported in the exercise of its compliance oversight functions.  Expertise independent of the compliance officer should be available to guide the board. A vital element of a compliance program involves training.  The Board should not be immune from the need to obtain compliance training.  The type of training that a board member receives should support the oversight function of the board.  This might be different than training received by a member of management or staff that focuses in a specific division. Compliance function independence is critical, particularly in cases where management might be involved in an issue or if the issue occurs in an area of operational oversight.  Board members should assure that compliance independence is present. Compliance should be active and ongoing.  If a board is not regularly hearing about compliance program operations or developments, it should be concerned.  If reports are not coming, ask for them. Board members should be provided with the DOJ document and should review it as part of the education needed to define their responsibilities and enable effective oversight.  The above only contains a few points included in the DOJ guidance. 

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Posted on March 21, 2017, Authored by John H. Fisher, II, Filed under Health Care

...Oklahoma Physician Group, LLC d/b/a Utica Park Clinic (UPC), Oklahoma, agreed to pay $13,467.01 Where The Heart Is (WTHI), Tennessee, agreed to pay $100,000 Health Recovery Service...

Physician Practice Compliance Programs

Posted on March 15, 2017, Authored by John H. Fisher, II, Filed under Health Care

In today’s environment of complex regulations, aggressive prosecution, exorbitant penalties, and hungry whistleblower attorneys, it is necessary for medical practices to maintain effective compliance programs.  Failure to do so puts the practice at a great deal of unnecessary risk.  Many or most practices will eventually make errors in their billing and collections or other regulatory areas.  Self-discovery of these issues is unpleasant but manageable.  Discovery by a government enforcement agency or a whistleblower can be personally and financially devastating. A compliance program creates a systematic process that proactively operates to discover potential regulatory risks, to audit and monitor identified risk areas, and to take action to correct discovered deficiencies.  A compliance program contains seven core elements, without which a program will not be effective.  The seven core elements establish the operational foundation and are required in all programs.  A compliance program will also include policies and procedures that set forth the requirements for compliance in identified risk areas.  For example, a health care provider is exposed to potential risk in billing and coding and will need to have policies and procedures covering general billing practices supplemented with specific billing requirements pertaining to their specific practice area. Risk area policies and procedures establish requirements and communicate them to staff.  They also establish a baseline against which auditing and monitoring activities can be measured. Having an active compliance process in place will help identify and correct issues before they are the subject of enforcement or legal action.  Additionally, an effective compliance program will help mitigate damages of third party claims.  Federal Sentencing Guidelines provide reduction in sentencing if an effective compliance program is in place.  Additionally, civil penalties can be assessed absent actual knowledge if the government feels a provider should have known about a deficiency through the operation of an effective compliance program. Every medical practice should operate a compliance program tailored to the risks present in their practice.  It is crucial the program be tailored to the risk involved in the specific practice.  Some of the core requirements are relatively standard but should still be adjusted to leverage the resources of the practice and accommodate the specific operational structure.  Risk area factors will always be unique to the practice. Some risk area policies will be based on the nature of the service provided.  Others will be based on the individuals involved and the operational structure of the practice. Adoption of policies is only the first step.  Compliance program effectiveness requires continual operation of the program as a “living and breathing” process to identify, assess, and address risk.  Without ongoing and systematic operations, a compliance program will not be effective and will provide little, if any, risk mitigation to the practice. An effective compliance program must address, at a minimum, seven core elements in addition to practice-specific risk areas. Appointment of a high ranking member of management to act as compliance officer or compliance responsible individual. Compliance policies that describe the process to conduct ongoing compliance activities. Training of employees, contractors and others on basic compliance program elements and risk areas that are applicable to their job functions. A visible compliance reporting system and protection of those who make complaints from retaliation or retribution. Consistently enforced disciplinary standards that hold employees responsible for following compliance requirements. Continual operation of the program to identify areas of potential compliance risk within the practice. Maintaining a system of appropriately responding to identified compliance problems through creation of appropriate corrective action, self-disclosure or other appropriate action. Putting these elements in place through adoption and operation of appropriate policies and standards establishes the central elements of the compliance process.  It is critical the activity does not stop at the establishment of policies.  A compliance program must be continually operated as a living and breathing process to identify and address risk.  The compliance officer or responsible individual is responsible for assuring the continued operation of the program.  

