Note: This alert is also available in Adobe Acrobat format here.
I. Introduction
On October 29, 1999, the HHS Office of Inspector General ("OIG") published draft compliance program guidance for nursing facilities. The draft guidance appeared in the Federal Register in Volume 64 at page 58,419 and on the Internet at www.hhs.gov/progorg/oig/new.html. The OIG will accept comments on the draft guidance until November 29, 1999.
The draft guidance describes the OIG's position on a wide range of compliance issues, and is intended to promote voluntary implementation of compliance programs. A compliance program is designed to demonstrate to government authorities that a nursing facility has made a commitment to adhering to all relevant laws as a matter of everyday practice. Given the variations in the organization of nursing facilities (i.e., location, size, for-profit or not-for-profit status, chains or freestanding), the guidance is not intended to be a substitute for each nursing facility developing and implementing a compliance program that is tailored to its individual circumstances.
The lack of an effective compliance program can be costly. Many federal investigations routinely rely on the False Claims Act, which provides for treble damages and penalties of up to $10,000 per claim to be paid to the federal government. A compliance program that conforms to the criteria in the United States Sentencing Commission Guidelines for Organizations establishes a strong basis for minimizing any criminal penalties should a violation occur notwithstanding the organization's best efforts to comply with the law. Failure on the part of corporate directors to establish a compliance program has also formed the basis for shareholder derivative suits.
II. Specific Risk Areas
The OIG identifies the following areas of risk for nursing facilities:
• Quality of Care
• Residents' Rights
• Billing and Cost Reporting
• Employee Screening
• Kickbacks, Inducements and Self-Referrals
In developing a compliance program, nursing facilities should conduct a baseline assessment and periodic reevaluations of these risk areas. All nursing facilities should have a comprehensive set of written policies and procedures in place to prevent fraud and abuse in its operations and to ensure the appropriate care of residents. For those facilities with limited resources, the OIG has endorsed the use of a resource manual that contains the facility's written compliance policies, the most recent survey findings and plan of correction, relevant HCFA instructions and bulletins, and summaries of key OIG documents, such as Fraud Alerts and Advisory Bulletins.
In addition to development of detailed policies and procedures, the OIG encourages the development of what is commonly called a "code of conduct." A code of conduct is a brief, readable, and general expression of a facility's fundamental values and operating principles. The code of conduct should be translated into other languages when necessary and written at appropriate reading levels so that it is accessible to all employees.
Below we will consider each of the identified risk areas, and suggest steps facilities may take to develop a compliance plan within existing resources.
A. Quality of Care
In a departure from the compliance guidance prepared for other types of providers, the OIG has put quality of care at the heart of its guidance for nursing facilities. The emphasis on this consideration is consistent with the efforts of various branches of the federal government to improve quality of care and protect the dignity of the institutionalized elderly. The issue of quality of care compliance takes on even more importance in view of the False Claims Act theory increasingly used by the government that links substandard care to billing concerns (see Section C/Billing and Cost Reporting, below).
The OIG emphasizes that facilities should initiate their compliance effort with a statement affirming their commitment to providing the care necessary to attain or maintain the resident's "highest practicable physical, mental and psychosocial well-being." Although the OIG has suggested that an effective and low-cost means of developing a compliance program is to base the effort on a facility's already existing Quality Assessment and Assurance committee, such a measure should be considered carefully in view of the privilege that frequently attaches to Quality Assessment and Assurance Committee deliberations. The results of annual surveys should be reviewed to make sure that any deficiencies cited by the surveyors have been corrected, but facilities should not stop there. A proactive approach should be taken to identify quality concerns and work towards quality improvement. The OIG's emphasis on quality of care considerations underscores the need for facilities to ensure that residents' functional capacities are assessed accurately at the time of admission on the Minimum Data Set ("MDS"), that the resident care plan is consistent with the MDS and that clear documentation exists to show that services identified in the care plan are delivered properly.
In the OIG's view, staffing is a major factor affecting quality of care. When staffing is inadequate, care for common clinical problems such as pressure ulcers, dehydration, malnutrition, incontinence, and mental or psychosocial problems is more likely to be inadequate. It is possible that residents will not receive the assistance they need with eating, dressing, toileting and other activities of daily living, thus compromising their functional status. In addition, resident assessment, monitoring, and care planning may not be conducted in conformity with federal regulations. The OIG advises facilities to conform to state-mandated staffing levels where they exist, and goes even further by stating that facilities should to adopt their own minimum "hours per patient" staffing standards as well.
