Warning! Physicians and other providers, please share this column with your practice management consultants, CPAs and any other advisers who look over your claims submission, records documentation and contracting activities. Inadvertently, they may be causing you and themselves serious trouble!
The danger is real, but physicians and other providers can use the attorney-client privilege to shield internal assessments of billing, self-referral and related legal compliance issues from government scrutiny. The confidentiality afforded by the successful application of the attorney-client privilege is also important when a provider seeks to implement a continuous internal compliance program to identify and fix future problems before they become serious.
The Health Insurance and Portability and Accountability Act of 1996 eased the government's burden of proof in establishing certain kinds of fraud. Previously, to be able to pursue a case for fraud, it had to show that a provider knew of billing errors and failed to correct them. HIPAA made it sufficient for the government to show that the provider was "recklessly indifferent" to whether such errors existed, as evidenced by a pattern of repeated errors. Also, upcoding is now a specific health fraud violation.
Medicare carriers and intermediaries are now required to probe the reasons for statistical outlying or other suspicious claims submissions, and to deny payment until their questions have been resolved. Thus, carriers or intermediaries can deny payment and pursue fraud inquiries when they see a pattern of errors that might indicate the provider's reckless indifference to the bills' accuracy.
But providers that try to assess and fix their errors must be careful, because the government, as part of its fraud inquiry, will want to look at the results of the provider's internal review and analysis of billing and contracting activity, as well as any recommended actions included as part of that internal review.
Because many consultants, accountants and other practice advisers routinely offer these kinds of billing reviews to their clients (particularly physicians), there is danger that their work can be used to assist the government in pursuing repayment and fraud claims.
To minimize this problem, the medical practice must take advantage of the attorney-client confidentiality privilege. This means that all internal assessments of the provider's compliance with fraud and abuse rules and billing requirements should be conducted under the direction and coordination of a competent health lawyer.
But analysis of claims submissions, billing policies and medical records usually requires expertise beyond the lawyer's, so the lawyer may hire certified public accountants or other practice consultants.
When the practice undertakes a preventive compliance program, that work should also be done under the control and review of the attorney, again utilizing practice consultants and the provider's key employees. With careful attention to the requirements of the attorney-client privilege, most of this work can remain protected and confidential.
The attorney-client privilege applies in an internal corporate investigation. The Supreme Court, in Upjohn v. U.S., held that:
Note that this test focuses on the communication process, not on the underlying information. In general, the attorney-client privilege protects communication from discovery, but not the underlying information addressed by the communication.
Thus, when a physician practice undertakes an internal review and discovers regulatory compliance problems, the attorney-client privilege can protect the discussions among the lawyer, consultants, physicians and employees about pertinent matters; the analysis and assessment of options by the provider and advisers; work notes, reports or other materials prepared in connection with the assessment; details of any employee interviews or other investigatory discussions that took place in furtherance of the legal work, and any discussions by the parties in connection with the drafting, fine tuning and implementation of a compliance program to fix the problems and minimize the chance of recurrence of those or similar problems.
However, the lawyer-client privilege cannot protect against disclosure of the actual information in the medical records or billing files.
So, for example, if the government were to ask for a patient's medical records to identify whether the provider had appropriately documented the care provided, the provider could not hide behind attorney-client privilege to prevent turning over the records.
But if the provider had already discussed the problem of poor documentation and what to do about the government's inquiry with the lawyer and his team, those discussions could be protected. Notes or communications relating to that legal analysis can also be protected.
Similarly, if the government were to seek a medical practice's service contract with a hospital or its physician compensation formula to determine compliance with the Stark or anti-kickback laws, the attorney-client privilege would not protect these documents from government scrutiny.
However, if the government also asked for information about providers' referral patterns or utilization of referred services, this information could be protected if it had been developed as part of an internal legal assessment under the direction of the lawyer.
Are there gray areas in this analysis, so that we cannot be certain of whether the privilege would apply to specific sorts of information or requests? Of course. But it is usually important to structure compliance projects to take advantage of the attorney-client privilege to the greatest extent available, even if perfection is elusive.