Copyright © Balch & Bingham LLP. All rights reserved Compliance, Disclosures and Enforcement: déjà vu All over Again 3 rd Annual Mississippi Hospital Association Health Law Conference Madison, Mississippi April 6, 2011 Dinetia M. Newman

Copyright © Balch & Bingham LLP. All rights reserved 2 Topics Covered  Voluntary v. Mandatory Compliance Programs  What to Do? Where to Start?  Compliance – The Four-legged Stool  Regulatory Agencies Focus on Four Risk Areas  Recipe for Compliance Program Effectiveness  Self-Assessment – Strategies  Organizational and Operational Best Practices

Copyright © Balch & Bingham LLP. All rights reserved 3 Voluntary v. Mandatory Compliance Programs

Copyright © Balch & Bingham LLP. All rights reserved 4 Voluntary Compliance Program  “The OIG believes that a basic framework for any voluntary compliance program begins with a review of the seven basic components of an effective compliance program. A review of these components provides [providers and suppliers] with an overview of the scope of a fully developed and implemented compliance program. The following list of components, as set forth in previous OIG compliance program guidances, can form the basis of a voluntary compliance program for a [provider or supplier]…” »65 Fed. Reg. 59,436 (October 5, 2000)

Copyright © Balch & Bingham LLP. All rights reserved 5 Voluntary Compliance Program OIG Compliance Program Guidance for Hospitals (2/23/1998)  Conducting internal monitoring and auditing  Implementing compliance and practice standards  Designating a compliance officer or contact  Conducting appropriate training and education  Responding appropriately to detected offenses and developing corrective action  Developing open lines of communication; and  Enforcing disciplinary standards through well-publicized guidelines

Copyright © Balch & Bingham LLP. All rights reserved 6 Voluntary Compliance Program OIG Supplemental Compliance Program Guidance for Hospitals (1/31/05)  Focuses on application of compliance program guidance in connection with OIG-perceived risk areas  Fraud and abuse risk areas  Submission of accurate claims and information  Self-referral issues (Stark law and Federal Anti-Kickback statute issues)  Emergency Medical Treatment and Labor Act  Payments to reduce or limit services: gainsharing arrangements  Substandard care  Relationships with Federal health care beneficiaries  Discounts to uninsured patients  Preventive Care Services  Profession Courtesy  OIG focus directed to effective hospital compliance programs involving hospital’s governing body and management’s commitment, structures and process to create effective internal controls and regular self-assessment and enhancement of the existing compliance program  Evidence of and effective compliance program includes self-reporting of misconduct following discovery of credible evidence from any source and following a reasonable enquiry Note:OIG mentioned as early as days as being reasonable to report misconduct.

Copyright © Balch & Bingham LLP. All rights reserved 7 OIG’s PPACA Mandate Keynote Address Delivered by Daniel R. Levinson, Inspector General of DHHS, at the HCCA Annual Compliance Institute (April 19, 2010): PPACA program integrity provisions include authorities and requirements to:  strengthen provider and supplier enrollment standards and enhance screening;  address certain misalignments between Medicare and Medicaid reimbursements and market prices and create new links between payment and quality;  promote compliance with program requirements, including by requiring providers to implement compliance programs;  enhance program oversight, including by requiring greater reporting and transparency and by improving data access and coordination among government agencies; and strengthen the Government’s response to health care fraud and abuse through new enforcement authorities and tools.

Copyright © Balch & Bingham LLP. All rights reserved 8 PPACA Includes Mandatory Compliance Requirements  Mandatory Compliance Program for All Providers  Condition of enrollment in the Medicare program that classes of providers and suppliers implement compliance programs  Secretary discretion to dictate timelines for implementation, types of providers and suppliers required to adopt compliance programs  Secretary to develop core elements for each class of provider or supplier required to adopt programs  September 23, 2010 – CMS requested comments from providers and suppliers on using as core measures the seven elements from Chap. 8 – Federal Sentencing Guidelines Manual  Note: Medicare Advantage plans were required to have an “effective” compliance “program” as of January 1, PPACA sets March 23, 2012 as date for HHS’s issuance of compliance program requirements for nursing homes.