Enforcing ASC Exclusion Provisions While Minimizing Legal Risk – Rethinking Strict Application of the Safe Harbors to Exclusion Decisions

Posted on March 3, 2017, Authored by John H. Fisher, II, Filed under Health Care

Many surgery centers are eventually faced with decisions about how to treat investing physicians who do not perform as many procedures in the surgery center as others.  Under performing physicians can create political issues in ASCs because investors who perform more surgeries or higher value procedures at the center feel the other investors are taking a ride on their efforts. Attempting to exclude investors can expose and ASC to legal risk and must be done with great care and proper planning. Ruder Ware has just released a Legal Update covering some of the risks of excluding non-performing physician investors from an ambulatory surgery center.  The Legal Update Ambulatory Surgery Center Physician Exclusions - Reducing Risk of Forced Redemption of ASC Investment Interests also touches on some of the steps that can be taken to mitigate risk through proper advance planning and analysis. Links to Additional Articles Regarding Ambulatory Surgery Center Compliance Issues Ambulatory Surgery Center – Anti-kickback Issues and Safe Harbor Regulation Compliance Ambulatory Surgery Center Compliance Federal Settlement Raises Issues for Physician Owned Surgery Centers Ambulatory Surgery Center Compliance Legal Practice Ambulatory Surgery Center Advisory Opinions Ambulatory Surgery Center Radiologist Rules – Proposed Simplified By CMS Anesthesia Company Model Advisory Opinion 12-06

Recent Changes to Medicare “Incident To” Billing Rules

Posted on March 2, 2017, Authored by John H. Fisher, II, Filed under Health Care

Medicare permits a physician to bill for certain services furnished by a nurse practitioner or other auxiliary personnel under what is referred to as the "incident to" billing rules.  The "incident to" rules permit services or supplies furnished as an integral, although incidental, part of the physician's personal professional services in the course of diagnosis or treatment of an injury or illness to be reimbursed at 100% of the physician fee schedule, even if the service is not directly furnished by the billing physician. A significant requirement to permit the services of physician extenders to be billed as "incident to" services requires direct personal supervision by the physician. The supervising physician does not necessarily need to be present in the room where the procedure is being performed.  The “direct supervision” standard requires the supervising physician be “physically present in the office suite and immediately available to furnish assistance and direction” during the time the auxiliary personnel is providing the service.  The 2016 Medicare physician payment rule provided some clarification on how the direct supervision requirement under the “incident to” billing rules operates.  The new rule clarifies that the physician who directly supervises the applicable auxiliary personnel is the only party that can bill the service of the auxiliary personnel as “incident to” his or her service.  CMS considers this a clarification of its longstanding policy, but many providers will see this as a new restriction on the application of the “incident to” rules. To understand the significance of this “clarification,” it is useful to note that more than one physician is often involved in the care of a patient.  It is not uncommon for one physician to visit the patient and order a test or procedure that is then supervised by another physician.  Prior to this “clarification,” the physician who originally ordered the service might have billed the service as “incident to” even though another physician actually supervised the performance of the service.  The revised regulatory language clarified this is not permitted and that only the physician actually present in the office suite who supervises the service can bill for the service as “incident to” their service.  When making a claim for services billed “incident to” a physician’s services, the billing number of the physician that actually supervises the performance of the service must be used rather than that of the ordering physician. CMS clarifies the reasoning behind this rule as follows: “[B]illing practitioners should have a personal role in, and responsibility for, furnishing services for which they are billing and receiving payment as an incident to their own professional service.” In view of this regulatory clarification, providers may wish to reexamine their billing process and procedures to clarify the correct billing for “incident to” services.  Staff should also be trained on the proper supervision of services billed under the “incident to” rules.

