When it comes to the Affordable Care Act, there is no shortage of topics upon which the nation can disagree.  As patients lobby to make the provision of medical services a constitutional right, providers share a much different perspective on modern American health care.  To practitioners and non-clinical professionals alike, participation in government sponsored health care programs is in many ways akin to joining the freemasons or pledging a fraternity, the exclusion from which is nothing less than a modern day blackballing by the not-so-secret society known as the Office of the Inspector General (“OIG”).

While Medicare regulations are no picnic,[1] there is no shortage of hospitals participating therein.[2] The exclusion of a hospital from federally funded programs such as Medicare and Medicaid can mean the end for that facility, while for hospital executives, directors, officers, managers, and in-house counsel the repercussions from such an act can amount to the end of a career in health care altogether. The nexus between hospital punishment and individual culpability can be tenuous at times, and a negative ruling against a hospital may not insulate individuals from prosecution and even exclusion under the Responsible Corporate Officer Doctrine (“RCO”), sometimes referred to as the “Park” doctrine after the United States Supreme Court decision United States v. Park, where the Court held:

“The concept of ‘responsible relationship’ to, or a ‘responsible share’ in, a violation . . . indeed imports some measure of blameworthiness; but it is equally clear that the Government establishes a prima facie case when it introduces evidence sufficient to warrant a finding by the trier of fact that the defendant had, by reason of his position in the corporation, responsibility and authority either to prevent in the first instance, or promptly to correct, the violation complained of, and that he failed to do so.” [3]

The origins of the RCO can be traced to cases involving the Federal Food, Drug and Cosmetic Act of 1938,[4] and subsequently to cases of environmental, public health and safety concerns.[5]  To be sure, granting authority for the Federal Government to criminally prosecute individuals for the actions of the entity is nothing new in health care.

In 1977, Congress first mandated the exclusion of physicians and other practitioners convicted of program-related crimes from participation in Medicare and Medicaid.[6]  In 1981, Congress passed the Civil Money Penalties Law[7], authorizing the Department of Health and Human Services (“HHS”) and the OIG to impose civil money penalties (“CMPs”), assessments and program exclusions against individuals and entities who submit false, fraudulent or otherwise improper claims for Medicare or Medicaid payment.[8]

In 1987, Congress passed the Medicare and Medicaid Patient and Protection Act[9] to enhance the OIG’s ability to protect the Medicare and Medicaid programs and their beneficiaries.  The Health Insurance Portability and Accountability Act (HIPAA) of 1996[10] authorized the OIG to provide guidance to the health care industry in an attempt to prevent fraud and abuse, and to promote high levels of ethical and lawful conduct. The Balanced Budget Act (BBA) of 1997[11] expanded the OIG’s sanction authorities. These statutes extended the application and scope of the current CMPs and exclusion authorities beyond programs funded by HHS to all “federal health care programs.”  BBA also authorized a new CMPs authority to be imposed against health care providers or entities that employ or enter into contracts with excluded individuals (including interns) for the provision of services or to federal program beneficiaries.

Today, 42 U.S.C. Section 1320a-7 is the statutory authority upon which the OIG relies when excluding individuals and entities from participation in Medicare and Medicaid.  Subsection (a) sets forth the mandatory exclusion provisions and subsection (b) sets forth the permission exclusion provisions.

Mandatory exclusions include:

• Conviction of a health care program related crime

• Conviction involving patient abuse

• Felony conviction relating to health care fraud

• Felony conviction involving a controlled substance

Permissive exclusions include:

• Conviction of a criminal misdemeanor relating to fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct relating to health care

• Conviction of a criminal offense relating to fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct with respect to any act or omission in a program (other than a health care program) operated by or financed in whole or in part by any federal, state, or local government agency

• Conviction relating to obstruction of an investigation or audit

• Misdemeanor conviction involving a controlled substance

• License revocation or suspension by a state licensing authority

• Exclusion or suspension under any federal program, including those within the Department of Defense, Department of Veterans Affairs or a state health care program relating to health care

