United States: Office of Inspector General Supplemental Compliance Program Guidance for Hospitals

On June 8, 2004, the Office of Inspector General ("OIG") of the Department of Health and Human Services ("HHS") published a draft Supplemental Compliance Program Guidance for Hospitals ("Supplemental Guidance").¹ The Supplemental Guidance is mandatory reading for anyone who works with hospitals. It describes the areas where hospitals currently are at greatest legal risk, provides guidance on other topics of interest to hospitals, and contains extensive references to other materials that provide further guidance and clarification on various compliance issues. Comments on the Supplemental Guidance may be submitted to the OIG until July 23, 2004.

The Supplemental Guidance is intended to emphasize risk areas that have emerged since the 1998 publication of the OIG’s original Compliance Program Guidance for Hospitals ("Original Guidance"),² and it highlights outpatient procedure coding, admissions and discharges, supplemental payment considerations, and the efficient use of information technology. There is a detailed discussion of various fraud and abuse topics including gainsharing, joint ventures, compensation arrangements with physicians, malpractice insurance subsidies, recruitment practices, cost-sharing waivers, gifts and gratuities, and the offer of free transportation to federal health care program beneficiaries. In addition, the Supplemental Guidance provides advice regarding areas of recent concern to hospitals, including discounts to uninsured patients, preventive care services, and professional courtesy practices. The Supplemental Guidance also provides numerous detailed benchmarks hospitals are encouraged to use in evaluating the effectiveness of their compliance programs.

Both the Supplemental Guidance and the Original Guidance are designed to promote the use of voluntary internal controls to facilitate compliance with applicable statutes, regulations, and program requirements. The discussion of potential risk areas and compliance practices, while thorough, is not intended to be exhaustive. The OIG also reminds hospitals that they can and should tailor their compliance programs to fit their own circumstances. While it is important to remember that the recommendations the OIG makes in this regard are not mandatory, the OIG’s position on these issues, as stated in the Supplemental Guidance, will undoubtedly be the benchmark the government will use in evaluating hospital arrangements and procedures for compliance, potential investigation, and prosecution.

In light of the length and complexity of the Supplemental Guidance, this memorandum will focus on features of the publication that we believe will be of greatest interests to our clients, particularly as they differ from the Original Guidance.

The OIG acknowledges that the "single biggest risk area" for hospitals continues to be the preparation and submission of accurate claims, and it devotes much of the Supplemental Guidance to this topic. Although highlighting risk areas that the OIG views as "evolving" or "under-appreciated by the industry,"³ the OIG is careful to point out that the assumptions underlying all claims submissions "should be reasoned, consistent and appropriately documented," and that hospitals "should retain all relevant records reflecting their efforts to comply with federal health care program developments."

The Supplemental Guidance places particular emphasis on risks that have emerged since the implementation of Medicare’s hospital outpatient prospective payment system ("OPPS") in 2001. The OIG observes that with the OPPS, procedure codes "effectively became the basis for Medicare reimbursement" and that to implement the OPPS, the Centers for Medicare and Medicaid Services ("CMS") developed new rules governing the use of procedure code modifiers for outpatient coding. The OIG cautions that the improper use of procedure codes and modifiers for outpatient coding may lead to overpayment and subject the hospital to liability for the submission of false claims. Consequently, the OIG strongly advises hospitals to pay close attention to coder qualifications and training. Hospitals are urged to review outpatient documentation practices on a regular basis and to make sure that the underlying medical record is complete and supports the level of service claimed.

The OIG identifies the following other specific risk areas associated with outpatient procedure coding:

• Billing procedures identified as "inpatient-only" on an outpatient basis;

• Submitting claims for medically unnecessary services by failing to follow the fiscal intermediary’s local medical review policies (which the OIG says hospitals should review regularly and incorporate into the hospital’s regular coding and billing operations);

• Circumventing the multiple procedure discounting rules;

• Submitting incorrect claims for ancillary services due to a failure to incorporate updates to the Healthcare Common Procedure Coding System ("HCPCS") and Ambulatory Payment Classification ("APC") into Charge Description Masters ("CDM");⁴

• Failing to select proper evaluation and management codes; and

• Improperly billing for observation services.

