United States: New OIG Compliance Program Guidance for Hospitals Reaffirms Importance of Health Care Compliance Programs

Recent publicity surrounding the United States Supreme Court's rejection of the mandatory United States Sentencing Guidelines (Guidelines) has caused some to question the continued importance of corporate compliance programs. Yet the Department of Health and Human Services' Office of Inspector General (OIG) has sent a clear message to providers that compliance programs must remain strong.

In United States v. Booker and United States v. Fanfan, the Supreme Court held that the Guidelines violate the Sixth Amendment, because they allow a judge rather than a jury to determine essential facts that dictate the length of a criminal defendant's prison term. Because corporate compliance programs had their genesis in the Organizational Sentencing provisions of the Guidelines, the Booker and Fanfan decisions have raised the issue of whether the existence of a compliance program can serve to mitigate sentences for organizations convicted of a crime. On January 27, 2005, after the Supreme Court issued the decisions in Booker and Fanfan, the OIG issued Supplemental Compliance Program Guidance for Hospitals (Supplemental CPG), thus confirming that compliance programs are still entrenched in the health care landscape.

As the OIG states, the Supplemental CPG can "serve as a road map for updating or refining" compliance programs not only for hospitals, but also for other healthcare providers." Many health care compliance programs are approaching or beyond their five year mark, and so the issuance of the Supplemental CPG is a timely opportunity for all health care providers to reassess their programs and evaluate their effectiveness.

The Supplemental CPG highlights several risk areas that compliance programs should address, ranging from issues flagged in the original CPG such as submission of accurate claims information, to newer risk areas such as substandard care and HIPAA. The Supplemental CPG also includes an extensive discussion of new risk areas under the Stark and anti-kickback statutes, two areas addressed in the original CPG.

1. Relationships with Referral Sources
Physician Relationships. The OIG advises hospitals to "diligently review all financial relationships with referring physicians" to ensure they fit squarely within statutory or regulatory exceptions to the Stark law or "face significant financial exposure." Because compliance with Stark exceptions is mandatory, there is "significant financial exposure" for hospitals that fail to comply with the law. The OIG therefore recommends that hospitals implement systems to ensure that all conditions of an applicable Stark exception are met, such as a written agreement for any financial relationship (even a hold-over lease or short-term arrangement with a physician), documenting fair market value, and careful review of all recruiting arrangements. In addition, the OIG reminds hospitals that compliance with Stark "does not immunize an arrangement" under the separate anti-kickback statute, and that they should review all arrangements for compliance with that statute as well. The Supplemental CPG includes this stern warning: "To avoid a large overpayment, hospitals should ensure frequent and thorough review of their contracting and leasing processes." In the OIG's view, failure to comply with the Stark and anti-kickback laws could lead to liability under the False Claims Act when violation of one or both of these laws results in submission of claims under a federal health care program.

Joint Ventures. The Supplemental CPG explores a number of potential risk areas under the anti-kickback statute, including a discussion of suspect "joint ventures" similar to the venture described in the recent OIG Advisory Opinion on "pod" pathology labs. Chief among the OIG's concerns "is that remuneration from a joint venture [e.g. dividends, profit distribution] might be a disguised payment for past or future referrals to the venture or to one or more of its participants." The Supplemental CPG guides hospitals on factors to consider in scrutinizing joint ventures under the anti-kickback statute as well as steps that they can take to reduce the risk of abuse.

Compensation Arrangements With Physicians. More straightforward compensation arrangements such as medical director agreements also receive attention under the Supplemental CPG. For example, the OIG cautions hospitals to develop appropriate safeguards to ensure that physicians staffing outpatient hospital departments do not use hospital space, equipment or personnel to conduct their private practices.

Exclusive Contracts. The Supplemental CPG includes a discussion of exclusive contracts with hospital-based physicians such as radiologists, pathologists and anesthesiologists. While the OIG states that there is a risk of hospitals demanding some form of remuneration or reduced fees from such physicians in exchange for the referral of hospital patients, OIG recognizes the legitimate business need for these arrangements. According to the OIG, in "an appropriate context," a hospital can require physicians under such contracts to provide certain "reasonable administrative or limited clinical duties directly related to the hospital based professional services" (including participation in an on-call rotation) at a reduced or no charge, with the caveat that such free services must reasonably reflect the value of the exclusivity conferred on the physicians.

Economic Credentialing. The Supplemental CPG highlights economic credentialing for medical staff as a new risk area for hospitals. According to the OIG, while the validity of economic credentialing "would depend on the specific facts and circumstances, including the intent of the parties," arrangements that involve "conditioning privileges on a particular number of referrals or requiring the performance of a particular number of procedures, beyond volumes necessary to ensure clinical proficiency, potentially raise substantial risks under the [anti-kickback] statute."

2. Charity Care
The Supplemental CPG also reiterates the OIG's position on discounts and charity care for the uninsured. In summary, a hospital can waive beneficiary cost sharing based on financial need if it uses objective criteria applied uniformly, and a hospital need not include discounts to the uninsured and underinsured when calculating its "usual charges," for purposes of assessing whether the provider is billing Medicare "substantially in excess" of its usual charges.

