| Conclusion
Through
this document, the OIG has attempted to provide a foundation to the
process necessary to develop an effective and cost-efficient hospital
compliance program. As previously stated, however, each program must
be tailored to fit the needs and resources of an individual hospital,
depending upon its particular corporate structure, mission, and
employee composition. The statutes, regulations and guidelines of the
federal and state health insurance programs, as well as the policies
and procedures of the private health plans, should be integrated into
every hospital’s compliance program.
The
OIG recognizes that the health care industry in this country, which
reaches millions of beneficiaries and expends about a trillion
dollars, is constantly evolving. However, the time is right for
hospitals to implement a strong voluntary compliance program concept
in health care. As stated throughout this guidance, compliance is a
dynamic process that helps to ensure that hospitals and other health
care providers are better able to fulfill their commitment to ethical
behavior, as well as meet the changes and challenges being imposed
upon them by Congress and private insurers. Ultimately, it is OIG’s
hope that a voluntarily created compliance program will enable
hospitals to meet their goals, improve the quality of patient care,
and substantially reduce fraud, waste and abuse, as well as the cost
of health care to federal, state and private health insurers.
Footnotes
(1) Indeed,
recent case law suggests that the failure of a corporate Director to
attempt in good faith to institute a compliance program in certain
situations may be a breach of a Director’s fiduciary obligation.
See, e.g., In re Caremark
International Inc. Derivative Litigation, 698 A.2d 959 (Ct. Chanc.
Del. 1996).
(2) The
OIG, for example, will consider the existence of an effective
compliance program that pre-dated any Governmental investigation when
addressing the appropriateness of administrative penalties. Further,
the False Claims Act, 31
U.S.C. §§ 3729-3733, provides that a person who has violated the
Act, but who voluntarily discloses the violation to the Government, in
certain circumstances will be subject to not less than double, as
opposed to treble, damages. See 31
U.S.C. § 3729(a).
(3) Nothing
stated herein should be substituted for, or used in lieu of, competent
legal advice from counsel.
(4) See
62 Fed. Reg. 9435 (3/3/97).
(5) Corporate
integrity agreements are executed as part of a civil settlement
between the health care provider and the Government to resolve a case
arising under the False Claims Act (FCA), including the qui tam
provisions of the FCA, based on allegations of health care fraud or
abuse. These OIG-imposed programs are in effect for a period of three
to five years and require many of the elements included in this
compliance guidance.
(6) See
United
States Sentencing Commission Guidelines, Guidelines Manual, 8A1.2,
comment. (n.3(k)).
(7) Current
HCFA reimbursement principles provide that certain of the costs
associated with the creation of a voluntarily established compliance
program may be allowable costs on certain types of hospitals’ cost
reports. These allowable costs, of course, must at a minimum be
reasonable and related to patient care. See generally 42
U.S.C. § 1395x(v)(1)(A) (definition of reasonable cost); 42
C.F.R. §§ 413.9(a), (b)(2) (costs related to patient care).
In contrast, however, costs specifically associated with the
implementation of a corporate integrity agreement in response to a
Government investigation resulting in a civil or criminal judgment or
settlement are unallowable, and are also made specifically and
expressly unallowable in corporate integrity agreements and civil
fraud settlements.
(8) The
OIG strongly encourages high-level involvement by the hospital’s
governing body, chief executive officer, chief operating officer,
general counsel, and chief financial officer, as well as other medical
personnel, as appropriate, in the development of standards of conduct.
Such involvement should help communicate a strong and explicit
statement of compliance goals and standards.
(9) E.g.,
skilled nursing facilities, home health agencies, psychiatric units,
rehabilitation units, outpatient clinics, clinical laboratories,
dialysis facilities.
(10) The
OIG recognizes that not all standards, policies and procedures need to
be communicated to all employees. However, the OIG believes that the
bulk of the standards that relate to complying with fraud and abuse
laws and other ethical areas should be addressed and made part of all
affected employees’ training. The hospital must appropriately decide
which additional educational programs should be limited to the
different levels of employees, based on job functions and areas of
responsibility.