CMS Issues Proposed Rule to Increase Patients’ Health Insurance Choices for 2018

Posted on February 17, 2017, Authored by John H. Fisher, II, Filed under Health Care

On February 17, 2017, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule aimed at reforming and stabilizing the individual and small group health insurance markets. When (or if) finalized, the proposed rule would make changes to special enrollment periods, the annual open enrollment period, guaranteed availability, network adequacy rules, essential community providers, and actuarial value requirements.  CMS states its belief that the proposed regulations would provide more flexibility to states and insurers, give patients access to more coverage options, and stabilize individual and small group health insurance markets while future reforms are being debated. The primary changes proposed in the regulations include: Expansion of pre-enrollment verification of eligibility to individuals who newly enroll through special enrollment periods in Marketplaces using the HealthCare.gov platform. CMS intends this proposed change to help make sure that special enrollment periods are available to all who are eligible while requiring individuals to submit supporting documentation, a common practice in the employer health insurance market. The intent is to help place downward pressure on premiums, curb abuses, and encourage year-round enrollment. Addressing potential abuses by allowing an issuer to collect premiums for prior unpaid coverage, before enrolling a patient in the next year’s plan with the same issuer. This will incentivize patients to avoid coverage lapses. Adjustments to the de minimis range used for determining the level of coverage by providing greater flexibility to issuers to provide patients with more coverage options. Reaffirming the traditional role of states to serve their populations by moving network adequacy reviews to the states. When reviewing QHPs, CMS would defer network adequacy reviews in states with the authority and means to assess issuer network adequacy. Statement of CMS’ intention to release a revised proposed timeline for the QHP certification and rate review process for plan year 2018. The revised timeline would provide issuers with additional time to implement proposed changes that are finalized prior to the 2018 coverage year. These changes will give issuers flexibility to incorporate benefit changes and maximize the number of coverage options available to patients. Shortening of the upcoming annual open enrollment period for the individual market. For the 2018 coverage year, CMS proposes an open enrollment period of November 1, 2017, to December 15, 2017. The stated intent is to align the Marketplaces with the Employer-Sponsored Insurance Market and Medicare.  This may help lower prices for Americans by reducing adverse selection. Obviously, all of the regulations pertaining to the Affordable Care Act are up in the air pending potential Congressional action on the underlying statutes.  Given the current uncertainty, CMS appears to be moving forward with revisions to the health care program that it intends to add stability to costs and operation.  The last day for public comments to be received on the proposed regulations is March 7, 2017. My analysis of these regulations…this could get interesting.

CMS Recommendations Regarding Protection from Cybersecurity Risks

Posted on February 22, 2017, Authored by John H. Fisher, II, Filed under Health Care

On January 13, 2017, the Centers for Medicare & Medicaid Services (CMS) issued Recommendations to Providers Regarding Cyber Security.  In general, the Recommendations are intended to remind providers and suppliers to keep current with best practices regarding mitigation of cybersecurity attacks.  The Recommendations contain an interesting discussion of some of the current cyber threats that exist to the health care industry. CMS released these recommendations in consideration of Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity” which was released by President Obama.  The EO directed agencies to issue new regulations addressing cybersecurity risks, “if current regulatory requirements are deemed to be insufficient…to mitigate cyber risk.”   Though CMS considers existing regulations adequate, it is addressing the specific cybersecurity risk by implementing a number of non-regulatory activities and recommendations to enhance cybersecurity of private sector critical infrastructure partners. Existing emergency preparedness regulations applicable to health care providers do not specifically address elements of cybersecurity.  However, the regulations require providers and suppliers to have an emergency plan and risk assessment that focus on capacities and capabilities critical to preparedness for a full spectrum of emergencies or disasters.  Even though cybersecurity is not specifically called out, that risk should certainly be considered and addressed by health care providers as part of their risk assessment and compliance with existing regulations. CMS encourages facility leadership to work collaboratively with various management and outside resources to develop systems to manage cyber-attacks. The practical part of the release contains a variety of recommendations to health care providers.  Many of the recommendations involve training staff to use alternative “paper” systems to prevent interruption in the event of a cyber-attack. Some of the recommendations CMS made include the following: Facility leadership should review current policies and procedures to ensure adequate plans are in place in the event of an attack. For instance, most IT Directors and policies within facilities require systems be shut down, and have specific timelines to notify appropriate State and Federal agencies and State Health Departments. Facilities should research best practices and mitigation methods and implement steps that provide adequate protection against a cyber-attack. Facilities should consider retraining staff to include use of non-electronic methods, such as written discharge instructions, care planning, and medical records, to be used as an alternative to electronic records in the event of an attack. Some providers also encouraged staff to familiarize themselves with knowledge of the paper medication administration record (MAR) process, and the transmission of laboratory and radiology orders on paper-based requisition forms that are hand delivered to departments for processing. Cybersecurity risk should be considered in the development of their emergency plans, risk assessments, and annual training exercises. Consider pre-programing phone/fax numbers into the fax machine to avoid any delay in the event computer systems are inaccessible. Consider conducting table-top exercises focused on cybersecurity and how to continue operations in the event of a cyber-attack. Consider establishing or adapting communication plans that can be implemented to identify alternative communications methods in the event existing means of communication are inaccessible. The CMS recommendations conclude by referencing a variety of external resources providers can consider when implementing procedures to address cybersecurity risks.

