Records Management

I am about to work with the Illinois Hospital Association (IHA) on the third edition of IHA’s Record Retention Reference. I worked with IHA on the first two editions and look forward to working on the third. I hope we call it Records Management Reference and not Record Retention because records management is broader and more encompassing than record retention.

I am a strong believer in records management. Records should not be hoarded and should be easy to retrieve when needed. I shudder when I hear that colleagues have 6,000 or more emails in their inbox and get chest pain when files are covered high on colleagues’ desks and cover the floors.

If you have suggestions, comments or stories relating to records management, let me know. I have a few good ones I can share with you over a cocktail.


Records Management – What’s New

Federal and state laws and payers require healthcare providers to create and maintain a whole host of records.

Records that are required to be maintained take many forms. A record may be a document from the business office, human resources, a medical record, a lab specimen, policies and procedures, equipment maintenance logs, incident and accident reports, etc. The retention requirements vary based on the type of record and may vary based on state and federal law.

Record retention requirements have been around seemingly forever, so what’s new? What’s new, is the stepped up enforcement.  If a provider fails to maintain the required records for the required period of time or fails to completely and timely respond to a request for documentation by a payer or a state or federal regulator, payers can deny payment, initiate civil and criminal actions for “false claims” and revoke and bar re-enrollment of the provider in the payer’s network, Medicare and any other governmental program

Recently, Medicare has begun to apply a strict liability approach to document retention and access standards. One of the challenges some providers, such as surgeons and hospital based providers face, is that they rely on other health care entities providing or furnishing the underlying service or item to maintain the records.

We recently represented a pulmonologist who received a request for medical records from Medicare for ICU records maintained by the various hospitals where he provided ventilator management services. When he was unable to produce the hospital records in a timely manner, Medicare began recouping nearly half a million dollars from his practice. Over time, and with our assistance, he was able to produce most of the records, but not until substantial dollars had been recouped and he was considering filing for bankruptcy.

Providers need to have a records management program. The program should address which records to retain, the retention periods and the specifics of record destruction. In deciding which records to retain, providers need to consider the following: (1) federal, state, local and payer retention requirements; (2) recommendations of accreditation and professional organizations: (3) the impact on the continuity of patient care information; and (4) the likelihood of utilization of the particular record. After identifying the records to be retained, providers need to provide for storage, retrieval and destruction of the records.

In light of Medicare’s new enforcement efforts, providers should focus on the ability to retrieve records in a complete and timely fashion.


The 7th Circuit Court of Appeals recently upheld the convictions of two former hospital executives finding that there was more than enough evidence for a reasonable jury to conclude that certain contracts arranged by the two with physicians and physician assistants were intended to induce illegal referrals to the hospital.

One of the defendants had argued that the conspiracy conviction was based on conduct that occurred after he left his employment at the hospital. The court said that simply leaving employment of the hospital where the referral fraud conspiracy was operating was not by itself enough and that the conspirator was required to make an affirmative declaration that he was exiting the conspiracy to his co-conspirators.

The take away from this appeal is that individuals involved in questionable kickback or other false claims conduct cannot just walk away. They should consult legal counsel for exit strategy advice.


Orthopedic Practice Pays $1,537,796 to Resolve Allegations of False Claims Submitted to Federal and State Programs for Medical Services

The orthopedic practice and its physicians paid $1,537,796 to settle civil claims stemming from allegations that they submitted false claims to Medicare, Medicaid, the Department of Veterans Affairs, and TRICARE.

Following an internal review and audit, the practice discovered irregularities in prior billing processes and practices. The practice proactively contacted the United States government to voluntarily disclose the billing irregularities and documentation deficiencies they had identified. The practice cooperated with the government and provided access to both privileged and non-privileged internal documentation, audit, and medical records, as well as access to their consultant statistician.

The voluntary disclosure and investigation revealed that the government had certain civil claims against the practice for false claims arising under Medicare, Medicaid, TRICARE, and the Veterans Health Administration. Specifically, that the practice had improperly billed the health care programs for the following: (i) physician extenders without documentation in progress notes to support billing, evaluation, and management codes; (ii) durable medical equipment, prosthetics, orthotics, and supplies (“DMEPOS”) where bills had incorrect CPT codes, where documentation did not support proof of delivery of the DMEPOS, and where documentation did not support that the DMEPOS was ordered or medically necessary for the patient; (iii) evaluation and management codes related to hospital consults that were not supported by documentation in progress notes; and (iv) physical therapy where the documentation did not support CPT codes billed and or the number of physical therapy units billed.

A few thoughts. That is a lot of money and in order to resolve the matter the practice provided the government with access to privileged information. If practices regularly audit their billing and coding processes and practices, problems like this will be identified early and disclosures and investigations may be able to be avoided.

Research Misconduct False Claims Act Lawsuit Upheld

A North Carolina federal judge Tuesday refused to dismiss a False Claims Act lawsuit claiming a University and some of its faculty knowingly falsified medical research data in order to get federal grants, saying that the whistleblower had adequately stated his case.

In a three-page order, U.S. District Judge Catherine C. Eagles denied dismissal motions by the University and individual defendants. The judge did not elaborate on her decision beyond saying that plaintiff had brought claims upon which relief could be granted.

At the time the alleged events occurred, the plaintiff was a laboratory research analyst in the Pulmonary, Asthma and Critical Care Division of the Health Systems. One of the defendants was a clinical research coordinator in that same division and is charged with directly manipulating the research in question, while another defendant, a research professor of medicine, was a direct supervisor.

This case is just one of the recent research misconduct cases initiated by whistleblowers, with false claims act implications. Researchers have exposure for alleged research misconduct from multiple sources. The consequences of a research misconduct allegation can be devastating to the individual researcher, as well as the sponsoring institution. Findings of research misconduct can result in exclusion from grants, termination of employment, and possible civil and criminal penalties.

The Best of MPM

The Journal of Medical Practice Management (Journal) recently published a collection of favorite articles from the Journal. My article, Purchasing Technology: A Few Things to Consider, co-written with the Rebecca Dean, CEO of a physician practice client, was selected for inclusion in the Journal’s powerhouse articles collection. Copies of the article are available from the Journal. A critical take away from the article is to make sure that the technology you are purchasing will do what you need it to do. Get representations and warranties in writing. Do not accept verbal promises.


A new OIG CMP rule effective January 6, 2017 clarifies the liability guidelines for EMTALA violations. The rule affirmed that willful conduct by a provider is not required for the OIG to impose penalties for EMTALA violations and revised the definition of  “responsible physician” to clarify that on-call physicians at hospitals with specialized capabilities are considered responsible physicians subject to EMTALA. 

The new rule removes “intent to leave” as a mitigating factor, adds “corrective action” as a mitigating factor and adds “risk of patient harm” as an aggravating factor. Because alleged EMTALA violations increasingly include allegations against the hospital and the responsible physician, a potential conflict of interest exists between the hospital and the responsible physician, due to the temptation to divert blame by pointing fingers.  The hospital and the responsible physician should have separate legal counsel.  For physicians, EMTALA violation findings can become medical license disciplinary actions.




New Purchased/Referral Care (PRC)  regulations give the Indian Health Service (I) , Tribal  Organizations (T) and Urban Indian Organizations (U) the ability to cap payment rates at a “Medicare-like rate” to physicians and other non-hospital provides and suppliers.  PRC covered services include outpatient care, physicians, laboratory, dialysis, radiology, pharmacy and transportation services.  The effective date of the regulations was May 20, 2016, with an implementation date of no later than March 21, 2017. In the absence of a contract or agreement with I/T/U for a different rate, the PRC “Medicare-like rate” applies when a Provider accepts a referral or request for services, accepts a purchase order for services, or files a claim for payment for an I/T/U patient.   Under the coordination of benefits provisions, PRC is a residual resource and pays after all other resources have considered the claim. Federal law prohibits the provider from billing the I/T/U  patient for authorized care.






Cherokee Nation Sues Drug Wholesalers and Retailers for Opioid Abuse

On April 20. 2017, the Cherokee Nation filed suit in the District Court of the Cherokee Nation alleging that certain wholesale drug distributors and pharmacies have caused the citizens of the Cherokee Nation to become addicted to opioid drugs and that the defendants could and should have taken steps to prevent the opioid epidemic. The complaint states that the defendants created an environment in which drug diversion can flourish causing damages to the Cherokee Nation; including the cost of medical care, counseling and rehabilitation services, child welfare, law enforcement and public safety, and lost productivity of Cherokee Nation citizens and businesses. The Cherokee Nation is asking the Cherokee Court to award injunctive relief, compensatory damages, statutory damages, punitive damages and attorneys’ fees. The Complaint states that the District Court of the Cherokee Nation has jurisdiction because the defendant distributors conduct business with the Cherokee Nation and the defendant pharmacies fill prescriptions for Cherokee Nation citizens and hire Cherokee Nation citizens.

This case raises a number of interesting issues regarding the duties of pharmacies to ensure that they dispense only those prescriptions that are based on legitimate medical need. This is a case to watch.


I recently worked on a telepsych agreement for a hospital client.  Under the agreement, a distant site will provide mental status assessments of emergency department patients remotely.  Some of the issues flowing from the contract that we addressed were whether patient consent was required for the telepsych consult and how to credential the distant site providers.  Legal and regulatory requirements for patient consent vary state by state and there are credentialing options for distant site providers.  With or without a legal or regulatory requirement for patient consent, we recommended obtaining patient consent, when possible as best practice.  We addressed how our hospital client would pay the distant site providers, but one thing we didn’t address in the telepsych agreement was payer coverage for telepsych services.

We understand that 31 states and the District of Columbia require private insurers to cover telehealth, but that the laws differ state to state.  Medicaid and Medicare also cover telehealth in varying degrees.

In March, I attended a three day meeting of women business leaders in health care where telehealth was a topic in multiple formal and informal discussions.  My previous experience in telehealth had been limited to working with a few direct to consumer telemedicine platforms and intensive care monitoring.  I now know that I can get psychiatric, nutrition and a multitude of other services via telehealth.    Telehealth is expanding exponentially.  While it will never fully replace a face to face visit with a health care provider, it does offer a way to better address certain patient needs.

Stay tuned to this Blog for more thoughts on telehealth.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress