Previously published in BNA's Health Law Reporter

For more than a decade, the Office of Inspector General (OIG) has encouraged hospitals to focus on strengthening their compliance programs with an eye toward ensuring the medical necessity of the services provided and improving quality of care.¹ Despite OIG's guidance, government enforcement actions illustrate the challenges and compliance risks that hospitals face when medical necessity and quality of care concerns arise in the context of the medical staff peer review process.

For example, in 2003, the Tenet Healthcare Corp. paid $54 million to resolve its False Claims Act liability arising from allegations that two cardiologists at its Redding Medical Center performed unnecessary cardiac procedures and surgeries.² Similarly, Lafayette General Medical Center in Lafayette, La. settled with the government in 2008, paying $1.2 million based upon allegations of unnecessary stenting by a local cardiologist. ³ More recently, in 2010, St. Joseph's Medical Center in Towson, Md., agreed to pay $22 million to resolve its potential False Claims Act liability in connection with allegations that one of its cardiologists implanted more than 500 medically unnecessary cardiac stents.⁴

While substantial False Claims Act settlements by hospitals hardly are unusual, each of these cases also involved allegations that the hospital was made aware of the conduct, engaged its medical staff peer review process, and, nevertheless, took no action to address the quality of care or medical necessity concerns raised.⁵ The cautionary tales of these cases require hospitals operating in the current enforcement environment to ask questions including: (1) How did the hospital's process fail to address these quality and compliance issues? (2) Why was there an apparent failure in communication between the peer review process and the compliance function? and (3) What can be done to avoid ending up in similar circumstances?

Background: Peer Review and Compliance

Traditionally, the responsibility for submitting accurate claims lies within the hospital administrative function—billing, coding, cost report preparation. The compliance department educates the employees, audits claims, investigates alleged compliance problems, and recommends refunds. It is responsible for reducing fraud and abuse and helping the hospital fulfil its legal duty to refrain from practices such as submitting false or inaccurate claims or cost information to the federal health care programs.⁶ Quality of care, on the other hand, was traditionally the responsibility of the medical staff. Physicians oversee the quality of care provided in a hospital by participating in quality assurance activities, acting as advisers to address medical necessity for admission, or by participating in peer review of a particular physician's performance.⁷ Continual efforts by Congress and CMS to improve quality have forced hospital compliance departments to include issues surrounding claims related to quality of care within their ambit. Despite this increasing mandate, evaluating the medical necessity of a given procedure often will end up last on the list of a compliance officer's concerns when juggling RAC audits associated with the medical necessity for admission, billing for readmissions and hospital-acquired conditions, and appropriate reporting and claims submission for value-based purchasing.

Under state and federal law, peer review is an essential process in a hospital's effort to fulfill its common law duty of exercising due care in selecting and maintaining a competent medical staff while promoting better overall patient care. Federal law requires that peer review actions must be taken (1) in the reasonable belief that the action was in the furtherance of quality health care; (2) after a reasonable effort to obtain the facts of the matter; (3) after adequate notice and hearing procedures are afforded to the physician involved or after such other procedures as are fair to the physician under the circumstances; and (4) in the reasonable belief that the action was warranted by the facts known after such reasonable effort to obtain facts and after meeting the requirement of paragraph (3).⁸

When the peer review process functions properly, by providing adequate notice and hearing in accordance with the medical staff bylaws, suspected quality problems generally are brought to the attention of the hospital administrator, a medical director, or chief of staff, and may proceed through the peer review process. The results can vary from no action because a determination is made that the physician's judgment was correct, to supervision by another physician because minor practice improvements are warranted, to suspending or terminating the physician from the medical staff. Adverse peer review actions, including any decision that restricts a physician's privileges for more than 30 days, as well as a physician's resignation from the medical staff in the midst of a peer review investigation, must be reported by the hospital to the National Practitioner Data Bank (the data bank).⁹ The stakes are high, and as a result, the process can be, and usually is, highly charged.

Understanding the Problem: Some Examples

A hospital's compliance risk increases significantly if the medical staff is dysfunctional or otherwise fails to address a troublesome physician who is allowed to continue inappropriate or unsafe treatment. Indeed, these risks increase exponentially when the peer review process is plagued by bias, a lack of will to focus and follow up on a compliance issue, or actions of the medical staff or the hospital administration aimed at suppressing meaningful review.

