Corporate Accountability and Compliance in Health Care - Will Health Care be the Next Enron? (Continued)

1. Adopting a Uniform Reporting Process.

To avoid corporate exposure to these penalties, corporations should adopt a uniform reporting process to address retaliation complaints.

Upon receipt of a complaint of retaliation, the employer must immediately investigate the complaint. While the investigation may be conducted by in-house counsel, retention of outside counsel is recommended. In- house investigations ma y be viewed as biased and more difficult to protect under the attorney work-product or attorney-client privilege doctrines.

Further, in-house counsel or in-house investigators may be more easily forced into becoming a witness should the claim be filed with the DOL or in federal court. Since corporations are required to have an audit committee to investigate reports of material violations, formation of an independent outside audit committee charged with the responsibility to investigate retaliation claims is also necessary and well advised.

Company liability for retaliatory conduct may arise when the employee provides information or assists with an investigation. Liability may also arise from retaliatory conduct in response to the employee filing, causing to file, testify, participate in or assist in any proceeding filed.

1. Train all employees, particularly managers and supervisors about the Sarbanes-Oxley provisions and Civil False Claims Act.

2. Adopt and implement policies to encourage confidential or anonymous reporting and discourage retaliation in response to employee reporting.

3. Make sure the policy is comprehensive and explains:

(a) what constitutes material violations;

(b) how and to whom to report (with several alternatives);

(c) how the report will be investigated; and

(d) how violations will be addressed.

Confidentiality and non-retaliation provisions are imperative. Assure employees that they will not be subject to retaliation for reporting violations. State the employer's intention to keep reports of violations as confidential as possible, subject to such disclosure as may be required to investigate, remedy the situation or to respond to governmental agency inquiries.

4. Distribute the policy to all employees on a periodic basis and have them sign a receipt, acknowledgment form, or sign-off sheet to document distribution.

5. Post the policy prominently. The prohibition against retaliation should be included in bolder print.

6. Make sure persons, other than employee's supervisor, are designated to receive reports of violations. Having an independent auditing committee for this purpose would be the employer’s best practice.

7. Follow up on all violations promptly and aggressively. Employers must treat complaints seriously, investigate the allegations thoroughly with trained investigators, and then take appropriate actions designed to end any violation. The employer’s compliance audit committee is the best choice for conducting the investigation.

8. Fully document the investigatio n and any remedial steps taken.

9. Make sure all employees know that the company has a "zero tolerance" policy regarding violations of securities and related laws. A zero tolerance policy must be enforced by managerial, supervisory and non-supervisory employees.

10. Hold supervisors and employees accountable for any personal inappropriate behavior that is, or could be construed to be harassme nt or retaliation.

1. Employers must have an anti-retaliation policy in their manuals and employee handbooks that they may refer to during litigation.

2. If a report of an alleged violation is received, draft a letter to the alleged actor(s) to acknowledge that the company received a report of alleged violations and will have its outside auditors investigate the allegation. Exercise caution in the wording of the letter to emphasize the Company has received notice of "allegations" and that a neutral and fair investigation will be conducted. The tenor of the letter may support slander or defamation claims. This same letter should be drafted for a report of retaliation.

3. In many harassment situations, employers may transfer the complaining employee or otherwise reassign his or her supervisor who is the subject of a retaliation complaint made by the employee. However, courts are split over whether such a transfer constitutes an adverse employment action. To date, courts in general hold that a transfer alone is not adverse, if the working conditions are generally similar and there is no adverse difference in pay. Caution should be used when considering a transfer.

4. If transferring is not appropriate, ensure that the complaining employee has a new supervisor/manager who is unaware of the complaint. Keep the new supervisor/manager ignorant of the reporting since adverse employment actions cannot constitute retaliation if the actor responsible for the adverse employment action was unaware of the "protected conduct."

5. Conduct an unbiased investigation of the retaliation complaint. As stated previously, retaliation complaints should be investigated by outside firms.

