HIPAA - FW & A Review

Health Insurance Portability and Accountability Act (HIPAA)

 The law known as “HIPAA” stands for the Health Insurance Portability and Accountability Act of 1996 which created
Privacy and Security requirements for the personal health information of individuals.
 Privacy Requirements: The privacy requirements govern disclosure of patient protected health information (PHI), while
protecting patient rights.
 Security Requirements: The security regulation adopts administrative, technical, and physical safeguards required to
prevent unauthorized access to protected health care information.
 HIPAA created regulatory expectations for protecting the privacy and security of PHI. Failure to properly protect and
secure beneficiary information can result in fines and penalties, both civil and criminal.
 Covered entities, like pharmacies, are bound by HIPAA regulations and the proper implementation of the protections it
provides.
The Scope of Fraud, Waste, and Abuse in our Healthcare System

The National Healthcare Anti-fraud Association (NHCAA) cites an average of 3 percent (at the low end) and 10 percent
(at the high end) of healthcare spending is lost due to fraud. Healthcare fraud is believed to be the second largest
white-collar crime in the United States.

Defining Fraud, Waste and Abuse

Fraud: The intentional deception or misrepresentation that an individual knows to be false or does not believe to be true
and makes, knowing that deception could result in some unauthorized benefit.

Waste: Acting with gross negligence or reckless disregard for the truth in a manner that results in any unnecessary cost or
any unnecessary consumption of a healthcare resource.
Abuse: Those incidents that are inconsistent with accepted medical or business practices, improper or excessive.

Examples of Fraud, Waste, and Abuse

 Services Not Rendered: Billing for services and/or supplies that were never performed or provided. Examples
include billing insurance companies for office visits even though the patient did not show up for a scheduled
appointment, billing for an MRI with contrast even though there were no contrast materials injected, and pharmacies
billing for non-existent prescriptions.

Thinkterpreters 2020
 Up-coding: Billing for a higher-level treatment than was actually provided. This is most commonly found to occur
in the various Evaluation and Management codes.
 An example would be a provider billing a 99215, when only a 99212 was justified by the service provided. It is
highly encouraged that physicians and billers review their billing information prior to claim submission. Physicians are
responsible for the actions of their billing personnel.
 Unbundling: Billing separately for services that are already included in the primary procedure. A common example is a physician
billing a separate office visit for a follow up that was included in the global surgical code. By appending a modifier 25, the physician is
indicating that the service was separate and distinct. Audits often reveal that the follow up visit was indeed a simple checkup related
directly to the surgery, and were ‘unbundled’ from the primary procedure.
 Under-utilization: Physicians not providing enough care or delaying needed care. This is most commonly found to occur with
capitation contracts, when Primary Care Physicians (PCPs) and Independent Physician Associations (IPAs) are attempting to delay a
beneficiary’s visit to a specialist in order to maximize their service funds.
 Services Not Medically Necessary: Billing for services or procedures that are not needed. The most common example includes
adding unrelated history and/or review of systems to office visits to drive the key components required to bill higher level E & M codes.
Medicare has strict guidance related to medical necessity and we encourage physicians and billers to continually monitor these guidelines.
This has also become more prevalent with the increasing usage of Electronic Medical Records (EMR) by physicians offices. Many of these
systems are configured to automatically add bullet statements to the medical record, regardless of if performed or not.
 ICD-9 Up-coding: Utilizing false or inflated diagnosis codes for encounter information to increase premiums. An example is listing
Dx 250.0, indicating diabetes, however the patient has never had this disease. This results in a higher risk adjusted premium (RAPs) being
paid by the Medicare Trust Fund to care for the beneficiary. CMS has placed great emphasis on eliminating inappropriate costs and undue
remuneration in this area.
 Formulary versus Brand: Writing scripts for brand name pharmaceuticals even though the generic is stated in the plan formulary.
Brand name drugs can often carry costs five times as high as the generics, results and effectiveness are the same, the outcome is a higher
co-pay for the member and wastes spending from the Medicare Trust Fund.
 Medical Identity Theft and Theft of Services: Use of medical benefits by an unauthorized individual. This can be the result of
outright theft or collusion between parties. It is critical that physicians and their staff verify identity of their patients, preferably with a
government issued photo ID.

Thinkterpreters 2020
Tips in Battling Identity Theft
 Ask for identification: Don’t be afraid to ask the patient or party obtaining the prescriptions or receiving the medical service for
identification and make a copy for your records.
 Ask for a signature: Don’t be afraid to require a signature from the party obtaining the prescriptions or the medical service, even
when one is not required.
 Report it: Call the local police and the impacted insurance company if you believe you have encountered a case of medical identity
theft.
 Inform the Beneficiary: If you know who the true beneficiary is, immediately alert that individual so they can take steps to protect
against further activity.

Tips for Identifying Fraud, Waste, and Abuse

Look for signs of drug diversion. Identify patterns of patients who may be doctor shopping or diverting drugs.
o Does the patient get several rejects from the Part D Plan for refills too soon?
o Does the patient see a large number of doctors?
o Does the patient present prescriptions written in names of other people?
o Could the drug interact with medication the patient is currently prescribed or taking?

False Claim Act and the Fraud Enforcement and Recovery Act (FERA)
The enactment of the Fraud Enforcement and Recovery Act (FERA) in May 2009, amended the False Claims Act.
With these amendments the False Claims Act now prohibits knowingly:
o Submitting a claim known to be false or fraudulent for payment or reimbursement.

Thinkterpreters 2020
 o Making or using a false record or statement material to a false or fraudulent claim or to an ‘obligation’
to pay -money to the government.
o Engaging in a conspiracy to defraud by the improper submission of a false claim.
o Concealing, improperly avoiding or decreasing an ‘obligation’ to pay money to the government.

Penalties
o Civil fines range from $5,000 to $11,000 per claim, plus 3 times the amount of damages
o Qui Tam or ‘Whistleblower’ Protection
o In accordance with the False Claims Act, individuals who come forward as ‘whistleblowers’ are
afforded certain rights, and may not be retaliated against.

The Anti-Kickback Act

•The Anti-Kickback Statute makes it illegal for individuals or entities to knowingly or willfully offer, pay, solicit, or
receive remuneration in order to induce or reward business payable or reimbursable under the Medicare or other
Federal health care programs.
•In compliance with the Anti-Kickback Act pharmacies cannot direct, urge or attempt to persuade a Medicare
beneficiary to enroll in a particular plan or to insure with a particular company based on the financial or any interest of
the pharmacy.
• In addition, pharmacies cannot inappropriately offer, pay, solicit or receive unlawful remuneration to switch patients
to different drugs or influence prescribers to prescribe different drugs.

Thinkterpreters 2020