98-4399. Publication of the OIG Compliance Program Guidance for Hospitals  

  • [Federal Register Volume 63, Number 35 (Monday, February 23, 1998)]
    [Notices]
    [Pages 8987-8998]
    From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
    [FR Doc No: 98-4399]
    
    
    -----------------------------------------------------------------------
    
    DEPARTMENT OF HEALTH AND HUMAN SERVICES
    
    Office of Inspector General
    
    
    Publication of the OIG Compliance Program Guidance for Hospitals
    
    agency: Office of Inspector General (OIG), HHS.
    
    action: Notice.
    
    -----------------------------------------------------------------------
    
    summary: This Federal Register notice sets forth the recently issued 
    compliance program guidance for hospitals developed by the Office of 
    Inspector General (OIG) in cooperation with, and with input from, 
    several provider groups and industry representatives. Many providers 
    and provider organizations have expressed an interest in better 
    protecting their operations from fraud and abuse through the adoption 
    of voluntary compliance programs. The first compliance guidance, 
    addressing clinical laboratories, was prepared by the OIG and published 
    in the Federal Register on March 3, 1997. We believe the development of 
    this second program guidance, for hospitals, will continue as a 
    positive step towards promoting a higher level of ethical and lawful 
    conduct throughout the health care industry.
    
    for further information contact: Stephen Davis, Office of Counsel to 
    the Inspector General, (202) 619-0070.
    
    supplementary information: The creation of compliance program guidances 
    has become a major initiative of the OIG in its efforts to engage the 
    private health care community in combating fraud and abuse. In 
    developing these compliance guidances, the OIG has agreed to work 
    closely with the Health Care Financing Administration, the Department 
    of Justice and various sectors of the health care industry. The first 
    of these compliance guidances focused on clinical laboratories, and was 
    intended to provide clear guidance to those segments of the health care 
    industry that were interested in reducing fraud and abuse within their 
    organizations. The compliance guidance was reprinted in an OIG Federal 
    Register notice published on March 3, 1997 (62 FR 9435). This second 
    compliance program guidance developed by the OIG continues to build 
    upon the basic elements contained in our initial compliance guidance, 
    and encompasses principles that are applicable to hospitals as well as 
    a wider variety of organizations that provide health care services to 
    beneficiaries of Medicare, Medicaid and all other Federal health care 
    programs.
        Like the previously-issued compliance program guidance for clinical 
    laboratories and future compliance program guidances, adoption of the 
    hospital compliance program guidance set forth below will be voluntary. 
    Future compliance program guidances to be developed will be similarly 
    structured and based on substantive policy recommendations, the 
    elements of the Federal Sentencing Guidelines, and applicable statutes, 
    regulations and Federal health care program requirements.
        A reprint of the OIG compliance program guidance follows.
    
    Compliance Program Guidance for Hospitals
    
    I. Introduction
    
        The Office of Inspector General (OIG) of the Department of Health 
    and Human Services (HHS) continues in its efforts to promote 
    voluntarily developed and implemented compliance programs for the 
    health care industry. The following compliance program guidance is 
    intended to assist hospitals and their agents and subproviders 
    (referred to collectively in this document as ``hospitals'') develop 
    effective internal controls that promote adherence to applicable 
    Federal and State law, and the program requirements of Federal, State 
    and private health plans. The adoption and implementation of voluntary 
    compliance programs significantly advance the prevention of fraud, 
    abuse and waste in these health care plans while at the same time 
    furthering the fundamental mission of
    
    [[Page 8988]]
    
    all hospitals, which is to provide quality care to patients.
        Within this document, the OIG intends to provide first, its general 
    views on the value and fundamental principles of hospital compliance 
    programs, and, second, specific elements that each hospital should 
    consider when developing and implementing an effective compliance 
    program. While this document presents basic procedural and structural 
    guidance for designing a compliance program, it is not in itself a 
    compliance program. Rather, it is a set of guidelines for a hospital 
    interested in implementing a compliance program to consider. The 
    recommendations and guidelines provided in this document must be 
    considered depending upon their applicability to each particular 
    hospital.
        Fundamentally, compliance efforts are designed to establish a 
    culture within a hospital that promotes prevention, detection and 
    resolution of instances of conduct that do not conform to Federal and 
    State law, and Federal, State and private payor health care program 
    requirements, as well as the hospital's ethical and business policies. 
    In practice, the compliance program should effectively articulate and 
    demonstrate the organization's commitment to the compliance process. 
    The existence of benchmarks that demonstrate implementation and 
    achievements are essential to any effective compliance program. 
    Eventually, a compliance program should become part of the fabric of 
    routine hospital operations.
        Specifically, compliance programs guide a hospital's governing body 
    (e.g., Boards of Directors or Trustees), Chief Executive Officer (CEO), 
    managers, other employees and physicians and other health care 
    professionals in the efficient management and operation of a hospital. 
    They are especially critical as an internal control in the 
    reimbursement and payment areas, where claims and billing operations 
    are often the source of fraud and abuse and, therefore, historically 
    have been the focus of government regulation, scrutiny and sanctions.
        It is incumbent upon a hospital's corporate officers and managers 
    to provide ethical leadership to the organization and to assure that 
    adequate systems are in place to facilitate ethical and legal conduct. 
    Indeed, many hospitals and hospital organizations have adopted mission 
    statements articulating their commitment to high ethical standards. A 
    formal compliance program, as an additional element in this process, 
    offers a hospital a further concrete method that may improve quality of 
    care and reduce waste. Compliance programs also provide a central 
    coordinating mechanism for furnishing and disseminating information and 
    guidance on applicable Federal and State statutes, regulations and 
    other requirements.
        Adopting and implementing an effective compliance program requires 
    a substantial commitment of time, energy and resources by senior 
    management and the hospital's governing body.\1\ Programs hastily 
    constructed and implemented without appropriate ongoing monitoring will 
    likely be ineffective and could result in greater harm or liability to 
    the hospital than no program at all. While it may require significant 
    additional resources or reallocation of existing resources to implement 
    an effective compliance program, the OIG believes that the long term 
    benefits of implementing the program outweigh the costs.
    ---------------------------------------------------------------------------
    
