Complying with the Deficit Reduction Act: Questions and Answers About Employee Education Requirements
Reprinted from HR Pulse (The Official Publication of the American Society for Healthcare Human Resources Administration)December 06, 2006
One of the central themes of the Deficit Reduction Act of 2005 (DRA), signed by President Bush on February 8, 2006, was to reduce fraud and abuse by Medicaid providers. According to the Center for Medicare & Medicaid Services (CMS), the law represents the “first national strategy to combat fraud and abuse in the 41-year history of the Medicaid program” and is “a welcome addition to the arsenal of tools used to combat the constantly changing nature of fraud, waste, and abuse in the Medicaid Program.”
One section of the DRA entitled “Employee Education About False Claims Recovery” affects the HR departments of all major healthcare systems and providers in the country. It requires the education of employees, contractors and agents of Medicaid providers regarding fraud and abuse laws and whistleblower provisions in state and federal law, including the False Claims Act. This article provides an overview of the requirements with which organizations must comply by January 1, 2007.
[Author’s Note: The January 1, 2007 deadline arguably applies to the state Medicaid agency, but we recommend that providers comply by January 1, 2007 to avoid risks of nonpayment.]
Q: Who is required to comply with the employee handbook and policy requirement?
A: Any provider that receives or makes annual Medicaid payments of at least $5 million must comply with the employee handbook and policy requirements. To date, no formal guidance has been provided regarding how this threshold amount is to be calculated when a provider has several entities—each with its own provider number—that meet this amount collectively but not individually. Unofficial comments by CMS indicate that aggregate billings for all entities of a single organization will be used to determine whether the $5 million threshold amount has been satisfied. Each entity, in consultation with legal counsel, should carefully evaluate the issue of aggregated Medicaid payments to avoid any risk of Medicaid payment forfeitures.
Q: What employment policies must be implemented by January 1, 2007?
A: Entities that satisfy the annual payments threshold must establish written policies that provide detailed information regarding the role of the following in “preventing and detecting fraud, waste, and abuse in Federal health care programs:”
- False Claims Act
- Administrative Remedies for False Claims and Statements
- State Laws Pertaining to Civil or Criminal Penalties for False Claims and Statements
- Whistleblower Protections Under the State and Federal Laws
- Detailed provisions regarding the entity’s policies and procedures for detecting fraud, waste and abuse.
Q: How detailed does the policy have to be? A:
Unfortunately, neither the DRA nor CMS provide any guidance regarding level of detail, which leaves healthcare entities, in consultation with legal counsel, to make a judgment call. This issue is not to be taken lightly because too much detail may unnecessarily create groundless whistleblower claims. For entities with detailed corporate compliance policies, the statutory obligations may be fulfilled with relatively minor modification to existing policies.
Those without corporate compliance policies may find help in the voluntary corporate compliance guidance documents from the HHS Office of the Inspector General, such the OIG Supplemental Compliance Program Guidance for Hospitals (2005) and OIG Compliance Program Guidance for Hospitals (1998). The OIG Compliance Guidance documents are available at http://oig.hhs.gov/fraud/complianceguidance.html. Additional sources include documents on the U.S. Department of Justice and state Attorneys General websites, as well as the Corporate Responsibility and Corporate Compliance: A Resource For Health Care Boards Of Directors
, a publication by OIG and the AHLA. [Author’s Note: Subsequent to the printing of this article, the Wisconsin Hospital Association released a sample policy, which can be accessed at: http://www.wha.org/legalAndRegulatory/dra6032.pdf]Q: To whom do the policies apply? A:
The DRA requires the policies apply to all employees, contractors and agents. Interestingly, the DRA specifically includes a reference stating the policies must include “management.” Q: What employee handbook language must be implemented by January 1, 2007? A:
Any entity that satisfies the annual payments threshold must include specific language regarding: the laws described in implemented policy (see question two above); the rights of employees to be protected as whistleblowers; and the entity’s procedures for detecting and preventing fraud, waste and abuse.
Q: Does the DRA require specific employee training?
Although the relevant section of the DRA was entitled “Employee Education About False Claims Recovery,” the final version of the DRA does not contain any specific employee training requirements. The original version of the bill introduced in Congress contained a “mandatory training” requirement, but it was removed prior to final enactment of the law. While there is no specific training requirement, the policy should be implemented consistent with the way other policies are implemented. Likewise, the necessary revisions to the employee handbook should be circulated to employees in the same way employees are notified of other employee handbook changes. Q: What is the consequence of failing to adopt a policy and handbook provisions? A:
The entity risks losing its Medicaid funding for the period of noncompliance.
Q: Where should we start? A:
The first task is to determine whether this DRA provision applies to your entity, and both legal counsel and your financial officers should be consulted. If your entity must comply, the next step is to develop the required policy by January 1, 2007. Existing policies should be reviewed to determine if some of the requirements can be satisfied by using existing policy language. Corporate compliance policies, if applicable, should also be consulted. The handbook language should flow from the policy and be reviewed by counsel—either in-house or outside—to ensure compliance yet avoid excessive detail.