The OIG appears to be especially concerned that duplicate billing may result from the failure to adhere to the National Correct Coding Initiative ("NCCI") guidelines in billing for multiple codes. The OIG encourages hospitals to verify that their coding software includes up-to-date NCCI edit files to avoid using code pairs that are incompatible or mutually exclusive. In some of the strongest language found in the Supplemental Guidance, the OIG warns that the intentional manipulation of code assignments in order to avoid NCCI edits constitutes an act of fraud.

The Supplemental Guidance places special emphasis on hospital admission and discharge policies. Particular risk areas highlighted by the OIG regarding the admission and discharge process include:

• Failure to follow the "same-day rule";⁵

• Same-day discharges and readmissions;

• Violation of Medicare’s post-acute care transfer policy in order to receive full DRG payment instead of a per diem transfer payment;

• Abuse of partial hospitalization payments for services rendered to behavioral and mental health patients; and

• "Churning" of patients from acute care hospitals to co-located long-term care hospitals in order to take advantage of the PPS-exempt status of the latter.

The method and amount of reimbursement may vary significantly depending on the status of patients at the time of admission or discharge. According to the OIG, hospitals have a "duty" regularly to update their admission and discharge policies to reflect current CMS rules, and it strongly advises providers to remain aware of potential risks in this area.

In limited circumstances, hospitals may claim payments in addition to, or in lieu of, normal reimbursement. The OIG warns that hospitals that make improper claims for supplemental payments are liable for fines and penalties under federal law. The OIG focuses on seven particular risk areas that could be problematic with regard to supplemental payments:

• Reporting the costs of "pass-through" items;⁶

• Claims related to clinical trials;

• Abuse of DRG outlier payments;⁷

• Claims for incorrectly designated "provider-based" entities;⁸

• Failure to follow Medicare rules regarding reimbursement for educational activities, such as dental or other programs;

• Claims for cardiac rehabilitation services;⁹ and

• Claims related to organ acquisition costs.

The OIG recognizes that coding and billing under the OPPS is more data intensive than under the inpatient prospective payment system, and that implementation of OPPS has required hospitals to focus more attention on computerized coding, billing, and information systems. Looking forward, the OIG concludes that hospitals will be increasingly reliant on information technology due to the expanding use of electronic claims submission, medical error-tracking systems, electronic prescribing, and the implementation of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") privacy and security rules.

Consequently, the Supplemental Guidance urges hospitals to be thorough when assessing new computer systems and software that impact the billing, coding, and transfer of information for federal health care programs. While acknowledging the difficulties in selecting, implementing, and understanding new information systems, the OIG suggests that the failure to do so adequately will not excuse hospitals from liability for duplicate or false claims.

Like the Original Guidance, the Supplemental Guidance cautions that "The Referral Statutes" -- the physician self-referral law ("Stark law") and the federal anti-kickback statute -- remain major risk areas for hospitals.

The OIG bluntly acknowledges the "significant financial exposure" to which hospitals are subject unless all of their financial relationships with referring physicians fit squarely into regulatory exceptions to the Stark law. To help hospitals understand when the Stark law applies, the OIG offers a three-part analytical tool:

• Is there a referral from a physician for a designated health service? If so, then:

• Does the physician (or an immediate family member) have a financial relationship¹⁰ with the entity furnishing the designated health service? If so, the final inquiry is:

• Does the financial relationship fit in an exception to the Stark law? If not, the Stark law has been violated.