(11) The
OIG periodically issues Special
Fraud Alerts setting forth activities believed to raise legal and
enforcement issues. Hospital compliance programs should require that
the legal staff, chief compliance officer, or other appropriate
personnel, carefully consider any and all Special Fraud Alerts issued
by the OIG that relate to hospitals. Moreover, the compliance programs
should address the ramifications of failing to cease and correct any
conduct criticized in such a Special Fraud Alert, if applicable to
hospitals, or to take reasonable action to prevent such conduct from
reoccurring in the future. If appropriate, a hospital should take the
steps described in Section G regarding investigations, reporting and
correction of identified problems.
(12) The
OIG’s work plan is currently available on the Internet at http://www.dhhs.gov/progorg/oig.
(13) Billing
for services not actually rendered involves submitting a claim that
represents that the provider performed a service all or part of which
was simply not performed. This form of billing fraud occurs in many
health care entities, including hospitals and nursing homes, and
represents a significant part of the OIG’s investigative caseload.
(14) A
claim requesting payment for medically unnecessary services
intentionally seeks reimbursement for a service that is not warranted
by the patient’s current and documented medical condition. See 42
U.S.C. § 1395y(a)(1)(A) ("no payment may be made under
part A or part B for any expenses incurred for items or services which
. . . are not reasonable and necessary for the diagnosis or treatment
of illness or injury or to improve the functioning of the malformed
body member"). On every HCFA claim form, a physician must certify
that the services were medically necessary for the health of the
beneficiary.
(15) "Upcoding"
reflects the practice of using a billing code that provides a higher
payment rate than the billing code that actually reflects the service
furnished to the patient. Upcoding has been a major focus of the OIG’s
enforcement efforts. In fact, the Health Insurance Portability and
Accountability Act of 1996 added another civil monetary penalty to the
OIG’s sanction authorities for upcoding violations. See 42
U.S.C. §1320a-7a(a)(1)(A).
(16) Like
upcoding, "DRG creep" is the practice of billing using a
Diagnosis Related Group (DRG) code that provides a higher payment rate
than the DRG code that accurately reflects the service furnished to
the patient.
(17) Hospitals
that submit claims for non-physician outpatient services that were
already included in the hospital’s inpatient payment under the
Prospective Payment System (PPS) are in effect submitting duplicate
claims.
(18) Duplicate
billing occurs when the hospital submits more than one claim for the
same service or the bill is submitted to more than one primary payor
at the same time. Although duplicate billing can occur due to simple
error, systematic or repeated double billing may be viewed as a false
claim, particularly if any overpayment is not promptly refunded.
(19) As
another example of health care fraud, the submission of false cost
reports is usually limited to certain Part A providers, such as
hospitals, skilled nursing facilities and home health agencies, which
are reimbursed in part on the basis of their self-reported operating
costs. An OIG audit report on the misuse of fringe benefits and
general and administrative costs identified millions of dollars in
unallowable costs that resulted from providers’ lack of internal
controls over costs included in their Medicare cost reports. In
addition, the OIG is aware of practices in which hospitals
inappropriately shift certain costs to cost centers that are below
their reimbursement cap and shift non-Medicare related costs to
Medicare cost centers.
(20) "Unbundling"
is the practice of submitting bills piecemeal or in fragmented fashion
to maximize the reimbursement for various tests or procedures that are
required to be billed together and therefore at a reduced cost.
(21) Under
the Medicare regulations, when a prospective payment system (PPS)
hospital transfers a patient to another PPS hospital, only the
hospital to which the patient was transferred may charge the full DRG;
the transferring hospital should charge Medicare only a per diem
amount.
(22) This
area of concern is particularly important for hospital discharge
planners referring patients to home health agencies, DME suppliers or
long term care and rehabilitation providers.
(23) Excessive
payment for medical directorships, free or below market rents or fees
for administrative services, interest-free loans and excessive payment
for intangible assets in physician practice acquisitions are examples
of arrangements that may run afoul of the anti-kickback statute. See 42
U.S.C. § 1320a-7b(b) and 59
Fed. Reg. 65372 (12/19/94).
