Mandatory Compliance Programs for Medicaid & Medicaid Providers?

Mandatory compliance programs are required under the ACA.

(July 30, 2014): In recent years, both the type and the frequency of Medicare and Medicaid audits of health provider and supplier claims have greatly increased. Not surprisingly, these administrative enforcement actions have led to a wide variety of adverse collateral effects, ranging from Medical Board investigations to the initiation of private payor audits. Notably, the development and implementation of mandatory compliance programs can go a long way towards identifying potential problems needing remediation, thereby reducing your level of regulatory risk. Hopefully, these corrective measures will prevent the need for federal, state and private payors auditing bodies to disrupt your operations and conduct their own assessment of your claims. As you would expect, it is far easier to create and implement an effective compliance plan than it would be to face an administrative, civil or criminal enforcement action due to your failure to fully comply with all applicable statutory and regulatory requirements.

A well-designed compliance program can benefit a physician's practice by speeding up and optimizing the proper payment of claims, minimizing billing mistakes and hopefully reducing the chances that an audit will be conducted by one of the many contractors now working for the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG), or the Department of Justice (DOJ).

The Affordable Care Act (ACA) includes a provision which authorizes the Secretary, HHS to mandate that health care providers and suppliers establish a compliance program as a condition of their enrollment in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP). As the statute provides:

"(7) COMPLIANCE PROGRAMS.—" (A) IN GENERAL.— On or after the date of implementation, as determined by the Secretary under subparagraph (C), a provider of medical or other items or services or supplier within a particular industry sector or category shall, as a condition of enrollment in the program under this title, title XIX, or title XXI, establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category."

While the Secretary, HHS, has yet to announce a date when all health care providers and suppliers must fully meet this requirement, it is important to keep in mind that for all practical purposes, that date has already arrived for most active health care practices. Why do we believe that having an effective compliance program is already a necessity? Several of the reasons we believe an effective compliance program is already required are outlined below.

I. When Did Mandatory Compliance Programs Enter the Picture?

At the outset, it is important to keep in mind that if your practice or other health care organization is a participating provider and accepts Medicare Managed Care, you are already required to have implemented an effective compliance program. Pursuant to 42 C.F.R. §§ 422.503(b)(4)(vi), 423.504(b)(4)(vi), and as incorporated into Chapter 21, Section 30 of the "Medicare Managed Care Manual":

All sponsors are required to adopt and implement an effective compliance program, which must include measures to prevent, detect and correct Part C or D program noncompliance as well as FWA. The compliance program must, at a minimum, include the following core requirements: 1. Written Policies, Procedures and Standards of Conduct; 2. Compliance Officer, Compliance Committee and High Level Oversight; 3. Effective Training and Education; 4. Effective Lines of Communication; 5. Well Publicized Disciplinary Standards; 6. Effective System for Routine Monitoring and Identification of Compliance Risks; and 7. Procedures and System for Prompt Response to Compliance Issues.

These seven elements are functionally equivalent to the seven elements of an effective compliance plan identified by HHS-OIG in its publication, Compliance Program for Individual and Small Group Physician Practices.

As a result of these rules, all providers and suppliers accepting Medicare Managed Care already obligated to have implemented an effective compliance program. In addition to Medicare Managed Care, many of the providers and suppliers now participating in state Medicaid program are also required to have an effective compliance program in place. As a final point in this regard, we are now starting to see private payors incorporating a requirement that providers and suppliers implement a plan in order to participate in their program.

To address the question posed, in view of the above mandates, are participating providers required to have an effective compliance program in place? Well, the answer is that it "depends." While most participating providers likely fall into one or more the categories which already obligate a provider to have a program in place, some participating individual providers and entities do not meet the categories of provider outlined above. While the Secretary, HHS, has yet to announce when the remaining participating providers must comply with the provision of the ACA. One this appears clear, as the percentage of providers and suppliers covered by these requirements continues to increase, we believe that it will become easier and easier for the Secretary, HHS, to require that all health care providers and suppliers adopt an effective compliance program -- one that will that addresses the will be a certainty in the near future -- regardless of whether the Secretary, HHS issues a deadline in this regard.

II. Mandatory Compliance Programs Can Reduce Your Level of Regulatory Risk:

Reducing exposure to liability is one of the main reasons to implement and maintain a compliance lan. If a practice has and follows an active compliance program, it evidences that the medical practice has made reasonable efforts to avoid and detect misbehavior. It also shows regulating agencies that the requisite intent to commit health care fraud was not present. If wrongdoing is found, but a practice can establish that there was no intent to commit fraud, as evidenced by their compliance plan, penalties could be largely reduced.

III. OIG’s Guidelines to a Physician Practice Compliance Program:

An effective compliance plan should be designed, implemented, and enforced with the goals of preventing, detecting, and correcting any inappropriate and potentially criminal conduct. Each physician’s practice will need its own unique plan to properly suit its services, and there is no single model plan to follow.

However, OIG has issued suggested compliance program guidance that was initially voluntary, but now is mandatory under the ACA. OIG's suggested compliance program includes seven components that a physician practice can use as a basis to create an effective program. These components are:

  1. Conducting internal monitoring and auditing;

  2. Implementing compliance and practice standards;

  3. Designating a compliance officer or contact;

  4. Conducting appropriate training and education;

  5. Responding appropriately to detected offenses and developing corrective action;

  6. Developing open lines of communication; and

  7. Enforcing disciplinary standards through well-publicized guidelines.

It is also recommended that a compliance plan states a code of ethical standards that is distributed and discussed within the practice. The standards should be made clear to employees and contractors, including the intent of the practice to take actions to uphold those standards. A baseline audit is highly recommended to identify areas in need of correction and risk areas that may need to be the focus of the compliance plan, such as medical record documentation, coding, or diagnostic testing criteria. After an initial baseline audit, a physician’s practice should conduct continuous and period audits thereafter. Finally, a compliance plan should include a process for responding to both staff and patient complaints, addressing identified offenses, and taking corrective action to prevent further similar offenses. If an internal investigation uncovers a material violation, a decision must be made, with counsel, whether to report the matter to the federal government. Disclosure may reduce sanctions; failure to disclose could limit the reduced culpability protections the plan might otherwise provide.

IV. Final Remarks:

In today's health care marketplace, recent laws and regulations illustrate the government's focus on scrutinizing the actions of physician practices and other health care providers. A compliance plan tailored to the practice’s needs can help protect the organization from potential administrative, civil and criminal sanctions. Need help putting an effective compliance program in place? Give us a call. The cost of development and implementation are probably far lower that your potential liability resulting from continuing going down the wrong road, in terms of documentation, coding or billing.

Robert W. Liles

Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker attorneys represent health care providers around the country in connection with both regulatory and transactional legal projects. For a free consultation, call Robert at: 1(800) 475-1906.