6. Limit communication regarding the material violations complaints to those with a "need to know."

7. Consider a moratorium on pending adverse actions if you are aware that a lawful report of an alleged material violation has been made. Postponing a demotion, termination or other adverse action may protect the corporation from a retaliation complaint. Keep in mind, harassment, although undefined, is considered criminal under Sarbanes Oxley.

8. Always maintain a paper trail of management deliberations and actions so that records reflect the consideration and decisions regarding adverse actions occurred prior to the report of alleged material violations.

9. Review all retrievable emails to and from the complainant and his or her supervisor and any other kno wledgeable employees to assess the gravity of the alleged complaint.

10. When advising employees that a complaint has been received and an investigation will be undertaken, have each employee sign a statement acknowledging they have been advised that retaliatory conduct will not be tolerated.

Employers that do not have a reliable system of documentation may have difficulty defending against retaliation actions. There must be good personnel procedures and documentation of poor performa nce or conduct, etc.

These examples demonstrate how documentation can save the corporation or in other situations, lead to its downfall. Limiting supervisory personnel’s knowledge of employee complaints of material violations may obviate the potential for the result shown in this example. An audit committee should coordinate the referral of complaints to outside investigators. Limiting distribution of investigative findings may prevent unnecessary disclosure to nonessential personnel.

In short, employers should begin documenting their relationship with their employees from the hiring process through resignation, reduction- in-force, and/or termination. Disgruntled employees often document their employers’ actions in excruciating detail and often at the direction of plaintiffs’ counsel. Further, jurors often give more weight to written records made before a lawsuit than sworn testimony. Documenting the employment relationship from its onset enables employers to challenge an employee’s version of the facts with a competing written record. Employers who consistently document the positive and negative events in an employee’s history can better respond to charges of retaliation. Employers with good documentation habits can better explain why an employee was hired, promoted, disciplined, or discharged. In short, employers who establish the documentation habit at the onset of the employment relationship retain the most flexibility in their personnel decisions.

When a complaint has been received, a memo from an authoritative manager, supervisor or director must be issued to all employees advising that no documents, including any written document, document on their computer, documents on their laptop or home computer that are work related, e-mail, and voice mail can be deleted or destroyed until further notice. Getting the employee signature to acknowledge receipt of the notice will assist in defending against any possible charge of interference with a government investigation.

As in recent years, the OIG will continue to focus its efforts on investigating fraud, abuse and waste activities in the health care industry. The 2004 Work Plan indicates a significant focus on the pharmaceutical industry. According to the U.S. Department of Health and Human Services, Office of Inspector General Fiscal Year 2004 Work Plan:

OI will investigate individuals, facilities, or entities that bill Medicare and/or Medicaid for services not rendered, claims that manipulate payment codes in an effort to inflate reimbursement amounts, and other false claims submitted to obtain program funds. OI will also investigate business arrangements that violate anti-kickback statutes.

Investigative focus areas include pharmaceutical fraud. Working jointly with such partners as the Drug Enforcement Administration and State and local authorities, OI will continue to identify and investigate illegal schemes to market, obtain, use, and distribute prescription drugs. By investigating these schemes, OI aims to deter the illegal use of prescription drugs, curb the danger associated with street distribution of highly addictive medications, stop the inflating of drug prices common in the pharmaceutical industry, and protect the Medicare and Medicaid programs from making improper payments.¹⁵

Accordingly, organizations must understand the fraud and abuse statutes, recognize activities that may run afoul of these statutes and implement effective compliance programs aimed at mitigating risk and reducing unlawful conduct.

