Session #410 I Care, You Care, We All Care About Medicare: A Year in the Mirror and Through the Looking Glass

Panelist Speakers Allison Cova, Corporate Counsel, Dignity Health Darci Teobaldi, General Counsel, Advanced Bionics Courtney Cox, Vice President, WellCare Health Plans Jana Anderson, Partner, Foley and Lardner

Corporate Compliance and Individual Accountability Healthcare Industry Developments

Discussion Topics DOJ Compliance Counsel Expert Yates Memo Updated OIG Permissive Exclusion Criteria Recent Corporate Integrity Agreement (CIA) Provisions

DOJ Compliance Counsel Expert In July 2015, DOJ Fraud Section announced it was going to hire Compliance Counsel to assist Fraud Section Prosecutors with: – assessing a company’s program and testing the validity of company’s claims about its program – tailoring remedial compliance measures as part of a resolution with a company In November 2015, DOJ appointed Hui Chen, a former federal prosecutor

DOJ Compliance Counsel Expert “The Criminal Division will continue to review companies’ compliance programs as one of the many factors to be considered when deciding whether to criminally charge a company…our hiring of a compliance counsel should be an indication to companies about just how seriously we take compliance.” – U.S. Assistant Attorney General Leslie R. Caldwell, SIFMA Compliance and Legal Society New York Regional Seminar

DOJ Compliance Counsel Expert U.S. Assistant Attorney General Leslie R. Caldwell mentioned several metrics the Compliance Counsel will use to assess a program, including:  Does management provide strong, visible support for compliance policies?  Are policies clear and in writing? Easily Understood? Effectively Communicated?  Are there mechanisms to enforce policies?

Yates Memorandum On September 9, 2015, Deputy Attorney General, Sally Quillian Yates, issued a memorandum (the Yates Memo) regarding individual accountability for corporate wrongdoing Provides guidance for both criminal and civil investigations Emphasis on accountability for those individuals responsible for the illegal corporate conduct

Yates Memorandum To qualify for any cooperation credit, corporations must provide DOJ all relevant facts relating to the individuals responsible for the misconduct Absent extraordinary circumstances, the DOJ will not release culpable individuals from civil or criminal liability when resolving a matter with a corporation Pursuit of civil action against culpable individuals should be based on considerations beyond that individual’s ability to pay

OIG Permissive Exclusion Authority Under Section 1128(b)(7) of the Social Security Act (the Act), the OIG may exclude any individual or entity from participation in the Federal health programs for engaging in conduct prohibited by sections 1128A or 1128B of the Act.

OIG Permissive Exclusion Authority On April 18, 2016, OIG issued a revised policy containing the new criteria for implementing its permissive exclusion authority under section 1128(b)(7). – Used in context of FCA settlements and other civil and criminal statutes The new guidelines supersede and replace the OIG’s December 24, 1997 policy statement

OIG Permissive Exclusion Authority OIG evaluates health care fraud cases on a continuum

OIG Permissive Exclusion Authority OIG weighs various factors to determine where a person falls on the compliance risk spectrum Factors fall into 4 broad categories:  Nature and circumstances of conduct  Conduct during the Government’s investigation  Significant ameliorative efforts  History of compliance Each factor indicates a higher risk, a lower risk or is neutral to the assessment

OIG Permissive Exclusion Authority Key factors from revised policy: Existence of a compliance program that incorporates the 7 elements of an effective compliance program does not affect the risk assessment. Absence of a compliance program that incorporates the 7 elements of an effective compliance program indicates higher risk. If the entity has devoted significantly more resources to the compliance function, this indicates lower risk. If the person has a history, prior to becoming aware of the investigation, of significant self-disclosures made appropriately and in good faith to OIG, CMS or CMS contractors, indicates lower risk.

