Compliance Programs Remain a PrioritySummer 1998
Civil and criminal enforcement efforts to eliminate Medicare and other reimbursement fraud continue to capture the attention of health care providers and related businesses.
Publicity at the national level about the problems of Columbia HCA, ranging from indictments of individual executives to shareholder derivative lawsuits naming individual directors as defendants, as well as news locally of enforcement staff additions at the U.S. Attorney's office and the FBI in the Eastern District of Wisconsin, have contributed to the unsettled atmosphere among Wisconsin health care providers and businesses.
The unsettled atmosphere is based on more than threatening headlines. The regulatory atmosphere in which health care providers operate is exceedingly complex. Many of the laws and rules governing provider conduct are counterintuitive and prohibit conduct which in most other business settings is applauded. Moreover, providers may be subjected to severe penalties even if they did not intend to violate the law.
As was reported in Godfrey & Kahn's November, 1997 Health Care Update, providers are responding to the new enforcement priorities and increased allocation of enforcement agency resources by implementing and maintaining internal fraud and abuse compliance programs. Godfrey & Kahn is working with clients to design, implement, and enforce such programs so that the programs will be effective in preventing and detecting criminal conduct.
Why voluntarily adopt and implement a compliance program? Apart from compliance for its own sake, one reason is because the Department of Health and Human Services' Office of the Inspector General (OIG) has made it clear that the presence of an effective compliance program may mitigate penalties imposed on an organization for violation of law. The Federal Sentencing Guidelines for Organizations outline the leniency that is applied by federal prosecutors and courts to providers that have implemented compliance programs to prevent fraud by employees. The presence of a compliance program is a substantial factor in whether a health care provider is indicted once improper activity is discovered, as well as the size of the financial penalty it must pay in the event of a civil or criminal judgment.
Another reason to adopt a compliance program is, frankly, because "everyone else is doing so." Although there exists no legal requirement that health care entities (or, for that matter, any other business which does business with the government) adopt and maintain a compliance program, the fact that so many health care providers are developing programs suggests that the maintenance of such programs will become an expected standard in the industry. The absence of a compliance program may be argued by the government to be "reckless disregard" in and of itself and may trigger civil liability under the False Claims Act.
In other words, providers without compliance programs may be the exception, and their lack of a program may be held against them in the event compliance problems surface.
This is not to say that providers should rush to adopt plans and programs that make no sense in their particular business and practice context. The OIG has recognized the need to customize compliance programs to fit each provider's specific situation. In its February, 1998 published guidelines for the hospital industry, the OIG stated that "each program must be tailored to fit the needs and resources of an individual hospital, depending upon its particular corporate structure, mission and employee composition."
Although directed at hospitals, the OIG's February, 1998 compliance program guidelines are useful to all sectors of the health care industry. In any event, the OIG has promised future, specific guidelines for other health care industry sectors, including home health agencies, billing companies, managed care organizations and durable medical equipment suppliers.
Unfortunately, following the OIG's guidelines does not assure health care entities that they will avoid problems related to legal compliance. In addition to being a potentially expensive undertaking, a compliance program is not a risk-free endeavor. Education, auditing, and related compliance activities may result in the identification and disclosure of problems which would have never been identified by the provider or discovered by the government. An effective compliance program may also increase the odds of a whistleblower (qui tam) suit. It may also trigger repayment obligations under the False Claims Act which may not otherwise exist.
The implementation and operation of a compliance program may also generate a variety of legal issues and risks not directly related to billing compliance. For example, the discipline features of the compliance program will need to be reflected in employee manuals and application of the discipline procedures may trigger employee complaints and possible lawsuits. Moreover, compliance concerns are not limited to Medicare and other payor billing issues. In the eyes of the OIG, a truly effective compliance plan will apply to virtually all areas of the law applicable to a health care business or practice, including antitrust, OSHA, anti-kickback and the Stark self-referral laws.
In working with our clients who are developing compliance programs, we emphasize that these issues and risks need to be considered in order to minimize the costs, control the risks, and maximize the benefits of implementing and operating the program.