Among the many provisions hidden in 2010’s Patient Protection and Affordable Care Act is a new requirement for physicians designed to protect Medicare, Medicaid and the Children’s Health Insurance Program from fraud and abuse.
Physicians must establish a compliance program “to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements” under Section 6401(a) of the Affordable Care Act. This requirement also applies to other providers of medical services and supplies who participate or plan to participate in Medicare, Medicaid or the Children’s Health Insurance Program.
The program must contain certain core elements to be determined by Health and Human Services Secretary Kathryn Sebelius in consultation with the Office of the Inspector General.
Voluntary compliance programs have been encouraged since 2000, and the Office of the Inspector General has issued compliance guidelines for various sectors of the medical industry. These sectors include individual and small group practices.
Making these programs mandatory, however, puts the onus on providers to root out fraud and abuse in their organizations. Four areas with potential risk include:
- Coding and billing
- Reasonable and necessary services
- Improper inducements, kickbacks and self-referrals
To date, a Notice of Proposed rulemaking has not been issued. The act’s provision did not include a timeline, leaving that to Secretary Sebelius to establish as well.
Tony Salters, a spokesman for the Centers for Medicare & Medicaid Services, said he could not “speculate on the timing” of when the proposed rule might be issued for public comment.
However, a deadline was included in Section 6102 of the Affordable Care Act mandating that nursing facilities and skilled nursing facilities have a compliance and ethics program in operation by March 23, 2013, although no regulations were issued.
Since these facilities are subject to both Section 6102 and Section 6401(a), speculation is that any program mandated under Section 6401(a) will contain components similar to that defined by the statutory language included in Section 6102.
Specifically, the components include:
- Establish standards and procedures. The organization must establish compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of criminal, civil and administrative violations.
- Assign responsibility. Specific, high-level individuals in the organization must be assigned overall responsibility to oversee compliance with the established standards and procedures and have sufficient resources and authority to assure compliance.
- Exercise due diligence. The organization must not delegate substantial discretionary authority to individuals the organization knows, or should know through the exercise of due diligence, to have a propensity to engage in criminal, civil or administrative violations of the act.
- Communicate and train. The organization must effectively communicate its standards and procedures to all employees and other agents. For example, it could require participation in training programs or disseminate publications that explain in a practical manner what is required.
- Monitor, audit and implement a reporting system. The organization must take reasonable steps to achieve compliance. For example, it might use monitoring and auditing systems reasonably designed to detect violations by its employees and other agents. Another idea is to implement and publicize a reporting system by which employees and other agents can report violations by others within the organization without fear of retribution.
- Enforce standards consistently. The standards must be consistently enforced through appropriate disciplinary mechanisms. This includes disciplining those responsible for the failure to detect an offense.
- Respond to offenses. After an offense has been detected, the organization must take all reasonable steps to respond appropriately to the offense and to prevent further similar offenses. An appropriate response may include making any necessary modification to the organization’s program to prevent and detect future violations.
- Periodically reassess the program. The organization must periodically reassess its compliance program to identify changes needed based on changes within the organization and its facilities.
These components are very similar to the ones the Office of the Inspector General issued in 2000.
Many experts recommend that practices without a compliance program get the ball rolling, using the components above as a guide. They point to the increasing scrutiny federal agencies are using to root out fraud and abuse.
Any program in place that is enforced can help a practice avoid potential penalties. Practices can start by reviewing the model compliance program guidance the Office of the Inspector General issued in 2000 at https://oig.hhs.gov/authorities/docs/physician.pdf.