The federal agency shipped tests to five commercial clinical laboratory companies, augmenting efforts by public health labs
Medical laboratories in the US are ramping up their efforts to respond to an outbreak of monkeypox that has been spreading around the globe. Microbiologists and clinical laboratory scientists will be interested to learn that this infectious agent—which is new to the US—may be establishing itself in the wild rodent population in this country. If proved to be true, it means Americans would be at risk of infection from contact with rodents as well as other people.
The Centers for Disease Control and Prevention (CDC) announced on May 18 that it had identified the infection in a Massachusetts resident who had recently traveled to Canada. As of August 3, the federal agency was reporting 6,617 confirmed cases in the US.
“By dramatically expanding the number of testing locations throughout the country, we are making it possible for anyone who needs to be tested to do so,” said HHS Secretary Xavier Becerra in an HHS press release.
Labcorp was first out of the gate, announcing on July 6 that it was offering the CDC-developed test for its customers, as well as accepting overflow from public labs. “We will initially perform all monkeypox testing in our main North Carolina lab and have the capacity to expand to other locations nationwide should the need arise,” said Labcorp chief medical officer and president Brian Caveney, MD, in a press release.
Mayo Clinic Laboratories followed suit on July 11, announcing that the clinic’s Department of Laboratory Medicine and Pathology would perform the testing at its main facility in Rochester, Minnesota.
“Patients can access testing through Mayo Clinic healthcare professionals and will soon be able to access testing through healthcare professionals who use Mayo Clinic Laboratories as their reference laboratory,” Mayo stated in a press release.
Then, Quest Diagnostics announced on July 13 that it was testing for the virus with an internally developed PCR test, with plans to offer the CDC test in the first half of August.
The lab-developed test “was validated under CLIA federal regulations and is now performed at the company’s advanced laboratory in San Juan Capistrano, Calif.,” Quest stated in a press release.
Public Health Emergency?
Meanwhile, the CDC announced on June 28 that it had established an Emergency Operations Center to respond to the outbreak. A few weeks later, on July 23, World Health Organization (WHO) Secretary-General Tedros Adhanom Ghebreyesus, PhD, declared that the outbreak represented “a public health emergency of international concern.”
He noted that international health regulations required him to consider five elements to make such a declaration.
“WHO’s assessment is that the risk of monkeypox is moderate globally and in all regions, except in the European region where we assess the risk as high,” he said in a WHO news release. “There is also a clear risk of further international spread, although the risk of interference with international traffic remains low for the moment. So, in short, we have an outbreak that has spread around the world rapidly, through new modes of transmission, about which we understand too little, and which meets the criteria in the International Health Regulations.”
Still, public health authorities have made it clear that this is not a repeat of the COVID-19 outbreak.
“Monkeypox virus is a completely different virus than the viruses that cause COVID-19 or measles,” the CDC stated in a June 9 advisory. “It is not known to linger in the air and is not transmitted during short periods of shared airspace. Monkeypox spreads through direct contact with body fluids or sores on the body of someone who has monkeypox, or with direct contact with materials that have touched body fluids or sores, such as clothing or linens. It may also spread through respiratory secretions when people have close, face-to-face contact.”
The New York Times reported that some experts disagreed with the CDC’s assessment that the virus “is not known to linger in the air.” But Professor of Environmental Health Donald Milton, MD, DrPH, of the University of Maryland, told The Times it is still “not nearly as contagious as the coronavirus.”
The Massachusetts resident who tested positive in May was not the first known case of monkeypox in the US, however, previous cases involved travel from countries where the disease is more common. Two cases in 2021—one in Texas and one in Maryland—involved US residents who had recently returned from Nigeria, the CDC reported. And a 2003 outbreak in the Midwest was linked to rodents and other small mammals imported to Texas from Ghana in West Africa.
“Labcorp and Quest don’t dispute that in many cases, their phlebotomists are not taking blood from possible monkeypox patients,” according to CNN. “What remains unclear, after company statements and follow-ups from CNN, is whether the phlebotomists are refusing on their own to take blood or if it is the company policy that prevents them. The two testing giants say they’re reviewing their safety policies and procedures for their employees.”
One symptom of monkeypox, the CDC states, is a rash resembling pimples or blisters. Clinicians are advised that two swabs should be collected from each skin lesion, though “procedures and materials used for collecting specimens may vary depending on the phase of the rash.”