OIG Permissive Exclusion Authority Key factors cont’d: In the case of an entity, if individuals with managerial or operational control at or on behalf of the entity organized, led or planned the unlawful activity, this indicates higher risk. If the person initiated an internal investigation before becoming aware of the Government’s investigation to determine who was responsible for the conduct and shared the internal investigation with the government, this indicates lower risk. If the person self-disclosed the conduct cooperatively and in good faith as a result of the internal investigation, prior to becoming ware of the Government's investigation, this indicates lower risk.

What is a Corporate Integrity Agreement? Agreement with HHS-OIG in connection with civil health care fraud settlement Requires entity or individual to implement (or continue) certain integrity obligations for a period of years Obligations are based on 7 elements of an effective compliance program In exchange for waiver of OIG’s permissive exclusion authority

Importance of CIA’s to Non-CIA Obligated Providers OIG uses CIAs to communicate prudent approaches to compliance program design OIG views CIAs as a form of industry compliance guidance The ability to demonstrate a company’s proactive effort to comply with CIA standards often benefits companies when reviewed by Government enforcement agencies

Common CIA Requirements Compliance Officer Compliance Committee Board Oversight Code of Conduct Policies and Procedures Training Plan Ineligible Screening Overpayment Reporting and Refunding Policies Disclosure Program

Recent CIA Provisions Over the past 18 months there have been significant CIA developments, including: – Enhanced Individual Accountability Board Certifications Enhanced Management Certifications Executive Financial Recoupment – Expectation of Risk Assessment and Internal Review Process – Retention of Compliance Expert

Board Certifications

Enhanced Management Certifications

Executive Financial Recoupment

Risk Assessment and Internal Review Process

Retention of a Compliance Expert

Conclusion As the DOJ and OIG’s emphasis on effective compliance programs increases, the role and significance of the compliance function within an organization will become greater Increased importance on timely, effective investigations and internal remediation Underscores need for communication and reporting to Senior Management and Board regarding company’s compliance program efforts

OIG Review of Medical Device Replacements What to do when you get the “informal” OIG contact

Office of Inspector General (OIG) is carrying out its mission of protecting the integrity of the Department of Health and Human Services (HHS) programs, as well as the health and welfare of beneficiaries served by:  AUDITS  Resulting repayment by the providers  Lost time  Attorneys fees and costs

Tufts Medical Center  Audit of defective medical (cardiac)device replacement  Matched the warranty credits that medical device companies issued to Tufts from CY  Finding 18 claims in which Tufts billed for replaced medical device

Tufts Medical Center  14 of those 18 claims were improperly billed  Tufts lacked oversight and coordination to correctly report credits  Found inpatient vs outpatient billing errors

Manufacturer Involvement  Informal OIG contact to device company  Phone   Review of device company credit/ warranty process

Manufacturer Involvement  Creation and review of OIG requested report  Explanation of report to OIG?  Communication to provider of report?  Review of response with counsel?  Lost time and expense

 Traditional False Claim = any person who (1) knowingly submits a false claim to the government (2) knowingly makes a false record or statement to get paid by the government THINK: Express Certification /Implied Certification §§ 3729(a)(1)(A) and (B)  Reverse False Claim = any person who knowingly makes a false record or statement material to an obligation to pay money to the government, or knowingly and improperly avoiding an obligation to pay money to the government § 3729(a)(1)(G) THINK: Overpayments  Conspiracy = any person who conspires to commit a violation of the FCA § 3729(a)(1)(C)

 Claim Defined § 3729(b)(2) Demand for money or property made:  Directly to the federal government or  To a government contractor if the money is to be spent on the government’s behalf or if the government will reimburse the contractor  Knowledge Standard § 3729(b)(1)  More than negligence; knowledge of falsity needed; filing a false claim isn’t enough  Knowledge = (1) actual knowledge, (2) deliberate ignorance of the truth or falsity of the information, or (3) reckless disregard of the truth or falsity of the information  No specific intent to defraud required; reckless disregard enough

