The False Claims Act – Application of the Lincoln Law to the Health Care Industry

 When Congress originally passed the False Claims Act (31 USC §§ 3729-3733), no one had the health care system in mind.  The False Claims Act was also commonly referred to as the “Lincoln Law”.  The original law was focused on unscrupulous vendors who provided overpriced and often faulty supplies to the military during the Civil War.

The law was unique in several ways; not least of which was the creation of “qui tam” rights.  Qui tam provisions permit individuals to bring suit alleging false claims and to retain a portion of the award.  The amount of potential award available to a qui tam claimant depends on whether the government chooses to take over the case after it is brought.

The False Claims Act was strengthened in 1986 in response to some of the much publicized $1,000 toilet seats and other abuses with respect to companies supplying the United States military.  The 1986 amendments to the False Claims Act provided for treble damages plus civil penalties of between $5,000 and $11,000 per claim.  These legislative changes were intended to add real incentive for “qui tam” litigants to bring fraud claims.

The health care industry was never the real target of the False Claims Act.  In fact, when the original “Lincoln Law” was passed in the 1860’s, there was no federal health care program in existence.  From the inception of the False Claims Act through the 1986 amendments, the primary target had been the suppliers to the defense industry.  The defense industry generally makes claims on a monthly or other periodic basis for large amounts of supplies.  Although the 1986 amendments added substantial penalties for making false claims, the impact on the defense industry does not come close to matching the impact on health care providers.

In health care, a single hospital may make hundreds of claims to the federal government per day.  False claim allegations can cover a number of years, greatly increasing the number and value of claims that may be at issue.  When treble damages plus $5,000 to $11,000 per claim are applied on top of the actual amount of a “fraudulent” claim, the obligation amount can become staggering.

The extension of the False Claims Act liability to areas such as Stark Law and Anti-Kickback Statute liability indicate how extreme the sanctions can be.  By way of example, take one physician who is determined to have been compensated at significantly over fair market value.  Assume that the excessive compensation creates a violation of the Anti-Kickback Statute and the Stark Law.  The Affordable Care Act clarified that claims made in violation of these laws create a cause of action under the False Claims Act.  Potential damages would be three times the total value of claims attributable to services of the overpaid physician, plus between $5,000 and $11,000 per claim.  You can see that the potential damages would cause grave financial impact on the hospital.  This is the type of thing that keeps compliance officers awake at night.

Even though the False Claims Act was not originally designed to target the health care industry, there does not seem to be any momentum toward making legislative.  To the contrary, the government is quite content to leave these disproportionate penalties in place as part of its effort to reduce cost of health care (and to generate additional revenues) by assessing astronomical fines against health care providers and to hold these penalties over their heads to force health care providers to take extreme actions to prevent compliance problems.  The government is taking a “return on investment” approach to health care fraud enforcement.  The False Claims Act allows the government to put its thumb on the scale in the “return on investment” game.  The qui tam provisions provide the government with “quasi agents” who may be disgruntled employees or others who can scout out potential claims, bring them to the governments attention, and take a piece of the financial reward.

Providers have only one real way to reduce the disproportionate impact of the False Claims Act on their operations.  This is to create an effective compliance program that proactively detects problems so they can be addressed and corrected before they create excessive risk.  Compliance programs are an outgrowth of the federal sentencing guidelines that permit reduced corporate penalties for fraud if an “effective” compliance program will actually reduce the risk of a violation occurring or depending because it forces the organization to proactively look for compliance problems and correct them before they become insurmountable.  An effective compliance program will also include regular training to staff which also reduces the risk of compliance problems.

The Affordable Care Act made compliance programs mandatory for most health care providers.  Nursing homes are the first to be effected in 2013.  Other types of providers will subject to mandatory compliance programs as regulations are rolled out over the next few years.  Providers will be required to maintain an effective compliance program as a condition of participation in the Medicare program.  It is strongly recommended that all providers begin development of compliance programs now.  It will take time to tailor compliance programs to fit the specific risk areas associated with your business.  You will be required to certify not only that you have established a compliance program, but that the program is effective.