        \1\ Indeed, recent case law suggests that the failure of a 
    corporate Director to attempt in good faith to institute a 
    compliance program in certain situations may be a breach of a 
    Director's fiduciary obligations. See, e.g., In re Caremark 
    International Inc. Derivative Litigation, 698 A.2d 959 (Ct. Chanc. 
    Del. 1996).
    ---------------------------------------------------------------------------
    
    A. Benefits of a Compliance Program
        In addition to fulfilling its legal duty to ensure that it is not 
    submitting false or inaccurate claims to government and private payors, 
    a hospital may gain numerous additional benefits by implementing an 
    effective compliance program. Such programs make good business sense in 
    that they help a hospital fulfill its fundamental care-giving mission 
    to patients and the community, and assist hospitals in identifying 
    weaknesses in internal systems and management.
        Other important potential benefits include the ability to:
         Concretely demonstrate to employees and the community at 
    large the hospital's strong commitment to honest and responsible 
    provider and corporate conduct;
         Provide a more accurate view of employee and contractor 
    behavior relating to fraud and abuse;
         Identify and prevent criminal and unethical conduct;
         Tailor a compliance program to a hospital's specific 
    needs;
         Improve the quality of patient care;
         Create a centralized source for distributing information 
    on health care statutes, regulations and other program directives 
    related to fraud and abuse and related issues;
         Develop a methodology that encourages employees to report 
    potential problems;
         Develop procedures that allow the prompt, thorough 
    investigation of alleged misconduct by corporate officers, managers, 
    employees, independent contractors, physicians, other health care 
    professionals and consultants;
         Initiate immediate and appropriate corrective action; and
         Through early detection and reporting, minimize the loss 
    to the Government from false claims, and thereby reduce the hospital's 
    exposure to civil damages and penalties, criminal sanctions, and 
    administrative remedies, such as program exclusion.\2\
    ---------------------------------------------------------------------------
    
        \2\ The OIG, for example, will consider the existence of an 
    effective compliance program that pre-dated any Governmental 
    investigation when addressing the appropriateness of administrative 
    penalties. Further, the False Claims Act, 31 U.S.C. 3729-3733, 
    provides that a person who has violated the Act, but who voluntarily 
    discloses the violation to the Government, in certain circumstances 
    will be subject to not less than double, as opposed to treble, 
    damages. See 31 U.S.C. 3729(a).
    ---------------------------------------------------------------------------
    
        Overall, the OIG believes that an effective compliance program is a 
    sound investment on the part of a hospital.
        The OIG recognizes that the implementation of a compliance program 
    may not entirely eliminate fraud, abuse and waste from the hospital 
    system. However, a sincere effort by hospitals to comply with 
    applicable Federal and State standards, as well as the requirements of 
    private health care programs, through the establishment of an effective 
    compliance program, significantly reduces the risk of unlawful or 
    improper conduct.
    B. Application of Compliance Program Guidance
        There is no single ``best'' hospital compliance program, given the 
    diversity within the industry. The OIG understands the variances and 
    complexities within the hospital industry and is sensitive to the 
    differences among large urban medical centers, community hospitals, 
    small, rural hospitals, specialty hospitals, and other types of 
    hospital organizations and systems. However, elements of this guidance 
    can be used by all hospitals, regardless of size, location or corporate 
    structure, to establish an effective compliance program. We recognize 
    that some hospitals may not be able to adopt certain elements to the 
    same comprehensive degree that others with more extensive resources may 
    achieve. This guidance represents the OIG's suggestions on how a 
    hospital can best establish internal controls and monitoring to correct 
    and prevent fraudulent activities. By no means should the contents of 
    this guidance be viewed as an exclusive discussion of the
    