Home Health Agency Final Conditions of Participation Revisions Released by CMS

Posted on February 14, 2017, Authored by John H. Fisher, II, Filed under Health Care

...f residents or patients with pressure ulcers that are new or worsened (Short-Stay) (NQF #0678) has been made available through the HHA IMPACT Act Downloads and Videos webpage.  This ...

Confidentiality of Alcohol and Drug Abuse Patient Records - Final Rule Revising Regulations

Posted on February 17, 2017, Authored by John H. Fisher, II, Filed under Health Care

The Department of Health and Human Services (HHS) has released a final rule to update and modernize the Confidentiality of Alcohol and Drug Abuse Patient Records regulations effective February 17, 2017. The new regulations contain special confidentiality restrictions relating to information pertaining to patients receiving treatment for a substance use disorder under a Federal program.  These regulations maintain the core philosophy and confidentiality protections but make changes that are intended to better align the patient privacy protection with advances in the health care delivery system. The 30-year old regulations of patient records in Federal Alcohol and Drug Abuse programs impeded the ability of patients receiving these services to participate in the benefits from new integrated health care models.  The new regulations are intended to permit these patients to obtain the benefits of integrated delivery systems while, at the same time, protecting the confidentiality traditionally associated with these programs. Some of the main revisions that were included in the new regulations include: The general restrictions provided by the rule continue to apply to a federally assisted program and holds itself out as providing, and provides, substance use disorder diagnosis, treatment, or referral for treatment.  For example, an identified unit within a general medical facility is subject to the requirements of the regulations if it holds itself out as providing, and provides, substance use disorder diagnosis, treatment, or referral for treatment. For the first time, the restrictions on confidentiality contained in the rule are extended to individuals or entities who receive patient records from other lawful holders of patient identifying information.  Patient records subject to the protection of the regulations now include substance abuse disorder records in the possession of ‘‘other lawful holders of patient identifying information.’’  This is the first time the law has been extended to records held outside of Federal Alcohol and Drug Abuse programs. Upon request, patients who have included a general designation in the ‘‘To Whom’’ section of their consent form must now be provided a list of entities to which their information has been disclosed pursuant to the general designation. Part 2 programs are required to have in place formal policies and procedures addressing security, including sanitization of associated media, for paper and electronic records.  The obligation to maintain such a program is now expanded for the first time to “other lawful holders” of patient identifying information. The required Notice to Patients of Federal Confidentiality Requirements may be provided in either paper or electronic form.  Previous regulations did not clearly permit providing this notice by electronic means.  The new regulations also permit electronic signatures be used when permitted by state law. Technical language changes were made to the consent requirements (§ 2.31).  These language changes should be integrated into policies and procedures. A prohibition on re-disclosure applies to any information that would directly or indirectly identify an individual as having been diagnosed, treated, or referred for treatment for a substance use disorder.  Other health-related information may be shared or re-disclosed if permissible under other applicable laws, for example, HIPAA and applicable state law. The regulations contain an exception that permits disclosure in the case of medical emergencies.  Revisions were made to the medical emergencies exception to make it consistent with the statutory language and to give providers more discretion to determine when a ‘‘bona fide medical emergency’’ exists. The exception that existed in previous regulation relating to certain research activities are revised to permit protected data to be disclosed to qualified personnel for the purpose of conducting scientific research.  In order to take advantage of the exception, the researcher must provide documentation of meeting certain requirements related to other existing protections for human research. Audit and evaluation requirements have been revised in the new regulations to permit an audit or evaluation necessary to meet the requirements of a Centers for Medicare & Medicaid Services (CMS) regulated accountable care organization (CMS regulated ACO) or similar CMS regulated organization (including a CMS-regulated Qualified Entity (QE)), under certain conditions. The above are some of the primary changes contained in the new regulations.  Compliance and/or Privacy professionals should review their existing policies and practices to assure they are consistent with the new regulations.  This is also a good time to perform an overall review of confidentiality restrictions and practices that are applicable to individuals receiving treatment for a substance use disorder.  For the first time, providers (and other individuals) who may be lawful recipients of protected information must make certain they have adopted an effective program to assure protection of such information.

