Overzealous Investigators Placing Physicians at Risk
- Beware of health plans overreaching their authority -
By Michael Schoppmann, Esq., and
Stuart A. Hayman, M.S., Executive Director

Recent onerous insurance company initiatives go beyond intrusive and may create risky legal exposures to physicians. We have received reports of investigations that are going beyond appropriate levels of inquiry. Physicians who unknowingly comply with these investigators are increasing their risk of liability.

The latest intrusive initiative begins through the issuance of a notice by a “Special Investigation Unit” (or similarly titled unit or division within the health plan) to a physician’s office whereby investigators make inappropriate demands of the practice. Regardless of the practice’s good intentions (or intimidated compliance), the investigation may create significant exposure to the physician.

First, every physician should bear in mind that the request must be reasonable in both its scope and its expectation. A physician’s practice should not be disrupted or overwhelmed by any demand that seeks immediate compliance. Second, as a HIPAA entity, an insurer must apply the “minimum necessary” standard to its own request for protected health information. A physician can only disclose a patient’s protected health care information to a health plan when: (1) the health plan has a current or past relationship with the patient; (2) the information requested pertains to the relationship; (3) and the request must relate to quality assessment, health care fraud and abuse, detection or compliance, or evaluating practitioner or health plan performance.

Thus, any request for records must be limited to the period for which the health plan provided coverage. Absent a specific HIPAA compliant authorization, no physician should release records to any health plan for periods of time wherein the patient was covered under another health plan. At no time, should any practice ever release records for patients who are not members of the health plan – even if such a request is couched as a need for “comparison” or “cross-reviews.” Further, all physicians should structure their response to the demands carefully; balancing the need to comply with the cooperation clause built into their contracts while also not violating federal or state law. Nothing in HIPAA prevents a physician practice from discussing its concerns with a health plan’s request and negotiating an information exchange that meets the needs of both parties.

Therefore, it is recommended that practices:
(a) Designate a specific person to meet with and respond to the requests of the health plan investigators;
(b) Designate a specific area for the investigators to remain and review the limited portions of the chart;
(c) Never provide the original charts to the investigator – only copies:
(d) Never leave the charts unmonitored or unattended with the investigators; and
(e) Do not allow anyone with the practice to engage in substantive discussions with the investigators as to any issues of treatment, billing or any other topic other than the mechanics of providing the health plan with the appropriate portions of the patient/member’s chart.

Utilize simple, reasonable controls on the scope of insurance company reviews, audits and/or investigations. These recommended steps will limit your exposure, manage the risk inherent in any investigatory inquiry and also insure that you are complying with federal and state mandates as to patient confidentiality.