Billing & Reimbursement

The transportation landscape in America has evolved and these developments are now impacting health care. With about 75 percent of the U.S. population living in a county with access to an on-demand ride-hailing service, many patients are turning to ride-share services, like Uber and Lyft, as a means to obtain their medical care.

The idea of partnering ride-sharing and health care is not new. Over the past few years, ride-sharing companies have been edging their way into the health care realm. Both Uber and Lyft have been testing pilot programs involving nonemergency medical transportation (NEMT) and other non-traditional health care transportation models with major providers, institutions, insurers, and transportation brokers nationwide. Until recently, most of these programs have been limited in scope to specific health care facilities, by service (e.g., concierge services that ferry flu shots to people, or enabling users to request a doctor to provide on-demand diabetes and thyroid tests) and by patient population (e.g., Medicare Advantage, Medicaid, and limited commercial payors).

Recognizing the need for accessible and cost-efficient health care transportation is not unique to Uber and Lyft. A number of revolutionary NEMT companies have emerged in various markets to supplement traditional health care transportation options and the “Big Two” ride-share companies have partnered with many of these outside vendors to enhance an established and (presumably) compliant service offering in specific markets. Certain NEMT companies, like Veyo, American Medical Response, and Circulation, have made their own name in the NEMT space. Interestingly, both Uber (in 2016) and Lyft (in 2017) announced partnerships with Circulation, utilizing Circulation’s customizable NEMT platform to integrate with each ride-sharing companies’ application program interfaces (API) and connecting with the interfaces of the health care systems’ they service.

With these numerous initiatives, it was unsurprising this year when the Big Two made their entrance into the entire health care market official. By expanding beyond outsourced NEMT ridesharing services to predetermined health care facilities, both Uber and Lyft have launched their own platforms to allow all health care providers to schedule rides for their patients.

In March, Uber introduced and launched “Uber Health,” a distinct application from the traditional Uber app, which provides a digital portal allowing health care organizations to book rides for a patient or caregiver who need help getting to and from medical appointments. Through Uber Health, unlike traditional NEMT services (where government and certain commercial payors may reimburse the transportation company for the rides), Uber bills the health care providers who sign up for Uber health monthly based on the cost of their patients’ rides, which are on par with standard Uber rates at the time of the ride booking.

On the other hand, in 2016 Lyft first introduced a service called “Concierge,” which similarly allows health care providers to set up rides for patients to get to appointments; however, also in March of this year, Allscripts and Lyft announced their partnership to incorporate the Concierge patient transportation interface directly into Allscripts Sunrise EHR so that when a patient’s transportation needs are noted in his or her medical record, a Lyft is automatically scheduled for that patient. Similar to Uber Health, under Lyft’s Concierge service, the providers pay for the rides.

This shift in health care transportation was inevitable and providers are now able to leverage the convenience of these ubiquitous apps to ensure better experience and care for their patients; however, caution should be taken to ensure that these patient rideshares are done in a legally compliant way.

Primarily, these ride-share services raise concerns under fraud and abuse regulations. Because health care providers coordinate patient transportation through the applications, providers need to be careful about offering free or discounted rides to patients which could trigger the federal anti-kickback law. Providers who treat state and federal program beneficiaries will need to ensure that the method of delivery adheres (or as closely as possible) to the Office of Inspector General’s (OIG) safe harbor regulations applicable to free or discounted local transportation. As outlined in a prior post on this Blog, in 2016 the OIG announced a safe harbor that protects a health care provider or other eligible entity (i.e., any individual or entity, except those who primarily supply health care items) from Anti-Kickback Statute (AKS) and Civil Monetary Penalty (CMP) penalties if it provides free or discounted local transportation to Medicare patients and other federal health care program beneficiaries, so long as all of a number of conditions are met. These conditions require, among other things, that there be a written policy in place which restricts how transportation services are used and advertised, and that the transportation be available only to “established patients.” Therefore, if a health care provider attempts to advertise the availability of free rides as an inducement to grow its patient base, it could quickly find themselves paying fines, including treble damages.

