Skip to Main Content

insightsarticles

Medicare Proposed Rule for CY 2023 Hospital Outpatient Prospective Payment System (OPPS) and Ambulatory Surgical Center (ASC) Payment System

07.27.22

Release Date: July 15, 2022
Federal Register Publication Date: Scheduled for July 26, 2022
Effective Date: January 1, 2023
End of Comment Period: September 13, 2022

The Centers for Medicare & Medicaid Services (CMS) issued a proposed rule that would update Medicare payment rates and policies for outpatient hospitals and Ambulatory Surgery Centers (ASC) for the calendar year 2023, as well as other provisions. Following is a summary of the major provisions of this proposed rule.

OPPS/ASC Proposed Changes to Payment Rates:

  • Net increase in FY 2023 Medicare OPPS/ASC rates of 2.7% for hospitals that meet relevant quality reporting requirements, broken down as follows:

  • Continue 2% reduction for hospitals that fail to meet quality reporting requirements

Rural Emergency Hospitals (REH) Payment Policies:

  • Covered outpatient department services would be paid OPPS plus 5%. Medicare beneficiary coinsurance will not be applied to the additional 5%.
  • Monthly facility payment is proposed to be $268,294 in CY 2023 and subsequently increased by the hospital market basket %.  The initial monthly facility payment calculation is based on the 2019 average payment difference between CAHs and amounts the CAHs would’ve been paid under PPS
  • Outpatient services not paid under OPPS (e.g., paid under Clinical Lab Fee Schedule) and provider-based Skilled Nursing Facilities (SNFs) would not be considered REH services (not receive enhanced payment)
  • Propose an expedited enrollment process for Critical Access Hospitals (CAH) converting to the new REH designation

Other Major Provisions Proposed:

  • Rate setting would be based on CY 2021 claims data and June 2020 Cost Report data from HCRIS, which only includes cost reports that predate the public health emergency
  • Removes 10 services from the Inpatient Only List (mostly maxillofacial procedures) and adds 1 service to the ASC Covered Procedures List (lymph node biopsy or excision)
  • Proposes paying 340(b) drugs at Average Sales Price (ASP) minus 22.5%. However, considering the June 15th Supreme Court’s decision that CMS may not vary payment rates for drugs without conducting an acquisition cost survey, CMS anticipates revising this provision during final rulemaking to ASP plus 6%, with the corresponding reduction in the conversion factor for budget neutrality.
  • Paying separately for certain non-opioid pain management drugs in the ASC setting to ensure there are no financial disincentives to using these alternatives to opioids. CMS is proposing separate payment for 4 non-opioid pain management drugs that function as surgical supplies, including certain local anesthetics, and ocular drugs, in the ASC setting. 
  • Covering behavioral health services furnished remotely to beneficiaries in their homes, including proposed requirements for in-person services within 6 months prior to the initial remote service and within 12 months following a remote service (some exceptions). Audio-only communications are also proposed to be covered in certain situations.
  • Proposes IPPS and OPPS payment adjustments for the additional cost of procuring domestically produced NIOSH-approved surgical N95 respirators. These payments would made bi-weekly as interim lump-sum payments and reconciled at cost report settlement, effective for cost reporting periods beginning on or after January 1, 2023. 
  • Proposes to exempt Rural Sole Community Hospitals (SCHs) from the clinic visit payment policy for excepted off-campus provider-based departments (PBD) under which the off-campus PBD is paid an amount equivalent to the Physician Fee Schedule. SCHs would be paid the full OPPS rate for excepted off-campus provider-based clinic visits. 
  • Partial Hospital Program (PHP) per diem rate structure would remain unchanged with a single Ambulatory Payment Classification (APC) for each provider type for days with 3 or more services per day
  • Adds prior authorization requirement for facet joint injections and nerve destruction in outpatient departments.
  • CMS proposes a variety of changes for the Hospital Outpatient Quality Reporting (OQR), Ambulatory Surgical Center Quality Reporting (ASCQR), and Rural Emergency Hospital Quality Reporting (REHQR) Programs, as well as seeking comment on several measures. 

Sources: 
CMS-1772-P Medicare Program: Hospital Outpatient Prospective Payment and Ambulatory Surgical Center Payment Systems and Quality Reporting Programs; Organ Acquisition; Rural Emergency Hospitals: Payment Policies, Conditions of Participation, Provider Enrollment, Physician Self-Referral; New Service Category for Hospital Outpatient Department Prior Authorization Process; Overall Hospital Quality Star Rating
 

Related Industries

Related Services

Consulting

Business Advisory

Related Professionals

Principals

BerryDunn experts and consultants

Release Date: August 1, 2022
Federal Register Publication Date: Scheduled for August 10, 2022
Effective Date: October 1, 2022 

The Centers for Medicare & Medicaid Services (CMS) issued a final rule that updates Medicare payment rates and policies for inpatient hospitals and long-term care hospitals for the fiscal year 2023, as well as other provisions. Following is a summary of the major provisions of this final rule.

IPPS payment rates:

CMS finalized a net increase in FY 2023 Medicare IPPS rates of 4.3% for hospitals that are meaningful users of electronic health records and submit required quality data, up 1.1 percentage points from the 3.2% increase initially proposed. The increase is broken down as follows:

CMS estimates the following impact of the proposed rule on hospital payments, including the impact of reductions to DSH and other payments:


 

LTCH PPS Payment Rates:

CMS finalized a net increase in FY 2023 Medicare LTCH PPS rates of 2.3% for long-term care hospitals, up 1.6 percentage points from the 0.7% increase initially proposed. The payment rate update includes the productivity-adjusted market basket increase of 3.8% for FY 2023 and a projected decrease in high-cost outlier payments. CMS estimates that LTCH PPS payments will increase approximately $71 million as a result of the FY 2023 payment update.

