Healthcare providers beware: there are signs on the horizon that regulatory
authorities are planning a variety of new Healthcare enforcement initiatives.
Healthcare fraud and abuse remains a high priority for enforcement authorities
including the Office of Inspector General of the United States Department of
Health and Human Services ("OIG") and the United States Department of Justice.
Providers, big and small, should carefully evaluate their compliance plans to be
sure they sufficiently encompass these new risk areas. This article addresses
several of the new enforcement initiatives Healthcare providers face and
suggests ways in which existing compliance planning efforts (i.e., the process
by which an entity assesses its legal risk areas and develops policies and
procedures to ensure compliance with applicable statutory and regulatory
requirements) should be evaluated and modified to address them.
It has now been more than six years since the OIG published its Compliance
Program Guidance for Hospitals (63 Fed. Reg. 8987, February 23, 1998), the first
in a series of OIG publications aimed at raising awareness within the Healthcare
industry about the need for formal fraud and abuse compliance planning efforts,
and to set parameters, based on the Federal Sentencing Guidelines, for those
efforts. Over the following five years, the OIG published similar guidance for
ten more Healthcare industry segments ranging from physicians and small group
practices to clinical laboratories and pharmaceutical manufacturers. (65 Fed.
Reg. 59434, October 5, 2000; 63 Fed. Reg. 45076, August 7, 1998; 68 Fed. Reg.
23731, May 5, 2003). According to those guidance documents, the OIG will
consider the existence of an effective compliance program that pre-dated
any governmental investigation when addressing the appropriateness of
administrative penalties. (OIG Compliance Program Guidance for Hospitals, 63 Fed
Reg 8987, Feb. 23, 1998) In addition, an effective compliance program may
be a mitigating factor under the Federal Sentencing Guidelines. For these
reasons alone, having a compliance plan in place is critical, but the greatest
benefit of effective compliance planning is the ability to identify problems
before they become major legal issues, enabling providers to avoid significant
civil and criminal exposure.
As compliance counsel to Healthcare providers, we frequently see instances
where, because of effective auditing techniques and other compliance monitoring
mechanisms, noncompliant Healthcare billing practices and improper contractual
arrangements are identified early on Ñ before they become catastrophic events
for the provider. While a compliance plan may not add directly to a provider's
bottom line, the potential cost-savings from effective compliance planning
efforts are immeasurable. It is important to note however that ineffective
compliance planning efforts, including reliance upon an improperly structured
compliance plan or one that has been left to stagnate, can actually create legal
exposure for Healthcare providers. For example, having a plan which fails to
address the specific risk areas of the provider to which it applies demonstrates
an awareness of fraud and abuse issues but also a disregard for them.
In each of its compliance guidance documents, the OIG urged providers to
focus their compliance efforts on those risk areas specific to their
provider-type. For most providers, this meant focusing on those areas where
enforcement authorities had already expressed an interest. Though these and
other risk areas remain significant, the focus of regulatory enforcement has and
continues to shift and, as espoused by the OIG in its compliance guidance
publications, providers must continually evaluate the effectiveness of their
compliance plans and modify them as necessary. This includes reevaluating
compliance efforts in light of new risk areas.
Pharmaceutical Industry
Without a doubt, one of the most high-profile new enforcement areas at both
the federal and state levels is the pharmaceutical industry. Thus far,
investigations and settlements have targeted improper pricing and marketing
activities by pharmaceutical manufacturers and pharmacy benefit management
companies. While the pharmaceutical industry has, by and large, already begun to
respond from a compliance standpoint to these new initiatives, other providers
have not been so diligent. As has been the case with past initiatives, smaller
providers should expect trickle down enforcement. Thus, providers should be
evaluating their pharmaceutical-related risk areas: purchasing arrangements,
discounts and perquisites from pharmaceutical manufacturers and related
recordkeeping.
Physicians, who play a special role in both obtaining FDA approval for new
drugs ( i.e. , clinical trials) and in prescribing drugs once they are on
the market, must be particularly vigilant. As Medicare coverage of prescription
drugs widens under the Medicare Prescription Drug Improvement and Modernization
Act over the next several years, physicians can expect heightened scrutiny of
their drug purchase and dispensing activities. Medical practices that engage in
in-office clinical trials should have compliance policies and procedures in
place to evaluate each clinical trial opportunity for improper inducements by
trial sponsors which are designed to influence a physician's prescribing
behavior.
Similarly, providers on the drug-purchasing side should have policies and
procedures governing the evaluation of and entry into purchasing arrangements.
Marketing techniques by pharmaceutical manufacturers which have the intent of
influencing a provider's drug formulary or prescribing patterns may run afoul of
the federal anti-kickback statute as well as state marketing prohibitions. So,
an entity's compliance policies should establish the parameters for
participation in marketing activities and acceptance of gifts and other
perquisites from pharmaceutical manufacturers and suppliers.