Additionally, many states have their own kickback prohibitions, potentially placing limitations or restrictions on the utilization of ride-share platforms for professional services. If no government beneficiaries are seen by a provider, the provider can ultimately decide whether to pay for the service or pass some or all of the cost on to their patients. Therefore, a state-by-state analysis should be performed to assess appropriate practices prior to offering ride-share services to patients. These payment and kickback concerns will continue to develop as private insurers assess reimbursement eligibility for ride share services.

One population that has been left out of the trend to partner ride-sharing with providers are those in wheelchairs or who need transportation accommodations due to a disability. Uber, was recently sued by a San Francisco-based advocacy group for not providing wheelchair-accessible transportation, and the company is now piloting such vehicles in several cities. To the extent a health care practice is “participating” in a ride-share platform, any acts of non-compliance by the ride-share company, depending on the terms of the arrangement (or lack thereof), could potentially flow to the provider, as the ride-share companies, acknowledging their status as Business Associates, are ultimately performing the services on behalf of the provider.

This Business Associate recognition prompts the overarching patient privacy concerns inherent in the ride-sharing services. Since ride-sharing companies (and their drivers) will have access to individually identifiable and/or protected health information, providers must have appropriate Business Associate Agreements (BAAs) in place to comply with the Health Insurance Portability and Accountability Act (HIPAA). Both Uber and Lyft have touted their proactive and preemptive compliance with HIPAA and publicized engagements of third-party HIPAA compliance companies to ensure development, implementation, and customization of the necessary safeguards for data security in the distinct APIs for their new platforms.

Uber asserts that Uber Health drivers won’t know which of their passengers are using Uber Health. Like a typical Uber ride, only a passenger’s name, pickup and drop-off addresses will be given to the Uber Health driver and Uber drivers are not able to opt into or out of the health service the same way that they can with Uber Eats, an affiliated food delivery service. Therefore, on a trip to a hospital or medical practice, a driver won’t know whether a rider is traveling to the health care facility using the traditional Uber app—to commute to work, for example—or is meeting a doctor through the health care platform.

The logic (or belief) is that although the ride-share companies are Business Associates, the companies’ drivers are not given any medical information and are not even informed that a ride is under the health care platform; therefore, the drivers are not Business Associates (or “subcontractors” under HIPAA). This concept has seemingly satisfied the outsourced risk and compliance assessments; however, the government has yet to opine as to whether individually identifiable health information (not just “medical information”) is truly kept private under HIPAA’s somewhat ambiguous standard of requiring only a “reasonable basis to believe the information can be used to identify the individual.”[42 CFR 160.103 (Individually identifiable health information)]

Additionally, to address obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act, Uber is storing data from Uber Health in separate servers, meaning that only select Uber employees and the health care providers have access to patient data. Furthermore, Uber is housing everything itself and is not sharing Uber Health data with anyone downstream in its supply chain, thereby eliminating obligations to manage the transfer of data or implementing third-party vendor risk management programs. Accordingly, a breach in Uber’s servers presumably should not compromise Uber Health’s data.

Despite these safeguards and demonstrated HIPAA-compliance, risks still remain (e.g., potential data breaches). Not that long ago, Uber was hit by a cyberattack exposing the personal information of 57 million riders and drivers, and the company’s delayed public notification of the incident was disconcerting to many. Providers, as Covered Entities, participating in these ride-share platforms risk potential imposition of stiff penalties for data breaches, increasing the importance of entering into a well-drafted BAA with the ride-share company.

Uber has stated they are “pleased to sign BAAs with all participating healthcare organizations” and the Uber Health’s Dashboard Terms and Conditions provide that the “Terms shall automatically terminate upon the termination of the Business Associate Agreement that the parties separately entered into…” This acknowledgement is the first step, but it is unclear as to whether Uber has their own form BAA or will accept a provider’s form/terms for each individual relationship.

The incorporation of ride-sharing transportation into the delivery of health care services can provide benefits to both providers and their patients; however, the array of health care regulatory issues should be evaluated and assessed before signing up for such programs. If you or your practice have any questions or are interested in offering a patient ride-share program, please contact Michael Bassett at mbassett@foxrothschild.com or 215.444.7191, or any member of Fox Rothschild’s Health Law Group.