Copyright © Balch & Bingham LLP. All rights reserved 9 What to Do? Where to Start?

Copyright © Balch & Bingham LLP. All rights reserved 10 Start where you are with what you have!

Copyright © Balch & Bingham LLP. All rights reserved 11 Compliance as a Four-Legged Stool  4 Major Risk Areas for Hospitals  Referral relationships  Billing and coding governmental and commercial payors  Privacy and security of patient information  Quality Issues

Copyright © Balch & Bingham LLP. All rights reserved 12 Government Advice and Enforcement in Risk Areas

Copyright © Balch & Bingham LLP. All rights reserved 13 Government Advice and Enforcement – Referral Relationships  OIG Training & Publications  OIG Health Care Fraud Prevention and Enforcement Action Team: Provider Compliance Training –  Physician Education Training Manuals –  OIG Compliance Resource Material –

Copyright © Balch & Bingham LLP. All rights reserved 14 Government Advice and Enforcement – Referral Relationships

Copyright © Balch & Bingham LLP. All rights reserved 15 Government Advice and Enforcement – Referral Relationships

Copyright © Balch & Bingham LLP. All rights reserved 16 Government Advice and Enforcement – Referral Relationships

Copyright © Balch & Bingham LLP. All rights reserved 17 Government Advice and Enforcement – Referral Relationships  Enforcement  United States ex rel. Drakeford v. Tuomey Healthcare System, Inc. – Allegations of Anti-kickback/Stark/False Claims Act Violations  Tuomey Hospital, Sumter, S.C.  Surgeons employed part-time for Outpatient Surgery Center  Justice Department alleged compensation exceeded fair market value  Hospitals obtained 2 valuation analyses and relied on opinions  During trial, hospital placed attorney/client privileged communications in record (reliance on advice of counsel)  Jury awarded $49.4 Million for Stark violations, dismissed FCA claim  June 3, 2010 – District Court granted motion for new trial on FCA claims  Based on ruling that certain government evidence was earlier excluded  According to government statements, FCA trial’s focus will be on hospital’s knowledge of whether employment agreements violated Stark law

Copyright © Balch & Bingham LLP. All rights reserved 18 Government Advice and Enforcement – Referral Relationships  Enforcement  United States ex rel. Singh v. Bradford Regional Medical Center, et al  Bradford Regional Medical Center, Bradford, PA  Lease of nuclear camera by hospital from physician group – competitor physician group filed qui tam lawsuit alleging Stark law violation (did not meet exception), Anti-kickback violation (false certification) and False Claims violations  Government did not intervene  Court could not determine intent for FCA and A/K purposes; but, lease did not satisfy any Stark exception  Issues: whether compensation meets fmv definition even if written valuation report is obtained (lease plus covenant not to compete compensation); whether fixed compensation can “take into account” volume/value of physician referrals; when is there a failure to be “set out in writing”

Copyright © Balch & Bingham LLP. All rights reserved 19 Government Advice and Enforcement – Referral Relationships  OIG Provider Self-Disclosure Protocol (Anti-kickback)  October 30, 1998  Allows provider community to voluntarily disclose self-discovered evidence of potential fraud with purpose of avoiding cost and/or length and disruption of government investigation  Opportunities for reduced penalties CMS Voluntary Self-Referral Disclosure Protocol (Stark)  September 23, 2010 – mandated by Section 6409 of PPACA  Allows suspension of 60 day repayment timeframe for overpayments  Does not provide bifurcated disclosure process - traditional route for complex disclosures and a fast track with set dollar repayment obligations for certain more procedural violations  Not widely embraced – but 55 disclosures in pipeline (Troy Barsky, CMS)

