Face Challenges Confidently

Creating Effective Corporate Compliance Plan, Policies, And Procedures

Wednesday, November 4th, 2015

(April 2012)

CEOS – COMPLIANCE STARTS AT THE TOP

An effective compliance program requires commitment, leadership and resources from the governing board, the CEO and senior management, and this program is intended for senior leaders of HME supplier entities. Learn why an effective compliance program helps create financial success, customer loyalty, community support and employee satisfaction. Topics covered will include primary compliance program objectives, the role of senior leaders in overcoming implementation obstacles, and identifying and addressing risk areas. We will also discuss the increase in government contractor audit activity and how self-audits can reduce your company’s exposure. The OIG’s guidance regarding the expected role of senior leadership will be addressed, as well as how an effective compliance program can reduce sanctions and the risk of personal liability.

COMPLIANCE OFFICERS – ROADS TO SUCCESS

Compliance Officers and their staffs are playing an increasingly important role in the HME industry. This program will provide a forum for those individuals to share information and learn more about how their roles contribute not only to the success of the compliance program, but also to the success of their companies. Topics will include overall compliance program objectives, strategies for overcoming obstacles in implementing the program and changing behaviors, balancing multiple roles, integration with other parts of the organization, education and training, and finding qualified staff. We will review the elements of an effective compliance program, and the need to regularly review and update your program. This session will also focus on self-audits – why we need them, how they can help, how to determine what areas to audit, how to conduct an effective self-audit and how and when to report results.

SALES AND MARKETING – COMPLIANCE IN A COMPETITIVE WORLD

Sales and marketing representatives are often the “public face” of the organization, and a significant portion of the laws, regulations and enforcement activity is aimed at how HME is marketed and sold. Accordingly, sales and marketing personnel should have a basic understanding of why an HME supplier needs to have an effective compliance program and how such a program can contribute to the success of the organization. Topics addressed will include the basic elements of a compliance program, benefits of an effective compliance program, and the roles of various departments in compliance initiatives. Specific risk areas arising from marketing of HME will be discussed, as well as how to identify and address risk areas particular to your organization. We will also discuss audits of sales and marketing activities, and why self-audits are advised.

Introduction

The HME industry is young. In its present form, it has been around for about 30 years. Compare this to physicians, hospitals and pharmacists who have been around for thousands of years. The industry grew up relatively unregulated. HCFA (now CMS) did not know what we did. And then approximately seven years ago it is as if CMS woke up one morning and asked: “Who are these people and why are we paying them money?” Added to this was bad publicity emanating from Operation Wheeler Dealer in Houston and blatant fraudulent schemes in South Florida. Another challenge is that few people with CMS and on Capitol Hill have ever set foot in an HME company. Young, healthy people go to physicians, hospitals and pharmacies. As a general rule, senior citizens (whose bodies break down as they age) use HME companies. The 28 year old legislative staffers and the 50-year-old CMS employees have had no reason to visit (much less understand) what an HME company does. As the government is famous for doing, it overreacted. In a relatively short time frame, the industry got hit with increased regulations, decreased reimbursement, competitive bidding, and aggressive post-payment audits and prepayment reviews.

The pendulum will eventually swing back towards the middle. Until that time, however, the HME industry will have to deal with intrusive government scrutiny. What is interesting is that the demand for what the industry has to offer will only increase exponentially. There are 78 million baby boomers (people born between 1946 and 1964). They are retiring at the rate of 10,000 per day. The boomers will live until they are 85 years old, their bodies will start breaking down at 70, they will expect a good quality of life until they die, and they will not want to live in a long term care facility……they will want to live at home. The mantra of health care cost containment will be to keep Medicare beneficiaries away from physicians and hospitals. The demand, then, for what HME providers have to offer will be huge. I call this the “irresistible force” (demand) meets the “immovable object” (Medicare is broke).

And so while we are in strange times, the future is bright for well-run, innovative HME providers. One of the biggest challenges facing providers today is preparing for and responding to post-payment audits and prepayment reviews. There is abundant contractor abuse in how the audits and reviews are being conducted. AAHomecare and industry stakeholders are working with CMS to correct these abuses. Nevertheless, audits and reviews will be a permanent part of the landscape.

Why is there such an increase in audits and reviews? Audits and reviews are money makers for the government. For every dollar expended by the government to chase a recoupment, the government recovers many more dollars. There is an increase in utilization of HME; this is to be expected in light of the “graying of America.” Generally speaking, HME is expensive. This, by itself, will capture the government’s attention. Contractor auditors are becoming more sophisticated in reviewing HME claims. It is a priority of CMS to uncover and prevent fraud in the Medicare fee-for-service program. Health care providers (not just HME providers) have become the new bogey man to the government. The bogey men used to be “Big Oil”….then “Big Tobacco”….then “Big Pharma”…..and now “fraudulent health care providers.” Recovering money from fraudulent health care providers makes for an easy sound bite for politicians. Health care providers are “low hanging fruit” for recoupment actions by the government.

Overview

Not too many years ago, an HME provider was not vulnerable to scrutiny from many people/agencies. A DMERC (now a DME MAC) may look at some claims on a post-payment basis. An NSC inspector would show up every couple of years to make sure that hours are posted and the provider has insurance. And in a worse-case scenario, which did not happen often, the Department of Justice (“DOJ”)/OIG would investigate the provider. That was about it.

My, how things have changed. Now, the HME provider is in a “house of mirrors.” The provider is constantly being looked at from a variety of angles. DME MACs, RACs, CERTs and ZPICs are routinely looking at post-payment clams. DME MACs, and particularly ZPICs, are aggressively conducting prepayment reviews. The accrediting organizations (“AOs”) are being required by CMS to ask probing questions and report to CMS and the NSC any activities that the AOs believe are improper. The ZPICs are directing DME MACs to suspend payments when the ZPICs conclude that improper activities are occurring. In response to reports from the ZPICs, the NSC is suspending/revoking supplier numbers. When conducting post-payment audits, the DME MACs and ZPICs are asking questions that go far beyond whether the provider has complete and accurate documentation. The NSC is aggressively conducting unannounced on-site inspections; in so doing, the NSC inspectors are asking questions that go beyond the rudimentary questions that have been posed in the past. Here are some examples:

A mail-order diabetic provider had payments from all four DME MACs suspended because in a post-payment audit, the ZPIC concluded that the provider’s file documentation was deficient.

An AO threatened to pull a provider’s accreditation because the AO was critical of the provider’s marketing practices. The AO informed CMS of the AO’s concerns and CMS jumped into the fray and looked at the provider’s marketing practices.

The NSC suspended a provider’s Part B supplier number as a result of being informed by a ZPIC that the provider’s documentation was inadequate…….the NSC took the position that the inadequate documentation violated the supplier standards.

In conducting a post-payment audit, the ZPIC asked for names, addresses and phone numbers of the provider’s marketing reps.

You get the picture. No matter which way the provider turns, it will be staring down the figurative barrel of the gun held by a DME MAC, a ZPIC, the NSC, an AO, and others.

Frankly, an enforcement action brought by a Medicare contractor…..or the NSC…..or an AO……is scarier than an action brought by the DOJ/OIG. Here is the reason why. Normally, it takes several years to resolve a DOJ/OIG investigation, and unless the provider has been doing things that are blatantly fraudulent, then the resolution is normally reasonable. With a DOJ/OIG enforcement action, the provider normally is able to keep its doors open. The same is often not true with an enforcement action brought by a DME MAC, ZPIC, the NSC or an AO. With the proverbial “flip of the switch,” the contractor/NSC/AO can cut off the provider’s cash flow. Even if the provider can later show that the actions by the contractor/NSC/AO were without merit, the provider will long ago have been forced to close its doors.

So what does the provider do? I wish there was a magic wand I could wave. Unfortunately, I cannot. The steps that the provider must take to reduce the chances of having its cash flow cut off are the following: (i) implement a formal corporate compliance program; (ii) conduct regular self-audits of patient files; (iii) have an outside consultant come in at least once a year to audit patient files; (iv) have a competent health care attorney review the provider’s marketing practices and relationships with referral sources to determine if there are any kickback/Stark problems; and (v) be detail-oriented (to a point of almost being paranoid) regarding completeness and accuracy of patient files.

The Patient Protection And Affordable Care Act

The Senate Health Reform Bill, H.R. 3590, entitled the “Patient Protection and Affordable Care Act” (PPACA), was passed by the U.S. Senate on December 24, 2009. The House of Representatives passed the Senate Bill on March 22, 2010, and the President signed it into law on March 23, 2010. The following is a discussion of some of the PPACA’s provisions that are relevant to HME providers.

Sec. 3136 – Revision of payment for power-driven wheelchairs. The purchase option will be available only to complex rehabilitation power wheelchairs. The purchase option will no longer be available to other power wheelchairs. Also the rental payment amounts will change from 10% of the purchase price for the first three months and 7.5% for the remaining rental months, to 15% for the first three months and 6% for the remaining rental months.

Section 3022 – Accountable Care Organizations. This section created the Medicare Shared Savings Program, which allows the Centers for Medicare and Medicaid Services (“CMS”) to contract with Accountable Care Organizations (“ACOs”) beginning January 1, 2012. On March 31, 2011, the Department of Health and Human Services (“DHHS”) released proposed regulations providing additional guidance on the implementation of the Medicare Shared Savings Program. An ACO is a group of health care providers that agree to be accountable for the quality, cost, and overall care of beneficiaries who are assigned to the ACO. ACOs are designed to improve coordination of patient care among physicians and other providers by providing a financial incentive to the ACOs to minimize expenses.

Among other requirements, an ACO must (i) have a formal legal structure (e.g., corporation or LLC), (ii) have a sufficient number of primary care professionals for the number of assigned beneficiaries (there will be at least 5000 beneficiaries assigned to each ACO), (iii) enter into an agreement to participate in the program for at least three years, and (iv) meet certain quality standards. The quality standards relate to five areas affecting patient care, including patient and caregiver experience of care, care coordination, patient safety, preventative health, and at-risk populations.

The ACO will bill and receive the traditional fee-for-service amount from Medicare. However, to encourage savings, CMS will set a benchmark amount for the ACO, and the ACO is entitled to share in any shared savings if the actual expenditures of the ACO come in under the benchmark. CMS has proposed two risk models: the one-sided risk model (the ACO will share in the savings in the first two years of the contract and share in the savings and losses the third year of the contract) and the two-sided risk model (the ACO will share in the savings and losses all three years of the contract). The ACO may choose either model, but ACOs choosing the two-sided risk model are eligible for higher sharing savings.

At this point in time, the only providers that can form ACOs are hospitals, physicians and similar professionals, such as nurse practitioners and physician assistants. The DHHS Secretary has authority to add to this list of providers. HME companies and home health agencies are not permitted to be a part of an ACO at this time and will continue to be paid the traditional fee-for-service amount. However, ACOs will be large referral sources, and HME companies/home health agencies should introduce themselves to ACOs that are in the formative stage to take full advantage of the potential for referrals.

Sec. 3401 – Productivity Improvements. Provides that, beginning with 2011, the CPI-U update will be reduced by a “productivity adjustment,” which may result in no CPI-U update for the year or payment rates for a year that are lower than the payment rates for the preceding year. The productivity adjustment is “the 10-year moving average of changes in annual economy-wide private nonfarm business multi-factor productivity (as projected by the Secretary for the 10-year period ending with the applicable fiscal year, year, cost reporting period, or other annual period).” We note that the Bureau of Labor Statistics currently maintains data on private nonfarm business multifactor productivity.

Sec. 6401 – Provider screening and other enrollment requirements for Medicare, Medicaid, and CHIP.

Provider Screening. Providers enrolling or re-enrolling in Medicare, Medicaid, or CHIP will be subject to screening measures. The Secretary is required, no later than 180 days from the date of enactment and in consultation with the OIG, to establish procedures for screening providers. The Secretary is required to determine the level of screening according to the risk of fraud, waste, and abuse with respect to each category of provider. All providers will be subject to licensure checks and, if the Secretary so determines, additional screening measures, such as criminal background checks, fingerprinting, database checks, and unscheduled and unannounced site visits. An application fee of $200 for individual providers (e.g., physician) and $500 for institutional providers and suppliers (e.g., hospital or SNF) would be imposed to cover the costs of screening. For 2011 onward, the fee will be adjusted for inflation.

