Recorded at HEALTHCON 2024 in Las Vegas, NV

The legal panel features experts discussing current trends in healthcare law, emphasizing the importance of compliance and proper documentation practices. They highlight the need for internal investigations to address fraudulent documentation and the role of legal teams in navigating issues related to locum tenens practices and the No Surprises Act.

The panel also covers the complexities of billing, credentialing, and the responsibilities of coders in ensuring ethical practices. Key points include the necessity of clear communication with patients regarding costs and coverage, as well as the implications of HIPAA regulations on documentation. Overall, the discussion underscores the critical nature of compliance strategies in mitigating legal risks.

How to respond if you suspect fraudulent documentation

Start with an internal investigation led by compliance and legal. Clarify whether the concern is fabricated encounters or upcoding real visits. Collect facts, audit charts, and preserve notes.

Outcomes typically split two ways:

1. Poor documentation or overpayments that warrant voluntary refunds and process fixes, or

2. Intentional fraud that may trigger reporting duties to the Department of Justice

Use neutral queries to clinicians to avoid impugning medical judgment while you validate accuracy.

Locums copy-and-paste and downstream treatment plans

If a locum’s notes were cloned from other providers (even carrying over signatures), assume the records are unreliable for payment. For care continuity, have a qualified physician re-evaluate affected patients and re-document current treatment plans.

For billing tied to defective records, prepare voluntary disclosures and refunds if the original author cannot correct the charts. Separate two tracks: quality-of-care steps to protect patients, and reimbursement remediation to protect the organization.

No Surprises Act and “surprise bill” forms

The federal No Surprises Act (NSA) generally applies to emergency and certain post-stabilization services furnished in hospitals, critical access hospitals, and ambulatory surgery centers.

Getting out of NSA protections requires a strict consent that rarely fits emergency or hospital-based reference lab scenarios. Outside those settings, federal NSA may not apply, but state surprise-billing laws might. Validate the setting, payer, and state law before denying a “surprise bill” claim as non-NSA.

Corporate practice of medicine and therapy clinics

Whether non-clinicians can own or operate physical therapy clinics is state specific. Confirm corporate structure legality under state corporate practice rules and PT scope statutes, then obtain an organizational NPI and reassign benefits from licensed therapists to the entity where allowed.

LLC versus corporation form is usually irrelevant; legality hinges on state ownership and scope rules. In corporate practice states, expect management services organizations (MSOs) and ensure contracts keep clinical decisions with licensed professionals.

Billing under a physician’s NPI during credentialing

“Incident to” is a Medicare construct and many commercial payers restrict or reject it — especially for credentialing gaps.

Before billing under a supervising physician, confirm the payer’s policy and strictly meet incident-to requirements (established plan of care, appropriate supervision, and legal scope).

Many states treat nurse practitioners as independent practitioners, but claims billed before their effective enrollment date will be denied. Most payers backdate to a complete application date, so hold claims and submit when enrollment posts.

“Opportunities lists” for clinicians

Education that presents the full, compliant set of coding options (for example, all E/M levels or when time may be used) is appropriate. Avoid steering to specific codes or linking education to volume goals.

Used well, opportunities lists demystify business rules, show when time versus medical decision making may apply, and reduce missed legitimate reimbursement.

What retrospective risk adjustment coders should do

If you detect potential abuse or fraud and cannot query providers, escalate to compliance with documented examples. Many issues are education gaps (misclicks in EMRs, misunderstanding documentation depth for risk codes).

Long term, shift efforts closer to the point of care through outpatient CDI so diagnosis capture is accurate and contemporaneous. Assume positive intent, fix EMR pitfalls, educate, then document concerns if patterns persist.

Patient communication, unsecured email, and HIPAA

HIPAA allows reasonable and appropriate protections under the Security Rule and requires risk analysis. Limited unencrypted emails (for example, appointment reminders) may be acceptable if you assess and document risk; PHI-rich content should use secure portals or encrypted messaging.

Beyond HIPAA exposure, off-record texting or email creates medical-legal risk if communications are absent from the EHR. Build clear policies, procure secure tools, and document risk decisions.

NP supervision across specialties

Requirements for supervising or collaborating physicians vary by state and board rules. Some states demand same-specialty supervision and periodic chart review; others are hands-off.

If supervision is required, keep the collaborative agreement and protocol current and ensure the physician’s competence aligns with the services delegated to the NP to avoid clinical and liability mismatches.

