|
Making the Decision Whether to Implement a Corporate Compliance Program By Compliance
Programs: What Are They? Health care costs continue to rise, which is troublesome in light of the fact that very soon the "baby-boomer" generation will become Medicare-eligible. The federal government has been looking for ways to decrease the costs to the Medicare system, but currently cutting Medicare benefits in order to cure the financial problems of the Medicare Trust Fund is not politically tenable. Therefore, the government is looking for alternative methods to recoup funds. The financial imperative of avoiding a bankrupt Medicare system in conjunction with the political mandate that law makers should be tough on crime has led the government to a very profitable, and apparently politically popular, method for increasing funds to the Medicare system - recouping funds that have already been paid to providers. The vehicle for recovering those funds is through enforcement initiatives alleging health care fraud and abuse. Janet Reno has said, "Let the message be very, very clear. We have made health care fraud a priority and we will pursue it as vigorously as we can." Indeed, the government has lived up to its word. Health care fraud and abuse has become a very important law enforcement priority, second only to the prosecution of violent crime. In January 1998, the first annual report of the Health Care Fraud and Abuse Control Program, which was created by Health Insurance Portability and Accountability Act of 1996 (HIPAA), was released. For 1997, the first full year of the anti-fraud and abuse funding under HIPAA, the Department of Health and Human Services (DHHS) reported: (1) nearly $1 billion was returned to the Medicare Trust Fund (the largest amount ever); 2,700 individuals were excluded from doing business with Medicare, Medicaid and other federal and state healthcare programs (a 93% increase from 1996); convictions for healthcare fraud-related crimes increased by nearly 20%; and the DHHS pursued 4,010 civil healthcare fraud cases (an increase of 61% from 1996). According to DHHS, actions affecting its programs alone have "saved" taxpayers more than $20 billion, and increased health care fraud convictions by more than 240%. In this environment of expanded government scrutiny and increased penalties, many health care organizations have made the decision to implement corporate compliance programs designed to prevent violations of the law. This article briefly addresses several of the issues that long-term care providers should consider when making the determination whether to implement such a program. Compliance Programs: What Are they? Many providers have read the Inspector General’s 1997 "An Open Letter to Health Care Providers," which praised the adoption of corporate compliance programs, and discussed the fact the Office of Inspector General (OIG) would be releasing compliance program guidance for various sectors of the health care industry. Since that time, the OIG has released compliance guidance for hospitals, clinical laboratories, home health agencies, third party billing companies, and has recently asked for recommendations for developing such guidance for hospices and nursing facilities. A lot of people are talking about corporate compliance programs these days. As a long-term care provider, you may be asking yourself what is meant by that term. Corporate compliance programs are not the quality assurance or risk management programs that that you may currently have at your facilities, although a corporate compliance program may include elements of those existing programs. A "corporate compliance program" is a term of art with a specific meaning, and it is fast becoming a standard in the health care industry. The concept of a corporate compliance program, as it is used today, grew out of the Sentencing Reform Act of 1984. That Act established the U.S. Sentencing Commission, the goal of which was the creation of policies and procedures that must be followed by all federal judges when sentencing individuals and organization (Federal Sentencing Guidelines). The Federal Sentencing Guidelines established that a judge was to consider an organization’s "culpability" in determining the appropriate monetary penalty. According to the Guidelines, "Culpability generally will be determined by the steps taken by the organization prior to the offense to prevent and detect criminal conduct, the level and extent of involvement in or tolerance of the offense by certain personnel, and the organization’s actions after an offense has been committed." It is those "steps" taken by an organization prior to the offense which have become known as a "corporate compliance program." The primary benefit of implementing a corporate compliance program with regard to a criminal violation of the law is that an entity’s monetary penalties may be eligible for a mandatory reduction of up to 95%. However, the benefits of an effective corporate compliance program are not limited to just reducing fines if your organization is convicted of a crime – there are other less tangible benefits. Common benefits that have been listed in the OIG’s compliance guidance include the ability to:
The Risks and Potential Liabilities In addition to the penalties noted above for the organization, there is also the potential for personal liability in operating a nursing facility. Most people know explicitly or implicitly that an organization can be held liable for the illegal actions of an employee. This is true even if the law was broken at the lowest levels of the company, and even if the action was contrary to the company’s established policy. It is also obvious to most people that the person who actually committed the wrongful act may be held liable. What is not readily apparent to many corporate officers and managers, however, is that they may be held liable, i.e., convicted, fined, imprisoned or excluded from the Medicare or Medicaid programs, for the criminal conduct of subordinate employees - even though the officer did not authorize the crime and had no actual knowledge of the criminal conduct. HIPAA made the need for corporate officers and managers to effectively oversee the operations of their organization even more important by creating a new ground for permissive exclusion of individuals from Medicare and State health care programs when the entity, and not necessarily the individual, has committed fraud, a crime or other wise been excluded. There is no need that the manager have any knowledge of the wrongdoing – all it takes to be excluded is to have been a managing employee of a sanctioned entity, Under HIPAA, officers and managing employees are at greatest risk, but the owners of health care facilities are not far behind. An owner may be excluded from the Medicare or Medicaid programs if he or she "should have known" about the improper activity. That is, if he or she either acts in deliberate ignorance of the truth or falsity of the information or acts in reckless disregard of the truth or falsity of the information. The existence of an effective corporate compliance program, which is supported and encouraged by corporate officers and managers, is evidence that the organization’s officers took steps to prevent any criminal conduct, and will be taken into consideration by courts. One court in Delaware has declared that corporate directors have a duty to act in good faith to ensure that their company has procedures to prevent and detect violations of law that could result in company liability. Noting the growing trend of the government to rely on criminal law to promote compliance with law and the self-reporting of violations, and the fact that the Federal Sentencing Guidelines offer significant mitigation of monetary penalties if an effective compliance program is in place, the court stated that "[a]ny rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that it offers." The court stated that a corporate director who failed to make good faith efforts to ensure that effective corporate compliance procedures are in place may be held personally liable in derivative litigation for losses that result. There are numerous other risks and potential liabilities that a long-term care provider should consider, but a full discussion of those is beyond the scope of this article. Other risks include the possibility of Medicare or Medicaid exclusion; probation and court imposed program; an onerous government designed program required as part of a settlement; and the potential for whistleblower lawsuits. Long-term care providers should give serious consideration to the adoption of a corporate compliance program. In addition to the inherent benefits of such a program, there is a growing expectation in the enforcement branches of the government that all health care providers that receive Medicare or Medicaid reimbursement should have such a program in place.
| Practice Areas
| Attorney
Profiles | Publications
| Rolf & Goffman Co., L.P.A. |