To paraphrase the words of an OIG attorney, the government is moving away from “pay and chase” to “guarding the henhouse.” In the early days of the industry…in the “pay and chase” days…it was easy for a provider to obtain a Medicare Part B supplier number or a Medicare provider number. The screening process was rudimentary. A dishonest company could easily obtain a number, improperly bill Medicare, and then shut down and escape just ahead of the posse. Over the past five years, it has become more difficult for a company to obtain a supplier/provider number. Accreditation and surety bond requirements, by themselves, have weeded out many of the dishonest players. Section 6401 of the Act assists the government in achieving its goal of moving away from “pay and chase” to “guarding the henhouse.” Now, a provider must jump through multiple hoops before it is awarded a supplier/provider number: it has to purchase a surety bond; it has to become accredited; and its principals are subject to a background check (including a criminal background check and fingerprinting).

The HME and home health industries are experiencing unannounced site visits from a variety of sources: the NSC, the OIG, a state Medicaid program, an accrediting organization, or a Medicare contractor. If a provider is conducting a non-compliant, or perhaps a fraudulent, operation, there is a reasonable chance that the non-compliance/fraud will be discovered when a person walks unannounced onto the provider’s premises, eyeballs the operation, and asks for evidence that the required standards are being followed. The bottom line is this: in addition to expecting a site visit when the provider comes up for reenrollment, the provider can expect unannounced site visits on a periodic basis.

Disclosure Requirements. Providers enrolling or re-enrolling in Medicare, Medicaid, or CHIP would be subject to new disclosure requirements. Applicants would be required to disclose current or previous affiliations, directly or indirectly, with any provider that has uncollected debt, been subject to payment suspension under a federal health care program, has been excluded from participating in a Federal health care program, or has had its billing privileges denied or revoked. The Secretary may deny enrollment or re-enrollment if such affiliations pose an undue risk of fraud, waste, or abuse.

Let us look at an analogy. There is a class of physicians who are dysfunctional, incompetent and/or dishonest. These physicians bounce around from one small town to the next. A small town, that is in desperate need of a physician, will be so excited about bringing in a physician that the town will not conduct the proper background check. This will allow a physician to move to the town, cash in on whatever financial incentives that the town gives him, and then skip out to the next town once the physician’s dysfunctions start surfacing.

This analogy is appropriate because the same phenomenon occurs in the HME and home health industries. John Smith will start ABC Medical. ABC Medical will suffer serious compliance and/or financial problems and it will close its doors. Mr. Smith will then start XYZ Medical which will end up suffering the same fate as ABC. By requiring Mr. Smith to disclose past affiliations, the chances increase that he will be “outed” and will no longer be eligible for a supplier/provider number.

Offset Payments from Providers with Same Tax ID Number. The Secretary may adjust payments to a provider that has the same tax ID number as a provider that owes past-due obligations under Medicare, Medicaid, or CHIP, regardless of such provider’s Medicare billing number or NPI.

For example, assume that an HME company has three HME locations (each with a Part B supplier number), a sleep lab, and a home health agency. Assume these are divisions (“DBAs”) of the HME company; they are not separate subsidiary corporations. Assume that one of the HME locations ends up owing a substantial recoupment to CMS. In order to recover the recoupment, CMS may offset not only against the supplier number for the one HME location, but CMS may also offset against payments to be made under the other two HME supplier numbers, the sleep lab local carrier Part B number, and the home health agency provider number.

The right given to DHHS to look at multiple supplier and provider numbers, under the same corporate entity, for offset is consistent with CMS’s goal of not allowing a company or individual to escape its/his obligations by “hiding” behind a separate supplier/provider number or corporate entity. For example, the Act states that providers enrolling or re-enrolling in Medicare, Medicaid, or CHIP will be subject to new disclosure requirements. Applicants will be required to disclose current or previous affiliations, directly or indirectly, with any provider that owes money to a government program, has been excluded from participating in Federal health care programs, or has had billing privileges denied or revoked.

Temporary Moratorium. The Secretary may impose a temporary moratorium on the enrollment of new providers if the Secretary determines that such action is necessary to prevent or combat fraud, waste, or abuse.

Compliance Programs. By a date determined by the Secretary, certain providers will be required to establish a compliance program. Such compliance program must contain core elements, which will be established by the Secretary in consultation with the OIG.

There is no specific implementation timeline for DHHS to establish the core elements. CMS has, however, solicited comments from the public as recently as February 2, 2011 on issues pertaining to implementation of the core elements. Based on previously-published compliance program guidance by the OIG, the HME and home health industries can fairly accurately predict the core elements that the OIG will expect to be included in compliance programs.

Existing OIG compliance guidelines list seven required elements of an effective compliance program: written policies and procedures; designation of a compliance officer and compliance committee; conduct of effective training and education; development of effective lines of communication; enforcement of disciplinary standards; auditing and monitoring; and response to offenses and corrective action. In order to be deemed “effective,” the compliance program must be something more than a set of documents that simply restate these seven elements. These seven basic elements must be specifically implemented by the provider and be designed to address past, existing and future activities of the provider.

Once DHHS issues regulations…and a deadline…for compliance programs, it will be important for providers to “buy into” the importance of compliance. As the OIG said when it first issued its guidance: “Compliance efforts are designed to establish a culture…that promotes prevention, detection, and instances of resolution of conduct that do not conform to federal and state law…..[T]he compliance program should effectively articulate and demonstrate the [provider’s] commitment to ethical conduct. Benchmarks that demonstrate implementation and achievements are essential to any effective compliance program. Eventually, a compliance program should be part of the fabric of routine…operations.” The OIG warned that merely purchasing compliance policies is not enough: “Implementing an effective compliance program requires a substantial commitment of time, energy, and resources by senior management and by the [provider’s] governing body. Superficial programs that simply have the appearance of compliance without being wholeheartedly adopted and implemented…or…that are hastily constructed and implemented without appropriate on-going monitoring will likely be ineffective and could expose the [provider] to greater liability than no program at all.”

Sec. 6402. Enhanced Medicare and Medicaid program integrity provisions.

Reporting and Returning Overpayments. Any provider that receives an overpayment must (i) report the overpayment to the Secretary, carrier, or other appropriate person and (ii) provide written notice of the reason for the overpayment. An overpayment must be reported and returned no later than 60 days after it is identified or the date of any corresponding cost report (if applicable). Failure to do so may result in civil money penalties.

Anti-kickback Statute and False Claims Act. A claim that includes items or services resulting from a violation of the Medicare/Medicaid anti-kickback statute constitutes a false or fraudulent claim under the Civil False Claims Act (31 USC § 3729).

Surety Bonds. The Secretary must take into account the volume of billing for a DME supplier or home health agency when determining the size of the surety bond.

Sec. 6405 – Physicians who order items or services are required to be Medicare-enrolled physicians or eligible professionals. On or after July 1, 2010, HME or home health services must be ordered by a Medicare-enrolled physician or eligible professional. The Secretary may extend these requirements to other Medicare items and services to reduce fraud, waste, and abuse.

Sec. 6406. Revocation for failure to provide documentation. The Secretary may revoke enrollment of a physician or provider for failure to maintain and, upon request, provide access to documentation relating to written orders or requests for payment for HME, certifications for home health services, or referrals for other items or services written or order by such physician or supplier. Such revocation may be for longer than one year per act.

Sec. 6407 – Face-to-face encounter with patient required before physicians may certify eligibility for home health services or durable medical equipment under Medicare. As a condition of Medicare payment for HME, the physician must document that a physician, physician assistant, nurse practitioner, or clinical nurse specialist has had a face-to-face encounter with the patient during the six months prior to the written order for the HME. The Secretary may determine another reasonable timeframe and may impose the requirement to other Medicare-covered items and services. There will be similar face-to-face requirements prior to physician certification for home health services.

Sec. 6410 – Adjustments to the Medicare DMEPOS competitive acquisition program. The competitive bidding program will be expanded in round two from 79 of the largest metropolitan statistical areas (MSAs) to 100 of the largest MSAs (i.e., Round 2 will consists of the 9 MSAs from Round 1 Rebid plus 91 additional MSAs). The Secretary will be required to apply competitively bid prices to adjust payments for non-competitive bid areas nationwide by 2016.

Sec. 6411 – Expansion of the Recovery Audit Contractor (RAC) program. States must establish contracts with one or more RACs for the purpose of identifying underpayments and overpayments and recouping overpayments under the state Medicaid plan or any waiver of the state plan. The RAC program will be expanded to Medicare Parts C and D no later than December 31, 2010.

Sec. 9009 – Imposition of annual fee on medical device manufacturers and importers. (Note: this provision was replaced with an excise tax under the Health Care and Education Reconciliation Act of 2010.)

The Health Care and Education Reconciliation Act of 2010

The Health Care and Education Reconciliation Act of 2010 (the “Reconciliation Act”) was signed into law on March 30, 2010. The Reconciliation Act modified the PPACA. The following is a summary of provisions that are relevant to HME companies and home health agencies:

Sec. 1302. Repeal of Prepayment Review Limits. Previously, a Medicare administrative contractor could conduct a prepayment review only under certain circumstances. Those limits have been removed.

Sec. 1304. 90-day Enhanced Oversight for Initial DME Claims. After January 1, 2011, if the Secretary determines that there is a significant risk of fraudulent activity among suppliers of durable medical equipment, then the Secretary will withhold Medicare payment of any claims submitted by a supplier that is initially enrolling in Medicare. The Secretary will withhold such payment during the 90-day period beginning on the date of the first submission of a claim for durable medical equipment by the “new” supplier.

Sec. 1405. Excise Tax on Medical Device Manufacturers. This section replaced the annual fee on device manufacturers under the PPACA with an excise tax. A tax of 2.3% of the sales price will be imposed on the sale of any taxable medical device by the manufacturer, producer, or importer. The tax will apply to sales after December 31, 2012. Any device defined by the Federal Food, Drug, and Cosmetic Act that is intended for humans is subject to the tax, except the following items: eyeglasses; contact lenses; hearing aids; and “any other medical device determined by the Secretary to be of a type which is generally purchased by the general public at retail for individual use.

Legal Guidelines for Marketing

I. Federal

A. Statutes

1. Medicare/Medicaid Anti-Kickback Statute (42 U.S.C. § 1320a-7b) (“anti-kickback statute”)

It is a felony for a person or entity to knowingly or willfully solicit or receive any remuneration in return for referring an individual for the furnishing or arranging for the furnishing of any item for which payment may be made under a federal health care program, or in return for purchasing, leasing or arranging for or recommending the purchasing or leasing of any item for which payment may be made under federal health care programs. Likewise, it is a felony for a person or entity to knowingly or willfully offer or pay any remuneration to induce a person to refer a person for the furnishing or arranging for the furnishing of any item for which payment may be made under a federal health care program, or the purchase or lease or the recommendation of the purchase or lease of any item for which payment may be made under a federal health care program. These prohibitions do not apply to any amount paid by an employer to an employee.

2. Beneficiary Inducement Statute (42 U.S.C. § 1320a-7a (a)) (“inducement statute”)

This statute imposes civil monetary penalties upon a person or entity that offers or gives remuneration to any Medicare beneficiary (or beneficiary under a state health care program) that the offeror knows, or should know, is likely to influence the recipient to order an item for which payment may be made under a federal or state health care program. In the preamble to the regulations implementing this provision, the OIG stated that the statute does not prohibit the giving of incentives that are of “nominal value.” The OIG defines “nominal value” as no more than $10.00 per item or $50.00 in the aggregate to any one beneficiary on an annual basis. “Nominal value” is based on the retail purchase price of the item.

3. Anti-Solicitation Statute (42 U.S.C. § 1395m(a)(17)

A supplier of a covered item may not contact a Medicare beneficiary by telephone regarding the furnishing of a covered item unless (i) the beneficiary has given written permission for the contact, or (ii) a supplier has previously provided the covered item to the beneficiary and the supplier is contacting the beneficiary regarding the covered item, or (iii) if the telephone contact is regarding the furnishing of the covered item other than an item already furnished to the beneficiary, the supplier has furnished at least one covered item to the beneficiary during the preceding 15 months.