Billing company contracts, BAAs, and patient privity

Billing services should contract with providers (scope of services plus HIPAA business associate agreement). You generally do not need separate contracts with patients; the provider’s financial policy and assignment of benefits govern collections.

If you engage in true third-party collections, ensure compliance with the Fair Debt Collection Practices Act and state analogs.

Time-based billing documentation and audit risk

At minimum, record total time on the date of service and what activities the time covered (for example, counseling, coordination, results review).

Granular breakdowns by activity reduce risk but are not universally required. Payer SIUs scrutinize time claims, telehealth platform logs, and daily total hours that exceed plausible capacity. Align platform timestamps, signatures, and notes to avoid inconsistencies.

Coder liability for claims

Liability hinges on role and intent.

Coders who simply transmit clinician-selected codes face minimal risk. Exposure rises when coders select codes, ignore obvious conflicts with documentation, or share in ill-gotten revenue. If documentation and codes do not align, notify compliance in writing.

Under the False Claims Act, “knowingly” includes reckless disregard; documenting your concerns protects you.

Supervising physicians as “incident to” and doctor-to-doctor risks

Using incident-to for a physician supervised by another physician is technically possible under Medicare but risky in practice and often barred by commercial payers. Strictly limit the auxiliary physician’s actions (no new problems, no plan changes) and document direct supervision and plan ownership.

For past claims with NPI mismatches, work with the MAC or payer to correct administratively; if dates precede the rendering provider’s effective enrollment, expect overpayments. Legal risks include overpayment, false claims allegations, and potential revocation exposure.

Self-pay requests when coverage exists

Participating providers must bill covered services to the health plan and accept the allowed amount plus cost share as payment in full.

Exceptions: ruly noncovered services (with advance notice) and HIPAA “restriction” requests where patients pay in full and forbid disclosure to the plan for payment or operations.

Beware “double discounts” when patients later submit paid receipts to insurers and trigger payer reprocessing. Align self-pay policies with contracts, HIPAA restrictions, and pricing rules.

Coverage shortfalls for labs, immunizations, or injections

If you are in network, you generally cannot balance bill beyond the allowed amount and patient cost share. If reimbursement is unsustainable, consider going out of network for that service line.

If you are out of network, you may collect in full and patients may seek reimbursement directly from the plan.

Copy-and-paste and the integrity of the encounter

Copying prior text is not per se prohibited, but the record must reflect the patient’s condition today. Clearly label what is carried forward versus newly observed, and avoid implying stale facts are current.

The compliance test is materiality: does the pasted content affect entitlement or payment amount? If yes, it can trigger false statement or false claims exposure.

Limiting services while in network

You may narrow services if choices are not discriminatory and do not violate contracts or EMTALA. Many commercial contracts now prohibit service carve-outs for covered benefits; repeated denials of certain services to plan members can prompt termination.

If rates are untenable, renegotiate or consider non-participation rather than selective denial.

Patient inducements: waiving cost share and offering transportation

Routine waiver of copays without documented financial hardship risks civil monetary penalties and False Claims Act liability. Use objective, written hardship policies, verify financials (for example, every six months), bill consistently, and keep collection logs.

Transportation can be permissible under Anti-Kickback Statute safe harbors and CMP exceptions when criteria are met; design programs to fit those safe harbors rather than offering blanket free rides.

Prior authorization denials caused by third-party delegates

Payers retain responsibility for delegated prior authorization. When a vendor’s failures generate no-auth denials, build an evidence log (authorizations requested, communications, denials) and escalate to the payer’s general counsel.

Consider complaints to state departments of insurance or accreditation bodies. Framing the issue as potential bad-faith administration often accelerates fixes; request meetings with medical directors and present representative cases.

Hearing aid upgrades, carve-outs, and balance billing

If a plan covers a base hearing aid and a patient elects advanced technology, bill the covered base code at the allowed rate and, where available, add the noncovered upgrade code (for example, an S-code) with clear advance notice to the patient.

If the upgrade code is denied as noncovered, you may collect the difference from the patient so long as contracts permit and disclosures were made. If plans push members to third-party vendors with limited technology, patients may opt to self-pay outside that channel with documented acknowledgment.

Coordination of benefits stalemates and unclaimed funds

When both plans insist they are primary and neither will accept a refund, document your determination, attempt refunds, and — if refused — remit the overpayment to the state under escheat (unclaimed property) rules with supporting detail. Escheat closes liability when payers will not reconcile benefits.