 

Last month, CMS Administrator Seema Verma announced several initiatives to innovate the delivery of patient care at the ground level.  In collaboration with the Trump Administration and other federal agencies, CMS is taking steps to implement a system in which patients have control of their electronic health information and can easily transfer it between health care providers.  This system, referred to as “MyHealthEData,” is also intended to allow both physician and patient to access the clinical and payment data required to make the best healthcare decisions at the point of care.

Doctor using tablet to view electronic medical recordAs announced, CMS’s short-term efforts in connection with the MyHealthEData initiative include:

  • Launching Medicare’s Blue Button 2.0, which will allow a patient to access and share his/her healthcare information and medical history with a new physician, leading to less duplication in testing and enabling continuity of care.
  • Requiring providers to update their systems to improve data sharing.
  • Requiring hospitals to share specific types of data with a patient’s receiving facility or post-acute care provider following discharge.
  • Streamlining documentation and billing requirements for E&M codes to allow doctors to spend more time with their patients.
  • Reducing the incidence of unnecessary and duplicative testing that occurs as a result of providers not sharing data.

CMS is also taking steps to overhaul the EHR incentive programs (including the Advancing Care Information category of the Merit-based Incentive Payment System (MIPS) and the EHR Incentive Programs for Hospitals) to prioritize interoperability of EHR systems, reduce the time and costs required to comply, and prevent providers from withholding healthcare data from patients.

For more information on the MIPS and the Quality Payment Program, please see our prior post here and CMS’s interactive website on the Quality Payment Program here.

For more information on the MyHealthEData Initiative, please see CMS’s published Fact Sheet.  Stay tuned to Fox Rothschild’s Physician Law Blog for updates.

[For more information on CMS’s new Quality Payment Program and what physicians need to report in 2017, please see our prior blog posts here and here.]

CMS recently issued guidance (accessible here) on the three-part “Prevention of Information Blocking” attestation which physicians and other eligible clinicians will need to submit to CMS in order to qualify for points under the “Advancing Care Information” category of the Merit-based Incentive Payment System (MIPS).

Although making this attestation and reporting to CMS regarding use of certified EHR technology (CEHRT) is not required to avoid a penalty under the MIPS for 2017, many physicians and group practices wish to report as much as they reasonably can to seek a high score under the MIPS and a positive payment adjustment to their Medicare reimbursements in 2019.

The three-part attestation centers on the representation that the physician/group practice will not knowingly and willfully limit or restrict the compatibility or interoperability of its CEHRT.  CMS’s guidance makes clear that physicians and group practices making the attestation must use good faith and reasonable efforts to enable the exchange of electronic health records between appropriate parties.

According to CMS, examples of situations where access to CEHRT could be reasonably restricted include:

  1. System Maintenance — Disabling CEHRT for as long as reasonably necessary to complete system maintenance, provided that requests for access to EHR information during such time period are responded to when practical;
  2. Security Concerns — Blocking access to CEHRT when reasonably necessary to ensure the security of EHR information, provided that the blocking was narrowly tailored to the bona fide threat; and
  3. Patient’s Health and Well-Being — Restricting access to certain information (such as a patient’s sensitive test results), if the clinician reasonably believes that the restriction is necessary to protect the patient’s health or well-being. In the case of sensitive test results, CMS suggests that restricting access to the results could be reasonable until the physician or clinician who ordered the test has reviewed and appropriately communicated the results to the patient.

CMS expects that physicians and group practices making the attestation will ensure that their organizational policies and workflows will not restrict functionality of the CEHRT in any way, and that they will work with their CEHRT vendors to ensure that the CEHRT is fully functional.

If you or your practice will be reporting EHR data to CMS under the MIPS for 2017, a full review of CMS’s guidance on the attestation is recommended (see the five-page guidance here).  All physicians and practices reporting EHR data under the MIPS have until March 31, 2018 to report the data and make the attestation.

Under CMS’s new Quality Payment Program, which will adjust Medicare Part B payments starting in 2019 based on data from this year, physicians and other eligible clinicians must qualify for one of two payment “tracks”, either the Merit-Based Incentive System (MIPS) or the Advanced Alternative Payment Model (Advanced APM) track.   A physician who qualifies under the MIPS in 2017 can earn up to a 4% payment adjustment to Medicare Part B payments in 2019.  Physicians who qualify under the Advanced APM track can earn up to a 5% payment adjustment in 2019.  For more information on the Quality Payment Program and the MIPS, please see our prior blog post on the topic here.