4. False Claims Act (31 U.S.C. § 3729)

Any person or entity who knowingly presents to a federal health care program a fraudulent claim for payment, or knowingly uses a false record or statement to obtain payment from a federal program, is subject to civil monetary penalties.

5. False, Fictitious or Fraudulent Claims (18 U.S.C. § 287)

Whoever makes or presents to any person or officer in the civil military, or naval service of the United States, or to any department or agency thereof, any claim upon or against the United States, or any department or agency thereof, knowing such claim to be false, fictitious, or fraudulent, shall be imprisoned not more than five years and shall be subject to a fine in the amount provided in this title.

6. Stark Statute (42 U.S.C. § 1395nn)

The “Stark” provisions of the Omnibus Budget Reconciliation Act of 1993, as amended, provide that if a physician has a financial relationship with an entity providing designated health services (“DHS”), then the physician may not refer patients to the entity unless one of the statutory or regulatory exceptions applies. Designated health services include (i) durable medical equipment, (ii) parenteral and enteral nutrients, (iii) prosthetics, orthotics and prosthetic devices and supplies, and (iv) outpatient prescription drugs, among others. There are several exceptions to Stark, including the rural exception. This provides that the Stark prohibitions do not apply in a rural area where the entity furnishes substantially all (not less than 75%) of its DHS to residents of the rural area.

B. Safe Harbors

Safe harbor regulations issued under the anti-kickback statute provide “bright line” tests defining arrangements that do not violate the statute. If a business arrangement clearly falls within a safe harbor, then it is not violative of the anti-kickback statute. If the arrangement does not clearly fall within a safe harbor, then it must be examined in light of the anti-kickback statute and related court decisions to determine if it violates the statute. Of the various safe harbors, five are particularly pertinent to suppliers.

1. Small Investment Interests

For investments in small entities, “remuneration” does not include a return on the investment if a number of standards are met, including the following: (i) no more than forty percent of the investment can be owned by persons who can generate business for or transact business with the entity, and (ii) no more than forty percent of the gross revenue may come from business generated by investors.

2. Space Rental

Remuneration does not include a lessee’s payment to a lessor as long as a number of standards are met, including the following: (i) the lease agreement must be in writing and signed by the parties, (ii) the lease must specify the premises covered by the lease, (iii) if the lease gives the lessee periodic access to the premises, then it must specify exactly the schedule, the intervals, the precise length, and the exact rent for each interval, (iv) the term must be for not less than one year, and (v) the aggregate rental charge must be set in advance, be consistent with fair market value, and must not take into account business generated between the lessor and the lessee.

3. Equipment Rental

Remuneration does not include any payment by a lessee of equipment to the lessor of equipment as long as a number of standards are met, including the following: (i) the lease agreement must be in writing and signed by the parties, (ii) the lease must specify the equipment, (iii) for equipment to be leased over periods of time, the lease must specify exactly the scheduled intervals, their precise length and exact rent for each interval, (iv) the term of the lease must be for not less than one year, and (v) the rent must be set in advance, be consistent with fair market value, and must not take into account any business generated between the lessor and the lessee.

4. Personal Services and Management Contracts

Remuneration does not include any payment made to an independent contractor as long as a number of standards are met, including the following: (i) the agreement must be in writing and signed by the parties, (ii) the agreement must specify the services to be provided, (iii) if the agreement provides for services on a sporadic or part-time basis, then it must specify exactly the scheduled intervals, their precise length and the exact charge for each interval, (iv) the term of the agreement must be for not less than one year, (v) the compensation must be set in advance, be consistent with fair market value, and must not take into account any business generated between the parties, and (vi) the services performed must not involve a business arrangement that violates any state or federal law.

5. Employees

Remuneration does not include any amount paid by an employer to an employee, who has a bona fide employment relationship with the employer, for employment in the furnishing of any item or service for which payment may be made, in whole or in part, under Medicare or under a state health care program.

C. OIG Advisory Opinions

A health care provider may submit to the OIG a request for an advisory opinion concerning a business arrangement that the provider has entered into or wishes to enter into in the future. In submitting the advisory opinion request, the provider must give to the OIG specific facts. In response, the OIG will issue an advisory opinion concerning whether or not there is a likelihood that the arrangement will implicate the anti-kickback statute. Although advisory opinions may not be relied on by anyone except the requesting parties, they provide valuable insight into the OIG’s views on certain kinds of arrangements. Past advisory opinions are available online at http://oig.hhs.gov/fraud/advisoryopinions.html.

D. OIG Special Fraud Alerts and Special Advisory Bulletins

From time to time, the OIG publishes Special Fraud Alerts and Special Advisory Bulletins that discuss business arrangements that the OIG believes may be abusive, and educate the DME and pharmacy industries concerning fraudulent and/or abusive practices that the OIG has observed and is observing in the industry. These documents reflect the OIG’s opinions regarding the application of the fraud and abuse laws. Some of the Special Fraud Alerts and Special Advisory Bulletins relevant to the supplier are the following:

1. Special Fraud Alert: Joint Venture Arrangements

The OIG’s first Fraud Alert, issued in 1989, concerned joint venture arrangements between clinical laboratories, suppliers and other providers and their referral sources. In the 1980s, it was common for a supplier to enter into a partnership with a hospital or other entity to form a new supplier. The investors would invest little capital in the partnership, which would contract out substantially all of its operations to the DME investor. In the OIG’s view, these ventures were not legitimate businesses, but simply mechanisms to lock up referral streams and compensate referral sources for referring business, in violation of the anti-kickback statute. The Fraud Alert included a list of “questionable features” which could suggest an anti-kickback violation. Those questionable features included selection of investors on the basis of their ability to generate referrals; an investor engaged in the same line of business as the venture and acting as a subcontractor; and disproportionately large returns on small investments.

2. Special Fraud Alert: Routine Waiver of Copayments or Deductibles under Medicare Part B

In this Special Fraud Alert, the OIG stated that routine waiver of Medicare cost-sharing amounts “is unlawful because it results in (1) false claims, (2) violations of the anti-kickback statute, and (3) excessive utilization of items and services paid for by Medicare.” It listed some “suspect marketing practices” including advertisements stating “Medicare Accepted As Payment in Full” or “No Out-Of-Pocket Expense;” routine use of “financial hardship” forms with no good faith attempt to determine the beneficiary’s actual financial condition; and collection of copayments and deductibles only from beneficiaries who have Medicare supplemental insurance. Waiver of copayments is a significant issue for suppliers of high-cost DME, particularly power wheelchairs and scooters, because high copayments (approximately $1000.00 in the case of a K0011 power wheelchair) are a major disincentive to potential customers.

3. OIG’s April 2003 Special Advisory Bulletin: Contractual Joint Ventures

In April 2003, the OIG published a Special Advisory Bulletin entitled “Contractual Joint Ventures.” The Advisory Bulletin focuses on a situation where a health care provider in one line of business (“Owner”) expands into a related line of business by contracting with an existing provider (“Manager”). The Owner’s line of business is to provide new products to the Owner’s existing patient base. The Manager not only manages the new line of products, but also supplies the Owner with inventory, employees, physical space, billing and other services. In essence, the Owner contracts out substantially the entire operation to the Manager and the Owner pockets the profits from this new line of business. These ventures are very similar to those described in the 1989 Special Fraud Alert, except that the supplier does not own equity in the venture.

According to the bulletin, the practical effect of the relationship between the Owner and the Manager is for the Owner to have the opportunity to bill for business that is, in reality, provided by either the Manager or by a “joint venture” formed by the Owner and Manager. According to the bulletin, the OIG looks at this type of arrangement as nothing more than a kickback, with remuneration (in form of profits retained by the Owner) flowing back to the Owner.

Therefore, if a provider desires to open up a mail order respiratory pharmacy, then it must assume financial risk and operational responsibilities in operating the pharmacy, Likewise, if a hospital contracts with a provider for management services for the hospital’s HME operation, then while the provider can provide certain management and administrative services, the financial risk and operational responsibilities of the HME operation must be borne by the hospital.

4. Special Fraud Alert: Rental of Space in Physician Offices by Persons or Entities to Which Physicians Refer

A number of providers rent space in the offices of physicians or other practitioners. The OIG is concerned that in such arrangements, the rental payments may be disguised kickbacks to the physician in violation of the anti-kickback statute. One of the specific concerns of the OIG is “consignment closet” arrangements between providers and physicians. It is common for providers to place certain items of equipment and supplies in physicians’ offices for the convenience of physicians and patients. If a patient needs crutches, for example, the physician can dispense the crutches at the time of the office visit. The physician’s office then informs the provider, which bills for the crutches and replenishes the consignment closet inventory. These arrangements serve a legitimate purpose, but in the past some providers paid excessive amounts of rent to the physicians for the space used to store the consignment inventory, as a way of disguising payments for referrals.

The questionable features of suspect rental arrangements for space in physicians’ offices may be reflected in three areas: (1) the appropriateness of rental agreements; (2) the rental amounts; and (3) time and space considerations. Separately or together, specific details of these arrangements may result in an arrangement that violates the anti-kickback statute. The Space Rental safe harbor to the anti-kickback statute can protect legitimate arrangements. Arrangements for office equipment or personal services of physicians’ office staff can also be structured to comply with the Equipment Rental safe harbor and Personal Services and Management Contracts safe harbor.

5. Offering Gifts and Other Inducements to Beneficiaries

A person who offers or transfers to a Medicare or Medicaid beneficiary any remuneration that the person knows or should know is likely to influence the beneficiary’s selection of a particular provider, practitioner, or supplier of Medicare or Medicaid payable items or services may be liable for civil money penalties. The statute and implementing regulations contain a limited number of exceptions.

Unless a provider’s practices fit within an exception or are the subject of a favorable advisory opinion, any gifts or free services to beneficiaries should not exceed $10 per item and $50 annually. The OIG is considering the possibility of safe harbors for two kinds of arrangements: complimentary local transportation and government-sponsored clinical trials.

6. Telemarketing by Durable Medical Equipment Suppliers

The beneficiary inducement statute prohibits HME suppliers from making unsolicited telephone calls to Medicare beneficiaries regarding the furnishing of a covered item, except in three specific situations: (i) the beneficiary has given written permission to the supplier to make contact by telephone; (ii) the contact is regarding a covered item the supplier has already furnished the beneficiary; or (iii) the supplier has furnished at least one covered item to the beneficiary during the preceding fifteen months. The statute also specifically prohibits payment to a supplier that knowingly submits a claim generated pursuant to a prohibited telephone solicitation. Accordingly, such claims for payment are false and violators are potentially subject to criminal, civil, and administrative penalties, including exclusion from federal health care programs.

Suppliers cannot do indirectly that which they are prohibited from doing directly. A supplier is responsible for verifying that marketing activities performed by third parties with whom the supplier contracts or otherwise does business do not involve prohibited activity and that information purchased from such third parties was neither obtained, nor derived, from prohibited activity. If a claim for payment is submitted for items or services generated by a prohibited solicitation, both the supplier and the telemarketer are potentially liable for criminal, civil, and administrative penalties for causing the filing of a false claim.

Special Fraud Alerts and Special Advisory Bulletins are available online at http://oig.hhs.gov/fraud/fraudalerts.html.

E. Supplier Standards

1. Supplier Standard No. 1.

An HME supplier must operate its business in compliance with applicable federal and state statutory and regulatory requirements.

2. Supplier Standard No. 11

An HME supplier may not directly solicit a Medicare beneficiary. A supplier may call a beneficiary only if one of the following exceptions applies: (1) the beneficiary has given written permission; or (ii) the supplier has furnished a Medicare-covered item to the beneficiary and the supplier is contacting the beneficiary to coordinate delivery of the item.

II. States

All states have enacted statutes prohibiting kickbacks fee splitting, patient brokering, or self-referrals. Some statutes refer to definitions and standards found in the federal statutes while others are materially different. Some state statutes apply only when the payor is a state health care program, while other statutes apply regardless of the identity of the payor.

