United States: Deadline Looms For New Compliance Policies On Medicaid Anti-Fraud Laws

Many health care providers and health plans will be required, effective January 1, 2007, to have compliance policies that inform their employees about federal and state False Claims Act laws and whistleblower protections. These requirements, which states must implement to comply with the Deficit Reduction Act of 2005 (DRA), apply to health care organizations that make or receive payments of $5 million or more under a state Medicaid program.

Health care organizations that fail to comply with these requirements risk losing Medicaid payments. Therefore, organizations subject to the DRA should consider how they will implement these new compliance obligations.

Section 6032 of the DRA (Section 6033 of the bills previously considered by Congress) requires states to adopt, as a condition of payment under their Medicaid programs, a requirement that any entity that makes or receives annual payments of $5 million or more under the state Medicaid program must undertake three initiatives:

• Anti-fraud policies and procedures: The entity’s written compliance policies must include "detailed provisions" regarding policies and procedures for detecting and preventing fraud, waste and abuse.
• Descriptions of federal and state false claims laws: The entity’s written policies must provide detailed information about the federal False Claims Act, state false claims act(s), the federal Program Fraud Civil Remedies Acts of 1986 and whistleblower protections provided by these laws.
• Employee handbook provisions: The entity must include in its employee handbook a "specific discussion" about the federal False Claims Act, relevant state false claims act(s), the federal Program Fraud Civil Remedies Acts of 1986 and whistleblower protections provided by these laws, as well as the entity’s policies and procedures for detecting and preventing fraud, waste and abuse.

Although Section 6032 is entitled "Employee Education," it does not actually impose live education or other training requirements. However, it is possible that some states may choose to do so. In fact, because individual states will implement the DRA requirements, organizations that operate and meet the $5 million threshold in several states may be subject to different state interpretations of these requirements.

Despite the January 1, 2007 compliance date, the Centers for Medicare and Medicaid Services (CMS) has not issued any guidance regarding the implementation of the DRA provisions. Absent specific guidance from CMS or the relevant state Medicaid program, entities that will be subject to these new conditions should adopt what they consider sufficiently "detailed provisions" describing their anti-fraud policies and procedures, applicable anti-fraud statutes and external whistleblower provisions.

Most health care compliance programs already include provisions relating to prevention and detection of fraud, abuse and waste and refer to the federal False Claims Act. In such cases, it is not necessary to create an entirely new structure or new compliance policies to satisfy the DRA obligations. Rather, the additional requirements and detail can be integrated into the existing compliance program documents and training materials. The challenge may be incorporating the additional detail regarding external whistleblower provisions without undermining the effectiveness of internal reporting mechanisms.

If your organization meets the $5 million threshold, you should begin considering how you will come into compliance:

• Determine whether your state has adopted false claims laws, amendments to existing laws or new state Medicaid regulations implementing these conditions of payment, and any additional anti-fraud requirements and whistleblower protections.
• Plan now to satisfy the new DRA compliance obligations by adopting and/or revising your compliance policies and employee handbooks, and identify the employees, agents and subcontractors to whom these materials will be disseminated.

McDermott, Will & Emery has worked with various organizations on the DRA’s compliance obligations. We can provide practical advice as you develop and implement your compliance strategy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.