United States: Quality Of Care, Medical Necessity, And The Peer Review Process: A Compliance Risk That Every Hospital Should Understand

Previously published in BNA's Health Law Reporter

For more than a decade, the Office of Inspector General (OIG) has encouraged hospitals to focus on strengthening their compliance programs with an eye toward ensuring the medical necessity of the services provided and improving quality of care.1 Despite OIG's guidance, government enforcement actions illustrate the challenges and compliance risks that hospitals face when medical necessity and quality of care concerns arise in the context of the medical staff peer review process.

For example, in 2003, the Tenet Healthcare Corp. paid $54 million to resolve its False Claims Act liability arising from allegations that two cardiologists at its Redding Medical Center performed unnecessary cardiac procedures and surgeries.2 Similarly, Lafayette General Medical Center in Lafayette, La. settled with the government in 2008, paying $1.2 million based upon allegations of unnecessary stenting by a local cardiologist. 3 More recently, in 2010, St. Joseph's Medical Center in Towson, Md., agreed to pay $22 million to resolve its potential False Claims Act liability in connection with allegations that one of its cardiologists implanted more than 500 medically unnecessary cardiac stents.4

While substantial False Claims Act settlements by hospitals hardly are unusual, each of these cases also involved allegations that the hospital was made aware of the conduct, engaged its medical staff peer review process, and, nevertheless, took no action to address the quality of care or medical necessity concerns raised.5 The cautionary tales of these cases require hospitals operating in the current enforcement environment to ask questions including: (1) How did the hospital's process fail to address these quality and compliance issues? (2) Why was there an apparent failure in communication between the peer review process and the compliance function? and (3) What can be done to avoid ending up in similar circumstances?

Background: Peer Review and Compliance

Traditionally, the responsibility for submitting accurate claims lies within the hospital administrative function—billing, coding, cost report preparation. The compliance department educates the employees, audits claims, investigates alleged compliance problems, and recommends refunds. It is responsible for reducing fraud and abuse and helping the hospital fulfil its legal duty to refrain from practices such as submitting false or inaccurate claims or cost information to the federal health care programs.6 Quality of care, on the other hand, was traditionally the responsibility of the medical staff. Physicians oversee the quality of care provided in a hospital by participating in quality assurance activities, acting as advisers to address medical necessity for admission, or by participating in peer review of a particular physician's performance.7 Continual efforts by Congress and CMS to improve quality have forced hospital compliance departments to include issues surrounding claims related to quality of care within their ambit. Despite this increasing mandate, evaluating the medical necessity of a given procedure often will end up last on the list of a compliance officer's concerns when juggling RAC audits associated with the medical necessity for admission, billing for readmissions and hospital-acquired conditions, and appropriate reporting and claims submission for value-based purchasing.

Under state and federal law, peer review is an essential process in a hospital's effort to fulfill its common law duty of exercising due care in selecting and maintaining a competent medical staff while promoting better overall patient care. Federal law requires that peer review actions must be taken (1) in the reasonable belief that the action was in the furtherance of quality health care; (2) after a reasonable effort to obtain the facts of the matter; (3) after adequate notice and hearing procedures are afforded to the physician involved or after such other procedures as are fair to the physician under the circumstances; and (4) in the reasonable belief that the action was warranted by the facts known after such reasonable effort to obtain facts and after meeting the requirement of paragraph (3).8

When the peer review process functions properly, by providing adequate notice and hearing in accordance with the medical staff bylaws, suspected quality problems generally are brought to the attention of the hospital administrator, a medical director, or chief of staff, and may proceed through the peer review process. The results can vary from no action because a determination is made that the physician's judgment was correct, to supervision by another physician because minor practice improvements are warranted, to suspending or terminating the physician from the medical staff. Adverse peer review actions, including any decision that restricts a physician's privileges for more than 30 days, as well as a physician's resignation from the medical staff in the midst of a peer review investigation, must be reported by the hospital to the National Practitioner Data Bank (the data bank).9 The stakes are high, and as a result, the process can be, and usually is, highly charged.

Understanding the Problem: Some Examples

A hospital's compliance risk increases significantly if the medical staff is dysfunctional or otherwise fails to address a troublesome physician who is allowed to continue inappropriate or unsafe treatment. Indeed, these risks increase exponentially when the peer review process is plagued by bias, a lack of will to focus and follow up on a compliance issue, or actions of the medical staff or the hospital administration aimed at suppressing meaningful review.

