Medicare Parts A–D now follow section 1128J(d)(4)(A) of the Social Security Act to define an "identified overpayment." This definition refers to the Federal False Claim Act's (the "FCA") "knowledge" standard. The old "reasonable diligence" standard is not related to part C and no longer applies. A Federal court had already struck down this standard for Part C.

What This Means for Providers

The new standard says a provider, supplier, or Medicare Advantage Organization ("MAO") knows about an overpayment when they find it.

The deadline for reporting and returning identified overpayments needs to be finalized. You must report and return an overpayment by the later of:

• 60 days after identifying the overpayment, or
• The due date of any applicable cost report.

Keeping an identified overpayment after the deadline to report and give it back might lead to FCA liability.

The Calendar Year 2025 Physician Fee Schedule (the "2025 PFS") made the above final, as suggested in 2022. The 2025 PFS provides a temporary stay for a 60-day obligation of a person to report and return overpayments that shall remain in abeyance for not more than 180 days. This happens if the person, after finding an overpayment, starts a timely, honest investigation to check if related overpayments exist. "Honest investigation" is not something the 2025 PFS defined, but as the people say, "one can use its basic meaning." See 2025 PFS at 98338.

Key Takeaways

• Increased Risk of Noncompliance: Providers who ignore credible evidence of potential overpayments may be facing severe legal consequences. This should not come as a surprise because the Department of Justice is already enforcing FCA violations involving "reverse false claims.
• The Countdown Begins Right Away: As soon as someone spots an overpayment, the 60-day deadline begins even when they haven't nailed down the exact amount yet. If they need to look deeper, they can extend this time—but for no more than 180 days.
• Act with Urgency: The tight schedules mean providers must work fast. Those with fewer resources may struggle more, as they'll need to put in a lot of work to follow the rules.
• Applies to All of Medicare: These rules affect all providers, suppliers, and MAOs in Medicare Parts A–D.

This update highlights how crucial it is to act when dealing with possible overpayments. Healthcare providers need to make sure they have reliable systems to spot, report, and give back overpayments—before time runs out and leads to False Claims Act trouble.

 

January 9, 2025 – The Texas Medical Board (TMB) has enacted comprehensive updates to its policies, significantly affecting medical spas, IV hydration clinics, and other healthcare facilities across the state. The new regulations, aimed at improving transparency, patient protection, and compliance, introduce crucial changes for healthcare providers to enforce at once.

Transparency Requirements for Medical Spas and IV Clinics

Under Rules 169.28 and 164.3, medical spas and IV hydration clinics ought to now show the delegating medical doctor's name and Texas medical license number in all public regions and treatment rooms. It is critical for Staff to put on visible identification displaying their names and credentials, and advertising materials must encompass the supervising physician’s info unless selling their primary practice.

Delegation and Supervision Clarifications

Delegation regulations are actually consolidated under Chapter 169, requiring written and signed standing delegation orders. These documents must outline methods, supervision levels, and emergency plans. Physicians have to gain knowledge of or be acquainted with the delegated medical acts. Notably, PAs and APRNs can now offer emergency consultation alongside physicians.

Practitioner-Patient Relationship Emphasis

The TMB has strengthened the need to set up practitioner-patient relationships earlier than performing delegated procedures. This can be completed through in-person visits or telemedicine consultations.

Alternative Medicine and Ketamine Regulations

Practices supplying alternative medicine need to use a forthcoming standardized consent shape. Ketamine treatment regulations continue to be under-office primarily based on anesthesia policies, although new therapeutic uses will undergo review.

Medication Dispensing Limits Revised

While TMB eliminated the 72-hour dispensing out rule, Chapter 158 of the Texas Occupations Code still prohibits physicians from meting out medicines exceeding instant patient needs.

Providers are advised to replace their regulations, signage, and delegation documentation to comply with those adjustments and consult legal suggestions for guidance.

 

The Office of the Medicaid Inspector General (OMIG) mandates that particular vendors collaborating in New York Medicaid keep a compliance application and yearly attest to meeting those requirements with each Medicaid plan they participate in. This regulatory measure ensures adherence to requirements mentioned in Section 521.1 of the New York Codes, Rules, and Regulations.

Eligibility Criteria

Providers required to adopt and enforce powerful compliance packages encompass:

• Individuals or entities ruled through Articles 28 or 36 of the Public Health Law.
• Individuals or entities ruled by Articles 16 or 31 of the Mental Hygiene Law.
• Other individuals, carriers, or affiliates presenting services, care, or substances below Medicaid, in which Medicaid represents a substantial element of their business operations or revenue.