(24) Equally
troubling to the OIG is the proliferation of business arrangements
that may violate the anti-kickback statute. Such arrangements are
generally established between those in a position to refer business,
such as physicians, and those providing items or services for which a
federal health care program pays. Sometimes established as "joint
ventures," these arrangements may take a variety of forms. The
OIG currently has a number of investigations and audits underway that
focus on such areas of concern.
(25) Another
OIG concern with respect to the anti-kickback statute is hospital
financial arrangements with hospital-based physicians that compensate
physicians for less than the fair market value of services they
provide to hospitals or require physicians to pay more than market
value for services provided by the hospital. See OIG
Management Advisory Report: "Financial Arrangements Between
Hospitals and Hospital-Based Physicians." OEI-09-89-0030, October
1991. Examples of such arrangements that may violate the
anti-kickback statute are token or no payment for Part A supervision
and management services; requirements to donate equipment to
hospitals; and excessive charges for billing services.
(26) The
patient anti-dumping statute, 42
U.S.C. § 1395dd, requires that all Medicare participating
hospitals with an emergency department: 1) provide for an appropriate
medical screening examination to determine whether or not an
individual requesting such examination has an emergency medical
condition; and 2) if the person has such a condition, (a) stabilize
that condition; or (b) appropriately transfer the patient to another
hospital.
(27) The
official coding guidelines are promulgated by HCFA, the National
Center for Health Statistics, the American Medical Association and the
American Health Information Management Association. See International
Classification of Diseases, 9th Revision, Clinical Modification
(ICD9-CM); 1998
Health Care Financing Administration Common Procedure Coding System
(HCPCS); and Physicians’ Current Procedural Terminology (CPT).
(28) The
failure of hospital staff to: (i) document items and services
rendered; and (ii) properly submit them for reimbursement is a major
area of potential fraud and abuse in federal health care programs. The
OIG has undertaken numerous audits, investigations, inspections and
national enforcement initiatives aimed at reducing potential and
actual fraud, abuse and waste. Recent OIG audit reports, which have
focused on issues such as hospital patient transfers incorrectly paid
as discharges, and hospitals’ general and administrative costs,
continue to reveal abusive, wasteful or fraudulent behavior by some
hospitals. Our inspection report entitled "Financial
Arrangements between Hospitals and Hospital-Based Physicians,"
see fn. 25, supra, and our Special Fraud Alerts on Hospital Incentives
to Physicians and Joint Venture Arrangements, further illustrate how
certain business practices may result in fraudulent and abusive
behavior.
(29) The
OIG’s February 1997 Model
Compliance Plan for Clinical Laboratories provides more specific
and detailed information than is contained in this section, and
hospitals that have clinical laboratories should extract the relevant
guidance from both documents.
(30) For
Medicare reimbursement purposes, a physician is defined as: (1) a
doctor of medicine or osteopathy; (2) a doctor of dental surgery or of
dental medicine; (3) a podiatrist; (4) an optometrist; and (5) a
chiropractor, all of whom must be appropriately licensed by the state.
42 U.S.C. § 1395x(r).
(31) Towards
this end, the hospital’s in-house counsel or compliance officer
should, inter alia, obtain copies of all OIG
regulations, special
fraud alerts and advisory
opinions concerning the anti-kickback statute, Civil
Monetary Penalties Law (CMPL) and Stark
physician self-referral law (the fraud alerts and anti-kickback or
CMPL advisory opinions are published on HHS-OIG’s home page on the
Internet), and ensure that the hospital’s policies reflect the
guidance provided by the OIG.
(32) See
fn. 25, supra.
(33) E.g.,
assigning in-house counsel or contracting with an independent
professional organization, such as an accounting, law or consulting
firm.
(34) The
creation and retention of such documents and reports may raise a
variety of legal issues, such as patient privacy and confidentiality.
These issues are best discussed with legal counsel.
(35) The
OIG believes that there is some risk to establishing an independent
compliance function if that function is subordinate to the hospital’s
general counsel, or comptroller or similar hospital financial officer.
