Fraud and Abuse Compliance Program 101: Do You Have a Plan? Is That Plan Effective?

Fraud and Abuse Compliance Program 101:

Do You Have a Plan? Is That Plan Effective?

Long-Term Care Webinar - December 15, 2015

Jonell B. Beeler Gina G. Greenwood

Shareholder Shareholder

Jackson, Mississippi Atlanta, Georgia

601.351.2427 office 404.589.0009 office

[email protected] [email protected]

Jonell B. Beeler

601.351.2427 [email protected]

• Jonell Beeler, shareholder in the Jackson office of Baker Donelson,

concentrates her practice in health care. She serves as leader of the Firm's Health Care Government Investigations Group and the Health Care

Regulatory Task Force.

• Her experience includes health care compliance; Medicare and Medicaid reimbursement, provider enrollment, conditions of participation and

regulatory matters; federal and state fraud and abuse laws, anti-referral laws and corporate practice of medicine laws; managed care; and health care acquisitions and joint venture arrangements

• She regularly advises clients on the Medicare Anti-Kickback Statute, the Stark Law, the Civil Monetary Penalties Statute, the False Claims Act and other federal and state legal, regulatory and business issues related to the health care industry. She has defended clients in civil, criminal and

administrative investigations, advised on self disclosure and repayments and negotiated Settlement Agreements and Corporate Integrity

Gina Ginn Greenwood

404.589.0009

[email protected]

• Gina Greenwood practices from the Atlanta/Macon offices of Baker Donelson and

concentrates her practice on a wide range of matters, including fraud and abuse (Stark Law, Anti-Kickback Statute and FCA) compliance and investigations; cyber liability and identity theft; HIPAA Privacy and Security Rule compliance and breach notification; IT and certified EHR implementation; meaningful use; EMTALA compliance, CMS and state licensure survey plans of correction responses and hearings; Joint Commission training and compliance; self reporting; risk management strategies; peer review; corporate

health care transactions; contract drafting and general business advice; and many other regulatory matters pertinent to all types of health care entities and companies.

• Gina has authored numerous health care materials and is a frequent speaker for Georgia

Hospital Association and professional compliance organizations on fraud and abuse, HIPAA compliance, data breaches and EMTALA compliance.

EARLY OIG VOLUNTARY COMPLIANCE GUIDANCE

Compliance Program Guidance for Nursing Facilities (2000) (65 Fed. Reg. 14289)

• Listed 7 basic elements • Listed risk areas to include

− Quality of care and residents’ rights − Employee screening

− Billing and cost reporting

− Vendor relationships (kickbacks, inducements and self-referrals) and

EARLY OIG VOLUNTARY COMPLIANCE GUIDANCE (cont.)

Supplemental Compliance Program Guidance for Nursing Facilities (2008) (73 Fed. Reg. 56832)

• Recommended regular periodic review of implementation and execution of compliance programs

• Reiterated 7 basic elements

• Expanded discussion of risk areas of − Quality of care

− Accurate claims submissions − Federal Anti-Kickback law

− HIPAA privacy and security rules − Stark physician self-referrals

SEVEN BASIC ELEMENTS

1) Compliance Officer and Compliance Committee

2) Compliance Policies and Procedures, including Standards of Conduct

3) Open Lines of Communication 4) Training and Teaching

5) Internal Monitoring and Auditing 6) Response to Detected Deficiencies 7) Enforcement of Disciplinary Standards

POTENTIAL RISK AREAS – 2008 OIG SUPPLEMENTAL

GUIDANCE

• Quality of Care Risk Areas − Sufficient staffing

− Implementation of comprehensive resident care plans − Proper medication management

− Appropriate use of psychotropic medications, including use of chemical restraints and avoidance of unnecessary drugs

− Resident safety, protection from abuse, from staff and other residents

POTENTIAL RISK AREAS – 2008 OIG SUPPLEMENTAL

GUIDANCE (cont.)