Since the Quality Payment Program went into effect on January 1, 2017, it has been unclear whether physicians participating in an Advanced APM in 2017 would be able to meet CMS’ quality and reporting requirements and earn a 5% payment adjustment to their Medicare Part B claims in 2019.

CMS recently provided clarity on this issue by predicting that almost 100% of physicians and other eligible clinicians participating in Advanced APMs in 2017 will qualify for a 5% payment adjustment to their Medicare Part B claims in 2019.  CMS based this prediction on an analysis of Advanced APM claims data submitted from January through August 2016 (before the Quality Payment Program went into effect).

CMS also stated that physicians who participate in an Advanced APM need to meet only one of two criteria to earn the 5% payment adjustment in 2019:  (1) receive 25% of the physician’s Medicare Part B payments through the Advanced APM; or (2) see 20% of the physician’s Medicare patients through the Advanced APM.  [A list of Advanced APMs in which a physician may participate in 2017 can be found at the following link: CMS List of Advanced APMs]

Participating in an Advanced APM can have several benefits (including being exempt from reporting quality data under the MIPS payment track), but also involves taking on some risk.  If you are considering participation in an Advanced APM, please contact an experienced attorney to discuss.

CMS is expected to issue formal determinations regarding the qualification of particular physicians for the Advanced APM track later this year.  Stay tuned to Fox Rothschild’s Physician Law Blog for updates.

The Medicare Access and CHIP Reauthorization Act of 2015 requires Centers for Medicare and Medicaid Services (“CMS”) to remove Social Security Numbers (“SSNs”) from all Medicare cards. Physicians currently use a SSN-based Health Insurance Claim Number (“HICN”) for Medicare transactions like billing, eligibility status, and claim status. Starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier (“MBI”) to replace the existing HICN. All Medicare cards will be replaced by April 1, 2019, affecting approximately 57.7 million beneficiaries.

The initiative is intended to better protect private health care and financial information; however, many physicians are unclear as to their responsibilities to ensure that billing privileges aren’t affected.  Although CMS has designated the time period running from April 1, 2018 through December 31, 2019 as a transition period, during which physicians may use either the HICN or MBI in Medicare transactions, physician systems must be able to accept the new MBI format by April 1, 2018, which is the beginning of the transition period.

Earlier this month, CMS released a five-point bulletin on steps physicians can take to prepare for the change. CMS advises physicians to do the following:

  • Go to CMS’ provider website and sign up for the weekly MLN Connects newsletter;
  • Attend CMS’ quarterly calls to get more information;
  • Verify all Medicare patients’ addresses. If the addresses on file are different than the Medicare addresses on electronic eligibility transactions, ask patients to contact Social Security and update their Medicare records;
  • Work with CMS to help patients adjust to their new Medicare cards. When available later this fall, display helpful information about the new Medicare cards; and
  • Test system changes and work with billing office staff to be sure the office is ready to use the new MBI format.

Earlier this month, a New York man was sentenced to 10 years in prison for allegedly operating a $26 million scheme to defraud Medicare and Medicaid. The defendant allegedly established 6 medical clinics in Brooklyn that paid elderly people to pose as patients and billed Medicare and Medicaid for unnecessary and/or non-existent medical care and equipment. The defendant, who was not a doctor, operated the six clinics between 2007 and 2013, but because New York’s corporate practice of medicine doctrine requires that such clinics be owned and operated by licensed healthcare professionals, he found three physicians to serve as nominal clinic owners. The allegations included that the physicians would periodically come to the clinic to sign medical charts for patients who they never treated, and for others, prescribe unnecessary medications, procedures and supplies. The clinics allegedly incentivized elderly patients to seek “treatment” at the clinics through cash kickbacks.

In addition to his prison term, the defendant was ordered to pay $16,686,811 in forfeiture and a restitution order of $18,683,691. Although this was an extreme “billing mill” case, the severity of sentencing highlights the importance of billing compliance obligations. Also, since New York law strictly prohibits unlicensed individuals, such as the defendant, from owning medical clinics and/or influencing medical decision making, clinics should ensure that such functions are exclusively reserved to its licensed healthcare providers. The corporate practice of medicine doctrine varies from state to state, so we recommend that you contact a knowledgeable and experienced healthcare attorney in your state if you have any questions regarding these requirements.

