Effective Compliance Planning for Surgery Centers€¦ · Overview of applicable federal (and...
Transcript of Effective Compliance Planning for Surgery Centers€¦ · Overview of applicable federal (and...
1 | McGuireWoods
CONFIDENTIAL
Effective CompliancePlanning for Surgery Centers
Becker’s ASC Conference
Presented by:
Gretchen Townshend, Partner, McGuireWoods LLP
Timothy Fry, Attorney, McGuireWoods LLP
October 28, 2016
2 | McGuireWoods
CONFIDENTIAL
To Be Discussed
1. OIG Core Compliance Program Components (“7 Core Elements”)
2. What’s in a Compliance Plan
3. Overview of Applicable Laws
4. Common Areas of Compliance Risk for ASCs
5. Best Practices; Operationalizing
3 | McGuireWoods
CONFIDENTIAL
OIG Core Compliance Program Components
OIG key recommendations for compliance programs (7 Core
Elements):
1. Written standards of conduct and policies that promote compliance and address specific areas of potential fraud;
2. Designating a chief compliance officer and other bodies
3. Conducting regular and effective training and education;
4. Developing effective lines of communication;
5. Responding appropriately to detected offenses and developing corrective action/disciplinary action;
6. Conducting internal monitoring and auditing; and
7. Enforcing standards through well-publicized disciplinary guidelines.
4 | McGuireWoods
CONFIDENTIAL
What’s in a Standard ASC Compliance Plan
1. Overview of applicable federal (and state) laws
2. Chief Compliance Officer duties and obligations
3. Acknowledgment Form
• Signed by each owner and employee
• Acknowledges he/she understands the Compliance Plan, has not been
excluded from a federal health program, will be subject to discipline for
violating Compliance Plan
4. Code of Conduct
• Applicable to owners, Board members, and employees
5. Corporate Compliance Checklist
6. HIPAA Compliance Plan
5 | McGuireWoods
CONFIDENTIAL
Overview of Applicable Laws
1. Anti-Kickback Statute, 42 U.S.C. § 1320a-7b
2. Physician Self-Referral Law (a/k/a the “Stark Law”), 42 U.S.C.
§ 1395nn
3. False Claims Act, 31 U.S.C. §§ 3729–3733
4. Health Insurance Portability and Accountability Act (“HIPAA”)
5. Non-Discrimination
6. Conditions for Coverage and Licensure
6 | McGuireWoods
CONFIDENTIAL
Federal Anti-Kickback Statute
1. It is a crime to knowingly and willfully solicit, receive, offer, or
pay remuneration of any kind, directly or indirectly
– For the referral of an individual to another for the purpose of
supplying items or services that are covered by a Federal
health care program; or
– For purchasing, leasing, ordering, or arranging for any good,
facility, service, or item that is covered by a Federal health
care program.
2. There are “safe harbors” which provide immunity from criminal
prosecution.
3. Intent-based statute.
7 | McGuireWoods
CONFIDENTIAL
ASC Safe Harbor Enforcement
ASC Safe Harbors – Core Requirements
• Must not be related to volume or value of referrals
• No loans or loan guarantees by other investors allowed
• Distributions must be directly proportional to the amount of the capital
investment of that investor
• All ancillary services must be directly and integrally related to primary
procedures performed at the ASC and none may be separately billed to
Medicare
• Must treat Medicare patients in a nondiscriminatory manner
• Patients must be fully informed of the physician’s ownership
• For Single-Specialty ASCs: At least 1/3 of each physician investor’s
medical practice income from all sources for the previous fiscal year or
previous 12 month period must be derived from the physician investor’s
performance of ASC eligible procedures (1/3 Income Test)
• For Multi-Specialty ASCs:
– 1/3 Income Test, PLUS
– At least 1/3 of the ASC procedures performed by each physician investor for the
previous fiscal year or previous 12 month period must be performed at the ASC
8 | McGuireWoods
CONFIDENTIAL
Federal Stark Law
1. A physician may not make a referral to an entity for designated
health services (DHS) for which payment may be made by
Medicare or Medicaid if the physician or an immediate family
member has a “financial relationship” with the entity providing
the designated health service, unless one of the exceptions
applies.
2. ASC services are not “DHS” (i.e. not Stark services).
3. Hospital services, laboratory services, imaging, DME are “DHS”
(i.e. Stark applies).
