False Claims Act and Anesthesia

Posted on Jun 5, 2019 in Billing, Compliance, Medicare Compliance

False Claims Act and Anesthesia

An Important Law

The Federal False Claims Act and anesthesia is a topic worth considering. Of note, there are many federal laws in place that govern Medicare fraud and abuse. One of the most important laws that addresses fraud is the Federal False Claims Act.    Most importantly, it allows private citizens to bring civil actions on behalf of the United States.

The False Claims Act protects the Federal Government from overcharging or selling substandard goods or services. Consequently it imposes civil liability on any person who knowingly submits, or causes the submission of, a false or fraudulent claim to the Federal Government. Of interest, this is a law that dates back to the Civil War era.

Knowledge of Wrongdoing

The terms “knowing” and “knowingly” mean a person has actual knowledge of the information or acts in deliberate ignorance or reckless disregard of the truth or falsity of the information related to the claim. Furthermore, to violate the False Claims Act does not require proof of specific intent to defraud.

Qui Tam Complaint

The qui tam provision allows a person to file a qui tam action. Initially the government seals the qui tam complaint 60 days. Secondly, during this time the government will investigate the allegations and decide if it is proceeding with the action. Eventually if convinced by the case the government will prosecute. Finally, the individual who initially brought the case may receive between 15 and 25 percent of the amount recovered by the government.

Lack of Compliance Plan

Of importance is that the lack of a compliance plan increases the threat of Qui tam lawsuits.  Indeed this act provides significant financial incentives for private citizens to come forward as whistleblowers.

In short, the Federal False Claims Act and anesthesia is a topic that cannot be taken lightly.  Anesthesia providers should be prepared with an active compliance plan.

Contact us for more information on these important topics and anesthesia compliance training for you and your company.  ACC Contact Us

Read More

Fraud, Waste and Abuse

Posted on May 7, 2019 in Billing, Compliance, Medicare Fraud

Fraud, Waste and Abuse

Our Compliance Tip

We have heard much about Fraud, Waste and Abuse in the news lately and are aware the government has their eyes on the Anesthesia profession.   As providers of medical care we must be very familiar with these concepts. 

The Fraud, Waste and Abuse program has become very important and it is mandatory for healthcare professionals including Anesthesia Providers to understand the concepts.

Why It Is Important

Most important of all, the reason for this new required program is to help practitioners become aware of the significant problem we have today in terms of Medicare Fraud and Abuse.  Medicare abuse costs taxpayers billions of dollars and puts beneficiary’s health and welfare at risk.  In 2011 the US lost 3-10 % or $82-$272 billion annually due to healthcare fraud and abuse.

Fraud, and Intentional Action

Fraud is an intentional action that results in a benefit to the perpetrator.  The intention must be present for an action to be found to be a fraudulent activity.  In healthcare this may occur when services are not rendered or given in a matter claimed and they are intentionally billed.   A violation of the anti-kickback statute that results in reimbursement to the group can result in a false claims allegation by the OIG.  

Other actions can lead to allegations of false claims such as retention of overpayments, billing for services not provided or medically unnecessary, or up coding a claim, which uses a higher code than that which indicates the service rendered. An example of up coding is using a code with a higher amount of base units than that performed.  Unbundling services breaks apart elements into separate items of a service that we normally bill together.  There have been cases where an anesthesiologist unbundled provision of oxygen and basic monitoring from basic anesthesia care to bill for them separately. 

Examples of Fraud

Examples of fraud that show intent to defraud include: documenting a service that did not occur, upgrading the physical status, submitting documentation for reimbursement that you know is not correct and creating false documentation to support a higher level of service. 

What is Abuse

Primarily the term abuse means practices that are not consistent with medical, business or financial standards that result in waste of funds for reimbursement.  The government often links this with fraud.  

As an example of abuse is billing non-covered services as covered services, reporting duplicate charges on a claim, charging excessively for services, and improper billing that results in payment by a government program when another payer is responsible.

Most important of all CMS requires all providers to know how to combat fraud and abuse.  Providers must also learn how to keep their organizations from engaging in abusive practices that hurt the Medicare program.

Read More

Authorization and the HIPAA Rule

Posted on Oct 23, 2018 in Compliance, HIPAA

Authorization and the HIPAA Rule

Specific Authorizations

To use the PHI of an individual one must often obtain an authorization.   Authorization and the HIPAA Rule is very specific. The use of PHI for treatment, payment or healthcare operation purposes does not require authorization. In addition if there are specific laws an authorization is not required.

An authorization for disclosure to an attorney’s office, and to a life or disability insurance company is another example.

Research Projects

To disclose medical records when a patient consents to participate in a research project and when they request a transfer of medical records to another medical providers office an entity must obtain authorization.

Court Orders

A request with a court order signed by a judge from a court with jurisdiction will not require authorization.  To report an infectious disease according to state law does not require authorization. To disclose PHI for research, if an IRB (Institutional Review Board) grants a waiver of authorization does not require authorization.

State Law is Important

The HIPAA compliant authorization must contain certain elements, but don’t forget to look at state law requirements.  There are many states with laws that are more protective of PHI than the Federal HIPAA Rules and they will require additional elements added to the authorization.