• Claims for excessive charges or unnecessary services and failure of certain organizations to further medically necessary services

• Fraud, kickbacks and other prohibited activities

• Entities controlled by a sanctioned individual

• Failure to disclose required information

• Failure to supply requested information on subcontractors and suppliers

• Failure to supply payment information

• Failure to grant immediate access

• Failure to take corrective action

• Default on a health education loan or scholarship obligation

• Individuals controlling a sanctioned entity, including those who have a direct or indirect ownership interest in a sanctioned entity, and who knew or should have known of the action which gave rise to the conviction or exclusion

• Making false statements or misrepresentations of material facts

The OIG has encouraged health care compliance programs, noting that such covenants within an institution help hospitals and other health care providers develop effective internal controls that promote adherence to applicable state and federal laws.[12] Indeed, the OIG believes a hospital may gain important additional benefits by voluntarily implementing a compliance program. Such benefits include:

• Demonstrating the hospital’s commitment to honest and responsible corporate conduct

• Increasing the likelihood of preventing, identifying, and correcting unlawful and unethical behavior at an early stage

• Encouraging employees to report potential problems to allow for appropriate internal inquiry and corrective action

• Minimizing any financial loss to government and taxpayers through early detection and reporting, as well as any corresponding financial loss to the hospital

Proclaiming its goal “to exercise due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law,” the Federal Sentencing Guidelines for Organizations (“FSGO”)[13] set forth the purpose of a compliance and ethics plan, listing seven essential elements to contain therein:

• Establish standards and procedures to prevent and detect violations of law

• Provide appropriate oversight, including the establishment of responsibility at all levels of the program, together with adequate program resources and authority for its managers

• Exhibit due diligence in hiring and assigning personnel to positions with substantial authority

• Communicate compliance standards and procedures to all employees, and provide training to employees at all levels

• Establish procedures for monitoring and auditing, including periodic evaluation of program effectiveness as well as non-retaliatory internal guidance and reporting systems

• Employ consistent disciplinary mechanisms to promote and enforce compliance and ethical conduct

• Investigate and remediate so that, upon detecting a violation, the institution is in a position to take reasonable steps to respond appropriately and prevent further misconduct

The United States Sentencing Commission[14] announced changes to the FSGO effective November 1, 2010. The changes provide a decrease in the offense level if:

• The individual with operational responsibility for the compliance and ethics program has direct reporting obligations to the organization’s governing authority (e.g., the Board of Directors) or appropriate subgroup (e.g., the Audit Committee of the Board)

• The compliance and ethics program detects the offense before discovery takes place outside the organization or before such discovery was reasonably likely

• The organization promptly reports the offense to the appropriate governmental authorities

• No individual with operational responsibility for the compliance and ethics program is found to have participated in, condoned, or have been willfully ignorant of the offense

An individual is said to have “direct reporting obligations” if he or she has express authority to communicate personally to the governing body “promptly on any matter involving criminal conduct or potential criminal conduct” and reports “no less than annually on the implementation and effectiveness of the compliance and ethics program.”[15]

Hospitals, governing boards, executives, managers, directors and physicians are direct targets as the Federal Government ramps up its efforts to eliminate fraud in modern American health care. Although not a technical requirement for hospitals under state or federal law,[16] all hospitals would be well advised to give serious consideration to adopting a proactive, comprehensive compliance program.

While a compliance program may never completely insulate a hospital from potential liability, in the event of an allegation under the Federal False Claims Act or a related state claim, the existence of a meaningful compliance program can protect a hospital and those individuals in charge from substantial civil and/or criminal penalties, possible exclusion from the Medicare or Medicaid programs, and the need to adopt an entirely new and unfamiliar compliance program on an expedited basis.  Compliance programs should not be thought of as an insurance policy, but rather a show of commitment to the industry in which health care professionals serve.

For additional information on compliance programs, click here.