Inquiry into Compliance Audits on Medicare Benefits
INTRODUCTION
Terms of reference
1.1
On 19 March 2009, on the motion of Senator the Hon Joe Ludwig, Minister
for Human Services, the Senate referred the matter of compliance audits on
Medicare benefits to the Community Affairs Committee[1]
for inquiry and report by 15 May 2009 (extended to 10 June 2009 and later to 17
June 2009). The terms of reference required the Committee to examine:
Any Government proposal to implement the Government's
announced 2008-09 Budget measure to increase compliance audits on Medicare benefits
by increasing the audit powers to Medicare Australia to access the patient
records supporting Medicare billing and to apply sanctions on providers.
Conduct of the inquiry
1.2
The Committee advertised the inquiry in The Australian and on its
website. It wrote to many organisations and individuals inviting submissions to
the inquiry. The Committee received 25 public submissions which are listed at
Appendix 1. The Committee held a public hearing in Canberra on 6 May 2009
and details of the hearing are referred to in Appendix 2. The submissions and
Hansard transcript of evidence may be accessed through the Committee’s website
at https://www.aph.gov.au/senate_ca.
1.3
On 9 April 2009 the Department of Health and Ageing released
the Exposure Draft of the Health Insurance Amendment (Compliance) Bill 2009
(the Exposure Draft) and associated Explanatory Material. On 1 May 2009
the Privacy Impact Assessment Ensuing the Integrity of Medicare: Increased
MBS Compliance Audits was also released. To allow sufficient time for
submitters to provide additional comments regarding the Privacy Impact
Assessment (PIA), the reporting date of the inquiry was extended. The Exposure
Draft is attached at Appendix 3 and the PIA is attached at Appendix 4.
Acknowledgments
1.4
The Committee acknowledges and thanks all those who assisted with its inquiry,
by making submissions, attending hearings and giving evidence, providing additional
information and other forms of assistance.
Background
1.5
Compliance audits of Medicare services are checks conducted by
administrative staff of Medicare Australia to confirm that a medical
practitioner was eligible to provide a Medicare service, that the service was
actually provided and that the service met the requirements of the Medicare
item paid in respect of the service. The Explanatory Material to the Exposure
Draft note that Medicare audits have been conducted since the program was
introduced in 1984 and that there has been little change to Medicare
Australia's compliance program in the past decade despite significant
expansions of the Medicare scheme.[2]
1.6
As part of the Federal Budget 2008-09, the Commonwealth Government
announced the Increased MBS Compliance Audit Initiative (the Initiative), a
plan to enhance the compliance program of Medicare benefits by Medicare
Australia. The Minister for Health and Ageing, the Hon Nicola Roxon MP and the
Minister for Human Services, Senator the Hon Joe Ludwig indicated that under
the Initiative Medicare Australia will increase the number of audits from 500
to 2500 each year on practitioners who provide Medicare-eligible services to
ensure that doctors are fulfilling the requirements of relevant MBS item
descriptors.[3]
The Explanatory Material note that the increase in audits, which do not require
legislative amendment, started on 1 January 2009 and are expected to
cover around 3.2 per cent of the practitioner population.[4]
1.7
The other announced measures were 'increasing the powers of Medicare
Australia to compel doctors to produce evidence when asked to substantiate
their Medicare billing' and changes to 'impose sanctions on practitioners who
are billing inappropriately, but whose practice does not warrant referral to
the Professional Services Review or for criminal investigation'.[5]
The Exposure Draft outlines the proposed legislative amendments to the Health
Insurance Act 1973 in these two areas: provisions to enable the Chief Executive
Officer (CEO) of Medicare Australia to give notices to a practitioner (or
another person) to produce documents relating to Medicare benefit; and
provisions to establish administrative penalties to be imposed on a
practitioner in certain circumstances.
1.8
The implementation of the Initiative is estimated to provide savings of
$147.2 million over four years and will cost $76.9 million to administer,
leading to net savings of $70.3 million over four years.[6]
Key Provisions of the Exposure
Draft
Notice to produce documents
1.9
If the CEO of Medicare Australia has a reasonable concern that an amount
paid in respect of a professional service exceeds the amount that should have
been paid, he or she may give a notice to produce documents to the practitioner
who rendered the service. If the CEO believes on reasonable grounds that
another person has custody, control or possession of documents relevant to
ascertaining whether the amount paid in respect of the professional service
should have been paid, a notice may be given to that person.
1.10
The notice to produce documents must include: the item number of each
service specified in the notice; the date each service was rendered; the
Medicare number of the patient for each service; the reason(s) for the CEO’s
concern; how the documents can be produced; and the period within which and the
place at which the documents can be produced. The period within which the
document can be produced must be at least 21 days after the day the notice is
given.[7]
1.11
The Medicare Australia CEO may inspect, copy and retain documents
produced under a notice 'for such a reasonable period as he or she thinks fit'.
The Explanatory Material note that the authority to require a person to produce
documents includes the power to require the production of documents containing
health information about an individual. In some circumstances, practitioners
will be required to produce documents, or extracts of documents, which contain
clinical information about a patient to substantiate a Medicare benefit paid in
respect of a professional service. However the Explanatory Material also note
that clinical information will only need to be provided if that information is necessary
to verify that a payment was properly made.[8]
1.12
If the practitioner who rendered the service fails to comply with the
notice within the set period the amount paid is recoverable as a debt due to
the Commonwealth from that person. If the practitioner complies with a notice
to produce a document in respect of a service but the information in the
document does not substantiate the Medicare benefit amount paid in respect of
the service, the amount which cannot be substantiated is recoverable as a debt
due to the Commonwealth from the practitioner.[9]
Administrative penalty
1.13
Under the proposed changes a person may be liable for an administrative
penalty of 20 per cent if the Medicare Australia CEO serves a notice on the
person for an amount as debt due to the Commonwealth and the total amount is $2,500
or higher.