Next Steps for Providers

Eligible companies must entire the annual certification shape, testifying that they have mounted and are retaining the required compliance program. The finished attestation needs to be emailed to UnitedHealthcare at uhc_provider_compliance@uhc.com.

Support and Resources

Providers can get entry to guidance on the compliance software necessities and certification method via the New York Medicaid internet site. For extra help, companies can use UnitedHealthcare’s 24/7 chat guide on the Provider Portal or consult with the Contact Us web page.

This compliance program requirement underscores OMIG's commitment to keeping responsibility and first-class within the Medicaid software, helping carriers make sure they meet the best operational standards while persevering to serve Medicaid beneficiaries.

 

Starting January 9, 2025, UnitedHealthcare will reject claims submitted for North Carolina Medicaid participants if the billing taxonomy code and registered National Provider Identifier (NPI) is not covered. Previously, claims lacking the taxonomy code have been denied; the upcoming exchange emphasizes strict compliance with kingdom Medicaid necessities.

Mandatory Fields for Claims

Providers must ensure the subsequent whilst filing claims:

• Billing Taxonomy and Registered NPI: Required for both expert and institutional claims. Claims missing either of those fields will be rejected.
• Rendering Taxonomy: Applies to professional claims only. It is needed whilst a rendering NPI is submitted to discover the healthcare professional who executed the service.
• Attending Taxonomy: Applies to institutional claims most effectively. It is required whilst an attending NPI is covered to become aware of the healthcare expert responsible for the member’s basic care.

While the taxonomy discipline can also appear elective on online paperwork, North Carolina Medicaid mandates its inclusion for correct claim processing.

How to Prepare

Providers are encouraged to review their claim submissions to ensure compliance and avoid rejections. Additional steering is to be had inside the North Carolina Claim Submission Interactive Guide.

Support Available

For assistance with claims or extra inquiries, carriers can connect with UnitedHealthcare’s 24/7 chat help through the Provider Portal or go to the Contact Us page for greater records.

This update displays UnitedHealthcare’s commitment to keeping correct and efficient claim submissions while helping compliance with North Carolina Medicaid requirements.

 

Effective February 1, 2025, UnitedHealthcare will amplify its previous authorization requirements underneath the genetic program for the UnitedHealthcare Community Plan of Texas. This replacement introduces extra molecular and genetic checking-out codes to the list of strategies requiring previous approval.

New Genetic and Molecular Codes

The following codes might be introduced to the earlier authorization requirement:

• 81443
• 81425
• 81426
• 81427

These adjustments purpose to decorate oversight and make sure appropriate use of genetic and molecular  testing offerings.

How to Submit Prior Authorization Requests

Providers can post previous authorization requests via the UnitedHealthcare Provider Portal. The steps consist of:

• Visit UHCprovider.Com and log in for the usage of your One Healthcare ID.
• If you don’t have a One Healthcare ID, create an account with the aid of traveling UHCprovider.Com/access.
• Navigate to the “Prior Authorizations” phase inside the portal.
• Use the “Create a brand new notification or prior authorization request” tool, enter the desired information, and post your request.

Resources and Support

UnitedHealthcare offers sources for providers to recognize these updates better. Live schooling and additional software info are available on the Genetic and Molecular Testing Prior Authorization/Advance Notification Program website.

For questions or help, carriers can get admission to 24/7 chat support through the UnitedHealthcare Provider Portal or discuss with the Contact Us page for further assistance.

This update underscores UnitedHealthcare’s commitment to ensuring proper management of genetic trying out offerings even as preserving great take care of patients.

 

UnitedHealthcare has delivered new improvements to its Coordination of Benefits (COB) equipment, aimed at streamlining eligibility exams and billing tactics for healthcare companies. These updates offer extra transparency into payer insurance information, lowering the want for phone inquiries and improving administrative efficiency.

What’s New

COB statistics is now incorporated with UnitedHealthcare’s Application Programming Interface (API) and the Provider Portal beneath the Eligibility phase. This improvement covers UnitedHealthcare’s business, Community, Dual Special Needs Plans (DSNP), and Individual Exchange plans. Enhancements for UnitedHealthcare® Medicare Advantage plans are predicted in the near future.