Other major provisions:

  • Rate setting will be based on FY 2021 MedPAR claims data and FY 2020 cost report data, consistent with historical practice, but with modifications to account for the COVID-19 pandemic, including:
    • Calculating MS-DRG relative weights based on the average of two set of weights, one including and one excluding COVID-19 claims
    • Determining outlier fixed-loss amount using charge inflation and Cost to Charge Ratio (CCR) adjustment factors to approximate the increase in costs that will occur from FY 2021 to FY 2023
    • Modifying the outlier fixed-loss amount calculation to factor in certain payment increases for COVID-19
  • 25 technologies are eligible for new technology add-on payments (NTAP) in FY2023, including 8 newly approved technologies, discontinuation of NTAP for those technologies that have been in the market for 3 years, and discontinuation for those technologies that received an extension in FY2022.
  • No new MS-DRGs are established and the implementation of the “three-way split criteria” will be further delayed.
  • Policy modification relating to Medicare Graduate Medical Education (GME) for teaching hospitals that apply for the FTE cap when the Hospital’s weighted FTE count is greater than its FTE cap but would not reduce the weighting factor of residents that are beyond their initial residency period to less than 0.5 for cost reporting periods beginning on or after October 1, 2022.
  • Urban and rural hospitals participating in the same Rural Training Program (RTP) are given the same flexibility as other teaching hospital to share RTP cap slots via an GME affiliation agreement, effective academic year beginning July 1, 2023. 
  • Uncompensated care costs will be distributed based on more than one year of Worksheet S-10 cost report data. Data from the two most recent years of audited data (FY 2018 and FY 2019) will be used to distribute FY 2023 payments and a three-year average would be used for FY 2024 and beyond. 
  • Decreases to a hospital’s wage index from the prior fiscal year will be capped at 5%. This policy will be applied in a budget neutral manner through a national adjustment to the standardized amount.
  • Wage index rural floor will be calculated as it was before FY 2020. Wage data of hospitals that have reclassified from urban to rural will be included in the calculation of the rural floor and wage index for rural areas in the state where the hospital’s county is located. 
  • Expected in Fall 2023, CMS will establish a publicly-reported, public-facing hospital designation on the quality and safety of maternity care for hospitals that report “Yes” to both questions in the Maternal Morbidity Structural Measure in the Hospital Inpatient Quality Reporting (IQR) Program. 
  • CMS finalizes a variety of changes for the Hospital IQR Program, some include:
    • Adopting ten measures and refining two current measures
    • Making changes to the existing Electronic Clinical Quality Measures (eCQM) reporting and submission requirements
    • Removing the zero denominator declaration and case threshold exemptions for hybrid measures
    • Updating eCQM validation requirements for medical record requests
    • Establishing reporting and submission requirements for patient-reported outcome-based performance measures.
  • CMS finalizes a variety of changes to the Medicare Promoting Interoperability Program for eligible Hospitals and Critical Access Hospitals (CAHs).
  • CMS will pause or refine certain measures in the Hospital Readmissions Reduction Program (HRRP), Hospital-Acquired Condition (HAC) Reduction Program, and Hospital Value-Based Purchasing (VBP) Program that would be impacted by circumstances caused by the COVID-19 Public Health Emergency.
  • Implement a five-year extension of the Rural Community Hospital and Frontier Community Health Integration project (FCHIP) demonstrations, as authorized by the Consolidated Appropriations Act of 2021.
  • Revise Conditions of Participation (CoP) for Hospitals and CAHs to continue to report COIVD-19 and seasonal influenza data after the conclusion of the COVID-19 PHE and continue until April 30, 2024, unless ended earlier by the Secretary.

Major Proposed Provisions that were NOT finalized:

  • Proposed regulation governing the calculation of the Medicaid fraction of the Medicare disproportionate share hospital (DSH) that would be explicit as to who is “regarded as eligible” for Medicaid. As proposed, it would include only patients who receive health insurance through a Section 1115 demonstration itself, or who purchase such insurance with the use of premium assistance provided by a Section 1115 demonstration that assists with at least 90% of the cost of health insurance. CMS is not moving forward with this proposal currently but expects to revisit it in future rulemaking.
  • CMS has withdrawn its proposal to establish additional data reporting requirements for Hospitals and CAHs during future PHEs related to epidemics and pandemics.

Sources: 
CMS-1771-F Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long-Term Care Hospital Prospective Payment System and Policy Changes and Fiscal Year 2023 Rates; Quality Programs and Medicare Promoting Interoperability Program Requirements for Eligible Hospitals and Critical Access Hospitals; Costs Incurred for Qualified and Non-qualified Deferred Compensation Plans; and Changes to Hospital and Critical Access Hospital Conditions of Participation

Article
Medicare Final Rule for FY 2023 Hospital Inpatient Prospective Payment System (IPPS) and Long Term Care Hospitals (LTCH PPS)

Release Date: July 07, 2022
Federal Register Publication Date: Scheduled for July 29, 2022
Effective Date: January 1, 2023
End of Comment Period: September 6, 2022

The Centers for Medicare & Medicaid Services (CMS) issued a proposed rule that would update Medicare payment rates under the Physician Fee Schedule (PFS) for the calendar year 2023, as well as other Part B provisions. Following is a summary of the major provisions of this proposed rule.