B. Residents' Rights
The OIG identifies a number of risk areas related to residents' rights that should be addressed as part of the compliance process. One notable area of risk is discriminatory admission or improper denial of access to care. To avoid this risk, nursing facilities should offer care to all patients who are eligible in accordance with federal and state laws governing admissions, and should maintain identical policies regarding transfer, discharge, and provision of services for all residents regardless of payment source. In practice, this means that if residents requiring complex care are accepted on a private pay basis, they should also be accepted for payment under public programs.
There is overlap between the risk areas identified in the category of residents' rights and those identified as quality of care issues. The following residents' rights concerns may be addressed through a facility's Quality Assessment and Assurance mechanisms:
• verbal, mental or physical abuse, corporal punishment and involuntary seclusion;
• inappropriate use of physical or chemical restraints;
• failure to ensure resident access to personal records upon request, and failure to protect privacy and confidentiality of records;
• denial of a resident's right to participate in his or her care and treatment; and
• failure to safeguard residents' financial affairs.
Many of the billing and cost reporting issues addressed by the OIG are familiar from previous OIG fraud alerts and advisories, but nursing facilities should be aware of several recent developments. Under an evolving government theory that involves the interplay between quality of care and billing issues, knowingly billing for inadequate or substandard care can give rise to liability under the False Claims Act. The government's position is that when a facility provides poor quality care to its residents and bills the government for that care, it has submitted a false claim for payment. To avoid potential liability, facilities should affirm their commitment to quality and develop a strong Quality Assessment and Assurance program.
Another new development involves arrangements between nursing facilities and providers of ancillary services. The OIG has stated that where services are provided to residents covered under a Part A stay at a discount in return for the facility's Part B business ("swapping"), there is a violation of the federal health care anti-kickback law. We will discuss swapping in more detail below at Section E/Kickbacks, Inducements and Self-Referrals.
Finally, as facilities transition into the prospective payment system ("PPS"), the OIG anticipates that the problem of billing for medically unnecessary services may give way to a potential for underutilization of services. Alternatively, medical necessity issues may arise in a new guise if facilities try to manipulate the MDS to fit residents into higher Resource Utilization Groups ("RUGs") as a way of increasing their per diem rates.
Other billing issues for nursing facilities include:
• billing for items or services not ordered, not rendered, or not provided as claimed;
• billing for beneficiaries who are not eligible for services;
• duplicate billing;
• failing to identify and refund credit balances;
• forging signatures;
• upcoding;
• unbundling;
• failing to maintain sufficient documentation to establish that services were ordered or performed; and
• filing false cost reports.
D. Employee Screening
In its compliance program guidance, the OIG has included specific recommendations for employee screening, which it views as a critical component of a compliance program. Because employees in nursing facilities have frequent, relatively unsupervised access to vulnerable people and their property, the OIG recommends that a nursing facility conduct a "reasonable and prudent" background check of all prospective employees who have patient access or authority to make decisions that involve compliance with the law.
Nursing facilities must ensure that its employees are licensed and certified in accordance with applicable law. They also must verify that no employee has been excluded from participation in the Medicare and Medicaid programs, as the OIG can use this as the basis for a civil monetary penalty against the facility. Verification can be accomplished by initially and periodically checking available public sources of background information, including the OIG and General Services Administration ("GSA") web sites. Results of the queries should be retained on file.
Employment of an individual who has been convicted of a criminal offense related to any federal health care program also gives rise to compliance issues. The OIG suggests that facilities require all potential employees to certify that they have not been convicted of a criminal offense that would preclude employment in a nursing facility and that they are not excluded from participation in a federal health care program. Moreover, the OIG has recommended that if any criminal charges are pending or if an administrative agency is proposing to sanction an individual or entity, there be assurance that the facility's quality of care or accuracy of claims will not be affected.
While criminal background checks are the safest way of making certain that a facility employs individuals who will adhere to compliance requirements, accessing a data base to provide necessary information can be very expensive, especially for smaller operators. Nevertheless, the OIG recommends that all nursing facilities undertake background checks of all employees. Also, criminal background checks may be complicated by state laws that prohibit certain kinds of discrimination on the basis of a criminal record. Accordingly, all policies and procedures pertaining to employee screening and credentialing should be reviewed by counsel.
