Regulators and lawmakers are considering proposed changes to CLIA and PAMA involving medical laboratory services
Clinical laboratories and pathology groups should monitor a series of federal regulatory developments underway this fall. The proposals and documents will potentially affect how lab managers and staff do their jobs and how much Medicare reimbursement medical laboratories receive for certain diagnostic tests next year.
Among the initiatives under consideration are the following:
Below are details about these laboratory-related federal bills and regulatory documents that observant laboratory managers will want to track in the coming months.
“Clinical laboratories need to make sure that they have proper requisitions and documentation for genetic testing that involves telemedicine.” Danielle Tangorre, JD (above), a partner at law firm Robinson and Cole LLP in Albany, NY, told Dark Daily. (Photo copyright: Robinson and Cole LLP.)
CLIA Fee Increases and Testing Personnel Changes
The federal Centers for Medicare and Medicaid Services (CMS) is examining fee and personnel changes for CLIA. Officials from CMS are reviewing public comments on the proposal ahead of publishing a final rule.
Among other changes, the proposal would:
Institute a 20% across-the-board increase on existing fees.
Establish a biennial increase of CLIA fees for follow-up surveys, substantiated complaint surveys, and revised certificates.
Add doctoral, master’s, and bachelor’s degrees in nursing to qualify testing personnel for high and moderate complexity testing.
“The Practitioner does not have sufficient contact with or information from the purported patient to meaningfully assess the medical necessity of the items or services ordered or prescribed.
“The Telemedicine Company compensates the Practitioner based on the volume of items or services ordered or prescribed, which may be characterized to the Practitioner as compensation based on the number of purported medical records that the Practitioner reviewed.
“The Telemedicine Company only furnishes items and services to Federal health care program beneficiaries and does not accept insurance from any other payor.
“The Telemedicine Company does not expect Practitioners (or another Practitioner) to follow up with purported patients nor does it provide Practitioners with the information required to follow up with purported patients (e.g., the Telemedicine Company does not require Practitioners to discuss genetic testing results with each purported patient).”
And more.
“In the telehealth space, the issue the OIG has flagged is that genetic tests are being ordered without patient interaction or with only brief telephonic conversations,” Danielle Tangorre, JD, a partner at law firm Robinson & Cole LLP in Albany, N.Y., told Dark Daily.
New Bill May Eliminate 2023 Medical Laboratory Payment Cuts Under PAMA
Medical labs and pathology groups face payment cuts of up to 15% for 800 lab tests on the Medicare Clinical Lab Fee Schedule (CLFS) on Jan. 1, 2023, as part of PAMA.
The bill proposes to move regulatory oversight of LDTs from CLIA to the federal Food and Drug Administration (FDA). Champions of the bill argue that FDA regulation is needed for in vitro clinical tests (IVCTs) because they are similar to medical devices and bring with them patient safety concerns.
The bill seemed ready for a Senate vote over the summer but stalled. On Sept. 30, Congress passed a short-term resolution to keep the federal government funded. During negotiation, the VALID Act was removed from the larger spending package, according to Boston law firm Ropes and Gray.
Expect discussion to renew in Congress about the VALID Act after the mid-term elections.
Clinical laboratory leaders and pathology group managers will want to closely monitor the progress of these four federal legislative and regulatory developments. Each of the possible actions described above would significantly change the status quo in the compliance requirements and reimbursement arrangements for both clinical laboratory testing and anatomic pathology services.
Healthcare industry watchdog Group Leapfrog says that if CMS suppresses the data “all of us will be in the dark on which hospitals put us most at risk”
For some time, hospitals and clinical laboratories have struggled with transparency regulation when it comes to patient outcomes, test prices, and costs. So, it is perplexing that while that Centers for Medicare and Medicaid Services (CMS) pushes for more transparency in the cost of hospital care and quality, the federal agency also sought to limit public knowledge of 10 types of medical and surgical harm that occurred in hospitals during the COVID-19 pandemic.