In the St. Joseph's Medical Center case, for example, the peer review process was ineffective, in part, due to bias because the ''hospital's peer review process permitted Dr. Midei, as Chair of the Cardiology Department, to select cardiology cases, including his own, for peer review.''¹⁰ Therefore, ''St. Joseph was unaware of any problems in its catheterization lab until receiving a complaint from a patient concerned about the treatment received.''¹¹

In its settlement of the Lafayette General Medical Center case, federal authorities ''alleged that [Lafayette General] knew from reports of hospital employees and from reports generated by its own internal review processes—that a physician was performing unnecessary procedures at its hospital yet deliberately failed to address the problem.''¹² In this case, the lack of attention by the peer review process to compliance concerns played a role in the government's enforcement decisions.

Finally, the most egregious problem of peer review failure results from evidence that a hospital has decided to forgo, or ignore, peer review concerns because the physician involved is a high producer. Indeed, some accounts of the Redding Medical Center matter suggest that the peer review process was suppressed by the hospital administration because of concerns about the profitability of the hospital's cardiac care and surgery program.¹³

While the alleged suppression of the peer review process in the Redding case seems atypical, the peer review failures in the Lafayette General and St. Joseph's Medical Center matters seem likely to recur. This begs the question of: ''What could have been done to avoid these failures?'' While solving the problems peculiar to those matters is highly fact specific, there are clearly lessons to be drawn from those cases. Generally, addressing these problems begins with understanding the differing institutional roles of peer review versus compliance and recognizing that these two functions, aimed at very different concerns, were not designed to function seamlessly with one another.

Peer Review and Compliance: Two Different Worlds

The peer review process focuses on clinical and patient care concerns—issues that long have been the province of physicians, and physicians alone. In fact, historically the peer review process was founded on the view that physicians of like specialties should evaluate each other's clinical competence as part of the medical profession's obligation to regulate its members.¹⁴

Given the unique challenges of having physicians review one another, peer review is a private and, at times, secretive process aimed at permitting review while maintaining professional courtesy between physicians, and avoiding disparagement of medical staff.¹⁵ Fortynine of 50 states have adopted statutes that protect the disclosure of peer review information by establishing a statutory peer review privilege.¹⁶ Generally, these laws bar the discovery or the introduction into evidence in malpractice actions or lawsuits seeking redress for deprivation of hospital staff privileges any information gathered in the peer review process. The information is kept confidential as a means of promoting candor.¹⁷ Furthermore, in an effort to ensure that the peer review privilege is adequately maintained and to protect the confidentiality of the information, hospitals often overcompensate and fail to follow up on the information gathered in the process. Indeed, hospital administrators and employees have been trained for decades to treat the peer review process and its attendant confidentiality as sacrosanct. As a result, the peer review process usually operates within its own silo, set apart from the other functions of hospital administration, unless and until a peer review issue is serious enough to be escalated. At times this results in a process that is prone to internalize clinical deficiencies regardless of whether those deficiencies are accompanied by compliance concerns.

In contrast, an effective compliance program is typically designed to sponsor a culture of openness in which sharing information is encouraged. Employees are trained to report troubling activities and most hospitals provide a reporting mechanism by establishing anonymous compliance hotlines. Additionally, compliance programs require internal investigation and reporting up to the governing board and, in many cases, out to the government.

Obviously, the compliance function only can deal with the issues that are discovered whether through reporting or self evaluative activities. As a result, if there is no system in place to allow the compliance department to learn about and understand the issues being evaluated as part of the peer review process, there is a tremendous risk that information that would trigger compliance concerns will remain sealed within the peer review apparatus and never will be addressed.

The Affordable Care Act Raises the Stakes

Recent refund obligations exacerbate the risks of not having a process to ensure that peer review issues that generate compliance risks come to the attention of the compliance department. Section 6402 of the Patient Protection and Affordable Care Act (Affordable Care Act) established a new section of the Social Security Act entitled ''Reporting and Returning of Overpayments,'' also known as the ''60-Day Repayment Rule.'' The law requires identified overpayments from Medicare or Medicaid to be reported and repaid within 60 days (or when the corresponding cost report is due, if applicable). The failure to report and return an overpayment within the 60-day period causes the overpayment to become an ''obligation'' to the United States, resulting in liability for a reverse false claim under the False Claims Act. ¹⁸ While the examples cited demonstrate that a failure by the peer review process to identify and address medical necessity issues can lead to False Claims Act liability, the Affordable Care Act overpayment provision results in liability without any need to demonstrate ineffective peer review. Simple proof that the hospital, in one of its functions, was aware of facts suggesting that there might have been an overpayment and failed to follow up, will be sufficient.