Conditions For Payment Of Medically Directed Anesthesia

 In my previous article regarding anesthesia billing practices, I neglected to mention another risk associated with overbilling for medically directed anesthesia.  Engaging in the described practices tends to raise issues beyond the “double billing” issue that is directly raised.  This type of issue can also raise further scrutiny of the source bills.  For example, an insurer may decide to perform an extended audit of billings as a result of the billing anomalies that I described in my previous article.  The review might disclose a systematic problem documenting all of the prerequisites that permit the billing for medically directed services.

            In order to bill medically directed anesthesia services, seven primary elements need to be clearly indicated in the medical record:

1.  The physician must perform a pre-anesthetic examination and evaluation;
2. The physician must prescribe the anesthesia care;
3. The physician must personally participate in the most demanding aspects of the anesthesia plan, including, if applicable, induction and emergence;
4. The physician must assure that any procedures in the anesthesia plan, that he or she does not perform, are performed by a qualified individual as defined in the operating instructions;
5. The physician must monitor the course of anesthesia administration at frequent intervals;
6. The physician must remain physically present and available for immediate diagnosis and treatment of emergencies; and
7. The physician must provide indicated post-anesthesia care.

If one or more of these elements is not indicated in the medical record, the claim may be denied altogether, sometimes for both the physician and the CRNA services.  The physician alone is responsible for documenting each of these activities in the chart.  Like everything else, if it is not in the chart, it did not take place.

You can see how the originally risky billing practice could trigger a further audit and in turn uncover deficiencies in documenting the conditions for medically directed reimbursement.  If a systematic error is made in documenting the seven elements, there can be significant additional financial exposure to the group.

Recent OIG Billing Audits Are Reflective of Risk Areas for Hospital Billing

The Office of Inspector General Audit Division has released the results of a billing audit that it performed relative to Norwood Hospital, a 264-bed acute care facility located in Norwood, Massachusetts. The audit included certain identified claims for inpatient and outpatient services provided to beneficiaries from July 2008 through June 2010.  The OIG  audit covered $1,204,371 in Medicare payments for 198 claims (123 inpatient and 75 outpatient) that were judgmentally selected by the OIG as potentially at risk for billing errors.  A complete report of the Norwood audit can be found at: Norwood OIG Audit Report

The audit found that the Hospital complied with Medicare billing requirements for 99 of the 198 claims. However, 99 claims had errors, resulting in overpayments totaling $206,836. The OIG determined that the overpayments occurred primarily because the Hospital did not have adequate controls to prevent incorrect billing of Medicare claims and did not fully understand the Medicare billing requirements.

The audit of Norwood was part of the OIG’s routine process to identify certain billing areas that are at a high risk of error.  The OIG has announced that it plans to conduct more of this type of review on an ongoing basis.  As such, the nature and outcome of this review process can be instructive to hospitals who may find themselves on the receiving end of one of these audits.
The OIG has outlined the general areas where it will focus its audits and has identified these areas as “risk areas.”  Risk areas identified by the OIG includ claims billed for:

• inpatient short stays,
• inpatient same-day discharges and re-admissions,
• inpatient claims billed with high severity level DRG codes,
• inpatient claims paid in excess of charges,
• outpatient claims billed with modifier -59,
• outpatient claims billed during inpatient stays,
• outpatient evaluation and management services billed with surgical services,
• outpatient claims paid in excess of charges, and
• outpatient dental services.

The report from the OIG identified more specific errors that the Hospital was found to have made and wich led to the overpayment determination.  These specific findings are quite instructive.  Facilities should consider including these areas as potential risk areas for targeted internal review.  In some cases, these areas a facility may wish to provide focused training and instruction to billing staff of other relevant employees in order to reduce the risk of inaccurate claims being made.

Some of the specific areas that were a problem in the Norwood audit included:

• Incorrect billing of Medicare Part A for beneficiary stays that should have been billed as outpatient or outpatient with observation services.
• One claim did not have a valid physician order to admit the beneficiary for inpatient care
• Incorrect billing for inpatient claims with same-day discharges and re-admissions.
• Billing with incorrect DRG codes for several cases with high severity level DRG codes.

