Why Every Provider Must Establish and Maintain a Fraud and Abuse Compliance Program

Dear friends,

The following article addresses common questions about Compliance Plans.
Feel free to share this information. If you decide to use this material,
please include our copyright designation that is shown at the end of the
article and send us a copy of any publication in which the material appears.

Please do not hesitate to contact us with comments, questions, or requests
for additional information.


Elizabeth E. Hogue, Esq.

Office: (877) 871-4062

Fax: (877) 871-9739

Twitter: @HogueHomecare


Why Every Provider Must Establish and Maintain a Fraud and Abuse Compliance

Providers may have heard or read about the importance of Fraud and Abuse
Compliance Programs in their organizations. Despite the wealth of available
information about Compliance Programs, many providers continue to express
uncertainty about their value. Here are some of the questions providers
commonly ask about Compliance Programs:

1. Why should we have a Fraud and Abuse Compliance Program?

First, the Office of Inspector General (OIG) of the U.S. Department of
Health and Human Services has clearly stated that, consistent with the
Affordable Care Act (ACA) as described below, all providers are now expected
to have current Compliance Programs that are fully implemented.

As a practical matter, when providers establish and maintain Compliance
Programs, it clearly discourages regulators from pursuing allegations of
fraud and abuse violations.

Technically speaking, the Federal Sentencing Guidelines make it clear that
establishment and implementation of Compliance Programs is considered to be
a mitigating factor. That is, if accusations of criminal conduct are made,
the consequences may be substantially less severe as a result of a properly
implemented Compliance Program.

In addition, providers with Compliance Programs are more likely to avoid
fraud and abuse. This is because Programs routinely establish an obligation
on the part of every employee to report possible instances of fraud and
abuse and Programs include training for all employees.

Compliance Programs may help to prevent qui tam or so-called "whistleblower"
lawsuits by private individuals, rather than by government enforcers, who
believe that they have identified instances of fraud and abuse. There are
significant incentives to bring these legal actions since "whistleblowers"
receive a share of monies recovered as a result of their efforts. Some
"whistleblowers" have received millions of dollars. Compliance Programs
make it clear that employees have an obligation to bring any potential fraud
and abuse issues to the attention of their employers first.

In addition, the federal Affordable Care Act (ACA) requires providers to
have Compliance Programs. In short, it's the law!

Finally, the Deficit Reduction Act (DRA) requires providers who receive more
than $5 million in monies from state Medicaid Programs per year to implement
policies and procedures, provide education to employees and put information
in their employee handbooks about fraud and abuse compliance. These
requirements can be met through implementation of Fraud and Abuse Compliance

2. We don't receive reimbursement from the Medicare or Medicaid

Do we still need a Compliance Program?

Statutes and regulations governing fraud and abuse also apply to providers
who receive payments from any federal and state healthcare programs,
including Medicaid, Medicaid waiver and other federal and state health care
programs, such as Tri-Care. Many private insurers have followed the federal
government's "lead" in terms of fraud and abuse enforcement. So private
duty providers must have compliance programs, too.

3. We hear that the OIG of the U.S. Department for Health and Human
Services has provided guidance for various segments of the healthcare
industry regarding Compliance Programs. Specifically, the OIG has already
published guidance for clinical laboratories, hospitals, home health
agencies, hospices, physicians' practices, third-party billing companies and
home medical equipment companies. Should we just use the model guidance
that is applicable to us?

The answer is "No!" Guidance from the OIG is not a model Compliance
Program. Guidance from the OIG consists of general guidelines and does
not constitute valid Compliance Programs. In addition, the OIG has made it
clear that Programs must be customized for each organization.

4. We have read that, before implementing Compliance Programs,
providers must conduct expensive internal audits that can take many months
to complete. Is this true?

While beginning the compliance process with an extensive internal audit is
certainly one way to proceed, it is not the only viable way to work toward
compliance. It is equally valid to begin with Compliance Programs that are
customized for the organization that includes training for all employees
about fraud and abuse and Compliance Programs. Then all staff members can
subsequently participate in internal compliance activities, including
audits, with a process in place to handle any issues that arise as a result
of the audits.

5. We have all sorts of policies and procedures in our organization.
Why do we need something else called a Compliance Program?

Compliance Programs are specific types of documents that routinely address
issues that providers do not usually cover in internal policies and
procedures. In addition, providers may not gain benefits under the Federal
Sentencing Guidelines described in paragraph one (1) above if there is no
formal document called a Compliance Program.

6. We just spent a lot of money to become accredited or reaccredited.
Doesn't certification mean that we are in compliance?

On the contrary, Compliance Programs appropriately address potential fraud
and abuse issues. They also include mechanisms for helping to ensure
compliance such as processes for identification and correction of potential
problems that are not addressed during the certification process. In other
words, organizations may be accredited, but fail to meet applicable
compliance standards for fraud and abuse.

7. Will the fact that our organization has a Compliance Program make
any difference with regard to the outcome of fraud and abuse investigations
and the imposition of Corporate Integrity Agreements (CIA's)?

Yes, it may make a considerable difference based on statements from the OIG.
If providers have Compliance Programs in place during investigations that
are current and fully implemented, the OIG may be less aggressive in
pursuing potential violations. When the OIG actually discovers problems
with fraud and abuse in organizations, providers are usually asked to
develop and implement a Corporate Integrity Agreement (CIA). The OIG often
requires CIA's to include a process for stringent monitoring by the OIG on a
continuous basis. These monitoring activities can be extremely burdensome
to providers in terms of both time and money. Providers with valid
Compliance Programs may not be asked to develop and implement CIA's.

Now is the time for all providers to recognize and act upon the need to
establish and maintain Compliance Programs. "Working on it" is no longer
good enough.

C2017 Elizabeth E. Hogue, Esq. All rights reserved.

No portion of this material may be reproduced in any form without the
advance written permission of the author.
Sign In or Register to comment.