• Risks Relating to Claims Accuracy

− Classification into appropriate RUG assignments

− Delivery of therapy services, including proper utilization of RUG classifications

− Adequate screening for individuals and entities excluded from federal health care programs

− Provision of restorative and personal care services (care to avoid pressure ulcers, active and passive range of motion, ambulation, fall prevention, incontinence management, bathing, dressing and grooming activities)

POTENTIAL RISK AREAS – 2008 OIG SUPPLEMENTAL

GUIDANCE (cont.)

• Anti-Kickback Law Areas of Scrutiny

− Provision of free goods or services to a referral source as kickback (examples - pharmaceutical consultant, laboratory

services, computers and software with independent value, DME) − Use of service contracts to hide payments for referrals

− Discount arrangements, including price reductions and swapping − Relationships between hospices and nursing homes designed to

induce referrals

ANNUALLY UPDATE PROGRAM DISCUSSION AND

POLICIES ON RISK AREAS

• OIG Work Plan, Advisory Opinions, Special Fraud Alerts, Advisory Bulletins and Inspection and Audit Reports

• RAC Issues Lists

• Survey Report Deficiencies

• Quality Assessment and Assurance Committee reports • Ombudsman’s Identified Quality of Care Risk Areas • Facility’s Pepper Report

CURRENT COMPLIANCE RISKS

• FY 2016 Work Plan

− National Background Check Program for long term care employees

− Skilled Nursing Facility prospective payment requirements − Hospice general inpatient care

CURRENT COMPLIANCE RISKS (cont.)

• FY 2015 Work Plan

− Medicare Part A billing by skilled nursing facilities

− Questionable billing patterns for Part B services during nursing home stays

− State agency verification of deficiency corrections

− Program for national background checks for long term care employees

− Hospitalizations of nursing home residents for manageable and preventable conditions

AUDIT SCRUTINY AND WHISTLEBLOWER ACTIONS

• High % of ultra-high therapy RUGs • RUG rate upcoding

• Average length of stay

• Billing Medicare for stays that do not qualify for Medicare

reimbursement, such as not having a qualifying stay in a hospital prior to being transferred to the SNF

• Billing Medicare for more than 150 days for one spell of illness • Physician certifications

RECENT CASES AND INVESTIGATIONS

• HCR ManorCare

Government intervened in three whistleblower cases and filed a consolidated complaint against HCR ManorCare alleging that ManorCare knowingly and routinely submitted false claims to

Medicare and Tricare for rehabilitation therapy services that were not medically reasonable and necessary

RECENT CASES AND INVESTIGATIONS (cont.)

• Amedisys Inc.

$150 million to the federal government to resolve allegations that from 2008 to 2010 it billed Medicare for nursing and therapy

services that were medically unnecessary or provided to patients who were not homebound, and otherwise misrepresented patients’ conditions to increase payments

AFFORDABLE CARE ACT

• New tools to improve oversight and enforcement of Skilled Nursing Facilities (SNF) and Nursing Facilities (NF)

• Section 6102 (b) – Mandates SNF and NF to have effective Compliance and Ethics (C&E) Programs

− Must have C&E program that effectively prevents and detects

criminal, civil, and administrative violations and promotes quality of care (March 23, 2013)

− C&E programs must include “core elements” (to be defined by HHS in regulation)

− Must periodically reassess program and identify needed changes − HHS to evaluate and report to Congress (March 2015)

• Section 6401 – Providers of medical or other items or services or

suppliers within a particular industry sector or category shall establish a compliance program as a condition of enrollment in Medicare, Medicaid

PROPOSED RULE - July 16, 2015

• Updates and revises Long Term Care Facility Requirements of

Participation and includes implementation of provisions from Affordable Care Act

− Section 6102(b) of ACA, Compliance and Ethics Program − Section 6102(c) of ACA, Quality Assurance and Performance

Improvement (QAPI)

− Section 6703(b)(3) of ACA, Reporting to Law Enforcement Suspicion of Crimes

− Section 6121 of ACA, Dementia and Abuse Training

− Section 2 of the IMPACT Act, Discharge Planning Requirements for SNFs

CURRENT AND PROPOSED REGULATION

Current

• 42 C.F.R. § 483.75(b) – must be “in compliance with all applicable Federal, State and local laws, regulations and codes . . .”

