OIG Responds to FAQs on whether Stark Waivers Nevertheless Implicate the Anti-Kickback Statute

As we reported in our April 17, 2020 Newsletter, the HHS Office of Inspector General (OIG) said that seven of the financial relationships that otherwise implicate Stark but are permitted by CMS under its public health emergency (PHE) blanket waivers may still potentially violate the Anti-Kickback Statute (AKS) and expose providers to sanctions. Since our last report, the OIG has posted FAQs—Applications of OIG’s Administrative Enforcement Authorities to Arrangements Directly Connected to the COVID-19 PHE in response to questions.

The OIG’s responses are a bit of a “mixed bag.” Recognizing the extraordinary need presented by the unique and exigent circumstances resulting from the COVID-19 outbreak, the OIG tells providers who provide free or reduced-rate services to long-term care facilities that the OIG will not pursue enforcement action so long as the services are provided directly in response to need arising out of, and only during the period of, the COVID-19 outbreak, and not contingent on referrals for any items or services that may be reimbursable by a Federal health care program. Similarly, a hospital may provide access to its web-based telehealth platform to independent physicians on its medical staff during the COVID-19 outbreak if such access is necessary for the provision of needed telehealth services in response to the outbreak, not conditioned on past or anticipated referrals, and offered to all physicians on the medical staff. On the other hand, the OIG warned that the remuneration stemming from an arrangement that is neither set forth in writing nor signed by the parties (but otherwise fully complies with an applicable Stark exception) may still implicate the AKS, and the provider should seek further guidance from the OIG.

Other FAQs considered whether the OIG will pursue enforcement against a hospital that suspends rental charges and accrual of interest for a Federally Qualified Health Center Look-Alike, whether a mental health and substance disorder provider can use public and private donations to provide cell phones to financially needy patients, and whether an oncology practice can offer free in-kind local transportation to an alternative site of service. The OIG is still inviting providers to submit questions about the OIG’s views on an arrangement directly connected to the PHE. Questions may be submitted to OIGComplianceSuggestions@oig.hhs.gov.

CMS Takes First Step Toward Medicaid Provider Grants

The Centers for Medicare & Medicaid Services (CMS) asked states to submit provider-level Medicaid payment information by Tuesday, May 5. This indicates that there may be a Medicaid-centric distribution of provider relief funds, although the details are still unclear. Industry groups have asked for more focus on Medicaid and criticized the way provider relief funds have been distributed so far, worried that facilities treating a greater number of Medicare beneficiaries have received the bulk of the distributed funds while facilities with large Medicaid patient populations, often with heightened need for sustaining payments, have been left behind.

HHS Issues FAQs to Healthcare Providers on Release of COVID-19 Patient Information

The Department of Health and Human Services (HHS) issued guidance to hospitals and clinics reminding them that they must still comply with patient privacy rules during the COVID-19 crisis. In light of media focus, it is particularly important for providers to obtain a valid health privacy authorization from each patient whose protected health information would be accessible to the media. This requirement applies even if footage uses pixilation, blurring, or alteration for patients’ faces or voices.

Cybercriminal Activity Reinforces Need for Strong Security Measures

The U.S. Department of Homeland Security (DHS) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert warning that advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic as part of their cyber operations seeking to steal “bulk personal information, intellectual property, and intelligence that aligns with national priorities.” These cybercriminals use password spraying techniques to target healthcare organizations, pharmaceutical companies, academia, medical research organizations, and local governments, as well as their supply chains. The key takeaway is to select strong passwords and not re-use them on multiple sites. For additional information about how these APT groups maliciously target organizations and precautions organizations can take to mitigate these threats, click here.

Federal Agencies Crack Down on COVID-19 Scams

The Department of Justice, the Federal Trade Commission, and the Food and Drug Administration have been mounting a coordinated effort to crack down on scams and quack cures related to the COVID-19 pandemic. Fake COVID-19 treatment claims, misuse of federal stimulus funds, and false claims about cures have proliferated as the pandemic goes on. Federal agencies are resorting to tools like criminal charges, civil lawsuits, and warning letters to counter such scams and protect the public.

CMS Provides FAQs on Medicare Fee-for-Service Billing

CMS provided COVID-19 FAQs on Medicare Fee-for-Service (FFS) Billing. This 53-page FAQ document supplements the previously released 1135 Waiver FAQs and the Without 1135 Waiver FAQs. CMS pointed out that in many instances general statements made in those previously released FAQs have been superseded by COVID-19-specific legislation, emergency rules, and the broad 1135 waivers granted to address the COVID-19 PHE. CMS said this new FFS FAQs document is effective for the duration of the PHE unless superseded by future legislation. CMS also noted that, although a few of the FAQs in the new FFS FAQs address provisions of the CARES Act, CMS is thoroughly assessing the CARES Act and will release new and revised FAQs as CARES Act implementation plans are announced.

CMS Makes Numerous Updates to its Provider-Specific Fact Sheets on COVID-19 Waivers

From April 29, 2020 through May 6, 2020, CMS continued to update its multiple fact sheets that summarize changes it has made to give more flexibility to providers in response to COVID-19. The updated Fact Sheets include the following:

CMS has been continually updating its broad waivers. For the latest version, check the CMS Coronavirus Waivers & Flexibilities webpage.

CMS Releases COVID-19 Test Related Policy and Regulatory Revisions

The Centers for Medicare & Medicaid Services (CMS) recently released an Interim Final Rule with Comment Period (IFC), which is expected to be published May 8, 2020. The IFC builds on CMS’s previous efforts to provide healthcare systems with the flexibility to respond to the COVID-19 pandemic, such as expanding diagnostic testing and encouraging innovative uses of technology and capacity.

Kentucky DMS Updates Telehealth FAQs relevant to HHAs and Psychological Testing

Between May 1-5, 2020, the Department of Medicaid Services (DMS) updated its Telehealth FAQs. In one of the new FAQs, DMS said that home health agencies can recertify care using telehealth. (FAQ 59, p. 12). However, in another FAQ, DMS said that, after consulting with DMS associated clinicians, it does not see a safe way forward for the viability of utilizing telehealth, telehealth-like service delivery or the telephone for psychological testing at this time (FAQ 60, p. 12).

The Governor’s 10 Rules for Staying Healthy At Work Apply to Healthcare Businesses

In late April and the first week of May, Kentucky Governor Beshear introduced the 10 Rules to Reopening and Staying Healthy at Work, as well as, more detailed Minimum Requirements for each rule. The 10 Rules and associated Minimum Requirements will apply to healthcare businesses beginning on Monday, May 11, 2020. The Governor has emphasized in his daily updates that compliance with the 10 Rules and the Minimum Requirements is essential to protect employees in all business sectors – both healthcare and non-healthcare – as well as to protect the individuals with whom employees may come into contact both inside and outside of the work environment. For additional information, see the article by Kathie McDonald-McClure, “Kentucky Governor Provides Details on the Commonwealth’s ‘Healthy At Work’ Phased Reopening” by clicking here.