The best way to avoid encountering the adverse consequences of increased enforcement against overpayments, fraud and abuse is to prevent the potentially unlawful conduct in the first place. This means an effective compliance program. The OIG has developed and issued voluntary compliance program guidance directed at the following segments of the health care

industry: the hospital industry, home health agencies, clinical laboratories, third-party medical billing companies, the durable medical equipment, prosthetics, orthotics and supply industry, Medicare+Choice organizations offering coordinated care plans, hospices, nursing facilities, individual and small group physician practices, and ambulance suppliers.¹⁶

Individual physicians as well as members of the board of directors may face personal liability for violations of fraud and abuse statutes. Teaching hospitals face risks with respect to billing guidelines regarding the teaching of resident physicians. The pharmaceutical industry has also come under closer scrutiny recently and faces unique risks regarding kick-backs and other legal remuneration, discounts, product support services, educational grants, research funding, relationships with formulary committee members, payments to PBMs, formulary placement payments, "switching arrangements," consulting and advisory payments, and business courtesies and other gratuities. These unique risks to the pharmaceutical industry require the development of a specific compliance program addressed to handle these risks.¹⁷

The OIG believes there are seven essential elements to an effective compliance program for any organization, whether a hospital or clinic, or a pharmaceutical manufacturer. The seven elements are modeled on the seven steps of the Federal Sentencing Guidelines.¹⁸ At a minimum, all compliance programs aimed at reducing health care fraud and abuse should include the following seven elements:

1. The development and distribution of written standards of conduct, as well as written policies and procedures that promote the hospital’s commitment to compliance (e.g., by including adherence to compliance as an element in evaluating managers and employees) and that address specific areas of potential fraud, such as claims development and submission processes, code naming and financial relationships with physicians and other health care professionals.

2. The designation of a chief compliance officer and other appropriate bodies, for example, a corporate compliance committee charged with the responsibility of operating and monitoring the compliance program and who report directly to the CEO and the governing body;

3. The development and implementation of regular, effective education and training programs for all affected employees;

4. The maintenance of a process, such as a hotline, to receive complaints, and the adoption of procedures to protect the anonymity of complainants and to protect whistle blowers from retaliation;

5. The development of a system to respond to allegations of improper/illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or federal health care program requirements;

6. The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem area;

7. The investigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals.

On February 23, 1998, the OIG issued a publication on compliance program guidance for hospitals.¹⁹ The guidance was provided to assist hospitals in implementing compliance programs to address the prevention, detection and resolution of conduct that does not conform to federal and state law, as well as the hospital’s own ethical and business policies.²⁰ Each hospital should tailor its own compliance program to the unique risks of its organization. The OIG has identified the following risk areas that hospitals should be specifically aware of in considering written policies and procedures concerning regulatory exposure. These areas of concern include the following:

1. Billing for items or services not actually rendered;

2. Providing medically unnecessary services;

3. Upcoding – The practice of using a billing code that provides a higher payment rate than the billing code that actually reflects the service furnished to the patient.;

4. "DRG creep"—Like upcoding, "DRG creep" is the practice of billing using a Diagnosis Related Group (DRG) code that provides a higher payment rate than the DRG code that accurately reflects the services furnished to the patient;

5. Outpatient services rendered in connection with inpatient stay;

6. Teaching physician and resident requirements for teaching hospitals;

7. Duplicate billing;

8. False costs reports;

9. Unbundling—The practice of submitting bills piecemeal or in fragmented fashion to maximize the reimbursement for various tests or procedures that are required to be billed together and therefore at a reduced cost;

10. Billing for discharge in lieu of transfer;

11. Patient’s freedom of choice;

12. Credit balances – failure to refund;

13. Hospital incentives that violate the anti-kick-back statute or other similar federal or state statute or regulation;

14. Joint ventures;

15. Financial arrangements between hospitals and hospital-based physicians;

16. Stark physicians self-referral law;

17. Knowing failure to provide covered services or necessary care to members of a health maintenance organization;

18. Patient dumping. ²¹

Physicians at teaching hospitals should be aware of the following specific risks:

1. Only services actually provided may be billed;

2. Every physician who provides or supervises the provision of services to a patient should be respons ible for the correct documentation of the services that were rendered;

3. The appropriate documentation must be placed in the patient record and signed by the physician who provided or supervised the provision of services to the patient;

4. Every physician is responsible for assuring that in cases where that physician provides evaluation and management (E&M) services, a patient’s medical record includes appropriate documentation of the applicable key components of the E&M service provided or supervised by the physician (e.g., patient history, physician examination, and medical decision making), as well as documentation to adequately reflect the procedure or portion of the service performed by the physician; and

5. Every physician should document his or her presence during the key portion of any service or procedure for which payment is sought.

Hospitals should have specific policies in place to comply with anti-kickback statutes and the Stark physician self-referral law, in particular:

1. All of the hospital’s contracts and arrangements with referral sources comply with all applicable statutes and regulations;

2. The hospital does not submit or cause to be submitted to the Federal health care programs claims for patients who were referred to the hospital pursuant to contracts and financial arrangements that were designed to induce such referrals in violation of the anti-kickback statute, Stark physician self-referral law or similar Federal or State statute or regulation; and

3. The hospital does not enter into financial arrangements with hospital-based physicians that are designed to provide inappropriate remuneration to the hospital in return for the physician’s ability to provide services to Federal health care program beneficiaries at that hospital.

Compliance programs guide the hospital’s governing body including boards of directors or trustees, chief executive officer, managers, other employees and physicians and other health care professionals in the efficient management and operation of a hospital. There are many benefits of an effective compliance program, including:

1. Concretely demonstrating to employees and the community at large the hospital’s strong commitment to honest and responsible provider and corporate conduct;

2. Providing a more accurate view of employee and contractor behavior relating to fraud and abuse;

3. Identifying and prevent ing criminal and unethical conduct;

4. Tailoring a compliance program to a hospital’s specific needs.

5. Improving the quality of patient care;

6. Creating a centralized source for distributing information on health care statutes regulations and other program directives related to fraud and abuse and related issues;

7. Developing a methodology that encourages employees to report potential problems;

8. Developing procedures that allow the prompt, thorough investigation of alleged misconduct by corporate officers, managers, employees, independent contractors, physicians, other health care professionals and consultants;

9. Initiating immediate and appropriate corrective action;

10. Through early detection and reporting minimize the loss to the government from false claims and thereby reduce the hospital’s exposure to civil damages and penalties, criminal sanctions and administrative remedies such as program exclusion.

Implementing an effective compliance program may not entirely eliminate fraud, abuse and waste from the hospital system. However, the compliance program can reduce the risk of unlawful and improper conduct.

The Department of Health and Human Services (HHS) Office of the Inspector General (OIG) issued a notice in the Federal Register setting forth Compliance Program Guidance for Pharmaceutical Manufacturers.22 An effective compliance program is crucial in preventing fraud and abuse in federal health care programs. The guidance identifies three major potential fraud and abuse risk areas for pharmaceutical manufacturers:

1. Integrity of data furnished by manufacturers;

2. Kickbacks and other illegal remunerations; and

3. Compliance with laws regula ting drug samples.

The pharmaceutical industry is faced with heightened investigation into fraud and abuse. There are now dedicated healthcare fraud units in every U.S. Attorney’s office and in every Inspector General’s office and in most FBI offices across the country. In short, pharmaceutical companies have become a prime target of healthcare fraud prosecution.

Manufacturers often provide grants to support continuing medical education and other programs. These grants are very often disbursed to customers and potential customers of the pharmaceutical manufacturer. Giving away money in the form of grants can violate the Anti- Kickback statute, the False Claims Act, the Medicaid rebate program and a host of other statutory schemes.²³

The OIG has identified a number of fairly common industry practices that it considers possible kickbacks, including.