The OIG emphasizes that in order to fit a Stark law exception, an arrangement must meet all of the (often numerous) conditions set forth in the exception. In this regard, the OIG identifies operational problems that can cause a facility to violate the statute inadvertently. For example, the personal services exception and rental exceptions require signed, written agreements. The OIG observes, however, that hospitals can be lax in their contracting and leasing processes and often fail to obtain a signed written agreement (for example, in the case of a short term project) or fail to obtain appropriate amendments or renewals (for example, in the case of a holdover lease). The OIG notes that such common business practices can trigger significant financial exposure and emphasizes that the new Stark law exception for temporary noncompliance may only be used on an occasional basis. According to the OIG, the new exception is not a substitute for "vigilant" oversight of a hospital’s contracting and leasing functions.

Other areas identified by the OIG as implicating Stark compliance include:

• Reviewing the new reporting requirements that require hospitals to retain records that hospitals know or should know of in the course of prudently conducting business. See 42 C.F.R. § 411.361;

• Maintaining appropriate procedures for making and documenting "reasonable, consistent, and objective" fair market value determinations;

• Tracking the total value of non-monetary compensation provided annually to referring physicians, including tracking the provision and value of medical staff incidental benefits, and monitoring the provision of professional courtesy;

• Recruiting efforts, especially what are characterized as "high risk" joint recruiting efforts by hospitals and group practices, which involve income guarantees that allow a group practice or solo practitioner to shift overhead or expenses to the hospital, or other mechanisms that transfer remuneration from the hospital to the group practice.

Lastly, the Supplemental Guidance notes that Stark law compliance is only a "minimum standard." Even if a hospital-physician relationship qualifies for a Stark law exception, hospitals must nevertheless ensure compliance with the anti-kickback statute.

The Supplemental Guidance cautions that the anti-kickback statute prohibits hospitals, and others doing business with them, from using practices that are common and permissible in other business sectors. Violation of the anti-kickback statute can lead to criminal and civil monetary penalties ("CMPs") as well as exclusion from participation in federal health care programs. The OIG also presents its view that compliance with the anti-kickback statute is a condition of participation under Medicare and the other federal health care programs, and that a violation can lead to further sanctions under the False Claims Act. The OIG offers the following analytical tool to help hospital compliance departments avoid trouble in this area:

• Does the hospital have any remunerative relationship between itself (or its affiliates or agents) and persons or entities capable of generating federal business, directly or indirectly, for the hospital? If so:

• Could one purpose (not just the sole purpose) of the remuneration be to induce or reward the referral or recommendation of business reimbursable under federal health care programs? If the answer is yes, the anti-kickback statute may be implicated.

If an arrangement implicates the statute, the Supplemental Guidance lists four aggravating circumstances that are likely to place the hospital at greater risk of prosecution. If the arrangement: (i) has the potential to interfere with clinical decision-making; (ii) includes the potential to increase costs to the government, beneficiaries or enrollees; (iii) contains the potential for overutilization or inappropriate utilization; or (iv) presents increased risks to patient safety or quality of care, the arrangement should be scrutinized carefully.

The OIG notes that multiple "safe harbors" exist to allow a number of common business arrangements.¹¹ Although a failure to comply with a safe harbor does not mean an arrangement is necessarily illegal, the OIG gives the not surprising advice to structure arrangements to slip into a safe harbor whenever possible. Further, the OIG states in a footnote that, in assessing safe harbor compliance, it will examine both the written and actual arrangement between the parties.

Areas highlighted by the OIG as vulnerable to attack under the anti-kickback statute include:

• The manner in which joint ventures are structured, participants are selected and retained, investments are financed and profits are distributed;

• Compensation arrangements with physicians

• Relationships with other health care entities (including those with managed care organizations);

• The use of physician recruitment arrangements

• Disclosure and amount of discounts (with a warning against "swapping" by accepting an unreasonably low price on Part A services for which the hospital pays out of its own pocket, in exchange for referring Part B services billable to federal health care programs);

