It goes without saying that healthcare providers must comply with innumerable laws and regulations governing their services. Having policies that address legal compliance makes sound business sense. For nearly two decades, the Department of Health & Human Services, Office of Inspector General (“OIG”) has pushed the virtues of compliance through such mechanisms as Special Fraud Alerts, Special Advisory Bulletins, Advisory Opinions, Self Disclosure Protocol and industry-specific Model Compliance Program Guidance (CPG). [1] For years, the compliance programs were largely considered voluntary, being mandated only in pursuit of settlement negotiations with the government for identified wrong-doing. But healthcare reform and increased scrutiny of certain providers and suppliers has changed the landscape considerably, mandating compliance programs for any provider participating in federal healthcare programs (Medicare, Medicaid and CHIP).
While the Patient Protection and Affordable Care Act (“ACA”) launched the shift from voluntary to mandatory compliance programs, many providers and suppliers have yet to implement such a program.[2] This white paper will provide a brief overview of what the minimum elements are for an effective Compliance Program, as well as provide an understanding as to why they are of such importance in today’s environment.
Elements of a Compliance Program. 
Over the years, the OIG has issued twelve (12) CPG’s covering everything from laboratories and hospitals, to nursing homes and ambulance providers. Each CPG is tailored to that specific provider type, but all have a core set of elements that every program should begin with. Those core elements, fashioned expressly from the seven core elements identified in the Federal Sentencing Guidelines (FSG) for an “effective compliance and ethics program,” [3] are as follows:
- Written policies and procedures, including standards of conduct;
- Designation of compliance officer and compliance committee;
- Appropriate training and education;
- Effective lines of communication;
- Enforcement of standards through publicized disciplinary guidelines;
- Regular internal monitoring and auditing; and
- Responding to detected offenses, developing corrective action plan.
The ACA added an eighth element, which calls for periodic risk assessment to ensure a program’s effectiveness. Together, these elements should “instill a commitment to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements.”
Need for an “Effective” Compliance Program.
Simply drafting policies that discuss general protocols in the workplace is not enough. Between the increased push by regulators for active provider oversight and accountability, and the vast array of compliance resources available, providers should be proactive in implementing an effective Compliance Program consistent with the CPGs to govern day-to-day operations. One caveat—simply having a Program that sits on the shelf is not “effective” and, in fact, can bolster the government’s position should something go awry. The OIG has already shown unwillingness to tolerate symbolic Compliance Programs, imposing serious sanctions, such as divestiture of certain components of a corporate provider in order to avoid entity-wide exclusion, when the Compliance Program was found to be ineffective. In 2015, the government stepped up its efforts to command compliance across all regulated industries with the creation of a new “Compliance Counsel” position within the Department of Justice’s Criminal Division. This new Compliance Counsel will assist the DOJ in assessing the quality and effectiveness of companies’ corporate compliance programs.
For ambulance suppliers, effective compliance efforts are even more important, given the increased scrutiny of the industry by federal regulators and the DOJ. For example, since 2013, CMS has, through the issuance of a Moratorium, frozen new ambulance supplier enrollment in a number of jurisdiction where incidents of fraudulent billing is high. Recently, in its 2017 Work Plan, the OIG revised its on-going investigation into ambulance providers’ billing practices for the coming year.[4] The prevailing issue under DOJ scrutiny is medical necessity—whether “the use of other methods of transportation are contraindicated by the individual’s condition.”[5] The risk of non-compliance can be costly. In May of 2016, the City of New York learned just how costly non- compliance can be when it entered into a settlement with the Federal government for $4.3M to resolve claims that the City’s fire department improperly billed for services that were not medically necessary. [6] And monetary penalties are not the only risk. In March of 2016, an employee of a Pennsylvania ambulance company was sentenced to 37 months in prison, along with fines and penalties totaling over $2M for a fraud scheme involving non-compliant transportation services—services that were not medically necessary.[7]
With increased enforcement activities, heightened consumer involvement and extensive compliance resources available to providers and suppliers, developing a workable compliance program that fits within your company must be a priority.[8]
Butzel Long can assist in your general compliance activities, including reviewing and/or preparing your compliance policies and procedures and conducting the necessary risk analysis to determine the effectiveness of your program. For further information, please contact the author of this alert, or any member of Butzel Long’s Health Care Industry Group.
Debra A. Geroux
248.258.2603
geroux@butzel.com
Jennifer Dukarski
734.213.3427
dukarski@butzel.com
[1]The OIG’s Model Compliance Program Guidance are available at: http://oig.hhs.gov/compliance/compliance- guidance/index.asp.
[2]Section 6102 (applicable to nursing facilities), and section 6401 (applicable to all providers and suppliers as a condition of enrollment in federal programs), requires providers to implement compliance programs that contain certain “core elements” established by the Secretary of HHS and the OIG. CMS requires all Medicare Part C & D providers to have Compliance Programs in place that follow the FSG elements. See 42 CFR §422.503 (b)(4)(vi) and 42 CFR §423.504 (b)(4)(vi).
[3]76 FR 5862, 5941-42. The FSG is available at http://www.ussc.gov/Guidelines/2010_guidelines/Manual_PDF/Chapter_8.pdf.
[4] According to the Work Plan, the OIG will be reviewing supplier compliance with Medicare payment requirements for emergency and nonemergency ambulance services. Medicare pays for different levels of ambulance service, including basic life support, advanced life support, and specialty care transport, yet prior OIG evaluations found that inappropriate payments were made by Medicare for advanced life support emergency transports. The OIG will be reviewing Medicare payments for ambulance services to determine if they were made in accordance with Medicare requirements.
[5] 42 USC § 1395x(s)(7).
[6] See DOJ Press Release (May 5, 2016) at: https://www.justice.gov/usao–sdny/pr/manhattan-us-attorney–announces– 43-million-settlement-false-claims-act-action-based-new.
[7]See DOJ Press Release (March 9, 2016) at: https://www.justice.gov/usao–edpa/pr/ambulance–company–employee– sentenced-37-months-prison-fraud.
[8] See OIG Compliance Resources at: http://oig.hhs.gov/compliance/.