1. Payment of "switch fees" to pharmacists;

2. Practice of paying for "research" studies that are never performed or used;

3. "Any prize, gift or cash payment, coupon or bonus" offered to a physician or supplier in exchange for prescribing a conduct;

4. Cash or other benefits are offered to pharmacists (or others in a position to recommend products) in exchange for performing "marketing" tasks;

5. Grants offered to clinicians for studies that are "of questionable scientific value and require little or no actual scientific pursuit";

6. Payments made to a patient, provider or supplier to change a prescription from one product to another.

Federal authorities have prosecuted manufacturers under the Anti-Kickback statute for grant-giving practices to the tune of $161 million (the Caremark settlement). Hoffmann- LaRoche paid $450,000 to settle allegations regarding research grants that were characterized as kickbacks. More recently, AstraZeneca Pharmaceuticals paid $355 million in civil and criminal penalties to settle allegations under the False Claims Act that it conspired to defraud government-backed health plans by distributing thousands of free samples of its prostate cancer drug Zoladex to physicians while encouraging them to seek federal reimbursement for the medication. ²⁴ The Vice President of Sales for the corporation filed the suit under the False Claims qui tam provisions. As a result, he will take home an estimated $47.5 million share of the settlement.

Under the Medicaid rebates system, manufacturers are obligated to rebate to the state Medicaid programs, on a per unit basis, either a fixed discount off the "average manufacturer’s price" or the difference between their average manufacturer’s price and their "best price" for covered outpatient drugs.²⁵ "Best price" is defined to include "cash discounts, free goods that are contingent on any purchase requirement, volume discounts, and rebates."²⁶ Grants can impact "best price" if they are rebates in disguise. Because of this, manufacturers’ rebate practices are under heightened scrutiny by the law enforcement agencies.

Additionally, recently the HHS replaced the three-year record-keeping requirement and with a ten-year requirement, thereby increasing the government’s ability to investigate potential fraud.

The U.S. Attorney’s Office has filed charges against benefits manager Medco Health Solutions, the biggest pharmacy benefit-management company in the U.S. (a spin-off of the pharmaceutical manufacturer Merck) for violations of anti kickback statutes. The lawsuit stems from the government’s intervention in two whistleblower lawsuits alleging that the company committed fraud, falsified records, made false statements to investigators and induced physicians to switch patients to more expensive prescriptions marketed by then-parent company Merck. In its Amended Complaint, the U.S. Attorney’s Office added two former Medco employees as defendants in the lawsuit, a former Medco executive vice president and the former general manager of a Medco mail order pharmacy. The Amended Complaint alleges that the two Medco executives canceled, deleted and destroyed prescription orders to avoid penalties for not satisfying their contractual obligations with Blue Cross Blue Shield.

The high cost of noncompliance is a reality. Violations of the statutory schemes carry criminal penalties and substantial financial penalties. Board members and directors may face personal liability. An even greater penalty is that the FDA may delay a new drug application.

Manufacturers need to take several measures to stay ahead and out of trouble ²⁷:

1. Know all statutory and regulatory schemes and be aware of the regulatory implications of all actions;

2. Undertake a formal or informal internal audit or inquiry to determine if their activities are exposing them to liability under any relevant statutory scheme.

3. Develop policies and procedures designed to address potential exposure ;

4. Train and retrain employees, including management to understand the various laws;

5. Adopt a comprehensive compliance program;

6. When an investigation arises, plan and execute a strategy as soon as possible to avoid misleading the public.

Several manufacturers when faced with investigations have executed plans to minimize investor concern and distrust by explaining the fraud and abuse allegations and "coming clean" with any potential wrongdoing. This strategy has been effective for many organizations to enhance trust and confidence after the Enron and WorldCom scandals.

The OIG has published a resource guide for boards of directors aimed at reducing director liability under fraud and abuse statutes. The failure of a corporate director to attempt in good faith to institute a compliance program in some situations may be a breach of a director’s fiduciary obligations.²⁸ Generally, the duty of care of a board involves determining whether the directors acted (1) in "good faith", (2) with that level of care that an ordinarily prudent person would exercise in like circumstances, and (3) in a manner that they reasonably believe is in the best interest of the corporation. In Washington, directors have a fiduciary responsibility to exercise ordinary care in performing their duties and are required to act reasonably and in good faith.

In Caremark, the court noted,

"[A] director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the Board concludes is adequate, exists, and that failure to do so under some circumstances, may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards."