“Effective communication and precautionary measures between specimen collection teams and laboratory staff are essential to maximizing safety when manipulating specimens suspected to contain monkeypox virus,” the CDC notes. “This is especially relevant in hospital settings, where laboratories routinely process specimens from patients with a variety of infectious and/or noninfectious conditions.”
Perhaps the negative reaction to the CDC’s initial response to the COVID-19 outbreak in the US is driving the federal agency’s swift response to this new viral threat. Regardless, clinical laboratories and pathology groups will play a key role in the government’s plan to combat monkeypox in America.
It did not take long for fraudsters to pursue hundreds of billions of federal dollars designated to support SARS-CoV-2 testing and it is rare when federal prosecutors bring cases only a few months after illegal lab testing schemes are identified
As if the COVID-19 pandemic weren’t bad enough, unscrupulous clinical laboratory operators quickly sought to take advantage of the critical demand for SARS-CoV-2 testing and defraud the federal government.
Unfortunately for the many defendants in these cases, federal investigations into alleged cases of fraud were launched with noteworthy speed. As a result of these investigations into alleged healthcare fraud by clinical laboratories and other organizations during fiscal year (FY) 2020, the US Department of Justice (DOJ) announced the US government has recovered $1.8 billion.
The federal prosecutions involved dozens of medical laboratory owners and operators who paid back “hundreds of millions in alleged federal healthcare program losses,” Goodwin Life Sciences Perspectives explained.
When combined with similar efforts starting in prior years, the program has returned to the federal government and private individuals a total of $3.1 billion, the DOJ noted.
“In its 24th year of operation, the program’s continued success confirms the soundness of a collaborative approach to identify and prosecute the most egregious instances of healthcare fraud, to prevent future fraud and abuse, and to protect program beneficiaries,” the report states.
COVID-19 Pandemic an Opportunity for Fraud
The HHS report notes that the COVID-19 pandemic required CMS to develop a “robust fraud risk assessment process” to identify clinical laboratory fraud schemes, such as offering COVID-19 tests in exchange for personal details and Medicare information.
“In one fraud scheme, some labs are targeting retirement communities claiming to offer COVID-19 tests but are drawing blood and billing federal healthcare programs for medically unnecessary services,” the HHS report notes.
Still other alleged schemes involved billing for expensive tests and services in addition to COVID-19 testing. “For example, providers are billing a COVID-19 test with other far more expensive tests such as the Respiratory Pathogen Panel (RPP) and antibiotic resistance tests,” the report says.
“Other potentially unnecessary tests being billed along with a COVID-19 test include genetic testing and cardiac panels CPT (current procedural terminology) codes. Providers are also billing respiratory, gastrointestinal, genitourinary, and dermatologic pathogen code sets with the not otherwise specified code CPT 87798,” the report states.
Different Types of Healthcare Organizations Investigated in 2020
Beyond clinical laboratories, the HHS’ 124-page report also shares criminal and civil investigations of other healthcare organizations and areas including:
durable medical equipment,
electronic health records,
home health providers,
hospitals and healthcare systems,
nursing home and facilities,
According to the DOJ, “enforcement actions” in 2020 included:
1,148 new criminal healthcare fraud investigations opened,
440 defendants convicted of healthcare fraud and related crimes,
1,079 civil healthcare fraud investigations opened, and
1,498 pending civil health fraud matters at year-end.
“Federal Bureau of Investigation (FBI) investigative efforts resulted in over 407 operational disruptions of criminal fraud organizations and the dismantlement of the criminal hierarchy of more than 101 healthcare fraud criminal enterprises,” the DOJ reported.
Furthermore, the report said OIG investigations in 2020 led to:
578 criminal actions against people or organizations for Medicare-related crimes,
781 civil actions such as false claims, and
2,148 people and organizations eliminated from Medicare and Medicaid participation.
Implications for Clinical Laboratories
In 2020, OIG issued 178 reports, completed 44 evaluations, and made 689 recommendations to HHS divisions.
Clinical laboratory leaders may be most interested in those related to patient identification as a means to combating fraud and Medicare Part B lab testing reimbursement.
The HHS report says, “Medicare Advantage (MA) encounter data continue to lack National Provider Identifiers (NPIs) for providers who order and/or refer … clinical laboratory services,” adding that, “Almost half of MA organizations believe that using NPIs for ordering providers is critical for combating fraud.”
