Compliance risks and tips for home health agencies

By Anne Novick Branan, Esq.; and Richard Sena

Anne Novick Branan (anne.branan@nelsonmullins.com) is Of Counsel in the Fort Lauderdale Office of Nelson Mullins Riley & Scarborough LLP. Anne is certified in Health Law by the Florida Bar and has extensive experience advising clients how to navigate federal and state healthcare compliance laws. Before her legal career, she was a healthcare professional in home healthcare for 10 years.

Richard Sena (richard.sena@nelsonmullins.com) is a Juris Doctor candidate at the Nova Southeastern University Shepard Broad College of Law. He is the Editor-in-Chief of the Nova Law Review and a Law Clerk at Nelson Mullins Riley & Scarborough LLP in Fort Lauderdale.

Home health providers furnish care for some of our country’s most vulnerable populations. Home care provides a lifeline for patients to convalesce at home where they are comfortable and to avoid institutionalization in long-term care facilities. According to the latest study from the Centers for Disease Control and Prevention, there are more than 12,000 home health agencies, 98.7% of which are Medicare certified and 78.4% of which are Medicaid certified.[1] As such, the federal government keeps a keen eye on home health practices that put strain on the public health system or put patients at risk. Enforcement by the Office of Inspector General (OIG) of the U.S. Department of Health & Human Services (HHS), the Department of Justice, and various state agencies aims to protect government healthcare plans and their beneficiaries. With this aggressive oversight, home health providers face compliance risks with severe criminal, civil, and financial consequences for violations.

Compliance risk areas and compliance tips

This article highlights some of the key compliance risks for home health agencies—a comprehensive discussion of compliance risks is found in the OIG’s Compliance Program Guidance for Home Health Agencies[2] —and suggests practices organizations can implement to minimize those risks.

Risk area one: Inappropriate referral relationships

In response to the competitive home care market, home health agencies may be motivated to partner with third parties, such as other health providers and marketers, to promote their business. These arrangements may include medical director contracts, referral-based compensation for marketing personnel, gifts to referring physicians, free services to assisted living facilities, or employing physicians’ family members. However, such relationships are fraught with risk because state and federal laws restrict relationships between home care providers and referral sources. These types of relationships are addressed by federal law through the federal Anti-Kickback Statute (AKS),[3] the Stark Law,[4] and the anti-inducement provisions of Civil Monetary Penalties Law (CMPL).[5] Additionally, many states have enacted their own anti-kickback laws. Improper relationships with potential referral sources can lead to overutilization of services for federal and state health plan beneficiaries, increased government healthcare program costs, corrupted medical decision-making, and unfair competition.

Anti-Kickback Statute

One of the AKS’s purposes is to ensure that healthcare providers do not enter into certain relationships with other entities or individuals that are intended to induce the referral of beneficiaries of federal health plans. Specifically, the AKS prohibits a person or entity from knowingly or willfully offering, soliciting, paying, or receiving remuneration to induce federal healthcare program referrals. “Remuneration” refers to anything of value paid directly or indirectly, in cash or in kind, which is intended to induce the referral of patients. Such remuneration can include cash, free goods or services, discounts, gifts, below-market rent, or relief of financial obligations.

A violation of the AKS exposes home health agencies to criminal penalties, including imprisonment for up to five years, fines, and mandatorily exclusion from participating in federal healthcare plans. Administrative consequences include civil money penalties of up to $50,000 per violation and three times the value of the remuneration involved.

CMPL and Stark Law

Additionally, the CMPL prohibits home care agencies from inducing patronage from patients directly with gifts valued at more than $15 per item and $75 per year.[6] Providing free health screenings and transportation, cash gifts, free medical equipment, and other gratuities to patients creates risks for home health agencies. Substantial penalties called for in the CMPL could result in financial ruin for the provider.

Similarly, the Stark Law prohibits physicians from referring patients for certain services, including home health services and durable medical equipment, to entities with which the physician has a direct or indirect financial relationship. Unless an exception applies, if a physician has a financial relationship with a home care agency, like a medical director contract, that physician may not refer Medicare or Medicaid patients to that home health agency. Further, the entity receiving the patient referral cannot seek Medicare or Medicaid reimbursement for the service. A commonly used Stark Law exception is one for services arrangements with physicians, but only if certain criteria are met, including having a signed, written contract in place. The prohibition also extends to financial relationships of the physician’s immediate family members, so contracting with a referring physician’s wife to perform clinical or marketing services is an example of a practice that may be prohibited. Violations of the Stark Law include civil monetary penalties of up to $15,000 for each service, plus an assessment of three times the amount claimed.

Violations of the AKS and the Stark Law can result in substantial liability under the False Claims Act[7] that can arise from whistleblower complaints or government enforcement. Also, home health agencies must refund reimbursement received for services performed pursuant to prohibited referrals.

Compliance tips

  • If in doubt about the legality of an arrangement with a referral source, seek help from a health law attorney.

  • Create a system to track all financial relationships with physicians, physicians’ family members, and other referral sources to ensure written contracts are in place, signed, and renewed per the contractual terms.

  • Train marketing personnel on limitations on benefits that can be provided to referral sources and patients based on the AKS, the CMPL, and the Stark Law.

  • Create a tracking system for marketing personnel and others who may give items/gifts to referring physicians or patients.

  • Develop policies addressing contracts and space rental with referral sources, and gifts to patients or referral sources.

  • Allow only certain designated leaders in the home health agency to enter into contracts, leases, or other financial arrangements with actual or potential referral sources and use pre-approved contract forms.

