United States: The Deficit Reduction Act: Spotlight on Medicaid Enforcement

On February 8, 2006, President Bush signed into law the Deficit Reduction Act of 2005 (DRA), which aims to cut nearly $11 billion from Medicare and Medicaid program spending over the next five years. Buried within this extensive law are several provisions that, when pieced together, indicate that the federal fraud, waste and abuse spotlight is widening to include the Medicaid program.

This new focus on Medicaid fraud waste and abuse has gone largely unnoticed because the omnibus DRA addressed a variety of areas, including Medicare reimbursement for a number of provider groups, such as hospitals, physicians, ambulatory surgical centers, imaging centers and physical therapy providers. In addition, media attention about the DRA has focused on a clerical error written into the bill as it went back and forth between the Senate and the House, resulting in passage of two slightly different versions. The DRA has been challenged in at least two federal lawsuits on this ground, but as of this writing no final decision had been issued.

The DRA takes a multi-faceted approach to cracking down on Medicaid fraud, waste and abuse by: creation of a federal Medicaid Integrity program; expanded funding for Medicaid fraud enforcement; incentives for states to adopt whistleblower programs like the federal False Claims Act; and the requirement that certain providers "self-police" potential Medicaid fraud, waste and abuse by adopting new policies and educating employees. Providers should be aware of the DRA’s provisions affecting Medicaid fraud, waste and abuse, and considerhow they affect compliance planning for the coming years.

Before the DRA’s enactment, the fight against Medicaid fraud, waste and abuse was largely left to the states. While individual states may have coordinated efforts with local federal enforcement authorities, there was little coordination on the national level. According to a 2005 General Accounting Office (GAO) report, "Medicaid Fraud and Abuse: CMS’s Commitment to Helping States Safeguard Program Dollars is Limited," (found at www.gao.gov/new.items/d05855t.pdf), there is a wide disparity between the level of staff and financial resources that The Centers for Medicare and Medicaid Services (CMS) has expended to support and oversee state activities to control fraud and abuse and the amount of federal dollars at risk in Medicaid benefit payments. The GAO concluded that there are not enough resources being expended to protect the integrity of the Medicaid program.

In response, the DRA establishes and funds a federal Medicaid Integrity Program, under which the Department of Health and Human Services (HHS) can hire contractors to audit Medicaid claims and identify and collect overpayments from entities receiving federal Medicaid funds. The law also includes provisions relating to CMS’ staffing and planning related to Medicaid fraud—for instance, the law requires CMS to add 100 employees to work with states in support of their Medicaid program integrity efforts. Under the DRA, the Office of Inspector General (OIG) for HHS is budgeted an additional $25 million per year for Medicaid fraud activities. Given these funding initiatives, providers can expect significantly more federal involvement in policing Medicaid fraud and abuse.

Under the federal False Claims Act, providers who knowingly submit, or cause another person or entity to submit, false claims for payment of government funds are liable for three times the government’s damages plus civil penalties of $5,500 to $11,000 per false claim. The False Claims Act enables government enforcement authorities to file civil lawsuits alleging fraud against federal contractors. It also contains qui tam or whistleblower provisions that allow private citizens to bring civil lawsuits alleging fraud on behalf of the government. In exchange, the whistleblower receives a portion of the funds recovered if the suit is successful. Section 6032 of the DRA encourages states to enact state false claims acts by establishing a financial incentive: states that enact false claims acts by January 1, 2007 (or in some cases, later) can keep an extra ten percent of the federal Medicaid share of any funds recouped in a Medicaid fraud case.

In order to qualify for the financial incentive, the state law must be at least as tough as the federal False Claims Act. This means that the law must contain: (i) equivalent qui tam provisions that reward whistleblowers; (ii) a requirement for filing the action under seal for 60 days for review by the state Attorney General; and (iii) a provision imposing civil penalties no less than those imposed under the federal law.

The financial incentives in the law are significant, and states are already responding. At least fourteen different state legislatures have passed or have proposed state false claims acts since the federal government first proposed the idea last summer, and sixteen states already have state false claims acts in place. In the 2005 General Session, the Connecticut General Assembly considered a bill that would create a false claims act aimed at all state contractors, not just Medicaid providers. However, the General Assembly concluded the 2006 General Session in early May, without passing this bill. It is unclear whether the Connecticut General Assembly will be able to return to the issue in the 2007 General Session (which starts after the DRA’s effective date of January 1, 2007), or whether Connecticut has lost its chance to cash in on the additional federal money. If Connecticut does pass such a law during the 2007 General Session, then the Connecticut Attorney General’s Office will be armed with the ability to bring a civil action in Medicaid false claims cases and providers will face heightened risks of whistleblower actions relating to Medicaid business.

Since the OIG first issued "compliance program guidance" to health care providers in the late 1990’s, compliance programs have served as voluntary risk management efforts for health care providers. Under the DRA, for the first time ever, Congress has implicitly mandated that a broad category of health care providers implement certain compliance program policies and procedures on fraud and false claims. These provisions apply to providers that receive at least $5 million in Medicaid payments per year:

• Effective January 1, 2007, providers meeting the $5 million threshold must have written policies that give "detailed information" about state and federal laws regarding false claims, including administrative remedies, whistleblower protections and penalties. The written policies must include "detailed provisions regarding the entity’s policies and procedures for detecting and preventing fraud, waste, and abuse."

• Any employee handbook must include a "specific discussion" of state and federal false claims acts, the rights of employees to be protected as whistleblowers, and the entity’s policies and procedures for detecting and preventing fraud, waste, and abuse.

The DRA does not impose specific penalties on providers that fail to meet these requirements, but beginning January 1, 2007 implementation of these new policies will be a condition of Medicaid participation. Many organizations’ compliance programs may meet the general requirements imposed by the new law, but some of the specifics (such as inclusion of information in employee handbooks) may require additional drafting or revisions. It is unclear whether HHS will be issuing regulations or other guidance on this DRA provision; many commentators anticipate that the agency will do so, but such regulations or guidance do not appear on any of the formal agendas that outline the agency’s rule-making plans for the coming year.

The DRA’s compliance obligations are significant for those providers with substantial Medicaid business, and the possibility that the Connecticut General Assembly will pass a state false claims act next year means that providers must be even more vigilant in guarding against Medicaid fraud, waste and abuse:

• Review your organization’s compliance program policies and employee handbooks if the organization meets the $5 million threshold to ensure that these materials meet the new standards.

• Be on the watch for implementing regulations or guidance that may be issued by HHS. These regulations may impose additional requirements on compliance plans and training, and may answer a number of open questions, such as whether the $5 million threshold applies to a single provider number or a single corporate entity.

• Monitor any legislative attempts to pass a Connecticut false claims act; specifics of such a law will have to be included in an organization’s compliance plan and policies.

• Use this opportunity to give your compliance program a "check up" to ensure that it covers required and recommended compliance guidance. An effective compliance program can help prevent fraud, waste and abuse within your organization. Further, if problems do arise, evidence that your organization has adopted and implemented an effective compliance program can help mitigate potential penalties and enforcement actions.