9 | McGuireWoods
CONFIDENTIAL
Federal False Claims Act
1. False Claims – Prohibits the submission of any false record or
statement for reimbursement to the government.
– Penalties include fines, potential exclusion from Medicare and
Medicaid and imprisonment.
i. Approximately $11,500 - $21,500 for each claim, plus three times the
amount of the government’s damages (i.e., the amount paid on the
improper claim).
ii. Attorneys’ fees and costs.
– Employees may report an employer’s false claim with protection
from state and federal law.
2. Actions that May Result in Liability
– Violation of another law (such as Stark or AKS) – e.g., proper claim,
but the service was the result of an illegal relationship.
– Falsifying information in the patient record.
– Conditions for coverage were not generally a false claim pre-2016.
Now?
10 | McGuireWoods
CONFIDENTIAL
60-Day Overpayment Repayment Rule
CMS recently finalized ACA 60-day overpayment rule for Medicare
Parts A/B. See 81 Fed. Reg. 7654; 42 C.F.R. § 401.301 et seq.
1. ACA requires overpayments to be returned by the later of (i) 60
days after identification of the overpayment or (ii) date cost
report is due.
2. Identification is when a person has, or should have, through the
exercise of reasonable diligence, determined that the person or
entity received an overpayment and has quantified the amount.
CMS expects proactive and reactive efforts.
3. Look-back period is 6 years after the date the overpayment was
received.
4. Flexibility in reporting using existing methods.
11 | McGuireWoods
CONFIDENTIAL
Heath Insurance Portability & Accountability Act
In this context, HIPAA has four key parts:
1. The Privacy Rule – Establishes patients’ privacy rights and
addresses the use and disclosure of protected health information
(“PHI”) by covered entities and business associates.
2. The Security Rule – Requires the adoption of administrative,
physical, and technical safeguards to protect electronic PHI
(“ePHI”).
3. The Breach Notification Rule – Requires HIPAA covered entities
and their business associates to provide notification following a
breach of unsecured PHI.
4. The Enforcement Rule – Establishes both civil monetary penalties
and federal criminal penalties for the knowing use or disclosure of
PHI in violation of HIPAA.
12 | McGuireWoods
CONFIDENTIAL
Heath Insurance Portability & Accountability Act
(continued)
1. Adoption of HIPAA compliance plan.
2. Appointment of HIPAA Privacy Officer and Security Officer.
3. Annual review and update to HIPAA compliance plan.
4. Investigate and draft breach analysis on any potential breach.
5. Report to OCR and patients, if appropriate.
13 | McGuireWoods
CONFIDENTIAL
Non-Discrimination
1. Medicare does not allow discrimination
2. Section 1557 of the ACA added anti-discrimination provisions
3. OCR final rule on limited English, accessibility, anti-sex
discrimination and others
4. Required notices (including signs and on website) starting this
month that language assistance available in foreign languages
14 | McGuireWoods
CONFIDENTIAL
Medicare Conditions for Coverage
& Licensure Issues
– Six key categories :
1. Licensure
2. Certificate of Need (state dependent)
3. Medicare Conditions for Coverage (CfCs)
4. Medicaid Certification
5. Accreditation (AAAHC, Joint Commission, etc.)
6. Other permits
– Importance of Exclusive Use
– Recovery Care Limitations
• For Medicare, care cannot exceed 24 hours
• Depending on the state, patients often must be out of the
center by 11:59 pm
15 | McGuireWoods
CONFIDENTIAL
Common Areas of Compliance Risk in ASCs
16 | McGuireWoods
CONFIDENTIAL
1. Do not offer less or more shares or a higher or lower price based on the
number, volume or value of referrals a physician can generate.
2. Do not reallocate shares based on volume or value of referrals.
3. Do not focus on individual distributions being tied to the number of
patient referrals. Never make any indications that could lead a potential
investor to believe that referrals or performance will determine an
individual’s “piece of the pie.” Focus on overall distributions and profits.
4. Physicians should not be allowed to invest based upon the fact that they
can generate referrals for another physician who may use the center.
5. Avoid providing physicians with estimates as to the amount of revenue
that will be generated from their referrals or from another physician’s
referrals.
Selling Shares in an ASC
Tips to ensure an appropriate dialogue:
17 | McGuireWoods
CONFIDENTIAL
6. When creating target lists, avoid focusing on the potential number of
referrals, the physician's age, the growth potential of the physician’s
practice, etc.