PFS Proposed Changes to Conversion Factor:

  • PFS conversion factor reflects the statutory update of 0%, expiration of the 3% increase in PFS payments for CY2022 provided by the Consolidated Appropriations Act of 2021 (CCA), 1.55% reduction necessary for changes in relative value units for budget neutrality, and anesthesia-specific practice expense and malpractice adjustments of 0.53%.

Major Provisions Proposed:

  • Future rebasing and revision of the Medicare Economic Index (MEI) cost share weights that would use publicly available data from the US Census Bureau NAICS 6211 Offices of Physicians to set PFS payments rates. Using new MEI cost weights for PFS rate setting would not change overall spending on PFS services but would likely result in significant changes to payments among the various PFS services. Therefore, CMS is not proposing the use of the newly proposed method for CY2023 rate setting and is seeking comment on the proposed updated MEI cost share weights to calibrate payment rates and update the geographic practice cost indices (GPCI) under the PFS in the future.
  • Changes in coding and documentation for Other Visits (hospital inpatient, hospital observation, emergency department, nursing facility, home or residence services, and cognitive impairment assessment) intended to reduce administrative burden using a similar approach to changes finalized in the CY2021 PFS final rule for office/outpatient Evaluation and Management (E/M) visit coding and documentation. Also propose to maintain the current billing policies that apply to E/M visits while potential revisions are considered for future rulemaking. 
  • Delay the Split (or Shared) E/M visits policy finalized in CY 2022 related to the definition of substantive portion as more than half the total time. Until CY 2024, clinicians will continue to have a choice of meeting the definition of substantive portion based on history, physical exam, medical decision making, or more than half of the total practitioner time spent.
  • Proposing to cover several services that were temporarily available as telehealth services during the PHE through CY 2023 on a Category III basis and extending the time these services are temporarily included on the telehealth services list for a period of 151 days following the end the PHE. 
  • Telehealth claims would require the appropriate place of service (POS) indicator to be included on the claim instead of modifier “95” after the period of 151 days following the end of the PHE. For Medicare telehealth services furnished via audio-only technology modifier “93” would be available, where appropriate. 
  • Establish a new General Behavioral Health Integration (BHI) service for monthly care integration where mental health services performed by Clinical Psychologists (CP) or Clinical Social Workers (CSWs) is the focal point of care integration. This new General BHI service would also allow a psychiatric diagnostic evaluation to serve as the initiating visit. 
  • Make an exception to the direct supervision requirement under “incident to” regulations to allow behavioral health services provided by auxiliary personnel (such as licensed professional counselors and licensed marriage and family therapists) incident to the services of a physician or non-physician practitioner (NPP) to be allowed under general supervision of a physician or NPP, rather than under direct supervision.
  • Proposing new HCPCS codes and valuation for Chronic Pain Management and treatment services (CPM) that would include a bundle of services furnished during a month. 
  • Opioid Treatment Program (OTP) would revise the pricing methodology for the drug component of the methadone weekly bundle and the add-on code for take-home supplies of methadone. CMS also proposes to allow the OTP intake to be furnished via two-way audio-video communications technology when billed for the initiation of treatment with buprenorphine, when authorized by the Drug Enforcement Administration (DEA) and Substance Abuse and mental Health Services Administration (SAMHSA). Audio-only communication technology to initiate treatment with buprenorphine would also be permitted where audit-video technology is not available. 
  • Create a new G-code for audiologists to bill for services without a physician referral for non-acute hearing or balance assessments unrelated to disequilibrium, hearing aids or examinations for the purpose of prescribing, fitting, or changing hearing aids. Billing the new G-code would be limited to once every 12 months.
  • Expand coverage for certain colorectal cancer screening tests by reducing the minimum age to 45 years and considering a follow-up screening colonoscopy after a Medicare covered at-home test to be a preventative service.
  • Preventive vaccine administration would receive annually updated payment amount based on the increase in the MEI and adjustment for geographic locality. Also, CMS proposes to continue the additional payment for at-home COVID-19 vaccinations and clarifies that policies regarding the administration of COVID-19 vaccines and monoclonal antibody products will continue until the Emergency Use Authorization (EUA) declaration for drugs and biological products is terminated.
  • CMS proposes a variety of changes for the Quality payment Program and Medicare Shared Savings Program.

Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs):

  • Add the new chronic pain management and behavioral health integration services to the RHC/FQHC-specific general care management HCPCS code, G0511.
  • Policies to extend telehealth flexibilities for 151 days after the PHE would be applicable to RHCs and FQHCs as well. 
  • Provider-based RHC’s payment limit per visit would be established by using a 12-consecutive month cost report. 

Sources: 
CMS-1770-P Medicare and Medicaid Programs; CY 2023 Payment Policies under the Physician Fee Schedule and Other Changes to Part B Payment Policies; Medicare Shared Savings Program Requirements; Medicare and Medicaid Provider Enrollment Policies, Including for Skilled Nursing Facilities; Conditions of Payment for Suppliers of Durable Medicaid Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS); and Implementing Requirements for Manufacturers of Certain Single-dose Container or Single-use Package Drugs to Provide Refunds with Respect to Discarded Amounts

Article
Medicare Proposed Rule for CY 2023 Medicare Physician Fee Schedule

Read this if you work for a not-for-profit organization. 

Our annual not-for-profit Recharge event provides attendees with an opportunity to hear about hot button issues in the not-for-profit industry. We polled registrants from across the country to see where they are focusing their attention in the current landscape. 

