This blog is the second post in a series discussing the Centers for Medicare and Medicaid Services’ Final Rule regarding the obligation to report and return Medicare overpayments. The first post discussed the basic requirement to report and return Medicare overpayments and two highlights of the rule—when an overpayment is “identified” and the 6-year lookback period. The first post can be viewed here. In this post, we discuss the impact of the rule on providers’ compliance initiatives (or lack thereof).
As we said in the first post, a provider must report and return overpayments within 60 days of identification of an overpayment or the date any corresponding cost report is due. “Identification” is defined as when a person has, or should have through the exercise of reasonable diligence, determined and quantified the amount of the overpayment. A person “should have determined” that the person received an overpayment if the person fails to exercise “reasonable diligence” and the person, in fact, received an overpayment. CMS believes that this definition provides an incentive for providers to exercise reasonable diligence in determining whether an overpayment exists. Otherwise, CMS believes that providers may avoid compliance efforts that might uncover overpayments.
So, if a provider received an overpayment, but failed to conduct “reasonable diligence,” the overpayment is deemed to be “identified” and clock starts to tick on the report and return requirement. CMS did not define “reasonable diligence” in the final rule. Importantly, however, CMS stated in its commentary that “reasonable diligence” includes proactive compliance efforts as well as the timely investigation of credible information regarding potential overpayments. In regard to proactive compliance efforts, CMS stated that undertaking no such efforts or minimal efforts to monitor claim accuracy could/would subject the provider to liability under the rule based on the failure to exercise “reasonable diligence.” In other words, if a provider received an overpayment, but had no actual knowledge of such overpayment, the provider may still be exposed to liability if the provider engaged in no or minimal compliance activities to monitor the accuracy of Medicare claims.
What does this mean for providers, particularly Delaware physicians? The final rule does not require the adoption of a compliance program. As in the past, CMS recognizes that compliance activities necessarily (and appropriately) vary based on the provider’s type and size. However, it is clear that CMS believes providers have a “clear duty” to engage in proactive compliance efforts. What remains unclear is whether the government and whistleblowers will attempt to bolster False Claims Act complaints by latching onto a provider’s failure to engage in any (or minimal) proactive compliance measures, even in the absence of actual knowledge of an overpayment.
Regardless of the False Claims Act implications of this Final Rule, what is clear is that the trajectory of the government’s scrutiny in guarding against Medicare fraud, waste, and abuse continues put the onus to identify and return overpayments on the providers who receive them. Proactive compliance measures remain the best way to avoid the enforcement radar. Delaware providers should consider the types of measures they should be taking to ensure the accuracy of their claims.
But what should Delaware providers do once a proactive compliance audit reveals an overpayment? In the next post in this series, we will discuss the process of investigation when a provider receives “credible information” regarding a potential overpayment.