OIG Fraud and Abuse / HEAT Program Videos

The Office of Inspector General is posting a series of video presentation on the HEAT program.  Topics covered include general information on health care fraud laws, the Anti-kickback Statute, the False Claims Act and dealing with investigations.  The OIG will be posting a total of 11 videos and audio podcasts that are part of the award-winning Health Care Fraud Prevention and Enforcement Action Team (HEAT) Provider Compliance Training initiative. The first educational presentation was posted on the OIG website the week of December 5.  New posting will be made over the next few months.

As of the time of this post, the OIG page includes 4 new videos.  One is an introduction to the new video program.  Other current videos cover the False Claims Act, Anti-kickback Statute and Program Exclusions.

You can access the OIG video web site here:  OIG Fraud and Abuse Videos

Through the OIG video presentation page, you can also access a series of 16 videos covering a variety of compliance related topics including:

Attorney John Fisher Receives Certification in Health Care Compliance

Attorney John H. Fisher II, a health care attorney with Ruder Ware in Wausau, Wisconsin, has obtained certification in health care compliance.  Mr. Fisher will now carry the designation of CHC (Certified Healthcare Compliance).  The certification is provided by the Health Care Compliance Association (“HCCA”), a national organization based in Minneapolis.  Mr. Fisher is the fourth attorney resident in the State of Wisconsin to obtain this certification.

The HCCA defined the CHC designation as follows:

 The CHC© is a professional with knowledge of relevant regulations and expertise in compliance processes sufficient to assist the health care industry to understand and address legal obligations, and promote organizational integrity through the operation of effective compliance programs.

The HCCA also states that:

The purpose of certification is to promote health care compliance through the certification of qualified health care compliance professionals by:

1. Recognizing formally those individuals who meet the eligibility requirements of the CCB and pass the Certified in Healthcare Compliance© (CHC©) Examination.
2. Encouraging continued personal and professional growth in the practice of health care compliance.
3. Providing a national standard of requisite knowledge required for certification; thereby assisting employers, the public and members of the health professions in the assessment of a health care compliance professional.

Diagnostic Imaging – Medicare Requirements Radiology Test Coverage

We often get questions regarding the conditions of coverage for non-hospital (radiology group) coverage of diagnostic radiology services. Most questions involve the level of supervision that is required under Medicare rules and the requirements that a treating physician order the applicable test. Oftentimes, these questions are tied to issues relative to the Physician Self-Referral (Stark law) exception for diagnostic radiology services that are performed following a consultation request from another health care provider.

 There are three core requirements for a radiology test to be covered under Medicare. The test must be properly ordered by a treating physician (with limited exceptions), the test must be performed by an authorized supplier, and the test must be performed under the proper level of physician supervision. This article will briefly cover all three of the prerequisites to coverage of diagnostic radiology tests. The requirements described in this article apply to outpatient tests. Tests ordered in the hospital context are subject to slightly different rules and beyond the scope of this article.

 Who may order diagnostic radiology tests?

 he Medicare reimbursement rules have strict standards for determining who is authorized to order a diagnostic radiology test. The rules are different depending upon whether the provider is located in a hospital or in a non-hospital setting such as an independent diagnostic testing facility or physician’s office.

 Generally, in a non-hospital setting, a diagnostic radiology test must be ordered by the treating physician. The treating physician rule is located in the Medicare regulations and requires that the diagnostic test be ordered by the physician (or in certain circumstances a non-physician practitioner) who furnishes a consultation or treats a beneficiary for a specific medical problem and who uses the results of the diagnostic radiology test in the management of the patient’s medical problem.

Generally, the radiologist performing the test is not permitted to order a diagnostic radiology test. There are certain exceptions to the treating physician rule which were described in Medicare Transmittal 80. Transmittal 80 describes limited circumstances where a radiologist is permitted to order a diagnostic test and still receive payment for the technical component under Medicare rules.

A radiologist is authorized to order a diagnostic mammography test based upon the results of an initial screening examination. Where the treating physician cannot be reached and this is documented in the patient’s chart , the testing facility may furnish additional diagnostic tests if the interpreting radiologist at the testing facility documents that there are abnormal results with the test originally ordered by the treating physician and that an additional test is medically necessary. In order to rely on this exception, the fact that the treating physician was not available and that additional tests were medically necessary should be well documented in the chart. This exception requires the results of the test to be communicated to the treating physician and used by the treating physician in treating the patient’s medical condition.