1.14
The proposed changes provide that this base penalty amount may be
reduced in certain circumstances. If a practitioner voluntarily admits that an
incorrect amount has been paid in respect of a professional service prior to
being contacted by Medicare Australia, there is a 100 per cent reduction in the
penalty. If a practitioner admits that an incorrect amount has been paid in
respect of the service before a notice to produce documents is issued, the
penalty is reduced by 50 per cent. If a practitioner admits that an incorrect
amount has been paid in respect of the service after they have received a
notice to produce but before the audit is completed, the base penalty amount is
reduced by 25 per cent.[10]
1.15
The proposed changes provide that the base penalty amount may also be increased
in certain circumstances. If a practitioner does not produce any documents
relating to any of the services specified in a notice to produce, the full
amount of the services identified in the notice become repayable and the base
penalty amount is increased by 25 per cent. If a practitioner in the previous
24 months has been unable to substantiate an amount paid in respect of services
specified in a notice to produce documents under the proposed changes and the
total they repaid was more than $30,000, the penalty which is being recovered
is increased by 50 per cent.[11]
Privacy Impact Assessment
1.16
A PIA is an analysis of the personal information flows and potential
privacy risks and impacts of a project. The flow of personal information is
evaluated against the Information Privacy Principles (IPPs) in section 14 of
the Privacy Act 1988 which governs the manner in which personal
information is handled within government agencies.
1.17
The PIA released by the Department of Health and Ageing focused on the
proposed changes allowing Medicare Australia to give a notice to produce
documents to persons to substantiate a Medicare benefit and made a number of
recommendations. Medicare Australia has subsequently advised the Committee that
it accepts and will adopt each of the recommendations made in the PIA.[12]
The recommendations were:
Recommendation 1
The PIA should continue to be updated throughout the
implementation and ongoing management of the IMCA [Increased Medicare
Compliance Audits] initiative.
Recommendation 2
An information campaign for the public on the need for
Medicare compliance audits and the potential for their clinical information to
be accessed to confirm payment accuracy should be considered. Alternatively
Medicare Australia should explore what information it can make available to
patients (on new or existing forms, or through new or existing channels) on the
potential for excerpts from their medical records to be provided to Medicare
Australia during compliance audits.
Recommendation 3
Audits of internal Medicare Australia staff accessing
information collected during a compliance audit should be undertaken by
Medicare Australia on a regular basis, to ensure early detection of
inappropriate access and potential misuse of data.
Recommendation 4
The notice to produce documents given by Medicare Australia
to the practitioner should clearly state that the information being collected
may only be used for the purposes of the compliance audit. The notice should
also note any secondary purpose the information may be used for as required or
authorised by or under law, such as in relation to offences under the HIA [Health
Insurance Act 1973] or Criminal Code Act 1995 relating to false and
misleading statements made in respect of Medicare services (IPP 10.1(c) ‘use of
the information for that other purpose is required or authorised by or under
law’).
Recommendation 5
Details on what constitutes an authorised disclosure of
health information collected as part of a compliance audit should be made clear
and accessible to the public.
Recommendation 6
To increase compliance with the openness and transparency
requirements of privacy best practice, Medicare Australia should review the
information available on its website about the type of personal information
held by Medicare Australia and the purpose for which that information is held.
Recommendation 7
Medicare Australia and the Department of Health and Ageing
should use existing relationships with peak practitioner groups, health
consumer and privacy groups to review and, if appropriate, change their
accreditation requirements and Privacy Policies in relation to notices
displayed in practices.
Recommendation 8
To provide clarity and transparency, Medicare Australia
should establish and publish a clear set of guidelines covering the relevant
retention and destruction policies relating to documents collected through the
proposed legislation.
Recommendation 9
Audits of the records management of health information should
be undertaken, to ensure compliance with retention and destruction guidelines
and policies.
Recommendation 10
Consideration should be given to reporting on the frequency
and nature of Medicare Australia’s access to clinical notes and reviewing the
initiative after implementation, including a privacy audit to assess the
privacy impacts, once the new procedures have been operational for a period of
time.[13]
ISSUES
Privacy and the doctor/ patient
relationship
1.18
Many medical and other groups noted their concern that because of the
proposed changes patients will withhold information from doctors if there is a
possibility their personal health information could be provided to third
parties other than for medical care.[14]
For example the Australian Medical Association stated:
If patients’ know their personal health information could be
viewed by Medicare Australia officers this could well be a barrier to patients
telling doctors everything they need to know in order to provide the best
quality care. This will have profound consequences for individuals and for
health across the country.[15]
1.19
A number of submitters highlighted that patient clinical records often
contained personal information of a highly sensitive nature, sometimes relating
to other persons.[16]
The Australian Society for HIV Medicine stressed the importance of
confidentiality in the doctor/patient relationship, and noted that the consultations
doctors have with patients '...often contain information that is extremely
intimate and personal concerning sexual behaviour, emotional feelings and
sexuality'. They stated:
Patients may not disclose sensitive or confidential
information about their sexual life if that information can be released to a
third party without their permission. Many patients insist on checking first
that their information will remain confidential...Does this mean that we must
warn patients that anything they say may be read by a non-medical third party
in the future to check that a doctor has claimed the appropriate Medicare benefit?[17]
1.20
In the area of mental health several professional and consumer groups
emphasised the importance of the confidentiality of patient medical records.[18]
In particular, they noted that the development of an ongoing trusting