And even though the CMS announced in its August 1 final rule (CMS-1771-F) that it was “pausing” its plans to suppress data relating to 10 measures that make up the Patient Safety and Adverse Events Composite (PSI 90), a part of the Hospital-Acquired Condition (HAC) Reduction Program, it is valuable for hospital and medical laboratory leaders to understand what the federal agency was seeking to accomplish.
According to USA Today, medical complications at hospitals such as pressure ulcers and falls leading to fractures would be suppressed in reports starting next year. Additionally, CMS “also would halt a program to dock the pay of the worst performers on a list of safety measures, pausing a years-long effort that links hospitals’ skill in preventing such complications to reimbursement,” Kaiser Health News reported.
The proposed rule’s executive summary reads in part, “Due to the impact of the COVID-19 PHE on measure data used in our value-based purchasing (VBP) programs, we are proposing to suppress several measures in the Hospital VBP Program and HAC Reduction Program … If finalized as proposed, for the FY 2023 program year, hospitals participating in the HAC Reduction Program will not be given a measure score, a Total HAC score, nor will hospitals receive a payment penalty.”
In a fact sheet, CMS noted that its intent in proposing the rule was neither to reward nor penalize providers at a time when they were dealing with the SARS-CoV-2 outbreak, new safety protocols for staff and patients, and an unprecedented rise in inpatient cases.
“We want the public to have complete trust in the data and will only be providing data we have determined has a high confidence of credibility and accuracy,” said CMS Chief Medical Officer Lee Fleisher, MD (above), Director of the CMS Center for Clinical Standards and Quality in a statement, Axios reported. Clinical laboratory leaders would find it more difficult to compare the performance of their hospitals against peer hospitals, should this proposed rule take effect as written. (Photo copyright: Lee Fleisher.)
Groups Opposed to the CMS Proposal
Like healthcare costs, quality data need to be accessible to the public, according to a health insurance industry representative. “Cost data, in the absence of quality data, are at best meaningless, and at worst, harmful. We see this limitation on collection and publication of data about these very serious safety issues as a step backward,” Robert Andrews, JD, CEO, Health Transformation Alliance, told Fortune.
The Leapfrog Group, a Washington, DC-based non-profit watchdog organization focused on healthcare quality and safety, urged CMS to reverse the proposal. The organization said on its website that it had collected 270 signatures on letters to CMS.
“Dangerous complications, such as sepsis, kidney harm, deep bedsores, and lung collapse, are largely preventable yet kill 25,000 people a year and harm 94,000,” wrote the Leapfrog Group in a statement. “Data on these complications is not available to the public from any other source. If CMS suppresses this data, all of us will be in the dark on which hospitals put us most at risk.”
Leah Binder, Leapfrog President/CEO, told MedPage Today she is concerned the suppression of public reporting of safety data may continue “indefinitely” because CMS does not want “to make hospitals unhappy with them.”
AHA Voices Support
Meanwhile, the American Hospital Association noted that the CMS “has made this proposal to forgo calculating certain hospital bonuses and penalties due to the impact of the pandemic,” Healthcare Dive reported.
“We agree with CMS that it would be unfair to base hospital incentives and penalties on data that have been skewed by the unprecedented impacts of the pandemic,” said Akin Demehin, AHA Senior Director, Quality and Safety Policy, in a statement to Healthcare Dive.
Though CMS’ plans to limit public knowledge of medical and surgical complications have been put on hold, medical laboratory leaders will want to stay abreast of CMS’ next steps with this final rule. Suppression of hospital harm during a period of increased demand for hospital transparency could trigger a backlash with healthcare consumers.
CMS says it is responding to hospitals’ plea for relief from burdensome reporting requirements, but not altering federal price transparency laws
Despite federal price transparency law that went into effect January 1 after a year-long court battle, some hospitals continue to balk at sharing their payer-negotiated rates for healthcare goods and services—including medical laboratory testing—claiming a variety of challenges due to the COVID-19 pandemic, vaccine distribution, and other difficulties, Modern Healthcare reported.