    [[Page 8989]]
    
    advisable elements of a compliance program.
        The OIG believes that input and support by representatives of the 
    major hospital trade associations is critical to the development and 
    success of this compliance program guidance. Therefore, in drafting 
    this guidance, the OIG received and considered input from various 
    hospital and medical associations, as well as professional practice 
    organizations. Further, we took into consideration previous OIG 
    publications, such as Special Fraud Alerts and Management Advisory 
    Reports, the recent findings and recommendations in reports issued by 
    OIG's Office of Audit Services and Office of Evaluation and 
    Inspections, as well as the experience of past and recent fraud 
    investigations related to hospitals conducted by OIG's Office of 
    Investigations and the Department of Justice.
        As appropriate, this guidance may be modified and expanded as more 
    information and knowledge is obtained by the OIG, and as changes in the 
    law, and in the rules, policies and procedures of the Federal, State 
    and private health plans occur. The OIG understands that hospitals will 
    need adequate time to react to these modifications and expansions to 
    make any necessary changes to their voluntary compliance programs. We 
    recognize that hospitals are already accountable for complying with an 
    extensive set of statutory and other legal requirements, far more 
    specific and complex than what we have referenced in this document. We 
    also recognize that the development and implementation of compliance 
    programs in hospitals often raise sensitive and complex legal and 
    managerial issues.\3\ However, the OIG wishes to offer what it believes 
    is critical guidance for providers who are sincerely attempting to 
    comply with the relevant health care statutes and regulations.
    ---------------------------------------------------------------------------
    
        \3\ Nothing stated herein should be substituted for, or used in 
    lieu of, competent legal advice from counsel.
    ---------------------------------------------------------------------------
    
    II. Compliance Program Elements
    
        The elements proposed by these guidelines are similar to those of 
    the clinical laboratory model compliance program published by the OIG 
    in February 1997 \4\ and our corporate integrity agreements.\5\ The 
    elements represent a guide--a process that can be used by hospitals, 
    large or small, urban or rural, for-profit or not for-profit. Moreover, 
    the elements can be incorporated into the managerial structure of 
    multi-hospital and integrated delivery systems. As we stated in our 
    clinical laboratory plan, these suggested guidelines can be tailored to 
    fit the needs and financial realities of a particular hospital. The OIG 
    is cognizant that with regard to compliance programs, one model is not 
    suitable to every hospital. Nonetheless, the OIG believes that every 
    hospital, regardless of size or structure, can benefit from the 
    principles espoused in this guidance.
    ---------------------------------------------------------------------------
    
        \4\ See 62 FR 9435, March 3, 1997.
        \5\ Corporate integrity agreements are executed as part of a 
    civil settlement between the health care provider and the Government 
    to resolve a case arising under the False Claims Act (FCA), 
    including the qui tam provisions of the FCA, based on allegations of 
    health care fraud or abuse. These OIG-imposed programs are in effect 
    for a period of three to five years and require many of the elements 
    included in this compliance guidance.
    ---------------------------------------------------------------------------
    
        The OIG believes that every effective compliance program must begin 
    with a formal commitment by the hospital's governing body to include 
    all of the applicable elements listed below. These elements are based 
    on the seven steps of the Federal Sentencing Guidelines.\6\ Further, we 
    believe that every hospital can implement most of our recommended 
    elements that expand upon the seven steps of the Federal Sentencing 
    Guidelines.\7\ We recognize that full implementation of all elements 
    may not be immediately feasible for all hospitals. However, as a first 
    step, a good faith and meaningful commitment on the part of the 
    hospital administration, especially the governing body and the CEO, 
    will substantially contribute to a program's successful implementation.
    ---------------------------------------------------------------------------
    
        \6\ See United States Sentencing Commission Guidelines, 
    Guidelines Manual, 8A1.2, comment. (n.3(k)).
        \7\ Current HCFA reimbursement principles provide that certain 
    of the costs associated with the creation of a voluntarily 
    established compliance program may be allowable costs on certain 
    types of hospitals' cost reports. These allowable costs, of course, 
    must at a minimum be reasonable and related to patient care. See 
    generally 42 U.S.C. 1395x(v)(1)(A) (definition of reasonable cost); 
    42 CFR 413.9(a) and (b)(2) (costs related to patient care). In 
    contrast, however, costs specifically associated with the 
    implementation of a corporate integrity agreement in response to a 
    Government investigation resulting in a civil or criminal judgment 
    or settlement are unallowable, and are also made specifically and 
    expressly unallowable in corporate integrity agreements and civil 
    fraud settlements.
    ---------------------------------------------------------------------------
    
        At a minimum, comprehensive compliance programs should include the 
    following seven elements:
        (1) The development and distribution of written standards of 
    conduct, as well as written policies and procedures that promote the 
    hospital's commitment to compliance (e.g., by including adherence to 
    compliance as an element in evaluating managers and employees) and that 
    address specific areas of potential fraud, such as claims development 
    and submission processes, code gaming, and financial relationships with 
    physicians and other health care professionals;
        (2) The designation of a chief compliance officer and other 
    appropriate bodies, e.g., a corporate compliance committee, charged 
    with the responsibility of operating and monitoring the compliance 
    program, and who report directly to the CEO and the governing body;
        (3) The development and implementation of regular, effective 
    education and training programs for all affected employees;
        (4) The maintenance of a process, such as a hotline, to receive 
    complaints, and the adoption of procedures to protect the anonymity of 
    complainants and to protect whistleblowers from retaliation;
        (5) The development of a system to respond to allegations of 
    improper/illegal activities and the enforcement of appropriate 
    disciplinary action against employees who have violated internal 
    compliance policies, applicable statutes, regulations or Federal health 
    care program requirements;
        (6) The use of audits and/or other evaluation techniques to monitor 
    compliance and assist in the reduction of identified problem area; and
        (7) The investigation and remediation of identified systemic 
    problems and the development of policies addressing the non-employment 
    or retention of sanctioned individuals.
    A. Written Polices and Procedures
        Every compliance program should require the development and 
    distribution of written compliance policies that identify specific 
    areas of risk to the hospital. These policies should be developed under 
    the direction and supervision of the chief compliance officer and 
    compliance committee, and, at a minimum, should be provided to all 
    individuals who are affected by the particular policy at issue, 
    including the hospital's agents and independent contractors.
        1. Standards of Conduct. Hospitals should develop standards of 
    conduct for all affected employees that include a clearly delineated 
    commitment to compliance by the hospital's senior management \8\ and 
    its divisions,
    