therapeutic relationship between the practitioner and the patient in the mental
health sector made the confidentiality of clinical records vital. The Royal
Australian and New Zealand College of Psychiatrists stated:
Breaches of this confidentiality produce particularly serious
consequences for the psychiatrically impaired, due to the widespread and
pernicious stigma accorded to mental illness, and the particular vulnerability
of psychiatric patients due to their conditions. Under these circumstances, a
breach of confidentiality can be extremely traumatising, and potentially
devastating.[19]
1.21
The Office of the Privacy Commissioner suggested further clarification
was needed to the proposed changes to give providers a clearer understanding of
whether they were required to produce clinical records and to prevent requests
for clinical records when other information is sufficient.[20]
The Office of the Privacy Commissioner made a number of suggestions to improve
the protection of patient privacy. These included:
- a tailored approach to Medicare items and information considered
particularly sensitive, such as, records dealing with HIV status, mental
health, reproductive and sexual health issues;
- that Medicare Australia consider the cost and practicality of
broadening of role of the medical advisors in handling clinical information
obtained during audits;
- further investigation be made into using de-identified
information to minimise the association of names and medical details;
- reporting and review requirements for Medicare Australia on
aspects of the initiative, such as the proportion of audits which collect
clinical records and the additional amount of public saving achieved. [21]
1.22
Similarly the Public Interest Advocacy Centre recommended that: accessing
patient records should not become a routine part of every compliance audit; the
process should be multi-stage to ensure a separate decision is made in order to
access clinical information; personal information should be de-identified if
possible; patients should be notified regarding access to their records as
early as possible; and if a patient objects to access to their records, the
decision to access records should be subject to an internal review.[22]
1.23
Medicare Australia responded that their audits were multi-step processes
and highlighted a diagram setting out the stages of the proposed compliance
audit process.[23]
However the audit process as outlined by Medicare Australia does not create
separate steps for access to patient clinical records as opposed to other administrative
records. It is left to providers to decide which records will substantiate a Medicare
claim.[24]
1.24
Medicare Australia also highlighted problems with the efficacy of
de-identifying patient records. They noted:
Medicare Australia needs to confirm a specific service that a
specific patient has received... a provider already identifies the patient and
the MBS service they have received as part of the claiming process... In
conducting an audit Medicare Australia therefore does not generally divulge any
more information than has already been provided through the MBS claim.[25]
Access to clinical records and
substantiation of claims
1.25
Some submitters and witnesses were concerned that there was little
clarity regarding the threshold circumstances for the CEO of Medicare Australia
to issue notices to produce documents under the proposed legislation.[26]
Under the Exposure Draft the Medicare Australia CEO must have a 'reasonable
concern' that an amount paid, in respect of a professional service may exceed
the amount that should have been paid before a notice may be issued. The
Department of Health and Ageing indicated that the term 'reasonable concern' had
been used in designing the proposed legislation in order to provide a degree of
flexibility. Ms Samantha Robertson of the Department of Health and Ageing
stated:
I think it is very hard for us to be able to define what is a
reasonable concern. The reasonable concern is actually going to be very
different depending on the type of audit that is undertaken... The more you get
into defining what is a reasonable concern, the more you might lock things down
to have unintended consequences and a concern that is quite genuine but outside
the definition.[27]
1.26
Many groups were concerned about what information would be considered
sufficient to substantiate a claim and how this would affect the
confidentiality of patient clinical records. For example the Australian
Psychological Society questioned the 'lack of clear guidelines outlining what
constitutes substantiating information...'. The Society highlighted that the
proposed scheme places the onus of proof wholly on providers to demonstrate
they have not defrauded and the judgement as to what is a substantiated claim
rests entirely with Medicare Australia. They noted that practitioners,
concerned about under-substantiating claims, may be driven 'to produce
excessive information, including sensitive, private and confidential
information'.[28]
Furthermore they argued that the changes treated practitioners as a homogenous
group when there was 'variation and complexity between provider groups' and '...subsequent
variations in clinical records produced by this diversity'.[29]
1.27
The Medical Indemnity Industry Association of Australia (MIIAA) was also
concerned with the lack of any requirement that Medicare Australia specify the
documents or the classes of documents sought in the notice. They submitted that
'...the exercise of coercive powers in such a vague and unspecified manner is
unfair to the recipient of the notice...'.[30]
1.28
The Department of Health and Ageing stressed there was no power to
compel the release of clinical records to Medicare Australia in the proposed
changes and emphasised it was left to the person given the notice to determine
what sort of information was available to substantiate a Medicare claim. They
noted that documents have not been specified in order to make it as easy as
possible for providers to comply with notices. The Department also stated that
specifying the different kinds of information and documents that a practitioner
might use to substantiate a Medicare benefit paid in respect of a service,
would create additional red tape for practitioners.[31]
1.29
The Australian Medical Association argued that in the majority of cases compliance
audits will require the production of patient clinical records in order to substantiate
a Medicare claim, rather than other administrative records held by a
practitioner. In particular, Dr Rosanna Capolingua, President of the Australian
Medical Association highlighted that some administrative records, such as the
appointment book or diary of a medical practice, would not reflect the patients
actually seen by a practitioner as these records are not amended
retrospectively.[32]
1.30
The Royal Australian and New Zealand College of Psychiatrists noted
there needed to be a balance between Medicare requirements, practitioners'
requirements for medical records, and the patient's need for confidentiality.
They were concerned that there is no consensus as to what are considered
appropriate clinical notes and recommended clearer guidelines should be developed
on how to meet record making requirements.[33]
1.31
Medicare Australia stated that the proposal does not introduce any new
record making or retention requirement but that providers are already under 'legal,
professional and other obligations to keep and retain records relating to the
treatment of patients...'. They argued that the proposed changes would 'bring
the Medicare program more closely into line with other Government programs
which involve the collection or payment of public monies, such as those in the
areas of taxation, child support and social welfare'. It noted that Medicare
Australia's ability to access documents will still be less comprehensive than
Centrelink or the Australian Tax Office because they 'will not have the power
to access documents or files, and will only be able to receive documents that a
provider chooses to submit in response to a substantiation request'.[34]
1.32
Medicare Australia highlighted that the proposed changes did not provide
any additional power to seize documents. Ms Philippa Godwin, Acting Chief
Executive Officer of Medicare Australia, stated:
The measure before us would give us an additional power such
that, if during that process of voluntary engagement there has still not been
adequate substantiation—and that is effectively what we are talking about: a
substantiation power—then the proposed legislation would enable us to issue a
notice asking for documents that go to substantiation. If the practitioner
refuses to supply those documents, there is no further power in the legislation
that enables us to go in and seize documents.[35]
1.33
However, should a practitioner choose not to comply with a notice to
produce documents substantiating a claim, the claim is disallowed and becomes a
debt to the Commonwealth, and may attract an administrative penalty if it is
over the threshold of $2,500.[36]
Patient notification and consent
1.34
A number of medical organisations raised their concerns that the
proposed changes would alter existing guidelines that medical practitioners
were not permitted to disclose patient records without seeking the patient's
approval. The Royal Australian College of General Practitioners noted that
current guidelines required medical practitioners dealing with patient health
information to treat the consent of the patient as the guiding principle.[37]
The Royal College of Pathologists of Australia also noted:
...[the change proposed] represents a significant departure
from the way patient information has been managed to date and would be a cause
for alarm for many patients.[38]
1.35
Others argued that patient consent should be required before clinical
records are released for the purposes of a compliance audit. The Australian
Medical Association argued that Medicare Australia should be responsible for
obtaining patient consent for medical records to be provided and that this
should be 'both broadly through public information campaigns that also explain
why it is necessary to see medical records as well as contemporaneously from
individual patients whose doctors are the subject of audits'.[39]
1.36
Some witnesses and submitters argued that patients had a right to be
notified that some or all of their clinical records were being provided to
Medicare Australia as part of a compliance audit. The Royal Australian and New
Zealand College of Psychiatrists, while recognising that notification may risk
the special relationship between patients and psychiatrists, believed that on
balance 'patients have a right to know that their file is being accessed'.
However they recommended that precautions be put in place to limit the release
of sensitive confidential information and that guidelines be developed on how
to inform patients of psychiatrists when their records are accessed.[40]
1.37
Similarly the Private Mental Health Consumer Carer Network also was of
the view 'that all Australians have the right to be informed of any access of
their clinical records'. It recommended that Medicare Australia and peak mental
health groups should 'develop clear protocols around the best way of conveying
this information to patients in a manner which continues to the retention of
the therapeutic relationship'.[41]
1.38
The Public Interest Advocacy Centre recognised that there were
situations where it would be problematic to advise patients that their records
had been accessed for audit purposes, but submitted that, in the normal course
of events, all patients should be notified. However they did not support the
proposition that patient consent should be required before access was allowed
for an audit. The Centre noted there would be practical difficulties with
contacting patients and requests for consent could cause distress to patients,
particularly those with disabilities or the elderly. They also stated:
...there is a real danger that if unscrupulous health
professionals were aware that an audit could not go ahead if there was not
consent to patient access, then they may well apply pressure on patients not to
consent.[42]
1.39
Medicare Australia advised that careful consideration had been given to
the issue of patient notification. From their experience with the seizure of
clinical records in criminal investigations they believed that proposed
legislation should not contain a patient notification requirement. They stated:
Medicare Australia’s experience is that this causes
considerable angst amongst patients who do not understand the process or
reasons why the records are being examined. Some patients erroneously assume
that it is the quality of clinical care that is under review and become concerned
about having a continued relationship with the provider.
Patient notification therefore has the potential to
compromise the privacy of the provider, and may lead patients to worry that
their provider has behaved inappropriately or illegally in circumstances where
no problem is ultimately identified. A number of provider groups have indicated
that patient notification would be unreasonable and would have potentially
adverse and inappropriate impacts on their reputation and ability to serve
their patients.[43]
1.40
The Department of Health and Ageing acknowledged that the issue of
patient notification and consent was complex but they had taken into account the
significant potential risks to patient privacy of notification and undermining
the doctor/patient relationship. However the Department also noted there were
mixed views on this issue and the proposed changes did not prevent a
practitioner from informing individual patients that information from their
medical record has been provided to Medicare Australia during a compliance
audit.[44]
Medicare Australia staff and processes
1.41
A number of witnesses and submitters considered that Medicare Australia
staff were not suitably qualified to interpret clinical records provided during
a compliance audit. For example the Medical Indemnity Industry Association of
Australia believed that administrators without medical qualifications would be
called to make determinations which 'clearly require medical expertise and
experience'. They did not agree with the statement in the Explanatory Material
that the question of whether the service the practitioner provided met the
requirements of the Medicare item was 'a question of fact which does not
require any clinical assessment of the service'. The Association submitted
that:
...the interpretation of medical records or other records of clinical
care should be performed by persons with professional qualifications and
experience in the relevant discipline.[45]
1.42
Similarly Dr Roger Clarke of the Australian Privacy Foundation argued a
major problem with the proposed scheme was access by people without appropriate
qualifications to clinical data which was 'extraordinarily easy to
misinterpret'. He stated that when 'there are sufficient grounds for access as
part of an audit process then the individual who inspects the record should be a
person with appropriate medical qualifications'.[46]
The Australian Medical Association also stated that Medicare Australia
administrative auditors would not have the insight of a doctor in understanding
clinical notes in order to determine whether the requirements of an MBS item
had been claimed appropriately.[47]
1.43
However the Department of Health and Ageing reaffirmed the purpose of
the initiative was to seek evidence of compliance with the administrative
requirements of the MBS in order to claim a particular item, such as preconditions,
time and tests. Mr Learmonth of the Department of Health and Ageing
stated:
We are not looking at making professional judgements or