Read More

Using Cybersecurity to Protect PHI

Posted on Sep 23, 2018 in Compliance, HIPAA

Cybersecurity protects PHI
Cybersecurity is part of HIPAA

Risk From Many Sources

Using cybersecurity to protect PHI is a key feature of HIPAA.  Electronic protected health care information or EPHI is at increased risk from many sources:

  • Foreign hackers looking for data to sell – usually on the dark web
  • Ransomware attacks that lock up data until a ransom payment is received
  • Phishing schemes that lure the user into clicking a link or opening an attachment to deploy malicious software; and
  • Spear phishing –a targeted attack on a specific person that appears to come from a legitimate source usually instructing a transfer of funds..

What You Can Do

In order to safeguard EPHI against threats:

  • Firstly, know how to spot phishing emails.
  • Secondly, use strong passwords, two factor authentication and encryption.
  • Finally, have policies, procedures and safeguards in place to protect EPHI and Know who to report an incident to in your organization.

Prepare for Cyberattacks

In the case of a cyberattack or similar emergency an entity must:

  1. Execute it response and mitigation procedures and contingency plans.
  2. Report the time to other law enforcement agencies.
  3. Should report all cyber threat indicators to federal and information-sharing and analysis organizations.
  4. Finally, it must report the breach to OCR as soon as possible, but not later than 60 days after the discovery of a breach affecting 500 or more individuals.

Most importantly, OCR considers all mitigation efforts taken by the entity during in any particular breach investigation.  For instance, such efforts include voluntary sharing of breach-related information with the appropriate agencies.

For more information.

Above all, remember in the event of a cyberattack it is critical to comply with breach reporting requirements.

Finally, using cybersecurity to protect PHI remains the cornerstone to protecting all ePHI which all organizations should address in today’s healthcare climate.

For more information on this vital topic.

Contact us if you have questions.

Read More

Texting Protected Health Information Safely

Posted on Aug 28, 2018 in Billing, Compliance, HIPAA

Texting Protected Health Information
Texting safely on mobile devices


The Office for Civil Rights or OCR  with HIPAA oversight  has not produced the long-awaited guidance on texting protected health information.  Finally, at a Health Information Management Conference in March the OCR director said healthcare providers could text message their patients with PHI.  However, the provider must warn the patient that it is not secure.  In addition, the provider must obtain and document  patient authorization to receive texts.

Recent Guidance on Sharing PHI Safely

The Centers for Medicare and Medicaid Services or CMS oversees the Conditions of Participation and Conditions for Coverage.  CMS issued a memo on healthcare provider texting protected health information safely on December the 28th of 2017.  Most importantly the takeaways are:

Texting Protected Health Information

CMS permits texting of patient information among members of the health care team.   Above all, the platform must be secure and encrypted. As a result, it minimizes the risks to patient privacy and confidentiality.  Most importantly, HIPAA regulations, the Conditions of Participation and the Condition for Coverage require this as a safeguard.

Texting Patient Orders

Regardless of the platform, CMS prohibits the practice of texting of patient orders. Above all,  the provider is not in compliance with the Conditions of Participation or Conditions for Coverage if he or she texts patient orders to a member of the care team.

CPOE for Orders

Most importantly, providers should opt for the use of Computerized Provider Order Entry (CPOE) as the preferred method of order entry. CMS insists that a physician or Licensed Independent Practitioner (LIP) should enter orders into the medical record via a handwritten order or via CPOE.  When using this system, orders are immediately downloaded into the provider’s electronic health records (EHR). Moreover, this method is preferred as the order would be dated, timed, authenticated and promptly placed in the medical record.

It is critical for all providers to understand and follow these new guidelines from CMS on Texting Protected Health Information among Healthcare Providers.

Follow this link to our partner at HIPAA ABCs

Read More

Learn about Mitigation in Compliance

Posted on Feb 15, 2017 in Compliance, Medicare Compliance

Mitigation in Compliance

What is Mitigation in Compliance?

Clients frequently ask us, what is “mitigation in compliance?” The answer comes straight from the dictionary, which states, “Mitigation is the action of reducing the severity, seriousness, or painfulness of something.”

Mitigating Outcomes

In the world of compliance, we do our best to stay out of the government’s crosshairs.  Despite our vigilance, there is always the chance something will go wrong and it may appear to the government you are billing incorrectly, raising the risk of false claims allegations.  To defend against this we recommend you adopt a compliance plan, perform audits and educate your staff.  By performing these activities, you can “mitigate” or lessen the probability that there will be an action against the group and lessen the severity of the penalties in the event one occurs.  Despite a recommendation from the Office of Inspector General to adopt the mitigation measures, anesthesia providers often forget the benefits they afford.

CMS makes this clear in their Compliance Policy and Guidance, which you can access below, in the active link.  Please review this to fully understand how you can be prepared for potential issues.

What You Can Do

When is the last time you reviewed your compliance plan, performed an audit and educated your staff?  We can help you “mitigate” by assisting you with the recommended compliance activities.

In addition you can get more information by following the link below:


Medicare Compliance Organization

Read More