Texas has an anti-kickback statute that applies regardless of payor. Tex. Occ. Code § 102.001(a) provides in relevant part:

A person commits an offense if the person knowingly offers to pay or agrees to accept, directly or indirectly, overtly or covertly any remuneration in cash or in kind to or from another for securing or soliciting a patient or patronage for or from a person licensed, certified, or registered by a state health care regulatory agency.

The above statute adopts the exceptions and safe harbors to the Medicare/Medicaid Anti-kickback Statute. Tex. Occ. Code § 102.003 provides:

Section 102.001 permits any payment, business arrangement, or payment practice permitted by 42 U.S.C. Section 1320a-7b(b) or any regulation adopted under that law.

In addition, Texas also has an anti-kickback statute that applies only to the Texas Medicaid program. Tex Hum. Res. Code § 32.039 provides, in relevant part:

(a) In this section:
(1-a) “Inducement” includes a service, cash in any amount, entertainment, or any item of value…
(b) A person commits a violation if the person…
(1-a) engages in conduct that violates Section 102.001, Occupations Code;
(1-b) solicits or receives, directly or indirectly, overtly or covertly any remuneration, including any kickback, bribe, or rebate, in cash or in kind for referring an individual to a person for the furnishing of, or for arranging the furnishing of, any item or service for which payment may be made, in whole or in part, under the medical assistance program, provided that this subdivision does not prohibit the referral of a patient to another practitioner within a multispecialty group or university medical services research and development plan (practice plan) for medically necessary services;
(1-c) solicits or receives, directly or indirectly, overtly or covertly any remuneration, including any kickback, bribe, or rebate, in cash or in kind for purchasing, leasing, or ordering, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item for which payment may be made, in whole or in part, under the medical assistance program;
(1-d) offers or pays, directly or indirectly, overtly or covertly any remuneration, including any kickback, bribe, or rebate, in cash or in kind to induce a person to refer an individual to another person for the furnishing of, or for arranging the furnishing of, any item or service for which payment may be made, in whole or in part, under the medical assistance program, provided that this subdivision does not prohibit the referral of a patient to another practitioner within a multispecialty group or university medical services research and development plan (practice plan) for medically necessary services;
(1-e) offers or pays, directly or indirectly, overtly or covertly any remuneration, including any kickback, bribe, or rebate, in cash or in kind to induce a person to purchase, lease, or order, or arrange for or recommend the purchase, lease, or order of, any good, facility, service, or item for which payment may be made, in whole or in part, under the medical assistance program;
(1-f) provides, offers, or receives an inducement in a manner or for a purpose not otherwise prohibited by this section or Section 102.001, Occupations Code, to or from a person, including a recipient, provider, employee or agent of a provider, third-party vendor, or public servant, for the purpose of influencing or being influenced in a decision regarding: (A) selection of a provider or receipt of a good or service under the medical assistance program; (B) the use of goods or services provided under the medical assistance program; or (C) the inclusion or exclusion of goods or services available under the medical assistance program.

For comparison, the state of New Jersey has only one anti-kickback statute, and the statute applies only to the state Medicaid program. N.J. Stat. Ann. § 30:4D-17 (1968) provides, in relevant part:

(c)Any provider, or any person, firm, partnership, corporation or entity who solicits, offers, or receives any kickback, rebate or bribe in connection with:

(1)The furnishing of items or services for which payment is or may be made in whole or in part under this act [Medicaid]; or
(2)The furnishing of items or services whose cost is or may be reported in whole or in part in order to obtain benefits or payments under this act; or
(3)The receipt of any benefit or payment under this act, is guilty of a high misdemeanor and, upon conviction thereof, shall be liable to a penalty of not more than $10,000.00 or to imprisonment for not more than 3 years or both.
This subsection shall not apply to (A) a discount or other reduction in price under this act if the reduction in price is properly disclosed and appropriately reflected in the costs claimed or charges made under this act; and (B) any amount paid by an employer to an employee who has a bona fide employment relationship with such employer for employment in the provision of covered items or services.

Use of Employees

It is acceptable for a provider to pay commissions, bonuses and other production-based compensation to bona fide full-time and part-time employees who market the company’s products and services. There is a specific exception to the anti-kickback statute for payments to bona fide employees. Likewise, there is an “employee” safe harbor that provides that payments to a bona fide employee do not constitute illegal remuneration in violation of the anti-kickback statute. Normally, marketing through a bona fide employee is acceptable under state statutes. The reasoning behind this exception and safe harbor is that an employer has the duty to train, control and supervise its employees. In addition, under the doctrine of respondeat superior, an employer is liable for the acts of its employees that are conducted within the course and scope of the employees’ employment. As a result, the employer is motivated to exercise control over its marketing employees.

It is critical that the employee be a “bona fide” employee as opposed to being a “sham” employee. The IRS has published extensive guidance that addresses whether a person is an employee or an independent contractor. In scrutinizing whether a person is an employee versus an independent contractor, the government (e.g., the Department of Justice and the OIG) will look at “substance over form.” For example, if an HME company has a written employment agreement with a person, withholds taxes and Social Security from the person’s paycheck, and issues a W2 to the person, such factors by themselves do not establish an employment relationship. Other important factors are whether the employer is supervising, training and controlling the employee. Therefore, if the company calls a person an employee and pays the person as if he or she is an employee, but otherwise treats the employee as if he or she is an independent contractor, then the government will likely conclude that the person is an independent contractor.

If a provider pays commissions, bonuses and other production-based compensation to an independent contractor to market to Medicare/Medicaid patients, then the anti-kickback statute will likely be violated. The only possible mechanism for a provider to pay an independent contractor (a person who receives a 1099) for marketing to Medicare/Medicaid patients is for the company to pay a fixed annual fee to the contractor that is the fair market value equivalent of the person’s efforts, not his or her results. In other words, the relationship with the independent contractor needs to fall within the guidelines of the Personal Services and Management Contracts safe harbor.

Assume that the independent contractor wishes to market only to commercial/cash-paying patients. This is acceptable unless applicable state law says otherwise.

Use of Independent Contractors

As discussed above, a provider cannot pay commissions, bonuses or other production-based payments to independent contractors for marketing to Medicare/Medicaid patients. To do so would violate the anti-kickback statute. The only mechanism to pay an independent contractor for marketing to Medicare/Medicaid patients is to fit (or substantially fit) the relationship within the Personal Services and Management Contracts safe harbor. Among other requirements, payment to the independent contractor must be fixed one year in advance and must be the fair market value equivalent of the contractor’s services. As discussed above, an independent contractor can market to commercial/cash-paying customers only if there is no state law that says otherwise.

Employee Liaison

A provider/pharmacy may designate an employee to be on the hospital/physician office premises for a certain number of hours each week. The employee may educate the hospital/physician staff regarding home health services or medical equipment (to be used in the home) and related services. The employee may also work with a patient, after a referral is made to the provider (but before the patient is discharged/leaves the physician’s office), in order for there to be a smooth transition when the patient goes home. The employee liaison may not assume responsibilities that the hospital/physician is required to fulfill. Doing so will save the hospital/physician money, which will likely constitute a violation of the Medicare/Medicaid anti-kickback statute.

Medical Director Agreement

A provider can enter into an independent contractor Medical Director Agreement (“MDA”) with a physician, even if the physician is a referral source. The MDA must comply with the (i) Personal Services and Management Contracts safe harbor and (ii) the Personal Services exception to Stark II. Among other requirements:

The MDA must be in writing and must have a term of at least one year.

The compensation to the physician must be fixed a year in advance and it must be the fair market equivalent of the actual services rendered.

The physician must render actual, necessary and substantive services to the HME company/pharmacy.

The compensation paid by the HME company/pharmacy to the physician must bear no resemblance to referrals by the physician.

Purchase of Internet Leads

In order to cut marketing expenses, an increasing number of HME companies are cutting back on “sending sales reps into the field” and are focusing on purchasing leads. Basically, what this means is that a lead generation company (“ABC”) compiles a list of names, addresses, phone numbers, and other information about individuals who have expressed an interest in a particular product line (e.g., diabetic supplies). Some of the prospective customers are covered by Medicare, while others are covered by commercial insurance. ABC sells the list to XYZ Medical; XYZ, in turn, calls the names on the list. The compensation paid by XYZ to ABC is on a “per lead” basis (e.g., $10 per name).

ABC may manage a number of websites that can be reviewed by prospective customers. A prospective customer can type in his/her name and contact information and check a box indicating the prospective customer’s consent to be called by a DME company. Prospective customers can “cut out, sign and mail” to ABC forms out of newspapers, magazines and direct mail pieces that contain the prospective customer’s name and contact information and gives the prospective customer’s consent to be called by a DME company. Prospective customers can call ABC on a toll-free telephone number in response to television, internet, radio and print ads. ABC can purchase lists of leads from other companies that acquire leads.

42 U.S.C. § 1320a-7b(b), commonly known as the Medicare anti-kickback statute, provides that it is a felony for a person or entity to knowingly and willfully offer or pay any remuneration to induce a person to refer an individual for the furnishing or arranging for the furnishing of any item for which payment may be made under a Federal health care program, or the purchase or lease or the recommendation of the purchase or lease of any item for which payment may be made under a Federal health care program. Many courts have adopted the “one purpose” test: if one purpose of a payment is to induce referrals, then the anti-kickback statute is violated regardless of whether the payment is fair market value for legitimate services rendered.

On November 5, 2008, the Office of Inspector General (“OIG”) issued Advisory Opinion 08-19 discussing internet leads in the context of the anti-kickback statute. The proposed arrangement involved one or more websites to which patients interested in chiropractic services would enter their zip code. The website would then display assigned phone numbers and e-mail addresses of chiropractors within the zip code indicated. When the patient calls the phone number or sends an e-mail, the call or e-mail is routed to the listed chiropractor (and electronically tracked by the advertiser). The advertiser is paid a “per lead” fee based on the routed call or e-mail. In the Opinion, the OIG indicated that it would not seek enforcement action against the parties for the arrangement proposed in the Opinion. We highlight some of the factors that were important to the OIG. First, the advertiser in the Opinion does not collect “health care information” on the potential patient. Second, the arrangement in the Opinion passively routes calls/e-mails initiated by the lead. Third, the arrangement in the Opinion does not actively “steer” patients to a particular provider.

Looking at the anti-kickback statute and the Advisory Opinion together, it appears that the OIG is comfortable with a DME company paying compensation, on a per lead basis, for “unqualified” leads. Generally, an unqualified lead will consist of name, address, phone number, and the prospective customer’s interest in talking to the DME company about its products. An “unqualified” lead will start moving into the “qualified” category as ABC gathers specific information from the prospective customer, such as (i) age; (ii) third-party coverage; (iii) diagnosis of illness/disability; (iv) products/equipment currently being used; and (v) treating physician’s name. While the purchase of an unqualified (or “raw”) lead is exactly what it is…the purchase of a lead, the purchase of a qualified lead can be construed as the payment for a “referral.” The percentage chance of an unqualified lead becoming a paying customer of the DME company will be low; conversely, the percentage chance of a qualified lead becoming a paying customer will be much higher. Note that a DME company can purchase qualified leads from ABC if the arrangement meets the requirements of the Personal Services and Management Contracts safe harbor to the anti-kickback statute. Among other requirements, the compensation must be fixed one year in advance (e.g., $50,000 over the next 12 months), the compensation must be the fair market value equivalent of ABC’s services, and the compensation cannot take into account the volume of referrals to be generated by ABC.

The arrangement needs to be examined within the context of 42 U.S.C. § 1395m(a)(17), commonly known as the Medicare anti-solicitation statute, which prohibits a DME company from contacting a Medicare beneficiary by telephone concerning the furnishing of a covered item of DME unless (i) the beneficiary has given “written permission” for the contact; (ii) the DME company is contacting the beneficiary only about an item the company has already provided to the beneficiary; or (iii) the DME company has provided at least one covered item to the beneficiary during the 15 months immediately preceding the contact. Exceptions “(ii)” and “(iii)” will not apply to the phone calls to be made by the DME company to the leads; “(i)” is the only applicable exception.