This requirement was originally part of the Hospital Price Transparency Final Rule (84 FR 65524), passed in 2019 during the Trump administration, which required hospitals to “establish, update, and make public a list of their standard charges for the items and services that they provide,” including clinical laboratory test prices. This reporting requirement did not sit well with the AHA.
In a statement, Ashley Thompson, Senior Vice President for Public Policy Analysis and Development for the American Hospital Association, said, “This policy will require hospitals to divert critically needed resources during this historic pandemic to administrative tasks that will not benefit patients.” She added, “We do not believe CMS has the authority to compel the disclosure of these terms and our legal challenge remains ongoing.”
However, if the new proposed rule goes into effect, CMS would no longer expect hospitals to report the rates they have negotiated with each Medicare Advantage plan, RevCycleIntelligence reported.
“Hospitals are often the backbone of rural communities—but the COVID-19 pandemic has hit rural hospitals hard, and too many are struggling to stay afloat,” HHS Secretary Xavier Becerra (above) said in an announcement, RevCycleIntelligence reported. “This rule will give hospitals more relief and additional tools to care for COVID-19 patients and it will also bolster the healthcare workforce in rural and underserved communities.” (Photo copyright: Modern Healthcare.)
CMS Relieving a Burden, Not Eliminating a Requirement
In the fact sheet, CMS wrote that it “is proposing to repeal the requirement that a hospital report on the Medicare cost report the median payer-specific negotiated charge that the hospital has negotiated with all of its MA organization payers, by MS-DRG (Medicare-severity diagnosis related group), for cost reporting periods ending on or after January 1, 2021. CMS estimates this will reduce administrative burden on hospitals by approximately 64,000 hours.”
Experts noted that CMS is attempting to reduce providers’ administrative burdens, while keeping federal price transparency requirements in effect.
“The repeal of this requirement more falls into the bucket of easing hospitals’ burden as opposed to the agency’s stance on hospital price transparency,” Caitlin Sheetz, Director and Head of Analytics at ADVI Health, LLC, told Fierce Healthcare.
Still, the recent CMS action could be a sign that price transparency requirements for hospitals will not intensify, she added. “I would think it is very unlikely that [CMS] would put out a rule that is easing up hospital administrative burden [and] they would then ramp up audits for the hospital price transparency rule.”
AHA Supports CMS’ Latest Proposed Rule on Hospital Reporting
The AHA said the new proposed rule moves in the right direction.
In a statement, Tom Nickels, Executive Vice President of the AHA, said, “We have long said that privately negotiated rates take into account any number of unique circumstances between a private payer and a hospital and their disclosure will not further CMS’ goal of paying market rates that reflect the cost of delivering care.” He added, “We once again urge the agency to focus on transparency efforts that help patients access their specific financial information based on their coverage and care.”
Though federal price transparency rules are evolving, medical laboratories are encouraged to accept that consumer demand is one powerful force driving this trend. Thus, clinical laboratories that currently make it easy for patients to see the prices for common medical laboratory tests in advance of service should gain competitive advantage from this feature over time.
The No Surprises Act, passed as part of the COVID-19 relief package, ensures patients do not receive surprise bills after out-of-network care, including hospital-based physicians such as pathologists
Consumer demand for price transparency in healthcare has been gaining support in Congress after several high-profile cases involving surprise medical billing received widespread reporting. Dark Daily covered many of these cases over the years.
Now, after initial opposition and months of legislative wrangling, organizations representing medical laboratories and clinical pathologists have expressed support for new federal legislation that aims to protect patients from surprise medical bills, including for clinical pathology and anatomic pathology services.
The new law Congress passed is known as the No Surprises Act (H.R.3630) and is part of the $900 billion COVID relief and government funding package signed by President Trump on December 27.
The law addresses the practice of “balance billing,” in which patients receive surprise bills for out-of-network medical services even when they use in-network providers. An ASCP policy statement noted that “a patient (consumer) may receive a bill for an episode of care or service they believed to be in-network and therefore covered by their insurance, but was in fact out-of-network.” This, according to the ASCP, “occurs most often in emergency situations, but specialties like pathology, radiology, and anesthesiology are affected as well.”
