Health Care Reform Increases Compliance and Enforcement Concerns

October 24, 2012Articles

Skilled Nursing Facilities Compliance and Ethics Programs

The Patient Protection and Affordable Care Act contains multiple sections regarding compliance and ethics programs, including Section 6102. That section applies only to skilled nursing facilities that receive Medicare or Medicaid reimbursement.1 Section 6102 requires skilled nursing facilities to “have in operation a compliance and ethics program that is effective in preventing and detecting criminal, civil, and administrative violations . . . and in promoting quality of care consistent with regulations.”2

According to that section, skilled nursing facilities are to have such programs in place by March 23, 2013. The Secretary of Health and Human Services (HHS), in conjunction with the Inspector General of the Department of Health and Human Services, was to promulgate regulations regarding the programs by March 23, 2012, which could possibly have included a model compliance plan.

Recent communication with HHS, however, confirmed that the regulations have not yet been promulgated. Notwithstanding, facilities will likely be held to the requirement in the Act that they have proper programs in place by March 23, 2013. Although skilled nursing facilities are currently without regulations shaping their required compliance and ethics programs and without a model compliance plan, Section 6102 itself requires that plans include certain components:

  • established standards and procedures to be followed by employees that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations; 
  • specific individuals within high-level personnel must be assigned overall responsibility to oversee compliance with standards and procedures and have sufficient resources and authority to assure compliance; 
  • the organization must use due care not to delegate substantial discretionary authority to individuals whom the organization knew had a propensity to engage in violations; 
  • the organization must take steps to communicate effectively its standards and procedures to all employees and other agents, such as by requiring training or by disseminating publications that explain in a practical manner what is required; 
  • the organization must take reasonable steps to achieve compliance with its standards, such as by utilizing monitoring and auditing systems reasonably designed to detect violations by employees and other agents and by having in place and publicizing a reporting system for employees and other agents to report violations by others within the organization without fear of retribution; 
  • the standards must be consistently enforced through appropriate disciplinary mechanisms, including discipline of individuals responsible for the failure to detect an offense; 
  • after an offense has been detected, the organization must take all reasonable steps to respond appropriately to the offense and to prevent further similar offenses, including any necessary modification to its program; and 
  • the organization must periodically undertake reassessment of its program to identify changes necessary to reflect changes within the organization and its facilities.

Clearly, the goal of these components is to reduce legal and regulatory violations. Many of the required components are phrased broadly, and the pending regulations will likely fill in the gaps and provide further, detailed guidance regarding facilities’ programs. Be on the lookout for HHS’s regulations in this area. Facilities should ensure that they have an adequate program in place by the March 23, 2013 deadline.

Holder and Sebelius Issue Stern Warning to Nation’s Providers

The Department of Justice (DOJ) and HHS sternly warned health care providers that they utterly “will not tolerate health care fraud” in a September 24, 2012 letter. United States Attorney General Eric Holder and Secretary of HHS Kathleen Sebelius wrote to several national hospital associations as well as the Association of Academic Health Centers and the Association of American Medical Colleges, taking a hard line on fraud and abuse in billing the government for health care services.

The letter stated that, in addition to the DOJ and HHS, the FBI and other law enforcement agencies are monitoring trends in abuse of electronic health records (EHR) and “upcoding” evaluation and management services. Holder and Sebelius cautioned that “false documentation of care is not just bad patient care; it’s illegal.” Specific concerns included “cloning” medical records, a practice where providers cut information from a patient’s records and paste it into another record of the same patient or the records of another patient, and exaggerating the intensity of care or severity of a patient’s condition to improperly increase reimbursement. Both are illegal, and the authorities have vowed to aggressively pursue fraud and abuse when it occurs. Evidence bears this out, as prosecutions in 2011 were 75% higher than in 2008.

The letter’s tone is emblematic of the current climate in which health care providers operate. A significant enforcement method that the government employs to crack down on fraud and abuse is Recovery Audit Contractors (RACs). RACs are private entities that contract with the government to identify overpayments and underpayments to providers and to recoup or repay them. RACs operate on a contingency fee arrangement with the government, so they are incentivized to find as much overpayment as possible. The Tax Relief and Health Care Act of 2006 implemented the permanent operation of RACs in the Medicare Program, and the Affordable Care Act of 2010 implemented RACs in the Medicaid Program, with an implementation deadline for Medicaid RACs of January 1, 2012. Providers must be vigil and proactive about these and other regulatory compliance and enforcement efforts, especially considering the announced stringent attitude of Holder, Sebelius, and the various regulatory bodies. The time to adopt compliance programs, conduct internal audits, and train employees and administrative personnel is before the regulators take enforcement action. Providers are better served avoiding targeted enforcement actions in the first instance rather than limiting the damage after the fact.


(1) This section is codified at 42 U.S.C. 1320a-7j. 
(2) 42 U.S.C. 1320a-7j(b)(1)