Where medically appropriate, the interpreting radiologist is also permitted to make determinations regarding the parameters of the diagnostic test contained in the initial order from the treating physician. In cases where there is a clear and obvious error in the initial order, the interpreting physician may make appropriate modifications. The intervening physician may also cancel orders based upon the patient’s medical condition at the time of the diagnostic tests.

Except for the limited circumstances described above and included in Transmittal 80, the radiologist must always rely upon the order that is made by the treating physician and may not independently order diagnostic radiology tests.

Who Is Qualified To Perform the Radiology Test?

The second major requirement for the coverage radiology services in a non-hospital setting is that only a qualified provider of the services may be reimbursed. Qualified providers include physicians, group practices of physicians, approved portable x-ray suppliers, independent diagnostic test testing facilities, nurse practitioners or clinical nurse specialists as authorized under state law, FDA certified mammography facilities, clinical psychologists for certain types of tests, qualified audiologists, pathology slide preparation facilities, clinical laboratories for certain tests, and radiation therapy centers.

Level of Physician Supervision For Diagnostic Imaging Tests

The last of the major requirements for coverage of radiology services is the level of physician supervision that is required given the specific test being performed. Radiology services must be provided under at least a general level physician supervision. Additionally, certain tests must be provided under direct or personal supervision, which require higher levels of physician presence and involvement. Failure to provide the appropriate level of physician supervision and to document the supervision in the chart will result in loss of coverage under Medicare and Medicaid. Any claims submitted in spite of not meeting the supervision requirements will be considered to be not reasonable or necessary by Centers for Medicare & Medicaid.

There are a few exceptions from the physician supervision requirements for certain limited types of tests. It must be kept in mind however that these exceptions are Medicare only exceptions and there may be other federal or state laws that apply to require physician supervision. Tests that are excepted from physician supervision requirements include diagnostic mammography procedures, diagnostic tests performed by a qualified audiologist and certain psychological tests.

You must determine whether general, direct or personal supervision is required in order to bill the applicable diagnostic radiology procedure. Failure to meet the appropriate supervision requirement will lead to loss of reimbursement. This can also be an area of potential civil money penalty exposure if billings are made in spite of there not having been appropriate supervision. Thus, the supervision requirement is a significant compliance issue for medical practices who must establish and maintain appropriate policies and procedures regarding supervision of various levels of radiology diagnostic tests.

Each level of supervision has very specific requirements that must be met. For this reason it is important to know which level of supervision is required for the specific test being performed. General supervision requires that the procedure be furnished under the physicians overall direction in control. Physician presence is not necessarily required during the performance of procedures that require general supervision. Under general supervision the physician is responsible for general supervision and training of support personnel who are actually performing the test services. The physician is also responsible for maintaining the necessary equipment and supplies for the safe operation of the diagnostic test.

Direct and personal supervision each require higher levels of physician involvement and generally require some level of physician presence throughout the performance of the test. Direct supervision in the office setting requires that the physician be present in the office suite and immediately available to furnish assistance. Physical presence in the office suite must be maintained throughout the entire performance of the procedure. The physician is not required to be physically present in the room where the procedure is performed unless there is a need for the physician’s presence due to some problem that arises during the course of performing the test.

The highest level of physician supervision is personal supervision. Personal supervision requires a physician to actually be present in the room during the performance of the procedure. Personal supervision generally involves diagnostic tests with invasive or otherwise dangerous aspects. One significant example of a test that requires personal supervision is contrast studies.

It is important to know what level of supervision is required for the test that is being performed. The level of supervision that is required for each test is included in the Physician Relative Value Fee Schedule. The CMS web site includes a spreadsheet that designates the level of supervision that is required for a variety of services including diagnostic imaging services. The spreadsheet includes a column for “physician supervision.” The column indicates a numerical value with “1″ indicating general supervision, “2″ indicating direct supervision and “3″ indicating personal supervision.

Physician practices and compliance officers should be certain that their policies are in line with CMS requirements for coverage of diagnostic radiology tests. Radiology groups must be certain that the tests they are charged with performing meet each of the requirements stated above. Radiology groups need to be certain that the test is ordered by the treating physician unless inapplicable exception is present, and that the appropriate level of physician supervision is met for the type of test that is being performed.