Department of Justice Issues Principles of an Effective Compliance Program

Posted on February 24, 2017, Authored by John H. Fisher, II, Filed under Health Care

The Department of Justice issued a directive entitled “Evaluation of Corporate Compliance Programs.”  The document provides insight into the analysis used by the DOJ to assess the effectiveness of a corporate compliance program when making sentencing recommendations under the United States Sentencing Guidelines. The document references the Principles of Federal Prosecution of Business Organizations included in the United States Attorney’s Manual.  The Principles describe specific factors prosecutors are required to consider when conducting investigations, making charging decisions, and negotiating potential plea agreements.  The factors considered by prosecutors have become known as the “Filip Factors.” Primary factors identified in the Filip Factors include “the existence and effectiveness of the corporation’s pre-existing compliance program” and the extent of the organization’s efforts “to implement an effective corporate compliance program or to improve an existing one.” The DOJ states that it evaluates compliance efforts on an individual basis in the context of the investigation that triggers the investigation.   A rigid formula is not used to assess compliance efforts.   Instead, the DOJ considers the specific risk profile of the company being investigated and whether the company effectively takes actions to mitigate the specific risk that applies to its operations.  Although individualized determinations of compliance program effectiveness are made by prosecutors, certain common questions are relevant to the determination of compliance effectiveness.  The outline provided by the DOJ identifies some common issues, topics, and questions it uses to assess compliance program effectiveness. We will be posting follow-up blog articles summarizing some of the factors identified by the DOJ as indicating compliance program effectiveness.  Stay tuned!

OIG Report Indicates Areas of Hospice Fraud Vulnerability and Issues a Warning to Hospice Providers

Posted on January 27, 2017, Authored by John H. Fisher, II, Filed under Health Care