• Medical staff credentialing

• Malpractice insurance subsidies

The OIG’s discussion of joint ventures is sobering, with the OIG reaffirming its position, previously described in a Special Advisory Bulletin, on the risks of "contractual joint ventures," e.g., where one of the participants is already engaged in the business and will own all or most of the equipment, perform most of the services, and take responsibility for day-to-day operations while the other joint venturer functions primarily as a "captive referral base." The OIG is particularly skeptical of turnkey arrangements where the hospital is expanding into a new line of business to serve its existing patient base, a would-be competitor supplies the services, and the hospital assumes little or no risk. Similarly, with respect to ambulatory surgery centers ("ASCs"), the OIG reaffirms that the safe harbor protects only investments in Medicare-certified ASCs owned by hospitals and certain qualifying doctors, but does not protect hospital and physician investments in vascular labs, oncology centers, and dialysis facilities.

To reduce the amount of risk involved in embarking on a joint venture with physicians, the OIG suggests the following:

• Barring physicians employed by the hospital or its affiliates from referring to the joint venture;

• Taking steps to ensure that medical staff and other affiliated physicians are not encouraged in any manner to refer to the joint venture;

• Notifying the physicians in writing of the above policies on an annual basis;

• Not tracking in any manner the volume of referrals from any referral source;

• Not tying physician compensation in any manner to the volume or value of referrals or other business generated for the venture;

• Disclosing all financial interests to patients; and

• Requiring that other participants in the venture adopt similar steps.

With regard to physician compensation, the OIG restates the long-standing rule that compensation should reflect the fair market value of the services provided in an arms length transaction and not take into account the volume or value of past or future referrals or business between the parties. The OIG further indicates that hospitals that have multiple arrangements with different physicians should assess the totality of the arrangements "so that in the aggregate the items or services provided by all physicians" do not exceed the hospital’s actual needs. Thus, while the personal services and management contracts safe harbor requires that a specific arrangement must be "commercially reasonable," hospitals cannot make this assessment in isolation but should consider all the circumstances, including the hospital’s arrangements with other physicians.

The OIG also lists factors that can be used to evaluate whether there is potential fraud and abuse risk in a compensation arrangement. Such factors include: (i) whether the service can be obtained from a non-referral source at a cheaper rate; (ii) whether the compensation paid is commensurate with the skill level necessary to perform the contracted services; and (iii) whether physicians were selected in whole or in part because of their past or anticipated referrals.

The OIG devotes a substantial portion of the Supplemental Guidance to recruitment agreements, noting that they pose substantial fraud and abuse risk. Observing that the scope of the existing recruitment safe harbor is very limited, the OIG emphasizes that this safe harbor (unlike the Stark exception) does not protect joint recruitment with an existing physician group(s) and that such arrangements, particularly when there is any payment to the group, presents a high level of risk. Suspect payments include income guarantees or other payments that provide remuneration to existing referral sources by allowing them to use payments to the recruited physician to cover the existing groups’ expenses. The bottom line for hospitals, according to the OIG, is that payment to a recruited physician "may not inure in whole or in part to the benefit of any party other than the recruited physician."

The Supplemental Guidance strongly cautions hospitals about the use of "gainsharing" arrangements. These agreements generally involve a hospital providing physicians with a percentage share of any reduction in the hospital’s costs for patient care attributable to those physicians’ efforts. While recognizing that such agreements may legitimately increase efficiency and reduce waste, the OIG advises that gainsharing may violate section 1128A(b)(1) of the Social Security Act, a CMP provision which prohibits payments made as inducements to limit care to federal health care program beneficiaries.¹²

According to the OIG, gainsharing may also implicate the anti-kickback statute if it is intended to induce the referral of healthier patients to the hospital offering the gainsharing arrangement and the referral of sicker patients elsewhere. The Supplemental Guidance explains that gainsharing arrangements are similarly problematic when they are used to foster physician loyalty and thereby attract more referrals. Moreover, the OIG notes that gainsharing arrangements often fall outside the safe harbors which typically prohibit percentage fees. Finally, the Supplemental Guidance cautions that these types of arrangements may also implicate the Stark law. Because of these concerns, the OIG strongly advises hospitals to avoid such arrangements wherever possible. This discussion ignores the advisory opinion in which the OIG approved a particular gainsharing arrangement,¹³ and suggests a return to the OIG’s earlier position that Congress will need to amend the CMP if it wants to allow gainsharing arrangements.