Employee retention

Overwhelmingly, employee retention is a number one concern for organizations, with 78% of respondents saying they were strongly focused on it in 2022. Not surprisingly, financial stability (67%), cybersecurity (50%) and concerns about access to government funding (43%) were of common concern among respondents.


 
Remarkably, employee retention in 2022 weighed more heavily on respondents than concerns around the remote workplace in 2021. While over 57% of respondents were concerned about the remote workforce in 2021, employee retention did not even make it into the top four concerns for organizations. This shift is consistent with what we are seeing in our client base, as organizations embraced hybrid and remote working arrangements and are well into codification of and adherence to the policies in place. Organizations reported taking significant efforts toward employee retention, most commonly looking at increasing salaries and allowing hybrid and flexible work arrangements as methods to help retain employees.

Financial stability

The concern around financial stability is slowly starting to decline. While financial stability was a top concern for 83% of organizations in 2021, that percentage dropped to 67% of respondents listing it as a top concern in 2022, While multiple factors certainly contribute to these results (availability of COVID relief funds, for example), the decline is significant, especially in this time of inflationary growth and demands on the labor market. This decline may be reflective of the continued transition away from short-term emergency response and toward a more future-oriented mindset. 

Other concerns

Both cybersecurity and government funding concerns held relatively steady in 2022 compared to 2021, with 45% of respondents concerned with cybersecurity and government funding in 2021, compared to 50% and 43% in 2022, respectively. 

Participants also reflected on the perceived top concerns for their board members, with employee retention and recruitment and overall financial stability leading in top importance. These mirrored concerns are of no surprise, but speak to the continued need for regular and reliable reporting to boards to allow for continued rapid response by those charged with governance.

If you have any questions about your specific concerns or situation, please don’t hesitate to contact our not-for-profit team. We’re here to help.

Article
Employee retention and other concerns: NFP outlook for the year ahead

Editor's note: read this if you are a CFO, controller, accountant, or business manager.

We auditors can be annoying, especially when we send multiple follow-up emails after being in the field for consecutive days. Over the years, we have worked with our clients to create best practices you can use to prepare for our arrival on site for year-end work. Time and time again these have proven to reduce follow-up requests and can help you and your organization get back to your day-to-day operations quickly. 

  1. Reconcile early and often to save time.
    Performing reconciliations to the general ledger for an entire year's worth of activity is a very time consuming process. Reconciling accounts on a monthly or quarterly basis will help identify potential variances or issues that need to be investigated; these potential variances and issues could be an underlying problem within the general ledger or control system that, if not addressed early, will require more time and resources at year-end. Accounts with significant activity (cash, accounts receivable, investments, fixed assets, accounts payable and accrued expenses and debt), should be reconciled on a monthly basis. Accounts with less activity (prepaids, other assets, accrued expenses, other liabilities and equity) can be reconciled on a different schedule.
  2. Scan the trial balance to avoid surprises.
    As auditors, one of the first procedures we perform is to scan the trial balance for year-over-year anomalies. This allows us to identify any significant irregularities that require immediate follow up. Does the year-over-year change make sense? Should this account be a debit balance or a credit balance? Are there any accounts with exactly the same balance as the prior year and should they have the same balance? By performing this task and answering these questions prior to year-end fieldwork, you will be able to reduce our follow up by providing explanations ahead of time or by making correcting entries in advance, if necessary. 
  3. Provide support to be proactive.
    On an annual basis, your organization may go through changes that will require you to provide us documented contractual support.  Such events may include new or a refinancing of debt, large fixed asset additions, new construction, renovations, or changes in ownership structure.  Gathering and providing the documentation for these events prior to fieldwork will help reduce auditor inquiries and will allow us to gain an understanding of the details of the transaction in advance of performing substantive audit procedures. 
  4. Utilize the schedule request to stay organized.
    Each member of your team should have a clear understanding of their role in preparing for year-end. Creating columns on the schedule request for responsibility, completion date and reviewer assigned will help maintain organization and help ensure all items are addressed and available prior to arrival of the audit team. 
  5. Be available to maximize efficiency. 
    It is important for key members of the team to be available during the scheduled time of the engagement.  Minimizing commitments outside of the audit engagement during on site fieldwork and having all year-end schedules prepared prior to our arrival will allow us to work more efficiently and effectively and help reduce follow up after fieldwork has been completed. 

Careful consideration and performance of these tasks will help your organization better prepare for the year-end audit engagement, reduce lingering auditor inquiries, and ultimately reduce the time your internal resources spend on the annual audit process. See you soon. 

Article
Save time and effort—our list of tips to prepare for year-end reporting

Read this if you are a leader in the healthcare industry.

BerryDunn recently held its first annual Healthcare Leadership Summit. Here are some highlights of the topics, presentations, and discussions of the day. 

Healthcare CFO survey results

The day began with an industry update where Connie Ouellette and Lisa Trundy-Whitten had the opportunity to present with Rob Culburt, Managing Director, Healthcare Advisory, The BDO Center for Healthcare Excellence & Innovation. Rob shared highlights from a recent survey of healthcare CFOs by The BDO Center for Healthcare Excellence & Innovation, while Connie and Lisa reflected on the similarities between study results and hospital and senior living clients.

