Don't help the feds hurt you.
by Neil Caesar

Warning! HME companies, you may want to share portions of this article with your billing, compliance and any other advisers who look over your claims submission, records documentation, contracts, compliance and marketing activities. Inadvertently, they may be putting you (and themselves) in some danger.

The risk is real, but home medical equipment companies can use the attorney-client privilege to shield internal assessments of billing, anti-fraud and related legal compliance problems from government scrutiny.

The attorney-client privilege protects certain communications between an attorney and his or her clients. When it is in place, no one can be compelled to testify about what was discussed between the lawyer and the client, even when potential violations of various laws were discussed. Similarly, no privileged notes or documents may be scrutinized by the government.

This protection can be important, because if HME companies are not careful, their efforts to assess the scope and nature of legal problems and patterns of billing errors can, in fact, worsen their troubles. The same risk applies to a company's evaluation of its options, as well as the development of its strategy to address the problems and respond to government inquiry. This is because the government, as part of its fraud inquiry, will often want to look at the results of the company's internal review and analysis of billing and contracting activity, as well as any recommended actions included as part of that internal review.

Let me explain. HME companies have been inundated over the past few years with new laws, regulations and CMS policies. MAC, RAC and ZPIC audits have significantly added to governmental scrutiny of documentation, billing decisions and operational policies. Both CMS fraud units and the HHS Office of Inspector General are looking at marketing activities and referral patterns for evidence of fraud or abuse.

Further, when a MAC, RAC or ZPIC audit suggests violations of the false claims, anti-kickback or similar laws, the auditors are obligated under the law to report this information to government investigators for further analysis and action. Under the false claims laws, if the government thinks you have been "recklessly indifferent" to compliance with reimbursement rules, it may consider repeated billing deficiencies evidence of fraudulent activity.

In many of these cases, reimbursement is halted while the HME company's records are reviewed for incorrect coding, insufficient documentation, lack of medical necessity or duplicate entries. Further investigation is likely. If the MAC, RAC or ZPIC identifies numerous problems in this review, it may:

  • Review additional medical charts, both for claims already reimbursed and those submitted but not yet paid.

  • Freeze payment until further data can be analyzed.

  • Conclude that because a certain percentage of the reviewed records reveal billing errors, that the same percentage of claims the company has submitted within the past three years are likely to be similarly inaccurate. The reviewing entity may then demand repayment of those amounts plus interest.

  • Refer the provider's file to an internal fraud unit and then to the OIG to evaluate whether the problems suggest that the company recklessly or intentionally submitted false claims. Either way, a fraud investigation will likely commence.

Look Inside

These dangers demand HME companies to take MAC, RAC or ZPIC inquiries extremely seriously, and to undertake a careful internal review of their operations. This internal review will enable a company to identify the nature and breadth of any problems, to determine how accurate any statistical extrapolation by the reviewing agency may be and to develop an appropriate response strategy.

It is even better for HME companies to undertake this sort of review before they are investigated. Not only can they then correct any problems before an investigation begins, but by implementing proactive solutions, they are demonstrating that any problems are likely inadvertent errors rather than evidence of recklessness or fraudulent intent.

But while internal audits can prevent problems, if done incorrectly they may expose some companies to more government investigation and financial penalty than if no review had been performed.

Here's why: When an HME company is investigated for possible fraud, upon demand it must submit all of its findings to the government or investigatory agency. This is not a rare or theoretical danger. If the government is investigating an HME business for fraud, it almost always requests this information, as well as reports and work notes generated by a billing, marketing or compliance consultant, a CPA or any other non-privileged adviser.

As part of this work product, the HME company and the adviser identified all of the company's weak points and possible violations, and discussed strategies and solutions. If the government is allowed to review this work product, it will be used to help the government identify, analyze and consolidate pertinent information into summary conclusions.

Additional dangers arise from the careless identification of practice problems by HME companies working with advisers or on their own. As examples:

If an adviser gives a report to an HME company that states, "You have problems X, Y and Z; you should correct these problems, repay overpayments to the payer, and then implement a compliance plan," this set of recommendations is discoverable by the government/payer/plaintiff.

If the company failed to fix the problem, the government will come down with substantial penalties and fines. To the fraud-busters, almost nothing is worse than failing to correct a known problem.

