On February 11, 1998, the Office of the Inspector General (OIG), of the Department of Health and Human Services, released the long awaited "Compliance Program Guidance for Hospitals" to help hospitals "self-regulate, self-report, and prevent health care fraud." Although characterized by the OIG as strictly voluntary, most would agree that issuance of the Guidance puts the industry on notice of a new standard of conduct.
The genesis of the hospital Guidance is the 1991 Federal Sentencing Guidelines, which provide that an organization violating federal law may be able to reduce criminal fines and penalties if it had adopted an "effective program to prevent and detect violations of the law." For the health care industry, this provision evolved into the imposition of "corporate integrity programs" as part of Medicare fraud settlements. More recently, the OIG has issued industry specific corporate compliance guidelines. In March of 1997, the OIG issued its Model Corporate Compliance Program for Clinical Laboratories, and the OIG intends to follow the hospital Guidance with guidelines aimed at home health agencies, billing companies, managed care organizations and DME suppliers.
B. Core Elements
The hospital Guidance recommends the creation of an infrastructure that encourages compliance with Medicare fraud and abuse laws, and detects and corrects noncompliance. There are seven core elements of the Guidance. Although every element need not be met, it is clear that there must be a good reason for foregoing any one of the following elements:
1. Written policies, procedures, and standards of conduct should be in place (addressing specific areas of potential fraud and abuse, such as claims submission, code gaming, and financial relationships with health care providers);
2. The Compliance officer and compliance committee should report directly to the hospital's CEO (the Guidance advises against the use of the hospital's CFO or general counsel as compliance officers because of the need for checks and balances).
3. Education and training programs in regard to appropriate billing procedures and other health care fraud issues should be provided to all affiliated providers (not only employees);
4. Effective lines of communication for the reporting of potential violations, for example, a hotline, should be established;
5. Regular internal monitoring and audits to detect health care fraud should be initiated;
6. Systems that respond to allegations of improper or illegal activities, and the enforcement of disciplinary standards should be evident; and
7. Self-reporting should be the rule.
The seventh requirement is perhaps the most controversial. If a hospital "discovers credible evidence of misconduct from any source, and after a reasonable inquiry has reason to believe that the misconduct may violate criminal, civil or administrative law, then the hospital should promptly report the misconduct to the appropriate government authority within a reasonable period, but not more than 60 days after determining that there is credible evidence of a violation."
Having a compliance program in place may prevent illegal conduct, but the time and expense associated with the development of an updated and effective program should not be underestimated. However, such a compliance program may reduce the cost of an investigation, and may reduce the level of penalties if illegal conduct is suspected or discovered.