Copyright © Balch & Bingham LLP. All rights reserved 20 Billing and Coding - Governmental and Commercial Payers  CMS  Audits:  RACs - errors  CERT – Comprehensive Error Rate Testing - errors  PSCs – Program Safeguard Contractors - fraud  ZPICs – Zone Program Integrity Contractors – fraud  Enrollment  Medicaid  Audit MICs – Medicaid Integrity Contractors - fraud  Medicaid Fraud Control Unit - fraud  PERM - errors

Copyright © Balch & Bingham LLP. All rights reserved 21 Billing and Coding - Governmental and Commercial Payers

Copyright © Balch & Bingham LLP. All rights reserved 22 Billing and Coding - Governmental and Commercial Payers

Copyright © Balch & Bingham LLP. All rights reserved 23 Privacy and Security of Patient Information  HHS/OCR Rulemaking  HIPAA—August 1996  Privacy Rule—April 2003  Security Rule—April 2005  Enforcement Rule—March 2006  American Reinvestment and Recovery Act (“ARRA”)—February 17, 2009  Health Information Technology for Economic and Clinical Health Act (“HITECH”)—ARRA Division A, Title XIII – Health Information Technology, § et seq

Copyright © Balch & Bingham LLP. All rights reserved 24 Privacy and Security of Patient Information  HHS/OCR Enforcement – Cignet Health of Prince George’s County, Maryland  Family physician practice group with four locations and health insurance plan  Nature of breach  Failure to provide 41 individuals timely access to medical record copies  Failure to cooperate with HHS in OCR’s investigation of patient complaints  Failure to correct violations within 30 days of when Cignet knew or with exercise of reasonable diligence would have know of violations  Penalties Imposed  $100 per day (13,516 days) for failure to provide medical records to patients (total $1.3 million)  $50,000 per day (7,478 days) for failure to cooperate with HHS/OCR (total $3 million)

Copyright © Balch & Bingham LLP. All rights reserved 25 Privacy and Security of Patient Information  General Hospital Corporation & Massachusetts General Physicians Organization, Inc. (Mass General)  Nature of Breach  Patients’ charts removed from Mass General’s Infectious Disease Associates outpatient practice and inadvertently left on subway train  Documents included billing and encounter forms with name, date of birth, medical record number, health insurer and policy number, diagnosis and name of provider  Also included daily office schedules with names and medical record numbers of 192 patients (including patients with HIV/Aids)  Settlement Terms  Immediate payment of $1 million dollars  3 year Corrective Action Plan requiring policy and procedure development regarding physical removal and transportation of documents containing PHI, encryption of laptops and USB drives, processes to distribute and update policies and procedures, workforce training, designation of monitor for assembling annual report to HHS

Copyright © Balch & Bingham LLP. All rights reserved 26 Quality Issues – Reports - Roundtables

Copyright © Balch & Bingham LLP. All rights reserved 27 QUALITY ISSUES – GOVERNING BODY

Copyright © Balch & Bingham LLP. All rights reserved 28 Quality Issues – CMS Enforcement  Hospital Inpatient Quality Reporting Program (IQR) (formerly Reporting Hospital Quality Data for Annual Payment Update – RHQDAPU)  Reporting of annual quality measures or 20% reduction in annual market basket update  FY 2017 – Dollars Potentially at Risk - Base DRG payments – 6%  Hospital-acquired conditions – 1% starting FY 2015  Readmission – 1% - 3% - phased in over three years starting in FY 2013  Value-Based Purchasing – 1% - 2% reduction starting in FY 2013 (phased in over four years with the opportunity to recoup full amount plus)

Copyright © Balch & Bingham LLP. All rights reserved 29 Recipe for Compliance Program Effectiveness: Governmental Requirements, Audits, Expectations and Enforcement

