In January, the Centers for Medicare & Medicaid Services (CMS) announced a second wave of temporary moratoria in certain geographic regions on the enrollment of home health agencies in the Medicare Program, Medicaid Program and Children’s Health Insurance Program, with the first wave announced last July. Utilizing its authority under the health reform law, CMS announced it is putting “fraudsters on notice” that it will use all available tools to combat fraud, waste, and abuse in these federal health care programs. CMS stated that, rather than continuing its historical method of “pay and chase,” it is choosing a more preemptive approach to prevent fraud and abuse in certain high-risk areas, including home health.
Consistent with CMS’s preemptive approach, under the health reform law, home health agencies across the nation will also be required to take a preemptive approach to preventing fraud, waste, and abuse through the adoption and implementation of compliance and ethics programs. Although such programs have historically been voluntary, nursing facilities are now mandated to establish them, and we are awaiting final regulations imposing the mandate on “all other providers/suppliers,” including home health agencies. If particular home health agencies have not already adopted a compliance and ethics program, the health reform law should provide them with the impetus to do so immediately by setting forth increased civil and monetary penalties, stiffer federal sentencing guidelines, monetary and other penalties, False Claims Act liability for unreturned overpayments, and recapture of federal funds.
For the time being, guidance includes “accountability requirements” published as part of the health reform law for skilled and other nursing facilities and the Compliance and Program Guidance for Home Health Agencies issued by the Office of the Inspector General (OIG) of the U.S. Department of Health & Human Services in 1998.
Although the compliance and ethics program can be flexible based on an organization’s size, provisions established under the health reform law require that the program be reasonably designed, implemented, and enforced so that it will effectively prevent and detect criminal, civil, and administrative violations of the law while promoting quality of care. It must also contain certain components, including:
- Established compliance standards and procedures to be followed by employees
- Assigned high-level personnel with overall responsibility for overseeing compliance
- Established steps for effective communication of compliance standards and procedures to employees, including through training
- Monitoring and auditing systems for detecting criminal, civil, and administrative violations
- Appropriate disciplinary mechanisms
- Established procedures to respond to detected violations
- Periodic reassessments.
A number of additional components are also in keeping with the “fundamental elements” of an effective compliance program established by the OIG in the 1998 Compliance and Program Guidance for Home Health Agencies. They are:
- Implementing written policies, procedures, and standards of conduct
- Designating a compliance officer and compliance committee
- Conducting effective training and education
- Developing effective lines of communication
- Enforcing standards through well-publicized disciplinary guidelines
- Conducting internal monitoring and auditing
- Responding promptly to detected offenses and developing corrective action.
In its Compliance Program Guidance, the OIG stated that “a home health agency’s written policies and procedures should take into consideration the particular statutes, rules, and program instructions that apply to each function or department of the home health agency.”
Emphasis should be placed on areas of special concern including:
- Billing for items or services not actually rendered
- Billing for medically unnecessary services
- Duplicate billing
- False cost reports
- Credit balances and failure to return
- Incentives to actual or potential referral sources
- Joint ventures
- Stark physician self-referral law
- Billing for services to patients who are not homebound
- Billing for visits to patients who do not require a qualifying service,
- Over- and under-utilization
- Knowing billing for inadequate or substandard care
- Insufficient documentation to support reimbursement
- Billing for unallowable costs
- Billing for services provided by unqualified or unlicensed clinical personnel
- False dating of amendments to nursing notes
- Falsified plans of care
- Untimely and/or forged physician certifications on plans of care
- Forged beneficiary signatures
- Improper solicitation and marketing efforts
- Inadequate oversight of contracted services
- Discriminatory patient admission and discharge
- Inappropriate compensation arrangements
- Improper influence over referrals by hospitals that own home health agencies
- Patient abandonment
- Knowing misuse of provider certification numbers
- Duplication of services
- Failure to adhere to home health agency licensing requirements
- Knowing failure to return overpayments
An effective compliance program must also include clear policies regarding disciplinary action for officers, managers, employees, and other health care professionals who fail to comply with the organization’s compliance program and code of conduct. The disciplinary policy should set forth the degrees of disciplinary actions that may be imposed, ranging from oral warnings to suspension, termination, or financial penalties. Consistent enforcement is imperative.
Fundamentally, the goal is for home health organizations to create a culture of compliance and ethical conduct that promotes prevention, detection, and correction of conduct that does not conform to federal and state law or health care payor requirements. Promotion of this type of conduct must start at the top with the organization’s governing body, and work its way down through managers and supervisors, clinicians, billing personnel, and other staff members. Strong ethical leadership and formal written programs are the building blocks of quality and compliance.