For more information regarding the requirements for radiology services and other legal issues that affect radiology practices and providers, please contact John Fisher, member of Ruder Ware’s Health Care Focus Team.

John Fisher is an experienced health care attorney who has practiced extensively in the health care industry providing counsel to a wide variety of health care providers. John has counseled health care clients, including hospitals, physicians, and health systems on health care regulatory compliance, contracts, mergers and acquisitions, joint ventures, recruitment and compensation issues, integrated network development, and Medicare and Medicaid reimbursement. John is knowledgeable on the laws and regulations that affect financial relationships between health care providers including the Stark Law, Anti-kickback Statute and safe harbor regulations, fraud and abuse, antitrust and exempt organization tax issues.

Specific Steps Needed to Establish a Compliance Program for a Physician Practice

 The Compliance Guidance for Physician Practices and the Federal Sentencing Guidelines provide useful information concerning the process that is required to develop appropriate compliance programs.  A health care compliance attorney, preferably with demonstrated knowledge of the compliance process through appropriate certification in health care compliance, can also be a terrific asset to help you design a program.  I may be repeating myself, but it is extremely important that you do not simply adopt a “canned” program and expect it to reduce your risks or be effective in the event that the government comes calling.  It is extremely important that you follow a systematic process for assessing risk and tailor your compliance program to address precise risk areas that are identified through the process.  It is imperative that you document in detail the steps that you take to develop your program.  When developing your program, and later while operating your program, you should at all times assume that someday you will be called upon to defend the program and demonstrate that it indicates a meaningful organizational commitment to the specific compliance risks that you face in your unique practice environment.

 Initial Needs Assessment

 As mentioned above, a compliance program should be developed with consideration for the actual risks that are present in the specific practice.  This requires the practice to perform a formal analysis that is aimed at identifying specific risk areas.  The extent of the needs analysis will depend on the size and complexity of the practice.  Methods of performing the analysis will range from a full blown “gap” analysis with scoring of various risk areas down to a more simple employee questionnaire that asks for input concerning risk from the perspective of individual employees.  In smaller, less complicated practices, such as a simple primary care practice, the needs assessment will be relatively simple.  More complex specialty practices will touch on a much broad array of risk areas.  Each item identified through your needs assessment will need to be prioritized and appropriately addressed in the compliance program.

 Establish Line of Responsibility for Compliance Matters

 The Federal Sentencing Guidelines require the appointment of a single individual with responsibility for compliance in the organization.  The individual should be a “high ranking” individual with direct access to the Board of Directors or other governing authority.  Smaller physician practices will generally designate one of the physicians as compliance officers.   A member of administration may be named compliance officer in larger clinics. 

 Ideally, the compliance officer should not be in-house counsel because of potential conflicts between the differing roles of advocate and compliance officer.  An attorney has ethical obligations to zealously defend the organization.  This will sometimes mean that the best course of action from a legal standpoint may be to “deny and defend.”  This will never be an appropriate course of action from the standpoint of a compliance officer whose primary job is to prevent compliance problems.  The compliance officer will work to bring problems to the surface and disclose them when they are uncovered.  This will often conflict with the role of general counsel.

 Certainly general counsel plays an important role in compliance, but not as compliance officer.  Most general counsel are already busy providing legal services to the organization.  Placing compliance under general counsel makes compliance a secondary function of the general counsel and fails to demonstrate adequate commitment to organizational compliance.  The “dual role” compliance officer will appear to work until a problem arises.  Several cases involving “dual role” compliance officers have been investigated by the Federal government.  Once an investigation commences, the organization generally quickly abandons the dual role compliance structure and appoints a dedicated compliance officer.  In the most visible cases, the general counsel was actually forced to resign and the organization settled the case by entering a Corporate Integrity Agreement that required the division of general counsel and compliance function.

 A practice may wish to consider creating a compliance committee in addition to appointing a compliance officer.  Establishing a committee can be very helpful to the organization gaining physician buy-in and demonstrating that the organization is serious about compliance issues.  As a practical matter, the compliance committee involves more individuals in the compliance process and can make the task of the compliance officer much easier.  In larger organizations, establishing a compliance or ethics committee is strongly recommended.  Smaller organizations should consider fulfilling this task at the Board level through regularly scheduled discussions of compliance issues.

