Health care providers are increasingly scrutinized for compliance with health care and insurance laws.  In light of this, health care providers must be proactive in creating and implementing a compliance program.

A compliance program is a framework, voluntarily implemented by the health care provider, to help insure compliance with laws, reveal breaches of law and provide a mechanism for addressing any improper conduct uncovered.  Through increased budgets and a large array of enforcement tools, State and Federal agencies as well as third party payers have pursued enforcement of health care and insurance laws with increased tenacity.  The increased enforcement budgets result from Governments’ acknowledgment of the tremendous amount of money spent on Health Care (especially Medicare and Medicaid), a perception that past spending practices have made the health care field fertile ground for fraud and a recognition that health care fraud negatively impacts the quality of care.

Though health care providers cannot do much about the increased funds spent on enforcement, health care providers should carefully note the consequences of a failure to comply with applicable laws.  These consequences include: loss of professional licenses, criminal conviction with jail time, substantial fines, ineligibility to receive payments from government programs (i.e. Medicare), disgorgement of payments, fines, interest, attorneys fees and punitive damages (i.e. double and treble damages).

In light of the well funded and aggressive compliance initiatives and the onerous nature of the consequences for failure to comply, a provider compliance program is a must.  Not only will a health care compliance program help ensure compliance with law, reveal problems and provide a mechanism for addressing improper conduct, if a compliance program is in place, it may also avoid implementation of a more burdensome governmentally imposed program.  Further, if a compliance program is in place and a violation is found the penalty may be substantially less than the penalty that would have otherwise been imposed.

The Department of Health, Office of the Inspector General (‘OIG’) promotes voluntary compliance programs for health care providers.  The OIG maintains a website at which provides information on compliance with health care laws and, though much of this information relates to hospitals and other entities rather than providers, there is substantial information for providers.  For example, a fraud alert addressing physician certification for home health services.

The OIG and others have used the United States Sentencing Commission Guidelines as a reference point for the minimum requirements of a compliance program.  The compliance program should include the following:

  1. The development and distribution of written standards of conduct as well as written policies and procedures that promote the health care provider’s commitment to compliance and that address specific areas of potential fraud such as self referral, unbundling of services, up coding and improper claims submission.
  2. The designation of a compliance officer charged with operating and monitoring the compliance program.
  3. The development and implementation of regular, effective education and training programs for all relevant employees.
  4. The maintenance of a process, such as a hotline, to receive complaints and to protect whisleblowers from retaliation.
  5. The development of a system to respond to allegations of improper/illegal activities and the enforcement of appropriate discipline with respect to employees who have violated compliance policies or requirements of federal, state or private health care programs.
  6. The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas.
  7. The investigation and remediation of problems and the development of program modifications to address future offenses.

The scope of each portion of the compliance program will depend upon the size and complexity of the health care provider.  The larger and more complex the provider, the broader the scope and the more formal the development and implementation.

In March of 1999 the Office of Inspector General and the Health Care Compliance Association co-sponsored a government-industry roundtable discussion so that the Health Care compliance industry could inform the OIG of issues surrounding the implementation and maintenance of compliance programs.  This meeting was also an opportunity for the OIG to present policy objectives underlying compliance program guidelines.  The report on this roundtable meeting, which is posted on the OIG’s website, highlighted some of the comments and suggestions raised.  These are summarized below:

Developing a Compliance Program

  1. Providers were concerned that the OIG’s compliance guidance appears to focus on compliance to the exclusion of medical ethics and this may discourage some providers from implementing a compliance program.  Further, some providers expressed concern over the cost of compliance programs.
  2. It was noted that emphasis on federal health care programs, especially Medicare, detracted from the need to scrutinize the same issues when dealing with private payees.  Risk areas are generally identifiable through OIG information including fraud alerts, OIG work plans and fraud settlements.  However, self analysis should be a source of risk identification and prioritization especially if there has been a particular history of violation
  3. Smaller providers which may not have a designated compliance committee, can form a task force to address compliance concerns as they arise.
  4. Close collaboration between personnel and compliance personnel is required especially in areas of training, hiring, discipline, establishment of a hotline and complaint follow-up.
  5. Conflicts for compliance officers might be minimized by establishing a strong and active compliance steering  committee on assigning compliance to a well respected manager.
  6. Compliance officers can be more effective if they have an open door policy and are pro-active rather than reactive.
  7. Compliance efforts may be outsourced but cost in an issue, especially when many providers found the concerns raised were often personnel rather than compliance issues.
  8. Compliance training in the areas of billing and coding was perceived as imperative.