clinical judgements; this is about administrative requirements for claiming
payments.[48]
1.44
Medicare Australia did not accept the argument that compliance audit
staff required medical qualifications. It emphasised that the compliance audits
were assessing the facts of a Medicare service and did not involve making
clinical judgements. However Medicare Australia also indicated that it employs
a range of health professionals who may be accessed by audit staff.[49]
1.45
The capacity of Medicare Australia to protect the confidentiality of
patient clinical records was also raised during the inquiry. For example the
Australian Privacy Foundation raised concerns regarding how gathered audit
information will be stored and secured. They highlighted research which
indicated that many staff in organisations are not adequately trained in
handling secure information and can avoid security measures if they interfere
with productivity.[50]
1.46
Medicare Australia noted that staff involved in compliance audits are
subject to provisions of the Health Insurance Act 1973 which provides
increased protection for information collected by Medicare Australia and
includes criminal penalties for those who misuse this information. Medicare
Australia also emphasised the expertise and training of staff in relation to
Medicare issues, audit techniques and privacy issues.[51]
1.47
The Committee also received information from the Australian Public
Service Commissioner, Ms Lynelle Briggs about the privacy protections of the Public
Service Act 1999 which would also apply to Medicare Australia staff. She advised
that all Australian Public Service (APS) employees were obliged to follow the
APS Values and Code of Conduct. A failure to comply with the Privacy Act
1988 could be considered a breach of the Code and could result in sanctions
including termination of employment, reduction in classification, transfer, reduction
in salary or a fine. Ms Briggs also noted that Public Service Regulation
2.1 prohibits APS employees from disclosing information that was received in
confidence by the government from a person or persons outside the government. A suspected breach of this regulation could be also investigated
under s.70 of the Crimes Act 1914.[52]
1.48
Medicare Australia also addressed concerns raised regarding the storage
and security of compliance data. It noted that the case management system used is
only accessible by compliance officers, that all access is logged and monitored
and the system is not connected to the internet. Furthermore it noted that a
planned new case management system 'will be specifically designed to meet
Commonwealth security and privacy requirements for compliance activities'.[53]
Compliance audits, professional services
review and fraud
1.49
Some witnesses and submitters suggested that the proposed compliance
audits to be conducted by Medicare Australia unnecessarily duplicated or extended
into the jurisdiction of the Professional Services Review (the PSR). The PSR
has authority to investigate whether health practitioners have engaged in
inappropriate practice when providing Medicare services or when prescribing
medication. The PSR Committee consists of medical practitioners and other
health practitioners appointed by the Minister for Health after consultation
with appropriate professional organisations.
1.50
Civil Liberties Australia questioned the need to duplicate the role of
the PSR and highlighted that reviewing medical services is best done by medical
practitioners rather than others.[54]
Mr William Rowlings of Civil Liberties Australia stated that Medicare Australia
was seeking to extend jurisdiction over a compliance area which was the
responsibility of the PSR. He suggested the PSR was the appropriate agency to
receive additional resources to undertake compliance auditing.[55]
The Australian Psychological Society also noted that the most serious concern
it had with the Exposure Draft was the blurring of the lines between the
proposed compliance audit process and the existing PSR process.[56]
1.51
The Medical Indemnity Industry Association of Australia emphasised that
a range of accountability mechanisms already exist for medical professionals.
They stated:
The present mechanisms can and do result in the repayment of
incorrectly claimed benefits, findings of inappropriate practice, the reprimand
of practitioners and partial or full disqualification of practitioners from the
Medicare system for periods of up to 5 years...
Practitioner Review Program and Professional Services Review
already operate to provide a comprehensive system to investigate anomalous
Medicare billing - including by the examination of patients’ medical records.
However, such examination of patients’ private medical information in these
processes is appropriately confined to the professional peers of the person
under review.[57]
1.52
The Department of Health and Ageing clarified the differences between
the three main areas of risk in relation to Medicare (fraud, inappropriate
practice and incorrect Medicare payments) and the relevant compliance
approaches to each of these risks.[58]
In the case of fraud, where a person seeks to obtain a Medicare benefit by
intentionally falsifying facts and/or documents, Medicare Australia has broad
powers to investigate. In the case of inappropriate practice, Medicare
Australia can refer suspected cases to the PSR.
1.53
The proposed changes are directed to incorrect Medicare payments, when a
practitioner makes an unintentional false or misleading statement that results
in a Medicare benefit payment being paid incorrectly. The Department emphasised
that under the current arrangements Medicare Australia has no power to require
a practitioner to cooperate with an audit request. They noted:
If a practitioner refuses to respond or cooperate
voluntarily, Medicare Australia is not able to proceed with the audit and is
unable to verify the Medicare benefit amount paid in respect of the service.
1.54
Medicare Australia suggested that several submissions to the inquiry had
confused the function of the PSR with the role of compliance audits in
identifying incorrect claims. They highlighted that compliance audits were
administrative checks and did not relate to clinical appropriateness or
professional adequacy.[59]
Complexity and simplification
1.55
The complexity of both the Medicare Benefits Schedule and the
Pharmaceutical Benefits Scheme was raised by a number of witnesses. The Royal
Australian College of General Practitioners was concerned the complexity of the
MBS increased the likelihood that practitioners will make unavoidable errors
when submitting to audits.[60]
The Medical Indemnity Industry Association of Australia argued that the
Medicare system was highly regulated and had become 'increasingly complex at an
alarming rate'. They stated:
The expanding administrative demands on practitioners and
medical practices caused by that complexity have left the individual
practitioners increasingly vulnerable to personal liability for any administrative
errors in claims made under the practitioner’s Medicare provider number.[61]
1.56
Some witnesses and submitters also suggested that the simplification of the
MBS and additional investment in the education of practitioners was a better
approach to non-compliance than the changes proposed in the Exposure Draft.[62]
The Department of Health and Ageing noted that a review looking at simplifying
the MBS was under way and their engagement with the medical profession through
the Medicare Benefits Consultative Committee. Medicare Australia also referred
to a range of education programs it provides in relation to the MBS that are designed
to assist practitioners including reference guides and an administrative
practice statement.[63]
Impact on practitioners
1.57
The Explanatory Material to the Exposure Draft note that the compliance
cost for the new measures was assessed as medium as any Medicare service
provided by a health practitioner could be audited.[64]
Medicare Australia acknowledged that any form of audit is an impost on the
party being audited, but stated efforts were made to ensure the impact on
practitioners was as low as possible.[65]
They suggested the impact on providers would be marginal with the majority of
their compliance activities continuing to be focused on information services,
education and training to support providers to complete accurate claims. They
stated:
Prior to the budget measure more than 99 per cent of providers
were not subject to audit. Despite the increased audit levels approximately 96
per cent of providers will still not be subject to a compliance audit.[66]
1.58
The Department of Health and Ageing also argued there was a targeted
approach to auditing the administrative requirements of Medicare items.