Stark II Enforcement
In March of 2004, the Department of Health and Human Services released Phase
II of the long-awaited Stark II regulations. (69 Fed. Reg. 16054, March 26,
2004) The federal Stark statute was designed to curb physician over-utilization
of ancillary services in laboratory, imaging and physical therapy among other
services. The thrust of the statute is that a physician may not refer a patient
for certain "designated health services" to an entity with which he or an
immediate family member has a financial relationship. Initially, the statute
prompted many physicians to divest their ownership interests in ancillary
service businesses. However, in the long period following enactment of the
statute and adoption of the final regulations, physician-owned ancillary
services have proliferated. Providers should not be surprised to find that,
despite their best efforts, their arrangements may not comply with the new
regulations.
The new regulations clarify the Stark prohibitions in some respects but
significantly muddy the waters in others. The regulators have given providers a
ninety (90) day grace period to correct non-compliant arrangements so providers,
including hospitals and physicians, involved in the delivery of Stark designated
ancillary services, have a brief window within which to reevaluate their
ownership and compensation arrangements and bring them into compliance, or
otherwise terminate them.
Focus On High Level Management
An additional new risk area warranting evaluation by providers of all types
is a focus by regulatory enforcement authorities on the role of boards of
directors and other high level management in compliance efforts. In light of the
recent slew of corporate scandals, including Enron and Healthsouth to name only
a few, the United States Sentencing Commission proposed amendments to the
federal Sentencing Guidelines emphasizing the integral role high level
management must play in an effective compliance plan. (69 FR 28994, May 19,
2004) In a significant shift from the Guidelines currently in effect which place
primary responsibility for compliance implementation on the compliance officer,
the amended Guidelines would require an entity's governing body (typically the
board of directors) to be actively involved in implementing and overseeing the
entity's compliance plan.
Following the Sentencing Commission's lead, the OIG, in conjunction with the
American Health Lawyers Association (AHLA), published a document in 2003
entitled "Corporate Responsibility and Corporate Compliance: A Resource for
Healthcare Boards of Directors." (
href="http://oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf">http://oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf)
Citing the potential individual legal exposure Healthcare directors face for
failing to reasonably oversee an organization's compliance programs, the
document was intended "to help Healthcare organization directors ask
knowledgeable and appropriate questions related to Healthcare corporate
compliance." In 2004, the OIG with the AHLA published supplementary guidance
entitled "An Integrated Approach to Corporate Compliance: A Resource for
Healthcare Boards of Directors." (Available at
href="http://oig.hhs.gov/fraud/docs/complianceguidance/Tab%204E%20Appendx-Final.pdf"
target="\'_blank\'">http://oig.hhs.gov/fraud/docs/complianceguidance/Tab%204E%20Appendx-Final.pdf)
This publication focuses on the roles of corporate counsel and compliance
officers in "supporting the compliance oversight function of Healthcare
organization governing boards."
In light of the impending Sentencing Guideline changes and the OIG's focus on
the critical role of upper management in the compliance process, providers must
evaluate that role in the context of their own compliance plans to ensure that
management is actively involved in those efforts and does not serve as merely a
rubber stamp over compliance activities. Similarly, an entity's policies and
procedures must truly integrate the highest levels of management in the
compliance process, clearly delineating the roles played by the board,
management, counsel and compliance officers within the compliance program.
Increased Program Integrity Efforts
As recently as August of 2004, the Centers for Medicare and Medicaid Services
("CMS") announced that it intends to increase its program integrity efforts with
a heightened focus on Medicare prescription drug programs and Medicaid error
rates. CMS intends to closely monitor program vulnerabilities associated with
the Medicare prescription drug benefits under the Medicare Prescription Drug
Improvement and Modernization Act. To that end, CMS has engaged a program
safeguard contractor to monitor, on a weekly basis, pricing developments in
connection with the Medicare drug discount card program currently in effect.
CMS has also proposed regulations which would require states to report to the
Department of Health and Human Services on an annual basis, improper payment
data associated with state Medicaid and children's health insurance programs.
Therefore, providers such as pediatricians who believe they are under the radar
of the Medicare program must also evaluate their compliance efforts vis-à-vis
their state Medicaid program. Any provider that accepts Medicaid patients and
bills the Medicaid program will need to evaluate their billing activities and
develop and implement appropriate policies and procedures to maintain compliance
with their state's Medicaid requirements.
Conclusion
Though perhaps eclipsed by other headline-grabbing Healthcare developments,
fraud and abuse enforcement remains strong. According to the OIG's Semiannual
Report to Congress (October 1, 2003 - March 31, 2004), in the first half of 2004
alone, the OIG recovered $1.2 billion through its investigative activities,
excluded 1,544 individuals and entities from participation in federal Healthcare
programs for fraud and abuse violations, and secured criminal convictions of 234
individuals and entities for crimes against federal Healthcare programs.
Clearly, the stakes for failing to actively and aggressively implement and
effectively monitor compliance activities remain high. Healthcare providers in
all industry segments, and those of us who counsel them, must remain diligent in
their efforts to achieve and maintain compliance. Just as regulatory enforcement
initiatives evolve, so too must a provider's compliance planning
efforts.
Published October 1, 2004.
