New data bank casts wider net
How the fraud busters threaten to turn up the heat on physicians
From the January 1999 ACP-ASIM Observer, copyright © 1999 by the American College of Physicians-American Society of Internal Medicine.
By Phyllis Maguire
As HCFA steps up its fight against fraud and abuse, the medical community is bracing itself for a new federal database that will make vast amounts of information on physicians and others in the health care industry available to a wide audience.
This May, the Healthcare Integrity and Protection Data Bank (HIPDB) will begin recording civil judgments and criminal convictions related to all kinds of health care disputes, including breach of contract, unnecessary payments, denial of care and delays in diagnosis or treatment. The data bank will include not only physicians but also allied health providers, pharmacists, health plans, vendors and their employees. Health plans found guilty of wrongfully denying care to patients, for example, will be listed in the HIPDB, as will drug companies convicted of overcharging for their products. Fraudulent entrepreneurs will find it more difficult to shut down a company that's garnered an HIPDB report and start another under a different name.
Many, however, see the new data bank as an indication of how far the government plans to go in fighting fraud and abuse. While the new data bank will be accesible to health plans and hospitals credentialing physicians, it will also be open to federal agencies and law enforcement officials, providing them with a vast new source of information on individuals who have had trouble in the health care field.
The breadth of the new database has some wondering whether the government might be going too far in its search for health care fraud. Analysts predict that individuals listed in the data bank might be subject to extra scrutiny from law enforcement officials as the Department of Justice uses data bank reports to identify individuals for fraud investigations. And it is possible that agencies like the Internal Revenue Service might decide to more closely inspect individuals with an HIPDB report.
This is not the first time that the government has proposed using a large data bank to track down wrongdoing in health care. Many physicians still harbor bitter feelings toward the National Practitioner Data Bank (NPDB), which was created in 1990 to prevent physicians with disciplinary and malpractice problems from crossing state lines to evade scrutiny. Physicians have long complained that the first data bank is plagued by incorrect information. (See "A physician's nightmare: when the data bank report is wrong," page 15.)
While there are some similarities between the two data banks, there are also major differences. For one, the HIPDB plans to cast a much wider net than its predecessor. While the older data bank focuses on adverse disciplinary actions and malpractice payments of physicians and dentists, the new one will scrutinize everyone involved in health care, not just practitioners. And while the new data bank will include information on disciplinary and licensure problems for all health care providers, it will not maintain any information on malpractice payments or claims. (The first data bank will still provide credentialers with malpractice payment reports.)
Another difference is that while the original data bank will continue to supply information primarily to credentialing committees and organizations seeking to employ or contract with physicians, the new data bank will be open to credentialing entities and law enforcement officials. Everyone from the local police to a broad range of federal agencies will have access to the HIPDB files on civil and criminal judgments, what one expert called "one-stop shopping" for law officials looking for health care-related crimes.
James R. Winn, MD, executive vice president of the Federation of State Medical Boards and a member of the NPDB Executive Committee, said that the idea driving the creation of the new data bank is simple: "Let's get all the bad actors out there who have committed fraud and put them into one database so they can be watched."
The HIPDB, which was created by the Health Insurance Portability and Accountability Act of 1996 to fight health care fraud, is based on the policing philosophy being used to fight crime in major cities like New York. Police crack down on minor crimes like driving a car without current registration in the hope of finding more substantive crime. "If someone is committing a crime in one area, they're more likely to be criminals in another area as well," explained Thomas C. Croft, director of quality assurance, the HHS office that will manage both data banks.
What worries many physicians, however, is that the bulk of the new data bank's files will be related not to fraud but to disciplinary and licensure actions. Of the 25,000 to 30,000 reports the HIPDB is expected to receive each year, for example, Mr. Croft estimated that only 5,000 will involve civil judgments or criminal convictions. All adverse action reports on physicians in the NPDB dating back to August 1996, when the HIPDB was authorized, will also be included in the new data bank. Analysts predict that some law enforcement personnel might see a new data bank file on a physician who was disciplined for reasons that had nothing to do with financial wrongdoing and begin investigating that practitioner for fraudulent activity.
For physicians who are already trying to keep a low profile with HCFA, the prospect of additional scrutiny is unnerving. The threat of an HIPDB report may just add to the pressure physicians already feel "to undercode and basically give my services away," explained Albuquerque general internist Harold B. Sunderman, FACP.
Coding and compliance concerns already work against patients' interests, according to Dr. Sunderman. "I have to waste time asking about totally unrelated stuff so I can support the appropriate level of billing," he said. Now, to avoid becoming an entry in the new federal data bank, Dr. Sunderman claimed he will feel even more obliged to comply with guidelines he feels waste valuable physician-patient time.