Additionally, the report states, “Medicare Part B spending for lab tests increased to $7.6 billion in 2018, despite lower payment rates for most lab tests. The $459 million spending increase was driven by:
“increased spending on genetic tests,
“ending the discount for certain chemistry tests, and the
“move to a single national fee schedule.”
Medical laboratory leaders may be surprised to learn that federal healthcare investigators were so vigorous in their investigations, even during the worst of the COVID-19 pandemic.
Vigilance is critical to ensure labs do not fall under the DOJ’s scrutiny. This HHS report, which describes the types and dollars involved in fraudulent schemes by clinical labs and other providers, could help inform revisions to federal compliance regulations and statutes.
Sophisticated cyberattacks have already hit hospitals and healthcare networks in Oregon, California, New York, Vermont, and other states
Attention medical laboratory managers and pathology group administrators: It’s time to ramp up your cyberdefenses. The FBI, the federal Department of Health and Human Services (HHS), and the federal Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory (AA20-302A) warning US hospitals, clinical laboratories, and other healthcare providers to prepare for impending ransomware attacks, in which cybercriminals use malware, known as ransomware, to encrypt files on victims’ computers and demand payment to restore access.
The joint advisory, titled, “Ransomware Activity Targeting the Healthcare and Public Health Sector,” states, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” It includes technical details about the threat—which uses a type of ransomware known as Ryuk—and suggests best practices for preventing and handling attacks.
In his KrebsOnSecurity blog post, titled, “FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals,” former Washington Post reporter, Brian Krebs, wrote, “On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics, and medical care facilities across the United States. Today, officials from the FBI and the US Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an ‘imminent cybercrime threat to US hospitals and healthcare providers.’”
Krebs went on to reported that the threat is linked to a notorious cybercriminal gang known as UNC1878, which planned to launch the attacks against 400 healthcare facilities.
Clinical Labs, Pathology Groups at Risk Because of the Patient Data They Keep
Hackers initially gain access to organizations’ computer systems through phishing campaigns, in which users receive emails “that contain either links to malicious websites that host the malware or attachments with the malware,” the advisory states. Krebs noted that the attacks are “often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called ‘command and control’ servers used to transmit data between and among compromised systems.”
Charles Carmakal, SVP and Chief Technology Officer of cybersecurity firm Mandiant told Reuters, “UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career,” adding, “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline.”
Multiple Healthcare Provider Networks Under Attack
Hospitals in Oregon, California, and New York have already been hit by the attacks, Reuters reported. “We can still watch vitals and getting imaging done, but all results are being communicated via paper only,” a doctor at one facility told Reuters, which reported that “staff could see historic records but not update those files.”
Some of the hospitals that have reportedly experienced cyberattacks include:
Threat intelligence analyst Allan Liska of US cybersecurity firm Recorded Future told Reuters, “This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country.”
He added, “While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”
An earlier ransomware attack in September targeted 250 healthcare facilities operated by Universal Health Services Inc. (UHS). A clinician at one facility reported “a high-anxiety scramble” where “medical staff could not easily see clinical laboratory results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions,” AP reported.
Outside of the US, a similar ransomware attack in October at a hospital in Düsseldorf, Germany, prompted a homicide investigation by German authorities after the death of a patient being transferred to another facility was linked to the attack, the BBC reported.
CISA, FBI, HHS, Advise Against Paying Ransoms
To deal with the ransomware attacks, CISA, FBI, and HHS advise against paying ransoms. “Payment does not guarantee files will be recovered,” the advisory states. “It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” The federal agencies advise organizations to take preventive measures and adopt plans for coping with attacks.
The advisory suggests:
Training programs for employees, including raising awareness about ransomware and phishing scams. Organizations should “ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.”
Regular backups of data and software. These should be “maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups.” Personnel should also test the backups.
Continuity plans in case information systems are not accessible. For example, organizations should maintain “hard copies of digital information that would be required for critical patient healthcare.”
“Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations,” the advisory states. “Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies.”
Dark Daily Publisher and Editor-in-Chief, Robert Michel, suggests that clinical laboratories and anatomic pathology groups should have their cyberdefenses assessed by security experts. “This is particularly true because the technologies and methods used by hackers change rapidly,” he said, “and if their laboratory information systems have not been assessed in the past year, then this proactive assessment could be the best insurance against an expensive ransomware attack a lab can purchase.”
