Compliance, Disclosures and
Enforcement: déjà vu All over Again
3rd Annual Mississippi Hospital Association Health
Law Conference
Madison, Mississippi
April 6, 2011
Dinetia M. Newman
dnewman@balch.com
Copyright © 2011. Balch & Bingham LLP.
All rights reserved
Topics Covered
2

Voluntary v. Mandatory Compliance Programs

What to Do? Where to Start?

Compliance – The Four-legged Stool

Regulatory Agencies Focus on Four Risk Areas

Recipe for Compliance Program Effectiveness

Self-Assessment – Strategies

Organizational and Operational Best Practices
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Voluntary v. Mandatory
Compliance Programs
3
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Voluntary Compliance Program

“The OIG believes that a basic framework for any
voluntary compliance program begins with a review of
the seven basic components of an effective compliance
program. A review of these components provides
[providers and suppliers] with an overview of the scope of
a fully developed and implemented compliance program.
The following list of components, as set forth in previous
OIG compliance program guidances, can form the basis of
a voluntary compliance program for a [provider or
supplier]…”
» 65 Fed. Reg. 59,436 (October 5, 2000)
4
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Voluntary Compliance Program
OIG Compliance Program Guidance for Hospitals
(2/23/1998)
5

Conducting internal monitoring and auditing

Implementing compliance and practice standards

Designating a compliance officer or contact

Conducting appropriate training and education

Responding appropriately to detected offenses and
developing corrective action

Developing open lines of communication; and

Enforcing disciplinary standards through well-publicized
guidelines
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Voluntary Compliance Program
OIG Supplemental Compliance Program Guidance for Hospitals (1/31/05)

Focuses on application of compliance program guidance in connection with OIG-perceived
risk areas
 Fraud and abuse risk areas









Submission of accurate claims and information
Self-referral issues (Stark law and Federal Anti-Kickback statute issues)
Emergency Medical Treatment and Labor Act
Payments to reduce or limit services: gainsharing arrangements
Substandard care
Relationships with Federal health care beneficiaries
Discounts to uninsured patients
Preventive Care Services
Profession Courtesy
 OIG focus directed to effective hospital compliance programs involving hospital’s governing body
and management’s commitment, structures and process to create effective internal controls and
regular self-assessment and enhancement of the existing compliance program
 Evidence of and effective compliance program includes self-reporting of misconduct following
discovery of credible evidence from any source and following a reasonable enquiry
Note:OIG mentioned as early as 2005 60 days as being reasonable to report misconduct.
6
Copyright © 2010. Balch & Bingham LLP. All rights reserved
OIG’s PPACA Mandate
Keynote Address Delivered by Daniel R. Levinson, Inspector General of
DHHS, at the HCCA Annual Compliance Institute (April 19, 2010):
PPACA program integrity provisions include authorities and requirements
to:
 strengthen provider and supplier enrollment standards and enhance
screening;
 address certain misalignments between Medicare and Medicaid
reimbursements and market prices and create new links between
payment and quality;


7
promote compliance with program requirements, including by
requiring providers to implement compliance programs;
enhance program oversight, including by requiring greater
reporting and transparency and by improving data access and
coordination among government agencies; and strengthen the
Government’s response to health care fraud and abuse
through new enforcement authorities and tools.
Copyright © 2010. Balch & Bingham LLP. All rights reserved
PPACA Includes Mandatory
Compliance Requirements

Mandatory Compliance Program for All Providers
 Condition of enrollment in the Medicare program that classes of
providers and suppliers implement compliance programs
 Secretary discretion to dictate timelines for implementation, types of
providers and suppliers required to adopt compliance programs
 Secretary to develop core elements for each class of provider or
supplier required to adopt programs
8

September 23, 2010 – CMS requested comments from providers and
suppliers on using as core measures the seven elements from Chap. 8 –
Federal Sentencing Guidelines Manual

Note: Medicare Advantage plans were required to have an “effective”
compliance “program” as of January 1, 2011. PPACA sets March 23, 2012 as
date for HHS’s issuance of compliance program requirements for nursing
homes.
Copyright © 2010. Balch & Bingham LLP. All rights reserved
What to Do? Where to Start?
9
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Start where you are with what you
have!
10
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance as a Four-Legged Stool

4 Major Risk Areas for Hospitals
 Referral relationships
 Billing and coding governmental and commercial
payors
 Privacy and security of patient information
 Quality Issues
11
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement
in Risk Areas
12
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships

OIG Training & Publications
 OIG Health Care Fraud Prevention and Enforcement
Action Team: Provider Compliance Training –
http://compliance.oig.hhs.gov/
 Physician Education Training Manuals –
www.oig.hhs.gov/fraud/PhysicianEducation/
 OIG Compliance Resource Material –
http:www.oig.hhs.gov/fraud/complianceresources.asp
13
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships
14
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships
15
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships
16
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships

Enforcement
 United States ex rel. Drakeford v. Tuomey Healthcare System, Inc. – Allegations
of Anti-kickback/Stark/False Claims Act Violations
 Tuomey Hospital, Sumter, S.C.
 Surgeons employed part-time for Outpatient Surgery Center
 Justice Department alleged compensation exceeded fair market value
 Hospitals obtained 2 valuation analyses and relied on opinions
 During trial, hospital placed attorney/client privileged communications in
record (reliance on advice of counsel)
 Jury awarded $49.4 Million for Stark violations, dismissed FCA claim
 June 3, 2010 – District Court granted motion for new trial on FCA claims
 Based on ruling that certain government evidence was earlier excluded
 According to government statements, FCA trial’s focus will be on hospital’s
knowledge of whether employment agreements violated Stark law
17
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships

Enforcement
 United States ex rel. Singh v. Bradford Regional Medical Center, et al
18

Bradford Regional Medical Center, Bradford, PA

Lease of nuclear camera by hospital from physician group –
competitor physician group filed qui tam lawsuit alleging Stark law
violation (did not meet exception), Anti-kickback violation (false
certification) and False Claims violations

Government did not intervene

Court could not determine intent for FCA and A/K purposes; but,
lease did not satisfy any Stark exception

Issues: whether compensation meets fmv definition even if written
valuation report is obtained (lease plus covenant not to compete
compensation); whether fixed compensation can “take into account”
volume/value of physician referrals; when is there a failure to be “set
out in writing”
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Government Advice and Enforcement –
Referral Relationships

OIG Provider Self-Disclosure Protocol (Anti-kickback)
 October 30, 1998
 Allows provider community to voluntarily disclose self-discovered evidence of
potential fraud with purpose of avoiding cost and/or length and disruption of
government investigation
 Opportunities for reduced penalties
CMS Voluntary Self-Referral Disclosure Protocol (Stark)
 September 23, 2010 – mandated by Section 6409 of PPACA
 Allows suspension of 60 day repayment timeframe for overpayments
 Does not provide bifurcated disclosure process - traditional route for complex
disclosures and a fast track with set dollar repayment obligations for certain
more procedural violations
 Not widely embraced – but 55 disclosures in pipeline (Troy Barsky, CMS)
19
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Billing and Coding - Governmental and
Commercial Payers

CMS
 Audits:
 RACs - errors
 CERT – Comprehensive Error Rate Testing - errors
 PSCs – Program Safeguard Contractors - fraud
 ZPICs – Zone Program Integrity Contractors – fraud
 Enrollment

Medicaid
 Audit MICs – Medicaid Integrity Contractors - fraud
 Medicaid Fraud Control Unit - fraud
 PERM - errors
20
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Billing and Coding - Governmental and
Commercial Payers
21
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Billing and Coding - Governmental and
Commercial Payers
22
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Privacy and Security of Patient
Information

HHS/OCR Rulemaking
HIPAA—August 1996
Privacy Rule—April 2003
Security Rule—April 2005
Enforcement Rule—March 2006
American Reinvestment and Recovery Act (“ARRA”)—February 17, 2009
Health Information Technology for Economic and Clinical Health Act
(“HITECH”)—ARRA Division A, Title XIII – Health Information Technology,
§ 13001 et seq
23
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Privacy and Security of Patient
Information
 HHS/OCR Enforcement – Cignet Health of Prince George’s
County, Maryland

Family physician practice group with four locations and health insurance plan

Nature of breach
 Failure to provide 41 individuals timely access to medical record copies
 Failure to cooperate with HHS in OCR’s investigation of patient
complaints
 Failure to correct violations within 30 days of when Cignet knew or with
exercise of reasonable diligence would have know of violations

Penalties Imposed
 $100 per day (13,516 days) for failure to provide medical records to
patients (total $1.3 million)
 $50,000 per day (7,478 days) for failure to cooperate with HHS/OCR (total
$3 million)
24
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Privacy and Security of Patient
Information

General Hospital Corporation & Massachusetts General Physicians Organization,
Inc. (Mass General)
 Nature of Breach

Patients’ charts removed from Mass General’s Infectious Disease Associates
outpatient practice and inadvertently left on subway train

Documents included billing and encounter forms with name, date of birth,
medical record number, health insurer and policy number, diagnosis and
name of provider

Also included daily office schedules with names and medical record numbers
of 192 patients (including patients with HIV/Aids)
 Settlement Terms
25

Immediate payment of $1 million dollars

3 year Corrective Action Plan requiring policy and procedure development
regarding physical removal and transportation of documents containing PHI,
encryption of laptops and USB drives, processes to distribute and update
policies and procedures, workforce training, designation of monitor for
assembling annual report to HHS
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Quality Issues – Reports - Roundtables
26
Copyright © 2010. Balch & Bingham LLP. All rights reserved
QUALITY ISSUES – GOVERNING BODY
27
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Quality Issues – CMS Enforcement

Hospital Inpatient Quality Reporting Program (IQR) (formerly
Reporting Hospital Quality Data for Annual Payment Update –
RHQDAPU)
 Reporting of annual quality measures or 20% reduction in annual market
basket update