Most portions of the No Surprises Act take effect on January 1, 2022. The law prohibits balance billing for emergency care, air ambulance transport, or, in most cases, non-emergency care from in-network providers. Instead, if a patient unknowingly receives services from an out-of-network provider, they are liable only for co-pays and deductibles they would have paid for in-network care.
New Law Bars Pathologists from Balance Billing without Advance Patient Consent
The law permits balance billing under some circumstances, but only if the patient gives advance consent. And some specialties, including pathologists, are barred entirely from balance billing.
The law also establishes a process for determining how healthcare providers are reimbursed when a patient receives out-of-network care. The specifics of that process proved to be a major sticking point for providers. In states that have their own surprise-billing protections, payment will generally be determined by state law. Otherwise, payers and providers have 30 days to negotiate payment. If they can’t agree, payment is determined by an arbiter as part of an independent dispute resolution (IDR) process.
Early Proposal Drew Opposition
An early proposal to prohibit surprise billing drew opposition from a wide range of medical societies, including the ASCP, CAP, and the American Medical Association (AMA).
All were signatories to a July 29, 2020, letter sent to leaders of the US Senate and House of Representatives urging them to hold off from enacting surprise billing protections as part of COVID relief legislation. Though the groups agreed in principle with the need to protect patients from surprise billing, they contended that the proposed legislation leaned too heavily in favor of insurers, an ASCP news release noted.
“Legislative proposals that would dictate a set payment rate for unanticipated out-of-network care are neither market-based nor equitable, and do not account for the myriad inputs that factor into payment negotiations between insurers and providers,” the letter stated. “These proposals will only incentivize insurers to further narrow their provider networks and would also result in a massive financial windfall for insurers. As such, we oppose the setting of a payment rate in statute and are particularly concerned by proposals that would undermine hospitals and front-line caregivers during the COVID-19 pandemic.”
On December 11, leaders of key House and Senate committees announced agreement on a bipartisan draft of the bill that appeared to address these concerns, including establishment of the arbitration process for resolving payment disputes.
However, in a letter sent to the committee chairs and ranking members, the AHA asked for changes in the dispute-resolution provisions, including a prohibition on considering Medicare or Medicaid rates during arbitration. “We are concerned that the IDR process may be skewed if the arbiter is able to consider public payer reimbursement rates, which are well known to be below the cost of providing care,” the association stated. However, legislators agreed to the change after last-minute negotiations.
“The AHA is pleased that Congress rejected approaches that would impose arbitrary rates on providers, which could have significant consequences far beyond the scope of surprise medical bills and impact access to hospital care,” AHA President and CEO Rick Pollack (above) said in a statement. “We also applaud Congress for rejecting attempts to base rates on public payers.” (Photo copyright: American Hospital Association.)
Dispute Resolution for Pathologists
The CAP also expressed support for the final bill. In a statement, CAP noted that “As the legislation evolved during the 116th Congress, CAP members met with their federal lawmakers to discuss the CAP’s policy priorities.
“Through the CAP’s engagement and collaboration with other physician associations, the legislation improved drastically,” the CAP stated. “Specifically, the CAP lobbied Congress to hold patients harmless, establish a fair reimbursement formula for services provided, deny insurers the ability to dictate payment, create an independent dispute resolution (IDR) process that pathologists can participate in, and require network adequacy standards for health insurers.”
As laboratory testing was identified by thousands of respondents to the University of Chicago survey as the top surprise bill, it is likely that billing and transparency in charges for clinical pathologist and anatomic pathologist will continue to be scrutinized by law makers and healthcare associations.
Sophisticated cyberattacks have already hit hospitals and healthcare networks in Oregon, California, New York, Vermont, and other states
Attention medical laboratory managers and pathology group administrators: It’s time to ramp up your cyberdefenses. The FBI, the federal Department of Health and Human Services (HHS), and the federal Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory (AA20-302A) warning US hospitals, clinical laboratories, and other healthcare providers to prepare for impending ransomware attacks, in which cybercriminals use malware, known as ransomware, to encrypt files on victims’ computers and demand payment to restore access.