Clinical laboratories are advised to continue developing methods for making prices for procedures available to the general public
Even as an effective treatment for COVID-19 continues to elude federal healthcare agencies, Medicare officials are pressing ahead with efforts to bring about transparency in hospital healthcare pricing, including clinical laboratory procedures and prescription drugs costs.
In FY 2021 Proposed Rule CMS-1735-P, titled, “Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long-Term Care Hospital Prospective Payment System and Proposed Policy Changes and Fiscal Year 2021 Rates; Quality Reporting and Medicare and Medicaid Promoting Interoperability Programs Requirements for Eligible Hospitals and Critical Access Hospitals,” the Centers for Medicare and Medicaid Services (CMS) proposes to “revise the Medicare hospital inpatient prospective payment systems (IPPS) for operating and capital-related costs of acute care hospitals to implement changes arising from our continuing experience with these systems for FY 2021 and to implement certain recent legislation.”
The proposed rule suggests a 1.6% increase (about $2 billion) in reimbursement for hospital inpatient services for 2021, but also eludes to the possibility of payer negotiated rates being used to determine future payment to hospitals.
In its analysis of the proposed rule, Modern Healthcare noted that CMS is “continuing its price transparency push, to the chagrin of some providers.”
However, the provisions in the proposed rule do, according to the CMS news release, advance several presidential executive orders, including:
Controversial Use of Payer Data for Future Medicare Rates
This latest CMS proposed rule (comments period ended July 10) moves forward “controversial price transparency” and has a new element of possible leverage of reported information for future Medicare payment rates, Healthcare Dive reported.
The 1,602-page proposed rule (CMS-1735-P) calls for these requirements in hospital Medicare cost reports:
Median payer-specific negotiated inpatient services;
“In addition, the agency is requesting information regarding the potential use of these data to set relative Medicare payment rates for hospital procedures,” the CMS news release states.
Thus, under the proposed rule, the nation’s 3,200 acute care hospitals and 360 long-term care hospitals would need to start reporting requested data for discharges effective Oct. 1, 2020, a CMS fact sheet explained.
In the news release following the release of the proposed rule, CMS Administrator Seema Verma had a positive spin. “Today’s payment rate announcement focuses on what matters most to help hospitals conduct their business and receive stable and consistent payment.”
However, the American Hospital Association (AHA) articulated a different view, even calling the requirement for hospitals to report private terms “unlawful.”
During in-court testimony, provider representatives declared that revealing rates they negotiate with payers violates First Amendment rights, Becker’s Hospital Review reported.
Officials for the federal government pushed back telling the federal judge that they can indeed require hospitals to publish negotiated rates. Hospital chargemasters, they added, don’t tell the full story, since consumers don’t pay those rates, Modern Healthcare reported.
In addition to the increase in inpatient payments and price transparency next steps, the recent CMS proposed rule also includes a new hospital payment category for chimeric antigen receptor (CAR) T-cell therapy. The technique uses a patient’s own genetically-modified immune cells to treat some cancers, as an alternative to chemotherapy and other treatment covered by IPPS, CMS said in the news release.
The agency also expressed intent to remove payment barriers to new antimicrobials approved by the FDA’s Limited Population Pathway for Antibacterial and Antifungal Drugs (LPAD pathway). “The LPAD pathway encourages the development of safe and effective drug products that address unmet needs of patients with serious bacterial and fungal infections,” the CMS fact sheet states.
Clinical laboratories are gateways to healthcare. For hospital lab leaders, the notion of making tests prices easily accessible to patients and consumers will soon no longer be a nice idea—but a legal requirement.
Therefore, clinical laboratory leaders are advised to stay abreast of price transparency regulations and continue to prepare for sharing test prices and information with patients and the general public in ways that fulfill federal requirements.
Since the pandemic began, federal investigators are specifically looking for patterns of fraud in Medicare claims data for COVID-19 clinical laboratory testing
Last month, the federal Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced it had been investigating trends in Medicare claims data that could indicate patterns of fraud in the billing for COVID-19 clinical laboratory tests, Modern Healthcare reported.
Stretching back to at least March, fraudulent actors offering fake SARS-CoV-2 tests have preyed on vulnerable Americans in a wide variety of ways during the public health emergency, according to published reports. Some scam operators have gone into nursing homes and long-term care facilities to collect cash from unsuspecting elders in exchange for swab collections and phony testing, the New York Times reported.