E. Kickbacks, Inducements and Self-Referrals
The OIG stresses that facilities should have policies and procedures to ensure compliance with the anti-kickback statute, the Stark physician self-referral law, and other relevant federal and state laws. Arrangements between nursing facilities and hospitals, hospices, vendors, and physicians, including medical directors, are particularly vulnerable to abuse. Although nursing facilities may be required under state laws to have transfer arrangements with hospitals and other providers, such arrangements should not include any impermissible inducements offered in return for referrals. In its compliance guidance, the OIG highlights the potential for problematic relationships between nursing facilities and hospices. Such relationships have been the subject of an OIG Special Fraud Alert and were emphasized in the Compliance Program Guidance for Hospices recently issued by the OIG.
In the context of PPS, the OIG warns that "swapping" is a violation of the anti-kickback statute and, as such, the practice may give rise to both criminal and civil liability. See OIG Advisory Opinion 99-2 (February 26, 1999). Swapping involves arrangements between nursing facilities and providers of ancillary services where services are provided to residents covered under a Part A stay at a discount in return for receiving the facility's Part B business. The OIG notes that both parties have obvious motives for agreeing to trade discounts on PPS business for referrals of non-PPS business: the SNFs to minimize risk of losses under the PPS system and the Part B supplier to secure business in a highly competitive market. The OIG views swapping as potentially encouraging the overutilization of services provided under Part B, and has declined to afford "safe harbor" protection for the practice.
Another area of risk in the anti-kickback context involves the soliciting, accepting, offering or giving of any gift or gratuity of more than nominal value from or to residents, potential referral sources, and other individuals and entities with which the nursing facility has a business relationship. Nursing facilities should establish clear policies governing gift-giving, because such exchanges may be viewed as inducements to influence referrals. Other areas of risk for liability under the anti-kickback and self-referral laws identified by the OIG include:
• routinely waiving coinsurance or deductible amounts;
• requiring third-party guarantee of payment, or soliciting payment above the Medicaid rate;
• arrangements between a nursing facility and a hospital where the facility will only accept a Medicare beneficiary on the condition that the hospital pays the facility an amount over and above what the facility would receive through PPS;
• arrangements with vendors that result in the nursing facility receiving non-covered items (such as disposable adult diapers) at below market prices or no charge, provided the facility orders Medicare-reimbursed products;
• soliciting or receiving items of value in exchange for providing the supplier access to residents' medical records and other information needed to bill Medicare;
• joint ventures with entities supplying goods or services; and
• financial arrangements with physicians, including the facility medical director.
The OIG specifically states that nursing facility policies should provide that all facility contracts and arrangements with actual or potential sources of referrals are to be reviewed by counsel.
III. Elements of an Effective Compliance Program
The OIG's draft guidance for nursing facilities includes the following specific elements which the OIG has determined are fundamental to an effective compliance program.
A. Retention of Records
Although all nursing facilities currently retain a wide variety of records as mandated under state and federal law, the OIG's compliance program guidance emphasizes that records should also be retained for the purpose of demonstrating the facility's compliance with the law. The records that could be covered by the compliance program (as well as the policies and procedures for the creation, access, distribution, retention, and destruction of those records) include resident assessments, plans of care, work papers needed to support the cost reports filed by the facility, and other documents that would support the level of care furnished to a resident. The last category will be particularly useful under Medicare PPS. In addition, the OIG recommends that if any corrective action plans are ever needed, the nursing facility should retain those documents that demonstrate that the plan was implemented and was successful.
B. Written Standards of Conduct and Policies and Procedures
Every compliance program must contain written standards of conduct for the nursing facility that have been endorsed by its senior management and its governing body. The standards should be binding on all employees and other professionals, independent contractors, and volunteers performing services for the nursing facility, as well as other providers operating under the nursing facility's control, such as therapy companies, durable medical equipment suppliers and laboratories. This element is crucial to demonstrating the organization's commitment to compliance and to deterring fraud and abuse. The standards of conduct should be implemented by written policies that articulate the specific procedures nursing facility staff should follow. Policies should focus on those risk areas discussed above and should be readily available to appropriate staff. In addition to formal written policies, a nursing facility should strive to ensure that physicians, its clinical staff, and billing and reimbursement staff can communicate efficiently and resolve questionable issues before a claim is submitted.
