Top 10 Compliance Issues and Tips for 2016

January is a time for reflection and resolutions. For compliance officers that means evaluating compliance risks. G2 Compliance Advisor surveyed experts in laboratory compliance for the top issues compliance officers should be focusing on for 2016 and we have compiled a list of the top 10 issues and tips for how to address them.

1. Medical Necessity
Hands down, medical necessity (and documentation thereof) was the most cited compliance issue. “It is the single biggest thing we see in audits today—particularly audits dealing with pharmacogenetic testing and toxicology testing—anything with panels,” said health care attorney Jane Pine Wood, of McDonald Hopkins.

“Laboratories are going to increasingly have to justify the medical necessity of their tests, particularly testing that is done with any frequency,” agrees Nashville lawyer Danielle Sloane, of Bass, Berry & Sims. Florida lawyer Bruce Reinhart of McDonald Hopkins expects “most of the attention to be in the substance abuse area. They are taking a very skeptical and aggressive approach toward confirmatory urinalysis testing, particularly in light of the Millennium settlement.” Reinhart also expects genetic testing to receive attention.

Sloane predicts: “After the enforcement focus in the past year on over-utilization of urine drug testing in combination with the increasing use of data analytics, I would expect these concepts to spill over to other areas of laboratory testing. I expect laboratories to increasingly receive Medicare audit requests and to be called upon to support the medical necessity of any tests ordered in aberrant patterns or with unusual frequency. Laboratories are likely to join the durable medical equipment industry in having to increasingly gather and supply patient medical records from physicians to support medical necessity.”

“These pressures won’t just be from the government,” adds Reinhart. “Insurance companies are getting even more aggressive about claims denials and clawback lawsuits if they perceive overutilization and unnecessary testing, particularly for high reimbursement items.” Charles C. Dunham IV, a health care lawyer with Epstein, Becker & Green agrees, adding “I see the audit of medical necessity and physicians orders—the appropriateness of diagnosis and treatment—being used by public and private payers to tighten the belt.”

Compliance Tips: For high dollar testing in particular, “laboratories may consider requesting submission of supporting medical records along with the test requisition to ensure the medical necessity support is there on the front end,” suggests Sloane. Dunham advises laboratories to do their own internal review of accuracy to ensure that, especially on new accounts, the physician information is correct, signatures are correct, these are valid Medicare/Medicaid providers, and the tests ordered are medically necessary and appropriate. “Do an internal audit that includes random sampling of records from ordering physicians to make sure these accounts can provide the documentation that would be needed if a payer asks for that information,” he says.

Additionally, Wood recommends laboratories make sure requisition forms provide an option to individually order tests comprising a panel. She advises that when CMS sees a requisition that doesn’t give that option, “they are beginning with the assumption that there is medical necessity issue or fraud.”

Health care attorney David Gee of Davis Wright Tremaine suggests taking advantage of new technology and electronic health records to help address the issue. “Work with interface vendors to make sure electronic ordering systems capture the physician’s signature. We are in an era where that is much more possible. [Laboratories] just need to be smart about how they are taking advantage of or using those systems.”

2. PAMA
The second most cited issue was no surprise—preparing for PAMA! Sloane predicts: “While implementation of the pricing changes may be delayed beyond 2017, I would expect the reporting to be finalized and laboratories having to compile and report data related to their commercial payer reimbursement in 2016.” Dunham agrees and posits that there will not likely be significant guidance and CMS will expect laboratories to “figure it out” in terms of how to collect and report the data with their software.

Compliance Tips: The attorneys we spoke with advise that laboratories shouldn’t wait for the final regulations to be released to begin preparing to report the data. “While it is a bit difficult to predict the precise information that laboratories will need to report pursuant to PAMA, the proposed rule gives enough insight to allow laboratories to review and consider how they can most efficiently set up a system to capture the data,” says Sloane.

3. Sales/Marketing
Another often cited issue is “aggressive sales and marketing practices.” “There was a lot of enforcement in 2015 with respect to remuneration to referral sources,” notes Kristin Carter, a health care attorney with Ober Kaler in Baltimore. Gee says laboratories, especially startup and specialty labs, are challenged to market their services with a limited sales staff and may agree to percentage-based payments with third-party marketing resources—which raise many compliance issues.

Additionally, Sloane cautions that specialty laboratories increasing their marketing focus on consumers even if a physician order is required to order the laboratory test (the same strategy used by pharmaceutical companies) could find themselves on the FDA’s radar. The FDA has issued several warning letters to laboratories regarding “direct-to-consumer” marketing absent FDA approval of the test, she says.

Compliance Tips: Gee recommends against percentage-based third-party marketing arrangements. Even if you don’t contract out your marketing and sales, you still need to be concerned that your people and practices are compliant. Carter recommends compliance officers “really know what your sales people are doing out there.” Wood advises laboratories to “review marketing materials, particularly as they relate to appropriateness of test ordering and ensure your laboratory has strong compliance training for sales and marketing representatives.”

“Compliance officers should continue reinforcing messaging to sales and marketing personnel regarding what is appropriate when interacting with referral sources. In the end, many of the laboratory compliance issues that arise are the same things we have heard about for years (e.g., gifts, fancy dinners, client billing proposals), so reinforce the old lessons too,” advises Sloane. Finally, she suggests compliance officers “may want to identify internal data analytics resources that will help the laboratory monitor unusual or outlier behavior that may implicate compliance concerns with sales and marketing practices.”

4. Individual Responsibility
Thanks to last year’s Yates Memo, discussion of liability for responsible officers and directors is a central compliance concern. “The Yates Memo is an enforcement tool and everyone should be concerned about this,” Dunham warns.

Compliance Tips: Dunham recommends compliance officers “make sure all directors, officers, and managers are properly educated and trained, not just sales and marketing staff. Make sure they are aware of their oversight responsibilities” he advises; “they can’t just defer to the compliance officer to make decisions.”

5. Out of Network
The out of network issue is a thorny one for laboratories. Gee says “unless you are LabCorp or Quest, there is a better than even chance that you are out of network with a fair number of plans for patients for which you perform testing.” With higher deductibles and copays and testing that is less than routine and priced high, “this becomes a substantial issue,” he adds.

Compliance Tips: Unfortunately, there are no easy answers on this one. In addition to federal issues, Dunham calls attention to the variation in state laws and warns that laboratories make sure any out of network billing is done in accordance with state law, especially any waiver of copayment and deductible practices. While most of the surprise bill legislation on this issue addresses hospital services, he warns it can affect laboratories too. Gee also advises laboratories that the safest course is to do everything the insurers tell you to do and follow the directions on EOBs when billing. He also recommends, in any case, laboratories should establish a clear policy to handle copayment and deductible obligations on a similar basis for all patients so that billing practices are not driven by client or referral source.

6. Cybersecurity
Dunham predicts we will see the volume of compliance activity increase in the area of cybersecurity. As many have said, “it’s not if but when” a cybersecurity incident or breach will occur and laboratories need to be prepared to respond. Dunham says many in not just the lab sector but health care industry at large are not up to speed on the latest issues. “HIPAA privacy and security issues are different than cybersecurity,” he says.

Compliance Tips: “It’s important to know what to do and how to respond [to a breach or incident] and have an appropriate response,” advises Dunham. Make sure policies are up to date and address not just HIPAA privacy and security compliance but address the latest with regard to cybersecurity risks as well.

7. LDTs
No top 10 list would be complete without a mention of laboratory developed tests (LDTs). As we have reported, the FDA has expressed an intent to release final guidance this year regarding LDTs.

Compliance Tips: Dunham recommends that, in general, laboratories should plan for the future. For example, laboratories that are upgrading or expanding their facilities would be wise to take steps to incorporate good manufacturing practices as part of that process in anticipation of some FDA regulation.

8. 60-day Repayment Rule
The Kane v. Continuum Health Partners court decision last year addressing the 60-day requirement for reporting and returning overpayments “puts some guidance out that there indicates a standard that would be tough to meet—providers may have identified a problem [triggering the 60-days] when they are on notice that an overpayment likely existed but hadn’t yet conclusively determined the overpayment’s existence.” Carter notes that while CMS issued a proposed rule in 2012, on Feb. 17, 2015 it delayed publication of a final rule for one year. Thus providers continue to operate without agency guidance on when an overpayment is “identified” for purposes of triggering the 60-day reporting and repayment deadline.

Compliance Tips: Carter reminds providers to keep the case in perspective as “the ruling was in response to a motion to dismiss in a single district court and was very fact-specific.” However, it signifies that the government and qui tam relators would be willing to challenge providers that delay in reporting and returning overpayments. Carter advises that “once a potential problem is identified, continue to diligently investigate the scope of the issue, document that investigation, and once you do know there’s an issue, make the repayments without any unnecessary delay.”

9. ACO and Alternative Payment Model Participation
“Labs are starting to wade in and can provide a valuable role in patient care in alternative payment models,” says Carter. But compliance issues can arise when participants are exchanging reimbursement with referral sources.

Compliance Tips: Carter cautions clients to make sure what they are doing for accountable care organizations (ACOs) or other alternative payment model programs fits within the fraud and abuse waivers where applicable. For example, a number of the waivers under the Medicare Shared Savings Program require that remuneration be reasonably related to the purpose of the shared savings program. She adds that some waivers require the governing body or board to make a formal determination that the remuneration is for purposes of the shared savings program. While the fraud and abuse waivers for certain alternative payment models offer some additional flexibility, they are not unlimited.

10. Outdated Compliance Programs
“Compliance plans aren’t just meant to be put on the shelf,” warns Carter. “The compliance plan should be a living breathing document and you should be working with your organization to ensure compliance is top of mind.”

Compliance Tips: Dunham recommends labs review compliance procedures at least annually and revise to respond to changes in federal or state law or enforcement trends. Make sure third parties such as vendors and agents are aware of your compliance expectations too, he adds. Carter notes that many choose to consult the OIG Work Plan to update policies and procedures but she also suggests compliance officers sign up for the OIG’s “What’s New” email alert and look at it every day. It includes advisory opinions, enforcement actions and state enforcement and “also helps you stay on top of what settlements are out there and what the OIG is doing.” “It’s easy to read through that blurb and see what is relevant to labs,” she explains.