OIG Finds OCR and Billing for Ambulance Services Needs Improvement

In a series of recent reports, the Office of Inspector General (OIG) noted a number of deficiencies and made a number of recommendations to improve and strengthen oversight of the HIPAA Privacy Standards and reduce the amount of inappropriate transportation billing. 

HIPAA Oversight and OCR Investigations

The OIG issued two reports separately noting deficiencies in how the Office of the Civil Rights (OCR) oversees and follows up on investigations concerning privacy breaches. In the first report, the OIG noted that the OCR should strengthen its followup on breaches of protected health information (PHI) reported by covered entities.

In its review of the OCR, the OIG, among other things, reviewed a statistical sample of large (breaches affecting 500 or more individuals) and small breaches (breaches affecting less than 500 individuals) investigated by the OCR.

The OIG found that, as required, the OCR investigated breaches affecting 500 or more individuals. In those instances, while the OCR determined that covered entities were non-compliant with at least one HIPAA standard, it had incomplete documentation of corrective actions taken by covered entities in at least 23% of the cases. The OIG also found that the OCR did not record information on breaches affecting less than 500 individuals in its case-tracking system, which, the report noted, limits its ability to track and identify covered entities with multiple small breaches.

In its second report, the OIG criticized the OCR oversight of covered entities’ compliance with the privacy standard for being “primarily reactive,” i.e., investigating noncompliance in response to complaints rather than actively auditing covered entities. As in its first report, the OIG also criticized the OCR’s case-tracking system and for lacking complete documentation on corrective action taken by covered entities.

Ambulance Transport Billing Errors

In a continued effort to reduce inappropriate or wasteful Medicare transportation spending, the OIG analyzed ambulance transport suppliers by focusing on seven key markers of questionable billing: (1) no Medicare service at the origin or destination; (2) excessive mileage for urban transports; (3) high number of transports per beneficiary; (4) compromised beneficiary number; (5) inappropriate or unlikely transport level; (6) beneficiary sharing; (7) transports to or from partial hospitalization programs (PHPs)). The OIG calculated suppliers’ levels of each measure and identified those suppliers that had unusually high levels on at least one measure relative to other suppliers which suggested to the OIG questionable billing practices.

Overall, the OIG report noted that in the first half of 2012, twenty-one percent of ambulance suppliers had questionable billing for at least one of the seven measures. The report also noted that four percent of suppliers had questionable billing for two, three, or four measures and that no suppliers had questionable billing for more than four measures.

One of the findings was a Medicare payment of $24 million in the first half of 2012 for ambulance transports that did not meet Medicare requirements concerning transport’s destination. According to OIG those included payments for transport that were either to a destination not covered by Medicare or to a destination that was inappropriate given the transport level.

The OIG also found that Medicare paid $17.4 million for transports to non-covered destinations and return transports. The most common non-covered destination was physicians’ offices, followed by community mental health centers or psychiatric facilities, lab, non-SNF facility, and hospice.

According to the government, Medicare also paid $7.1 million for ambulance transports for which suppliers used destination modifiers that were inappropriate for the transport levels billed.

If you have questions about HIPAA compliance and audits, ambulance transportation billing, Medicare participation, Medicare audits or have other health law questions, please contact our office.