It was no surprise the study found one of the most significant challenges CFOs are facing at both the national and local level is the sustained strain on healthcare systems amid the pandemic, and ongoing supply chain and workforce struggles. Additionally, providers are concerned about the upcoming reporting and regulation requirements. Also top of mind are the Provider Relief Fund (PRF) reporting requirements, as the requirements have been ambiguous and ever changing. There is also concern among survey respondents that a misinterpretation or reporting error could cause providers to have to pay back funding they received from PRF.

The BDO healthcare survey reported that 63% of the providers who responded to the survey are thriving, but 34% are just surviving. Out of those surveyed, 82% expect to be thriving in one year. You can view the full results of the survey here

Recruitment and retention in the current climate

Recruitment and retention of direct care providers are significant challenges within the senior living industry. Providers are facing workforce shortages that are forcing them to temporarily suspend admissions, take beds off line, and, in worst case scenarios close whole units or facilities. Sarah Olson, BerryDunn's Director of Recruiting and Bill Enck, Principal at BerryDunn discussed factors leading to the talent shortage, and shared creative short- and long-term recruitment and retention strategies to try.

Change management

The pandemic has forced many in healthcare to rethink how they operate their facilities. Employees have had to pivot on a moment’s notice, and in general do more with less. However, there are still initiatives that need to be undertaken and projects that must be completed in order for your facility to operate and remain financially viable. How do you manage the change associated with these projects? Can you manage the change without burning out your employees? Dan Vogt, BerryDunn Principal, and Boyd Chappell from Schoolcraft Memorial Hospital provided tips and strategies for managing change fatigue. 

Overall, the Leadership Healthcare Summit proved to be an informative and engaging event, and many new ideas and forward-looking strategies were shared to help enable providers to continue to weather current challenges and pistion themselves for success. For more in-depth information on these topics and others discussed, please visit our Healthcare Leadership Summit resources page

Article
Top three takeaways from BerryDunn's first annual Healthcare Leadership Summit 

Read this if you are a not-for-profit organization.

With springtime upon us, it may be difficult to start thinking about this upcoming fall, but that is exactly what many folks in the nonprofit sector are starting to do. The reason for this? It’s because 2022 brings with it the mid-term election cycle. While technically an off-year election, many congressional and gubernatorial races are being contested, in addition to a myriad of questions that will appear on ballots across the country. It is around this time of year we start to see many questions from clients in the nonprofit sector in the area of political campaign activities, lobbying (both direct and grassroots), and education/advocacy.

This article will discuss the three major types of activities nonprofit organizations may or may not undertake in this arena and will offer guidance to give organizations the vote of confidence they need to not run afoul of the potential pitfalls when it comes to undertaking these activities.

Political campaign activity

Political campaign activities include participating or intervening in any political campaign on behalf of (or in opposition to) any candidate for elective public office, be it at the federal, state, or local level. Examples of such activities include contributions to political campaigns as well as making public statements in favor of or in opposition to any candidate. The IRS explicitly prohibits section 501(c)(3) organizations from conducting political campaign activities, the consequence of doing so being loss of exempt status. However, other types of exempt organizations (such as 501(c)(4) organizations) are allowed to engage in such activities, so long as those activities are not the organization’s primary activity. Only Section 527 organizations may engage in political campaign activities as their primary purpose. 

Direct lobbying

Direct lobbing activities attempt to influence legislation by directly communicating with legislative members regarding specific legislation. Examples of direct lobbying include contacting members of Congress and asking them to vote for or against a specific piece of legislation.

Grassroots lobbying

Grassroots lobbying, on the other hand, attempts to influence legislation by affecting the opinions of the general public and include a call to action. Examples of grassroots lobbying include requesting members of the general public to contact their representatives to urge them to vote for or against specific legislation.  

A quick way to remember the difference:
Political = think “P” for People – advocating for or against a specific candidate 
Lobbying = think “L” for Legislation – advocating for or against a specific bill

Education/advocacy

Organizations may engage in activities designed to educate or advocate for a particular cause so long as it does not take a specific position. For example, telling members of Congress how grants helped constituents would be considered an educational activity. However, attempting to get a member of Congress to vote for or against specific piece of legislation that would affect grant funding would be considered lobbying. Another example would be educating or informing the general public about a specific piece of legislation. Organizations need to be mindful here as taking a specific position one way or the other would lend itself to the activity being deemed to be lobbying, and not merely education of the general public. There is no limit on how much education/advocacy activity a nonprofit organization may conduct.

Why does this matter?

As you can see, there is a very fine line between lobbying and education, so it is important to understand the differences so that an organization conducting educational activities does not inadvertently end up conducting lobbying activities.

Organizations exempt under Code Section 501(c)(3) can conduct only lobbying activities that are not substantial to its overall activities. A 501(c)(3) organization may risk losing its exempt status and may face excise taxes on the lobbying expenditures if it is deemed to be conducting excess lobbying, whereas section 501(c)(4), (c)(5), and (c)(6) organizations may engage in an unlimited amount of lobbying activity.

What is substantial?

Unfortunately, there is no bright line test for determining what is considered substantial versus insubstantial. As an industry standard, many practitioners have taken a position that insubstantial means five percent or less of total expenditures, but that position is not codified and could be challenged by the IRS. 

Section 501(c)(3) organizations that intend to conduct lobbying activities on a regular basis may want to consider making an election under Code Section 501(h). This election is only applicable to 501(c)(3) organizations and provides a defined amount of lobbying activity an organization may conduct without jeopardizing its exempt status or becoming subject to excise tax. The 501(h) election limit is based on total organization expenditures with a maximum allowance of $1 million for “large organizations” (defined as an organization with total expenditures over $17,000,000). 