Risk area two: Medical necessity and homebound status

For Medicare coverage, home health services must be ordered and certified by a physician, the patient must be homebound, and the services must be reasonable and necessary to diagnose or treat the patient’s illness, injury, disease, or condition. Clinical records must contain documentation showing that a patient is homebound (i.e., confined to the home). A physician (or other allowed provider) must certify the patient’s homebound status and the need for services, as well as establish and sign a plan of care. Additionally, the certifying physician’s plan of care must be periodically reviewed to ensure continuing coverage, and the home health agency should document its review of the patient’s home health needs. Reasonable and necessary home care services must include either skilled nursing care on a part-time or intermittent basis, physical therapy, speech-language pathology services, or a continued need for occupational therapy. Custodial home care is not covered by the Medicare program but, in some cases, may be covered by state-authorized Medicaid waiver programs. Home care agencies must have processes in place to admit only those patients that meet these criteria and to discharge patients when they no longer meet Medicare medical necessity and homebound status requirements.

Failure to meet these standards creates risk for home health agencies because Medicare payers, the OIG, and audit contractors conduct reviews to determine whether services billed to federal healthcare programs meet these criteria. Such reviews can result in demands for the return of reimbursement paid for noncompliant services. These overpayment determinations and demands for refunds can cost home care providers in terms of administrative time as well as legal and consulting fees to challenge such determinations. Failure of an organization to document compliance with medical necessity of its services and the patient’s homebound status may also expose the organization to substantial civil penalties under the False Claims Act.

Compliance tips

  • Be sure the message sent from management to employees is that the home health agency will only serve patients that meet the Medicare requirements.

  • Educate and regularly reeducate nurses, therapists, referral coordinators, and directors of nursing about the specific criteria for reasonable and medically necessary services and the definition of homebound under the Medicare program.

  • Set polices that describe these standards and use them to educate staff.

  • Perform prebilling chart reviews before services are billed to assess compliance with these standards.

  • Conduct periodic audits, using internal resources or outside consultants, of clinical records to monitor compliance with Medicare standards for medical necessity and homebound status of patients.

Risk area three: HIPAA and HITECH Act

Protecting the security and privacy of patient information is of utmost concern in the context of home health care. The Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, is intended to ensure that healthcare organizations provide such protections and impose substantial fines for organizations that fail to adequately protect patient information or improperly disclose it.

The risk of inadvertent or unauthorized disclosure is heightened in home care because home health workers work outside the office and often have remote access to protected health information (PHI) under HIPAA. Home care caregivers typically carry electronic devices like laptop computers, tablets, and cell phones that contain or access PHI. If one of these devices is stolen or communication is intercepted, an unauthorized disclosure may occur. Moreover, home care workers are in the community and patients’ homes where phone calls and discussions with patients can be overheard. Only patients may authorize in writing the release of their own PHI. Beyond HIPAA, state privacy laws may provide more stringent standards for the protection of patient information, such as Social Security numbers and financial information.

Compliance tips

  • Ensure home care workers’ mobile devices are encrypted or otherwise inaccessible to unauthorized users in case such devices containing PHI and other patient information are lost or stolen.

  • Require workers to notify the home health agency immediately if their devices containing PHI and other patient information are lost or stolen.

  • Develop, implement, and enforce policies based on HIPAA and state law privacy and security protections.

  • Provide ongoing education for all workers, including volunteers and contracted workers, about HIPAA and state law requirements and best practices.

  • Conduct risk assessments of the home health agency’s compliance with HIPAA privacy and security requirements.

  • Appoint a privacy and security officer to head up the agency’s efforts to comply with privacy and security laws.

Risk area four: Excluded individual or entities

Home health employers must ensure that their employees and referring physicians are not excluded from participation in federal programs by performing appropriate background screening. Being “excluded” means that an entity or individual has been excluded, debarred, suspended, or is otherwise ineligible to participate in (i) federal healthcare programs such as Medicare or Medicaid by the OIG, or (ii) federal procurement and nonprocurement programs, including those administered by the General Services Administration (GSA). No federal healthcare program payment may be made for items or services furnished, ordered, prescribed, or provided under the direction of an excluded person or entity.[8]

As an example of the risk arising from excluded individuals, home health agencies that receive payments for services of a nurse or therapist that was excluded at the time the services were provided must refund such reimbursement to the federal payer. Likewise, if a home health agency submits claims for its services referred by an excluded physician, such refunds are also required. Without proactive screening processes in place, providers can be hit hard financially if such exclusions are discovered after reimbursement is received.

To promote efficient and accurate screening, both the OIG and GSA publish databases that list entities and individuals that are excluded from participation in federal programs under their purview. The OIG database, the List of Excluded Individuals and Entities (LEIE), which is downloadable and updated monthly, is found on its website.[9] The GSA System for Awards Management (SAM) is searchable on the GSA website.[10]

Compliance tips

  • Conduct and keep documentation of screenings using the LEIE and SAM of employees and contracted individuals and entities before hire and monthly.

  • Establish a process to check LEIE and SAM on referring physicians when the home health agency receives referrals for home care services.

  • Require employees and contractors to certify on job applications or in contracts that they are not excluded from federal programs and have not been convicted of offenses that would result in exclusion.

  • Develop policies and procedures that require that excluded party screenings are conducted and documentation of screenings is maintained.

  • Require employees and contractors to notify the home health agency immediately if their exclusion status or criminal history changes.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings