Previously published by Arlington Healthcare Group

If you are a hospital or health system that owns and operates an accountable care organization (ACO) participating in the Medicare Shared Savings Program (MSSP), or if you are seeking to participate in the MSSP in the future, then you must be in compliance with a host of state and federal laws and regulations that govern your ACO's legal existence, governance, and operations. Pursuant to the MSSP, healthcare providers and suppliers that participate in ACO arrangements receive Medicare fee-for-service payments under Parts A and B; however, the ACOs that meet specified quality and savings requirements may be eligible to receive a shared savings payment.

Recent developments in rulemaking under the MSSP necessitate that you now understand the legal structural compliance requirements contained in the final MSSP implementation regulations (Final Rule), which will determine several outcomes for your ACO, including: (i) legal entity selection; (ii) governance composition, operations and duties; and (iii) legal contents of contractual agreements between your ACO and its contract parties. These regulations were promulgated by CMS, pursuant to the Final Rule, on June 4, 2015 (and published in the Federal Register on June 9, 2015). 80 Fed. Reg. 32692 (June 9, 2015).1

At the state level, your ACO can only exist pursuant to the legal authority pronounced under your state's law. Specifically, state law will dictate ACO corporate form to ensure compliance with several legal hurdles, including: (i) the corporate practice of medicine doctrine; (ii) licensing and/or certification requirements; (iii) fraud and abuse requirements; (iv) provider referral restrictions; (v) antitrust requirements; (vi) privacy and security law; and (vii) state "Blue Sky" laws.

At the federal level, your ACO must be in compliance with fraud and abuse laws and regulations, including the federal anti-kickback statute, 42 U.S.C. § 1320a-7b(b), the federal physician self-referral prohibition, 42 U.S.C. § 1395nn, and civil monetary penalties law provisions, 42 U.S.C. § 1320a-7a; however, the ACA provided authority to the U.S. Department of Health and Human Services (DHHS) to establish waivers from compliance with the federal fraud and abuse laws as necessary to carry out the mission of the MSSP. In the Fourth Quarter of 2011, the Centers for Medicare & Medicaid Services (CMS) and the DHHS, Office of the Inspector General (OIG) released a joint interim Final Rule, 76 Fed. Reg. 67992 (October 20, 2011) with Comment Period governing the MSSP waiver program; however, these waivers only apply to the federal fraud and abuse laws and do not address existing state laws.

Your ACO must also comply with the federal Health Insurance Portability and Accountability Act of 1996, as amended, and implementing regulations ("HIPAA"). In most instances, the ACO will be a business associate under HIPAA and must enter HIPAA-compliant business associate agreements with participating health care providers. Thus, the ACO must comply with the terms of its Data Use Agreement with CMS, as well as the terms of any business associate agreement it enters with individual providers participating in the ACO.

A detailed discussion of the state laws applicable to ACOs, and the impact of these laws on legal structure, governance and operations will follow in our subsequent ACO Compliance Series for Hospitals and Health Systems. We will also explore the federal law issues applicable to ACOs, including an in-depth look at the fraud and abuse waiver program (and state responses to the waiver program), and a discussion of the tax-exemption compliance issues presented by ACO relationships.

In this issue of ACO Compliance Series for Hospitals and Health Systems, we describe the key legal structural compliance requirements contained in the MSSP Final Rule that will determine the following four outcomes for your ACO.

1. Which of your legal entities serves as the operating ACO?

In general, your ACO must be a legal entity, formed under state, federal or tribal law, which is authorized to conduct business in each state in which it operates for the following four purposes: (i) receiving and distributing shared savings; (ii) repaying shares losses or other monies determined to be owned to CMS; (iii) establishing, reporting and ensuring provider compliance with healthcare quality criteria, including quality performance standards; and (iv) fulfilling all ACO functions required by 42 C.F.R § 425.100 et seq. 42 C.F.R. §425.104(a).

Pursuant to the Final Rule, if your ACO includes two (or more) independent ACO participants, then your ACO must be a separately-formed legal entity that is independent from any of the ACO participants. Id. at §425(b). What this means for you is that if your ACO is comprised of multiple ACO participants (and each belongs to the same health system), then the ACO legal entity must be a separately formed entity that is distinct from any one of the multiple providers or suppliers who participate in the ACO. 80 Fed. Reg. 32692, 32716 (June 9, 2015).

Conversely, the Final Rule adds new text to provide that an ACO formed by a single ACO participant may use its existing legal entity (and governing body) for operations; provided, however, that it satisfies all of the general criteria described above and the governance criteria discussed below in (Question 2). 42 C.F.R. §425.104(c).

Existing legal entities (i.e. those entities not specifically formed to participate in the MSSP program as an ACO), such as independent practice associations (IPAs) or physician-hospital organizations (PHOs)) that are typically engaged in activities unrelated to MSSP may only participate in the MSSP as ACOs if all of the entities' members participate in all line of business performed by such entities. As discussed below, the Final Rule amends previous regulations to impose fiduciary duties (i.e. the duty of loyalty) on the members of the governing body of the ACO. Id. § 425.106(b)(3).

2. What requirements control the composition, operations and duties of your ACO's governing body?

a. Composition.

There are five rules controlling the composition of your ACO's governing body. First, your ACO must provide for meaningful participation in the composition (and control) of your ACO's governing body for ACO participants or their designated representatives. 42 C.F.R. §425.106(c). This provision reflects CMS' preference that an ACO be operated by Medicare-enrolled entities that directly provide healthcare services to beneficiaries, but accommodates smaller groups of providers that lack the resources necessary to form an ACO and administer the program requirements on their own. 80 Fed. Reg. 32692, 32718 (June 9, 2015).

Second, your ACO governing body must include one or more Medicare beneficiary representatives who are served by your ACO. Neither the beneficiary representative(s) (nor an immediate family member of the representative(s)) can have a conflict of interest with your ACO. Third, at least 75 percent of the voting control of your ACO's governing body must be held by ACO participants. Fourth, such governing body members may serve in a similar manner for a participant of your ACO.

Finally, if the composition of your ACO's governing body does not comply with the beneficiary rule and the 75 percent test, then you must describe why your composition deviates from the rule and how your ACO will achieve meaningful representation and participation by ACO participants and Medicare beneficiaries. 42 C.F.R. §425.106(c).

b. Operations and Duties.

The governing body of your ACO has the responsibility for oversight and the strategic direction of your ACO's operations, and must hold management accountable for its activities. 42 C.F.R. §425.106(b). Specifically, the governing process must be transparent. The members of the governing body must have a fiduciary duty to your ACO and act in accordance with that fiduciary duty. Id. § 425.106(b)(1)-(3).

To further these objectives, CMS included in the Final Rule conflict of interest safeguards that apply to your ACO's governing body. Specifically, your ACO must establish and implement a conflict of interest policy that requires each member of the governing body to disclose all relevant financial interests and defines a procedure to determine whether a conflict of interest exists and resolving such conflicts to the extent that they exist. Id. § 425.106(d). Finally, the conflict of interest policy must define remedial actions for governing body members that fail to comply with the policy. Id.

3. What substantive provisions must be included in the contractual agreements between your ACO and the providers and/or suppliers who participate with your ACO?

Contractual arrangements between your ACO (on the one hand) and ACO participants and ACO providers and suppliers (on the other hand) are now governed by new provisions to the Final Rule under 42 C.F.R. § 425.116; however, the provisions governing agreements applicable to ACO participants and those applicable to ACO providers/suppliers are materially identical with few exceptions. Id. § 425.116(a) and (b).

There are nine requirements applicable your ACO's agreements with ACO participants.

  1. The parties to the agreements must include only your ACO and the ACO participant. Id. § 425.116(a)(1). This requirement reflects CMS' position that independent practice association and physician-hospital organization contracts are not appropriate or required for purposes of participation in the MSSP.
  2. The signatories to the agreements must be only individuals who are authorized to bind the ACO and the ACO participant. Id. § 425.116(a)(2).
  3. The agreements must state that the ACO participant agrees to participate in the MSSP and to comply with the requirements of the MSSP as well as all of the laws and regulations applicable to the program. Id. § 425.116(a)(3). Similarly, the ACO participant must agree to ensure that each ACO provider/supplier billing through the TIN of the ACO participant agrees to the same participation and compliance obligations as the ACO participant itself. Id.
  4. The agreements must define the ACO participant's rights and obligations in, and representation by, the ACO. Id. § 425.116(a)(4). These requirements include: (i) quality reporting requirements; (ii) beneficiary notification requirements; and (iii) a description of how participation in the MSSP affects the ability of the ACO participant and its ACO providers/suppliers to participate in other Medicare demonstration projects or programs that include shared savings mechanisms. Id.
  5. Your ACO agreements must identify how the opportunity to obtain shared savings will encourage the ACO participant to adhere to the quality assurance and improvement program and evidence-based medicine guidelines established by the ACO. Id. § 425.116(a)(5).
  6. Your ACO agreements must require the ACO participant to update its enrollment data, including the addition and deletion of ACO professionals and ACO providers/suppliers billing through the TIN of the ACO participant, on a timely basis in accordance with the Medicare program requirements and to notify the ACO of any such changes within 30 days after the change. Id. § 425.116(a)(6).
  7. Your ACO agreements must allow the ACO to take corrective action against the ACO participant, including a corrective action plan, denial of incentive payments, and termination of the ACO participant agreement, to address noncompliance with the MSSP and other program integrity issues. Id. § 425.116(a)(7). Similarly, the agreement must ensure that the ACO participant implements similar measures with its ACO providers/suppliers. Id.
  8. The term of your ACO agreements be for at least one year, and identify the consequences for early termination. Id. § 425.116(a)(8).
  9. Your ACO agreement must include completion of a close-out process upon the termination or expiration of the agreement that requires the ACO participant to provide all data necessary to complete the annual assessment of your ACO's quality of care and other relevant matters. Id. § 425.116(a)(9).

The provisions applicable to direct agreements between your ACO and ACO providers/suppliers include all of the provisions (1) – (7) above, which are applicable to contracts between your ACO and ACO participants. Id. § 425.116(b)(1) – (7).

Given the time required for (and complexity of) implementation of these provisions, CMS has given your ACO until January 1, 2017 to satisfy these contractual compliance requirements. Your ACO must submit executed ACO participant agreements for each ACO participant at the time of its initial application, renewal process, and when adding to its list of ACO participants. Id. § 425.116(c).

Click here to view original article

Footnote

1 The Final Rule codifies existing CMS guidance and is designed to reduce administrative burden and improve MSSP function and transparency in the following categories: (i) data-sharing requirements; (ii) relationships between ACOs and the providers and suppliers that participate in the ACO arrangement; (iii) clarifications and updates to application requirements; (iv) eligibility requirements governing the number of beneficiaries in the ACO, obligatory processes for coordinating care, legal structure and governance; (v) assignment methodology; (vi) financial performance metrics; and (viii) issues governing program integrity and transparency. 80 Fed. Reg. 32692, 32694 (June 9, 2015). In order to achieve these objectives, CMS, in the Final Rule, adopted the following changes to the MSSP program: (i) – (vii).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.