C. Compliance Committees and Compliance Officers
Because a compliance plan affects so many segments of a nursing facility's operations, the functioning of a compliance plan requires the direction of a compliance officer, whose responsibilities include:
• overseeing the implementation of a compliance program;
• reporting to the nursing facility's compliance committee and governing body;
• reviewing and revising the organization's procedures to conform to changes in the law;
• developing and executing training programs on compliance issues;
• ensuring that independent contractors, agents, and volunteers are aware of the facility's compliance policies, and ensuring that external sources, such as the National Practitioner Data Bank and the OIG's List of Excluded Individuals and Entities, have been checked before the facility enters into service agreements with potential employees and independent contractors;
• coordinating efforts with the facility's human resources staff to prevent employment of sanctioned individuals or entities;
• assisting financial management staff in monitoring internal practices;
• implementing policies to encourage confidential reports of problems or suspected violations; and
• conducting or coordinating internal investigations in response to any such reports and adopting appropriate corrective actions.
The compliance officer should be a high-level official within the nursing facility with direct access to its CEO or Executive Director and governing body. The OIG explicitly advises against subordinating the compliance function to the nursing facility's general counsel or chief financial officer. The nursing facility should work closely with outside health regulatory counsel before it selects its compliance officer and while it performs any preliminary reviews and audits in connection with developing a compliance plan.
Where possible, the guidance suggests that the compliance officer should be assisted by a compliance committee approved by the nursing facility's governing body or board of directors. The compliance committee can advise the compliance officer and provide assistance in analyzing strategies for promoting compliance activities and monitoring the functioning of the compliance program in specific areas. In addition, if a significant liability is identified through the compliance program, the committee can function as a "task force" to address the problem.
D. Effective Training and Communication
Even the best crafted compliance plan will be useless or even harmful to a nursing facility without comprehensive training and education of all staff who have any impact on the facility's ability to provide services in accordance with relevant law. Accordingly, the OIG recommends that all employees, professional staff, agents, and independent contractors receive periodic training covering federal and state law, as well as rules developed by private payors. In the past, when the OIG has settled investigations, it has typically imposed corporate integrity agreements on providers that mandate a minimum of one to three hours of basic annual training for all employees and additional training for coding and billing staff.
In the draft guidance, the OIG has recommended that training be a condition of employment, and that familiarity with compliance issues should be part of every employee's performance evaluation. The level of training should correspond to the employee's job description and responsibilities, and should address those risk areas relevant to the scope of the employee's responsibility. For example, the facility's officers and managers should become familiar with the basic rules for Medicare participation and duties under the fraud and abuse laws, with particular emphasis on documentation and improper referrals. The training for professional staff might emphasize rules covering medical necessity, documentation and residents' rights, while the financial staff might receive additional training in proper review of documentation, coding of nursing facility physician services, where applicable, cost reporting, and methods for verifying that claims reflect the proper level of nursing facility care.
All training sessions should be documented, and the nursing facility should retain attendance lists and copies of materials distributed to staff. In appropriate cases, failure to comply with training requirements could be the basis for disciplinary action by the nursing facility.
E. Effective Lines of Communication
The Sentencing Guidelines require that a compliance plan include a mechanism for employees and agents of an organization to report suspected illegal conduct without fear of retaliation. The OIG guidance expands on this concept by recommending that a nursing facility inform all employees of the means by which a confidential report may be made to the compliance officer without fear of retribution or retaliation. Such communications may include (1) reports of suspected fraud, waste, or abuse, or (2) requests for clarification of appropriate procedures or relevant legal requirements.
Methods of encouraging confidential reports to the compliance officer that have been endorsed by the OIG include the use of a hotline telephone number, e-mail address, or suggestion box accessible by all employees and agents. The compliance officer should maintain a record of all reports received and action taken to address each report. This information should be incorporated into periodic reports to the board or governing body. Even though confidentiality is recognized by the OIG as a means of promoting prompt and effective reporting, it properly cautions that the identity of a caller may become known and may be revealed in certain circumstances should a government agency investigate the matter.
F. Employee Performance and Disciplinary Action
An effective compliance program should include enforcement of the organization's standards of
conduct through employee performance evaluations and written disciplinary criteria. Accordingly, a nursing facility should routinely inform all employees, managers, and supervisors that adherence to its standards of conduct is a condition of employment and will be an integral part of annual evaluations. If the facility determines that an employee, manager, or supervisor has violated the standards of conduct, the consistency of enforcement is a key element in ensuring that employees and agents understand the organization's commitment to compliance with the law. In addition, consistent enforcement demonstrates the organization's commitment to government authorities should the organization be investigated by a government agency such as the OIG.