Mr Learmonth stated:
We have a very sophisticated way of saying, ‘Here we think is
significant risk; here are some particular items that we think are a
concern’—and we will narrow and limit our scope of attention to those
particular items and thus minimise the footprint, if you like, or the impact on
the provider... this is really crunched down to the absolute minimum of what is
required to substantiate a payment, in a targeted way.[67]
1.59
However some witnesses and submitters suggested the additional
administrative burden on practitioners may negatively affect patient outcomes
and access to a suitable number of qualified clinicians.[68]
Civil Liberties Australia suggested the estimated financial impact of the
proposed measures was incorrect as it did not correctly take into account the
'extra costs to be borne by doctors and society' resulting in a 'sub-optimal
outcome for Australia'.[69]
1.60
The Australian Medical Association highlighted an example of where a
compliance audit was a considerable burden on the time of a practitioner with
only minor incorrect claims being discovered. Dr Rosanna Capolingua, President
of the Association, questioned the projected savings of the measures:
The only certainty is that it will cost $76.9 million.... The
real net gain is likely to be far less. The projected savings of $147.2 million
over four years are, by their own admission, a best guess. The total cost of
each audit is $9,600 and each must recoup on average $18,400 to achieve this
level of savings.[70]
1.61
The role of practitioners in de-identifying patient information from
records provided to Medicare Australia was also discussed during the inquiry.
The Royal Australian College of General Practitioners argued that
de-identification of clinical records would be additional burden on
practitioners.[71]
However Mr Peter Dodd of the Public Interest Advocacy Centre suggested this was
a question of balance and noted the additional cost of the process would reduce
the potential for patient information being inappropriately disclosed.[72]
Integrity of Medicare
1.62
Medicare Australia and the Department of Health and Ageing highlighted
that the size and scope of the Medicare program has undergone significant
growth and expansion in the last decade. In 2007-08 expenditure was over $13
billion with 81,224 providers generating nearly 280 million MBS services.[73]
New groups of practitioners such as allied health practitioners may now provide
Medicare-eligible services.[74]
1.63
The Health Insurance Act 1973 currently does not provide Medicare
Australia with the authority to require practitioners to provide verifying
documents during a compliance audit. When a practitioner does not respond or
refuses to cooperate with a compliance audit, the process is effectively halted
as no further action is able to be taken. Medicare Australia advised that:
Medicare Australia’s experience has been that in a range of
cases, including those involving significant compliance risks, providers refuse
to make the necessary substantiating information available. On average this
occurs in 20% of compliance activities. As a consequence Medicare Australia
cannot confirm the accuracy of Medicare claims or ensure that Medicare payments
were made in accordance with legislative requirements.[75]
1.64
In the absence of a requirement for providers to give information to
substantiate Medicare payments, Medicare Australia's compliance activities rely
on providers volunteering information to demonstrate claims have been made
correctly. Medicare Australia noted that the Australian National Audit Office
in 1996-97 found that non-compliant MBS payments equated to around 1.3 to 2.3
per cent of expenditure. They argued this suggested at current levels 'annual
non-compliant payments could be around at least $170-300m per annum'.[76]
Medicare Australia argued that requiring providers to verify their claims, when
there are specific concerns about the claims, is a reasonable and responsible
way of protecting the public revenue. They stated:
The consequence of not having a penalty system for ‘non-criminal’
acts resulting in incorrect claims is that providers can repeatedly make
incorrect claims with little or no adverse outcome, other than possibly having
to repay monies that are specifically identified as being incorrectly received.[77]
1.65
Similarly the Department of Health and Ageing argued that the proposed
changes were 'concerned with the minority of practitioners who do not take appropriate
care when billing Medicare-eligible services and/or do not voluntarily comply
with compliance audit requests'. They stated:
This draft Bill addresses the current weakness in activities
designed to address key risks to the integrity of the Medicare scheme by
establishing a simple, cost effective administrative mechanism to deal with
incorrect Medicare payments which constitute a substantial risk to Medicare
expenditure.[78]
1.66
The Australian Health Insurance Association also supported the proposed changes
as important to ensuring the integrity of the Medicare system and indicated
they would like to see further measures to address inappropriate billing and
fraudulent activity within the broader health system. They noted that the
detection of inappropriate claiming within the public system can also assist in
preventing inappropriate practices in the private sector, enhancing the
integrity and affordability of private health cover.[79]
1.67
The Public Interest Advocacy Centre suggested that the proposed changes
raise two potentially competing public interest principles. These were the
public interest of Medicare consumers in the maintenance and integrity of
Australia's universal health scheme and the public interest in the confidentiality
of communications in the doctor/patient relationship recorded in the medical
records of patients. The Centre concluded that, with some amendments, the
proposed changes and the existing privacy protections, 'appropriately balances
the public interest in the integrity of Medicare and the public interest in the
maintenance of patient confidentiality and privacy of health records'. The
Centre stated that the proposed amendment:
...does not represent a significant change from the
long-existing practice that health records can be accessed, in the public
interest, in certain controlled circumstances by bodies exercising
investigative powers.[80]
1.68
However medical and privacy groups argued that the proposed changes were
unnecessarily intrusive of patient privacy and disproportionate to the
perceived problem of incorrect Medicare claims. For example the Australian
Medical Association argued that the costs of the changes proposed were not
proportionate with the 'low level concerns Medicare Australia has with the use
of the MBS'. The AMA asserted that:
The cost that this legislation incurs in undermining the
trust that patients have in their doctors to maintain the confidentiality of
their medical record will result in a fundamental alteration of the community’s
confidence in the security of their private and personal information and is too
high a price to pay....