While the 501(h) election provides some clarity as to how much lobbying activity can be conducted, it may be prohibitive for some organizations whose total expenditures greatly exceed the $17,000,000 threshold. Another item to be aware of is that the lobbying threshold applies to all members of an affiliated group combined, which means the entire group shares the maximum threshold allowed. 

Another option for those engaging in lobbying is to create a separate entity (such as a 501(c)(4) organization) which conducts all lobbying activities, insulating the 501(c)(3) organization from these activities. As previously mentioned, organizations exempt under Code Section 501(c)(4) can conduct an unlimited amount of lobbying activities but can only conduct limited political campaign activities.

What about political campaign activities?

Section 527 organizations, known as political action committees, are exempt organizations dedicated specifically to conducting political campaign activities. If a 501(c)(4), (c)(5), or (c)(6) organization makes a contribution to a 527 organization, it may be required to file a Form 1120-POL and be subject to tax at the corporate tax rate (currently a flat 21%) based on the lesser of the political campaign expenditures or the organization’s net investment income. State income taxes may also be applicable. Section 501(c)(3) organizations may not make contributions to 527 organizations. 

If your organization is considering participation in any of the above activities, we would recommend you reach out to your not-for-profit tax team for additional information. We’re here to help!

Article
Lobbying and politics and education, oh my!

Read this if you have a cybersecurity program.

This week President Joe Biden warned Americans about intelligence that indicated Russia may be preparing to conduct cyberattacks on our private sector businesses and infrastructure as retaliation for sanctions applied to the Russian government (and the oligarchs) as punishment for the invasion of Ukraine. Though there is no specific threat at this time, President Biden’s warning has been an ongoing message since the invasion began. There is no need to panic, but this is a great time to re-visit your current security controls. Focusing on basic IT controls goes can make a big difference in the event of an attack, as hackers tend to go after the easy, low hanging fruit. 

  1. Access controls
    Review and understand how all access to your networks is obtained by on-site employees, remote employees, and vendors and guests. Make sure that users are maintaining strong passwords and that no user is connecting remotely to any of your systems without some form of multi-factor authentication (MFA). MFA can come in the form of a token (in hand or built-in) or as one of those numerical codes you have delivered to your phone or email. Poor access controls are simply the difference between leaving your house unlocked versus locked when you leave to go somewhere. 
  2. Patching
    One of the most common audit findings we have to date and one of the biggest reasons behind successful attacks is related to unpatched systems. Software patches are issued by software providers to address vulnerabilities in systems that act as an unlocked door to a hacker, and allow hackers to leverage the vulnerability as a way to get into your systems. Ensuring your organization has a robust patch management program in place and that systems are up-to-date on needed patches is critical to your security operations. Think of an unpatched system like a car with a broken window—sure the door is locked, but any thief can reach through the broken window and unlock the car. 
  3. Logging 
    Account activity, network traffic, system changes—these are all things that can be easily logged and with the right tools, configured to alert you to suspicious activity. Logging that is done correctly can alert management to suspicious activity occurring on your network and notifies your security team to investigate the issue. Consider logging and alerting like your home’s security camera. It may alert you to the activity outside, but someone still needs to review the footage and react to it to mitigate the threat.  
  4. Test backups and more
    Making sure that your systems are successful backed up and kept separate from your production systems is a control we are all familiar with. Organizations should do more than just make sure their backups are performed nightly and maintained, but need to make sure that those data backups can be restored back to a useable state on a regular basis. More so than backups, we also often hear in the work we do that our client’s test only parts of their disaster recovery and failover plans—but have never tested a full-scale fail-over to their backup systems to determine if the failover would be successful in the event of an event or disaster. Organizations shouldn’t be scared to do a full-scale failover test, because when the time comes, you may not have the option to do a partial failover and just hope that it occurs successfully. Not testing your backups is like not test driving a car before you buy it. Sure it looks nice in the lot, but does it actually run? 
  5. Incident Management Plan 
    We often review Incident Management Plans as part of the work we do, and often note that the plans are outdated and contain incorrect information. This is an ideal time to make sure your plans are current and reflect changes that may have occurred, like your increasingly remote work force, or that systems have changed. An outdated Incident Management Plan is like being sick and trying to call your doctor for help only to find out your doctor has retired. 
  6. Training—phishing attacks
    Hackers’ most common approach to gain access to systems and deploy crippling ransomware attacks is through phishing campaigns via email. Phishing campaigns trick a user into either providing the hacker with credentials to log into systems or to download malware that could turn into ransomware through what appears to be legitimate business correspondence. Training end-users on what to look for in verifying an email’s authenticity is critical and should be seen as an opportunity that benefits the entire organization. Testing users is also critical so management understands the current risk and what is needed for additional training. Security teams should also have other supporting controls to help prevent phishing emails and detection tools in place in case a user does fall for an email. Not training your employees on security is like not coaching your little league team on how to play baseball and then being surprised you didn’t win the game because no one knew what to do. 

In the current environment, information security is an asset to any organization and needs to be supported so that you can protect your organization from cyberattacks of all kinds. While we can never guarantee that having controls in place will prevent an attack from occurring, they make it a lot more challenging for the hacker. One more analogy, and then I’m done, I promise. Basic IT controls are like speedbumps in a neighborhood. While they keep most people from speeding (and if you hit them too fast they do a number on your car), you can still get over them with enough motivation. 

If you have questions about your cybersecurity controls, or would like more information, please contact our IT security experts. We’re here to help.