As many people are discussing methods to improve healthcare, the Centers for Medicare & Medicaid Services (CMS) is giving stakeholders an opportunity to send in their thoughts on this topic.  In CMS’s April 14, 2017 proposed rule, CMS issued a “Request for Information” (“RFI”), where they described their desire to have a “national conversation” about improving the health care delivery system.

CMS would like to know, amongst other ideas: (1) How CMS can help make its healthcare delivery system (Medicare) less bureaucratic and complex; and (2) How CMS can reduce the burden on clinicians, providers and patients in a manner that increases quality of care and decreases costs.  “CMS is soliciting ideas for regulatory, sub-regulatory, policy, practice and procedural changes to better accomplish these goals.”

Per CMS, some ideas could include recommendations regarding payment system re-designs; elimination or streamlining of reporting; monitoring and documentation requirements; and operational flexibility; amongst others.  CMS is also looking for ideas on how CMS issues regulations and policies, and how these could be simplified.

In a separate RFI in the same proposed rule, CMS also seeks information on how the scope and restrictions imposed on “Physician-Owned Hospitals” affect the delivery system, particularly with regards to Medicare beneficiaries.

To the extent respondents have data and specific examples, CMS requests such information be included in the submission.  If a proposal involves novel legal questions, CMS is also welcoming analysis regarding CMS’ authority.

If you wish to submit your comments to CMS, you have until June 13, 2017 to do so.

For more information please see the CMS Fact Sheet for Fiscal Year (FY) 2018 Medicare Hospital Inpatient Prospective Payment System (IPPS) and Long Term Acute Care Hospital (LTCH) Prospective Payment System Proposed Rule, and Request for Information CMS-1677-P.

The Centers for Medicare & Medicaid Services (“CMS”) recently introduced a new education initiative for Chronic Care Management (“CCM”) patients and providers. The initiative, called Connected Care, is intended to raise awareness of the benefits of providing CCM services to Medicare beneficiaries with multiple chronic conditions and to help ensure that health care providers are receiving optimal reimbursement for providing such services.

CMS has stated that two-thirds of Medicare beneficiaries have two or more chronic conditions, and one-third have four or more chronic conditions. CMS recognizes CCM as a critical component to primary care that contributes to better quality health care at reduced cost. However, many CCM providers are not aware that the Medicare Physician Fee Schedule allows separate payments for CCM services such as telephone communication, review of medical records and test results, and coordination and exchange of health information with other providers. CCM also includes activities such as patient education or motivational counseling, which are provided either in person or by telephone. Physicians, certified nurse midwives, clinical nurse specialists, nurse practitioners and physician assistants may bill for CCM services.

Specifically, CPT Code 99490 has been available since 2015 for eligible providers to bill for at least 20 minutes of clinical staff time directed by a physician each month to coordinate care for beneficiaries who have two or more serious chronic conditions expected to last at least 12 months. Effective January 1, 2017, CMS expanded the CCM billing codes to account for more complex and time-consuming care coordination:

  • HCPCS Code G0506 is an add-on code to the CCM initiating visit for providing a comprehensive assessment and care planning to patients;
  • CPT Code 99487 is for complex CCM that requires substantial revision of a care plan, moderate or high complexity medical decision making, and 60 minutes of clinical staff time;
  • CPT Code 99489 is a complex CCM add-on code for each additional 30 minutes of clinical staff time.

CMS’ Connected Care program provides the following educational materials for CCM services:

If you have questions regarding billing for CCM services, please contact a knowledgeable and experienced healthcare attorney.

We recently issued a Health Law Alert on the Medicare Quality Payment Program, focusing specifically on what physicians and their medical practices need to know to be in compliance with the Program in 2017.  The Alert may be accessed at this link: Fox Rothschild Health Law Alert – Medicare Quality Payment Program

You may also view some of our recent posts on the Physician Law Blog for more information on the Medicare Quality Payment Program.  In short, compliance with the Program in 2017 can earn you and your practice anywhere from a 0%-4% increase in your reimbursements under the Medicare Physician Fee Schedule in 2019.  However, failure to meet at least the minimum level of compliance this year will result in a negative adjustment of 4% to your Medicare reimbursements in 2019.