In the St. Joseph's Medical Center case, for example, the peer review process was ineffective, in part, due to bias because the ''hospital's peer review process permitted Dr. Midei, as Chair of the Cardiology Department, to select cardiology cases, including his own, for peer review.''10 Therefore, ''St. Joseph was unaware of any problems in its catheterization lab until receiving a complaint from a patient concerned about the treatment received.''11

In its settlement of the Lafayette General Medical Center case, federal authorities ''alleged that [Lafayette General] knew from reports of hospital employees and from reports generated by its own internal review processes—that a physician was performing unnecessary procedures at its hospital yet deliberately failed to address the problem.''12 In this case, the lack of attention by the peer review process to compliance concerns played a role in the government's enforcement decisions.

Finally, the most egregious problem of peer review failure results from evidence that a hospital has decided to forgo, or ignore, peer review concerns because the physician involved is a high producer. Indeed, some accounts of the Redding Medical Center matter suggest that the peer review process was suppressed by the hospital administration because of concerns about the profitability of the hospital's cardiac care and surgery program.13

While the alleged suppression of the peer review process in the Redding case seems atypical, the peer review failures in the Lafayette General and St. Joseph's Medical Center matters seem likely to recur. This begs the question of: ''What could have been done to avoid these failures?'' While solving the problems peculiar to those matters is highly fact specific, there are clearly lessons to be drawn from those cases. Generally, addressing these problems begins with understanding the differing institutional roles of peer review versus compliance and recognizing that these two functions, aimed at very different concerns, were not designed to function seamlessly with one another.

Peer Review and Compliance: Two Different Worlds

The peer review process focuses on clinical and patient care concerns—issues that long have been the province of physicians, and physicians alone. In fact, historically the peer review process was founded on the view that physicians of like specialties should evaluate each other's clinical competence as part of the medical profession's obligation to regulate its members.14

Given the unique challenges of having physicians review one another, peer review is a private and, at times, secretive process aimed at permitting review while maintaining professional courtesy between physicians, and avoiding disparagement of medical staff.15 Fortynine of 50 states have adopted statutes that protect the disclosure of peer review information by establishing a statutory peer review privilege.16 Generally, these laws bar the discovery or the introduction into evidence in malpractice actions or lawsuits seeking redress for deprivation of hospital staff privileges any information gathered in the peer review process. The information is kept confidential as a means of promoting candor.17 Furthermore, in an effort to ensure that the peer review privilege is adequately maintained and to protect the confidentiality of the information, hospitals often overcompensate and fail to follow up on the information gathered in the process. Indeed, hospital administrators and employees have been trained for decades to treat the peer review process and its attendant confidentiality as sacrosanct. As a result, the peer review process usually operates within its own silo, set apart from the other functions of hospital administration, unless and until a peer review issue is serious enough to be escalated. At times this results in a process that is prone to internalize clinical deficiencies regardless of whether those deficiencies are accompanied by compliance concerns.

In contrast, an effective compliance program is typically designed to sponsor a culture of openness in which sharing information is encouraged. Employees are trained to report troubling activities and most hospitals provide a reporting mechanism by establishing anonymous compliance hotlines. Additionally, compliance programs require internal investigation and reporting up to the governing board and, in many cases, out to the government.

Obviously, the compliance function only can deal with the issues that are discovered whether through reporting or self evaluative activities. As a result, if there is no system in place to allow the compliance department to learn about and understand the issues being evaluated as part of the peer review process, there is a tremendous risk that information that would trigger compliance concerns will remain sealed within the peer review apparatus and never will be addressed.

The Affordable Care Act Raises the Stakes

Recent refund obligations exacerbate the risks of not having a process to ensure that peer review issues that generate compliance risks come to the attention of the compliance department. Section 6402 of the Patient Protection and Affordable Care Act (Affordable Care Act) established a new section of the Social Security Act entitled ''Reporting and Returning of Overpayments,'' also known as the ''60-Day Repayment Rule.'' The law requires identified overpayments from Medicare or Medicaid to be reported and repaid within 60 days (or when the corresponding cost report is due, if applicable). The failure to report and return an overpayment within the 60-day period causes the overpayment to become an ''obligation'' to the United States, resulting in liability for a reverse false claim under the False Claims Act. 18 While the examples cited demonstrate that a failure by the peer review process to identify and address medical necessity issues can lead to False Claims Act liability, the Affordable Care Act overpayment provision results in liability without any need to demonstrate ineffective peer review. Simple proof that the hospital, in one of its functions, was aware of facts suggesting that there might have been an overpayment and failed to follow up, will be sufficient.