In Caremark, the court observed that the level of detail that is appropriate for such an information system is a matter of business judgment. Under Caremark, a director’s failure to reasonably oversee the implementation of a compliance program may put the organization at risk and may, in some extreme circumstances, expose individual directors to personal liability for losses caused by the corporate noncompliance.

The health care industry operates in a heavily regulated environment with multiple risk areas. There are unique challenges for health care organization directors, especially in light of the increased oversight and focus on health care fraud and abuse. Failure to comply with federal and state statutes and regulations can be devastating for a health care organization since federal and state-sponsored health care programs play a significant role in paying for health care. In addition to criminal and civil monetary penalties, health care providers found to have defrauded federal health care programs may be excluded from participation in these programs. The crippling effect of financial penalties and exclusion from federal programs may be the death knell for some organizations. The focus on "corporate responsibility" places additional pressure on health care organization directors to implement and carry out effective corporate compliance programs.

After a nearly three-year investigation regarding allegations of over billing of Medicare, Medicaid and Tri-Care²⁹ programs at the University of Washington, Dr. H. Richard Winn, a prominent neurosurgeon and Chair of the Department of Neurological Surgery plead guilty to one obstruction of just charge, was forced to resign his position as chair and forfeit his operating privileges. Dr. Winn accepted a plea deal in which he was ordered to serve 1,000 hours of community service and pay a $4,000 fine and repay $500,000 to government programs. In addition, Dr. Winn was ordered by the court, "to publicize through a professional medical journal a declaration regarding the errors in comp liance with federal rules and regulations relating to health care benefits programs at the UW Department of Neurology Surgery."³⁰ In Dr. Winn’s plea agreement, the government stipulated that billing claims submitted by Winn were not intentional but "the product of mistake and confusion."³¹ Despite the lack of intent, the billing scandal may result in the imposition of millions of dollars paid in civil monetary penalties.

The government’s investigation centered around five areas in the UW Neurosurgery Department: (1) eligibility of chief residents to submit claims for professional services; (2) retrospective documentation by chief residents; (3) radio surgery fees; (4) bedside procedures; and (5) operating room presence. Dr. Winn addressed each of these five areas of "confusion" in his article.

In 1996 the HCFA regulations changed and required an attending physician to be physically present ("shoulder-to-shoulder, elbow-to-elbow") during bedside procedures.³² Prior to the 1996 changes in the HCFA guidelines, there was no requirement for faculty to be physically present during these procedures.³³ In 1996, there was no office or University of Washington Physicians ("UWP") ³⁴ officer responsible for compliance and oversight. According to Winn, such an individual could have prevented the generation of fees for procedures performed without the presence of an attending.³⁵ In 2000, UWP created the position of UWP director of regulatory compliance and inappropriate billing was identified and the Neurosurgery department ceased billing for bedside procedures where faculty attendings were not present.³⁶ Additionally, the government contended in the investigation that there were many surgical fees submitted for operative procedures performed in the absence of an attending surgeon. ³⁷ The government’s allegations were based mainly on the nursing operating room record, which upon review, was determined to be inconsistent and an unreliable indicator of an OR presence.³⁸ Dr. Winn credits most of the confusion to a lack of oversight by UWP, coupled with a lack of communication between UWP and departmental administration.

Dr. Winn offered the following advise to other Medicare billers: "trust but verify." It is ultimately the individual provider who signs the agreement, which holds them responsible for errors or cheating.