Free standing compliance functions help to ensure independent and
objective legal reviews and financial analyses of the institution’s
compliance efforts and activities. By separating the compliance
function from the key management positions of general counsel or chief
hospital financial officer (where the size and structure of the
hospital make this a feasible option), a system of checks and balances
is established to more effectively achieve the goals of the compliance
program.
(36) For
multi-hospital organizations, the OIG encourages coordination with
each hospital owned by the corporation or foundation through the use
of a headquarter’s compliance officer, communicating with parallel
positions in each facility, or regional office, as appropriate.
(37) The
Cumulative Sanction Report is an OIG-produced report available on the
Internet at http://www.dhhs.gov/progorg/oig.
It is updated on a regular basis to reflect the status of health care
providers who have been excluded from participation in the Medicare
and Medicaid programs. In addition, the General Services
Administration maintains a monthly listing of debarred contractors on
the Internet at http://www.arnet.gov/epls.
Also, once the data base established by the Health Care Fraud and
Abuse Data Collection Act of 1996 is fully operational, the hospital
should regularly request information from this data bank as part of
its employee screening process.
(38) E.g.,
skilled nursing facilities and home health agencies.
(39) The
compliance committee benefits from having the perspectives of
individuals with varying responsibilities in the organization, such as
operations, finance, audit, human resources, utilization review,
social work, discharge planning, medicine, coding and legal, as well
as employees and managers of key operating units.
(40) Some
publications, such as OIG’s Management Advisory Report entitled
"Financial
Arrangements between Hospitals and Hospital-Based Physicians,"
Special
Fraud Alerts, audit
and inspection
reports, and advisory
opinions, as well as the annual OIG
work plan, are readily available from the OIG and could be the
basis for standards, educational courses and programs for appropriate
hospital employees.
(41) Certain
positions, such as those involving the coding of medical services,
create a greater organizational legal exposure, and therefore require
specialized training. One recommendation would be for a hospital to
attempt to fill such positions with individuals who have the
appropriate educational background and training.
(42) Currently,
the OIG is monitoring approximately 165 corporate integrity agreements
that require many of these training elements. The OIG usually requires
a minimum of one to three hours annually for basic training in
compliance areas. More is required for specialty fields such as
billing and coding.
(43) Accurate
coding depends upon the quality and completeness of the physician’s
documentation. Therefore, the OIG believes that active staff physician
participation in educational programs focusing on coding and
documentation should be emphasized by the hospital.
(44) In
addition, where feasible, the OIG believes that a hospital’s outside
contractors, including physician corporations, should be afforded the
opportunity to participate in, or develop their own, compliance
training and educational programs, which complement the hospital’s
standards of conduct, compliance requirements, and other rules and
regulations.
(45) The
OIG believes that whistleblowers should be protected against
retaliation, a concept embodied in the provisions of the False Claims
Act. In many cases, employees sue their employers under the False
Claims Act’s qui tam provisions out of frustration because of the
company’s failure to take action when a questionable, fraudulent or
abusive situation was brought to the attention of senior corporate
officials.
(46) Hospitals
should also post in a prominent, available area the HHS-OIG Hotline
telephone number, 1-800-HHS-TIPS (447-8477), in addition to any
company hotline number that may be posted.
(47) See
fn. 37, supra.
(48) Likewise,
hospital compliance programs should establish standards prohibiting
the execution of contracts with companies that have been recently
convicted of a criminal offense related to health care or that are
listed by a federal agency as debarred, excluded, or otherwise
ineligible for participation in federal health care programs.
(49) Prospective
employees who have been officially reinstated into the Medicare and
Medicaid programs by the OIG may be considered for employment upon
proof of such reinstatement.
(50) Even
when a hospital is owned by a larger corporate entity, the regular
auditing and monitoring of the compliance activities of an individual
hospital must be a key feature in any annual review. Appropriate
reports on audit findings should be periodically provided and
explained to a parent-organization’s senior staff and officers.
