Laboratories are suddenly under scrutiny by the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) and state Medicaid departments.
Labs get urine samples from behavioral healthcare companies, substance abuse companies, hospitals, and primary care facilities that often don’t have their own labs. Owners of labs entrust their lab executives to follow procedures on the federal and/or state level for Medicare and/or Medicaid. Well, what if they don’t? For example, one client paid a urine collector by the mile. The courier service tested Medicaid beneficiaries in North Carolina 90 times a year, when Medicaid only allows 24 tests per year.
I have about 10-15 laboratory clients at the present. Several laboratories are undergoing the most serious audits in existence. Not Recovery Audit Contractor (RAC), Medicare Administrative Contractor (MAC), or Unified Program Integrity Contractor (UPIC) audits, but audits of even greater consequence. They received CIDs, or civil investigative demands, from their state Medicaid divisions.
These requests, like RAC, MAC, or UPIC audits, feature asks for lots of documents – in fact, CIDs are legally allowed to request documents for a much longer period of time than RACs, which can only look three years back. As you may know, labs must follow CLIA or be CLIA-certified, which is the federal standard.
The CLIA, or Clinical Laboratory Improvement Amendments of 1988 (42 USC 263a) and the associated regulations (42 CFR 493) provide the authority for certification and oversight of clinical laboratories and laboratory testing. Under the CLIA program, clinical laboratories are required to have the appropriate certificate before they can accept human samples for testing.
There are different types of CLIA certificates, as well as different regulatory requirements, based on the types and complexity of clinical laboratory tests a laboratory conducts.
CLIA, like the Centers for Medicare & Medicaid Services (CMS), has its own set of rules. When entities like CLIA or CMS have their own rules, sometimes they conflict with law, which creates a conundrum for providers. If you own a lab, do you follow CLIA, CMS, or the law?
Let me give you an example. According to CLIA, you must maintain documentation regarding samples and testing for two years. So, if CLIA audits a laboratory, the audit requests will only go back for two years. Well, that’s all well and good. Except, according to the law, you have to maintain medical documents for five or six years, depending on the service type.
Recently, one of my labs received a CID for records going back to 2017. That is six years ago. Had he followed CLIA’s rules, he would only have documentation going back to 2021. Had he followed CLIA’s rules, when OIG knocked on his door, he would have NOT had four years of records for the OIG’s request.
Now, I do not know, because I have never been in the position that my lab client only retained records for two years…thank goodness. If I were in the position, though, I would argue that the lab was following CLIA’s rules. But that’s the thing: rules are not laws. When in doubt, follow laws, not rules.
However, that takes me to Medicare provider appeals of RAC, MAC, and UPIC audits. Everything under the umbrella of CMS must follow CMS rules. Remember how I said that rules are not laws? CMS rules sometimes contradict law. Yet when a Medicare provider appeals an overpayment or termination, the first four levels of appeal are mandated to follow CMS rules. It is not until the fifth level, which is the federal district court, that law prevails. In other words, the RAC, MAC, or UPIC, the second-level QIC, the third-level ALJ, and the fourth-level Medicare Appeal Council, all must follow CMS rules.
It is not until you appear before the federal district judge that the law prevails.
Programming note: Listen to healthcare attorney Knicole Emanuel’s “RAC Report” segment every Monday on Monitor Mondays with Chuck Buck.