Building a Bridge Between Peer Review and Compliance

The government has made clear that in order ''[t]o successfully discharge their basic obligations to patient safety, hospitals must create and follow reasonable processes as the gatekeeper for safeguarding patients from unscrupulous practitioners who would harm them during their hospital stay.''¹⁹ The first step in creating such a process is to build a functioning relationship between the peer review process and the compliance department. This is essential to early detection of potential fraud issues, particularly those involving clinical issues such as medical necessity.

It is difficult to say whether the existence of such a relationship would have changed the outcome for Redding, Lafayette General, or St. Joseph's. At a minimum it would have required the individuals making decisions in those cases to address more searching questions and to consider whether their actions would withstand the scrutiny of hindsight.

In order to build this peer review/compliance relationship, it is necessary to designate those individuals who will be responsible for the relationship and who will serve as liaisons between the peer review and compliance functions. Once those individuals have been identified, the hospital administration should give them a clear mandate to ensure that regular communication takes place in both directions. One of the challenges of facilitating meaningful communication will be developing a common language that effectively translates peer review concepts like ''reasonable care'' or ''appropriateness of care'' into compliance concepts like ''medical necessity.'' Naturally, there are any number of peer review issues that do not directly implicate compliance concerns, but if a common language can be developed and understood it will make the identification of those issues that do much simpler.

In addition to improving communication, it is incumbent upon the compliance department to work with those involved in the peer review process to incorporate various approaches into peer review that are regularly used in the compliance investigations. One clear lesson from the cases discussed above is that a hospital's peer review process must be conducted in a manner that will withstand governmental scrutiny.

Assistance with issues such as random sampling of records can greatly improve the output of the peer review process and would have helped avoid the problems faced in the St. Joseph's case. Likewise, the compliance department can provide guidance concerning the need for, and use of, outside clinical reviewers in peer review cases. The value of involving outside reviewers cannot be overstated. While an internal first look by local clinicians may provide some useful information to the peer review and compliance processes, uncritical reliance upon internal reviewers, particularly where a decision is made not to act, will be hard to defend when challenged by the government.

In addition to designating individuals to drive the communication discussed above, it also will be important for the hospital to designate physician leaders for the peer review process. These individuals should be provided with training that focuses on the intersection of quality of care, medical necessity, peer review, and compliance. They should have accountability for the peer review process, as well as for ensuring that appropriate cases are addressed through both the peer review and the compliance processes. The quality of care corporate integrity agreements (CIAs) that have followed the settlements in recent cases have adopted this approach and have placed substantial responsibility on highly placed physicians in the hospital setting. For example, in the St. Joseph's case, the CIA requires the appointment of several ''Physician Executives'' who are ''responsible for oversight of medical staff quality of care matters [ ], including but not limited to performance improvement, quality assessment, patient safety, utilization review, medical staff peer review, medical staff credentialing and privileging, and medical staff training and discipline.'' ²⁰

Finally, the compliance department should consider undertaking a regular evaluation of the peer review process. Of course the compliance department often is ill suited to evaluate the clinical review undertaken by the peer reviewers, but a process review is well within its abilities. Retrospective review of the peer review process will ensure that sufficient resources are devoted to discovering whether a standard process is followed, whether files are randomly sampled, whether outside reviewers are used when appropriate, and whether conclusions regarding deficient care are treated not only as medical staff issues, but also as compliance issues.

Conclusion

Effective hospital peer review is essential to protecting patients and striving for clinical competence. It also can play a critical role in the hospital's larger compliance program if communication, accountability, and successful adherence to established process can be assured. While the peer review process can be an important adjunct to the compliance program, recent cases demonstrate that failures in peer review can become an ''Achilles' heel'' for a hospital faced with False Claims Act allegations based upon the delivery of medically unnecessary services by medical staff physicians. It is only through monitoring the peer review process to ensure that up and out reporting is used in appropriate cases and that compliance concerns are identified and addressed that a hospital can be sure that its peer review process is protecting patient safety and assisting in its culture of compliance.