The new data bank could also have a chilling effect on physicians who might otherwise pursue a dispute with a health plan all the way to court, said John A. Robertson, ACP-ASIM Member, a nephrologist in Riverside, Calif. "I think it's important for doctors to fight back, but if we do and get reported to a national data bank"—even as a named defendant in a report against a guilty health plan—"how will that affect our chances of being credentialed?"
Even worse, physicians may find their names in the HIPDB merely because they have an affiliation with a colleague who has been in some trouble. Like other areas of the new data bank's proposed reporting requirements, its definition of affiliates and associates—who must be reported—is very broad. The purpose, explained Mr. Croft from the HHS, is "to allow law enforcement investigators to follow leads."
Analysts raise the possibility that if a doctor who is part of an IPA gets reported, all of the other physicians in the group may be named in that HIPDB report. "It could be like a feeding frenzy, getting the name of a partner of a doctor who's found to be fraudulent," said Lori Bartholomew, director of loss prevention and research for Physician Insurers Association of America and a member of the NPDB executive committee. She characterized the government's approach to fraud and abuse as a well-funded "fishing expedition" that lacks clear-cut goals.
"It may not be the egregious fraud people who are caught up" by the new data bank, Ms. Bartholomew said. "It may be just innocent billing errors that get physicians, along with all their allied personnel, reported to the system."
It is that scope of reporting that makes some analysts nervous. "There's the potential to abuse the process, and I don't know how you protect against that," said Dr. Winn from the Federation of State Medical Boards. "There should be some safeguards built in ... but there may not be a way to fix that and enable the data bank to operate the way it's supposed to."
Some in medicine, however, feel that the new data bank is no cause for alarm. "It's not going to impact on the good guys," said William T. Mixson, MD, a representative of the American College of Obstetricians and Gynecologists to the original data bank's executive committee. "The more the bad guys are controlled, the better it is for all of us."
The NPDB precedent
Even if the new data bank doesn't touch the lives of many physicians, it is likely to affect the overall practice environment. As the implementation of the original data bank showed, how the medical profession reacts to monitoring efforts can lead to far-reaching changes.
Since it was established more than eight years ago, the NPDB has become an indispensable credentialing tool. According to Joseph A. Berry, ACP-ASIM Member and national medical director of United HealthCare Corporation, the original data bank is "the primary source of information about sanctions and malpractice information" concerning physicians.
Each year, the NPDB enters approximately 30,000 new adverse action and malpractice payment reports into its systems and responds to 3.5 million queries from hospitals, health plans and other organizations that employ or work with physicians. About 92,000 physicians currently have an NPDB file, and just under 12% of all queries identify a physician with a report.
But while most physicians have no NPDB record, the fear it has inspired among doctors has reshaped the peer review process and changed physician attitudes toward malpractice claims.
Experts note, for example, that the threat of a data bank report has made review committees reluctant to act on all but the most egregious cases. "Mild disciplinary actions aren't taken," said William E. Golden, FACP, Transitional Governor for the Arkansas Chapter and president of the American Health Quality Association. As further evidence, analysts point out that nearly two-thirds of the nation's hospitals have never filed a data bank report concerning actions against physicians' clinical privileges, a figure HHS officials say is suspiciously low.
To be fair, some hospitals may not fully understand reporting rules and inadvertently omit reports. But analysts point out that many more hospitals simply circumvent data bank rules by suspending the clinical privileges of problem doctors for 29 days. (By law, hospitals must report suspensions of 30 days and over to the NPDB.) Hospitals have also developed alternative disciplinary mechanisms that don't require data bank reporting, such as written reprimands and different types of counseling or warning systems.
Perhaps the most significant effect of the NPDB, however, has been on how physicians view malpractice claims. While the majority of the more than 200,000 reports the NPDB has received concern medical malpractice payments, 98% of those reports are for cases settled out of court. Because all payments related to malpractice—even when doctors avoid a guilty verdict—must be reported to the original data bank, many physicians have adopted an "I'd-rather-fight-than-settle" stance.
"The good news is that nuisance lawsuits aren't being paid off," said Nancy W. Dickey, MD, president of the AMA. "The bad news is that, frankly, the cost of care is increasing because of how expensive it is for physicians to defend themselves."
Critics have long complained that the NPDB should not mandate reports on malpractice payments of less than $30,000, which would eliminate almost one-third of all malpractice payments reported to the data bank.
And just as with the peer review process, there are loopholes in the NPDB reporting requirements that physicians can use to avoid a report. For one, the data bank collects reports only on payments made by entities such as insurance carriers. Physicians who make malpractice payments directly do not have to file NPDB reports on themselves.
In addition, the data bank exempts payments made under what is known as "the corporate shield," a loophole Mr. Croft said his office is working to close. Only malpractice payments made on behalf of individual practitioners must be reported: Hospitals, group practices and health plans that make malpractice payments on behalf of their corporate entities and not individual doctors do not appear in the original data bank.
