Archive for March, 2013

Overpayment Demands and Collections CMS Medicare Overpayment

Friday, March 22nd, 2013

CMS Overpayment Demands and Collections Matters

The Affordable Care Act affirmatively requires a health care provider who has received an overpayment to return such amount within 60 days after it has been identified. Returning an overpayment past the 60 day notice period becomes a violation of the Federal False Claim Act. An “overpayment” includes any amount that a person returns or receives under Medicare of Medicaid that is not entitled.

The normal procedure that is followed by CMS is to recoup overpayments against future payments that are due to the provider. If CMS initiates the process, it will normally start with the issuance of a demand letter. Outstanding overpayment obligations may be referred to the Department of Treasury for collection following written notice to the provider. In some cases, private collection firms might also be used.

Providers can often work out extended repayment plans with private collection agencies, treasury, or directly with CMS. There are also opportunities to compromise some overpayment claims.

There is no statute of limitation for recoupment or offset of claims. There is a 6-year statute of limitations on affirmative actions to collect on overpayment.

In some cases, providers can be liable for the overpayment liabilities of entities that the purchase under the theory of successor liability. Medicare does not change a high rate of interest on overpayments that remain outstanding.

When Does HIPAA Override State Medical Privacy Laws

Thursday, March 14th, 2013

HIPAA Preemption of State Law

The HIPAA Privacy Rule provides a Federal floor of privacy protections for individuals’ individually identifiable health information where that information is held by a covered entity or by a business associate of the covered entity. State laws that are contrary to the Privacy Rule are preempted by the Federal requirements, unless a specific exception applies. These exceptions include if the State law:

  • relates to the privacy of individually identifiable health information and provides greater privacy protections or privacy rights with respect to such information
  • provides for the reporting of disease or injury, child abuse, birth, or death, or for public health surveillance, investigation, or intervention, or
  • requires certain health plan reporting, such as for management or financial audits. In these circumstances, a covered entity is not required to comply with a contrary provision of the Privacy Rule.

Additional areas that permit State law to have an exception from the Federal preemption rules can be created by formal request from the State if certain requirements are met.  The Department of Health and Human Services (HHS) may, following request from a State, determine that a provision of State law which is “contrary” to the Federal requirements – as defined by the HIPAA Administrative Simplification Rules – and which meets certain additional criteria, will not be preempted by the Federal requirements. The Secretary of HHS must determine that one of the following criteria apply before granting and exception from the HIPAA preemption rules. These criteria require a showing that the state law at issue:

  1.  is necessary to prevent fraud and abuse related to the provision of or payment for health care,
  2. is necessary to ensure appropriate State regulation of insurance and health plans to the extent expressly authorized by statute or regulation,
  3. is necessary for State reporting on health care delivery or costs,
  4. is necessary for purposes of serving a compelling public health, safety, or welfare need, and, if a Privacy Rule provision is at issue, if the Secretary determines that the intrusion into privacy is warranted when balanced against the need to be served; or
  5. has as its principal purpose the regulation of the manufacture, registration, distribution, dispensing, or other control of any controlled substances (as defined in 21 U.S.C. 802), or that is deemed a controlled substance by State law.

Only State laws that are “contrary” to the Federal requirements are eligible for an exemption determination. In order to be considered “contrary”  it must be impossible for a covered entity to comply with both the State and Federal requirements, or that the provision of State law is an obstacle to accomplishing the full purposes and objectives of the Administrative Simplification provisions of HIPAA.