Reed Smith LLP

Reed Smith Client Alerts

OIG Draft Compliance Guidance For The Durable Medical Equipment, Prosthetics, Orthotics And Supply Industry

Subscribe
Home Perspectives OIG Draft Compliance Guidance For The Durable Medical Equipment, Prosthetics, Orthotics And Supply Industry

Introduction

On January 28, 1999, the Office of Inspector General ("OIG") of the Department of Health and Human Services ("HHS") released its "Draft Compliance Guidance for the Durable Medical Equipment, Prosthetics, Orthotics and Supply Industry" ("Draft DMEPOS Compliance Program Guidance"). 64 Fed. Reg. 4435. In addition to explaining the OIG’s general views on the value and fundamental principles of DMEPOS suppliers’ compliance programs, the Draft DMEPOS Compliance Program Guidance outlines the specific elements that each DMEPOS supplier should consider when developing and implementing an effective compliance program.

The Draft DMEPOS Compliance Program Guidance is particularly notable for the level of detail used to describe risk areas particular to the DMEPOS industry. In addition, we note that the OIG’s "best practices" regarding a number of policy areas may not necessarily reflect actual supplier obligations under current statutes, regulations, and manual requirements.

The Draft DMEPOS Compliance Program Guidance is part of the OIG’s continuing effort to encourage the health care industry to police itself. It is the fifth compliance program guidance document issued by the OIG to date, (fn1) and the OIG invites interested parties to comment on the draft. Comments must be received by the OIG by 5 p.m. on March 1, 1999. The OIG is particularly interested in comments regarding the section on written policies and procedures. The OIG expects to publish the final version of the guidance later this year.

In view of the length and complexity of the Draft DMEPOS Compliance Program Guidance, this memorandum will focus only on selected features of the document that we believe will be of greatest interest to our clients. Please feel free to contact us, however, if you would like additional information about any aspect of the Draft DMEPOS Compliance Program Guidance.

Background

The Draft DMEPOS Compliance Program Guidance represents the OIG’s suggestions regarding how a DMEPOS supplier can best establish internal controls and monitor its conduct to correct and prevent fraudulent activities. Compliance programs are especially critical for DMEPOS suppliers’ internal quality assurance control efforts in the reimbursement and payment areas, the OIG asserts, since "claims and billing operations are often the source of fraud and abuse, and therefore, historically have been the focus of Government regulation, scrutiny, and sanctions."

While recognizing the diversity of the DMEPOS industry, the OIG asserts that the Draft DMEPOS Compliance Program Guidance is relevant to all DMEPOS suppliers, regardless of size, number of locations, type of equipment provided, or corporate structure. The applicability of the recommendations and guidelines, however, will depend on the circumstances of each DMEPOS supplier. Moreover, the OIG warns that "[b]y no means should the contents of this guidance be viewed as an exclusive discussion of the advisable elements of a compliance program." Instead, DMEPOS suppliers should develop and implement compliance plans "that uniquely address the individual DMEPOS supplier’s risk areas."

The OIG lists a number of benefits associated with the adoption of an effective compliance program, including the possibility that early detection and reporting of fraud could minimize the loss to the government from false claims, thereby reducing the DMEPOS supplier’s exposure to civil damages and penalties, criminal sanctions, and administrative remedies. Likewise, the OIG will consider the existence of an effective compliance program that pre-dated a governmental investigation when addressing the appropriateness of administrative sanctions. Furthermore, voluntary disclosure by a supplier of a violation of the False Claims Act, 31 U.S.C. 3729-3733, could in certain circumstances permit double, rather than treble, damages to be assessed. The OIG cautions, however, that compliance programs that simply have the appearance of compliance without being wholeheartedly adopted and implemented by the DMEPOS supplier or programs that are hastily constructed and implemented without appropriate ongoing monitoring will likely be ineffective and could expose the DMEPOS supplier to greater liability than no program at all.