 Adopt Standards of Conduct

 An integral part of the compliance program is the standards of conduct.  The standards of conduct should include simply stated standards, in terms that can be understood by all levels of employees and others that deal with the practice that provide information concerning the commitment of the practice to compliance matters.  The Standards of Conduct are not the place to get into legalistic discussions of the various laws that could apply to operations or present compliance challenges.  The Code of Conduct should be a summary that everyone can understand and should reflect the general tone of the practice’s commitment to honesty, integrity and legal compliance.

 Oftentimes the Standards of Conduct will include a personal introduction or letter from the highest ranking individual in the clinic which briefly explains the purposes of the Standards of Conduct and the practice’s commitment to legal compliance.  This helps to set the tone within the practice that compliance and ethical behavior are a core value and principal of the practice.

 Creating Your Compliance Plan

The compliance plan itself will provide detail in the seven areas of an effective compliance program as set forth in the Federal Sentencing Guidelines.  The Compliance Plan will normally cover each of the seven areas.  Additionally, there may be a more detailed discussion of some of the laws that may apply to the specific practice.

 Setting Up Your Internal Reporting Mechanism

 One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation.  In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained.  Oftentimes providers use 24 hour compliance “hotlines.”  Online reporting systems or “drop boxes” are also commonly used.  Whatever system is used, it is crucial that employee understand that they are encouraged to provide information and that there is a clear prohibition against others in the organization retaliating against them for providing information.  It should also be made clear to employees that wherever possible the identity of the person providing the information will be kept confidential.

 The establishment of the compliance reporting process and communication to employees that retaliation will not be tolerated is a central element to an effective compliance program.  Such a system will help the practice obtain valuable information, hopefully early on, before the issue becomes a big problem.  Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously. 

 If information is obtained through the hotline system it must be taken seriously.  Certainly not every piece of information will be reflective of a serious compliance problem, and an employee could potentially have other motives for making a compliant.  Regardless, it is crucial that the information be acted upon and that the action be documented.  If the compliance officer concludes that there were alternative motivations for the complaint, that fact should be substantiated and documented.  If an objective investigation indicates that there could be a compliance issue, the matter needs to be pursued through an appropriate outcome.  Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.

 Internal Compliance Policies and Procedures – Enforcement

 One of the elements required by the Federal Sentencing Guidelines and described in all of the OIG industry specific Compliance Guidelines is that the Compliance Program include a mechanism to deal with compliance problems as they are discovered.  In some cases the appropriate action may be a change in policies and further education.  In more extreme cases of compliance violations should lead to employment discipline of various degrees depending on the nature and extent of the violation.  Other cases will require full disclosure to the Federal government and repayment of overpayments and possible penalties.

 It is important that your compliance program fit seamlessly with your employment policies.  Part of developing a compliance program is adopting suitable employment standards that let employees know what to expect from an employment standpoint if they are found to be engaged in compliance infractions.  These policies need to be communicated to employees as part of their training, both so they know the potential employment implications of compliance infractions, and so employees understand how seriously compliance issues will be taken by the organization.

 Governing Board Approval of Compliance Plan and Policies

 When it comes to compliance matters, the “buck stops” with the board of directors or other governing body of the organization.  The governing body should be involved in the creation and adoption of all policies and procedures.  The governing body and top management should take all actions necessary to make compliance a top priority within the organization.  The board should issue an initial resolution regarding compliance at the inception of the process of creating a plan.  The resolution should indicate the commitment of the governing body to compliance.  It should also allocated sufficient funding to the establishment and operation of the compliance program.  All of these actions indicate the organization’s commitment to compliance.

 During the development stage, the governing body should be kept in the loop.  Frequent reports should be provided to the governing body and input into the process should be provided by the governing body.  The governing body should approve the steps that are taken in writing.  If further direction comes from the governing body, it is recommended that the direction be placed in writing.  This will indicate the ongoing input from the governing body and further solidify the organization’s commitment to compliance.

 The governing body should also assist with other professionals in the organization “buying in” to the compliance efforts.  It is very helpful for the governing body to be proactive in compliance issues and set the tone for the “compliance spirit” within the entire organization.