Stay tuned to Fox Rothschild’s Physician Law Blog for updates on the Medicare Quality Payment Program in 2017 and beyond.

The Medicare incentive programs with which you and your medical practice are familiar will soon be no more.  As of January 1, 2017, these programs (including the Electronic Health Records (EHR) Meaningful Use Incentive Program, the Physician Quality Reporting System (PQRS), and the Physician Value-Based Modifier Program) will morph into the new Medicare Quality Payment Program (QPP).   The QPP will also include a fourth category of incentives entitled “Clinical Practice Improvement Activities”, which we discuss in more detail below.

The purpose of the QPP is to create one central program that will govern Medicare Part B payments to physicians, while incentivizing physicians to increase quality of care and decrease inefficiencies in the cost of care for Medicare patients.  Participation in the QPP will be mandatory beginning January 1, 2017.  The QPP will either reward or penalize physicians and their practices by adjusting their reimbursement rates under the Medicare Physician Fee Schedule two (2) years after the reporting year.  Therefore, physicians/practices will have their reimbursement rates adjusted in 2019 based on their reporting data for the year 2017.

As we noted in our first blog post in the Series, accessible here, physicians will have the option to choose between two payment tracks under the QPP:  (1) the Merit-Based Incentive Payment System (MIPS); and (2) an Advanced Alternative Payment Model (Advanced APM).  This blog post will discuss the basics of the MIPS and how to qualify for the MIPS in 2017, while our next post will touch on the basics of participation in Advanced APMs.

Basics of the MIPS

Each physician or group practice (you may report individually or as a group) participating in the MIPS in 2017 will earn a “composite performance score” based on the physician/group’s scores within the following four (4) categories:

  1. Quality of Care – 60%
    • Explanation: Scored based on the reporting of “quality measures”, which will be published annually by CMS.  Physicians will be able to choose which quality measures they will report each year.
    • Replaces: PQRS and quality component of the Value-Based Modifier.
  2. Advancing Care Information – 25%
    • Explanation: Scored based on the reporting of EHR use-related measures with which you are familiar from the current EHR Meaningful Use Incentive Program.  However, unlike the existing program, the QPP measures will not have “all-or-nothing” targets.
    • Replaces: EHR Meaningful Use Program.
  3. Clinical Practice Improvement Activities – 15%
    • Explanation: Scored based on attestation by the physician/group that the physician/group has performed certain care coordination, beneficiary engagement, population management and patient safety activities.
    • Replaces:   New Program.
  4. Resource Use – 0%
    • Explanation: Scored based on per capita patient costs and episode-based measures.  CMS collects and analyzes the data from your claims submissions.  No additional reporting will be required.
    • Replaces: Cost component of the Value-Based Modifier.

How to Qualify for 2017

CMS has eased the reporting requirements for the first year of the QPP.  No physician/group will be required to begin collecting data in accordance with the QPP’s requirements on January 1, 2017 (but may elect to do so).  To receive a neutral or positive payment adjustment, physicians/groups will need to report data for only a 90-day performance period during the year.  There are also minimum threshold reporting requirements to avoid a negative payment adjustment and full participation requirements which are more likely to result in a guaranteed positive adjustment.  The table below organizes the requirements in an easy-to-read format:

MIPS Measures Chart

Final Thoughts on Qualifying for the MIPS in 2017

  • Get involved sooner rather than later. CMS has kept reporting requirements minimal in 2017 in order to encourage clinicians to participate in the QPP.  Take advantage of that opportunity to ensure your practice has the right software to report the quality and EHR use-related measures.  Since adjustments will be made based on threshold scores, it may be easier in 2017 to earn a positive adjustment, and even an exceptional bonus, than in later years.
  • Ensure that your current EHR technology meets the requirements for the QPP in 2017, including reporting capabilities for quality measures and EHR use-related measures. The easiest way to do this is to contact your EHR vendor.
  • CMS has given providers plenty of time to report 2017 data. The deadline for reporting 2017 data is March 31, 2018.

As always, if you have questions specific to your practice, please contact a knowledgeable and experienced attorney.