As in previous compliance guidance documents, the OIG bases its recommendations on the Federal Sentencing Guidelines. (fn2) The OIG states that it also considered comments made in response to an August 7, 1998 solicitation notice seeking information and recommendations for developing guidance for the DMEPOS industry.(fn3) In addition, the OIG has drawn upon previous OIG publications, such as Special Fraud Alerts, the experience of federal fraud investigations, and the advice of the Health Care Financing Administration ("HCFA") and the durable medical equipment regional carriers ("DMERCs"). The OIG notes that the Draft DMEPOS Compliance Program Guidance may be modified and expanded in the future to reflect new information obtained by the OIG, along with changes in the statutes, regulations, policies, and procedures of federal, state, and private health plans. Presumably the Draft DMEPOS Compliance Program Guidance also could be revised based on comments submitted by the public. (fn4)

Compliance Program Elements

Seven Mandatory Elements

As in previous compliance program guidance documents, the Draft DMEPOS Compliance Program Guidance identifies seven elements that the OIG characterizes as fundamental to an effective compliance program:

  • The development and distribution of written standards of conduct, as well as written policies and procedures that promote the DMEPOS supplier’s commitment to compliance and address specific areas of potential fraud, such as claims development and submission processes, completing certificates of medical necessity ("CMNs"), and financial relationships with physicians and/or other persons authorized to order DMEPOS;
  • The designation of a compliance officer and other appropriate bodies (e.g., a compliance committee), charged with operating and monitoring the compliance program, and who report directly to the CEO and the governing body;
  • The development and implementation of regular, effective education and training programs for all affected employees, covering specific billing procedures, sales and marketing practices, and general areas of compliance;
  • The creation and maintenance of a process to receive complaints that protects the anonymity of complainants and protects callers from retaliation;
  • The development of a system to respond to allegations of improper/illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations, or federal, state or private payor health care program requirements;
  • The use of audits and/or other risk evaluation techniques to monitor compliance, identify problem areas, and assist in reducing identified problem areas (including periodically spot-checking the work of coding and billing personnel); and
  • The investigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals.

Written Policies And Procedures

The Draft DMEPOS Compliance Program Guidance calls for each compliance program to require the development and distribution of written compliance polices, standards, and practices identifying specific areas of risk for the individual DMEPOS supplier (and, as appropriate, for different components of the DMEPOS supplier).

Standards Of Conduct

According to the OIG, DMEPOS suppliers should develop standards of conduct for all affected employees, including any related entities or affiliated providers operating under the DMEPOS supplier’s control (e.g., pharmacies, billing services, and manufacturers) and other health care professionals (e.g., nurses, licensed pharmacists, physicians, and respiratory therapists). It is unclear how the OIG expects the DMEPOS supplier to bind such unaffiliated health care professionals to its standards of conduct, but, at a minimum. the OIG presumably would want DMEPOS suppliers to inform such individuals of their standards of conduct. The standards should articulate the DMEPOS supplier’s commitment to complying with all federal and state statutes and rules, and government and private payor health care program requirements, with an emphasis on preventing fraud and abuse. The standards should be distributed to all affected employees, and employees should be asked to sign a statement certifying that they have received, read, and understood the standards of conduct.

Written Policies For Risk Areas

According to the OIG, DMEPOS suppliers should establish a comprehensive set of written policies and procedures that takes into consideration the particular statutes, rules, regulations, and program instructions applicable to each function of the DMEPOS supplier. In contrast to the standards of conduct, which are designed to be a clear and concise collection of fundamental standards, the written policies should articulate specific procedures personnel should follow. Individual policies and procedures should be coordinated with appropriate training and educational programs, with an emphasis on areas of special concern that have been identified by the OIG. The DMEPOS supplier risk areas identified by the OIG are by far the most extensive of any compliance guidance issued to date. The OIG identifies these 48 risk areas as follows:

  • Billing for items or services not provided;
  • Billing for medically unnecessary services;
  • Duplicate billing;
  • Billing for items or services not ordered;
  • Using a billing agent whose compensation is based on the dollar amounts billed or based on the actual collection of payment; since DMEPOS supplier billing agents may only receive payment based on a fixed fee; (fn5)
  • Upcoding;
  • Billing patients for denied charges without a signed written notice (sometimes referred to as the "waiver of liability" notice);
  • Unbundling items or supplies;
  • Billing for new equipment and providing used equipment;
  • Continuing to bill for rental items after they are no longer medically necessary (once a rental item is no longer needed, the DMEPOS supplier is required to discontinue billing the payor for it, and also should pick up the equipment from the patient as soon as possible);
  • Resubmission of denied claims with different and incorrect information in an attempt to be reimbursed;
  • Refusing to submit a claim to Medicare on behalf of a beneficiary, regardless of whether the supplier accepts assignment of the claim;
  • Inadequate management and oversight of contracted services, which results in improper billing;
  • Charge limitations; (fn6)
  • Providing and/or billing substantially excessive amounts of DMEPOS items or supplies;
  • Providing and/or billing for an item or service that does not meet the quality and standard of the DMEPOS item claimed (e.g., items provided in violation of Food and Drug Administration ("FDA") requirements);
  • Capped rentals;
  • Failure to monitor medical necessity on an on-going basis (according to the OIG, items or supplies furnished by the DMEPOS supplier should be replaced or adjusted, in a timely manner, to reflect changes in the patient’s condition);
  • Dispensing certain items or supplies prior to receiving a physician’s order and/or appropriate CMN;
  • Falsifying information on the claim form, CMN, and/or accompanying documentation;
  • Completing portions of CMNs reserved for completion only by the treating physician or other authorized person;
  • Altering medical records;
  • Manipulating the patient’s diagnosis in order to receive payment;
  • Failing to maintain medical necessity documentation (e.g., physician orders and/or CMNs);
  • Inappropriate use of place of service codes (e.g., indicating home as the place of service for beneficiaries);
  • Inappropriate use of cover letters with CMNs; (fn7)
  • Improper use of ZX modifier;
  • Providing incentives to actual or potential referral sources that may violate the anti-kickback statute or other similar federal or state statute or regulation;
  • Compensation programs that offer incentives for items or services ordered and revenue generated; (fn8)
  • Routine waiver of deductibles and coinsurance;
  • Joint ventures between parties, one of whom can refer Medicare or Medicaid business to the other (the OIG notes that it currently has a number of investigations and audits underway on this issue);
  • Situations where conflicts of interest may result due to referrals by physicians that own or have compensation arrangements with DMEPOS supply companies;
  • Billing for items or services furnished pursuant to a prohibited referral under the Stark physician self-referral law;
  • Improper telemarketing practices;
  • Improper patient solicitation activities and high-pressure marketing of non-covered or unnecessary services; (fn9)
  • "Co-location" of DMEPOS items and supplies with the referral source; (fn10)
  • Non-compliance with federal, state, and any private payor supplier standards;
  • Providing false information on the Medicare DMEPOS supplier enrollment form;
  • Not providing corrected information on the DMEPOS supplier enrollment form within the required 30 day time period;
  • Misrepresentation of a person’s status as an agent or representative of Medicare;
  • Knowing misuse of a supplier number, which results in improper billing;
  • Failing to meet individual payor requirements;
  • Performing tests on a beneficiary that a DMEPOS supplier is not authorized to perform (e.g., oximetry and arterial blood gas studies); (fn11)
  • Failing to refund overpayments to a health care program;
  • Failing to refund overpayments to patients;
  • Lack of communication between the DMEPOS supplier, the physician, and the patient; (fn12)
  • Lack of communication between different departments within the DMEPOS supplier; and
  • Employing persons excluded from participation in federal health care programs.

Moreover, a DMEPOS supplier’s prior history of noncompliance with applicable statutes, regulations, and federal, state, or private health care program requirements may indicate additional types of risk areas for which written policies and procedures and training elements may need to be instituted.