    [[Page 8990]]
    
    including affiliated providers operating under the hospital's 
    control,\9\ hospital-based physicians and other health care 
    professionals (e.g., utilization review managers, nurse anesthetists, 
    physician assistants and physical therapists). Standards should 
    articulate the hospital's commitment to comply with all Federal and 
    State standards, with an emphasis on preventing fraud and abuse. They 
    should state the organization's mission, goals, and ethical 
    requirements of compliance and reflect a carefully crafted, clear 
    expression of expectations for all hospital governing body members, 
    officers, managers, employees, physicians, and, where appropriate, 
    contractors and other agents. Standards should be distributed to, and 
    comprehensible by, all employees (e.g., translated into other languages 
    and written at appropriate reading levels, where appropriate). Further, 
    to assist in ensuring that employees continuously meet the expected 
    high standards set forth in the code of conduct, any employee handbook 
    delineating or expanding upon these standards of conduct should be 
    regularly updated as applicable statutes, regulations and Federal 
    health care program requirements are modified.\10\
    ---------------------------------------------------------------------------
    
        \8\ The OIG strongly encourages high-level involvement by the 
    hospital's governing body, chief executive officer, chief operating 
    officer, general counsel, and chief financial officer, as well as 
    other medical personnel, as appropriate, in the development of 
    standards of conduct. Such involvement should help communicate a 
    strong and explicit statement of compliance goals and standards.
        \9\ E.g., skilled nursing facilities, home health agencies, 
    psychiatric units, rehabilitation units, outpatient clinics, 
    clinical laboratories, dialysis facilities.
        \10\ The OIG recognizes that not all standards, policies and 
    procedures need to be communicated to all employees. However, the 
    OIG believes that the bulk of the standards that relate to complying 
    with fraud and abuse laws and other ethical areas should be 
    addressed and made part of all affected employees' training. The 
    hospital must appropriately decide which additional educational 
    programs should be limited to the different levels of employees, 
    based on job functions and areas of responsibility.
    ---------------------------------------------------------------------------
    
        2. Risk Areas. The OIG believes that a hospital's written policies 
    and procedures should take into consideration the regulatory exposure 
    for each function or department of the hospital. Consequently, we 
    recommend that the individual policies and procedures be coordinated 
    with the appropriate training and educational programs with an emphasis 
    on areas of special concern that have been identified by the OIG 
    through its investigative and audit functions.\11\ Some of the special 
    areas of OIG concern include.\12\
    ---------------------------------------------------------------------------
    
        \11\ The OIG periodically issues Special Fraud Alters setting 
    forth activities believed to raise legal and enforcement issues. 
    Hospital compliance programs should require that the legal staff, 
    chief compliance officer, or other appropriate personnel, carefully 
    consider any and all Special Fraud Alerts issued by the OIG that 
    relate to hospitals. Moreover, the compliance programs should 
    address the ramifications of failing to cease and correct any 
    conduct criticized in such a Special Fraud Alert, if applicable to 
    hospitals, or to take reasonable action to prevent such conduct from 
    reoccurring in the future. If appropriate, a hospital should take 
    the steps described in Section G regarding investigations, reporting 
    and correction of identified problems.
        \12\ The OIG's work plan is currently available on the Internet 
    at http://www.dhhs.gov/progorg/oig.
    ---------------------------------------------------------------------------
    
          Billing for items or services not actually rendered; \13\
    ---------------------------------------------------------------------------
    
        \13\ Billing for services not actually rendered involves 
    submitting a claim that represents that the provider performed a 
    service all or part of which was simply not performed. This form of 
    billing fraud occurs in many health care entities, including 
    hospitals and nursing homes, and represents a significant part of 
    the OIG's investigative caseload.
    ---------------------------------------------------------------------------
    
         Providing medically unnecessary services;\14\
    ---------------------------------------------------------------------------
    
        \14\ A claim requesting payment for medically unnecessary 
    services intentionally seeks reimbursement for a service that is not 
    warranted by the patient's current and documented medical condition. 
    See 42 U.S.C. 1395y(a)(1)(A) (``no payment may be made under part A 
    or part B for any expenses incurred for items or services which . . 
    . are not reasonable and necessary for the diagnosis or treatment of 
    illness or injury or to improve the functioning of the malformed 
    body member''). On every HCFA claim form, a physician must certify 
    that the services were medically necessary for the health of the 
    beneficiary.
    ---------------------------------------------------------------------------
    