 Internal Documentation and Systematic Approach 

 It is extremely important for the organization to take a systematic approach to both developing and operating a compliance program.  Each step of the formation process, from the initial planning stage through final implementation, should be documented with a great deal of detail.  The information should be presented to the governing body for review periodically through the implementation stage and the governing body should approve and adopt the information and provide additional suggestions and directives to the compliance officer.

 When establishing and operating your compliance program, keep in mind that it is very possible, if not highly likely, that someday you will be called upon to defend the actions that you took to establish and operate the program.  This is a very useful mindset to have while you are performing compliance functions.  We often advise organizations to act as if the organization is actually under a Corporate Integrity Agreement and to document each steps as if they are providing the information directly to the government.

 Educating and Training Your Staff

 Another key element of an effective compliance program is to have an ongoing education and training program for employees.  Training should occur at the inception of the program and upon commencement of employment by any new employees.  Additionally, the organization should adopt an ongoing training program to provide period refreshers of basic issues and the requirements of the program.  Additionally, topic-specific training should occur based on compliance risks or problems that are identified through the operation of the compliance program.

 Ongoing Monitoring, Auditing and Assessment

 It is important that the compliance program be seen as a continual process within the organization.  Adopting a compliance program and then leaving it sit on the shelf will be of little if any effect.  In fact, failing to adopt compliance as a process rather than a static “form” can present the organization with more risk than failing to adopt a compliance program at all because the compliance program that is not actively “worked” sets expectation and requirements that will not be met.

 The organization should adopt an effective ongoing process to monitor and audit the organization for compliance difficulties.  Risks areas that are identified by the monitoring process need to be reinforced with amendments to the compliance program, action by the governing body, potential internal discipline, additional training, and in extreme cases, self reporting to the federal government.

 In The End

 The process of developing an effective compliance program will not be without some pain, internal resistance, and resources.  The payoff will often not be as apparent as the effort that it takes to develop and operate an effective program.  The risks you are avoiding can be very difficult to see or quantify.  However, the failure to confront and mitigate those risks can be devastating to your organization.  Repayment obligations for false claims are generally three times the amount of the claims plus $15,000 per claim.  It is shocking how fast the penalties add up.  Extreme cases of fraud can also lead to criminal investigation and prosecution.  Recently enacted health care reform legislation makes it easier in a number of ways for the government to bring criminal prosecutions in the health care area.

 Now that compliance programs are becoming mandatory for most providers, including physician practices, it is necessary for providers to confront these issues.  Do not make the mistake of taking this task on in a half-hearted manner.  The result will not provide you with any of the benefits of an effective compliance program and can actually hurt you if a problem ever arises.  Even though the date for adopting mandatory compliance plans for physicians is not yet upon us, you should start now to assure that your program is effective and that you have time to develop the appropriate “buy-in” by professionals in your practice.  The proper process as identified above cannot be accomplished by taking “canned” compliance policies and adopting them.  You must go through the steps necessary to develop a meaningful program.

Basic Elements of An Effective Compliance Program

Developing a compliance program that will be effective to reduce internal and external risk is a “practice specific activity.”  There is no “one size fits all” compliance program and there is no good “off the shelf” form solution.  There are certainly vendors, consultants and lawyers out there who would like you to believe that you can take a form, make a few changes and fill in a few blanks, and create an effective compliance program for your organization.  This approach really misses the point of what is required in order to develop and effective program.  Certainly the written plan is an important and necessary part of the compliance effort.  However, even more important is the process that you go through to develop the compliance plan.

 Establishing a compliance program requires you to perform a risk assessment on your specific organization and document the outcomes of that assessment.  The risk assessment could take many forms.  Compliance professionals talk about a “gap analysis” which is an approach to help determine the vulnerabilities of your organization.  A lawyer or compliance professional that has specific training and background in performing legal risk analysis can help you design an appropriate risk analysis process.  The primary point here is that this process needs to be organization specific rather than based on a pre-canned form.  You need to score your areas of risk and provide emphasis to appropriate areas of risk that are identified through your risk assessment.

 All compliance programs will have language regarding compliance with fraud and abuse, anti-kickback statutes, HIPAA and other health care laws.  It means virtually nothing to simply adopt a pre-canned policy without backing the policy up with the process that the practice went through to identify the specific risks that it faces given the specific nature of its practices, size, and specific personalities involved in the operation.