3. Substandard Care
Significantly, the Supplemental CPG includes a focus on substandard care, marking the first time the OIG has formally designated "substandard care" as a compliance risk area for hospitals. The OIG highlights its authority to exclude providers from participation in federal health care programs for providing substandard items or services to any patient, even if the patient is not a Medicare or Medicaid beneficiary. The OIG urges hospitals to continually measure their performance against Medicare Conditions of Participation, JCAHO standards and their own quality of care protocols and monitoring mechanisms. These quality of care protocols should not just be limited to a hospital's nursing staff and ancillary services; the OIG also reminds hospitals of the importance of overseeing the credentialing and peer review of their medical staffs.

4. Other Risk Areas
The remaining risk areas identified in the Supplemental CPG are well known to providers: billing Medicare in excess of usual charges, EMTALA, gainsharing, relationships with federal health care beneficiaries (highlighting as risk areas gifts and gratuities, cost-sharing waivers, and free transportation), and HIPAA Privacy and Security compliance. The OIG encourages hospitals to implement policies to enforce and monitor compliance with these requirements, and to train affected employees appropriately. The Supplemental CPG also flags some "areas of general interest" which, while not posing significant fraud and abuse risk, have been the topics of frequent inquiries by hospitals and others, including a further discussion about discounts to the uninsured, preventive care services, and professional courtesy programs.

In addition to discussing risk areas, the Supplemental CPG highlights the critical importance of evaluating compliance program effectiveness. Much of the OIG's advice on the topic parallels the November 1, 2004 amendments to the Organizational Sentencing Guidelines, which focus on creating an organizational culture that values compliance, the role of corporate leadership in this effort, and regular self-assessment and enhancement of existing compliance programs. The OIG encourages hospitals to involve directors, officers, senior management and representatives of the medical and clinical staffs in develop - ment of the compliance program, particularly a vibrant and effective "code of conduct."

The OIG recommends that hospitals review the execution and implementation of their compliance program "at least annually," and counsels against using only outcome indicators such as coding error rates as a measure of the program's effectiveness. According to the OIG, hospitals should consider these factors in reviewing their compliance programs:

• The functioning of the compliance department, including the presence of an active and informed compliance committee and a compliance officer who regularly reports to the hospital's board of directors;
• Whether written policies and procedures are clearly written and readily available, and updated to account for changes in federal health care program requirements;
• The organization's success in creating communication channels that foster open communication without fear of retaliation and that share the results of internal investigations with relevant stake-holders on a regular basis;
• The organization's efforts at training staff and contractors, and whether the content and structure of the training program adequately addresses changes in the law and results from the hospital's own internal investigations and audits;
• The hospital's audit and monitoring plans;
• How the hospital responds to deficiencies discovered during audits or through the compliance program; and
• How disciplinary standards are enforced across the organization.

Whether an organization has a vigorous, active compliance program or a "paper" program that sits on the shelf obviously will be a crucial factor for the OIG. Many organizations have been operating compliance programs for five years or more, and therefore may want to have an independent review conducted to ensure that their compliance program meets prevailing standards. On this point, the complaint brought by the Department of Justice against Medco Health Solutions in September 2003 included an allegation that Medco's weak compliance program itself rendered all claims submitted by Medco "false." The ultimate success of such theories remains to be seen, but this development underscores the heightened stakes for hospitals as they consider planning and budgeting for such an independent review.

Wiggin and Dana's Health Care Compliance and Investigations Practice Group can assist hospitals in all aspects of corporate compliance, internal investigations and government investigations. Our attorneys are well-versed in the laws, regulations, and administrative issuances that form the complex regulatory framework within which hospitals must operate. We draw on our extensive experience in the health care industry generally, and our advice to clients is grounded in our practical understanding of the needs and challenges our clients face. Our services include:

• Internal investigations and self-audits of potential compliance issues, including retention of any additional experts or consultants, interviews, document reviews, and presentations to senior management, boards and board committees;
• Representation through the course of a pre-indictment government investigation, including coordination and management of subpoena and search warrant responses, preparation of witnesses for interviews and grand jury appearances, and meeting with government investigators and attorneys to present the organization's arguments and views;
• Strategizing regarding a possible voluntary self-disclosure, representing the provider in the self-disclosure process and negotiating with government representatives regarding any overpayments or sanctions imposed;
• Review of relationships with physicians and other referral sources for compliance with applicable safe harbors, and developing documentation necessary to meet Stark reporting requirements;
• Development of compliance plans, including drafting compliance manuals and training in-house personnel;
• Targeted reviews and advice on specific compliance program elements, such as compliance department structure and effectiveness, policy and procedure content, and training and education programs;
• Full-scale compliance program evaluation, including updates to address new regulatory and legal developments and assessment of the program's effectiveness; and
• Training programs on compliance issues for targeted groups, including boards of directors, executives, and management personnel charged with sensitive responsibilities such as marketing, physician relations, and contracting.