In his article Dr. Winn makes the following recommendations for academic medical centers:

that medical schools have a structured orientation process for all new chairs of clinical departments, which should rigorously cover regulations governing the CMS [Centers for Medicare and Medicaid Services] and residency programs as well as research funding (a potential area of future federal focus). All new residency program directors should be familiar with and review on a regular basis specialty board residency guidelines and requirements.³⁹

Dr. Winn noted a faculty practice plan must notify faculty members that individuals will be held responsible for their own billing errors and those acting on their behalf. This is a strong inducement for faculty scrutiny. In addition, Dr. Winn acknowledges the presence of an active compliance program is essential in today’s environment and must be "carefully considered." Specifically, Dr. Winn notes a compliance program may be hindered by being too centrally directed. A compliance program should not be focused simply on evaluating "numbers" as that is too removed from the "shop floor." Therefore, the compliance program should be tailored to address any potential specialty billing practices. Dr. Winn also notes that a peripheral compliance effort on a departmental level may be compromised by friendships and collegial interactions. Financing is also crucial. Organizations may have a tendency to skimp on financial support and centralized planners may resort to adopting an attitude of "don’t ask, don’t tell." Faculty at the departmental level may lack the enthusiasm to support the bureaucratic effort of a compliance program in the era of diminishing reimbursements and lower salaries. Therefore, faculty, staff and department administration need to provide the incentive – negative and positive to cooperate and comply with a compliance program. ⁴⁰

The consequences of non-compliance are harsh. In the case of the UW, there were two faculty members faced with personal liability resulting from the charges. As Dr. Winn notes, "[F]aculty members must acquire a comprehensive understanding of health care regulations or face personal peril."⁴¹ Dr. Winn faced civil monetary penalties, a criminal plea bargain and was forced to resign his faculty position. The head of the Nephrology Section of the Department of Medicine plead guilty to a single felony count of mail fraud in submitting a $124 bill for a dialysis treatment at which he was not present. The UW regents recently rejected a proposed $35 million settlement, which wo uld have been the nation’s highest over billing penalty involving a teaching hospital. The UW will likely pay out in the range of $20 to $30 million to settle the Medicare and Medicaid over billing charges.

Even with a compliance program in place, organizations that run into trouble with fraud and abuse statutes should carefully evaluate the option of self-disclosure. Under the False Claims Act, 31 U.S.C. 3729-3733, a person who has violated the act, but who voluntarily discloses the violation to the government, in certain circumstances will be subject to not less than double, as opposed to treble, damages.⁴² Some cases settled by the OIG result from the selfdisclosure to the OIG. The OIG takes the self disclosure and the provider’s le vel of cooperation into account in determining appropriate settlement terms. OIG will often require less money to be paid in settlement for conduct that has been self disclosed. Self-disclosure cases are more likely to settle without requiring integrity provisions or to require more limited integrity provisions.⁴³ The OIG has published a self-disclosure protocol, which provides health care providers specific steps, including a detailed audit methodology that may be undertaken if they wish to work openly and cooperatively with OIG to efficiently quantify a particular problem and ultimately promote a higher level of ethical and lawful conduct within the health care industry.

However, a provider deciding whether to self disclose should consider the risks associated with self disclosure. It may not be appropriate in every situation. The OIG’s self-disclosure protocol is voluntary and risks and benefits of disclosure should be weighed.⁴⁴

No guarantee of immunity or reduced penalties exists.

2. Cost of use of internal resources and retention of outside resources to conduct the investigation can be substantial.

3. Employees and other personnel feel under siege, morale sinks, lose good people.

4. Waiver of applicable privileges may be demanded as a condition of being considered to have acted in good faith.

1. Demonstration of good faith might improve penalty result, especially when compared to situation if criminal authorities discover and prosecute.

2. After negotiating the investigation protocol, the provider may conduct the investigation. The OIG reserves the right, however, to reject the result.

3. Employees and other personnel are proud that their organization is "doing the right thing." Another consideration in self-disclosure is the risk of a potential whistleblower who may initiate a qui tam lawsuit. It is in the organization’s best interests to identify any potential wrongdoing and immediately undertake an internal audit or investigation into the alleged conduct.