The joint advisory, titled, “Ransomware Activity Targeting the Healthcare and Public Health Sector,” states, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” It includes technical details about the threat—which uses a type of ransomware known as Ryuk—and suggests best practices for preventing and handling attacks.
In his KrebsOnSecurity blog post, titled, “FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals,” former Washington Post reporter, Brian Krebs, wrote, “On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics, and medical care facilities across the United States. Today, officials from the FBI and the US Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an ‘imminent cybercrime threat to US hospitals and healthcare providers.’”
Krebs went on to reported that the threat is linked to a notorious cybercriminal gang known as UNC1878, which planned to launch the attacks against 400 healthcare facilities.
Clinical Labs, Pathology Groups at Risk Because of the Patient Data They Keep
Hackers initially gain access to organizations’ computer systems through phishing campaigns, in which users receive emails “that contain either links to malicious websites that host the malware or attachments with the malware,” the advisory states. Krebs noted that the attacks are “often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called ‘command and control’ servers used to transmit data between and among compromised systems.”
Charles Carmakal, SVP and Chief Technology Officer of cybersecurity firm Mandiant told Reuters, “UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career,” adding, “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline.”
John Riggi (above), senior cybersecurity adviser to the American Hospital Association (AHA), told the AP, “We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety. We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.” Hospital-based medical laboratories and independent clinical laboratories that interface with hospital networks should be assess their vulnerability to cyberattacks and take appropriate steps to protect their patients’ data. (Photo copyright: American Hospital Association.)
Multiple Healthcare Provider Networks Under Attack
Hospitals in Oregon, California, and New York have already been hit by the attacks, Reuters reported. “We can still watch vitals and getting imaging done, but all results are being communicated via paper only,” a doctor at one facility told Reuters, which reported that “staff could see historic records but not update those files.”
Some of the hospitals that have reportedly experienced cyberattacks include:
In October, the Associated Press (AP) reported that a recent cyberattack disrupted computer systems at six hospitals in the University of Vermont (UVM) Health Network. The FBI would not comment on whether that attack involved ransomware, however, it forced the UVM Medical Center to shut down its computer system and reschedule elective procedures.
Threat intelligence analyst Allan Liska of US cybersecurity firm Recorded Future told Reuters, “This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country.”
He added, “While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”
An earlier ransomware attack in September targeted 250 healthcare facilities operated by Universal Health Services Inc. (UHS). A clinician at one facility reported “a high-anxiety scramble” where “medical staff could not easily see clinical laboratory results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions,” AP reported.
Outside of the US, a similar ransomware attack in October at a hospital in Düsseldorf, Germany, prompted a homicide investigation by German authorities after the death of a patient being transferred to another facility was linked to the attack, the BBC reported.
CISA, FBI, HHS, Advise Against Paying Ransoms
To deal with the ransomware attacks, CISA, FBI, and HHS advise against paying ransoms. “Payment does not guarantee files will be recovered,” the advisory states. “It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” The federal agencies advise organizations to take preventive measures and adopt plans for coping with attacks.
The advisory suggests:
Training programs for employees, including raising awareness about ransomware and phishing scams. Organizations should “ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.”
Regular backups of data and software. These should be “maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups.” Personnel should also test the backups.
Continuity plans in case information systems are not accessible. For example, organizations should maintain “hard copies of digital information that would be required for critical patient healthcare.”
“Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations,” the advisory states. “Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies.”
Dark Daily Publisher and Editor-in-Chief, Robert Michel, suggests that clinical laboratories and anatomic pathology groups should have their cyberdefenses assessed by security experts. “This is particularly true because the technologies and methods used by hackers change rapidly,” he said, “and if their laboratory information systems have not been assessed in the past year, then this proactive assessment could be the best insurance against an expensive ransomware attack a lab can purchase.”