 As mentioned above, the Office of Inspector General has issued general industry guidance on compliance program development and one such guidance relates to physician practices.  This guidance, plus the general requirements of the Federal Sentencing Guidelines, provide general elements that are necessary to make a compliance program effective.  There are generally seven (7) basic core elements that are required of an effective compliance program including:

•  Adoption of written guidelines and policies to promote the organization’s commitment to compliance;
•  Identification and appointment of a high ranking individual within the organization to serve as compliance officer;
•  Establishment of anonymous reporting systems, preferably through multiple pathways, to encourage individuals to make complaints regarding compliance items without fear of retaliation;
•  Effective education and training programs for all levels of employees and others with close relationships to the organization;
•  Ongoing auditing systems to assess the effectiveness of the compliance program and to provide input into areas that require additional emphasis;
•  Mechanisms to enforce the requirements of the compliance program and to discipline employees for violations of the organization’s commitment to compliance; and
•  An ongoing system of program modification based upon audit, feedback and experience that can further adapt the compliance policies to the specific issues faced by the organization.

 Establishing Commitment From the Top of the Organization

 An important and often overlooked aspect of developing a compliance program is the need to obtain commitment from the top of the organization.  Many times in a physician practice this will mean the physician owners of the practice.  It is important that the physician have a clear understanding of the need and benefit of establishing a focused compliance program.  There will inevitably be initial expenditures involved with establishing a compliance system.  In some cases it may even necessitate retaining additional staff.  There will almost certainly be fees to outside attorneys and consultants if the organization is not large enough to hire the needed expertise internally.  It is important that sufficient resources be allocated to compliance and that the physicians and administration understand that in the long term, these expenditures will pay off by reducing the risk of institutional compliance problems.  The difficulty is that if the compliance program works to reduce risks, there will never be a serious event that proves the benefit of the expenditures.  However, if an event occurs in the future and there is no compliance program in place, the regrets will be very deep because compliance issues are much more difficult to solve if there is no compliance plan in place.

 As a practical matter, the institutional “buy-in” is often the most difficult hurdle to overcome.  It is somewhat easier now that compliance plans are becoming mandatory.  Yet there is still risks associated with under-funding compliance activities or providing enough resources to do the “bare minimum” when it comes to compliance due to a reluctant attitude on the part of physician leaders who are now being forced to develop compliance programs that they have not fully embraced. 

 Certain groups may be in a position that they have not been dependent upon institutions who have implemented compliance programs.  Some practices completely reject policies and procedures of any kind that could bind the physicians in their practices.  These organizations present the greatest challenges and unfortunately the greatest potential risk of violations of federal and state laws occurring due to the low level of leadership embracing appropriate compliance activities.  Even as these groups are forced to adopt compliance programs, they present the greatest residual risk because of a low level of physician commitment.

 We suggest that physician practices begin the process of implementing formal compliance programs immediately to provide more time to gain physician commitment and appropriately assess the risks associated with the specific practice.  It takes a great deal of time to develop a system for establishing compliance programs, perform a “gap analysis” or other baseline analysis, perform employee interviews and take other steps to identify specific risk areas.  Developing a compliance program is much more than simply adopting a form compliance program.  Even though the precise effective date that compliance programs will become mandatory for physician practices has not yet been set, providers should consider this time a gift to permit them to develop appropriate policies rather than a reprieve.

About The Author

This article is part of a multiple part series by Health Care Attorney John Fisher, CHC on compliance programs for physician practices.

John Fisher, JD, CHC  is a seasoned health care attorney and is certified in Health Care Compliance by the Health Care Compliance Association.  Mr. Fisher is available to assist physician groups and other health care providers nationwide in the development and operation of Compliance Programs.

Mr. Fisher has significant experience in the various legal and regulatory matters that are faced by physicians including the Stark Law, Anti-Kickback Statute and Safe Harbors, Medicare and Medicaid reimbursement rules, HIPAA, False Claims Act, antitrust laws, employment laws, contract matters, business ventures and laws governing financial relationships between physicians, and others.

Mr. Fisher practices with the Ruder Ware law firm in Wausau, Wisconsin.  His practice on compliance and Federal Law issues is nationwide.