If that same report were to suggest a particular solution to the problem, and the company implements an alternate solution, it could face enhanced scrutiny, suspicion and, perhaps, attempted government sanctions.

If the report recommends that the company repay certain alleged overpayments, but its lawyer later concludes that the company doesn't need to pay, the government will pay more attention to the original report than the lawyer's advice. It may then consider the HME company's failure to repay evidence of its willful violation of the law. The company must then justify its disregard of the report's recommendations.

If the report recommends that the HME company implement a compliance plan, but the company instead chooses only to correct the specifically identified deficiencies, the company will technically be in full compliance with the law. But when the government reviews the report and the company's actions, it may interpret the decision as demonstrating an evasive and indifferent attitude toward compliance. Either assessment will create a more suspicious and aggressive investigation by the government.

Providers often discover compliance problems in the course of other work. Suppose an HME company hires a consultant to review its billing patterns for missed reimbursement opportunities. If that review identifies compliance problems as well as missed opportunities, the government may discover this information. If the information suggests a pattern of violations, the adviser's efforts to help the company enhance its revenues may backfire dramatically, and make it easier for the government to contend that the company's claims contain a pattern of errors that suggests fraud.

This government scrutiny also exposes health care consultants and CPAs to potential allegations of negligence, malpractice or fraud. Advisers — health attorneys included — frequently present themselves as "experts" whose knowledge and skills help clients avoid trouble and maximize their opportunities. When a health care adviser then initiates an activity that harms the client, this is, at best, a potential breach of the adviser's fiduciary duty to the client. If this harm could have been avoided or minimized — and the confidentiality problem we are now discussing definitely can be avoided or minimized — then a malpractice claim against the adviser might be possible.

Even when an HME company engages an adviser to identify missed reimbursement opportunities, I believe the company also expects the adviser to pay attention to any problems or other important information identified (or reasonably identifiable) during the course of the assignment. If the adviser notes problems and fails to communicate them to the company, or even if the adviser fails to note problems that were readily identifiable, this, too, may be a breach of the adviser's fiduciary duty to the client.

Some advisers try to reduce risks by giving an oral presentation to the company, thus minimizing the written product. But the adviser's work notes and other materials remain discoverable. If the adviser took no work notes, the HME company's notes from discussions with the adviser are discoverable. (If no one took any notes, I would question the usefulness of the assignment!)

No 'Accountant-Client Privilege'

In addition, in certain circumstances these advisers may themselves be vulnerable to allegations of fraud. When an adviser learns of information from his client that suggests (or even confirms) evidence of fraud, the government may contend that the adviser has a duty to communicate that information. Failure to disclose fraudulent activity can itself can be actionable as "misprison of felony" (concealing a felony committed by another), as well as under the False Claims Act.

This usually arises in the criminal context, but some government officials have suggested that it can apply civilly as well. While many of my colleagues feel this is an inappropriate overextension of the law, some government officials appear to disagree.

Billing agents, accountants and consultants have all been subjected to government scrutiny and sanctions. Because there is no such thing as "accountant-client privilege" or "billing consultant-client privilege," the adviser cannot argue that he/she is not allowed to disclose information that federal law might require be disclosed. Advisers who find themselves in this position will feel rather uncomfortable, to say the least.

This would be grossly unfair, of course. The HME company would undoubtedly make a number of equitable and legal arguments challenging this entitlement, and might even prevail in that challenge. But government investigations often are not disclosed to defendants until a number of months or even years have passed. So, a company may not be in a position to object until the government's case has been fairly well developed.

Also consider the consultant's dilemma if the HME company refuses to acknowledge evidence of fraud. If the consultant perceives he or she has an obligation to ensure that this information is disclosed to the government, the consultant might perceive that a qui tam lawsuit is a viable alternative approach to disclosure. This certainly is an unlikely scenario for most consultants I know who share high integrity. But not all consultants enjoy this virtue.

I recognize that these sorts of records and claims audits are one of the bread-and-butter items that are routinely offered by health care consultants (including HME consultants). Some, therefore, may be understandably hesitant to modify their approach to these activities because of the dangers described here.

