Health Care Fraud and Compliance
One of the Department’s Crown Jewels is its Health Care Fraud Initiative which primarily focuses on Medicare and Medicaid fraud and Off-Label Promotion cases. The False Claims Act is the principal tool used by the Justice Department.
For FY 2011, the Justice Department recovered over $3 billion in fraud cases. Approximately $2.8 billion were the result of whistleblower complaints, an increase of $500 million over FY 2010. For FY 2011, the Justice Department recovered in civil and criminal cases over $5.6 billion.
In the last few years, Congress has increased funding by nearly $1 billion to combat health care fraud and abuse enforcement. It has been estimated that each dollar spent on enforcement results in a recovery or savings of one-and-a-half times that amount.
DOJ, HHS and related agencies use a number of strategies to identify, investigate and prosecute health care fraud. The Center for Medicare and Medicaid (CMS) has initiated new procedures for identifying fraud before CMS makes any payments to health care providers or suppliers. CMS’ new program works like existing fraud programs used by financial institutions for credit cards and debit cards. This new model will allow CMS to identify unusual billing patterns which suggest potential fraud.
In addition, the Health Care Prevention and Enforcement Action Team (“HEAT”) which was started in 2009 and recently expanded to additional cities has been used to target health care providers and individuals to target fraud in the Medicare and Medicaid programs. The HEAT program is akin to past organized crime task forces and is an extremely successful model for increasing enforcement of health care fraud cases.
During the year, there have been a large number of false claims and anti-kickback cases brought against hospital systems. Some examples of the largest cases brought include:
1. Seven hospitals agreed to pay $6.3 million to resolve allegations that they submitted false claims to Medicare related to kyphoplasty procedures (treatment for spinal fracutures).
2. The Detroit Medical Center agreed to pay $30 million to resolve allegations of improper relationships between the health system and physicians involving reduced leasing arrangements below market value, free advertising and tickets to events and seminars.
3. The Catholic Healthcare System agreed to pay $9.1 million to settle allegations that it submitted false Medicare claims for overpayments which were not returned, claims based on inflated costs for home health care agencies and providing kidney treatment services for which it was not eligible.
4. Dartmouth Hitchcock Medical Center in New Hampshire agreed to pay $2.2 million to resolve allegations that it improperly billed various federal health programs for improper billing for services performed by resident physicians without required supervision.
Since the government is focusing so heavily on health care fraud and abuse, health care providers and entities must take action to ensure they are in compliance with fraud and abuse laws. There is a rich history of compliance in the health care industry. In fact, many of the principles used in anti-corruption compliance originate from practices developed in the health care industry. The risks for compliance officers in the health care field are numerous involving a number of state and federal laws and regulations.
The challenge for every organization is to create a culture of compliance, to define compliance standards and procedures and to explain in detail compliance obligations. Health care organizations need to dedicate adequate resources to the compliance function, prioritize training programs and encourage the prevention and deterrence of potential violations. At its core, the compliance program must have a procedure for ongoing risk assessments — this is the lifeblood and intelligence foundation of every compliance program.
CMS has outlined seven required elements for a compliance program and is planning to update this list. These include:
1. Standards and Procedures which need to include a code of conduct separate from compliance policies and procedures; training programs for all employees and vendors; and use of certifications to focus compliance attention. Policies and Procedures need to be endorsed and committed by senior leadership and the Board itself. The policies and procedures need to be reviewed and revised periodically to respond to new risks, identification of compliance needs and improvements to the compliance program. It is important to monitor and assess the effectiveness of the policies and procedures on an ongoing basis.
2. Training and Education programs developed by the compliance office with personal training seminars keyed to high risk topics.
3. Oversight Authority which must be built on the Board’s authority, supervision by an Audit/Compliance Committee, and filtered down to the compliance office and designated subject matter experts on specific risk areas.
4. Monitoring and Auditing procedures and programs which are developed from a risk assessment and includes reviewing previous audits, monitors and other pertinent internal and external information and sharing information and results across the organization.
5. Reporting and Investigation mechanisms should include anonymous reporting programs (e.g. hotline), updating complainants, electronic tracking of investigations, regular reports to leadership, whistleblower protocols, and a non-retaliation policy. In order to prioritize internal investigations, a triaging system needs to be established to rank allegations. A team of investigators should be on call to respond to matters as they arise.
6. Enforcement and Discipline procedures need to be outlined so that matters are handled quickly, efficient and in a consistent manner.
7. Response and Prevention efforts need to include internal investigations protocols and procedures so that information can be gathered , privileges preserved, documentation of compliance and investigation efforts reviewed and created.