 Damages and Penalties:  Actual damages – TREBLED!!  Civil monetary penalties of $5,500 to $11,000 PER CLAIM! (And can apply even if no actual damages)  Attorneys fees and costs  Other:  Exclusion from federal healthcare programs  Cost of responding  Reputational expense  Retaliation Actions:  Reinstatement  Double back pay and interest  Special damages: attorneys fees and costs and emotional distress

Qui Tam Complaint Under seal Served on U.S. Attorney Government Investigation and Decision to Intervene 60 days but routinely extended Unsealing of Complaint Government decline to intervene relator can still proceed Litigation Bars to action include “first to file” and “public disclosure” bars Judgment and Potential Award to Relator Government Intervenes = Relator receives 15-25% Government Declines to Intervene = Relator receives 25-30%

FCA Trends Risk Adjustment Data Overpayments Marketing and Services Violations Bid Estimates Beneficiary Protections Medical Loss Ratio

Universal Health Services v. U.S. ex rel. Escobar,136 S. Ct. 582 (U.S. 2016)  MISLEADING MATERIAL REPRESENTATIONS BY OMISSION:  Implied Certification Theory upheld in cases where the claim for payment “makes specific representations about the goods or services provided” and “a defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths”  Demanding materiality standard potentially helpful to defendants? Express conditions of payment relevant – but not always enough Government consistently pays claim despite its knowledge of noncompliance to express term, then not material “What matters is not the label that the Government attaches to a requirement, but whether the defendant knowingly violated a requirement that the defendant knows is material to the Government’s payment decision”

40

41

ACA Statutory Requirement ■On March 23, 2010, ACA § 6402(a) (codified at SSA § 1128J(d)) set forth the statutory 60-day overpayment requirement. ■The Statute requires a person who has received an overpayment: −to report and return the overpayment to the government agency/contractor and −to notify the agency/contractor in writing of the reason(s) why the overpayment was returned. 42

ACA Statutory Requirement ■Further, the Statute set the 60-day rule stating that the overpayment must be reported and returned by the later of: −the date which is 60 days after the date on which the overpayment was identified, or −the date any corresponding cost report is due, if applicable. ■Overpayments retained after the deadline for reporting and returning an overpayment become an “obligation” under the Federal False Claims Act, subject to treble damages and per claim penalties. 43

Scope of the ACA Statutory Requirement 44

Overpayment Regulations ■On May 23, 2014, CMS published the Medicare Parts C and D Final Rule. ■On February 12, 2016, CMS published the Medicare Parts A and B Final Rule, which we will discuss today. ■No final rule has been published that addresses Medicaid requirements. 45

Questions Addressed by Final Rule ■Confusion regarding the requirements, scope and impact of the ACA Statutory Requirement −What does “identification” mean?  Does the clock start when you get the hotline call?  Do you have to audit the issue, calculate the repayment and repay within 60 days? −How far back do you have to go?  RACs go back 3 years; FCA goes back either 6 or 10 years; CMS has gone back 4 years for reopenings (absent fraud or similar fault) 46

47

Key Aspects of the Final Rule ■6-Year Lookback Period −Amended reopening period ■What does it mean to identify an overpayment? −Reasonable diligence −Quantification −6-month period ■Refund Processes ■Underpayments 48

Six-Year Lookback Period (cont.) ■Six years is consistent with: −CMPL statute of limitations −Basic statute of limitations under FCA ■But longer than current 4-year reopening period and longer than period CMS has required providers to review under SRDP for Stark Law. ■There is a duty to go back beyond 3-year RAC recoveries or other government recoveries if less than the 6-year time period. 49

What does it mean to “identify” an overpayment? ■Not defined in the ACA ■Not just actual knowledge ■Final Rule removed the Proposed Rule’s specific reference to the reckless disregard and deliberate ignorance standards 50