But the current audit climate has changed the rules. The government now has both the ability and reason to probe into billing, operational or marketing irregularities more frequently and with greater consequence than ever before. The danger of advisers facilitating damaging disclosures and creating dangerously discoverable work product cannot be ignored.

Talk about being caught between the proverbial rock and hard place! How can an HME company assess or improve its compliance with reimbursement and regulatory requirements without developing information and creating written work product that the government, payers and plaintiffs can look at and utilize to advantage? How can advisers continue to offer this sort of assessment and compliance service for clients without harm to the clients and to themselves?

One answer, I believe, is this: Once the adviser or the company (if it is conducting its own internal audit) has identified problems that may be evidence of fraud or abuse, the analysis, the continued investigation and the evaluation and implementation of remedies should be handled under the direction of a competent health lawyer, working collaboratively with competent advisers and competent members of the HME company's staff.

Further, this must all be done within the delicate parameters of the attorney-client privilege. In order to preserve the confidentiality of the team's investigation, analysis, work notes and internal written communications, work done by consultants is protected only if they provide services at the attorney's direction. Also, the services must be provided for the specific purpose of helping the attorney develop legal advice.

A Key Distinction

There is a key distinction under the law between a consultant's work as an HME company's business adviser and the accountant's or consultant's work in helping the attorney translate coding or other information, identify strengths and weaknesses in the documentation of a particular claim or explain the appropriateness of a particular code.

According to the U.S. Supreme Court in Upjohn vs. U.S., the attorney-client privilege applies in an internal corporate investigation when:

  • The privileged communications were made by employees pursuant to directions from their superiors, and the purpose of these communications was to enable the corporation to secure legal advice.

  • The information communicated by corporate employees concerned information within the scope of their duties.

  • The employees were aware that the reason for the communication was to enable the company to obtain legal advice.

  • The lawyer needed the information to provide that legal advice, and the employee communicated information that was not already known by senior management; and

  • The employees were told to keep the information confidential, and they followed instructions.

Note that this test focuses on the communication process, not the underlying information. In general, the attorney-client privilege simply protects communication from discovery, not the underlying information addressed by the communication. Thus, when an HME company undertakes an internal compliance review and discovers regulatory compliance problems, the attorney-client privilege can protect:

  • The discussions among the attorney, consultant, managers, owners and employees about pertinent matters;

  • The analysis and assessment of options by the company and advisers;

  • Work notes, reports, or other materials prepared in connection with the assessment;

  • Details of any employee interviews or other investigatory discussions that took place in furtherance of the legal work; and

  • Any discussions by the parties in connection with the drafting, fine-tuning and implementation of solutions that will fix the problems and minimize the chance of the recurrence of those or similar problems.

However, the attorney-client privilege cannot protect from disclosure the actual information in the medical records or billing files.

So, for example, if the government were to ask for a patient's medical records to identify whether the HME company had appropriately documented the care provided, the company cannot hide behind attorney-client privilege to prevent turning over the records. But if the company had already discussed with the attorney and his/her team the problem of poor documentation and what to do about the government's inquiry, those discussions could be protected. Notes or communications relating to that legal analysis can also be protected.

Similarly, if the government were to seek an HME company's service contract with a sleep lab or its claims for particular patients to determine compliance with the billing or anti-kickback laws, the attorney-client privilege would not protect these documents from government scrutiny. However, if the government also asked for any information about the company's referral patterns or utilization of referred services, this information could be protected if it were developed as part of an internal legal assessment under the attorney's direction.

The attorney-client privilege is delicate. HME companies need to pay attention to a number of details in order to maximize their protections with the privilege.

Neil Caesar is president of the Health Law Center (Neil B. Caesar Law Associates, PA), focusing on business opportunities and regulatory issues for health care providers. He is also a principal with Caesar Cohen Ltd., which offers compliance training, outsourcing and consulting, and author of the Home Care Compliance Answer Book. You can reach him at 864/676-9075 or ncaesar@healthlawcenter.com.

Materials in this article have been prepared by the Health Law Center for general informational purposes only. This information does not constitute legal advice. You should not act, or refrain from acting, based upon any information in this presentation. Neither our presentation of such information nor your receipt of it creates nor will create an attorney-client relationship.