Footnotes

^{1 Department of Health and Human Services, Office of Inspector General, Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987, at 8988 and 8992 (Feb. 23, 1998).}

^{2 K. Eichenwald, ''Tenet Healthcare Paying $54 Million In Fraud Settlement,'' New York Times (Aug. 7, 2003), available at http://www.nytimes.com/2003/08/07/business/tenethealthcare-paying-54-million-in-fraud-settlement.html?pagewanted=print&src=pm}

^{3 Press release, Lafayette General Medical Center to Pay $1.9 Million to Settle Fraud Allegations in Connection with Medically Unnecessary Cardiology Procedures, Department ofJustice (Jan. 11, 2008), available at http://www.justice.gov/usao/law/news/wdl20080111.pdf (hereafter ''Lafayette Generalpress release'').}

^{4 Senate Committee on Finance, Staff Report on Cardiac Stent Usage at St. Joseph's Medical Center, December 2010, S. Prt. 111-57, 111th Congress, 2nd Session, at 2 (hereafter ''Senate Committee staff report'').}

^{5 See, e.g., S. Klaidman, Coronary: A True Story of Medicine Gone Awry, at 208-09 (Scribner 2007) (''Physician peer reviewwas suppressed [ ] because the heart program was agolden goose''); Lafayette General press release, supra, Note3, at 1 (the hospital ''knew from reports of hospital employeesand from reports generated by its own internal reviewprocesses—that a physician was performing unnecessary proceduresat its hospital yet deliberately failed to address theproblem''); and Senate Committee staff report, supra Note 4,at 5-6 (''[T]he hospital's peer review process permitted Dr.Midei, as Chair of the Cardiology Department, to select cardiologycases, including his own, for peer review'') (internal quotationsomitted).}

^{6 Department of Health and Human Services, Office of Inspector General, Supplemental Compliance Program Guidance for Hospitals, 70 Fed. Reg. 4,858 (Jan. 31, 2005). The compliance guidance also seems to set an impossible standard regarding medical necessity education. ''The compliance officer is required to ensure a clear, comprehensive summary of the 'medical necessity' definitions and rules of the various government and private plans is prepared and disseminated appropriately.'' Id.}

^{7 For example, Medicare has clearly stated that ''. . . the decision to admit a patient is a complex medical judgment which can be made only after the physician has considered a number of factors, including the patient's medical history and current medical needs, the type of facilities available to inpatients and outpatients, the hospital's by-laws and admissions policies, and the relative appropriateness of treatment in each setting.'' Medicare Benefit Policy Manual, Chap 1, § 10.}

^{8 See Health Care Quality Improvement Act of 1986, 42 USC 11112 (a).}

^{9 Health Care Quality Improvement Act of 1986, 42 U.S.C. § 11101 et. seq.; 45 C.F.R Part 60, See also, NationalPractitioner Data Bank Guidebook, Department of Health and Human Services, Health Resources and Services Administration.}

^{10 Report of the Maryland Department of Health and Mental Hygiene on Hospital Utilization and Stents, Sept. 21, 2010.(See Appendix II, p. 61).}

^{11 See Senate Committee staff report, supra, Note 4, at 14.}

^{12 See press release, supra Note 3, at 1.}

^{13 See, Klaidman, supra, Note 5, at 208-09.}

^{14 E. Kinney, Hospital Peer Review of Physicians: Does Statutory Immunity Increase Risk of Unwarranted Professional Injury?}

^{15 See, e.g., Powell v. Community Health Systems Inc., 312 S.W.3d 496 (Tenn. 2010) (stating that privilege relating to peer review process is designed to protect interests and relationships that are regarded as sufficiently important to justify limitations on discovery).}

^{16 New Jersey does not have a statutory peer review privilege. Also, there is no federal peer review privilege. The Health Care Quality Improvement Act, which was passed by Congress in 1986, established federal guidelines for peer review and provides immunity for participants under certain circumstances, but it does not protect discussions and documents relating to the peer review process from disclosure in litigation. 42 U.S.C. §§ 11101-11152 (2002).}

^{17 See, e.g., Pardo v. General Hosp. Corp., 841 N.E.2d 692 (Mass. 2006).}

^{18 See42 U.S.C. §§ 1320a-7k(d). See also Hilgers and Welch, Physicians Post-PPACA: Not Going Bust at the Healthcare Buffet, 24 THE HEALTH LAWYER 1, 6 (February 2012).}

^{19 See press release, supra Note 3, at 1.}

^{20 See St. Joseph Medical Center Corporate Integrity Agreement, at 4-5 (Nov. 5, 2010), available at http://oig.hhs.gov/fraud/cia/agreements/st._joseph's_medical_center_11052010.pdf .}

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.