The question, therefore, is whether the DME company has “written permission” to call the lead. If the prospective customer checks a box on a web page that clearly shows his/her consent to be called (not just “contacted”) by the DME company (that ends up calling the prospective customer), then a credible argument can be made that the prospective customer’s “electronic signature” complies with the federal Electronic Signatures in Global and National Commerce Act and, as a result, constitutes “written permission” under the anti-solicitation statute. Likewise, if a prospective customer calls a toll-free number and, over the phone, consents to be called by a DME company (that ends up calling the prospective customer), then it is unlikely that the government will assert that the anti-solicitation statute is violated. The prudent course of action will be for the phone calls to be recorded.

The arrangement also needs to be examined within the context of the Health Insurance Portability and Accountability Act of 1996, 42 USC § 1320d, and the corresponding regulations contained in title 45, Code of Federal Regulations, parts 160 and 164 (collectively “HIPAA”). A DME company is subject to the requirements of HIPAA. HIPAA prohibits the use or disclosure of protected health information (“PHI”) not specifically permitted or required by HIPAA. PHI includes information that is created or received by a health care provider (such as a DME company) that –

Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual

45 C.F.R. § 164.103.

This definition would encompass identification and contact information for a lead, as well as the information that relates to the lead’s interest in DME. Therefore, the DME company’s use of the information is subject to HIPAA.

HIPAA defines “marketing” to include “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” 42 C.F.R. § 164.501. HIPAA prohibits use of PHI for marketing, unless the covered entity (i.e., DME company) obtains written authorization from the potential customer prior to making such communication. The discussion in Answer #4, regarding the prospective customer’s consent, applies here.

The contract between ABC and the DME company should include the following: (i) ABC represents to the DME company that leads it purchases from other lead companies, and subsequently sells to the DME company, properly gave their consent to be called by a DME company; (ii) ABC represents that leads it obtains on its own properly gave their consent to be called by a DME company; (iii) the DME company has the right to audit ABC’s operations to ascertain if the leads (sold to the DME company by ABC) properly gave their consent to be called by a DME company; and (iv) ABC indemnifies the DME company against any claims made against the DME company on the basis that a lead did not give his/her consent to be called.

Provisions of Discounts to Cash Customers

Increasingly, HME companies are moving into the “cash and carry” market. That is, companies are striving to sell items to non-Medicare customers who desire to pay cash. Because of the cost-savings resulting in not having to submit claims to Medicare, HME companies price products, that are sold for cash, less than the Medicare allowable for the same items. In so doing, however, it is important that the company adhere to OIG guidance addressing discounts to cash customers.

An HME company is prohibited from charging Medicare substantially in excess of the company’s usual charges, unless there is good cause. See 42 U.S.C. § 1320a-7(b)(6)(A); 42 CFR § 1001.701(a)(1). The current regulations do not give any guidance on what constitutes “substantially in excess” or “usual charges.” “[U]nusual circumstances or medical complications requiring additional time, effort, expense” would be considered good cause. 42 CFR § 1001.701(c)(1). An HME company that violates this prohibition is subject to exclusion from federal health care programs. 42 CFR § 1001.701(a).

While there have been some efforts by the OIG to define “substantially in excess” and “usual charges,” no final rule has been issued. In a 1998 advisory opinion, the OIG said that charging Medicare 21% – 32% more than cash-and-carry customers would likely violate the statute, and suggested that a “useful benchmark” was to compare the profit margins on a cash sale and a Medicare sale. OIG Advisory Opinion No. 98-8 (July 6, 1998) (“Opinion 98-8”). According to the OIG, the statute would not be violated if the profit margin on a Medicare sale was less than or equal to the margin on the cash sale. In another advisory opinion the following year, dealing with laboratory services, the OIG said that the test was whether “the charge to Medicare or Medicaid substantially exceeds the amount the laboratory most frequently charges or has contractually agreed to accept from non-Federal payors.” OIG Advisory Opinion No. 99-13 (Nov. 30, 1999). In a guidance letter issued in 2000, the OIG’s chief counsel said that the law could be violated if “a provider’s charge to Medicare is substantially in excess of its median non-Medicare/Medicaid charge.” Letter to American Ambulance Ass’n. (April 20, 2000).

The most recently proposed rules contemplate the “usual charge” to be either the average or median of the supplier’s charges to payors other than Medicare (and some others). See generally 68 FR 53939 (Sept. 15, 2003). Under these proposed rules, an HME company’s usual charge should not be less than 83% of the Medicare fee schedule amount (i.e., up to a 17% discount from the Medicare fee schedule). There would be an exception for good cause, which would allow a company’s usual charges to be less than 83% of the Medicare fee schedule, if the company can prove unusual circumstances requiring additional time, effort or expense, or increased costs of serving Medicare and Medicaid beneficiaries.

The proposed rules would include charges of affiliate companies into the calculation of a supplier’s usual charges. An affiliated company is any entity that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with the HME company. The proposed rules explicitly exclude fees set by Medicare, State health care programs, and other Federal health care programs (except TriCare). By implication, charges not specifically excluded will be included. However, CMS declined to promulgate the proposed rules into a final rule. 72 FR 33430, 33432 (June 18, 2007).

Based on the above discussion, there is no bright line rule (e.g. 17% discount) when a discount will require a showing of good cause. It is reasonable to infer, however, that a relatively large differential between Medicare and non-Medicare prices will more readily be viewed as “substantially in excess.” There is also no clear guidance on what would constitute good cause. In Opinion 98-8, the suppliers justified the price differential by stating that furnishing Medicare beneficiaries involved significant additional costs: documentation requirements, claims processing, and delivery and distribution. The OIG responded that the supplier’s charges to Medicare for some products would be substantially in excess of its usual charges. While the OIG agreed that the additional costs incurred by the suppliers “solely attributable to complying with Medicare requirements may constitute ‘good cause,’ there was insufficient information for the OIG to determine “whether [the suppliers’] proposed fee structure is sufficiently related to its anticipated additional costs attributable to Medicare….” This suggests that the OIG would scrutinize an HME company’s financials closely if the company asserted cost savings to justify its discount to other customers. Therefore, an HME company that intends on relying on costs savings to show good cause should anticipate such scrutiny.

Another issue is whether the entity operating the retail business could be organized or structured to insulate affiliated companies from liability under the substantially in excess regulations. Opinion 98-8 involved parent and subsidiary suppliers. Only the subsidiary intended on becoming a Medicare supplier and furnishing DME to Medicare beneficiaries; the parent intended on continuing to serve only non-Medicare customers. Nevertheless, the OIG made it clear that the parent’s prices would be considered in its analysis. The proposed rule also indicated that CMS considers the prices of affiliate companies in its analysis. While the guidance discussed is not binding law, the OIG and CMS have been consistent in their treatment of affiliate organizations. Consequently, it is unlikely that an HME company may insulate itself by forming a separate legal entity to operate the retail business.

Joint Venture

The government may carefully scrutinize a joint venture between providers in order to ensure that the venture is not merely a sham whereby one entity is paying remuneration to the other entity in exchange for the referral of customers.

The safe harbor applicable to joint ventures is the Small Investment Interest safe harbor, which requires that (i) no more than 40% of the investment may be owned by persons who can generate business for or transact business with the entity; and (ii) no more than 40% of the gross revenue may come from business generated by the investors. This is known as the “60-40” rule.

It is rare that a joint venture will fit within the Small Investment Interest safe harbor because it is difficult to meet the “60-40” rule. If the Small Investment Interest safe harbor is not met, then the government will examine the joint venture under the “one purpose” test. The basic inquiry under this test is whether one purpose of the arrangement is to induce referrals. In deciding whether to exercise its discretion to bring an enforcement action against the parties to a joint venture, the government will look to see whether the venture complies with the guidelines of the OIG’s 1989 Special Fraud Alert.

Physician Ownership in HME Company

Under Stark, a physician cannot have an ownership interest in an HME company and also refer to it. As an exception, if the HME company is located in a rural area, and if at least 75% of the company’s products and services are provided to residents of the rural area, then it is acceptable for the physician to have an ownership interest in the HME company and also refer to it.

Physician Ownership in Sleep Lab

A polysomnography does not fall within the Stark definition of DHS. Therefore, Stark does not prohibit a physician from having an ownership interest in a sleep lab, even if the sleep lab is receiving money from Medicare and Medicaid. However, a CPAP falls under DME which, in turn, falls within the definition of DHS. Therefore, if a physician has an ownership interest in a sleep lab and refers to it, then the sleep lab cannot also sell CPAPs and related supplies to Medicare/Medicaid customers.

Joint Ownership of a new HME Operation by a Hospital and an Existing HME Company

A hospital and an existing HME company may jointly set up and own a new HME operation (e.g., on the hospital’s premises) so long as the OIG’s 1989 Special Fraud Alert (Joint Ventures) and 2003 Special Advisory Bulletin (Contractual Joint Ventures) are met. Among other requirements, both owners will need to invest risk capital; the hospital cannot be required to refer patients to the new venture; the existing HME company cannot run the new venture on a turnkey basis; and the hospital must insure patient choice.

Loan/Consignment Closets

An HME company may place inventory in an office or facility that is not owned by a physician or non-physician practitioner. The inventory must be for the convenience only of the office’s/facility’s patients and the office/facility cannot financially benefit, directly or indirectly, from the inventory. It is important that the office/facility ensure patient choice. Technically, the HME company can pay rent to the office/facility so long as the rental agreement complies with the Space Rental safe harbor. However, from a practical standpoint, because the physical space utilized by the placement of the inventory is so small, it is preferable for the HME company to pay no rent to the office/facility.

Steps to Reduce the Risk of Being Subjected to an Audit or Investigation

Effective Corporate Compliance Program

Overview of Compliance

During the course of the past 36 months, HME providers have faced an increasingly difficult landscape in which to conduct business. Increasing pressure on providers resulting from changes to reimbursement methodology, implementation of national competitive bidding, implementation of mandatory accreditation, increasingly stringent documentation guidelines, and aggressive post-payment audits and prepayment reviews have all played a part in forcing HME providers to improve the way they do business and eliminate potential sources of liability. For many HME providers, liability arising from Medicare billing practices is a significant concern. The laws and regulations governing health care providers in the United States are staggering in both their volume and their complexity. For many providers, keeping up with the changes to such laws and regulations seems a sometimes insurmountable task.

Providers are not the only ones interested in compliance with federal laws and regulations. The Office of the Inspector General (“OIG”) for the Department of Health and Human Services (“DHHS”) stressed the importance of compliance programs by issuing guidance to various provider and supplier types concerning the implementation of compliance programs. The OIG’s compliance program guidance for the HME industry was issued in June of 1999. According to this guidance, the OIG stated:

Compliance efforts are designed to establish a culture within a DMEPOS supplier that promotes prevention, detection, and instances of resolution of conduct that do not conform to federal and state law, and federal, state and private payor heath care program requirements, as well as the DMEPOS supplier’s ethical and business policies. In practice, the compliance program should effectively articulate and demonstrate the DMEPOS supplier’s commitment to ethical conduct. Benchmarks that demonstrate implementation and achievements are essential to any effective compliance program. Eventually, a compliance program should be part of the fabric of routine DMEPOS supplier operations.

This language helps to highlight the importance that the OIG places on implementation of compliance programs and the role such a program plays in a HME company’s operation. However, merely purchasing compliance policies is not enough. According to the OIG:

Implementing an effective compliance program requires a substantial commitment of time, energy, and resources by senior management and by the DMEPOS supplier’s governing body. Superficial programs that simply have the appearance of compliance without being wholeheartedly adopted and implemented by the DMEPOS supplier or programs that are hastily constructed and implemented without appropriate on-going monitoring will likely be ineffective and could expose the DMEPOS supplier to greater liability than no program at all.

The Patient Protection and Affordable Care Act (“PPACA”) states that by a date to be set by the Secretary of the Department of Health and Human Services, HME providers will be required to adapt and implement a corporate compliance program. The compliance program will be required to contain core elements to be established by the Secretary. This implementation date has not yet been set.