The OIG has advised that disciplinary action is appropriate whenever there is a violation of the nursing facility's code of conduct. The OIG would include in this definition an employee's failure to detect a violation as a result of his or her negligence or reckless misconduct.
G. Auditing and Monitoring
A compliance program will not be effective if it remains static. Although the United States Sentencing Guidelines do not touch on this subject, the OIG's guidance recommends that nursing facilities monitor the success of their compliance programs through periodic (at least annual) audits conducted by internal or external auditors experienced in the application of federal and state laws, regulations, and policies. The draft guidance suggests various auditing techniques, such as sampling to determine if there has been a deviation from an established baseline, visits and interviews, unannounced mock surveys and audits, and legal evaluations of all agreements with contractors and other potential referral sources. However, the OIG does not endorse any particular audit method and does not address the cost of performing such audits.
The guidance does not specify particular areas that a nursing facility should use as the focus of an audit. Nevertheless, if the facility is aware of particular risk areas, whether through its internal processes or as a result of previous scrutiny by carriers, intermediaries, or government agencies, these areas should be emphasized in any follow-up audit. While the OIG recommends that nursing facilities consult existing corporate integrity agreements when designing a self-audit protocol, it must be borne in mind that these agreements are drafted by the government in response to established wrongdoing by a provider, and may be too draconian if applied to an entity without past problems. Moreover, since the scope and content of such corporate integrity agreements are targeted at the specific conduct of a specific provider, the audit procedures imposed in those agreements may not be suitable for all nursing facilities.
Once an audit is complete, the OIG recommends that any overpayments by Medicare, Medicaid, or other federally funded health program that are identified be refunded promptly to the appropriate payor regardless of whether or not a demand for repayment has been made. However, voluntary disclosure cannot be considered a guarantee against further criminal, civil, and administrative actions by government agencies. Therefore, careful evaluation with counsel is required when disclosure is contemplated.
In addition to periodic audits, the OIG has also recommended that the nursing facility document its efforts to comply with the law. For example, when the nursing facility seeks additional information or clarification from HCFA, a fiscal intermediary or a carrier, it should retain copies of all relevant correspondence and notes of oral information conveyed. These records can be valuable in demonstrating that the nursing facility has made a good faith effort to obtain accurate information and had a basis for relying on that information.
H. Responding To Detected Offenses and Developing Corrective Actions
No compliance plan can guarantee that offenses will not occur in the future; therefore, a good plan will establish a mechanism for responding appropriately to offenses discovered as the result of compliance activities. The United States Sentencing Guidelines only direct that the organization take "reasonable steps to respond appropriately to the offense and prevent further similar offenses. . . ." Indeed, the nursing facility's response to detected offenses is often the litmus test for measuring the effectiveness of a compliance plan. However, the OIG's model is a significant departure from the sentencing guidelines, as it emphasizes voluntary disclosure even while the nursing facility is developing an appropriate response and remedy to a true violation.
Any response to a detected violation of the law or of the nursing facility's standards of conduct will ordinarily demand a prompt response and consultation with counsel as necessary. The existence of an overpayment should not be solely determinative of whether or not the conduct should be investigated. In fact, the OIG recommends that when potential fraud is not involved, the provider should use the normal channels to repay the overpayment through the carrier or intermediary as appropriate.
The OIG's guidance emphasizes the need to coordinate any response to a detected offense among the facility's management, auditors, and counsel. Nevertheless, the OIG encourages the prompt reporting of any detected offense to the appropriate government authority within a reasonable time that should not exceed 60 days. These reports should include a discussion of the potential financial impact and should include all relevant evidence. When the compliance officer's investigation is complete, the OIG also recommends that the compliance officer be required to notify the appropriate government agencies of the outcome of the investigation. In return, the OIG has suggested that prompt reporting may be viewed as a mitigating factor should sanctions be considered.
While in some cases prompt disclosure may mitigate the nursing facility's exposure under the False Claims Act, the OIG's recommendation can also be construed as an attempt by the OIG to interject itself into an internal investigation before the nursing facility knows whether or not the matter is significant. This may have the unintended effect of undercutting the ability of a well-run compliance program to remedy the cause of detected violations through internal responses by chilling future disclosure and cooperation by nursing facility staff. Even though expedited disclosure to a government agency may be appropriate in some circumstances, these and other decisions relating to disclosure should be determined on an individual basis in consultation with counsel.