Evaluating Compliance Program Effectiveness

  1. Continuous Review is necessary.  Further three types of audits were recommended:

a) Baseline audits (initial audits)
b) Proactive audits based on identified risk areas (i.e. OIG fraud alerts etc.).
c) Issue based audits (where a provider knows there is a problem and is attempting to determine the depth of the problem.)

Thorough interviewing of potential auditors was suggested and an annual forensic audit of major risk areas was recommended.  Compliance personnel noted that audits had a chilling effect on individual physicians and some compliance auditors noted physician downcoding and have directed attention to proper documentation rather than fraud and abuse concerns.

In demonstrating effectiveness of the compliance plan, documentation is very important.  The following must be documented: audit results, logs of hotline calls and their resolution, corrective action plans, due diligence efforts regarding business transactions, disciplinary action and modification of plans and procedures.  Further documentation of billing irregularities and disclosures of refunds of overpayments was encouraged.  Documentation of employee training was also strongly endorsed.  Additionally providers should document all communications with the Health Care Financing Administration.  Even with thorough documentation however, the OIG evaluates the effectiveness of a compliance program based on how it works in day to day practice, not merely what it is on paper.

Internal investigation and self disclosure requires that the provider ask itself the following questions:

—        What is the origin of the issue being investigated

—        When did the issue under investigation originate

—        How far back should an investigation go  (i.e. inquiry should be expanded if the results of an initial review suggest a broader problem.)

The following may be used by the compliance officer in prioritizing issues:

—        Has the OIG required the compliance officer to focus on certain issues

—        Does the problem pertain to a discontinued practice or a current practice with prospective exposure

—        Can deficient billing be suspended or ceased until a review can be completed

—        Can the issue under investigation have a significant impact on providers Medicare cost reports or interim payments

—        Does an issue present evidence of ongoing misconduct that may violate criminal, civil or administrative law and does it require immediate disclosure to a government authority

—        Has the provider established a standard of time required to address incoming billing concerns.

The attorney-client privilege and the attorney work product doctrine should also be properly used to withhold results of an investigation if appropriate but abuse of these doctrines may result in their waiver.

Upon discovery of billing mistakes, the provider should return the funds to the affected provider and add the issue to its list of topics to be reviewed during internal monitoring. The obligation to disclose to the government may depend on the size of the error and whether the error represents a pattern.  For example, a small isolated error may merely require return of an improper payment while a large overpayment or a pattern of over payment may require proceeding through the OIG’s provider self disclosure protocol.

In sum, governmental agencies are looking for conscientious and consistent implementation of comprehensive compliance programs combined with prompt, effective remedial action if problems are discovered.  Providers should consult with their counsel and auditor regarding design and implementation of a compliance program and/or addressing any known problems.  If a provider does not have an attorney or accountant/consultant that is familiar with compliance issues, this does not mean that the provider must replace its counsel or accountant.  Many practitioners who focus on compliance programs will partner with the current counsel and/or accountant as part of the compliance initiative.

Sources:  OIG ‘Building a Partnership for Effective Compliance’ – A report on Government -Industry Roundtable, April 2, 1999 available at  Health Care Fraud and Abuse, New Jersey Institute for Legal Education, New Brunswick, N.J. pub # S526.98 Bograd, Bonney, DiPasquale, Frey, McFadden, Kearney, Levy, Nittoly & Zoubek 1998; 1999 Health and Hospital Law Symposium, New Jersey Institute for Continuing Legal Education, New Brunswick, N.J. pub # S025a.99 Schaff, Benesch, Dobro, Faulk, Friedman & Lubic 1999.

Francis J. McGovern, Jr. is a 1988 graduate of Rutgers School of Business and a 1992 graduate of Rutgers Law – Camden.  Mr. McGovern has his practice, McGovern Legal Services, LLC, in New Brunswick where his practice focuses on corporate affairs and creditors’ rights.