Outlier billing patterns will get you noticed!

A New York ENT physician was convicted of filing false claims with Medicare and Medicaid. The physician submitted claims totaling about $585,000 to Medicare and Medicaid and was paid roughly $191,000.

The fraudulent act was upcoding of ear exams or ear wax removal to an incision procedure of the external ear. An analysis of Medicare and Medicaid data identified this physician’s billing was an outlier and was found to be the highest biller for this procedure in the State of New York. 

Compliance lesson: Enforcement agencies are actively using data analytics to identify, investigate and prosecute providers with unusual billing activity – and so should you. Audit your claims regularly to identify potential false claims, so they can be corrected and/or reported.

Mole billing fraud scheme totals $4.1 million in false claims over 7 years

The second case involves a Chicago physician who conducted cancer screenings on moles that were removed from his patients. The US Attorney’s office in the Northern District of Illinois recently filed charges in the US District Court in Chicago. The press release includes the allegation that the physician removed more moles from patients than was medically necessary, totaling $4.1 million in fraudulent payments between 2015 and 2021.

But how does a simple case of removing one mole but billing for removing multiple moles leads to $4.1 million? Well, it turns out that the scheme was, shall we say, creative. Here is what was included in the charge document:

• More moles were removed that were medically necessary
• If multiple moles were removed from one area of the body, false documentation would be created to indicate that the moles were removed from different areas of the body
• When multiple moles were removed from a patient, the specimens would not be submitted immediately to pathology
• The practice would instead submit one specimen at a time to pathology on different days
• False documentation was created to show the removal of a single mole on different visits
• Some of the fraudulent visits were submitted on days when the physician was out of town
• Fraudulent documentation was submitted in response to Medicare audits

That is how you collect $4.1 million in false claims over a seven-year period.

Compliance Lesson: Examples like this fall into the category of “truth is stranger than fiction.” It is impossible to draft policies and train staff on for every possible compliance risk scenario. The goal of an effective compliance program is to train employees and staff to trust their instincts – if something does not seem right, notify the compliance officer directly or anonymously.

How well is your compliance program performing?

Find out with MPA's compliance program assessments.

Learn more.

• Written compliance and ethics policies and procedures that:
• Reduce the risk of criminal, civil and administrative violations
• Promote quality of care
• Designate a compliance contact to receive reports
• Include an anonymous way to report non-compliance without retribution
• Include disciplinary standards
• Apply to contractors and volunteers
• Policies and procedures communicated to all staff, contractors, and volunteers
• Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
• Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
• Auditing and monitoring
• A reporting system
• Consistent enforcement via discipline
• Annual review. 

• A mandatory annual compliance training program, and
• A compliance officer who reports directly to the governing body, with designated compliance liaisons at each site

WHAT ELSE IS IN THE GUIDANCE?

Lately, my inbox is flooded with warnings, reminders, and webinars about cybersecurity. Rightly so: cyberattacks are on the rise, and healthcare remains the #1 target. At MPA, we recently updated our HIPAA Security Risk Analysis, and we carefully documented every source of electronic PHI.

But: Paper still counts.

With so much of our efforts focused on cybersecurity and electronic PHI, we can’t lose sight of the risks posed by paper PHI. For example:

• A patient went to the emergency department at a hospital to get her blood pressure checked. While there, her nurse wrote down the blood pressure result on a piece of paper. The patient noticed that the other side of the paper listed another patient’s name, number, address, and positive HIV status. 
• A health system “became aware of a break-in to an off-site storage facility where certain limited patient records were housed. Six boxes of paper documents were removed from the facility without authorization.” 

In the HIPAA world, paper PHI still counts! Make sure your HIPAA security risk analysis and mitigation plan include paper PHI in addition to electronic PHI.

• Remember:

• A nursing home’s videos of residents enjoying therapy dogs Floyd and Loki went viral on TikTok. 
• Last Thanksgiving, one nursing home’s TikTok video of the administrator dressed as a Thanksgiving turkey went viral. 

• In a Scotland nursing home, a 102-year-old resident ‘s daily exercise dance routine – done with two nurses – was posted to TikTok. In the video, the resident and two of his caregivers are seen dancing. The home claims the videos “have been a great way to get the residents up and moving, and they’ve loved taking part.”