What does it mean to “identify” an overpayment? (cont.) ■Providers have an obligation to exercise “reasonable diligence” through “timely, good faith investigation of credible information” ■Determining whether information is sufficiently credible to merit an investigation is fact specific 51

What does it mean to “identify” an overpayment? (cont.) ■CMS makes clear that identification requires both proactive and reactive auditing of Medicare billing. ■Merely auditing based on compliance hotline calls or issues raised by staff is insufficient. ■Even if an overpayment is the result of a mistake, not fraud and abuse, the provider still has an obligation to report and return the overpayment under the ACA and Final Rule. 52

What does it mean to “identify” an overpayment? (cont.) ■An overpayment is not “identified” until the amount of refund has been “quantified” ■60-day clock does not start running until after the reasonable diligence period has concluded, which may take “at most 6 months from receipt of credible information, absent extraordinary circumstances” ■That means an 8-month period: −6 months for timely investigation; plus −60 days for reporting and returning of the overpayment 53

What does it mean to “identify” an overpayment? (cont.) ■“Extraordinary circumstances” include: −Complex internal investigations −Stark Law issues (under CMS Voluntary Self-Referral Disclosure Protocol ■OIG disclosures under SDP can be completed in two steps: initial disclosure followed within 90 days by internal investigation and self-assessment −OIG SDP two-step process, when appropriate, is well- suited to complex internal investigations 54

Notification & Refund Processes ■Final Rule allows for different refund processes beyond the MAC voluntary refund process. ■Providers can use any appropriate process to return overpayments: −Claims adjustments −Credit Balances −Voluntary offset −OIG Self-Disclosure Protocol −CMS Self-Referral Disclosure Protocol 55

Notification & Refund Processes (cont.) ■CMS specifically stated that it did not want providers to return only a subset of claims identified as overpayments and not extrapolate the full amount of the overpayment: −Do not refund based on specific claims from a probe sample −In most cases, extrapolation can be done in a timely manner consistent with the rule’s identification requirements 56

■You cannot refund with caveats. In other words, you can NOT refund, stating: −“Contested” −“With Reservation” ■You also can NOT, as a practical matter, change your mind or “unring the bell” once you have disclosed an overpayment so take the time on the front end to get it right −While CMS does suggest reopening for correction of a mistake is possible, CMS does not expect it to be a frequent occurrence. ■CMS stated that including one refund coversheet, attaching a spreadsheet with the appropriate data, is acceptable. 57

Underpayments ■“Outside scope” of rulemaking ■CMS declined to extend one-year period to rebill claim ■CMS declined to permit offsets of identified underpayments from identified overpayments ■Underpayments must continue to be resolved under existing reopening rules 58

What Else Did CMS Say? ■No de minimis threshold ■Statistical sampling methodology ■Administrative Burden 59

60

The “writing” and the term ■ The “writing” required by many Stark exceptions can be a collection of documents rather than a single formal contract. (Note: Still must meet signature requirement.) ■ The term of a lease or personal services arrangement need not be in writing if the arrangement continues for at least one year and is otherwise compliant with the Stark Law exception. 61

Holdovers ■ Expired leases and personal services arrangements may continue indefinitely on the same terms if otherwise compliant with the Stark Law exception.  However, CMS cautions that, to be Stark- compliant, an arrangement must comply with the FMV requirement. 62

Signature Exceptions ■ Parties have a 90-day grace period to obtain missing signatures on a written document, regardless of whether the failure to obtain the signatures was inadvertent.  This grace period may only be used once every 3 years with respect to the same referring physician. 63

Split Billing ■ A split billing arrangement is an arrangements where a physician makes use of a hospital’s resources (e.g., examination rooms, nursing personnel and supplies) to treat the hospital’s patients, in which the hospital bills for the resources and services it provides and the physician bills for his or her professional fees only. ■ CMS stated that such “split billing” arrangements do not create a Stark financial relationship. When both the hospital and the physician bill independently for their services, there is no remuneration between the parties. 64

65