• 42 C.F.R. § 483.75(c)) – must be in compliance with “the applicable provisions of other HHS regulations, including but not limited to

those pertaining to fraud and abuse” (42 C.F.R. part 455) Proposed

• Added new 42 C.F.R. § 483.85 entitled “Compliance and Ethics Program”

42 C.F.R. § 483.85

General Rule:

• Beginning on [1 year after the effective date of the final rule], the operating organization for each facility must have in operation a compliance and ethics program that meets the requirements of this section.

42 C.F.R. § 483.85(a) DEFINITIONS

• Operating organization means the individual(s) or entity that

operates a facility

• Compliance and ethics program means with respect to a facility, a

program of the operating organization that –

− Has been reasonably designed, implemented, and enforced so that it is likely to be effective in preventing and detecting criminal, civil, and administrative violations under the SSA and in

promoting quality of care; and

42 C.F.R. § 483.85(a) DEFINITIONS (cont.)

• High-level personnel means individual(s) who have substantial

control over the operating organization or who have a substantial role in the making of policy within the operating organization

• CMS Comments:

− Examples: director, executive officer, individual in charge of major business or functional unit, individual with a substantial ownership interest

− Intent: only individuals who exercise the greatest control over operating organization are to have overall responsibility and oversee its compliance and ethics program

REQUIRED COMPONENTS FOR ALL FACILITIES

1. Have written compliance and ethics standards, policies and procedures

2. Assign high-level personnel with overall responsibility to oversee compliance

3. Provide sufficient resources and authority to specified high-level personnel

4. Exercise due care in delegating discretionary authority 5. Communicate standards, policies and procedure

6. Take reasonable steps to achieve compliance

7. Assure consistent enforcement through disciplinary action

8. Take all reasonable steps to respond to violations and prevent further violations

COMPONENTS

1. Have written compliance and ethics standards, policies and procedures

 Must be reasonably capable of reducing the prospect of criminal, civil, and administrative violations under the Act and promote

quality of care

 Designate appropriate contact to which individuals may report suspected violations

 Have alternate method of reporting suspected violations anonymously without fear of retribution

 Set out disciplinary standards with consequences for committing violations for

 entire staff;

COMPONENTS (cont.)

2. Assign high-level personnel with overall responsibility to oversee compliance

− Assign high-level personnel with overall responsibility to oversee compliance with the operating organization's compliance and ethics program's standards, policies, and procedures

 the chief executive officer (CEO)

 members of the board of directors or

COMPONENTS (cont.)

3. Provide sufficient resources and authority to specified high-level personnel

− Provide sufficient resources − Delegate authority

COMPONENTS (cont.)

4. Exercise due care in delegating discretionary authority

− Cannot delegate substantial discretionary authority to individuals who the operating organization knew, or should have known

through the exercise of due diligence, had a propensity to

engage in criminal, civil, and administrative violations under the Social Security Act.

COMPONENTS (cont.)

5. Communicate standards, policies and procedure

− Must effectively communicate the standards, policies, and procedures to

 entire staff

 individuals providing services under a contractual arrangement

 volunteers, consistent with the volunteers' expected roles − Must have mandatory participation in training as set forth at §

483.95(f) or orientation programs

− Must disseminate information that explains in a practical manner what is required under the program

COMPONENTS (cont.)

6. Take reasonable steps to achieve compliance

− Monitoring and auditing systems reasonably designed to detect criminal, civil, and administrative violations under the Social Security Act by any of

 staff,

 individuals providing services under a contractual arrangement, or

 volunteers

− Having in place and publicizing a reporting system to report violations by others anonymously within the operating

organization without fear of retribution

COMPONENTS (cont.)