Significance of COB

Coordination of Benefits performs an essential role when individuals have multiple medical health insurance plans. COB guarantees those plans collaborate correctly to pay claims, minimizing the dangers of overpayments or underpayments. By presenting comprehensive COB information, vendors can better understand affected person liabilities, facilitating smoother billing and claims techniques.

How to Access COB Information

Healthcare providers can get the right of entry to COB information through the UnitedHealthcare Provider Portal by following these steps:

• Visit UHCprovider.Com and sign up for the use of your One Healthcare ID.
• Navigate to the “Eligibility” tab and enter the specified search criteria.
• Click “Verify Eligibility” and scroll to the “Additional Coverage and Coordination of Benefits” section.

Additional Resources

UnitedHealthcare offers an Eligibility and Benefits course in addition to steering on the use of COB tools. Providers also can discover API abilities for digital claims management and advantage inquiries.

Support Available

For questions, providers can get admission to a 24/7 chat guide through the Provider Portal or seek advice from extra assets on the Contact Us web page of the internet site.

By imparting these improvements, UnitedHealthcare reaffirms its commitment to simplifying administrative obligations for healthcare carriers while making sure green claims management.

 

In the approaching months, count on an extravagant thought from the Office for Civil Rights within the U.S. Department of Health and Human Services concerning amendments to the HIPAA security rules' legal responsibility. This amendment will make the ePHI-electronic private fitness information stronger from any possible threats thanks to any cyber activities.

These revisions act as counter measures to the never ending attack of amplified cyber security threats against the health care device and update regulations for businesses to implement and adhere to accordingly.

The HIPAA Security Rule is the US national standard for electronic health information protection established back in 1996. The rule applies to health plans, healthcare clearinghouses, most healthcare providers, and their agents.

This proposal further steps in that direction for supporting some of the important infrastructure that the Biden Administration considers important. An enormous advance for the hospital industry in self-defense against cyber attacks is being provided under this proposal.

It is a part of the larger package devised by the federal government such as the National Cyber Security Strategy first announced by the Biden-Harris Administration in 2023 and subsequently updated in May 2024.

Thus, in 2023, HHS also published the Healthcare Sector Cybersecurity Concept Paper which includes both voluntary guidelines in cybersecurity as well as a plan to make enforcement even more stringent. Today's proposed rule (NPRM) expands these efforts by incorporating additions to the HIPAA Security Rule to address cybersecurity enhancements.

Key Proposed Updates to the HIPAA Security Rule

HHS’s proposed updates aim to make the Security Rule more modern by removing old rules, making things clearer, and adding stronger protections. Some of the most important changes in the NPRM include:

Simplified and Consistent Rules

• Remove the difference between “required” and “addressable” rules, making it mandatory to follow all rules (with a few exceptions).
• Make sure all Security Rule policies, procedures, plans, and analyses are written down.

Improved Risk Management and Compliance Steps

• Set clear deadlines for meeting existing requirements.
• Require organizations to keep a list of their technology assets and a map of their network that shows how electronic protected health information (ePHI) moves. This must be updated at least once a year or after any major changes.
• Require a more thorough risk analysis, including a written evaluation of possible threats, weaknesses, and how likely they are to be exploited for each system handling ePHI.

Stronger Incident Response Rules

• Require organizations to inform certain employees within 24 hours if their access to ePHI is changed or removed.
• Require organizations to have written plans to recover lost systems and data within 72 hours of an incident.
• Create and test clear plans for responding to security incidents to handle suspected or confirmed cybersecurity breaches.

Technical Safeguards for ePHI

•  Encryption is required: ePHI must be encrypted when stored and when being sent, with very few exceptions.
• Add extra security steps like multi-factor authentication, checking for vulnerabilities every six months, and testing for weaknesses once a year.
• Use network segmentation to reduce the damage from possible threats.
• Use tools like anti-malware software, remove unnecessary programs, and close unused network ports to improve security.

Audits and Accountability

• Organizations must perform yearly audits to make sure they are following the Security Rule.
• Business partners and their subcontractors must provide written proof that they have put the required technical protections in place. This proof must be updated at least once every 12 months.
• Group health plans need to update their documents to make sure they follow rules for protecting information in three ways: administrative, physical, and technical.

Additional New Requirements

• Systems that back up and recover electronic health information (ePHI) must have extra technical protections.
• Testing cyber security standards has to be done if good functioning is expected at least annually by such organizations.
• An emergency plan activated by a business partner or a subcontractor must be notified to the main company within 24 hours.

Public Input Encouraged

The proposed changes will still allow for the implementation of the current HIPAA Security Rule while increasing cybersecurity in health care.

