! The ACA s New Provider Compliance Program Mandate Turning a Mandatory Compliance Program into a Strategic Advantage On March 23, 2010, President Obama signed into law the Patient Protection and Affordable Care Act, more commonly known as the ACA and Obamacare. The wellknown political battles over the ACA including initial problems with the new federal insurance exchange and the President s unfortunate statements regarding the ability of insured individuals to keep their legacy plans have inundated Americans over the past two months. Putting politics aside, what is the intent behind the ACA? In passing the ACA and signing it into law, Congress and the Obama Administration seek to comprehensively and fundamentally reform health care in the United States through the expansion of health insurance coverage, provision of greater control over the cost of health care (which comprises over 18% of the US GDP annually and is forecast to reach 34% by 2040), and improvement of health care delivery systems. 1 The two most publicized areas of reform contained in the 2,700 pages of the ACA bill address the individual health coverage mandate and health care cost containment. One way that the law seeks to contain health care costs is through protecting federally funded health care programs from fraud, waste and abuse. According to the U.S. Departments of Justice ( DOJ ) and Health and Human Services ( HHS ), the government recovered $4.2 billion in health care fraud and abuse enforcement cases in Fiscal Year 2012, an increase of $100 million over FY2011. 2 Since 2008, the total amount recovered in fraud and abuse cases exceeds $14.9 billion. 3 In FY2012, the DOJ opened 2,016 new health care fraud investigations (1,131 criminal, 885 civil). 4 Civil recoveries under the False Claims Act related to health care topped $3 billion in 1 The Economic Case for Health Care Reform, Executive Office of the President, Council of Economic Advisers, June 2009. 2 Departments of Justice and Health and Human Services announce record-breaking recoveries resulting from joint efforts to combat health care fraud, Office of Inspector General of the Department of Health and Human Services Press Release, February 11, 2013, http://www.hhs.gov/news/press/2013pres/02/20130211a.html. 3 4
FY2012. 5 According to HHS Secretary Kathleen Sebelius, over a three year period the government recovered $7.90 for ever $1 spent on health care-related fraud and abuse investigations. 6 This demonstrates three things: first, the government takes health care fraud and abuse seriously; second, the government will pursue recovery against those providers who violate the law (whether intentionally or not); and third, the relatively high return on investment for each dollar spent on fraud and abuse enforcement makes enforcement a winning proposition for the government. Prior to the ACA, the government recommended that providers establish compliance programs to avoid the pitfalls associated with violations of the Medicare and Medicaid rules and regulations. As a result, provider compliance programs were, strictly speaking, voluntary. 7 Most hospitals established compliance programs in response to the issuance by the Office of Inspector Genera ( OIG ) l of HHS of its initial compliance guidance in February 18, 1998 the Compliance Program Guidance for Hospitals. 8 In October 2000, the OIG issued its Compliance Program Guidance for Individual and Small Group Physician Practices. 9 However, the ACA has changed the previously voluntary establishment of provider compliance programs. As part of the cost containment strategy of protecting federal programs from fraud, waste and abuse, the ACA mandates that all health care providers including physicians, dentists, chiropractors, podiatrists, optometrists, psychologists, physical and occupational therapists, and speech language pathologists establish and maintain effective compliance programs as a condition of participation in Medicare, Medicaid and the Children s Health Insurance Program ( CHIP ). 10 The ACA provides that the Secretary of the Department of Health and Human Services ( HHS ), in consultation with the [OIG], shall establish core elements for a compliance program, as well as 5 6 7 The exception to voluntarily establishing a compliance program applied to health care providers operating under a corporate integrity agreement ( CIA ) with the Office of Inspector General of the Department of Health and Human Services. CIAs require compliance programs. 8 Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987 (February 23, 1998);. The OIG subsequently updated its guidance in 2005 with the Supplemental Compliance Program Guidance for Hospitals, 70 Fed. Reg. 4858 (January 31, 2005). 9 Compliance Program Guidance for Individual and Small Group Physician Practices, 65 Fed. Reg. 59434 (October 5, 2000). 10 Patient Protection and Affordable Care Act (PPACA), Pub. L. No. 111-148, 124 Stat. 119 (Mar. 23, 2010), 6401(a)(7), provides: (A) IN GENERAL. On or after the date of implementation determined by the Secretary under subparagraph (C), a provider of medical or other items or services or supplier within a particular industry sector or category shall, as a condition of enrollment in the [Medicare] program under this title, title XIX [the Medicaid program], or title XXI [CHIP], establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category. THE ACA S NEW PROVIDER COMPLIANCE PROGRAM MANDATE! 2
determine the timeline for the establishment of the core elements and the date of the implementation for providers. 11 To date, the Secretary of HHS has neither established the required core elements nor set the timeline for the implementation of those elements. However, HHS has indicated that it will utilize the U.S. Federal Sentencing Guidelines in establishing the core elements for compliance programs. 