When Do I Report a Provider to the OIG?

When Do I Report a Provider to the OIG?

Answer three questions to determine the appropriate course of action in response to questionable conduct.

Reporting a healthcare provider for misconduct is a major undertaking. Before you take action, consider these fundamental questions:

1. What type of conduct are you reporting?

2. What does the law say?

3. To whom should you report the conduct?

We answer these questions in this article.

What Type of Violation Is This?

As a starting point, we must be clear about the level of conduct at issue. While it is not for us to determine whether conduct implicates either civil or criminal liability, it is important to understand that the arrows in the Office of Inspector General (OIG) quiver are limited to civil violations. The OIG has sanction authority under the Civil Money Penalties law, as well as other tools, such as revocation of credentialing and exclusion, to address civil liability.

Where the conduct is potentially violative of a criminal (Title 18) statute, the OIG, while potentially participating in the investigation, must defer prosecution to the Department of Justice (DOJ).

Whether potentially civil or criminal, there are a variety of outlets for reporting the conduct at issue, including the local Medicare Administrative Contractor (MAC), your Unified Program Integrity Contractor, the Centers for Medicare & Medicaid Services (CMS), the OIG, or the DOJ.

Understand Reporting Obligations

Regardless of whether we are speaking of potential civil or criminal conduct, the more relevant issue is whether there exists an obligation (a legal duty) to report at all. In short, the general answer is no. In most cases, ordinary citizens are not obligated under the law to report a crime or do anything to stop the commission of a crime. There are, however, exceptions for certain types of crime (e.g., suspected child abuse) as well as some state law exceptions, most commonly focused on the duty to file a report where you witness a violent crime (failure to do so is often only a misdemeanor offense).

Those circumstances aside, in the context of conduct surrounding healthcare billing and reimbursement where you suspect potentially fraudulent activity, there is no legal duty to make such a report to law enforcement; however, there may be a duty to report the suspected conduct internally to your entity’s compliance officer under the terms of the entity’s corporate compliance plan. Such provisions are common given the provisions of the federal False Claims Act regarding the requirement to voluntarily disclose and refund any inappropriate payments. Because the timeframe for compliance with this rule is triggered when “anyone” in the workforce becomes aware of either an actual overpayment or the potential for any overpayment, early reporting is critical for avoiding false claims liability for failing to comply with the disclosure and refund requirements of the law. Such an obligation in a compliance plan, however, should not be construed as creating an obligation to report externally to law enforcement. Moreover, when you have such a concern, healthcare entities should be given the opportunity of investigating the veracity of the issue so that they may take appropriate action.

Considerations Before Involving Law Enforcement

Absent a legal obligation to report, there remains the question of whether such conduct should be reported to law enforcement. As noted above, a healthcare business professional’s first thought should be to report the conduct internally for appropriate investigation. Assuming that has been done and your concerns were not acted on nor resolved, the decision to report further is one that should not be made lightly. Before proceeding, be certain of your position. Once you get past the easy issues, such as billing for services that did not occur, the issue of whether the billing is legally right or wrong gets a bit tricky.

Start with an analysis of the believed cause of inappropriate payments and identify the binding statutory or regulatory rule at issue. Where your determination relies on a sub-regulatory rule (e.g., the CMS Internet-Only Manual provision or Local Coverage Determinations (LCD) requirement), make sure the position you take is supported under the statute and regulations because the contents of CMS Internet-Only Manuals, MedLearn Matters articles, and LCDs are not the law. Next, identify the answers to the following questions:

  • Is the rule a code selection rule or a reimbursement rule? Here, we need to understand whether the rule tells us how to code a service or supply, or whether, once appropriately coded, there are additional requirements (e.g., medical necessity) that determine whether the service or supply is compensable or not.
  • Is compliance with the rule a condition of participation or a condition of payment? The answer to this question determines whether the violation results in an actual overpayment or, instead, whether the appropriate action may be to terminate a provider’s participation with the Medicare program. While it’s understood that Medicare integrity contractors see these issues as being one and the same, they are not. (See Universal Health Servs., Inc. v. United States and Commonwealth of Mass. ex rel. Escobar, 136 S.Ct. 1989, (2016).)
  • What indicia of intent are present?
    • Is the binding rule clear and unambiguous?
    • Is the provider’s position in support of the coding/payments reasonable?
    • Did the provider follow the mandates of their compliance plan (assuming a formal written plan exists)?
    • Did the provider attempt to evaluate your concerns using outside experts or legal counsel?
    • Is there evidence of “error” that resulted in underpayments to the provider?
    • Is there disagreement within the entity’s compliance, coding, or auditing team(s) as to whether the conduct is objectively and legally wrong?