Claims Development And Submission

Medical Necessity

The Draft DMEPOS Compliance Program Guidance notes that although DMEPOS suppliers do not treat patients or make medical necessity determinations, there are steps they can take to help ensure that they only bill for services that are ordered, provided, covered, reasonable and necessary for each individual patient. To that end, the OIG suggests that the DMEPOS supplier’s compliance officer may want to create a clear, comprehensive summary of the "medical necessity" or coverage criteria and applicable rules of various government and private plans for the appropriate DMEPOS supplier personnel. The OIG also recommends that DMEPOS suppliers formulate internal control mechanisms through their written policies and procedures, including periodic claim reviews, to verify that patients are receiving and the DMEPOS supplier is billing for items and/or services that are ordered, provided, covered, reasonable, and necessary.

Physician Orders

According to the OIG, the DMEPOS supplier’s written policies and procedures should state that the DMEPOS supplier will not bill for an item or service unless and until it has been ordered by the treating physician or any other authorized person. For all Medicare-reimbursed DMEPOS items or services, the DMEPOS supplier must receive a written order from the patient’s physician. When the DMEPOS supplier receives a verbal order, the supplier should document the verbal order and must have the treating physician confirm it in writing prior to billing. The Draft DMEPOS Compliance Program Guidance further provides that the written policies and procedures should state for items requiring a written order prior to delivery, that the order must be received by the DMEPOS supplier before it delivers the equipment to the patient and before it bills the payor.

Certificate Of Medical Necessity

For certain DMEPOS items and services, the DMEPOS supplier must receive a signed CMN from the treating physician or other authorized person. The original CMN must be retained in the DMEPOS supplier’s file and be available to the DMERCs upon request.

The Draft DMEPOS Compliance Program Guidance spells out current requirements for completion of CMNs. (fn13) Section A may be completed by the DMEPOS supplier. Section B may not be completed by the DMEPOS supplier; it may only be completed by the treating physician, a non-physician clinician involved in the care of the patient, or a physician employee who is knowledgeable about the patient’s treatment. If section B was completed by a physician employee or other non-physician clinician, the section must be reviewed by the treating physician or other person authorized to order such equipment for the patient to ensure accuracy. Section C must be completed by the DMEPOS supplier prior to the CMN being furnished to the treating physician or other authorized person for signature. Section D may only be signed by the treating physician or other person authorized to order equipment for the patient.

DMEPOS suppliers should take all reasonable steps to ensure that each section of the CMN is completed in accordance with the above guidelines. The Draft DMEPOS Compliance Program Guidance suggests that DMEPOS suppliers’ written policies and procedures should require, at a minimum, that they:

  • Do not forward blank CMNs to the treating physician or other authorized person for signature;
  • Do not complete section B (Medical Necessity) of the CMN;
  • Do not include diagnostic information on a cover letter attached to the CMN; (fn14)
  • Do not alter or add any information on the CMN after receiving the completed and signed CMN from the physician or other authorized person;
  • Do not sign the CMN for the treating physician or other authorized person;
  • Do not urge physicians or other authorized person to order equipment or supplies that exceed what is reasonable and necessary for the patient;
  • Do not deliver an item that needs pre-authorization prior to receiving the physician order and CMN;
  • Do not submit a claim for items or services until the CMN is properly and correctly completed by the treating physician or other authorized person;
  • Do maintain the original CMNs in their files;
  • Do consult with the treating physician or other authorized person who signed the CMN when there is a question on the order;
    Do properly complete sections A and C of the CMN and forward the remainder of the CMN to the treating physician or other authorized person for his/her review, information, and signature; and
  • Only bill for services that the treating physician or other authorized person attests in section D are ordered, covered, reasonable, and necessary for the patient.

Billing

DMEPOS suppliers should include in their written policies and procedures that they will only submit claims for equipment and supplies that are properly completed, accurate, and correctly identify the equipment or supplies ordered by the treating physician or other authorized person and furnished to the patient. Also, before submitting a claim, the DMEPOS supplier should ensure the item or service being claimed was provided, covered, reasonable and necessary. In addition, written policies and procedures should clarify that a DMEPOS supplier cannot submit bills or receive payment for drugs used in conjunction with DMEPOS unless the supplier is licensed to dispense the drug (i.e., a pharmacy).