Strong ethical leadership requires a compliance officer and compliance committee. The compliance officer must be an individual with both strong leadership and communication skills and an in-depth knowledge of health care fraud and abuse laws and regulations, compliance topics, and billing and reimbursement rules. The compliance committee should be composed of the compliance officer, individuals in leadership positions, and other staff members who collectively have a strong background in and commitment to organizational compliance and ethics. The compliance officer and compliance committee must report to and have unfettered access to the organization’s chief executive officer and governing body.
The compliance officer and compliance committee are charged with developing, implementing, and overseeing the organization’s corporate compliance and ethics program. This includes the development and implementation of compliance policies and procedures and the development of regular, effective education and training programs for staff members. The compliance officer is charged with day-to-day oversight and monitoring of the program and reporting on a regular basis to the organization’s governing body. The compliance committee advises the compliance officer and assists in the implementation of the program, including analyzing the organization, regulatory environment, and the legal requirements imposed on home health agencies; assessing existing policies and procedures and amending them or developing new ones where necessary; developing a system for soliciting, evaluating, and responding to complaints and concerns; and monitoring internal and external audits and investigations.
Although a home health agency may have strong ethical leadership and a formal written compliance program, having such a leadership and compliance program in place does not necessarily mean the organization is in compliance. Designating an individual as the compliance officer and individuals to comprise the compliance committee does not mean they understand the details of the organization’s program or will be effective in overseeing it. Including compliance topics in orientation and other training does not mean staff members understand their legal obligations. Providing a copy of the compliance plan to all staff members does not mean they are likely to read and digest each and every policy contained in the plan.
Established policies and procedures alone are useless; they become the bedrock of an organization through proper and ongoing education, training, implementation, monitoring, and evaluation. In light of these inherent issues, two actions are prudent: (1) the organization should prepare and distribute to the governing body and all staff a corporate code of conduct and compliance plan summary; and (2) by job category and description, staff members should be alerted to and more fully educated on the particular policies and procedures most relevant to their positions.
Training should be mandatory, regularly conducted (upon hire and periodically thereafter), and interactive. Training sessions should highlight the organization’s compliance program, summarize relevant laws and regulations, and communicate methods for staff members to express compliance-related questions or concerns. For organizations that are culturally diverse, training in different languages may be necessary. Targeted training should be provided to corporate officers, managers, and other staff members whose actions affect the accuracy of claims submitted to governmental payors, such as staff involved in coding, billing, and cost reporting processes.
All staff should be advised of their duty to report suspected and actual violations of the organization’s compliance policies and procedures and code of ethics. Depending upon the organization’s resources and assessment of the effectiveness of its training program, outsourcing training to a professional organization for targeted employees or topics may be a good idea. Finally, periodic distribution of compliance information — including written memoranda, email blasts, and postings on bulletin boards or intranet home pages — in between training sessions serves as a reminder and refresher.
The successful implementation of the organization’s compliance program also includes maintaining and publicizing open lines of communication between the compliance officer and staff members. Written confidentiality and non-retaliation policies should be distributed to staff to encourage reporting of suspected and actual fraud and abuse concerns. The OIG promotes the use of hotlines, email, written memoranda, newsletters, suggestion boxes, and other forms of information exchange.
Finally, the effectiveness of the organization’s compliance program is best assessed through an ongoing evaluation process that includes the performance of regular, periodic compliance audits by internal or external auditors who are knowledgeable and experienced in the areas of health care statutes and regulations and program requirements. At a minimum, these audits should focus on the organization’s compliance with laws governing kickback arrangements; laws governing physician self-referrals; laws governing marketing; and laws concerning claim submission, reimbursement, and cost reporting. Results of audits should be reviewed and analyzed by the organization’s compliance committee and governing body, and plans of action or correction may need to be initiated. If illegal or improper conduct is unveiled, the organization may need to notify appropriate governmental authorities or legal counsel.
Compliance is a dynamic, evolving, and ongoing process needed to prevent fraud, waste, and abuse. Although federal regulations have not yet imposed the mandate on home health agencies, home health agencies should follow CMS’s lead and take a preemptive approach by immediately implementing a compliance and ethics program. Through implementation of an effective program now, or re-invigoration of an existing one, home health agencies will be better equipped to navigate through the complex health care regulatory environment.