The Department of Health and Human Services (HHS) would like there to be input on the proposed modifications from healthcare professionals, health payers, patients, experts in the field, and advocates for patients.

A comment period will extend for 60 days following the publication of a proposed rule in the Federal Register for comments at regulations.gov. There will also be Tribal consultations by HHS, details of which will be provided soon.

This NPRM underscores the federal government’s developing emphasis on healthcare cybersecurity, balancing the want for sturdy data protection with operational feasibility for regulated entities. If adopted, these measures will extensively raise the cybersecurity baseline across the healthcare enterprise.

 

ASD Specialty Healthcare LLC, which operates as Besse Medical, has agreed to pay $1.67 million to settle claims that it broke the Anti-Kickback Statute and the False Claims Act, as reported by the U.S. Department of Justice (DOJ).

Carrollton, Texas, based Besse Medical, specializes in medical and pharmacy products all over the nation. One of their more significant roles involves the distribution of eye injections for the treatment of neovascular age-related macular degeneration (wet AMD), a leading cause of vision loss in the elderly.

The accusations against Besse Medical involved giving free inventory management systems to eye care practices. These systems were reportedly offered to encourage the practices to buy certain drugs, especially those used for treating eye conditions, from Besse Medical.

The DOJ says these actions might sway what people buy and harm fair competition. This breaks federal healthcare laws that stop illegal payments and keep the market fair.

The person who reported this used to work for a drug company. The case against Besse Medical is linked to bigger cases about companies pushing treatments for wet AMD to eye doctors.

These events show how important it is for drug companies to follow the rules and watch how their distributors work. They remind us that marketing plans can have legal consequences and that being open and honest with healthcare providers is key to keeping federal healthcare programs trustworthy.

 

UnitedHealthcare has announced that beginning Jan. 1, 2025, many Kentucky Anthem contributors will transition to the UnitedHealthcare Community Plan of Kentucky. With this method, you could be privy to an inflow of patients who can get admission to the suite of UnitedHealthcare and Optum advantages.

To help you aid your sufferers at some stage in this transition, UnitedHealthcare will be supplying as many statistics and as many assets as possible. The Kentucky Department for Medicaid Services can even offer updated statistics on their Kentucky Medicaid Anthem MCO Transition’s official page.

What does this indicate to you?

You will not be required to take any action for these new participants to have get right of entry to your services, but here are a few information that will help you better recognize this transition:

• UnitedHealthcare will honor all accepted authorizations for services not yet rendered.
• UnitedHealthcare will receive the claim records documents to assist us assign contributors to the proper primary care company and help them preserve offerings.
• For the first 90 days, these new participants could be allowed to retain offerings without network companies.

For additional information, make sure to visit the official visit of UnitedHealthcare.

 

The UnitedHealthcare UCard (member ID) makes it less complicated for Medicare Advantage members to access their benefits and programs to benefit from their plan services. The following are some UCard updates for 2025.

Individual Medicare Advantage plans

• Starting Jan 01, 2025, the primary care provider’s (PCP) name and phone number might be eliminated from a few UCards. This change will affect the most open access to HMO, POS, and PPO plans.
• The PCP's name and phone number will continue to be displayed on most referral plans.
• UnitedHealthcare Medicare Advantage plans that have delegated risk preparations will keep showing the delegated entity’s name at the front of the UCard if preferred by means of the delegated entity.
• Review the UCard PCP Information Removal.
• Payer ID is shifting to the front of the UCard.
• Some UCards have converted from a device-readable bar code to a magnetic stripe for in-shop purchases or spending rewards. However, providers don’t want those capabilities to provide clinical, dental, prescription, vision, or hearing services to the member.

Medicare Group Advantage plans

• In 2025, UCard is expanding to a pilot program for Medicare Group Advantage customers (400 participants in 25 enterprise businesses, inclusive of TRS and ERS in Texas).
• Starting Jan 01, 2025, impacted individuals will receive their redesigned UCard. All other participants will continue to provide the standard UnitedHealthcare member ID card.

Other Things To Bear In Mind

• UCard does not need to be activated to confirm eligibility or offer care services to contributors.
• UCard can not be used for member out-of-pocket costs, along with copays, coinsurance, or deductibles.
• You can download a duplicate of the member ID card while you verify eligibility and benefits inside the UnitedHealthcare Provider Portal.

For additional information, make sure to visit the official website of UnitedHealthcare.