The HHS Office of Inspector General recently released a report indicating deficiencies in hospice election statements and physician certification of patient eligibility for hospice care.  Medicare hospice care provides help to patients who are terminally ill continue life with minimal disruptions.  In order to qualify for hospice benefits, a physician must certify the patient is terminally ill.  Additionally, the patient must sign an election statement that acknowledges certain Medicare covered services are being waived in favor of palliative care. The OIG found that hospice election statements lacked required information or had other statement vulnerabilities in more than one‐third of the cases examined.  Election statement deficiencies included an absence of required acknowledgement of waiver of certain Medicare covered services. The OIG found physician certification requirements were not met in 14 percent of examined cases.  Physicians are required to compose a narrative when certifying a patient is terminally ill.  In many cases there appeared to be very little actual involvement by the certifying physician. Based on this study, the OIG clearly stated that hospice providers must improve their election statements and ensure physicians meet their requirements for certifying eligibility for hospice benefits.  Additionally, the OIG recommended the Center for Medicare and Medicaid Services take certain actions to strengthen oversight and assure compliance with these requirements.  The OIG recommended that CMS (1) develop and disseminate model text for the election statement patients must sign before receiving hospice benefits, (2) instruct surveyors to focus their review on the adequacy of election statements and compliance with physician certification of terminal illness,  (3) educate hospice providers about the requirements for election statements and certification of terminal illness, and (4) provide guidance to hospice providers on the impact on beneficiaries when they revoke previously made elections for hospice care. Hospice providers should be attentive to this report.  This is not the first time the OIG has investigated and reported on these program integrity issues involving hospice providers.  We can expect the OIG to increase its enforcement in this area and there is likely to be an increase in cases brought against hospice providers who do not integrate the various regulatory requirements into their compliance activities. The OIG report mentioned recent hospice fraud cases as illustrating the potential consequences of not following the certification rules.  The cases described are relatively extreme cases involving deliberate attempts to cheat the system by manufacturing patient eligibility.  The participants in these cases went to jail for these activities.  In a Mississippi case, the hospice provider used patient recruiters and submitted fraudulent claims to Medicare for patients who were not appropriate for hospice.  These beneficiaries had no idea they were in hospice care.  This case resulted in the owner of the hospice  being sentenced to 3 years in prison and ordered to pay $1.1 million in restitution to Medicare. A second case involved a hospice provider who submitted false claims to Medicare and altered patient records to make patients appear eligible for hospice services when they were not. To increase enrollment, the hospice owner also paid health care professionals for referring patients to his hospice care even though they were not appropriate to receive hospice benefits.  The owner was found guilty of health care fraud, sentenced to more than 14 years in prison and ordered to pay $16.2 million in restitution to Medicare. Even though these cases involve egregious violations that resulted in jail time, more subtle cases of non-compliance can present risk to hospice providers.  Failure to adequately document and certify the need for care can result in investigation, large overpayment obligations, and potential False Claims Act liability.  These consequences can be very extreme and penalties involved can be enough to put a hospice operation out of business.  Management of these organizations should also be cognizant of Federal policy changes that focus investigations, and criminal and civil liability against responsible individuals.  In some cases, prosecution will be sought from individuals and the organization may be allowed to remain operational because of significant need for their services.  After all, in the cases cited above, individual managers are serving jail time for their activities.

Wisconsin DHS Prohibits Maneuvers and Techniques in Community Based Programs

Posted on February 10, 2017, Authored by John H. Fisher, II, Filed under Health Care

The Wisconsin Department of Health Services (DHS) released a memo specifying maneuvers or techniques that may not be used at any time in community based programs and facilities. DHS deems the prohibited maneuvers or techniques to "present an inherently high risk of serious injury and even death."  Providers are directed by DHS to immediately discontinue use of any of the listed maneuvers.   See “Prohibited Restrictive Measures in Community-Based Programs and Facilities” - Division of Quality Assurance Memo: 17-01 Prohibited maneuvers, techniques, and procedures that may not be used under any circumstances include: Any maneuver or technique that does not give adequate attention and care to protection of the head. Any maneuver or technique that places pressure or weight on the chest, lungs, sternum, diaphragm, back, or abdomen. Any maneuver or technique that places pressure, weight, or leverage on the neck or throat, on any artery, or on the back of the head or neck, or that otherwise obstructs or restricts the circulation of blood or obstructs an airway, such as straddling or sitting on the torso, or any type of choke hold. Any maneuver or technique that involves pushing into a person’s mouth, nose, or eyes. Any maneuver or technique that utilizes pain to obtain compliance or control, including punching, hitting, hyperextension of joints, or extended use of pressure points. Any maneuver or technique that forcibly takes a person from a standing position to the floor or ground. This includes taking a person from a standing position to a horizontal (prone or supine) position or to a seated position on the floor. Any maneuver or technique that creates a motion causing forcible impact on the person’s head or body, or forcibly pushes an individual against a hard surface. The use of seclusion where the door to the room would remain locked without someone having to remain present to apply some type of constant pressure or control to the locking mechanism. DHS explains in the memo that the ultimate goal is to replace such interventions with trauma-informed systems and settings, positive behavior supports, and non-coercive intervention strategies.  DHS promotes recovery and healing that is consumer-driven, person-centered, trauma-informed, and recovery-based. In addition to describing measures that are completely prohibited, DHS states that restrictive measures that are not prohibited may only be used in emergency situations in which there is an imminent risk of serious harm to self or others, or as part of an approved plan.  Situations in which the person’s behavior was foreseeable based on his or her history are not considered an emergency.   Even restrictive measures that are not directly prohibited must be avoided whenever possible and may only be used after all other feasible alternatives, including de-escalation techniques, have been exhausted.  When necessary, restrictive measures may only be used with the minimum amount of force needed, and for the shortest duration possible, to restore safety. Facilities should review their policies and practices to assure compliance with the guidelines set forth in the memo. Additional staff training should be conducted to assure compliance with these standards.   Additionally, providers should become familiar with the changing standards of care and best practices focused on building skills and techniques to de-escalate and redirect behaviors that present safety concerns, and work earnestly to promote a trauma-informed culture of care.

