- A credit balance recorded on a general ledger may not be enough to establish an unclaimed property liability.
- Audit-proof unclaimed property compliance requires internal reviews, strategic audit defenses and use of state disclosure options.
- State unclaimed property audits may involve reviews of vast amounts of personal information that is protected under HIPAA.
Addressing unclaimed property challenges
A multistate unclaimed property audit campaign, targeting large national healthcare providers, health plans and regional healthcare providers, requires due diligence in the areas of patient privacy, health plan discrepancies and federal versus state laws.
These audits raise the following issues related to unclaimed account balances and patient accounts and uncashed checks, as well as other unclaimed financial assets and unsatisfied obligations:
- The intersection of data privacy/security regulations with state unclaimed property departments’ alleged need for sensitive personal data.
- The intersection of state insurance recoupment laws and state unclaimed property laws.
- The proper general ledger accounting for complicated healthcare transactions.
- The extent to which federal law may preempt a state’s ability to assert its unclaimed. property jurisdiction over property held by a healthcare provider or health plan.
Ensuring audit-proof compliance for unclaimed property requires a balance of internal compliance reviews, strategic audit defenses and use of state disclosure options. Take these steps for effective risk management of unclaimed property:
Review practices and programs. Be sure to scrutinize business models, accounting practices, contractual provisions, basic multistate unclaimed property compliance program and issues of related concern because of the current enforcement landscape. Implementation of changes in accounting policies and procedures, as well as in business models (contracts, customer terms and conditions, and the like), may optimize compliance and mitigate risk.
Use audit best practices. Begin with execution of an effective confidentiality and nondisclosure agreement by the company and its audit firm to optimize the outcome of an examination. Maintain close tracking of the audit’s progress, with an audit productions log, and be prepared to address legal issues and assert defenses in the course of the audit firm’s review of contentious issues. Do not hesitate to escalate issues to the state administrator if the auditor is unresponsive or rejects your position out of hand.
Target voluntary disclosure agreements (VDAs). As the third leg of your risk management stool, consider VDAs. Numerous states offer VDA programs that allow a company to come forward and self-identify any liabilities, typically with a partial or complete waiver of any interest and penalties that might otherwise have been assessed against the value of the past-due property.
Data Privacy and Security
In the context of healthcare, data privacy and security are paramount. On the surface, there is the potential for state unclaimed property audits to involve reviews of vast amounts of personal information — for example, name and address information of patients and those who hold health insurance for those patients. Some of this information could be protected under HIPAA. By providing state auditors with files containing patients’ names, dates of birth, and addresses, HIPAA experts have advised that providers or health plans under audit would be disclosing personal health information (PHI) as defined and protected by HIPAA, even in the absence of information relating to the actual healthcare provided to those patients.
It is also possible that providing patients’ social security numbers (SSNs) without any other identifying information would be considered PHI. To the extent audit firms follow historical audit practices, one audit technique is to use SSNs and other PHI, at least for those patients with an address in the participating states, to make certain determinations about what property may be presumed abandoned, including use of the Social Security Administration’s Death Master File (DMF) to identify deceased owners.
The DMF could be utilized to establish a presumption of abandonment and reportability, or a presumption of returned mail to trigger the running of a dormancy period.
There are three possible exceptions that may permit such data to be provided to auditors under HIPAA:
- Disclosures required by law.
- Disclosures for a law enforcement purpose to a law enforcement official.
- Disclosures to a health oversight agency for oversight activities authorized by law, including unclaimed property audits.
However, none of these exceptions have been addressed by a court or regulatory agency in the specific context of unclaimed property audit.
Not only is PHI disclosure to an audit firm or a third party not entirely clear, the audit firms and their state clients may not have a sophisticated grasp of the issue. Healthcare providers should discuss their options for response with internal legal counsel who have HIPAA compliance oversight. For example, they could confirm one of the HIPAA exceptions is applicable, seek the auditor’s certification to this effect or design an approach so the healthcare provider avoids producing PHI to the audit firm.
Unclaimed Property Laws and Payment Discrepancies
Understanding the accounting behind credit balances is critical because unclaimed property is prone to being driven by how healthcare providers account for particular liabilities. The contracts between providers and health plans spell out how much providers will be paid by health plans for healthcare services based on the coverage provided and the nature of the healthcare services provided.
The amounts paid by health plans often do not perfectly align with the payments providers expect to receive under contracts and initially recorded as estimated receivables. That payment may either be greater than or less than the amount the provider expected to receive. These payment discrepancies may arise for several reasons, including:
- The payment is one for which the provider cannot locate a corresponding patient account.
- The health plan pays based on a plan that is different from the patient’s plan.
- The health plan pays for a patient that does not have coverage with that plan.
- The health plan pays for services that are not covered under the patient’s insurance plan.
- The health plan or provider misinterprets the amount due to be paid under the contract.
- The health plan pays the wrong amount because of a clerical error.
- The provider errs in its interpretations of health plan contracts and calculations of expected payment amounts.
- The health plan errs in calculating the amounts due to providers
Determining Property Status
Because not all overpayments represent potential unclaimed property, and many overpayments are “estimated,” or “contingent” accounting entries or otherwise merely “apparent,” asking the following questions can help determine unclaimed property status:
- What are the healthcare providers’ accounting and billing practices?
- Is the provider recording estimates or true overpayments?
- Is there a process to research overpayments?
- What are the existing contractual agreements and controlling provisions between the health plan and the provider?
- What is the historical treatment of overpayments and underpayments (e.g., netting practices)?
Why State Recoupment Laws Matter
Healthcare providers must consider the applicability of state unclaimed and abandoned property laws to these overpayments, specifically because many states have enacted recoupment laws preventing health plans from recovering them after a specified period. In the healthcare industry, the simple fact that a payable or credit balance is recorded on a general ledger may not be enough to establish an unclaimed property liability.
While recoupment laws vary significantly, there are critical threshold legal considerations involved in determining whether these laws apply. Companies should ensure the procedural requirements imposed by the recoupment law are satisfied and that no exceptions apply.
Another issue of relevance to healthcare providers is whether state unclaimed property laws are subject to federal preemption. Federal law may preempt state unclaimed property laws if federal law “occupies the field” and does not leave room for further regulation by a state agency, or if a party cannot simultaneously satisfy both a federal law and a state law (in which case, federal law trumps state law).
In the healthcare industry, there is significant potential for federal preemption defenses to be raised. These defenses may arise when federal law either establishes or abrogates property rights, claims obligations and limitations periods. There may well be additional defenses that are specific to the type of obligation under review, such as Medicare subsidies (e.g., retiree drug, low-income) and ACA Early Retirement Reimbursement Program payments. For instance, it’s a good idea to vet potential federal preemption defenses when the U.S. government is the source of funds.
A Three-Pronged Approach
Although scrutiny of provider unclaimed property is increasing, there are steps that healthcare leaders can take to ensure compliance. Attention to patient privacy, health plan discrepancies, and federal versus state laws are the key areas to watch.
This article is based on another article by the authors, “Unclaimed Property Challenges in the Health Care Industry,” that appeared in AHLA.