AMARILLO, TX – Increasingly, DME suppliers are contracting with offshore call centers for assistance with business process outsourcing (“BPO”). In doing so, suppliers must be aware of (i) HIPAA issues, (ii) Medicare requirements of Medicare Advantage Organizations, (iii) commercial insurer, requirements, and (iv) state Medicaid program requirements.
But what DME suppliers may not recognize is the importance of ensuring that the offshore call centers they use do not employ, or have 1099 independent contracts with, excluded individuals. The first part of this article summarizes requirements of HIPAA, Medicare, commercial insurers and state Medicaid programs. And then this article will pivot to a discussion of the importance of offshore call centers not employing or contracting with excluded individuals.
HIPAA allows covered entities (e.g., DME suppliers) to disclose protected health information (“PHI”) to business associates (e.g., offshore call centers) if the covered entity obtains satisfactory assurances that the business associate (i) will use the information only for the purpose for which it was engaged by the covered entity, (ii) will safeguard the information from misuse, and (iii) will help the covered entity comply with some of the covered entity’s duties under the HIPAA Privacy Rule. The DME supplier will need to enter into a Business Associate Agreement (“BAA”) with the offshore call center that clarifies and limits, as appropriate, the permissible uses and disclosures of PHI, based on the relationship between the parties and the activities or services being performed by the offshore call center.
MedicareFederal law does not prohibit subcontract arrangements with offshore call centers. However, CMS requires Medicare Advantage Organizations (“MAOs”) and Part D Prescription Drug Plans (“PDPs”) to (i) submit certain information regarding their offshore subcontractors (including call centers) and (ii) attest that they have taken measures to mitigate risks associated with sharing beneficiary information with such subcontractors.
The CMS requirements are not imputed to covered entities such as DME suppliers, but to PDPs and MAOs only. However, the DME supplier may have a duty under one or more contracts with PDPs/MAOs to report use of an offshore call center.
Some commercial payors, including those associated with Medicare Advantage and Medicaid Managed Care, require (i) written notice by the provider/supplier before it contracts with an offshore call center and/or (ii) approval by the commercial payor of the offshore call center. Rules regarding offshore subcontracting can be found in payor policies, provider manuals and network agreements.
State Medicaid Programs
In 2010, CMS issued guidance to state Medicaid programs prohibiting the programs from paying for products/services to a financial entity located offshore. The guidance prohibits the state Medicaid program from making payments to (i) provider/supplier bank accounts located offshore, (ii) telemedicine companies located offshore and (iii) pharmacies located offshore. On the other hand, the guidance does not prohibit paying an offshore subcontractor for (i) claims adjudication, (ii) call center services for enrollment and (iii) MAP administration.
According to a special bulletin posted by the OIG, an excluded person may not provide services that are payable by Federal health care programs, regardless of whether the person is an employee, a contractor, or a volunteer or has any other relationship with the provider/supplier. The bulletin provides an example of a hospital contracting with a staffing agency for temporary or per diem nurses. According to the bulletin, the hospital would be subject to overpayment liability and may be subject to Civil Monetary Penalties (“CMP”) liability if an excluded nurse from that staffing agency furnishes items or services to Federal health care program beneficiaries.
Based on OIG guidance, if a DME supplier has a 1099 contract with a call center (domestic or offshore) that employs an excluded individual, or has a 1099 independent contract with an excluded individual, then the DME supplier may be subject to CMP liability if the excluded person furnishes items or services to Federal health care program beneficiaries. Therefore, before executing a contract with an offshore call center, the DME supplier needs to (i) obtain a list of the call center’s employees and independent contractors and (ii) compare the list to the OIG exclusion list. Throughout the term of the supplier’s contract with the offshore call center, the supplier should obtain updated lists and compare the names to the OIG exclusion list.
Jeffrey S. Baird, JD, is chairman of the Health Care Group at Brown & Fortunato, PC, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers and other health care providers throughout the United States. Baird is Board Certified in Health Law by the Texas Board of Legal Specialization and can be reached at (806) 345-6320 or firstname.lastname@example.org.