Building a Bridge Between Peer Review and Compliance

The government has made clear that in order ''[t]o successfully discharge their basic obligations to patient safety, hospitals must create and follow reasonable processes as the gatekeeper for safeguarding patients from unscrupulous practitioners who would harm them during their hospital stay.''19 The first step in creating such a process is to build a functioning relationship between the peer review process and the compliance department. This is essential to early detection of potential fraud issues, particularly those involving clinical issues such as medical necessity.

It is difficult to say whether the existence of such a relationship would have changed the outcome for Redding, Lafayette General, or St. Joseph's. At a minimum it would have required the individuals making decisions in those cases to address more searching questions and to consider whether their actions would withstand the scrutiny of hindsight.

In order to build this peer review/compliance relationship, it is necessary to designate those individuals who will be responsible for the relationship and who will serve as liaisons between the peer review and compliance functions. Once those individuals have been identified, the hospital administration should give them a clear mandate to ensure that regular communication takes place in both directions. One of the challenges of facilitating meaningful communication will be developing a common language that effectively translates peer review concepts like ''reasonable care'' or ''appropriateness of care'' into compliance concepts like ''medical necessity.'' Naturally, there are any number of peer review issues that do not directly implicate compliance concerns, but if a common language can be developed and understood it will make the identification of those issues that do much simpler.

In addition to improving communication, it is incumbent upon the compliance department to work with those involved in the peer review process to incorporate various approaches into peer review that are regularly used in the compliance investigations. One clear lesson from the cases discussed above is that a hospital's peer review process must be conducted in a manner that will withstand governmental scrutiny.

Assistance with issues such as random sampling of records can greatly improve the output of the peer review process and would have helped avoid the problems faced in the St. Joseph's case. Likewise, the compliance department can provide guidance concerning the need for, and use of, outside clinical reviewers in peer review cases. The value of involving outside reviewers cannot be overstated. While an internal first look by local clinicians may provide some useful information to the peer review and compliance processes, uncritical reliance upon internal reviewers, particularly where a decision is made not to act, will be hard to defend when challenged by the government.

In addition to designating individuals to drive the communication discussed above, it also will be important for the hospital to designate physician leaders for the peer review process. These individuals should be provided with training that focuses on the intersection of quality of care, medical necessity, peer review, and compliance. They should have accountability for the peer review process, as well as for ensuring that appropriate cases are addressed through both the peer review and the compliance processes. The quality of care corporate integrity agreements (CIAs) that have followed the settlements in recent cases have adopted this approach and have placed substantial responsibility on highly placed physicians in the hospital setting. For example, in the St. Joseph's case, the CIA requires the appointment of several ''Physician Executives'' who are ''responsible for oversight of medical staff quality of care matters [ ], including but not limited to performance improvement, quality assessment, patient safety, utilization review, medical staff peer review, medical staff credentialing and privileging, and medical staff training and discipline.'' 20

Finally, the compliance department should consider undertaking a regular evaluation of the peer review process. Of course the compliance department often is ill suited to evaluate the clinical review undertaken by the peer reviewers, but a process review is well within its abilities. Retrospective review of the peer review process will ensure that sufficient resources are devoted to discovering whether a standard process is followed, whether files are randomly sampled, whether outside reviewers are used when appropriate, and whether conclusions regarding deficient care are treated not only as medical staff issues, but also as compliance issues.


Effective hospital peer review is essential to protecting patients and striving for clinical competence. It also can play a critical role in the hospital's larger compliance program if communication, accountability, and successful adherence to established process can be assured. While the peer review process can be an important adjunct to the compliance program, recent cases demonstrate that failures in peer review can become an ''Achilles' heel'' for a hospital faced with False Claims Act allegations based upon the delivery of medically unnecessary services by medical staff physicians. It is only through monitoring the peer review process to ensure that up and out reporting is used in appropriate cases and that compliance concerns are identified and addressed that a hospital can be sure that its peer review process is protecting patient safety and assisting in its culture of compliance.


1 Department of Health and Human Services, Office of Inspector General, Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987, at 8988 and 8992 (Feb. 23, 1998).

