Insight

The Affordable Care Act (ACA) authorized the Secretary of the Department of Health and Human Services (HHS) to mandate that physicians who treat Medicare and Medicaid beneficiaries establish a compliance program. As of this date the Secretary has not issued a regulation making this mandatory. However, the HHS Office of Inspector General (OIG) has issued significant guidance to healthcare providers including physicians on the content of compliance programs. This guidance makes it clear that compliance programs are expected by the OIG. The guidance has identified seven elements that are necessary to have an effective compliance program. They are as follows.

  1. Adoption of written policies and procedures to promote the organization’s commitment to compliance.
  2. Identification and appointment within the organization of an individual to serve as compliance officer, who will be responsible for monitoring compliance efforts and enforcing practice standards.
  3. Establishment of reporting systems to encourage individuals to make complaints regarding compliance items without fear of retaliation.
  4. Commitment to conducting formal education and training programs for all levels of employees.
  5. Ongoing auditing and monitoring of systems to assess the effectiveness of the compliance program and identify issues.
  6. Development of policies to enforce standards of conduct with disciplinary measures for employees who fail to comply with requirements.
  7. When vulnerabilities are identified, a corrective action must be conducted in response to potential violations.

The OIG has also issued compliance program guidance for eight industry sectors, hospitals, clinical laboratories, home health agencies, durable medical equipment suppliers, third-party medical billing companies, hospices, Medicare + Choice organizations offering coordinated care plans, and nursing facilities.

The importance of having an active compliance program was emphasized by several representatives of the OIG at the recent American Health Lawyers Association (AHLA) Fraud and Compliance forum in Baltimore, Maryland (September 25-27, 2019). The speakers emphasized that a written plan alone, would not be considered to be an active plan. Speakers noted that during inspection activities when employees were queried some would have no knowledge of the existence of a compliance plan, or the identity of the compliance officer.

At least two OIG speakers stated that when determining the best resolution of an investigation of an alleged overpayment the existence of an active compliance program was very important. In particular, speakers mentioned that a finding of a lack of an active compliance program would almost assuredly result in a requirement that the entity enter into a Corporate Integrity Agreement (CIA) as part of a global resolution of a claimed overpayment. A CIA typically lasts for five years, although we have observed some three year agreements recently. An entity that is subject to a CIA endures a great deal of inconvenience and expense. A comprehensive CIA usually includes the following elements:

  • A review and modification of written standards and policies;
  • The appointment of a compliance committee;
  • The implementation of a comprehensive employee training program;
  • The establishment and testing of a confidential disclosure program;
  • The requirement that the entity retain an independent review organization (IRO) to conduct reviews on a specified timetable (quarterly to annually);
  • A report of all overpayments, reportable events, and ongoing investigations and legal proceedings; and
  • An implementation report on the status of the entities compliance activities.

CIAs usually include breach and default provisions with specified monetary penalties for failure to comply with obligations set forth in the CIA. In addition, the material breach of the CIA would constitute a basis for the provider’s exclusion from participation in Federal health care programs.

IROs are independent qualified vendors, typically forensic accounting and compliance firms, to conduct external reviews of compliance with the CIA and report via independent reports to the OIG. The use of an IRO can constitute a very significant expense.

In a related issue, the scope of acts or omissions that can lead to overpayments has been subject to expansion almost every year. Prosecutions for overpayments include the following areas of concern:

  • Upcoding;
  • Unbundling;
  • Failure to rectify accounts in a timely manner to identify duplicate or third party payments;
  • Payments received when there is an existing violation of regulations such as the Stark Laws or Anti-kickback law;
  • Services that do not meet acceptable standards;
  • Lack of medical necessity;
  • Incorrect coding;
  • Insufficient documentation; and
  • Processing or administrative errors.

Providers must use due diligence to identify overpayments and must report and repay overpayments within six months of quantifying the overpayment. Governmental agencies use numerous private auditors to identify overpayments and other areas of non-compliance. In many instances, a sample of records is audited and the overpayment revealed by the sample is then extrapolated over all payments for a period of time. This can result in a very large recoupment amount. In most instances, a six year look-back period is permitted. There is a self-disclosure program that can minimize the impact of improperly rectified overpayments. However, a multiplier may still be utilized on the amount of overpayment to be recouped and sanctions may be imposed. OIG speakers also indicated that the existence of an active compliance program would have an impact on the determination of the use of a multiplier and the imposition of sanctions.

Now is the time to assess the adequacy of your compliance program.

For more information, contact Bruce Lamb in Gunster’s Health Care practice at (813) 222-6605 or blamb@gunster.com.

Related Professionals

Related Capabilities

Jump to Page

Gunster Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek