The Health Resources and Services Administration (HRSA) Uninsured Program (UIP), which reimbursed providers for provision of COVID-19 related services to uninsured individuals, paid out more than $24.5 billion in claims. Given this amount, it is no surprise that government enforcers have turned their attention towards scrutinizing the recipients of those funds – the providers of testing, treatment, and vaccination services. However, the underlying UIP requirements that the government might seek to enforce are anything but clear. We explore in this article the enforcement of one particular program requirement: a provider’s obligation to verify a patient’s uninsured status.
This is the second installment in our two-part series on the mounting scrutiny of recipients of payments under the HRSA UIP. In Part One we analyzed the Office of Inspector General’s (OIG) audit of the UIP, released on July 13, 2023. In this second installment, we focus on enforcement actions against providers related to submission of claims to the UIP, and specifically the standards that providers were expected to use to determine uninsured status.
This spring, the Department of Justice (DOJ) announced a nationwide action to combat COVID-19 related fraud. Several defendants charged in the action were alleged to have participated in fraud schemes aimed at the HRSA UIP. One case in particular provides especially useful insight into how the government may plan to prosecute alleged non-compliance with the UIP’s expectation to verify patient uninsured status.
The recently announced takedown included a criminal complaint against Dr. Anthony Hao Dinh, a California based physician and the second highest biller to the UIP, alleging that Dinh executed a scheme to defraud HRSA by submitting false or fraudulent claims including for services not rendered, services that were not medically necessary, and – as pertinent here – for patients who were insured at the time the service was rendered (and hence were not eligible for HRSA reimbursement).
As alleged in the Complaint, providers participating in the UIP had to attest – both at the time of enrollment in HRSA and upon submission of patient rosters – to certain conditions, including that they checked for health care coverage eligibility of patients and confirmed that the patients were uninsured and had no coverage under programs such as Medicare or Medicaid. (No specific source is cited in the Dinh Complaint for this alleged requirement.) The Complaint also references a requirement that providers certify via acceptance of the UIP’s Terms and Conditions that “to the best of [their] knowledge, patients identified on the claim form were Uninsured Individuals at the time the services were provided.”
Despite these required attestations and certifications regarding the conclusion as to uninsured status, nowhere in UIP guidance were providers instructed as to how they might check insurance status. Nor did the government promulgate any regulatory rules regarding insurance verification for the UIP, likely because of the pandemic’s chaotic nature and the need for a rapid response.
Of note, the government contends in the Complaint that because Dinh was enrolled in Medicare, he “had the ability to utilize Medicare’s eligibility verification database [also referred to as the Medicare Common Working File (CWF)] to verify insurance information for patients.” In so alleging, the government apparently incorporates a requirement, at least for Medicare enrolled providers, to check the CWF before deciding that a patient is actually uninsured.
CMS describes the CWF in Chapter 27 of the Medicare Claims Processing Manual as “the Medicare Part A and Part B beneficiary benefits coordination and pre-payment claims validation system”. The CWF itself has many limitations, including, as perhaps most important here, that any checks would only reflect Medicare patients, who would seem to be unlikely to be a significant percentage of those alleging uninsured status for COVID-19 services.
In fact, no such requirement to check the CWF was set forth by HRSA. To the contrary, in the absence of regulation or guidance requiring a specific method for verifying a patient’s uninsured status, any reasonable method of insurance verification would seem appropriate, provided that it allowed the provider to meet the standard set forth in the UIP’s Terms and Conditions that “to the best of [their] knowledge” the patient was uninsured. Various methods used by providers would appear to satisfy the standard for “reasonable” efforts, including requiring self-reported patient insurance information or an attestation as to uninsured status in forms used to schedule or book services. Also “reasonable” might be the use of third-party tools to verify insurance status through searching external databases.
While the Medicare rules do not expressly apply to the UIP, the UIP’s requirements to verify insurance status find an analogy in the Medicare Secondary Payer (MSP) rules and explanatory guidance. These provisions similarly require that the provider confirm there is no other insurance that should pay before Medicare pays. With respect to MSP, the statutory language of Social Security Act § 1862(b)(6) underscores the reliance put “on information obtained from the individual”; and a related regulation at 42 C.F.R. § 411.24(l)(2)(ii) allows for no recovery against the provider if the reason for the provider’s failure to file a proper claim seeking payment from other health coverage was because the beneficiary, or someone acting on his or her behalf, failed to give, or gave erroneous, information regarding coverage that is primary to Medicare. It appears reasonable that these concepts could (and should) be similarly applied in the context of the UIP, especially given the UIP’s lack of the sophisticated additional processes applied in the MSP context to confirm that there is no other health coverage. Accordingly, UIP-enrolled providers should be able to argue that they met the UIP’s requirement of verification of uninsured status “to the best of their knowledge” if they solicited and relied upon patients’ self-reported insurance status.
Providers who failed to request patient insurance information or otherwise verify patient insurance status may not be saved by this argument, however. For instance, in one case filed in U.S. District Court for the District of Minnesota, a provider allegedly instructed employees to select “uninsured” if a patient’s insurance was not included in a pre-populated list of payors that the government claims did not include “most, if not all, Minnesota insurance companies.” Nevertheless, there may have been other means employed by that provider and many others that could also satisfy the UIP’s “best of their knowledge” standard; we will be watching this case (among others) to see if such defenses are raised there.
We expect to see more enforcement alleging fraud against HRSA in the coming years. The Dinh case discussed above arose from a referral from the third-party entity contracted to administer the UIP, but it is clear from the complaint that the government also utilized data analytics to strengthen their case against Dinh. This serves as just another example of the government’s utilization of data analytics in enforcement actions, which we expect to intensify.
The OIG’s audit of the UIP (which we discussed in Part One of this series) describes HRSA’s ongoing process for assessing providers’ compliance with program requirements for reimbursement. Providers who participated in the UIP should prepare to undergo audits of their involvement in the program. Providers should also maintain records related to their involvement in the UIP, including records related to their efforts to verify insurance status.
Foley is here to help you address the short- and long-term impacts in the wake of regulatory changes. We have the resources to help you navigate these and other important legal considerations related to business operations and industry-specific issues. Please reach out to the authors, your Foley relationship partner, or to our Health Care Practice Group with any questions.