Based on the above, you may determine that the conduct is not so improper after all, or the analysis may demonstrate the need for the assistance of external compliance experts or legal counsel. The key is that before a report is made, given the potential negative consequences of doing so, you need to be certain of your position. Too often, potential reporters misunderstand or are completely unaware of the actual rules governing the issues for which they have concern.

I have personally seen this at work in False Claims Act cases brought on behalf of the government (commonly called qui tam cases) by either providers or billing staff (who are called relators in such cases). When fully evaluated, the complained-of conduct was not actually wrong. Nonetheless, the practice was exposed to significant expense, and in some cases, was forced to take a settlement to put an end to the matter. In these cases, the relator was ultimately out of a job, with little prospect of getting hired by anyone aware of their status as a relator against their former employer.

Options for Reporting

Having gotten to the point where you are certain of your position and feel a moral duty to report, the final issue is how to do so. A variety of options are available:

  • For Medicare claims, CMS provides guidance on its website.
  • The U.S. Department of Health and Human Services (HHS) Tips Fraud hotline (1-800-HHS-TIPS) and website provide additional options for reporting.
  • A report could also be made to your local MAC for Parts A and B claims or durable medical equipment (DME) MAC for DME claims.

Note that the OIG expressly does NOT address “issues about Medicare policy, coverage, billing claims or appeals,” unless the issue involves either “false or fraudulent claims submitted to Medicare or Medicaid” or “kickbacks or inducements for referrals by Medicare or Medicaid providers.”

Beyond these methods of reporting your concerns, there is always the option to seek legal counsel assistance in filing a False Claims Act (qui tam) case on behalf of the federal government in federal court. As a practical matter, firms with expertise in filing qui tam claims usually provide representation on a contingency basis but will do so only where they concur with your analysis of the conduct and where the potential recovery is significant enough to justify their involvement. Such cases are filed under seal so that the government may evaluate the merits and determine if they wish to intervene. Once that determination is made, which can take some time, the lawsuit is unsealed and your status as a realtor will become public knowledge. That said, where a qui tam case results in a recovery (by court decision or settlement) to the government, the relator will receive a portion of that amount depending on the degree of assistance provided.

Reflect on Implications and Outcomes

In a perfect world, compliance concerns should be investigated for the benefit of the entire compliance team, which includes the providers. Where that investigation reveals that no overpayment occurred (assuming it was competently performed), all should be willing to be educated by the process and the result and move on. Where it is determined that an overpayment occurred, the provider or entity should, as required, voluntarily disclose and refund any monies that it inappropriately received and/or should submit corrected claims.

The world, however, isn’t perfect, and it is recognized that not all providers are willing to do what they should. That said, the decision to report potentially fraudulent conduct outside your organization is one that should not be made lightly, especially if considering bringing a qui tam case. Assuming you are entirely confident in your forensic analysis of the right or wrong of the conduct (or have gotten help with this), have given the provider the opportunity to evaluate and, where appropriate, correct the conduct and refund any overpayments (and they have refused), then and only then should you consider reporting conduct externally.

Michael Miscoe
Latest posts by Michael Miscoe (see all)

About Has 54 Posts

Mr. Miscoe, JD, CPC, CASCC, CUC, CCPC, CPCO, CPMA has over 20 years of experience in healthcare coding and over sixteen years as a compliance expert, forensic coding expert and consultant. He has provided expert analysis and testimony on a wide range of coding and compliance issues in civil and criminal cases and his law practice concentrates exclusively on representation of healthcare providers in post-payment audits as well as with responding to HIPAA OCR issues. He has an extensive national speaking background and has been published in numerous national publications on a variety of coding, compliance and health law topics.

Leave a Reply

Your email address will not be published. Required fields are marked *