Legal & Regulatory

You Need a Compliance Program Now

Most healthcare professionals working in the hospital setting have a pretty good understanding of what a compliance program entails. When questioned, hospital staff members express familiarity with their chief compliance officer and the anonymous hotline for reporting concerns about ethics, compliance and conflicts of interest. This familiarity is because hospitals have been providing annual staff compliance training for some time or, at the very least, since the Office of Inspector General has been strongly encouraging healthcare entities to adopt a voluntary compliance program.  However, the need to have a compliance program and staff training has not filtered down as quickly to the clinic or office practice settings. Some practices may have policies on the subject matter, but few have put in place an actual compliance program.

The Department of Health and Human Services’ Office of Inspector General (OIG) has been providing tools and resources to help the healthcare industry develop a compliance program since the 90s. In fact, the primary role of the OIG is to combat fraud, waste and abuse in federally funded healthcare programs such as Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP). The resources provided by the OIG [] are detailed and can be very effective in helping to understand the fraud and abuse laws, in avoiding errors in claim submissions and in preventing individuals from engaging in unlawful conduct involving federal healthcare programs.

However, because having a compliance program has been voluntary until recently, not all healthcare providers and entities have felt the need to develop a program for their ambulatory setting. The voluntary aspect of implementing a compliance program changed in 2010 with the passage of the Patient Protection and Affordable Care Act (PPACA). Section 6401 of the PPACA requires that healthcare providers establish a compliance programs as a condition of enrollment in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP).

Despite this new mandate, many organizations, particularly in the outpatient arenas, have not begun the process of putting together a compliance program. In addition to complying with the law, it also makes good business sense for healthcare organizations, large and small, to have a compliance plan and program in place. By taking the necessary steps to develop an effective compliance program, healthcare practices and entities are broadcasting to their employees and to the public that the business conducts itself in an ethical manner and in conformance with all state and federal laws. In addition, such a program helps avoid the submission of fraudulent claims, reduces the chances of insurance billing audits and avoids unethical business conduct as well as conflicts of interests in everyday practice and vendor arrangements. Employees have a better understanding of compliance expectations as well as how to respond to and report a problem. With the guidance provided by the OIG, putting together a compliance plan and program does not have to daunting.  The OIG encourages healthcare providers to tailor their program to meet the needs of the organization based upon the identified risk issues, the size of the organization and the resources available.

An essential component of compliance training is providing staff with some basic information about fraud and abuse laws. The three primary laws that are implicated in a compliance situation are the Anti-Kickback Statute, The Physician Self-Referral Law (Stark Law) and The False Claims Act. These laws are in effect to protect the integrity of federal healthcare programs. Violations can result in significant fines and penalties as well as reputational harm to the organization.  In addition, the OIG is empowered under the laws to require corporate integrity agreements with the affected entity; exclude the entity/provider from participation in Medicare, Medicaid and Children’s Health Insurance Program (CHIP) programs; issue civil and criminal fines and penalties; and refer offending providers to their respective licensing board.

Here is a brief overview of these three laws.

  • The Anti-Kickback Statute is violated when a healthcare provider/entity knowingly accepts payment or anything of value in exchange for referring patients insured with federal healthcare programs to a particular vendor or other healthcare providers. However, certain business arrangements can be legal under a Safe Harbor Provision of this law and providers should consult with legal counsel to get advice on whether a business practice could potentially violate the law.
  • The False Claims Act prevents healthcare providers from submitting fraudulent claims to Medicare or Medicaid. A whistle-blower provision of the act allows individuals with knowledge of fraudulent activity to file a lawsuit on behalf of the government and receive up to 30 percent of the recovery fees. This has been a significant enforcement tool for the government and an incentive for individuals to file actions against unscrupulous current or former employers.
  • The Stark Law prohibits referrals of Medicare or Medicaid patients for certain health services (such as therapy, imaging services and medical equipment and supplies), if the provider or his/her immediate family member has a financial or investment interest in that healthcare service. Like the Anti Kickback Statue, there are some exceptions under the law.

When it comes to having a proper compliance program, the OIG has identified The Federal Sentencing Guidelines Manual as providing the requisite elements of an effective compliance program.  Even practices with a compliance program should consult with the OIG recommendations to ensure that their program measures up to what is required.  [OIG Physician Education Training Materials: A Roadmap for New Physicians, Avoiding Medicare and Medicaid Fraud and Abuse,] Additionally, practices can review sample corporate corporative integrity agreements, the OIG’s work plan and the vast list of resources at the OIG’s website for further guidance in implementing a program. There are also experts and consultants knowledgeable in billing and coding and fraud and abuse laws that are more than willing to help out.

The Federal Sentencing guidelines (Chapter 8) specify that there are seven fundamental elements of an “effective” compliance program, which must, at a minimum, include at a minimum:

  1. Implementing written policies, procedures, and standards of conduct
  2. Designating a compliance officer and compliance committee to provide program oversight
  3. Using due diligence in the delegation of authority
  4. Educating employees and developing effective lines of communication
  5. Conducting internal monitoring and auditing
  6. Enforcing standards through well-publicized disciplinary guidelines
  7. Responding promptly to detected offenses and undertaking corrective action

Regardless of the type of healthcare setting, having a compliance program has significant benefits for the organization, including: the prevention of errors and fraud in claims billing, deterring unethical business practices and violations of the law, and improving the overall culture of the organization. Practices that have put off developing a program should promptly develop a one. Under the 2010 PPACA compliance program mandate, healthcare organizations, large and small, no longer have a valid excuse for not having a compliance program in place.

Arlene Luu, RN, BSN, JD, CPHRM, is based in San Diego, California.  She has 25 years of experience in the healthcare industry in various capacities including patient care, administration, education, law and insurance consulting.

Sign Up for ASHRM Forum Updates

Provide your information below to subscribe to ASHRM email communications