Public probity concerns to protect government expenditure are
important, but in a scale of importance, they rank lower than the protection of
personal health information that risks undermining the ongoing health care of individuals.[81]
1.69
Dr Roger Clarke of the Australian Privacy Foundation stated the proposed
amendments did not reflect the value that the Australian people place on
privacy. He commented:
It is quite extreme of the agency to be suggesting that all
forms of infringement and all forms of suspicions about even accidental overservicing
are sufficient to justify substantial invasions of privacy in relation to
sensitive data...[82]
1.70
However the Consumers Health Forum of Australia stated that it
understood that privacy will not be compromised under the proposed changes and
supported the measure. They argued:
Consumers are fully aware of the need to ensure a sustainable
health system that has checks and balances in place. It is entirely in the
public interest for the new MBS compliance procedures to be implemented.[83]
Administrative penalty and appeals
1.71
A number of separate issues were raised by submitters and witnesses in
relation to the scheme of administrative penalties proposed and the opportunity
to appeal decisions.
1.72
The Medical Indemnity Industry Association of Australia argued that the scheme
lacked an opportunity for practitioners to dispute decisions by Medicare
Australia compliance auditors. Furthermore they argued that any decision 'must
be amenable to external merits review' and that the Administrative Appeals
Tribunal was the appropriate body to conduct such a review.[84]
They also suggested that there should be a further opportunity for
practitioners to respond where Medicare Australia proposes to decide there has
been non-compliance with a notice to produce. This would be an opportunity for the
person who would be adversely affected by such a decision to ‘show cause’ why such
a decision should not be made.[85]
1.73
The Commonwealth Ombudsman, Professor John McMillan also notified the
Committee regarding his Office's recent investigation of a case relating to the
interpretation of the MBS. He noted that changes in medical practice and
terminology will always result in a certain level of uncertainty over what is
or is not covered by a particular MBS item and that the compliance process
should accommodate the possibilities of genuine confusion, dispute or honest
mistake. He recommended the inclusion of an initial written warning to
practitioners before any penalty can be imposed and a mechanism by which merits
review could be sought regarding the meaning of MBS items and whether a claim
has been properly substantiated.[86]
1.74
The Commonwealth Ombudsman also raised concerns with the proposed
automatic penalty regime, with reductions which vary depending on when a
practitioner advises Medicare Australia an amount has been incorrectly claimed.
He suggested this limited 'the resolution of genuine disputes about the meaning
of items' and created a disincentive to seeking review of decisions.[87]
1.75
The issue of procedural fairness was also raised by the Australian
Medical Association. The Association stated:
There do not appear to be any provisions in the Bill for a
doctor to argue mitigating circumstances before the decision is made, or to
seek administrative review of the decision after it is made. As we understand
it, the only avenue of recourse the doctor will have is through the Federal
Court under the Administrative Decisions (Judicial Review) Act 1977.
This is a time consuming and expensive process...[88]
1.76
The Office of the Privacy Commissioner emphasised it was important that
the administrative penalty for amounts not properly substantiated does not
result in practitioners providing additional and unnecessary patient
information 'to avoid the possibility of a fine'. They suggested it may be
appropriate to include protection for providers who in good faith give Medicare
insufficient information and are subsequently required to provide further
information to substantiate a claim.[89]
1.77
The Australian Psychological Society was concerned that practitioners
could be made liable for administrative errors made by Medicare under the
proposed scheme. They highlighted the situation of overpayments to
practitioners and stated they believed 'administrative errors by Medicare
Australia should be rectified by Medicare Australia'.[90]
Similarly the Australian Physiotherapy Association stated that minor claims
errors were just as likely to favour Medicare Australia as they were the
individual practitioner and recommended that a mechanism be included to
reimburse practitioners where Medicare Australia has been the beneficiary of an
error.
1.78
Medicare Australia did not agree that providers would, or could be held
liable for administrative errors and argued that compliance audits were
intended to ensure payments were correct. It also noted that a process exists
whereby providers can re-submit claims if they find they have under-claimed,
which will then be adjusted and paid by Medicare Australia.[91]
1.79
The Department of Health and Ageing has previously indicated that the
introduction of administrative penalties may be accompanied by additional
formal appeal rights for providers.[92]
The Department noted that there are a number of avenues of appeal under
existing arrangements including independent internal review by Medicare
Australia and formal judicial review of administrative decisions or review
under legislation such as the Freedom of Information Act 1982 or the Ombudsman
Act 1976. They noted that once the proposed legislation is passed Medicare
Australia will include information on how practitioners may make complaints
about a compliance audit when a notice to produce documents is issued. They
also noted:
Under the HIA, review by the Administrative Appeals Tribunal
is generally restricted to those decisions which impact on a practitioner’s
ability to provide Medicare services. That is, where the sanction imposed may
involve disqualification from participation in Medicare and /or the
Pharmaceutical Benefits Scheme for a period of time.[93]
1.80
The size of the administrative penalty and the threshold was also
discussed in submissions. One submission argued that the administrative
penalties in the Exposure Draft were 'inadequate in relation to the seriousness
of the illegal activities' and that a 'more appropriate penalty regime would be
based on recent Australian Taxation Office convictions for fraud'.[94]
The Australian Physiotherapy Association agreed the $2,500 threshold was
appropriate but sought reassurance that this amount would be indexed annually.[95]
1.81
The Department of Health and Ageing commented that the proposed administrative
penalties would provide an incentive for practitioners 'to ensure that the
Medicare services they provide comply with the relevant legislative
requirements'. The Department noted that the penalties are structured to
encourage compliant behaviour, for example, if a practitioner admits to causing
an incorrect Medicare payment to be made prior to any Medicare Australia
compliance contact, no additional penalty amount is payable.[96]
The Department also noted that the $2,500 threshold will mean that practitioners
who owe a small amount of money will not be subject to a financial sanction.