7. Do not offer remuneration or special treatment under various disguises,
such as directorship contracts or discounted lease arrangements, in
order to induce investors.
8. Do not pressure physician investor to shift their current referral patterns.
9. Do not make any indications to investors that low-referring physicians
will be pressured to withdraw.
10.Units should not be sold at a discount from then fair market value.
11. Investment by an group (practice or group of independent physicians)
should be carefully vetted to ensure compliance
Selling Shares in an ASC
Tips to ensure an appropriate dialogue:
18 | McGuireWoods
CONFIDENTIAL
1. Apply redemption rules consistently to all owners.
2. Do not redeem for “failing to bring enough cases” or “failing to bring
profitable cases”.
3. Provide an owner notice of a redemption event and ample time and
opportunity to cure (if applicable) any breach of the Operating
Agreement.
4. Apply the safe harbor requirements consistently to all owners,
5. When redeeming, try to obtain a release from liability and
indemnification from departing physician.
Physician Redemption Issues
Tips to ensure an appropriate dialogue:
19 | McGuireWoods
CONFIDENTIAL
Medical Directorships/Leases & other Financial
Arrangements with Referring Physicians
Tips to ensure an appropriate dialogue:
1. Ensure the relationship/arrangement is truly needed.
2. Do not consider the volume/value of referrals of a particular physician
when entering into these arrangements.
3. Ensure any payment made thereunder is fair market value for the
items/services being provided and support with third party valuation.
4. Require the medical director to record and report time spent performing
the services for the ASC.
5. Ensure the equipment is required for services at the ASC and confirm
that there are not other vendors providing better lease terms.
6. Ensure the space is necessary for the performance of the ASC.
7. Document the arrangement with a written agreement with a term of at
least 1 year.
8. Attempt to comply with each element of an applicable safe harbor
(Space Lease, Equipment Lease, Personal Services).
9. Ensure legal counsel has reviewed and approved the arrangement.
20 | McGuireWoods
CONFIDENTIAL
Third Party Arrangements
Also Consider These Types of Arrangements
for Compliance
1. Anesthesia relationships and arrangements
2. Lab services arrangements
3. Local hospital services arrangements (e.g., lab, x-ray, emergency
transfer)
4. Lease arrangements
5. Staffing arrangements
6. Back-office arrangements
7. Medical device/device manufacturer purchases
8. Physician-owned distributorships
21 | McGuireWoods
CONFIDENTIAL
Medical Necessity
Providers may only bill federally funded health care programs for
“medically necessary” services and procedures that are properly
ordered by a physician or other appropriately licensed person.
1. Must provide (typically upon request, but have in medical record)
documentation that supports medical necessity.
2. Should provide medical necessity training.
3. Should provide written notice of medical necessity policy/definition
and billing codes.
Medical necessity (and amount of guidance) varies per procedure,
region or even per payor.
22 | McGuireWoods
CONFIDENTIAL
Billing and Coding
1. OIG Billing and Coding Risk Areas
A. Billing for items or services not rendered or not provided as claimed;
B. Submitting claims for supplies and services that are not reasonable and necessary;
C. Double billing that results in duplicate payment; and
D. Billing for non-covered services as if covered.
2. Sources of Compliance Requirements
A. Medicare
B. TRICARE
C. Each state’s Medicaid program
D. Private payor requirements
E. CPT Manual and AMA guidance
23 | McGuireWoods
CONFIDENTIAL
Employee Exclusions
• ASCs are responsible for ensuring that they do not employ or
contract with excluded individuals or entities in any capacity or
setting in which federal health care programs may reimburse for
the ASC for those items or services furnished by those
employees or contractors.
• Requirement to screen all current and prospective employees
and contractors against OIG’s List of Excluded Individuals and
Entities.
• Some guidance suggests that screenings should be performed
on a monthly basis
24 | McGuireWoods
CONFIDENTIAL
Best ASC Practices; Operationalizing
25 | McGuireWoods
CONFIDENTIAL
Practical Guidance for Health Care Governing
Boards on Compliance Oversight
Guidance focuses on:
1. Roles of, and relationships between, the organization’s audit,
compliance, and legal departments;
2. Mechanisms and process for issue-reporting within an
organization;
3. Approach to identifying regulatory risk; and
4. Methods of encouraging enterprise-wide accountability for
achievement of compliance goals and objectives.