H. Corporate Integrity Agreements.

Corporate Integrity Agreements (CIAs) are used by the OIG to settle overpayment obligations involving the OIG and to resolve civil enforcement issues tied to criminal prosecutions. As part of its settlements of Federal health care program investigations, the OIG imposes compliance obligations on health care providers. These provider compliance obligations often take the form of a CIA, which is executed between the provider and the OIG. Under a CIA, a provider consents to certain obligations as part of a civil settlement and/or in exchange for the OIG’s agreement not to exclude that health care provider from participating in Medicare, Medicaid and other Federal health care programs. Generally, providers who settle these cases do not admit they were liable for the conduct allegedly committed. A typical CIA is for a term of five years and requires the provider to implement a variety of compliance measures. The OIG generally requires the submission of periodic reports concerning the provider’s compliance efforts and reserves the right to impose sanctions for a material breach of the CIA. A provider is often able to limit the scope and reduce the cost of a CIA depending on a variety of factors, including the severity of the alleged misconduct, whether the conduct was self-disclosed, and whether the provider had implemented a compliance program. In some instances, a provider may avoid the imposition of a CIA altogether through self-disclosure and pre-existing compliance efforts.

The benefits of enhanced corporate governance and compliance are more than mitigating risk and reducing fraud and abuse. Compliance programs foster a sense of investor and public trust. An effective compliance program, which outlines policies and procedures for recognizing and reducing risk of health care fraud and abuse increases trust and confidence among employees, staff, and directors (all levels of the organization). As a result, this can reduce the likelihood of a qui tam lawsuit because employees are more likely to report within when they know policies are in place to protect them against retaliation.

Critics claim the False Claims Act is not only overbroad and over-reaching but is not intended to address health care fraud and abuse, thereby resulting in inconsistent enforcement. Jurisdictions apply the law differently. In the case of the Medco Health Solutions lawsuit, Medco defends the False Claims Act charges on the basis that the case is little more than "distorted allegation" woven into "a long-winded attempt to concoct a cause of action completely untethered to the False Claims Act." Medco feels that the government has unfairly thrown all the FCA language and rubric into lengthy complaints hoping that something will withstand dismissal.

An additional criticism of the FCA’s application to health care fraud is whether the government should prosecute cases in which there is no evidence of economic damage to the government. The government takes the position that despite little or no economic harm, in certain cases, corrective action is needed to maintain the integrity of the process. In cases in which no economic harm is demonstrated, the government is paying millions to prosecute actions, which are ultimately borne by the taxpayers.

Finally, the number of statutes regulating the health care industry is startling. If they don’t get you one way, they will get you another. The duplicity and overlap of multiple penalties for the same conduct may be excessive and a hindrance to compliance. Bottom- line, enforcement efforts are on the rise, and organizations must be aware of the risks.

www.hhs.gov/oig

This web site includes a variety of information relating to Federal health care programs, including the following:

-Advisory Opinions

-Anti-kickback Information

-Compliance Program Guidance

-Corporate Integrity Agreements

-Fraud Alerts

-Links to web pages for the: Office of Audit Services (OAS)

-Office of Evaluation and Inspections (OEI)

-Office of Investigations (OI)

-OIG List of Excluded Individuals/Entities

-OIG News

-OIG Regulations

-OIG Semi-Annual Report

-OIG Workplan

For advisory opinions regarding Medicare and Medicaid programs, go to the Centers for Medicare and Medicaid website at http://cms.hhs.gov/

A complete list of contact information (address, phone number, email address) for Medicare Part A Fiscal Intermediaries, Medicare Part B Carriers, Regional Home Health Intermediaries, and Durable Medical Equipment Regional Carriers can be found on the HCFA web site at www.hcfa.gov/medicare/incardir.htm.

Contact information (address, phone number, email address) for each State Medicaid carrier can be found on the HCFA web site at www.hcfa.gov/medicaid/mcontact.htm. In addition to a list of Medicaid carriers, the web site includes contact information for each State survey agency and the HCFA Regional Offices. Contact information for each State Medicaid Fraud Control Unit can be found on the OIG web site at www.hhs.gov/oig/oi/mfcu/index.htm.

Health Care Financing Administration www.hcfa.gov

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.