(51) The
OIG recommends that when a compliance program is established in a
hospital, the compliance officer, with the assistance of department
managers, should take a "snapshot" of their operations from
a compliance perspective. This assessment can be undertaken by outside
consultants, law or accounting firms, or internal staff, with
authoritative knowledge of health care compliance requirements. This
"snapshot," often used as part of benchmarking analyses,
becomes a baseline for the compliance officer and other managers to
judge the hospital’s progress in reducing or eliminating potential
areas of vulnerability. For example, it has been suggested that a
baseline level include the frequency and percentile levels of various
diagnosis codes and the increased billing of complications and
co-morbidities.
(52) In
addition, when appropriate, as referenced in section
G.2, below, reports of fraud or systemic problems should also be
made to the appropriate governmental authority.
(53) Instances
of non-compliance must be determined on a case-by-case basis. The
existence, or amount, of a monetary loss to a health care program is
not solely determinative of whether or not the conduct should be
investigated and reported to governmental authorities. In fact, there
may be instances where there is no monetary loss at all, but
corrective action and reporting are still necessary to protect the
integrity of the applicable program and its beneficiaries.
(54) Advice
from the hospital’s in-house counsel or an outside law firm may be
sought to determine the extent of the hospital’s liability and to
plan the appropriate course of action.
(55) The
OIG currently maintains a voluntary disclosure program that encourages
providers to report suspected fraud. The concept of voluntary
self-disclosure is premised on a recognition that the Government alone
cannot protect the integrity of the Medicare and other federal health
care programs. Health care providers must be willing to police
themselves, correct underlying problems and work with the Government
to resolve these matters. The OIG’s voluntary self-disclosure
program has four prerequisites: (1) the disclosure must be on behalf
of an entity and not an individual; (2) the disclosure must be truly
voluntary (i.e., no pending proceeding or investigation); (3) the
entity must disclose the nature of the wrongdoing and the harm to the
federal programs; and (4) the entity must not be the subject of a
bankruptcy proceeding before or after the self-disclosure.
(56) I.e.,
Federal and/or state law enforcement having jurisdiction over such
matter. Such governmental authority would include DOJ and OIG with
respect to Medicare and Medicaid violations giving rise to causes of
actions under various criminal, civil and administrative false claims
statutes.
(57) To
qualify for the "not less than double damages" provision of
the False Claims Act, the report must be provided to the Government
within thirty (30) days after the date when the hospital first
obtained the information.
(58) The
OIG believes that some violations may be so serious that they warrant
immediate notification to governmental authorities, prior to, or
simultaneous with, commencing an internal investigation, e.g., if the
conduct: (1) is a clear violation of criminal law; (2) has a
significant adverse effect on the quality of care provided to program
beneficiaries (in addition to any other legal obligations regarding
quality of care); or (3) indicates evidence of a systemic failure to
comply with applicable laws, an existing corporate integrity
agreement, or other standards of conduct, regardless of the financial
impact on federal health care programs.
(59) The
OIG has published criteria setting forth those factors that the OIG
takes into consideration in determining whether it is appropriate to
exclude a health care provider from program participation pursuant to 42
U.S.C. § 1320a-7(b)(7) for violations of various fraud and abuse
laws. See 62 Fed. Reg.
67,392 (12/24/97).
(60) Appropriate
federal and state authorities include the Criminal and Civil Divisions
of the Department of Justice, the U.S. Attorney in the hospital’s
district, and the investigative arms for the agencies administering
the affected federal or state health care programs, such as the state
Medicaid Fraud Control Unit, the Defense Criminal Investigative
Service, and the Offices of Inspector General of the Department of
Health and Human Services, the Department of Veterans Affairs and the
Office of Personnel Management (which administers the Federal Employee
Health Benefits Program).
(61) See
42 U.S.C. § 1320a-7b(a)(3).
(62) Normal
repayment channels as described in HCFA’s manuals and guidances are
the appropriate vehicle for repaying identified overpayments.
Hospitals should consult with its fiscal intermediary or HCFA for any
further guidance regarding these repayment channels. Interest will be
assessed, when appropriate. See 42
C.F.R. § 405.376.
back
to top |