FY 2017 – Dollars Potentially at Risk - Base DRG payments – 6%
 Hospital-acquired conditions – 1% starting FY 2015
 Readmission – 1% - 3% - phased in over three years starting in FY 2013
 Value-Based Purchasing – 1% - 2% reduction starting in FY 2013 (phased in over
four years with the opportunity to recoup full amount plus)
28
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Recipe for Compliance Program Effectiveness:
Governmental Requirements, Audits, Expectations
and Enforcement
29
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Recent Governmental Compliance
Program Requirements/Enforcement
 Medicare Advantage and Part D Plans

Effective 1/1/2011, MA and Part D plans must adopt and
implement an effective compliance program

Program must
 Prevent, detect, and correct noncompliance with CMS
program requirements
 Contain measures that prevent, detect, and correct fraud,
waste, and abuse
 Contain the 7 core elements of a compliance program

Compliance Officer and Compliance Committee must
 Report to CEO or other senior management
 Report periodically to governing body
30
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Recent Governmental Compliance
Program Requirements/Enforcement

Nursing Facilities
 PPACA requires HHS Secretary to adopt regulations
requiring nursing facilities to implement compliance
programs
 By March 23, 2012, HHS must promulgate regulations
requiring nursing facilities to implement effective
compliance programs
 The regulations
31

May include a model compliance program

Must allow for compliance program variations based on
organization size (higher standards for organizations
with 5 or more facilities)
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness
32
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Where to Start?
33

Focus on key regulatory obligations

Identify specific hospital risk area by looking at hospital
deficiencies; regulators’ lists of key deficiencies; PEPPER
reports; OIG Work Plan; OIG list of enforcements

Look at control structure, process, outcomes

Consider involvement of governing body and “C” level
executives

Identify way to measure performance: metrics, system to
add/deduct points for meeting 7 required elements or
lack of structure, processes, regulatory notices, fines,
sanctions
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Self-Assessment Tool - CMS

Centers for Medicare & Medicaid Services
 Self-Assessment Tool - modeled after tools developed by New
York State Office of Medicaid Inspector General (OMIG) and
HCCA
 CMS considering using tool prior to audit to gather information
and to aid audit efforts

What is it?
 Checklist to evaluate program design, to identify
strengths/weaknesses
 Tool to identify key components
 Not regulatory guidance or list of compliance program
requirements
34
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Self-Assessment Tool – New York – OIG
Medicaid
35
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Self-Assessment Tool – CMS
36
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Self-Assessment Tool – CMS
37
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
Self-Assessment Tool

Example from Balch & Bingham Compliance Assessment Tool
Source1
Policies (Including date last
reviewed)
Processes/Controls
Performance Measurement
A. Written Policies and Procedures
1. Formal commitment by governing body to adopt all
applicable elements of the OIG Compliance
guidelines
2. Standards of Conduct address the organization's
commitment to compliance and expectations for
employees and others covered by the Code. Code is
comprehensible and distributed to all employees.
Code is Risk
regularly
3 Special
Areasupdated.
-- Home Health
a. Documentation of patient medical condition, need for
home health services and supplies, and the actual
provision of such services and supplies in the patient's
medical record
b. Patient eligibility for home health services
(1) Patients meet the definition of "homebound" and
homebound status is certified by the patient's physician
63-42412; 64-54033
63-42412; 64-54034
63-42415
GAO 2/09 at 14;
OIG FA 8/95; 6341415; OIG 6/04 at
4
(2) Patients have a need for intermittent skilled nursing OIG FA 8/95; 6341415; OIG 6/04 at
services or physical or speech therapy service (not
4
available from a family member of other source)
(3) Services are received pursuant to a physicianapproved plan of care
38
63-41416; OIG 6/04
at 5
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Compliance Program Effectiveness:
CMS’s Tips for Gauging Non-Effective
Compliance Program

According to CMS*, indicators that a compliance program may NOT be effective
include:










The compliance officer does not report directly to the board or the chief executive officer of
the provider or supplier.
The provider or supplier has no compliance committee.
The compliance program does not include confidential or anonymous reporting of
compliance issues.
Employees are afraid to communicate any compliance issues “up the chain” of command.
Audits are infrequent and management disregards data obtained through monitoring
efforts.
While the provider or supplier responds to incidents, it does not put in place systemic
corrections.
Employees who report complaints or other compliance issues receive no or negative
recognition.
Discipline is inadequate and inconsistent.
Allegations are not affectively investigated.
In summary, the provider or supplier cannot evidence any systemic efforts to build
a strong ethical culture.
*American Health Lawyers Association Practice Group Brown Bag Luncheon- February 11, 2011
39
Copyright © 2010. Balch & Bingham LLP. All rights reserved
QUESTIONS?
40
Copyright © 2010. Balch & Bingham LLP. All rights reserved
Thank You
Balch & Bingham LLP
401 East Capitol Street, Suite 200
Jackson, MS 39201
www.balch.com
Dinetia M. Newman
dnewman@balch.com
601-956-8169
41
Copyright © 2010. Balch & Bingham LLP. All rights reserved