         Upcoding;\15\
    ---------------------------------------------------------------------------
    
        \15\ ``Upcoding'' reflects the practice of using a billing code 
    that provides a higher payment rate than the billing code that 
    actually reflects the service furnished to the patient. Upcoding has 
    been a major focus of the OIG's enforcement efforts. In fact, the 
    Health Insurance Portability and Accountability Act of 1996 added 
    another civil monetary penalty to the OIG's sanction authorities for 
    upcoding violations. See 42 U.S.C. 1320a-7a(a)(1)(A).
    ---------------------------------------------------------------------------
    
         ``DRG creep;''\16\
    ---------------------------------------------------------------------------
    
        \16\ Like upcoding, ``DRG creep'' is the practice of billing 
    using a Diagnosis Related Group (DRG) code that provides a higher 
    payment rate than the DRG code that accurately reflects the service 
    furnished to the patient.
    ---------------------------------------------------------------------------
    
         Outpatient services rendered in connection with inpatient 
    stays;\17\
    ---------------------------------------------------------------------------
    
        \17\ Hospitals that submit claims for non-physician outpatient 
    services that were already included in the hospital's inpatient 
    payment under the Prospective Payment System (PPS) are in effect 
    submitting duplicate claims.
    ---------------------------------------------------------------------------
    
         Teaching physician and resident requirements for teaching 
    hospitals;
         Duplicate billing;\18\
    ---------------------------------------------------------------------------
    
        \18\ Duplicate billing occurs when the hospital submits more 
    than one claim for the same service or the bill is submitted to more 
    than one primary payor at the same time. Although duplicate billing 
    can occur due to simple error, systematic or repeated double billing 
    may be viewed as a false claim, particularly if any overpayment is 
    not promptly refunded.
    ---------------------------------------------------------------------------
    
         False cost reports;\19\
    ---------------------------------------------------------------------------
    
        \19\ As another example of health care fraud, the submission of 
    false costs reports is usually limited to certain Part A providers, 
    such as hospitals, skilled nursing facilities and home health 
    agencies, which are reimbursed in part on the basis of their self-
    reported operating costs. An OIG audit report on the misuse of 
    fringe benefits and general and administrative costs identified 
    millions of dollars in unallowable costs that resulted from 
    providers' lack of internal controls over costs included in their 
    Medicare cost reports. In addition, the OIG is aware of practices in 
    which hospitals inappropriately shift certain costs to cost centers 
    that are below their reimbursement cap and shift non-Medicare 
    related costs to Medicare cost centers.
    ---------------------------------------------------------------------------
    
         Unbundling;\20\
    ---------------------------------------------------------------------------
    
        \20\ ``Unbundling'' is the practice of submitting bills 
    piecemeal or in fragmented fashion to maximize the reimbursement for 
    various tests or procedures that are required to be billed together 
    and therefore at a reduced cost.
    ---------------------------------------------------------------------------
    
         Billing for discharge in lieu of transfer;\21\
    ---------------------------------------------------------------------------
    
        \21\ Under the Medicare regulations, when a prospective payment 
    system (PPS) hospital transfers a patient to another PPS hospital, 
    only the hospital to which the patient was transferred may charge 
    the full DRG; the transferring hospital should charge Medicare only 
    a per diem amount.
    ---------------------------------------------------------------------------
    
         Patients' freedom of choice;\22\
    ---------------------------------------------------------------------------
    
        \22\ This area of concern is particularly important for hospital 
    discharge planners referring patients to home health agencies, DME 
    suppliers or long term care and rehabilitation providers.
    ---------------------------------------------------------------------------
    
         Credit balances--failure to refund;
         Hospital incentives that violate the anti-kickback statute 
    or other similar Federal or State statute or regulation;\23\
    ---------------------------------------------------------------------------
    
        \23\ Excessive payment for medical directorships, free or below 
    market rents or fees for administrative services, interest-free 
    loans and excessive payment for intangible assets in physician 
    practice acquisitions are examples of arrangements that may run 
    afoul of the anti-kickback statute. See 42 U.S.C. 1320a-7b(b) and 59 
    FR 65372 (12/19/94).
    ---------------------------------------------------------------------------
    
         Joint ventures;\24\
    ---------------------------------------------------------------------------
    
        \24\ Equally troubling to the OIG is the proliferation of 
    business arrangements that may violate the anti-kickback statute. 
    Such arrangements are generally established between those in a 
    position to refer business, such as physicians, and those providing 
    items or services for which a Federal health care program pays. 
    Sometimes established as ``joint ventures,'' these arrangements may 
    take a variety of forms. The OIG currently has a number of 
    investigations and audits underway that focus on such areas of 
    concern.
    ---------------------------------------------------------------------------
    
         Financial arrangements between hospitals and hospital-
    based physicians;\25\
    ---------------------------------------------------------------------------
    
        \25\ Another OIG concern with respect to the anti-kickback 
    statute is hospital financial arrangements with hospital-based 
    physicians that compensate physicians for less than the fair market 
    value of services they provide to hospitals or require physicians to 
    pay more than market value for services provided by the hospital. 
    See OIG Management Advisory Report: ``Financial Arrangements Between 
    Hospitals and Hospital-Based Physicians.'' OEI-09-89-0030, October 
    1991. Examples of such arrangements that may violate the anti-
    kickback statute are token or no payment for Part A supervision and 
    management services; requirements to donate equipment to hospitals; 
    and excessive charges for billing services.
    ---------------------------------------------------------------------------
    