Article
Cyberattack preparation: A basics refresher

Read this if you are interested in grant compliance in healthcare. 

This is a companion article to the podcast, Mitigating the compliance and revenue integrity risk of grant funded healthcare programs.

The BerryDunn Healthcare Practice Group boasts professionals who have expertise all across the spectrum of healthcare, including regulatory, revenue, integrity, general compliance, and risk management issues. This article covers the very specific arena of grant compliance affecting many of BerryDunn’s healthcare, not-for-profit, and government clients.

After starting as a newly minted MBA financial analyst with an academic medical center in Northern New England, I (Markes) worked my way into the world of grants and contracts supported by my interest in federal regulations and the non-clinical revenue streams. Fascinated to navigate through waters where it seemed no one was the expert, or really had the time or patience to figure things out, I worked to stand up a grant office in finance on the hospital side, separate from the medical school which was the usual repository for grant funding. We moved this direction because hospital leadership realized grant funding was tipping toward the clinical setting and was less focused on bench or clinical research. Put another way, less NIH and more CDC, HRSA, and CMS.

BerryDunn Senior Manager Regina Alexander advises, “wherever there is complexity, there is compliance risk.” Whether from a federal agency like HHS, HRSA, NIH, or CDC, a state Medicaid program, foundation, or private source, grants always come with requirements, typically very specific requirements. Because the dollars are being ‘given’, those requirements for how the funds are used may be much more restrictive than loans.

Like other areas of regulatory compliance, it is reasonable to assume that grant programs often have compliance gaps that go unnoticed. For many of our clients, both in healthcare and not-for-profit, and in the government space, grant revenue has become a significant source of funding. Any kind of healthcare delivery organization, including academic medical centers, federally qualified health centers, community hospitals, behavioral health service organizations, home health providers, visiting nurse associations, and others can end up with significant portions of their income for the year being sourced by federal grants.

Grant compliance categories

We all can’t be experts in every domain of regulatory compliance, and grant compliance has a lot of breadth. Thankfully, at BerryDunn, we have a team of grant experts who work collaboratively across practice groups. When I was working on setting up the grant office and establishing a proprietary clinical FTE reporting process and system earlier in my career, I would have greatly benefited from the perspectives of other experts at the table.

When we think about grant compliance, four categories are helpful to keep in mind:

  1. Restricted funding
  2. Single audit
  3. Indirect rate
  4. Time and effort

Restricted funding

Firstly, and most universally understood and applied is that grant monies are, pretty much by definition, restricted. Aside from very specific and rare instances of monies being granted to beneficiaries who have no responsibility, all grant funding is awarded with the expectation that the funds will be expended in a specific way. 

Any funder, from the federal government to your local community organization like the Lions Club or the VFW, will likely require individuals and entities awarded a grant must promise to use the funds only for the purpose laid out in the award and proposal. Compliance with grant terms typically includes following the requested reporting requirements of that funder as well. Though this category may sound obvious, it's actually pretty far-reaching, as it usually affects sub-recipients (those entities who are partnered with the direct recipient to accomplish the grant purpose). For example, where the money goes after the initial awardee receives it, or rules about who can do the work, what type of organization, how you choose a vendor, etc.—all sorts of categories.

It should be noted that many of these grant award requirements are not dissimilar from work we already do in the healthcare compliance space to assist our clients in avoiding anti-kickback statutes and Stark risks. This is because grant compliance is grounded in the same basic concepts—no favoritism, no bribes or shady deals, and avoiding fraud, waste, and abuse. Especially if you're spending federal monies, you need to prove that you choose the vendor based on verifiable best practices, and consideration was afforded to organizations owned by women, veterans, and minorities.

Single audit 

The second category, Single Audit, is applicable to all federal funding of $750,000 or more annually. My colleague from BerryDunn’s Not-for-Profit practice group, Katie Balukas, explains: 

"The federal Single Audit Act is a requirement for entities to undergo an independent financial and compliance audit when the entity has expended over $750,000 in federal awards. These audits are conducted following guidance issued through the Governmental Auditing Standards and the United States Office of Management and Budgets' Uniform Guidance. The main focus of the compliance audit is to assess the entity's compliance with the requirements set forth by the federal agency that administered the grant funds. That includes, but is not limited to determining if the funds were utilized for allowable costs and activities and expanded within the proper grant period and that the reporting and performance objectives were met."

It is important to note that adequate, appropriately scaled internal resources are essential for any organization receiving grants and even more so with larger grants. Though the phrase has been overused, it really does “take a village”. Grant management isn't something an organization should do on the side, assigning grant accounting to someone who already has a full-time role, but unfortunately this is common and also unfortunate because under resourcing tends to lead to compliance concerns, as well as just plain old poor funding management. 

Indirect rate

Speaking of funding, the third type of grant compliance is very focused on a component of the grant world that really has a life of its own: The indirect rate. Though there is an accounting definition of ‘indirect’, the way it is defined regarding grant funding is pretty specific, and there is an entire body of work organizations undertake to get a federally approved indirect rate.

There's an awful lot to think about with the indirect rate. On the one hand, you could say it's pretty simple. For example, a lot of foundation funders and even some federal funders will offer you a 5% or 10% indirect rate without any need to make a calculation. That's because they know that if you take time to do the math, you'll come up with a number much higher than 5% or 10%. When it comes to federal grants and healthcare services organizations, the indirect rate is dependent on how an organization measures costs. For hospitals, of course, the method of measurement is driven by the Medicare cost report, and that's where we would do the fancy math to derive the indirect rate. But the reality is far from simple or straightforward. 