Since the declaration of the public health emergency in the US, the federal Centers for Medicare and Medicaid Services (CMS) no longer requires a lab test requisition signed by a treating physician or other provider for COVID-19 testing. “The strong demand for and limited supply of SARS-CoV-2 tests, along with the move by CMS to relax rules for certain test orders during the pandemic, makes the situation a potentially ripe one for fraud,” Modern Healthcare stated.
Plus, a lack of clarity about the medical necessity of COVID-19 tests could raise the liability risk for law-abiding clinical laboratories. All of these factors make COVID-19 testing fraud a potential bombshell for clinical laboratories conducting coronavirus testing that may get caught up in federal investigations.
Feds Step Up Enforcement
Shortly after the pandemic arrived in the US, the FBI, the Better Business Bureau (BBB), the FDA, the federal Department of Health and Human Services (HHS), and other federal and local authorities have frequently warned doctors, hospitals, and healthcare consumers about the potential for fraud by unscrupulous companies purporting to offer legitimate clinical laboratory testing for COVID-19. A June 26 FBI press release stated, “Scammers are marketing fraudulent and/or unapproved COVID-19 antibody tests, potentially providing false results.”
Some of the fraudsters behind these scams have operated online and through social media and email. While others have conducted these scams in person or over the phone, noted the press release.
And yet, despite the warnings, the scams and news articles about them have continued to spread throughout the COVID-19 pandemic.
Various Forms of Fraud and Their Consequences
In many of these scams, fraudsters seek to collect consumers’ personal information, including names, dates of birth, and Social Security numbers, as well as other forms of personal health information, such as Medicare or private health insurance data, the FBI reported. Scammers can use that information in medical insurance fraud schemes or to commit identity theft, the agency added.
Additionally, any fake or inaccurate COVID-19 tests or assays that the FDA has not allowed for use could provide doctors with false results, potentially creating a dangerous situation for patients.
The New York Times (NYT) recently reported that the FBI had issued a warning “about scammers who advertise fraudulent COVID-19 antibody tests as a way to obtain personal information that can be used for identity theft or medical insurance fraud.”
On June 17, the FDA reported that it issued warning letters to three companies for marketing adulterated and misbranded COVID-19 antibody tests, stated an FDA news release. The agency sent warning letters to:
On April 17, the New York Times reported that a special agent with the HHS OIG noted that impostors seeking Medicare or Medicaid information posed as doctors or laboratory technicians to offer fake tests in nursing homes and assisted living facilities.
Earlier in April, The Texas Tribune reported that the owner of a freestanding emergency room in Laredo, Texas, spent $500,000 to buy 20,000 rapid COVID-19 tests for patients suspected of having COVID-19. Health officials in Laredo planned to establish a drive-through testing site and then administer tests that came from a manufacturer in China to detect active infections. After trying to validate the tests, city health officials found they were unreliable and unusable.
An April 9 report from the news department of the AARP (American Association of Retired Persons) stated that federal officials have found fake coronavirus testing sites in many states, including Alabama, Arizona, Florida, Georgia, Kentucky, New York, and Washington state.
The FBI, according to AARP, investigated several fake test sites in Louisville, Ky., after a city official reported that people in personal protective equipment (PPE) were collecting biological specimens from residents. Those seeking tests were told to pay $240 in cash or give their Medicare, Medicaid, or Social Security cards to verify their identity.
Fake drive-up testing sites were reported at gas stations and other locations in Louisville over a four-day period, the AARP reported.
On April 2, WRGB TV in Albany, N.Y., reported that scammers pretending to be from the New York State Department of Health (NYSDOH) were taking money and insurance information from people in exchange for fake coronavirus tests. One woman told police she got a fake test at a drive-up site in a Little League parking lot.
North Greenbush police said the scammers identified themselves as being with NYSDOH and collected money and insurance information from multiple people. Police and state officials said the DOH had no connection to the collection site in the parking lot.
Lessons for Lab Directors
For clinical laboratory directors and all clinical lab scientists, the lesson from these stories is to be wary of strangers offering COVID-19 testing, while also making certain to post information for customers about the legitimacy of your lab’s COVID-19 rapid molecular and serological tests. Doing so might involve providing proof that the FDA has allowed your tests to be used for the coronavirus.
Also, medical laboratories should ensure that all employees collecting specimens in public places display proper identification.