         Stark physician self-referral law;
         Knowing failure to provide covered services or necessary 
    care to members of a health maintenance organization; and
         Patient dumping.\26\
    ---------------------------------------------------------------------------
    
        \26\ The patient anti-dumping statute, 42 U.S.C. 1395dd, 
    requires that all Medicare participating hospitals with an emergency 
    department: (1) Provide for an appropriate medical screening 
    examination to determine whether or not an individual requesting 
    such examination has an emergency medical condition; and (2) if the 
    person has such a condition, (a) stabilize that condition; or (b) 
    appropriately transfer the patient to another hospital.
    
    ---------------------------------------------------------------------------
    
    [[Page 8991]]
    
        Additional risk areas should be assessed as well by hospitals and 
    incorporated into the written policies and procedures and training 
    elements developed as part of their compliance programs.
        3. Claim Development and Submission Process. A number of the risk 
    areas identified above, pertaining to the claim development and 
    submission process, have been the subject of administrative 
    proceedings, as well as investigations and prosecutions under the civil 
    False Claims Act and criminal statutes. Settlement of these cases often 
    has required the defendants to execute corporate integrity agreements, 
    in addition to paying significant civil damages and/or criminal fines 
    and penalties. These corporate integrity agreements have provided the 
    OIG with a mechanism to advise hospitals concerning what it feels are 
    acceptable practices to ensure compliance with applicable Federal and 
    State statutes, regulations, and program requirements. The following 
    recommendations include a number of provisions from various corporate 
    integrity agreements. While these recommendations include examples of 
    effective policies, each hospital should develop its own specific 
    policies tailored to fit its individual needs.
        With respect to reimbursement claims, a hospital's written policies 
    and procedures should reflect and reinforce current Federal and State 
    statutes and regulations regarding the submission of claims and 
    Medicare cost reports. The policies must create a mechanism for the 
    billing or reimbursement staff to communicate effectively and 
    accurately with the clinical staff. Policies and procedures should:
         Provide for proper and timely documentation of all 
    physician and other professional services prior to billing to ensure 
    that only accurate and properly documented services are billed;
         Emphasize that claims should be submitted only when 
    appropriate documentation supports the claims and only when such 
    documentation is maintained and available for audit and review. The 
    documentation, which may include patient records, should record the 
    length of time spent in conducting the activity leading to the record 
    entry, and the identity of the individual providing the service. The 
    hospital should consult with its medical staff to establish other 
    appropriate documentation guidelines;
         State that, consistent with appropriate guidance from 
    medical staff, physician and hospital records and medical notes used as 
    a basis for a claim submission should be appropriately organized in a 
    legible form so they can be audited and reviewed;
         Indicate that the diagnosis and procedures reported on the 
    reimbursement claim should be based on the medical record and other 
    documentation, and that the documentation necessary for accurate code 
    assignment should be available to coding staff; and
         Provide that the compensation for billing department 
    coders and billing consultants should not provide any financial 
    incentive to improperly upcode claims.
        The written policies and procedures concerning proper coding should 
    reflect the current reimbursement principles set forth in applicable 
    regulations \27\ and should be developed in tandem with private payor 
    and organizational standards. Particular attention should be paid to 
    issues of medical necessity, appropriate diagnosis codes, DRG coding, 
    individual Medicare Part B claims (including evaluation and management 
    coding) and the use of patient discharge codes.\28\
    ---------------------------------------------------------------------------
    
        \27\ The official coding guidelines are promulgated by HCFA, the 
    National Center for Health Statistics, the American Medical 
    Association and the American Health Information Management 
    Association. See International Classification of Diseases, 9th 
    Revision, Clinical Modification (ICD9-CM); 1998 Health Care 
    Financing Administration Common Procedure Coding System (HCPCS); and 
    Physicians' Current Procedural Terminology (CPT).
        \28\ The failure of hospital staff to: (i) document items and 
    services rendered; and (ii) properly submit them for reimbursement 
    is a major area of potential fraud and abuse in Federal health care 
    programs. The OIG has undertaken numerous audits, investigations, 
    inspections and national enforcement initiatives aimed at reducing 
    potential and actual fraud, abuse and waste. Recent OIG audit 
    reports, which have focused on issues such as hospital patient 
    transfers incorrectly paid as discharges, and hospitals' general and 
    administrative costs, continue to reveal abusive, wasteful or 
    fraudulent behavior by some hospitals. Our inspection report 
    entitled ``Financial Arrangements between Hospitals and Hospital-
    Based Physicians,'' see fn. 25, supra, and our Special Fraud Alerts 
    on Hospital Incentives to Physicians and Joint Venture Arrangements, 
    further illustrate how certain business practices may result in 
    fraudulent and abusive behavior.
    ---------------------------------------------------------------------------
    