Time and effort

The fourth and final area of grant compliance, time and effort, is also the one I'm actually most passionate about and is probably the most minimized, or at the very least, misapplied. 

In one way, “time & effort” is exactly what it sounds like. Much of granted dollars, especially from the federal government, get appropriately spent on program staff. The challenge is to match time and effort to those dollars, but that isn't as clear as it sounds, because the standard way of measuring staff time is usually in a payroll system of some sort, which can't prove how time was spent.

Most payroll systems can be programmed to account for FTE (full-time equivalent) allocations; however, there is often a breakdown between theory and practice. Putting allocations into payroll, usually done without employee interaction, may show how an employee “should” spend their time, but it is really no guarantee that that's actually how they're spending their time.

So how does the organization typically go about assuring that? Now, I don't want to speak for everyone, but let's just say I happen to know that there's a place for two or three (or maybe 10,000) that basically put allocations into payroll, and then, unfortunately, often well after the fact and/or more than once, send that allocation to the employee to sign off on without really any option to disagree, or even to modify. We all know that is not compliant…but in the organization's defense, there really haven't been very good alternatives to that kind of woeful and frustrating process, at least none that have been widely shared or understood.

As often is the case in the compliance world, rules are not followed because there is no perceived risk, but that is not a winning strategy.

Though many people involved in grant management do not have any experience or even knowledge of time and effort violations meeting with any consequences, organization interest and grant compliance have more implications than just preventing front page news. What I find in the conversations with organizations, both large and small, is that loose time and effort management costs the organization in two major ways. 

Firstly, it is inefficient to scramble around at the close of each federal grant to fix time and effort allocations. The extra time spent by grant staff, project coordinators, managers, and the finance team to sort things out because they didn't get them right the first time is the worst kind of inefficient—poor use of time with an equally poor outcome. 

Secondly, loose time and effort is costly in direct salary dollars. Most grant staff are not dedicated to one project, so we need to consider the value of their other work. Whether that is on other grants or, for example, seeing patients in the clinic as many principal investigators in healthcare do, having inaccurate or fluctuating understandings of their ability costs the organization directly in wasted salary dollars or indirectly as the opportunity cost of those providers (or other roles in other organizations). 

Digging in and fixing these issues is the work I really enjoy. It's relatively simple to build a compliant model, whether that requires very little payroll redo and is just a simple recurring attestation process in built in Excel, or more complex integrated models with triggered attestations in PDF format in a database that manages the overall FTE of principal investigators. It might even drive the available clinical provider time. It can all be done. We just need to know what the goal is. 

Working in this space so rewarding, because like so much of compliance, it's about doing something better—not just being compliant—but setting organizations up to better meet their goals and fulfill their mission.

The compliance or accounting professional might still ask, “But why aren’t payroll allocations sufficient for meeting Uniform Guidance?” The truth is, when UG came into effect and superseded the A-110, 122, 133, and others, the bar was effectively lowered. Historically, organizations abiding by the old OMB circulars had to make an attestation at least twice a year, which doesn’t really seem helpful, as who can accurately allocate their time from 5 or 6 months ago? So UG did away with the timeframe reference, relying on the idea that the payroll allocations and distributions would be all that would be needed, and in the absence of those, a monthly ‘look back’ by professional staff would be in order.

I say all this, because as a result, the interpretation of ‘payroll allocations’ then becomes the standard and we have forgotten about the other elements spoken of in the regulation. Remember, for anyone salaried (the vast majority of physicians and most of the higher level grant personnel), the ‘payroll allocation’ doesn’t pass muster. It is a static allocation that has no mooring in actual activity. This is why UG calls for monthly “current and reasonable estimates” of time and effort.

So what can organizations do in response? They need to seek a solution, a process, and a method that will both pass audit muster, as well as help the organization properly manage their resources. Almost every organization manages their productivity and finances on a regular basis: monthly! That’s why the same standard should apply to grant time and effort management. It's much more reasonable to ask you how you spent your effort this month, asking you to make a reasonable estimate of your time allocations to the different efforts you worked on.

So to summarize, the four key areas of grant compliance are (1) grants are restricted funding, (2) single audit requirement for federal funding over $750,000 annually, (3) the indirect rate and related agreement, and (4) time and effort.

Of course, I would be remiss to not point out that undergirding all this is the organization’s approach to policy. Any organization that considers grant funding a regular piece of their annual income needs to have dedicated grant management policies, covering all of the above topics, with particular focus on those arenas that are unique to the world of federal funding, and being mindful to follow or otherwise update for changes in processes and/or regulations.

Final takeaways: 

  • First, what grant focused infrastructure do you have in place? If you are subject to a single audit, there should be dedicated administrative grant staff. And I don’t mean the programmatic people actually working on the grant, but people outside the grant funding—also why you have an indirect rate. 
  • Second, how are you handling time and effort? If the process relies on any long after-the-fact attestations or payroll-generated reporting, it is unlikely to be truly following the spirit…or the letter…of Uniform Guidance. 
  • Third, review your policies regarding grants. You may not actually have policies focused on grant activities, leaving them under ‘general finance’. That isn’t sufficient to cover federal funding requirements. Many have grant policies in place, but are they actually being followed through the lifecycle of your grant programs? 
  • Lastly, the grant world is a whole ball game unto itself. BerryDunn has some great resources internally to offer assistance in all phases of grant management and administration. 
Article
Mitigating risk of grant funded healthcare programs