Lessons Learned from Recent OCR Settlements

Posted on January 26, 2017, Authored by John H. Fisher, II, Filed under Health Care

...losure of electronic health information.  This disclosure involved information of about 1,670 individuals and included names, addresses, Social Security numbers, dates of birth, heal...

Chiropractic Service Overpayment for Lack of Medical Necessity

Posted on February 27, 2017, Authored by John H. Fisher, II, Filed under Health Care

Recent OIG Release Emphasizes Need for Compliance Policies Specific to Provider Risks The Office of Inspector General recently published results of its audit of Medicare claims for chiropractic services made by a chiropractic group in Kansas.  The review concluded the groups received over $725,000.00 in overpayments in calendar years 2011 and 2012. In its report, the OIG made a comment that should resonate with providers of all types: These overpayments occurred because [the provider] did not have adequate policies and procedures to ensure that the medical necessity of chiropractic services billed to Medicare was adequately documented in the medical records. The OIG recommended the provider refund $369,335.00 to the Federal Government.  The provider objected to the OIG’s recommendation to refund the overpayment that was identified by the OIG.  The provider argued the services billed were all medically necessary and were adequately documented as such.  The OIG issued detailed findings which upheld its initial recommendations, including the recommendation the provider repay amounts identified as overpayments. The OIG’s findings detail the documentation requirements applicable to substantiate the medical necessity to support billing for manual manipulation of the spine.  This analysis provides a useful review that can be integrated into chiropractic billing policies. The OIG stresses the absence of adequate policies and procedures describing the required medical record documentation to support billing the Medicare program for manual manipulation of the spine.  It is worthy of note that the OIG stresses the need for policies to address specific billing issues relevant to the provider’s practice and operations.  General billing policies will not suffice.  Providers should identify the areas of risk that are specific to their practices and detail applicable requirements in policies and in staff training. Providers should identify areas of billing applicable to the nature of their proposed services.  In the OIG report at issue, chiropractic services were specifically involved.  In my experience, providers generally know what billing issues pertain to their practices and where their most significant compliance risk lies.  Policies specific to these areas should be created based on published CMS billing requirements.  Employees should be trained on these policies. It is never enough to simply adopt policies.  The policies must be put into active operation to identify and reduce errors and associated fraud and abuse liability.  The policies can form the center of staff and provider training, auditing and monitoring, and corrective action based upon detected deficiencies.  The policy should be periodically reviewed and updated based on changes in legal requirements or billing standards, and detected errors in provider compliance or operation.  These activities are central to the operation of an effective compliance program.  If there are errors in the system, they will be detected before they become more difficult and costly to solve.  If errors somehow “get through” the system, the provider will have a great deal more credibility with the government when attempting to work out a solution.  In most cases, systematic compliance efforts will reduce or eliminate potential exposure for civil monetary penalties and/or False Claims Act liability if the provider is forthright in their disclosure to the Federal Government. It is also worth noting the OIG did not, and theoretically could not, make a determination as to whether the claimed services were in fact “medically necessary.”  Upon review of a claim, the only available evidence of medical necessity is what the provider documents in the medical record at the point of service.  The OIG could only analyze what was in the medical record and compare that information to the specific documentation requirement laid out in Medicare regulations. The OIG concluded the “medical review contractor found…that the medical records did not indicate that the services provided a direct therapeutic relationship to…the beneficiary’s symptoms.”  Specifically, the OIG concluded the services did not provide a reasonable expectation of recovery or improvement.  This is specifically required under the applicable provider manual sections (in this case Manual Chapter 15, section 240.1.3).