        a. Outpatient services rendered in connection with an inpatient 
    stay. Hospitals should implement measures designed to demonstrate their 
    good faith efforts to comply with the Medicare billing rules for 
    outpatient services rendered in connection with an inpatient stay. 
    Although not a guard against intentional wrongdoing, the adoption of 
    the following measures are advisable:
         Installing and maintaining computer software that will 
    identify those outpatient services that may not be billed separately 
    from an inpatient stay; or
         Implementing a periodic manual review to determine the 
    appropriateness of billing each outpatient service claim, to be 
    conducted by one or more appropriately trained individuals familiar 
    with applicable billing rules; or
         With regard to each inpatient stay, scrutinizing the 
    propriety of any potential bills for outpatient services rendered to 
    that patient at the hospital, within the applicable time period.
        In addition to the pre-submission undertakings described above, the 
    hospital may implement a post-submission testing process, as follows:
         Implement and maintain a periodic post-submission random 
    testing process that examines or re-examines previously submitted 
    claims for accuracy;
         Inform the fiscal intermediary and any other appropriate 
    government fiscal agents of the hospital's testing process; and
         Advise the fiscal intermediary and any other appropriate 
    government fiscal agents in accordance with current regulations or 
    program instructions with respect to return of overpayments of any 
    incorrectly submitted or paid claims and, if the claim has already been 
    paid, promptly reimburse the fiscal intermediary and the beneficiary 
    for the amount of the claim paid by the government payor and any 
    applicable deductibles or copayments, as appropriate.
        b. Submission of claims for laboratory services. A hospital's 
    policies should take reasonable steps to ensure that all claims for 
    clinical and diagnostic laboratory testing services are accurate and 
    correctly identify the services ordered by the physician (or other 
    authorized requestor) and performed by the laboratory. The hospital's 
    written policies and procedures should require, at a minimum,\29\ that:
    ---------------------------------------------------------------------------
    
        \29\ The OIG's February 1997 Model Compliance Plan for Clinical 
    Laboratories provides more specific and detailed information than is 
    contained in this section, and hospitals that have clinical 
    laboratories should extract the relevant guidance from both 
    documents.
    ---------------------------------------------------------------------------
    
         The hospital bills for laboratory services only after they 
    are performed;
         The hospital bills only for medically necessary services;
         The hospital bills only for those tests actually ordered 
    by a physician and provided by the hospital laboratory;
         The CPT or HCPCS code used by the billing staff accurately 
    describes the service that was ordered by the
    
    [[Page 8992]]
    
    physician and performed by the hospital laboratory;
         The coding staff: (1) Only submit diagnostic information 
    obtained from qualified personnel; and (2) contact the appropriate 
    personnel to obtain diagnostic information in the event that the 
    individual who ordered the test has failed to provide such information; 
    and
         Where diagnostic information is obtained from a physician 
    or the physician's staff after receipt of the specimen and request for 
    services, the receipt of such information is documented and maintained.
        c. Physicians at teaching hospitals. Hospitals should ensure the 
    following with respect to all claims submitted on behalf of teaching 
    physicians:
         Only services actually provided may be billed;
         Every physician who provides or supervises the provision 
    of services to a patient should be responsible for the correct 
    documentation of the services that were rendered;
         The appropriate documentation must be placed in the 
    patient record and signed by the physician who provided or supervised 
    the provision of services to the patient;
         Every physician is responsible for assuring that in cases 
    where that physician provides evaluation and management (E&M) services, 
    a patient's medical record includes appropriate documentation of the 
    applicable key components of the E&M service provided or supervised by 
    the physician (e.g., patient history, physician examination, and 
    medical decision making), as well as documentation to adequately 
    reflect the procedure or portion of the service performed by the 
    physician; and
         Every physician should document his or her presence during 
    the key portion of any service or procedure for which payment is 
    sought.
        d. Cost reports. With regard to cost report issues, the written 
    policies should include procedures that seek to ensure full compliance 
    with applicable statutes, regulations and program requirements and 
    private payor plans. Among other things, the hospital's procedures 
    should ensure that:
         Costs are not claimed unless based on appropriate and 
    accurate documentation;
         Allocations of costs to various cost centers are 
    accurately made and supportable by verifiable and auditable data;
         Unallowable costs are not claimed for reimbursement;
         Accounts containing both allowable and unallowable costs 
    are analyzed to determine the unallowable amount that should not be 
    claimed for reimbursement;
         Costs are properly classified;
         Fiscal intermediary prior year audit adjustments are 
    implemented and are either not claimed for reimbursement or claimed for 
    reimbursement and clearly identified as protested amounts on the cost 
    report;
         All related parties are identified on Form 339 submitted 
    with the cost report and all related party charges are reduced to cost;
         Requests for exceptions to TEFRA (Tax Equity and Fiscal 
    Responsibility Act of 1982) limits and the Routine Cost Limits are 
    properly documented and supported by verifiable and auditable data;
         The hospital's procedures for reporting of bad debts on 
    the cost report are in accordance with Federal statutes, regulations, 
    guidelines and policies;
         Allocations from a hospital chain's home office cost 
    statement to individual hospital cost reports are accurately made and 
    supportable by verifiable and auditable data; and
         Procedures are in place and documented for notifying 
    promptly the Medicare fiscal intermediary (or any other applicable 
    payor, e.g., TRICARE (formerly CHAMPUS) and Medicaid) of errors 
    discovered after the submission of the hospital cost report, and where 
    applicable, after the submission of a hospital chain's home office cost 
    statement.
        With regard to bad debts claimed on the Medicare cost report, see 
    also section six, below, on Bad Debts.
        4. Medical Necessity--Reasonable and Necessary Services. A 
    hospital's compliance program should provide that claims should only be 
    submitted for services that the hospital has reason to believe are 
    medically necessary and that were ordered by a physician \30\ or other 
    appropriately licensed individual.
    ---------------------------------------------------------------------------
    