Why Implement a Compliance Program

Many companies wonder why compliance programs are important to their operation. A very simple answer to this question can be found by reading the quality standards for HME providers issued on August 14, 2006. According to the final quality standards:

The supplier shall implement business practices to prevent and control fraud, waste and abuse by:

Using procedures that articulate standards of conduct to ensure the organization’s compliance with applicable laws and regulations; and

Designating one or more individuals in leadership position to address compliance issues.

In addition to the requirements of the final quality standards, there are several other reasons that corporate compliance programs are beneficial to HME providers:

Adopting a compliance program concretely demonstrates to the community at large that a provider has a strong commitment to honesty and responsible corporate citizenship.

Compliance programs reinforce employees’ innate sense of right and wrong. With very few exceptions, a person goes to work for an HME provider to be productive, grow as an employee, and be recognized by his/her employer. The person does not go to work with the intention of submitting a complaint to the government, or with the intent of filing a qui tam (whistleblower) lawsuit. Normally, the employee is motivated when he/she believes that his/her employer is serving patients in an ethical manner. Only when the employee becomes disillusioned does he/she consider a drastic action such as filing a qui tam.

An effective compliance program helps a provider fulfill its legal duty to government and commercial payors. If a government agency (such as Medicare or Medicaid) concludes that an HME provider is breaching its duty, then the consequences can be severe: freezing and offset of future payments; recoupment; suspension of Medicare Part B supplier number; termination of commercial payor contract; lawsuit under the False Claims Act (potential liability of $5,500 to $11,000 per claim); or a criminal case. In a sense, an effective compliance program serves as the “canary in the mine shaft.” If an employee senses that something is wrong, then the concern can be addressed before it becomes a major problem.

Compliance programs are cost effective. Look at it from a “cost-benefit” standpoint. The money and time that the provider will spend to implement a compliance program and hire a compliance officer is far less expensive than the potential consequences discussed in the preceding bullet.

A compliance program provides a more accurate view of employee behavior relating to fraud and abuse.

The quality of care provided to patients is enhanced by an effective compliance program.

A compliance program provides procedures to promptly correct misconduct. Every provider will make mistakes on a periodic basis. The key is to catch the mistakes early or so that they do not become serious. It is one thing to incorrectly bill for a product 10 times over a 45-day period. It is another thing to incorrectly bill for a product 1,000 times over a two-year period. The former will result in a routine voluntary recoupment. The latter can result in a False Claims Act allegation, freezing or offsetting of payments, or suspension of a supplier number. Again, think of the “canary in the mine shaft.”

An effective compliance program may mitigate sanctions imposed by the government. If the provider has made mistakes, and the mistakes have caught the attention of the Department of Justice (“DOJ)/OIG, then the repercussions can be severe. DOJ/OIG attorneys have a great deal of “prosecutorial discretion.” They can be lenient, or they can be harsh. The government attorneys may be inclined to be lenient if they conclude that the HME provider is a “good citizen” that is trying hard. A key factor to lead the government attorneys to such a conclusion is for the provider to have an effective compliance program.

Voluntarily implementing a compliance program is preferable to waiting for the OIG to impose a corporate integrity agreement (“CIA”). When a provider settles a civil fraud case brought by the DOJ, then the provider will normally be required to enter into a CIA with the OIG. This is a contract, normally with a five-year term, that imposes a number of obligations on the provider. Among other requirements, a CIA will obligate the provider to train employees, submit reports to the OIG, and hire an Independent Review Organization (“IRO”) to conduct an annual compliance review. If the OIG concludes that the provider has an effective compliance program, then instead of requiring the provider to enter into a CIA, the OIG may be satisfied with a Certificate of Corporate Compliance. Under such a certificate, the provider’s obligations are limited to following its own compliance program and submitting an annual certificate to the OIG that the provider is, in fact, following the compliance program.

An effective corporate compliance program may protect corporate directors from personal liability. A functioning, effective compliance program indicates to the government that the provider’s board of directors is fulfilling its responsibility to the provider…and to the government. Doing so reduces the risk of the government attempting to impose personal liability on the directors.

Compliance Obstacles

Making the decision to implement a corporate compliance program is only the first step. There are many factors that can complicate a company’s attempt to implement an effective compliance program. Following are ten obstacles that suppliers may face in implementing effective compliance programs:

Creating buy-in and enthusiasm − Commitment to the compliance program must start at the top…with the provider’s senior management. Employees can see through insincerity. Management cannot give just lip service to compliance; management must embrace compliance as the most important goal of the company. If the employees witness the total buy-in of senior management, then it will be easy for them to buy in as well. Of course, the opposite is true. If management only gives lip service to compliance, then the employees will not be committed.

Changing past behavior (eliminating the “we’ve always done it this way” attitude) − The following are not defenses to fraud allegations: “We have always done it this way” or “Everyone else does it.” It is human nature to resist change. However, because the consequences (of not being compliant) are so dire, the HME provider has no choice but to change non-compliant behavior.

Lack of or poor communication − It is critical that the employees understand the compliance program and understand their responsibilities under the program. There needs to be open communication about compliance issues among the employees and management.

Too many roles for the compliance officer − Ideally, the compliance officer’s sole responsibilities will be centered on compliance. However, this is not realistic for small HME providers. For the small provider, the compliance officer will normally “wear two or three hats.” When this happens, it is important that the compliance officer’s priority be compliance. His/her other responsibilities will be secondary.

Not enough financial support – “A functioning compliance program is the most profitable department a provider can have.” On its face, this sounds counter-intuitive. However, given the fact that a successful compliance program can insure the existence and viability of the company, there should be no real limitation on the financial investment the provider will make into the program. In short, the compliance program needs to be on the same level (and preferably a higher level) than other departments (e.g., IT, marketing).

Integrating compliance with other systems – To truly be effective, the compliance program cannot operate in a silo. It needs to be integrated into all facets of the provider’s business. The compliance officer needs to be a member of senior management and needs to have input in IT, marketing, human resources, and operational issues.

Overcoming fear of retaliation/retribution – It is important that the employees feel comfortable in discussing perceived compliance problems with the compliance officer. Some of the employees’ compliance concerns may be justified; some may not be. Regardless of whether the voiced compliance concern is justified or not, it is important for the provider to take the concern seriously and to report back to the employee. If there is a fear of retaliation/retribution, then instead of going to the compliance officer, the employee may feel that he/she has no choice but to go the government or to a qui tam attorney.

Finding qualified people – Most compliance officers are not attorneys. However, it is important for the compliance officer to be educated (preferably with a college degree). The compliance officer needs to have the ability to spot compliance issues (”canary in the mine shaft”). He/she can then enlist the assistance of a health care attorney to work through the issue.

Lack of procedures – It is important that the compliance program be formal, structured, and in writing. This way, all of the employees will be “singing from the same hymn book.” At the same time, the compliance program needs to be a “living, breathing program” that will be updated as the provider’s operations change and as the regulatory climate shifts.

Education and training – The market changes, technology changes, operations change, and the legal climate changes. For this reason, management and employees need to receive ongoing education on compliance issues.

In dealing with corporate compliance program implementation issues in the HME industry, by far the most difficult obstacle to overcome is creating buy-in and enthusiasm. The first hurdle in creating a compliance program is obtaining an organizational commitment to compliance.
Objectives of an Effective Corporate Compliance Program

In drafting a compliance program for its organization, a DME supplier should be aware of its goals. By first establishing the goals of the program, the organization will be better prepared to address all risk areas and accomplish the desired objectives.

Do No Harm

It is not uncommon to see a compliance program that creates greater risk because of the manner in which the program is designed and implemented.

Avoid Partial Implementation
One of the worst results that could occur would be to develop a program that is not fully implemented by the organization.

Direct From the Top
A program that does not have top-down accountability will not be properly implemented.

Commit to Ongoing Training
Every organization has employee turnover. It is critical to have an ongoing training program that conveys the message to current and new employees.

Focus on Elements That Promote Early Detection of Compliance Problems
A compliance program would be considered ineffective and, therefore, essentially a failure if employees do not report areas of concern to management on a timely basis.

Preserve Attorney-Client Privilege
All steps in the process of implementing the program and the operation of the program must be designed to take full advantage of the attorney-client privilege with the entity’s operational and health care counsel.

How a Corporate Compliance Program Should Be Structured

The OIG’s compliance guidelines for DME suppliers lists seven required elements of an effective compliance program.

Written Policies and Procedures.
Designation of a Compliance Officer and Compliance Committee.
3. Conducting Effective Training and Education.
4. Developing Effective Lines of Communication.
5. Enforcement of Disciplinary Standards.
6. Auditing and Monitoring.
7. Response to Offenses and Corrective Action.

It is important to note that in order to be deemed “effective,” the compliance program must be something more than a set of documents that simply restate these seven elements. These seven basic elements must be specifically implemented by the organization and be designed to address past, existing and future activities of the organization.

Identifying Risk Areas

It is not enough for suppliers to implement policies and procedures generally geared at educating staff and identifying potential regulatory and statutory violations. The organization is required to implement policies and procedures targeted at specific risk areas of concern to the individual company. The OIG listed specific areas of concern DME suppliers should be aware of in drafting their corporate compliance program: billing for items or services not provided; billing for services that the DMEPOS supplier believes may be denied; billing patients for denied charges without a signed written notice; duplicate billing; billing for items or services not ordered; using a billing agent whose compensation arrangement violates the reassignment rule; upcoding; unbundling items or supplies; billing for new equipment and providing used equipment; continuing to bill for rental items after they are no longer medically necessary; resubmission of denied claims with different information in an attempt to be improperly reimbursed; refusing to submit a claim to Medicare for which payment is made on a reasonable charge or fee schedule basis; inadequate management and oversight of contracted services, which results in improper billing; charge limitations; providing and/or billing for substantially excessive amounts of DMEPOS items or suppliers; providing and/or billing for an item or service that does not meet the quality and standard of the DMEPOS item claimed; capped rentals; failure to monitor medical necessity on an ongoing basis; delivering or billing for certain items or supplies prior to receiving a physician’s order and/or appropriate CMN; falsifying information on the claim form, CMN, and/or accompanying documentation; completing portions of CMNs reserved for completion only by the treating physician or other authorized person; altering medical records; manipulating the patient’s diagnosis in an attempt to receive improper payment; failing to maintain medical necessity documentation; inappropriate use of place of service codes; cover letters that encourage physicians to order medically unnecessary items or services; improper use of the KX modifier; routine waiver of deductibles and coinsurance; providing incentives to actual or potential referral sources (e.g., physicians, hospitals, patients, skilled nursing facilities, home health agencies or others) that may violate the anti-kickback statute or other similar Federal or State statute or regulation; compensation programs that offer incentives for items or services ordered and revenue generated; joint ventures between parties, one of which can refer Medicare or Medicaid business to the other; billing for items or services furnished pursuant to a prohibited referral under the Stark physician self-referral law; improper telemarketing practices; improper patient solicitation activities and high-pressure marketing of non-covered or unnecessary services; co-location of DMEPOS items and supplies with the referral source; non-compliance with the Federal, State and private payor supplier standards; providing false information on the Medicare DMEPOS supplier enrollment form; misrepresenting a person’s status as an agent or representative of Medicare; knowing misuse of a supplier number, which results in improper billing; failing to meet individual payor requirements; performing tests on a beneficiary to establish medical necessity; failing to refund overpayments to a health care program; filing to refund overpayments to patients; improper billing resulting from a lack of communication between the DMEPOS supplier, the physician, and the patient; improper billing resulting from a lack of communication between different departments within the DMEPOS supplier; and employing persons excluded from participation in Federal health care programs.

Compliance Program Follow-Up

Once the corporate compliance program is implemented, the supplier must continue to take steps on an on-going basis to ensure that the plan remains effective.

Compliance Plan Updating

In reviewing a corporate compliance program to determine if it requires updating, a supplier should take note of the following:

What was the date of implementation of the corporate compliance program?

Has the supplier’s scope of practice changed since implementation of the compliance plan?

Is the company following its obligations under the corporate compliance program to continually train its employees?

Is the corporate compliance officer in tune with regulatory changes in the health care industry?

Responding to an Audit

Why Are Audits Increasing?