Emphasis placed on the Board having ultimate responsibility for
organization, particularly compliance related issues.
26 | McGuireWoods
CONFIDENTIAL
Create a Culture of Compliance
1. Initial and ongoing education, distribution of compliance literature and periodic updates
2. All-hands’ compliance meetings
3. Key leaders’ attendance at compliance seminars
4. Board agenda includes compliance discussion
5. Routine monitoring and auditing, including billing and coding audits
6. Legal review of all contracts and other legally significant documents to ensure compliance regularly
7. Employee background checks and checks against the OIG exclusions list
8. Annual review of compliance plan
9. Communication of intent to investigate aggressively any suspected problems regarding compliance
10. Wall certificates and handouts to inform employees of who to contact for compliance issues
27 | McGuireWoods
CONFIDENTIAL
Reviews and Audits of Compliance Program
1. Review/audit your compliance program focused on the OIG’s 7 Elements of a
Compliance Program (remember HIPAA, too)
2. Complete Corporate Compliance Checklist on an annual basis
• Adoption of Compliance Plan by governing board (recorded in writing)
• Appointment of Chief Compliance Officer
• Distribute copies of all compliance plans to owners and employees
• Post notice of commitment to compliance in common work areas
• Distribute compliance-related guidance to employees and owners
• Employee and owner training (at least annually)
• Address compliance at owner and Board meetings
• Annual review of contracts for regulatory compliance
• Billing and coding audit
• Review compliance with record keeping requirements
• Evaluation of governing board members’ and supervisors’ compliance
• Initial and periodic background checks and review of OIG/SAM exclusion lists for
all employees, independent contractors, and owners
28 | McGuireWoods
CONFIDENTIAL
Responding to Complaints
A complaint comes in or an employee or patient reports an issue
1. Always thank the employee or patient for the report
2. Always follow up on employee and patient reports (no
matter what)
3. Utilize a tracking system to track all reports
4. Invite reporting of concerns
5. No retaliation; express that you will take seriously
6. No destroying documents (careful on “it’s the policy”); a hold
notice
7. Get legal team together ASAP – 2 perspectives on the legal
team. Former government perspectives and a trusted team
(both internal and external)
8. Determine appropriate next steps
29 | McGuireWoods
CONFIDENTIAL
Responding to Investigations
An investigation commences through notice letter or the government
appears at your door
1. Have a plan in place ahead of time
a) Will someone stay with investigators when they review documents?
b) Will you send staff home that day?
2. Do not hinder investigation
3. Communicate with legal as soon as possible – 2 perspectives on
the legal team. Former government perspectives and a trusted
team (both internal and external)
4. Advise employees of rights in talking to government (i.e., right to
attorney, can have entity there too) – but do not obstruct
5. Establish early and ongoing communications with government
6. Always consider settlement
7. Budget and prepare for expenses
30 | McGuireWoods
CONFIDENTIAL
Sample ASC Code of Conduct
1. Protect the confidential information of patients and families of patients.
2. Abide by all policies, as well as all state and federal laws and conditions of
participation in health care reimbursement programs.
3. Will not encourage or participate, directly or indirectly, in activities such as theft,
bribery, kickbacks, misappropriation, false statements, submission of false claims,
discrimination, boycotts, price fixing, or violations of environmental or work place
safety laws.
4. Will not make any payment, or offer to make any payment, whether in cash or in kind,
to any physician, patient, hospital, facility, or other party in order to induce the referral
of patients or other items or services to the Center.
5. Will not enter into relationships with any person or entity that may refer business to
the Center unless such arrangements involve compensation for fair market value and
the arrangements are fully compliant with all laws. No such arrangement shall take
into account the volume or value of referrals by such person.
6. Will only bill for services in a manner that is legally appropriate. Owners and
employees who are involved with billing functions will not submit any claims for
amounts other than in accordance with the Center’s policies.
31 | McGuireWoods
CONFIDENTIAL
Code of Conduct (continued)
7. Owners and employees who refer patients for services to the Center will only refer
patients for services or procedures that are medically necessary or cosmetic in nature.
8. Treat all patients (including Medicare, Medicaid, and indigent patients) in a non-
discriminatory manner.
9. ASC shall not offer shares or membership interests in exchange for referrals. Shares
or membership interests in the Center may only be sold at fair market value.