Selection Of HCPCS Codes

DMEPOS suppliers’ written policies and procedures should state that only the HCPCS code that most accurately describes the item or service ordered and provided should be billed. To ensure code accuracy, the OIG recommends the supplier include a requirement in its policies and procedures that the codes be reviewed (random sample or certain codes) by individuals with technical expertise in coding before claims containing such codes are submitted to the affected payor. If a DMEPOS supplier has questions regarding the appropriate code to be used, it should contact the Statistical Analysis Durable Medical Equipment Carrier’s ("SADMERC") HCPCS coding help line.

Valid Supplier Numbers

The DMEPOS supplier should ensure that appropriate personnel are knowledgeable in (1) completing the HCFA 855S supplier application; and (2) complying with the federal requirements of 42 CFR 424.57(e) for updating supplier number applications. Likewise, the written policies and procedures should state that the DMEPOS supplier should not bill any other federal, state, or private payor health care plan without obtaining the necessary billing numbers and that the billing numbers will be used correctly. A supplier should not have more than one supplier number unless it is appropriate to identify subsidiary or regional entities under the supplier’s ownership or control.

Mail Order Suppliers

The OIG recommends that any DMEPOS supplier who engages in the mail order supply business clearly articulate its protocol for this segment of its business in the company’s written policies and procedures. Mail order supplies should only be delivered in accordance with the treating physician’s or other authorized person’s order. The OIG also recommends that the supplier utilize a tracking system so it will be able to determine whether the patient received the supplies and will be able to track the location of an item or supply at any given time. In addition, the mail order DMEPOS supplier should maintain an accurate inventory list and should not bill for or commit to sending items that are not part of its inventory.

Assignment

If a DMEPOS supplier accepts Medicare assignment, its written policies and procedures should state that it will not charge Medicare beneficiaries more than the amounts allowed under the Medicare fee schedule, including coinsurance and deductibles. If the beneficiary pays the DMEPOS supplier prior to the supplier submitting the claim, the supplier should ensure it is not charging the beneficiary more than the allowable coinsurance. If the DMEPOS supplier collects excess payments from a Medicare beneficiary, it should have a mechanism to promptly refund the overpayment. Suppliers should know the Medicare rules for accepting assignment and receiving direct payment from beneficiaries for items or services. If a DMEPOS supplier chooses not to accept Medicare assignment, it still is responsible for submitting the claim to Medicare on behalf of the beneficiary.

If the DMEPOS supplier uses a billing agent, the supplier should ensure the billing agent is complying with all of the relevant statutes and requirements governing such an arrangement. The OIG strongly recommends that the supplier coordinate closely with the billing company to establish compliance responsibilities that are formalized in the written contract between the supplier and the billing agent.

Waiver Of Liability Issues

The OIG confirms that a DMEPOS supplier or Medicare beneficiary is not liable for payment on assigned claims where the beneficiary did not know, and could not reasonably have been expected to know, that the payment for such services would not be made. Nevertheless, when the supplier knew, or could have been expected to know, that the items or services would be denied, the liability for the charges rests with the supplier. The supplier should include these rules regarding so-called "waiver of liability" in its written policies and procedures.

When a DMEPOS supplier knows or has reason to believe that the equipment or supplies ordered by the treating physician or other authorized person will be denied, the supplier should inform the patient prior to furnishing the item or service and ask the patient to sign a written notice. If the DMEPOS supplier has not received a signed written notice from the beneficiary and the claim is denied, the supplier should not bill the beneficiary. The notice must be in writing, must clearly identify the particular item or service, must state that the payment for the particular service likely will be denied, and must give the reason(s) for the belief that payment is likely to be denied. It is the beneficiary’s decision whether to sign the written notice. If the beneficiary does sign the notice, the supplier should: (1) include the appropriate modifier on the claim form; (2) maintain the written notice in its files; and (3) be able to produce the written notice to the DMERC upon request.

Routine notices to beneficiaries that do no more than state that denial of payment is possible or that they never know whether payment will be denied are not considered acceptable evidence of written notice. Notices should not be given to beneficiaries unless there is genuine doubt regarding the likelihood of payment for the reasons stated on the written notice. Giving notice for all claims is not an acceptable practice, according to the OIG.