They stated:
The $2,500 threshold is based on an analysis of Medicare Australia
data which indicates that this is the point at which mistaken claims may become
routine, or reflective of poor administration or decision making. In 2007-08
only 36% of practitioners who were required to repay money, repaid an amount of
more than $2,500.[97]
1.82
Medicare Australia argued that the threshold will ensure that providers
who make 'one-off minor inadvertent errors' are not penalised and that the 20
per cent penalty was proportionate and fair. They stated:
The proposed penalty amount of 20 per cent should have
sufficient weight to deter incorrect billing and claiming and compensate the
Commonwealth for the loss of use of public funds, whilst remaining both
proportional and appropriate to the circumstance... Medicare Australia feels that
any penalty amount less than 20 per cent would lose the deterrent impact on the
wider health provider community.[98]
Privacy Impact Assessment
1.83
On the whole those medical and privacy groups which provided
supplementary submissions did not consider that the PIA addressed their
concerns in relation to the proposed changes.[99]
However, there were differing levels of support for the PIA recommendations in
relation to ongoing assessment of the Medicare Australia compliance program,
consultation with peak groups, and providing information to medical
practitioners and patients about the measures.
1.84
A number of practitioner groups highlighted that the PIA had not dealt
with criticisms of the measures outlined in their original submissions. For
example the Australian Medical Association stated the PIA maintained the
incorrect premise that administrative documents will satisfy compliance
concerns. They argued that the privacy impact of the proposed measure could not
be properly assessed until the information that will be required to
substantiate Medicare benefits is listed by Medicare Australia. The Association
also objected to the assertion that 'practitioners would attempt to convince
patients to withhold their consent to the release of the personal information
to Medicare Australia'.[100]
1.85
The Australian Privacy Foundation argued that because the PIA 'was
conducted behind closed doors... far better balanced design features and
amelioration measures could have been devised' to achieve the aims without
substantial privacy breaches.[101]
The Royal Australian College of General Practitioners submitted that some of
the recommendations in the PIA relating to ongoing quality assurance of the
privacy aspects of compliance program were 'a clear admission that it is not
possible for Medicare Australia to create a safe and reliable system for
managing sensitive patient information'.[102]
1.86
Medicare Australia also made a supplementary submission which noted that
it accepted and would adopt all recommendations made in the PIA. However they
also restated their support for the measures in the Exposure Draft and argued
that 'the proposed legislation is essential in order to improve its ability to
manage the integrity of the Medicare program'.[103]
Conclusion
1.87
The issues dealt with in this inquiry represent an area where two public
interests overlap. On one hand there is the interest of patients to have their
clinical records kept confidential by medical practitioners. On the other,
there is the interest of tax-payers, who fund Medicare and are entitled to
expect reasonable checks are made to ensure those public funds are being
expended appropriately. While the Committee appreciates the issues and concerns
raised by medical, privacy and other organisations regarding the treatment of
patient clinical records, it considers that the proposed changes, as outlined
in the Exposure Draft, represent a good balance between these overlapping
public interests.
1.88
However there was one area of the proposed compliance audit process
which concerned the Committee. The Committee is sympathetic to the suggestion made
in some submissions, such as the Office of the Privacy Commissioner, that a more
tailored approach be applied to accessing sensitive health information during
the compliance audit process. Proposals to include a multi-stage audit process
to enhance the privacy protection of patient clinical records were also
persuasive. This would mean that an additional step or decision would be
required before patient clinical records would be accepted by Medicare
Australia as part of a compliance audit. This would assist in limiting the
accessing of patient clinical records to situations where other administrative
records held by providers are not sufficient to substantiate a claim.
1.89
The Committee understands that these suggested changes to the compliance
audit process may not be practically convenient to include in the draft
legislation and may be more appropriate as part of the regulations and as an
administrative practice of Medicare Australia. Nonetheless, the Committee
considers they would provide an additional privacy protection for patient
clinical records and should be clearly stated.
1.90
The Committee notes that Medicare Australia and the Department of Health
and Ageing have undertaken considerable consultation with relevant stakeholders
in developing the initiative, including working closely with the Office of the
Privacy Commissioner. The Department's statement that the Privacy Impact
Assessment will be updated throughout the implementation and ongoing management
of the Initiative is an encouraging sign that important patient privacy issues
will not be forgotten as the compliance audit program continues.[104]
The Committee is also gratified that Medicare Australia has accepted and will
adopt all the recommendations made in the PIA.
1.91
The Committee also notes that Medicare Australia has been receptive to
the recommendation made by the Australian Medical Association for clarification
regarding what constitutes 'reasonable record keeping and information arrangements'
for providers.[105]
The Committee believes clarification in this area will assist to limit the
impact on practitioners of compliance audits and protect patient privacy by restricting
the need for Medicare Australia to access clinical records in order to
substantiate claims.
Recommendation
1.92 The Committee recommends that the Department of Health and Ageing and
Medicare Australia ensure that as part of the Medicare compliance audit process
specific measures are detailed in the regulations to ensure that patient
clinical records are only required to be accessed where necessary.
Senator Claire Moore
Chair
June 2009
Navigation: Previous Page | Contents | Next Page