Copyright © Balch & Bingham LLP. All rights reserved 30 Recent Governmental Compliance Program Requirements/Enforcement  Medicare Advantage and Part D Plans  Effective 1/1/2011, MA and Part D plans must adopt and implement an effective compliance program  Program must  Prevent, detect, and correct noncompliance with CMS program requirements  Contain measures that prevent, detect, and correct fraud, waste, and abuse  Contain the 7 core elements of a compliance program  Compliance Officer and Compliance Committee must  Report to CEO or other senior management  Report periodically to governing body

Copyright © Balch & Bingham LLP. All rights reserved 31 Recent Governmental Compliance Program Requirements/Enforcement  Nursing Facilities  PPACA requires HHS Secretary to adopt regulations requiring nursing facilities to implement compliance programs  By March 23, 2012, HHS must promulgate regulations requiring nursing facilities to implement effective compliance programs  The regulations  May include a model compliance program  Must allow for compliance program variations based on organization size (higher standards for organizations with 5 or more facilities)

Copyright © Balch & Bingham LLP. All rights reserved 32 Compliance Program Effectiveness

Copyright © Balch & Bingham LLP. All rights reserved 33 Compliance Program Effectiveness: Where to Start?  Focus on key regulatory obligations  Identify specific hospital risk area by looking at hospital deficiencies; regulators’ lists of key deficiencies; PEPPER reports; OIG Work Plan; OIG list of enforcements  Look at control structure, process, outcomes  Consider involvement of governing body and “C” level executives  Identify way to measure performance: metrics, system to add/deduct points for meeting 7 required elements or lack of structure, processes, regulatory notices, fines, sanctions

Copyright © Balch & Bingham LLP. All rights reserved 34 Compliance Program Effectiveness: Self-Assessment Tool - CMS  Centers for Medicare & Medicaid Services  Self-Assessment Tool - modeled after tools developed by New York State Office of Medicaid Inspector General (OMIG) and HCCA  CMS considering using tool prior to audit to gather information and to aid audit efforts  What is it?  Checklist to evaluate program design, to identify strengths/weaknesses  Tool to identify key components  Not regulatory guidance or list of compliance program requirements

Copyright © Balch & Bingham LLP. All rights reserved 35 Compliance Program Effectiveness: Self-Assessment Tool – New York – OIG Medicaid

Copyright © Balch & Bingham LLP. All rights reserved 36 Compliance Program Effectiveness: Self-Assessment Tool – CMS

Copyright © Balch & Bingham LLP. All rights reserved 37 Compliance Program Effectiveness: Self-Assessment Tool – CMS

Copyright © Balch & Bingham LLP. All rights reserved 38 Compliance Program Effectiveness: Self-Assessment Tool  Example from Balch & Bingham Compliance Assessment Tool

Copyright © Balch & Bingham LLP. All rights reserved 39 Compliance Program Effectiveness: CMS’s Tips for Gauging Non-Effective Compliance Program  According to CMS*, indicators that a compliance program may NOT be effective include:  The compliance officer does not report directly to the board or the chief executive officer of the provider or supplier.  The provider or supplier has no compliance committee.  The compliance program does not include confidential or anonymous reporting of compliance issues.  Employees are afraid to communicate any compliance issues “up the chain” of command.  Audits are infrequent and management disregards data obtained through monitoring efforts.  While the provider or supplier responds to incidents, it does not put in place systemic corrections.  Employees who report complaints or other compliance issues receive no or negative recognition.  Discipline is inadequate and inconsistent.  Allegations are not affectively investigated.  In summary, the provider or supplier cannot evidence any systemic efforts to build a strong ethical culture. * American Health Lawyers Association Practice Group Brown Bag Luncheon- February 11, 2011

Copyright © Balch & Bingham LLP. All rights reserved 40 QUESTIONS?

Copyright © Balch & Bingham LLP. All rights reserved 41 Thank You Balch & Bingham LLP 401 East Capitol Street, Suite 200 Jackson, MS Dinetia M. Newman