2 K. Eichenwald, ''Tenet Healthcare Paying $54 Million In Fraud Settlement,'' New York Times (Aug. 7, 2003), available at http://www.nytimes.com/2003/08/07/business/tenethealthcare-paying-54-million-in-fraud-settlement.html?pagewanted=print&src=pm

3 Press release, Lafayette General Medical Center to Pay $1.9 Million to Settle Fraud Allegations in Connection with Medically Unnecessary Cardiology Procedures, Department ofJustice (Jan. 11, 2008), available at http://www.justice.gov/usao/law/news/wdl20080111.pdf (hereafter ''Lafayette Generalpress release'').

4 Senate Committee on Finance, Staff Report on Cardiac Stent Usage at St. Joseph's Medical Center, December 2010, S. Prt. 111-57, 111th Congress, 2nd Session, at 2 (hereafter ''Senate Committee staff report'').

5 See, e.g., S. Klaidman, Coronary: A True Story of Medicine Gone Awry, at 208-09 (Scribner 2007) (''Physician peer reviewwas suppressed [ ] because the heart program was agolden goose''); Lafayette General press release, supra, Note3, at 1 (the hospital ''knew from reports of hospital employeesand from reports generated by its own internal reviewprocesses—that a physician was performing unnecessary proceduresat its hospital yet deliberately failed to address theproblem''); and Senate Committee staff report, supra Note 4,at 5-6 (''[T]he hospital's peer review process permitted Dr.Midei, as Chair of the Cardiology Department, to select cardiologycases, including his own, for peer review'') (internal quotationsomitted).

6 Department of Health and Human Services, Office of Inspector General, Supplemental Compliance Program Guidance for Hospitals, 70 Fed. Reg. 4,858 (Jan. 31, 2005). The compliance guidance also seems to set an impossible standard regarding medical necessity education. ''The compliance officer is required to ensure a clear, comprehensive summary of the 'medical necessity' definitions and rules of the various government and private plans is prepared and disseminated appropriately.'' Id.

7 For example, Medicare has clearly stated that ''. . . the decision to admit a patient is a complex medical judgment which can be made only after the physician has considered a number of factors, including the patient's medical history and current medical needs, the type of facilities available to inpatients and outpatients, the hospital's by-laws and admissions policies, and the relative appropriateness of treatment in each setting.'' Medicare Benefit Policy Manual, Chap 1, § 10.

8 See Health Care Quality Improvement Act of 1986, 42 USC 11112 (a).

9 Health Care Quality Improvement Act of 1986, 42 U.S.C. § 11101 et. seq.; 45 C.F.R Part 60, See also, NationalPractitioner Data Bank Guidebook, Department of Health and Human Services, Health Resources and Services Administration.

10 Report of the Maryland Department of Health and Mental Hygiene on Hospital Utilization and Stents, Sept. 21, 2010.(See Appendix II, p. 61).

11 See Senate Committee staff report, supra, Note 4, at 14.

12 See press release, supra Note 3, at 1.

13 See, Klaidman, supra, Note 5, at 208-09.

14 E. Kinney, Hospital Peer Review of Physicians: Does Statutory Immunity Increase Risk of Unwarranted Professional Injury?

15 See, e.g., Powell v. Community Health Systems Inc., 312 S.W.3d 496 (Tenn. 2010) (stating that privilege relating to peer review process is designed to protect interests and relationships that are regarded as sufficiently important to justify limitations on discovery).

16 New Jersey does not have a statutory peer review privilege. Also, there is no federal peer review privilege. The Health Care Quality Improvement Act, which was passed by Congress in 1986, established federal guidelines for peer review and provides immunity for participants under certain circumstances, but it does not protect discussions and documents relating to the peer review process from disclosure in litigation. 42 U.S.C. §§ 11101-11152 (2002).

17 See, e.g., Pardo v. General Hosp. Corp., 841 N.E.2d 692 (Mass. 2006).

18 See42 U.S.C. §§ 1320a-7k(d). See also Hilgers and Welch, Physicians Post-PPACA: Not Going Bust at the Healthcare Buffet, 24 THE HEALTH LAWYER 1, 6 (February 2012).

19 See press release, supra Note 3, at 1.

20 See St. Joseph Medical Center Corporate Integrity Agreement, at 4-5 (Nov. 5, 2010), available at http://oig.hhs.gov/fraud/cia/agreements/st._joseph's_medical_center_11052010.pdf .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions