HEALTH INDUSTRY ONLINE -OIG Activities - Advisory Opinion Warning About Free Transportation Programs & Audits Involving HIPAA Security Compliance

Advisory Opinion 07-02 - Free Transportation Services

The OIG¹ recently issued an advisory opinion cautioning a hospital (Hospital) about its proposed arrangement to provide free transportation to patients outside of the Hospital's local service area (Proposed Arrangement).² The advisory opinion was a negative opinion in which the OIG concluded that the Proposed Arrangement could violate federal civil monetary penalty provisions (CMP) and the federal anti-kickback statute (AKS). The OIG further concluded that it could impose sanctions under both the CMP and the AKS if the Proposed Arrangement went forward.

The Hospital operates as part of an integrated nonprofit health care system and is recognized as a leader in cardiovascular services. From time to time, patients are transferred to the Hospital from other hospitals outside the Hospital's local area. Historically, the local Medicare carrier had paid claims for the non-local transportation services, but more recently, the local carrier had begun to deny such claims based on Medicare policies that limit Medicare reimbursements to cover only local transportation, except when non-local transportation is necessary to transport the patient to "the nearest institution with appropriate facilities." Some patients complained when they received bills from ambulance providers for non-covered charges.

In an effort to facilitate patient satisfaction, the Hospital proposed to contract directly with ambulance providers and to submit claims to Medicare and other payors for the ambulance services. The Hospital would then absorb the costs of any non-reimbursable charges as well as any co-payment obligations that would otherwise be payable by patients if billed directly by the ambulance providers. As a result, patients would not be charged for any non-covered transportation costs or for any co-payment obligations.

The OIG felt that the Proposed Arrangement had the potential to influence the patients' selection of the Hospital as their service provider, which had the potential of violating the CMP and the AKS. In its analysis, the OIG cited the following reasons for such possible violations:

Payment or subsidization by the Hospital of an expense that would otherwise be payable by a patient would constitute remuneration to the patient;
The Proposed Arrangement may improperly influence the patients' choices of hospitals or ambulance providers;
Proposed program safeguards, such as non-advertisement of the availability of transportation services, were not adequate to protect against the potential of improper inducements; and
As acknowledged by the Hospital, the subsidization of the patients' transportation costs was likely to generate business for the Hospital that was then payable by a federal health care program (e.g., Medicare).

For these reasons, the OIG concluded that the Proposed Arrangement could constitute grounds for the imposition of CMP liability and could potentially generate prohibited remuneration under the AKS. The OIG could then impose administrative sanctions for such activities.

While the OIG had previously cited safeguards that it believed would provide adequate protection against improper inducements and against fraud and abuse,³ Opinion 07-02 demonstrates that a free transportation program may still be subject to scrutiny. Further, the OIG had indicated in prior guidance that it would not look unfavorably on hospital programs offering free or discounted transportation programs.⁴ However, those programs involved transportation services valued at relatively nominal levels. Opinion 07-02 clearly indicates that the OIG continues to be concerned about transportation programs.

Please note that OIG advisory opinions do not create new law and do not create binding authority for the OIG in general. They only bind the OIG in its enforcement activities with respect to the particular parties and facts of the specific advisory opinion. While they do not constitute binding authority in general, advisory opinions do provide health care entities with guidelines for compliance with the laws addressed in the analyses of respective advisory opinions.

HIPAA Security Audits

The OIG has confirmed that it has begun auditing covered entities for compliance with the HIPAA security rule. All covered entities were required to be in compliance with the security rule no later than April 20, 2006. Unlike audits involving the HIPAA privacy rule which are primarily complaint driven, current compliance audits that have been confirmed have not been the result of complaints to the OIG. Several high profile security breaches, including several at the U.S. Department of Veterans Affairs, have occurred in recent months. Therefore, the OIG audits may be driven by a perception that security problems indeed exist.

In its 2007 Work Plan, the OIG mentions the possibility of audits in connection with the implementation of security procedures. More specifically, the OIG stated that "[t]he wider use of electronic medical records and personal health records raises concerns over privacy and security of patient data." ⁶CMS has also issued recent security guidance on the use of mobile devices and other electronic media used to store or access protected health information. ⁷

As patients become more familiar with HIPAA requirements and more protective of their individual health information, covered entities must be ever vigilant to comply with HIPAA privacy and security requirements, as well as more stringent state law requirements. The OIG security audit initiative raises the priority level that covered entities must give to privacy and security standards for patient information.

Other Items of Interest

Stark Phase III Postponed for One Year - In an interim final rule published March 23, 2007, CMS extended the publication deadline of the final rule (Phase III) governing the Stark Law until no later than March 26, 2008.⁸

CMS Publishes Blueprint for Quality Payments to Hospitals - Pay for Performance (or Value Based Purchasing) is just around the corner. On March 22, 2007, CMS released the details of its proposed program that will link Medicare hospital reimbursements to quality performance. A public listening session on the proposed program will take place at CMS headquarters in Baltimore, Maryland, on April 12, 2007. The CMS options paper can be accessed at:
http://www.cms.hhs.gov/AcuteInpatientPPS/
downloads/HospitalVBPOptions.pdf.