Routine Waiver Of Deductibles And Coinsurance

While DMEPOS suppliers are permitted to waive the Medicare coinsurance amounts in cases of indigency, the OIG recommends that suppliers develop written criteria documenting their policies for determining indigency, and consistently apply these criteria. The indigency exception must not be used routinely and a good faith effort must be made to collect deductibles and coinsurance.

DMEPOS suppliers’ written policies and procedures should state that they will not routinely waive deductibles and coinsurance for Medicare beneficiaries. Such policies and procedures should include, but not be limited to, statements that supplier’s personnel are prohibited from: advertising an intent to waive deductibles or coinsurance; advertising an intent to discount services for Medicare beneficiaries; giving unsolicited advice to patients that they need not pay; charging Medicare beneficiaries more than other patients for similar services and items; or collecting deductibles and coinsurance only when a patient has a certain insurance.

Capped Rentals And The Purchase Option

DMEPOS suppliers’ written policies and procedures should address government and private payor requirements when providing rental equipment to beneficiaries. This includes, for Medicare beneficiaries, the purchase option, which becomes available in the tenth continuous rental month. The OIG states that the supplier should accurately discuss the pros and cons of the different options with the beneficiary. If the beneficiary does not accept the purchase option, the supplier must continue to provide the item without charge to the beneficiary or Medicare after the 15th continuous month of receiving rental payments from Medicare if the item or service continues to be medically necessary. The supplier may submit additional claims for maintenance and servicing fees associated with the rental item.

The policies and procedures also should address the guidelines for determining "continuous use" and criteria for a new rental period. Furthermore, the supplier should create internal mechanisms to ensure the correct rental month appears on the claim and the correct modifier is used.

The DMEPOS supplier also should ensure it is performing basic safety and operational function checks after use by each patient, and that it is performing routine and preventative maintenance on equipment. The supplier also must ensure that it has qualified staff or contractors to service, set up, and instruct the patient on the proper use of the equipment. The supplier also should maintain current service manuals for all equipment it supplies. The OIG also asserts that DMEPOS suppliers should establish an internal control system which allows the supplier to track the location of each piece of equipment at any given time (although this is not a requirement under current supplier standards).

In addition, the DMEPOS supplier should ensure it is not submitting claims for rental equipment when the beneficiary is residing in an institution (i.e., a hospital or skilled nursing facility). If the beneficiary is residing in an institution when a DMEPOS supplier delivers equipment, the supplier may not submit a claim prior to the beneficiary’s date of discharge.

ZX Modifier

The ZX modifier is used to indicate that the DMEPOS supplier is maintaining medical necessity documentation in its files. The Draft DMEPOS Compliance Program Guidance states that suppliers should create internal mechanisms to ensure the proper use of the ZX modifier, since improper use of the modifier may result in the submission of false claims. Written policies and procedures should address the supplier’s protocol for using the ZX modifier.

Cover Letters

In cases where a DMEPOS supplier sends a cover letter along with the CMN to the physician, the cover letter should address issues relating to HCFA or DMERC regulation/policy changes, brief descriptions of the item(s) being provided, and changes in the patient’s regimen. According to the OIG, the cover letter must not (i) lead physicians to order medically unnecessary items or supplies or (ii) include diagnostic information. In addition, the supplier should not distribute completed "sample" CMNs to physicians. DMEPOS suppliers should maintain on file a copy of the cover letter sent to physicians. The DMERCs may request to review the information provided in cover letters to ensure the supplier is in compliance with the law.

Communication

While the OIG appears to favor restricting the information included in cover letters, the agency also suggests that DMEPOS suppliers create mechanisms that increase the communication between treating physicians or other authorized referral sources, the patients, and the supplier. Such mechanisms should be included in the DMEPOS supplier’s written policies and procedures, and they may include (i) the supplier periodically calling the patient to ensure the equipment is still being used and operating properly, or (ii) an arrangement between the supplier and the physician whereby the physician "immediately