12 The Federal Sentencing Guidelines instill a commitment to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements. Using those guidelines, the OIG Health Care Fraud Prevention and Enforcement Action Team ( HEAT ) has published The Seven Fundamental Elements of an Effective Compliance Program that outlines the core elements likely to serve as the foundation of the new compliance program requirement. Those seven elements include: 13 1. Developing and distributing written policies and procedures and standards designed to prevent and detect inappropriate conduct; 2. Designating an individual with appropriate authority to be responsible for compliance ( compliance officer ) and a compliance committee that supports the compliance officer in maintaining an effective compliance program; 3. Developing and conducting effective compliance education and training programs; 4. Developing effective lines of communication regarding compliance, including a process to receive complaints (a hotline ); adopting procedures to protect the anonymity of those reporting compliance concerns/issues; and implementing a non-retaliation policy for those reporting compliance issues and violations; 5. Performing ongoing internal evaluation of the compliance program through monitoring and auditing processes to maintain the effectiveness of the program; 6. Consistently enforcing compliance standards through the development and implementation of well-publicized disciplinary guidelines; and 11 PPACA, 6401(a)(7)(B)-(C). 12 76 Fed. Reg. 5862, at 5941-43 (Feb. 2, 2011). OIG HEAT Provider Compliance Training, Health Care Compliance Program Tips: The Seven Fundamental Elements of an 13 Effective Compliance Program, May 2011, https://oig.hhs.gov/compliance/provider-compliance-training/files/ Compliance101tips508.pdf THE ACA S NEW PROVIDER COMPLIANCE PROGRAM MANDATE! 3
7. Responding promptly and appropriately to detected and reported compliance issues/violations and undertaking action to correct identified systemic compliance issues. Of course, the OIG recognizes that not all compliance programs must be the same in size and scope. 14 For instance, a large hospital system s compliance program likely would require a full-time compliance officer responsible for the program; a two-physician medical practice may designate one of the physicians as the individual responsible for the compliance function in addition to his or her clinical duties. While the phrase one size does not fit all appropriately describes the scalability of this new mandate by providers based on their size, type of practice and other factors, the requirement remains that every provider must establish and implement a program that addresses and applies the core elements to be established by the Secretary of HHS. 15 What are the consequences of failing to establish and implement an effective compliance program pursuant to 6401? As the ACA now mandates such a program as a condition of participation in the Medicare, Medicaid and CHIP programs, a provider failing to implement a compliance program could be removed from those programs despite a clean compliance record. Of greater importance to providers should be the practical impact on their practices if they fail to implement an effective compliance program i.e., the increased likelihood that the provider will violate one of the many compliance-related laws/regulations that exist in the compliance risk universe, such as the Stark Law, the Antikickback Statute, the False Claims Act, EMTALA each of which carries a significant financial and practical cost, including federal and state False Claims Act violations with accompanying criminal and civil liability, as well as exclusion from all federal health care programs. Furthermore, the operational costs of such a violation e.g., the inability to bill for services, the cost to the practice of time devoted to defending against alleged violations, legal and other professional expenses outweigh significantly the cost of implementing a program. How do non-institutional health care providers physicians, dentists, chiropractors, podiatrists, optometrists, psychologists, physical and occupational therapists, and speech language pathologists implement an effective compliance program? Many resources exist to assist providers. The OIG provides significant guidance for providers to assist them in learning about the various fraud and abuse laws. Providers may seek the advice of legal counsel experienced in the federal and state health care fraud and abuse laws to assist them in evaluating their situation and developing a compliance 14 76 Fed. Reg. 5862, at 5941-5942. 15 THE ACA S NEW PROVIDER COMPLIANCE PROGRAM MANDATE! 4
program that is a good fit, as well as analyzing both existing and new arrangements for compliance risks. Also, providers may want to consult with outside billing and coding experts to identify systemic billing and coding issues as well as correcting billing practices to improve the provider s bottom line. Although the OIG has not released the implementation timeline and core element details yet, providers should begin (if they have not already done to) to establish and implement compliance programs. The initial cost of such an endeavor should not be significant (based on the size of the provider practice and other factors); however, the benefits of implementing an effective program will outweigh those costs when balanced against the risks of federal program exclusion and civil/criminal liability for committing fraud and abuse. Furthermore, the creation of a viable compliance culture within a provider practice for instance, initiating and maintaining billing and coding practices that meet federal program requirements that are readily transferable to commercial/ private insurance claims billing, reducing payment delays and claims denials will result in the practice becoming more profitable. In summary, the ACA s compliance program mandate should be viewed as more than just another administrative task imposed by the government on providers. Providers should seize the opportunity presented by compliance program requirement to focus their business strategy on increasing profitability through better practices, especially in a time of decreasing reimbursement. The question every provider should ask is not, How can I/we afford to develop and implement an effective compliance program? Rather, providers should ask, How can I/we afford not to develop and implement an effective compliance program? Tom Vallas (tvallas@nevadalaw.com) is an attorney practicing health care law and business/commercial law with the law firm of Hoy Chrissinger Kimmel, PC, in Reno, Nevada, working with provider practices to develop and maintain effective compliance programs and other legal issues. If you have any questions about this topic or health care compliance issues generally, please feel free to contact Mr. Vallas at tvallas@nevadalaw.com or (775) 786-8000. THE ACA S NEW PROVIDER COMPLIANCE PROGRAM MANDATE! 5