The Supplemental Guidance asserts that certain relationships between hospitals and federal program beneficiaries may also implicate the fraud and abuse laws. The OIG warns that hospitals may be liable for CMPs if they offer valuable items or services in order to attract the business of Medicare or Medicaid beneficiaries. Particular risk areas highlighted by the OIG in this regard include the offer of gifts or gratuities, the waiver of cost-sharing obligations, and the provision of free transportation.

Gifts and Gratuities. Hospitals are advised to pay close attention to any offer or provision of gifts and gratuities to federal program beneficiaries. The OIG asserts that the key inquiry is whether the hospital knows or should know that such remuneration is likely to influence a beneficiary’s selection of a particular provider of services or items payable under Medicare or Medicaid. The Supplemental Guidance emphasizes that hospitals generally are prohibited from offering gifts and gratuities valued at more than $10 per item and $50 annually per patient.

Cost-Sharing Waivers. The Supplemental Guidance also states that waivers of patients’ costsharing obligations under federal health care programs might constitute prohibited remuneration in certain situations. The OIG advises hospitals that any cost-sharing waivers provided in conjunction with inpatient services should be structured to fit the applicable safe harbor to the anti-kickback statute.¹⁴ If a hospital chooses to waive cost-sharing amounts on the basis of a beneficiary’s financial need, the waiver should be based on objective criteria, should be appropriate for the applicable locality, and may also take other factors into account as discussed in more detail in the Supplemental Guidance. A patient’s eligibility should also be rechecked periodically.

Free Transportation. A hospital’s provision of free transportation to federal program beneficiaries is generally prohibited because, according to the OIG, it often results in the selection of the transporting hospital for covered services. However, the OIG stated several years ago that it is considering a regulatory exception for some complimentary local transportation to beneficiaries residing in the hospital’s primary service area.¹⁵ Until further regulations on this subject are issued, the OIG states that it will not impose administrative sanctions for transportation programs provided for a hospital’s (or hospital-based ASC’s) primary service area that:

• Were in existence prior to August 30, 2002;

• Are offered to all patients of the hospital or hospital-owned ASC (and may be available to their families);

• Are only provided to and from a hospital or hospital-owned ASC for certain specified purposes;

• Are not claimed directly or indirectly on any federal program cost reports (nor are the costs shifted to any federal program); and

• Do not include ambulance transportation.

For more detailed information on how to structure a hospital’s relationships with patients participating in Medicare or Medicaid, please see the OIG’s Special Advisory Bulletin on Offering Gifts and Other Inducements to Beneficiaries published in April, 2000.¹⁶

This section of the Supplemental Guidance also includes a discussion of hospital obligations under the Emergency Medical Treatment and Active Labor Act ("EMTALA"), HIPAA privacy and security rules, and billing Medicare or Medicaid "substantially in excess" of usual charges.

A fundamental obligation of all Medicare-participating hospitals is to provide care economically and only when, and to the extent, medically necessary; to provide care that is of a quality that meets professionally recognized standards of care; and to document the provision of medical necessity and quality. 42 U.S.C. §1320c-5. The OIG reminds hospitals of these duties and of the OIG’s authority to exclude individuals or entities from participation in federal health care programs if they provide unnecessary or substandard items or services to any patient, not just federal health care program beneficiaries. Hospitals are encouraged to develop and implement their own quality of care protocols, in addition to complying with Medicare’s conditions of participation and JCAHO accreditation standards. Further, such review should extend to the credentialing and peer review process, not just nursing and ancillary services.