No one knows exactly how many of the nation's malpractice payments are hidden behind the corporate shield, but officials think the number is significant. "We have heard estimates that as many as half of all payments aren't getting reported," said Mr. Croft.
The next generation
Already, analysts are pointing out similar loopholes in the rules governing the new data bank. The most notable, which experts have labeled the "buy out," says that claims that are settled out of court do not need to be reported. Consequently, defendants like drug companies and hospital chains who can settle claims worth millions of dollars, even when a clear pattern of fraud is evident, will avoid an HIPDB report, while physicians who try to fight allegations of upcoding worth $5,000 and lose will be reported.
And in a twist that already has some physicians concerned, some analysts wonder whether HCFA, not doctors, will take advantage of this loophole. When the agency audits physician practices, it typically takes a sample of physician billings, calculates the dollar value of coding errors and then extrapolates that amount over the physician's total Medicare practice. Using this process, HCFA comes up with a figure that it believes the physician owes and offers a choice: Pay up or go to court.
Physicians faced with such a choice will now have a new factor to take into consideration. Do they devote precious resources to fight such audited estimates and risk being reported to the new data bank if they lose, or do they settle for the amount proposed, even if they think HCFA is wrong?
Physicians equate that scenario with a bureaucratic form of blackmail. "It provides an inappropriate inducement to settle and drives one more nail into independent practice," said nephrologist Dr. Robertson. "Who's going to take the chance, if it's not a big dollar amount, of going to court?"
There are few answers to such questions right now, in part because the proposed rules of the new data bank may still change. The government published those rules on Oct. 30 and was scheduled to accept comments through Jan. 12. (A text copy of the proposed rules can be found at www.hrsa.dhhs.gov/bhpr/dqa/waisgate.txt.) Depending on the comments the government receives from the medical profession, the final rules governing the data bank may be different.
For now, some are warning that implementation of the new data bank needs to be closely monitored. "I don't know whether the government is going to go after the big fish or whether they'll try to get all the little minnows too," Dr. Winn said. "I would hate to see competent physicians and caring doctors get beaned for what amounts to an oversight of their front office."
A physician's nightmare: when the data bank report is wrong
It's what physicians may fear most about being listed in a government data bank: Once wrong information goes in, it's nearly impossible to get it out.
Take the case of Arlene M. Brown, MD, a family physician in Ruidoso, N.M. In 1993, a peer review panel at a hospital managed by Presbyterian Healthcare Services revoked her obstetrical privileges, saying she violated an agreement to consult with an obstetrical specialist when treating high-risk ob/gyn patients. The hospital filed a report with the National Practitioner Data Bank (NPDB), claiming that Dr. Brown had been found guilty of "incompetence/malpractice/negligence"—even though the peer review committee had made no such finding.
Despite Dr. Brown's protests, the hospital refused to amend its report. So Dr. Brown brought suit against a group that included Presbyterian Healthcare and the competing physician who'd instigated the peer review process. The data bank report was knowingly false, Dr. Brown contended, and the peer review process had been motivated by economic competition, not by concerns over her practice of medicine. In March of 1995, a jury agreed with Dr. Brown. Presbyterian Healthcare appealed. In 1996, the 10th U.S. Circuit Court of Appeals upheld the lower court's decision and its award to Dr. Brown of $1.2 million in antitrust damages.
Yet Dr. Brown's report was still on file at the NPDB. When she went through the data bank's dispute process, she learned that even when a court finds a data bank report to be knowingly false, the report must be voluntarily retracted by the reporting entity.
"Every two years, for the rest of my professional life, I was looking at being decredentialed and having to go through an appeals process," Dr. Brown said. "It appeared we were going to be back in court for further damages."
Finally, in January 1998, Presbyterian Healthcare voided Dr. Brown's data bank report, more than a year since it had reinstated her clinical privileges. By then, however, the damage had been done. Because of her data bank report, Dr. Brown had been decredentialed by a credentialing organization that represents several national insurance companies.
According to figures from the data bank, few doctors dispute reports. In August 1998, for example, just over 5% of all data bank reports were flagged as being in dispute. But Dr. Brown believes that the problem of peer review abuses and errant data bank reports is probably larger.
"Based on the phone conversations I've had with physicians across the country," she said, "I would say it's not as rare as we would hope."
Internist Archives Quick Links
New Leadership Webinars
The ACP Leadership Academy is offering FREE webinars covering the core tenets of leadership, leadership in hospital medicine, finance, and more.
Join ACP Today!
ACP membership connects you with like-minded colleagues and provides access to a variety of clinical resources, practice tools, and ways to earn MOC and CME.