At one time, DME was an almost sacrosanct area of Medicaid billing and reimbursement − the items were different from the physician and hospital services the carriers were used to reviewing, and carrier review personnel did not really understand the reimbursement guidelines. In addition, DME was a very small percentage of any carrier’s claims, and the number of medical reviews performed on DME claims was concomitantly low.

Much has changed over the years. There is not one DME supplier that has not received a documentation request from a Medicaid agency, and a significant number have faced a post-payment audit for review of medical necessity. Why is this? First, many DME suppliers provide relatively expensive items. Any item that carries a high dollar reimbursement or, as a whole, accounts for significant dollars paid out on claims becomes more likely to be the subject of audits – witness oxygen and power mobility.

Second, there is an increase in utilization of DME. There is also an increase in fraudulent activity in the DME field. The auditors themselves are becoming more sophisticated. While most medical necessity reviewers are not DME professionals, they are receiving more extensive training and do have the ability to confer and consult with appropriate professionals where necessary. As the auditors become more experienced, they are also becoming stricter in deciding whether medical necessity has been established for a given piece of DME. Unfortunately, in many audits, supplier documentation is still not sufficient to withstand scrutiny.

Steps to Take Prior to Being the Subject of an Audit

The first step any supplier should take is to verify that each patient file contains the documentation explicitly required by Medicare rules. Items that should be in every supplier’s patient files include a written order from the physician, an intake form that records applicable diseases and conditions, including the ICD-9 codes for those diseases or conditions, signed delivery tickets, any specifically required additional documents such as a statement of ordering physician, evidence of periodic re-evaluation of medical necessity, and detailed notes of every interaction with the patient or the patient’s family, whether in person, by telephone or by other means. It is prudent for suppliers to develop a checklist of the documents required for various types of equipment and to keep the checklist in the patient’s files.

Second, it is imperative that suppliers insure that the documents are valid on their face. Review documents to insure that “white-out” is not used. Verify that there are no erasures or attempts to change or correct numerals or other critical information.

Third, suppliers should be detailed and careful in their evaluations of the patient’s current and potential functional abilities and prognosis and how the equipment will address those issues. Fourth, suppliers should verify that all of the documentation supports medical necessity and that the documentation is internally consistent.

So where does this leave a DME supplier?

First, the supplier needs to insure that its documentation is extensive. Document everything. Remember the 5 Ws of journalism: who, where, what, when, and why. Write down exactly who did what to whom, when and why. Note the patient’s statements about his or her diseases/conditions and activities and how the equipment will affect the patient’s diseases/conditions or those activities of daily living. Note family member comments. Add detail to any descriptions of activities of daily living. If necessary, go out to the patient’s church and count the number of steps up to the front entrance. Note whether the public transportation is readily accessible to handicapped individuals. State if the patient lives in a rural area without paved roads. Measure the distance from the patient’s home to the corner mailbox. Measure the width of the hallways in the patient’s house and note where the bathrooms are located.

Second, the supplier needs to continually document its relationship with the patient. The supplier’s recollection of the patient’s abilities a year or two after seeing the patient will not help when a medical reviewer looks in the file for documentation contemporaneous with the time the service was provided.

Third, the supplier should seriously consider involving other allied health professionals.

Fourth, the supplier should work with and keep in contact with its patients. In audits, a Medicaid agency may perform telephone interviews with beneficiaries about their equipment. The supplier should educate its patients about proper care of the equipment. Document the education process. And don’t stop there. Call the patient a month to six weeks after providing the equipment to see how the patient is faring with the device. Offer to make minor adjustments or retraining, if necessary, and document such intervention. Then call periodically afterward to see if the item is still being used by the patient. Nothing will cause an overpayment request faster than a patient telling an interviewer that he or she has not used a particular piece of equipment because “it is too cumbersome” or “it just doesn’t fit right and I was uncomfortable.”

Finally, the supplier should educate its physicians. In any audit, the Medicaid agency will ask for verification of medical necessity, usually in the form of copies of progress notes. Physicians must understand their obligation to respond (and respond promptly) to an agency letter requesting copies of patient charts. Failure of a physician to respond to an agency information request will result in that claim being denied.

Hints and Tips

In responding to audits, the biggest challenge is maintaining proper documentation. One of the first things to do is review the documentation the supplier does have in the patient’s file and determine what additional documentation may be gathered. Examples of additional supporting documentation include hospital records, hospital discharge summaries, copies of the treating physician’s notes in the patient’s chart, any consultations by a specialist physician, home health agency plans of care and notes, evaluations and/or treatment notes from ancillary health care providers.

Begin gathering additional documentation now. Develop a checklist of items that should be in every file. Make the checklist specific to the type of equipment. Review recent files to determine what is missing. The supplier should not wait until it has a 10- or 30-day deadline to respond to an audit to begin gathering documentation.

Remember that the auditors are human beings. If the supplier treats them politely and with respect, and does not play “hide the ball,” it may very well prevent the escalation of an audit to the next level, a full-scale fraud investigation. If auditors suspect the supplier is not being fully forthcoming with requested data, they may conclude that a deeper investigation is warranted.

Self Audits

Why Perform a Self-Audit?

Self-auditing has many advantages and very few disadvantages. One of the primary advantages, if the supplier has a corporate compliance program, is to provide evidence that the corporate compliance program is effective. This is important because an effective corporate compliance program can greatly reduce any fines or penalties that might result from a government investigation. An effective corporate compliance program may also result in the government not requiring the supplier to enter into a corporate integrity agreement as part of a settlement resulting from an investigation.

Hallmarks of Effective Self-Audits

Routine

An effective internal audit process will become part of what the supplier does. It will become as much part of the daily, weekly or monthly tasks as filing or working denials.

Periodic

An effective audit procedure takes place periodically. The exact period does not matter so much as that an audit happens at defined time intervals. Those intervals may be a week, a month, a quarter, or any other interval that makes sense for the supplier. At the very least, audits should be performed annually.

Also, note that how often self-audits occur is influenced by and, in turn, influences the scope of the audit. In other words, if the supplier only audits once per year, the audit will most likely have a large sample size. On the other hand, if audits are performed monthly, the number of items audited each month may be smaller.

More frequent audits also have the advantage of allowing a supplier to more quickly find and correct problems in the flow of paperwork. This leads to earlier preventive measures, such as additional training of employees that can help prevent a pattern of continued problems.

Eventually cover all areas of exposure

Whether the audits are monthly, quarterly, or annually, the audits should address all risk areas for the supplier. For example, if the supplier is auditing monthly, the first month may audit completeness of physician’s orders. The second month’s audit may check for the existence of properly completed delivery tickets. The third month’s audit may look into proper use of modifiers. One way to ensure that all risk areas are audited is to develop checklists both for the audit topics or areas and the specific areas addressed in each audit.

Individuals held accountable

Individuals should be held accountable both for the performance of the audits and for implementing any changes that result from the audits. In other words, performing audits should be a part of a manager’s job description, and performance of audits should be an element in the manager’s annual review. Likewise, individual staff members should have as an element of their job descriptions and performance reviews the timely and thorough completion of any audits assigned to them.

Documentation of the audit

Proper documentation of the audit must be maintained. The documentation must include the specific risk areas the audit addressed, the individuals performing the audit, the time frame of the audit, a description of the sample selected for auditing, a copy of the audit tool, the results of the audit, recommendations for changes to policies and procedures, specific changes that were, in fact, implemented as a result of the audit, and finally a subsequent re-audit to verify that the changes in policies and procedures took root. All of this documentation should be kept not only in the affected department (such as billing or the warehouse), but also with the corporate compliance plan materials for easy access in case of government inquiries.

Specific Self-Audit Areas and Procedures

Below is a list of specific types of audit procedures a supplier should conduct. Be aware that this list is by no means complete. The list should serve as a beginning point in developing the supplier’s own audit plan. In addition, each supplier has its own risk areas and risk factors that should be addressed.

A. Review denials to determine if there are any patterns to the denials. For example, does the supplier have a large number of denials for non-covered items?

B. Review the supplier’s accounts receivable history. Does the supplier have a significant number of days’ sales outstanding? This is an indicator that the documentation supporting claims is probably deficient.

C. Review the OIG’s annual workplan. The workplan is available on the Internet and details where the OIG will be placing its enforcement efforts during that fiscal year. Because the OIG’s projects usually span several years, the workplans for previous years also provide useful information.

D. Review recent reports published by the state Medicare program.

E. Develop and utilize a file contents checklist. The supplier can develop one checklist for all types of equipment or specific checklists for different types of equipment.

F. Develop and utilize specific checklists for different types of equipment. These can be the basis for the supplier’s audit tools.

G. Review the results of Medicare hearings, appeals, and reviews. These will often pinpoint, with laser-like specificity, any problems in the supplier’s underlying medical necessity documentation.

H. Upon hiring new individuals, and at least once per year thereafter, verify that the individual does not appear on the OIG’s list of excluded individuals.

I. Test various employees (especially billing personnel) to verify their knowledge of correct procedures. Perform a quick 10 question quiz. If the results demonstrate a need for improvement, conduct a training session. About a month after the training session, retest the individuals.

J. Review the size and age of the supplier’s credit balances.

K. Review the OIG’s Corporate Compliance Program Guidance for DME Suppliers for additional risk areas and suggestions.

L. Review the audits conducted and develop statistics. How many files had what type of error? Track these statistics over time to see if the number and type of errors is improving.

M. Associate dollar amounts to the various types of errors. Determine whether the errors are significant enough to warrant a refund to the Medicare program or even a voluntary self-disclosure to the government.

N. Sample Checklist for Required File Documentation

1. Beneficiary Information: Name, address, telephone number, date of eligibility for Medicaid benefits, birth date, emergency contact information, height and weight, secondary insurance information, etc.

2. Assignment of Benefits

3. Records Release and Authorization

4. Written physician’s order or confirmation of verbal order

5. ICD-9 codes provided by physician

6. Written order prior to delivery (if applicable)

7. Delivery ticket

8. Waiver of Liability/Advance Beneficiary Notice (if applicable)

9. Financial Hardship Waiver (if applicable)

10. Remittance notices/Explanations of Benefits

Conduct of the Self-Audit

Availability of Claims for Review

To ensure that all necessary information is available for review, claims selected for retrospective review should be reviewed three to six months from the date of bill generation. This will allow sufficient time for the primary claims to have been paid, and billing and collection of secondary insurances and co-payments.

Determine the Sample for Analysis

The supplier should review a sufficient number of claims for each category of product/service provided during the audit period. For example, the supplier may prospectively audit 15 randomly-selected claims prior to billing and then retrospectively audit 15 randomly-selected claims for a quarter.

With respect to prospective auditing, the supplier should determine the percentage of patients serviced by product category in the audit period. For example, assume that the supplier determines that 80% of its patients serviced from July through September are provided enteral products and the remaining 20% of patients serviced are provided ostomy, urological and wound care products. 12 enteral product category claims should be prospectively audited for this quarter (July through September). This is derived by multiplying 80% (enteral patients serviced in the quarter) times 15 (number of claims to be audited per quarter) which equals 12. Because this example assumes that the supplier should prospectively audit a total of 15 claims per quarter, the remainder (15-12=3) of claims to be prospectively audited should be distributed among the other product categories serviced, such as one ostomy claim, one urological claim and one wound care claim. The supplier can then perform a random audit in September for a prospective review of dates of service with claims ready to submit, but which are put on hold pending the audit. As indicated, this process would put a total of 15 randomly-selected claims on hold prior to billing. The supplier may determine that performing prospective audits monthly rather than one every quarter is a better business decision. Using the above-described example, the supplier can prospectively audit a total of five claims that are ready to submit, but which are put on hold pending the audit per month. Worded differently, in the month of August, the supplier could audit prospective dates of service with claims ready to submit, but which are put on hold pending the audit for three enteral claims, one ostomy claim and one urological claim. In the month of September, the supplier can audit prospective dates of service with claims ready to submit, but which are put on hold pending the audit for three enteral claims, one wound care claim and one ostomy claim. For the month of October, the supplier can audit prospective dates of service with claims ready to submit, but which are put on hold pending the audit for three enteral claims, one urological claim and one wound care claim. An auditing pattern similar to this will allow the supplier to target its high volume service, to correct deficiencies prior to billing, thus reducing the issues related to refunds, and to facilitate the auditing process without encumbering the billing process.

Similarly, the supplier should determine the percentage of patients serviced by product category in the quarterly audit period when performing its retrospective audits. Using the example described in the prospective audit process, assume that the supplier determines that 80% of its patients serviced for the quarter April through June are provided enteral products and the remaining 20% of patients serviced are provided ostomy, urological and wound care products. 12 enteral product category claims should be retrospectively audited for this quarter (April through June). Other product categories serviced during this audit period should be audited as well, such as one ostomy claim, one urological claim and one wound care claim. The supplier can then perform a retrospective random audit in September for dates of service with claims paid in April, May and June. This audit would encompass approximately 15 claims.

The prospective and retrospective audits should encompass claims submitted to government programs and commercial payors alike.

The supplier may determine which claims should be reviewed in a random sample in a number of ways. Software programs can produce random numbers to perform the random sampling. Random number list generators are available on the Internet. Once a list of random numbers is determined, the supplier can select the claims to be reviewed by patient medical record number, by patient social security number or similar methodology. For example, assume that for dates of service falling in the month of May there are 25 enteral product claims that could be reviewed. Assuming that the review is limited to 12 enteral product claims in May, the supplier needs to randomly select 12 out of the 25 claims to review. Assume that the random number list produces the digits 10, 74, 93 and 31. The supplier then could make a comparison between the patient’s medical record number or the last digits of the patient’s social security number with the random numbers of 10, 74, 93 and 31. This process may have to be repeated several times to achieve the desired results of narrowing the selection of the claims to be reviewed down to twelve claims.

Another option is the use of statistical dice that are available at a nominal price and found at retail store. Using the example described above, assume that the supplier rolls the statistical dice and it produces the number 6. The supplier could then randomly select the 12th claim out of the 25 enteral claims to be reviewed. The supplier would need to make multiple counts of every 12th claim in keeping with the pre-determined sample size to be reviewed (12 claims).

A third option is the use of the OIG’s RAT-STATS software program. This is a statistical tool designed to assist the reviewer in selecting random samples and evaluating the audit results. This is the primary statistical audit tool used by the Office of Audit Services of the OIG.

The supplier should also perform focused claim reviews from time to time to address perceived or discovered problems. For example, if a patient lodges a complaint regarding a provided service, the supplier should generate a focused review to discover the source of the alleged dissatisfaction and take corrective action as needed.

Complete the Audit Tool for Each Type of Claim to Be Reviewed

The Compliance Officer or designee should review each claim and supporting documentation using the appropriate audit tool to determine whether compliance standards for each element being evaluated have been satisfied. The audit tool provides the reviewer with a detailed document for recording the results of each individual claim reviewed. Prospective audits will focus on ensuring that all appropriately completed documents have been obtained prior to claims submission. However, prospective audits will not detect deficiencies in the billing process, such as collection of co-payments, but these types of deficiencies will be detected in the retrospective audit process. The development of audit tools should be dynamic rather than static and, thus, audit tools should be revised/customized as needed. It is important to keep in mind that government and commercial payor policies and requirements change frequently, and therefore, audit tools should be updated to capture these changes.

Review and Summarize Findings

Proper documentation of the audits must be maintained. The Compliance Officer or designee should review all the audit tool forms completed during the audit and summarize the results. The supplier may wish to classify the type of deficiencies identified. An example of the format that the supplier might wish to utilize to classify the type of deficiencies is as follows:

Compliance Deficiency Types

1. Non-compliant with Medicaid requirements, refund required.
2. Arguably Medicaid compliant but at risk if audited. Best practice is to refund or rebill unless corrective action will resolve the issue.
3. Meets Medicaid requirements but failed to meet internal requirements.
4. Meets Medicaid requirements, meets internal requirements, but presents an opportunity for improvement.

All identified deficiencies should be addressed in a summary of the findings. The audit summary report should include, but not limited to:

General information regarding the nature of the audit, such as whether the audit is a random or focused audit; if the audit is a random audit, how the random sample was generated; if the audit is a focused audit, the nature of the issue that generated the audit; how many total claims were reviewed; the date of the report; and the name of the person conducting the audit.

The methodology of the subject audit, such as the range of dates of service reviewed, and any specific risk area focus. For example, “This random audit included billed dates of service from May 1, 2011, through July 31, 2011, for enteral, ostomy, wound care and urological services. Title XIX forms were reviewed for completeness and accuracy in addition to other determined criteria. See audit tool criteria.”

Patient-specific results, including but not limited to: patient name, patient identification number, specific audit finding, deficiency type and any proposed corrective action. An example of the format that the supplier might wish to utilize in its report is as follows:

Patient Name: Ima Sick, #1234567
Date of Service Reviewed: June 30, 2009
Finding: The physician’s order dated June 28, 2009, for ostomy product did not contain the quantity of product to be dispensed. This date of service has been billed and paid. This order did not contain the correct ICD-9-CM diagnosis code to support the medical necessity of the product dispensed and billed.
Deficiency Type: 1
Proposed Corrective Action: The employee responsible for reviewing physician’s orders’ will receive additional training regarding the importance in reviewing all physician’s orders for completeness and accuracy of all required areas before submitting a claim for reimbursement.
The billing department will issue a refund to the payor for date of service of June 30, 2009.
Customer Service Department will obtain a new valid physician’s order for subsequent dates of service.

Recommendations for any identified opportunities for improvement, such as system process changes, policy and procedure changes and educational offerings.

Post-Audit Follow-Up

The audit summary should be reported to the supplier’s president on a routine basis as determined by the supplier.

Other follow-up actions may include, but are not limited to:

Revising policies and procedures. This can be helpful in correcting systemic errors.

Providing additional training in specific areas. This is important to affect the desired employee behavior and thus limit repeat errors.

Making refunds, if appropriate. Associate dollar amounts to the various types of identified deficiencies. Determine whether the identified deficiencies require a refund to the Medicare program. The Compliance Officer should determine which types of errors require refunds. If a refund is required, then payments should be refunded to the appropriate payor in a timely manner and corrected bills should be submitted, if appropriate.

Taking disciplinary action, if necessary. If an employee refuses to adapt his/her behavior to ensure compliance with applicable regulations, disciplinary action is warranted. This action should not be undertaken without involvement of senior management, human resources and the president.

Changing the focus of the audits. There is no magic formula for how many internal audits must be conducted and what each audit should contain. Audit plans should be flexible and revised based upon the results of previous audits. Review the audits conducted and develop statistics: how many files had what type of deficiencies? Track these statistics over time to see if the number and type of deficiencies is improving and to determine whether a re-audit of the deficiency is warranted.

Documenting specific changes that were, in fact, implemented as a result of the audit, and subsequent re-audits to verify that the changes in policies and procedures and that corrective actions have been implemented successfully.

All audit plans, audit summaries and completed audit tools should be maintained and secured in an organized manner in a notebook and preferably in a locked file drawer as the nature of the information is sensitive.

The supplier should also review its denials to determine if there are any patterns to the denials. The supplier should become familiar with the major investigative targets. Key sources of information on “hot” targets include the annual work plan from the OIG and fraud alerts issued by the OIG.

Claims auditing activities can be organized into a structured model. One such model is the Plan-Do-Check-Act model. In this model, the Plan axis involves identifying risk areas that should be reviewed. These include, but are not limited to, problem-prone, high risk and/or high volume services, patient complaints, staff complaints and other identified concerns. The Plan axis also encompasses determining the frequency of auditing and the sample size to be audited. The Do axis of the model involves actually performing the claim audit and effecting corrective action as needed. The Check axis of the model involves monitoring the effectiveness or lack of effectiveness of any corrective action or process change. This can be accomplished by performing subsequent audits after baseline data has been obtained from the initial audit. The Act axis of the model involves evaluating and structuring the scope of the next audit to be performed.

Preparing for a Government Investigation

Introduction

Assume that a DME company suspects it is under investigation. Perhaps the clues were a series of particularly detailed or expansive documentation requests or audits. Or perhaps referring physicians reported receiving telephone calls from a governmental agency inquiring about the relationship the physicians have with the DME company, what kinds of equipment were ordered and the names of the patients. Or perhaps patients were interviewed in person by FBI agents. In any case, the DME company fears a larger investigation is under way and wishes to minimize the shock and fallout of further investigative actions.

Investigations into health care fraud are being coordinated among several federal, state and local government agencies including but not limited to the OIG, FBI, IRS, the United States Postal Service, Department of Labor, Defense Investigative Service, various state agencies, and state and local police departments. It is increasingly common for agents from one or more of these agencies to arrive, without prior notice, at a DME supplier’s business to obtain information in connection with an investigation of its operations. The investigations conducted by these agencies focus on a number of issues, including but not limited to (1) paying or receiving alleged illegal remuneration (2) accuracy of patient testing (e.g., pulse oximetry tests), and (3) documentation irregularities.

Preparatory Steps

There are a number of steps the DME company can take to prepare itself for a possible government investigation.

Corporate Compliance Program

The best way to be prepared for an investigation is to institute a corporate compliance program that is carefully designed and thoroughly implemented. If an effective compliance procedure is part of the company’s corporate structure, it is less likely that it will be the subject of a government investigation, and if it is, the disruption to the company’s operations will possibly be reduced.

Regular Computer System Backups

The company should regularly back up its computer system and keep the backup files in a secure offsite location, so that if computers or hard drives are seized, an accurate record of business transactions will be available to keep disruption to operations at a minimum. These records may also prove useful for analysis by management and attorneys.

Comprehensive Document Inventory

The company should maintain a detailed inventory of documents and their locations on the premises, e.g. a list of patient files, and which office and/or file cabinets they are kept in. This will be important if documents are seized and removed by investigating agencies, making it possible to identify what is removed.

Appoint a Company Spokesperson

A company spokesperson, ideally a member of management, should be appointed. This individual will immediately take charge of the situation and will coordinate the investigators’ requests. The company spokesperson should greet the investigators, request identification, and read any official documents carefully to determine the scope of the investigation. The other employees should stand aside, awaiting instructions on how they may assist with the investigation.

Employee Training

It is important to remember that the company should not instruct its employees to refuse to speak with investigators, because this could be construed as obstruction of justice. Rather, the company should instruct employees that it is their choice whether or not to answer the investigator’s questions, and that they have the right not to do so. It is also their right to request that an attorney be present during questioning.

Rehearsal

Too frequently, investigators take advantage of situations where unsuspecting, frightened employees act impulsively to release information that may be outside the boundaries of the investigation. It is easy, after the fact, for government agents to claim that the employees released the information voluntarily. A “fire drill” approach to rehearsing such a scenario is an effective way to prepare employees for the real thing.

As a precautionary measure, a DME company may wish to develop a response procedure for its employees to rehearse periodically, in the event that representatives from a government agency pay a surprise visit to the premises. In this way, employees who are caught off guard by such a visit will be able to recover quickly from the initial shock of encountering such a visitor and respond in an orderly and appropriate fashion. This response procedure should also be placed in writing to assist those employees who are too shaken to respond appropriately.

Retain a Health Care Attorney

A DME company should retain a competent health care attorney, even if it is not the subject of an investigation, and develop an attorney-client relationship. An attorney who knows the background, structure and conduct of a particular business will be able to give immediate and effective counsel in the event that government investigators arrive on the premises. Educating an attorney on various aspects of the business will waste valuable time, and even more time may be wasted on the housekeeping details of establishing an attorney-client relationship. Finally, a previously contracted attorney may require less of a retainer than an attorney beginning a relationship with a new and unknown client.

This monograph is not intended to be legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only. The law pertaining to this monograph may have changed following the date of the monograph. The reader should consult his or her own attorney for legal advice concerning the contents of this monograph. Except where noted, attorneys are not certified by the Texas Board of Legal Specialization.

Prepared by:

Health Care Group
Brown & Fortunato
P.O. Box 9418
Amarillo, Texas 79105-9418
(806) 345-6300
(806) 345-6363 (fax)
www.bf-law.com

© Brown & Fortunato