During the formulation of the Supplemental Guidance, the OIG received numerous inquiries regarding topics which are of general interest to the hospital industry but do not necessarily pose significant fraud and abuse risks. In response, the OIG uses the Supplemental Guidance to provide clarification to hospitals regarding the provision of discounts to uninsured patients, the performance of preventive care services, and the use of professional courtesy practices.

Discounts to Uninsured Patients. The Supplemental Guidance acknowledges that no OIG authority prohibits hospitals from offering discounts to uninsured patients, and that the OIG has never sought to exercise its permissive exclusion authority against providers for offering such discounts. The OIG’s enforcement policy continues to be that hospitals do not need to consider free or substantially reduced charges to uninsured persons (or certain underinsured patients) in calculating their "usual charges."¹⁷ In a detailed discussion of several related issues and the criteria that should be considered in connection with them, the OIG notes that under certain circumstances, hospitals may forgo collection efforts against indigent patients and seek reimbursement for such "bad debt."¹⁸

Preventive Care Services. Access to preventive care services is encouraged by the Medicare and Medicaid programs, but the OIG advises hospitals to ensure that their preventive care programs are structured appropriately to avoid liability under the beneficiary inducement CMP.¹⁹ Examples of preventive care services which fit the regulatory exception include prenatal services, post-natal wellbaby visits, and those services specifically described in the U.S. Preventive Services Task Force’s Guide to Clinical Preventive Services.²⁰ To reduce potential anti-kickback risks, the OIG advises hospitals to ensure that any efforts to facilitate preventive care services are not also intended to induce other business payable under a federal health program (and lists several criteria hospitals should consider in this regard).

Professional Courtesy. The OIG considers the practice of professional courtesy as including a range of practices involving free or discounted services which are furnished to physicians, their families and office staff. While acknowledging that most professional courtesy programs do not pose a significant risk of abuse, the OIG cautions that certain types of professional courtesy may implicate the fraud and abuse statutes. According to the Supplemental Guidance, a professional courtesy system may be problematic if:

• Recipients of the courtesy are selected in a manner that takes into account the recipient’s ability to generate business for the hospital;

• Physicians have solicited the professional courtesy in return for referrals;

• "Insurance only" billing (meaning no co-payment is required) is offered to a federal program beneficiary;

• The professional courtesy is not structured to fit within the exception to the Stark law. ²¹

The OIG recognizes that professional courtesy programs may be legitimate employee benefits, which fit the employee safe harbor. (However, since numerous physicians are not hospital employees, this safe harbor likely will not apply in many cases.) The Supplemental Guidance suggests that hospitals regularly review such programs in light of the potential for risk with regard to the antikickback and Stark laws.

According to the OIG, a successful compliance program should serve the important goals of reducing fraud and abuse, improving the quality of care, and reducing the overall cost of services. Recognizing that many hospitals have already devoted substantial resources to their compliance efforts, the OIG suggests using the Supplemental Guidance as a benchmark for existing compliance programs as well as a tool to identify new risk areas.

One of the most novel aspects of the Supplemental Guidance is the listing of specific factors that hospitals should consider in evaluating the effectiveness of their compliance programs. In several cases, the breadth of these factors may surprise some hospitals that did not previously realize the OIG took such an expansive view of the extent of their compliance obligations.

A significant aspect of the OIG’s ongoing initiative to promote voluntary compliance efforts is its emphasis on the need for high level management and board involvement in the compliance program and process. For example, the OIG strongly advises that hospital codes of conduct be developed with the participation and encouragement of the board of directors, officers, and senior management personnel. Moreover, the OIG advocates a strong and explicit commitment by management to foster compliance with the code of conduct and all applicable federal program requirements and policies. ²²

In the Original Guidance, the OIG set forth seven components it viewed as mandatory for the development of a successful compliance program: designating a Chief Compliance Officer and Compliance Committee; developing compliance policies and procedures; establishing open lines of communication; conducting appropriate training and education; performing internal monitoring and auditing; responding to detected deficiencies; and enforcing disciplinary standards.

The Supplemental Guidance again sets out these seven elements, but strongly recommends that hospitals also assess the overall program at least annually, including the underlying structure and process related to each compliance program element, rather than simply focusing on numerical audit results of individual issues. To assist hospitals in undertaking this much more extensive review, the OIG provides the following criteria for evaluating each of the seven key compliance elements.

Designation of a Compliance Officer and Compliance Committee. The OIG recommends that a member of senior management lead the compliance department with the regular assistance of a compliance committee. The OIG urges that hospitals, in performing the annual review of the compliance department itself, assess the following factors (although it is not clear whether the OIG would find it acceptable for the compliance office to self-audit or if some other entity must perform this review):

• Does the compliance department have a clear, well-crafted mission and is it properly organized?

• Does the department have sufficient resources, training, authority, and autonomy?

• Is the relationship between the compliance function and the general counsel function appropriate?

• Does the compliance officer have direct access to the governing body, President or CEO, all senior management, and legal counsel? Does the compliance officer have a good working relationship with key operational areas such as the billing, internal audit, coding, and clinical departments? Does the compliance officer make regular reports to the Board of Directors and other hospital management?

• Are ad hoc groups or task forces created to carry out special investigations or evaluations?

• Is there an active compliance committee, with trained representatives from relevant departments and senior management?

Development of Compliance Policies and Procedures. The Supplemental Guidance advises that, in addition to formulating the Code of Conduct, the compliance department should reassess written policies and procedures to ensure that they comport with applicable statutes and regulations concerning federal health care programs as well as the objectives of the hospital itself. The OIG recommends that hospitals consider the following factors in reviewing written policies and procedures:

• Are the policies and procedures clearly written, readily available, and relevant to daily responsibilities?

• Does the hospital monitor staff compliance with internal policies and procedures?

• Has the hospital developed a risk-assessment tool to assess and identify operational risks which it reviews on a regular basis?

• Are federal program requirements and publications reviewed regularly to enable the riskassessment tool to be current and effective?

• Have all standards of conduct been distributed to all staff and employees, the Board of Directors, all officers, managers, hospital contractors, and medical staff?

The Original Guidance suggested including contractors in various aspects of a compliance program and the Supplemental Guidance continues to encourage their inclusion. Hospitals that have limited their compliance efforts to employees should consider expanding at least some compliance program elements to contractors as well.

Developing Open Lines of Communication. The Supplemental Guidance explains that open lines of communication stem from the organizational culture of a hospital and its internal mechanisms for reporting fraud and abuse. The OIG advises that each hospital consider the following factors in assessing whether potential compliance issues are communicated effectively:

• Has the hospital fostered an organizational culture that encourages open dialogues without fear of reprisal?

• Does the hospital have an anonymous hotline or similar mechanism so that potential compliance issues may be reported by hospital employees, contractors, patients, visitors and medical staff?

• Is the hotline well-advertised, with calls logged and addressed in a timely manner, and reviewed for possible patterns?

• Are all instances of potential fraud and abuse investigated?

• Are the hospital’s governing body and relevant departments regularly receiving the results of internal investigations?

• Does the hospital utilize alternative communication methods such as a periodic newsletter or Intranet site? (It is not clear whether or why an alternative method is necessary in cases where the hotline appears to be working.)

• Is the governing body actively pursing appropriate remedies to institutional or recurring problems?

Placing the obligation to address certain institutional or recurring problems on the governing body (presumably in addition to senior management) may well expand the scope of responsibilities boards previously thought they were required to undertake.

Appropriate Training and Education. The OIG asserts that the failure to adequately train and educate hospital staff and other agents may lead to hospital liability for violating the health care fraud and abuse laws. Criteria highlighted by the OIG for use in reviewing training and education programs include:

• Does the hospital provide qualified trainers to conduct annual general and specialized compliance training?

• Are the contents of educational programs reviewed annually to determine whether they are sufficient in scope and depth for the range of issues faced by employees?

• Do training and education programs incorporate the latest changes to federal rules and regulations?

• Does the training reflect audit and investigation results, hotline trends and federal agency guidance and advisories?

• Has the format of training sessions been evaluated in terms of frequency, length of sessions, and method of information delivery (e.g., live or via computer)?

• Is post-training evaluation and testing provided to determine the efficacy of such programs; i.e., to ensure that the training is understood and retained?

• Are the training and education programs performed regularly and with appropriate technological resources?

• Is the hospital governing body trained regularly with regard to fraud and abuse laws?

• Does the hospital document who has completed training?

• Has the hospital considered whether to impose sanctions for failure to attend training or whether to provide appropriate incentives for training session attendance?

Internal Monitoring and Auditing. The OIG emphasizes that effective monitoring and auditing plans will enable hospitals to avoid submitting incorrect claims to the federal health care programs. Hospitals are advised to develop detailed annual audit programs with consideration of the following standards:

• Does the audit plan address identified risk areas, high volume services, and findings from previous years’ audits?

• Is the audit department available to conduct unscheduled reviews and capable of responding in a timely fashion to compliance department requests for further review?

• Does the audit plan assess both billing systems and claims accuracy in order to identify the source of common billing errors?

• Are coding and audit personnel independent and are their roles clearly established? Do they have the requisite certifications for their positions?

• If error rates are not decreasing, has the hospital conducted further investigations to determine hidden deficiencies in the compliance program?

• Does the audit consider all billing documentation, including clinical documentation, in support of claims?

Response to Detected Deficiencies. According to the OIG, hospitals can develop effective corrective action plans and prevent further losses to federal health care programs by consistently responding to detected deficiencies. The OIG recommends that a hospital consider the following when evaluating its own plan for addressing recognized deficiencies:

• Has the hospital identified a team of personnel from the compliance, audit, and other applicable departments to quickly evaluate any detected deficiencies?

• Does the hospital promptly and thoroughly investigate detected deficiencies?

• Are corrective action plans developed to address the root causes of violations, and are they periodically reviewed to verify elimination of the deficiency?

• Are detected overpayments promptly repaid, and probable violations of law promptly reported to the appropriate law enforcement agencies?

Enforcement of Disciplinary Standards. The OIG places special emphasis on a hospital’s duty to enforce disciplinary standards. When assessing internal disciplinary efforts, hospitals are advised to take into account the following factors:

• Are disciplinary standards well-publicized and readily available to all hospital personnel?

• Does the hospital uniformly and consistently enforce disciplinary standards?

• Are employees, contractors, and medical staff checked, at least annually, against government sanctions lists, including the OIG’s List of Excluded Individuals/Entities ("LEIE")23 and the General Services Administration’s Excluded Parties Listing System?

The Supplemental Guidance concludes with a discussion of self-reporting, noting that prompt voluntary reporting will be considered a mitigating factor by the OIG when considering administrative

The Supplemental Guidance is notable for several reasons. First, the OIG identifies evolving risk areas that have developed since publication of the Original Guidance, and provides often extensive lists of criteria to consider in evaluating these risks. The Supplemental Guidance also provides numerous additional references to a wide range of new guidance documents on various topics.

In addition, the Supplemental Guidance provides information on several other broad general topics of interest to hospitals, including professional courtesy, the facilitation of preventive care services, and the provision of discounts to uninsured patients. The OIG provides reassurance that these activities do not pose a substantial risk of liability as long as hospitals adhere to current regulations, and other guidance materials.

Lastly, the Supplemental Guidance clarifies how it expects compliance programs to be structured and evaluated. Despite the fact that Supplemental Guidance is not legally binding, it signals clearly what the OIG expects a hospital to have done (and documented) if it is called upon to demonstrate the effectiveness of its compliance program.

This article is presented for informational purposes only and is not intended to constitute legal advice.