10. Maintain compliance with the ambulatory surgery center Safe Harbor to AKS.
11. All distributions of Center earnings shall be based on the number of shares held by
the owners and shall in no way be based on the volume or value of referrals.
12. Each owner shall notify patients of his or her financial interest in the Center if he or
she refers such patients to the Center.
13. Each owner and employee shall treat all patients, Center personnel, and other
members of the community with dignity, respect and compassion.
14. Maintain a safe working environment, will fulfill all duties in a safe manner, and will
notify the proper Center personnel immediately of any hazard, injury, equipment
problem, or other potential safety issue.
15. Any prohibited behavior will be reported to the appropriate Center personnel.
32 | McGuireWoods
CONFIDENTIAL
A HIPAA Compliance Top 10 List
1. Expressly-named privacy and security officers (can be the same person)
2. HIPAA policies and procedures – both privacy and security
3. HIPAA compliant authorization form for release of PHI
4. Sanctions policy, either referenced by or included in the HIPAA policies
and procedures
5. Security risk assessment (initial and subsequent assessments)
6. Workforce training, with documentation of the materials and those who
attended
7. Business associate agreements in place with business associates
8. Comprehensive list of business associate agreements
9. Notice of privacy practices, with appropriate posting/distributing, in
facility and on websites!
10. Breach response plan if not otherwise addressed in the HIPAA policies
and procedures
33 | McGuireWoods
CONFIDENTIAL
Compliance Concepts
1. If you can’t write it, you cannot say it or do it.
2. If the real reason for something is illegal, no amount of dressing it up makes it legal.
3. If you cannot do it in the ASC, you can’t do it outside of the ASC.
4. Cannot distribute shares or dollars based on referrals or cases –can’t do it outside, i.e., in anesthesia company or relationship.
5. Can’t swap streams of revenues, e.g., you get pathology if we get more ownership.
6. Must abide by operating agreement.
7. The 1% test.
34 | McGuireWoods
CONFIDENTIAL
Corporate Integrity Agreement Example
1. Compliance Officer/Committeea) Officer not subordinate, reports to
OIG
b) Compliance Committee formed
c) Board oversight of compliance
d) Employee attestations
2. Written Standardsa) Code of conduct
b) Policies and procedures re: compliance program
3. Training and Educationa) Training plan
b) Board member training
c) Certification and available trainer
4. AKS and Stark compliancea) Procedures to review and track
compliance
b) New contracts require training
c) Retention and access to records
5. Hire independent reviewer of
agreements and processes
6. Develop risk assessment and internal
review
7. Disclosure program (i.e., hotline)
8. Screen and remove ineligible
persons
9. Notify of government investigations
10. Repayment of overpayments
11. Report to OIG certain events
12. Additional business burdens
a) Report changes to business
b) Reporting!
c) Inspection
d) Penalties; potential exclusion
35 | McGuireWoods
CONFIDENTIAL
Recap: The Three D’s of Compliance
1. Deterrence: A well-trained workforce is less likely to engage in conduct which exposes your ASC to liability. This is true across the spectrum, including:
– Enhancing adherence to billing and coding practices (minimizing underpayments, overpayments and fraud);
– Avoiding violations of privacy policies and procedures; and
– Avoiding violations of patient care policies and procedures.
2. Detection
– Monitoring programs facilitate the early identification of problems.
– Reduction in overpayment liability; placing the ASC in control.
36 | McGuireWoods
CONFIDENTIAL
3. Defense. If your ASC is investigated by the
OIG or subject to allegations of fraud, the
existence of an effective corporate
compliance program may:
– reduce damage multipliers in False Claims Act cases
– reduce the duration of a Corporate Integrity Agreement (“CIA”)
– allow the company to enter into a less onerous monitoring agreement, i.e., a Certification of Compliance Agreement (“CCA”) instead of a CIA
--shorter duration (3 years or less vs. 5 years)
--no obligation to retain an independent review organization
3 D’s cont’d.
37 | McGuireWoods
CONFIDENTIAL
Questions or Comments?
Gretchen Townshend
McGuireWoods LLP
77 W. Wacker Drive, Ste. 4100
Chicago, IL 60610
(312) 849-8237
Timothy Fry
McGuireWoods LLP
77 W. Wacker Drive, Ste. 4100
Chicago, IL 60610
(312) 750-8659
82548311v2