7. Assure consistent enforcement through disciplinary action − Consistent enforcement of the operating organization's

standards, policies, and procedures through appropriate disciplinary mechanisms

− Includes discipline of individuals responsible for the failure to detect and report a violation to the compliance and ethics program contact identified in the operating organization's compliance and ethics program

COMPONENTS (cont.)

8. Take all reasonable steps to respond to violations and prevent further violations

− After a violation is detected, must ensure that all reasonable

steps identified in its program are taken to respond appropriately to the violation and to prevent further similar violations, including any necessary modification to the program to prevent and detect criminal, civil, and administrative violations under the Act

ADDITIONAL REQUIRED COMPONENTS FOR OPERATING

ORGANIZATIONS WITH FIVE OR MORE FACILITIES

• Operating organizations that operate five or more facilities must also include, at a minimum, the following components in their compliance and ethics program:

(1) A mandatory annual training program on the operating

organization's compliance and ethics program that meets the requirements set forth in § 483.95(f)

(2) A designated compliance officer for whom the operating organization's compliance and ethics program is a major

responsibility. This individual must report directly to the operating organization's governing body and not be subordinate to the

general counsel, chief financial officer or chief operating officer (3) Designated compliance liaisons located at each of the operating

TRAINING FOR COMPLIANCE AND ETHICS PROGRAM

• 42 CFR § 483.95(f)

• Mandatory annual compliance and ethics program training program must be

• (1) An effective way to communicate program's standards, policies, and procedures through a training program or in another practical manner which explains the requirements under the program

• (2) Annual training if the operating organization operates five or more facilities

OTHER MANDATED TRAINING UNDER 42 CFR

• Training topics must include but are not limited to — − Communication

− Residents’ rights and facility responsibilities − Abuse, neglect and exploitation

− Quality assurance and performance improvement − Infection control

− Required in-service training for nurse aides − Required training of feeding assistants

ANNUAL REVIEW

• The operating organization for each facility must review its

compliance and ethics program annually and revise its program as needed to reflect changes in all applicable laws or regulations and within the operating organization and its facilities to improve its performance in deterring, reducing, and detecting violations under Act and in promoting quality of care

EXAMPLE POLICIES AND PROCEDURES

• Billing and Cost Reporting

• Contracting with Referral Sources • Compliance Hotline

• Conflict of Interest

• Employee Licensing and Certification • Employee Screening

• Vendor Relationships/Gifts

• Investigation of Compliance Issues • Required Education and Training • Monitoring and Periodic Auditing • Non-Retaliation

SAMPLE POLICIES AND PROCEDURES (cont.)

• Physician Agreements (Medical Director, Leases, etc.) • Quality Assessments and Assurance Committee

• Quality of Care − Sufficient Staffing − Care Plans − Medical Management − Resident Safety − Quality of Life • Record Retention

• Recordkeeping and Documentation • Red Flag Policy/Procedure

SAMPLE POLICIES AND PROCEDURES (cont.)

• Resident Inducements • Resident Referrals • Residents’ Rights

• HIPAA - Protection of PHI

• Therapy Contracts and Services • Vendor Agreements

INDICATORS OF INEFFECTIVE COMPLIANCE PROGRAM

• Compliance officer does not report directly to the board/CEO • No Compliance Committee

• No reporting system in place

• Employees are afraid of retaliation by supervisor/management • Program does not audit; no formal audit plan

• Limited scope of response to results of investigations • Repeated occurrence of deficiencies

• Ineffective disciplinary actions

• Allegations are not effectively investigated

QUESTIONS FOR . . .

Jonell B. Beeler Gina G. Greenwood

Shareholder Shareholder

Jackson, Mississippi Atlanta, Georgia

601.351.2427 office 404.589.0000 office

BAKER DONELSON FOOTPRINT

Baker, Donelson, Bearman, Caldwell & Berkowitz, PC has civil and criminal litigators and fraud and abuse compliance attorneys who represent clients across the U.S. from offices located in Alabama, Florida, Georgia,