        \30\ For Medicare reimbursement purposes, a physician is defined 
    as: (1) a doctor of medicine or osteopathy; (2) a doctor of dental 
    surgery or of dental medicine; (3) a podiatrist; (4) an optometrist; 
    and (5) a chiropractor, all of whom must be appropriately licensed 
    by the state. 42 U.S.C. 1395x(r).
    ---------------------------------------------------------------------------
    
        As a preliminary matter, the OIG recognizes that licensed health 
    care professionals must be able to order any services that are 
    appropriate for the treatment of their patients. However, Medicare and 
    other government and private health care plans will only pay for those 
    services that meet appropriate medical necessity standards (in the case 
    of Medicare, i.e., ``reasonable and necessary'' services). Providers 
    may not bill for services that do not meet the applicable standards. 
    The hospital is in a unique position to deliver this information to the 
    health care professionals on its staff. Upon request, a hospital should 
    be able to provide documentation, such as patients' medical records and 
    physicians' orders, to support the medical necessity of a service that 
    the hospital has provided. The compliance officer should ensure that a 
    clear, comprehensive summary of the ``medical necessity'' definitions 
    and rules of the various government and private plans is prepared and 
    disseminated appropriately.
        5. Anti-Kickback and Self-Referral Concerns. The hospital should 
    have policies and procedures in place with respect to compliance with 
    Federal and State anti-kickback statutes, as well as the Stark 
    physician self-referral law.\31\ Such policies should provide that:
    ---------------------------------------------------------------------------
    
        \31\ Towards this end, the hospital's in-house counsel or 
    compliance officer should, inter alia, obtain copies of all OIG 
    regulations, special fraud alerts and advisory opinions concerning 
    the anti-kickback statute, Civil Monetary Penalties Law (CMPL) and 
    Stark physician self-referral law (the fraud alerts and anti-
    kickback or CMPL advisory opinions are published on HHS OIG's home 
    page on the Internet), and ensure that the hospital's policies 
    reflect the guidance provided by the OIG.
    ---------------------------------------------------------------------------
    
         All of the hospital's contracts and arrangements with 
    referral sources comply with all applicable statutes and regulations;
         The hospital does not submit or cause to be submitted to 
    the Federal health care programs claims for patients who were referred 
    to the hospital pursuant to contracts and financial arrangements that 
    were designed to induce such referrals in violation of the anti-
    kickback statute, Stark physician self-referral law or similar Federal 
    or State statute or regulation; and
         The hospital does not enter into financial arrangements 
    with hospital-based physicians that are designed to provide 
    inappropriate remuneration to the hospital in return for the 
    physician's ability to provide services to Federal health care program 
    beneficiaries at that hospital.\32\
    ---------------------------------------------------------------------------
    
        \32\ See fn. 25, supra.
    ---------------------------------------------------------------------------
    
        Further, the policies and procedures should reference the OIG's 
    safe harbor regulations, clarifying those payment practices that would 
    be immune from prosecution under the anti-kickback statute. See 42 CFR 
    1001.952.
        6. Bad Debts. A hospital should develop a mechanism \33\ to review, 
    at least annually: (1) whether it is properly reporting bad debts to 
    Medicare; and (2) all Medicare bad debt expenses claimed, to ensure 
    that the hospital's procedures are in accordance with applicable
    
    [[Page 8993]]
    
    Federal and State statutes, regulations, guidelines and policies. In 
    addition, such a review should ensure that the hospital has appropriate 
    and reasonable mechanisms in place regarding beneficiary deductible or 
    copayment collection efforts and has not claimed as bad debts any 
    routinely waived Medicare copayments and deductibles, which waiver also 
    constitutes a violation of the anti-kickback statute. Further, the 
    hospital may consult with the appropriate fiscal intermediary as to bad 
    debt reporting requirements, if questions arise.
    ---------------------------------------------------------------------------
    
        \33\ E.g., assigning in-house counsel or contracting with an 
    independent professional organization, such as an accounting, law or 
    consulting firm.
    ---------------------------------------------------------------------------
    
        7. Credit Balances. The hospital should institute procedures to 
    provide for the timely and accurate reporting of Medicare and other 
    Federal health care program credit balances. For example, a hospital 
    may redesignate segments of its information system to allow for the 
    segregation of patient accounts reflecting credit balances. The 
    hospital could remove these accounts from the active accounts and place 
    them in a holding account pending the processing of a reimbursement 
    claim to the appropriate program. A hospital's information system 
    should have the ability to print out the individual patient accounts 
    that reflect a credit balance in order to permit simplified tracking of 
    credit balances.
        In addition, a hospital should designate at least one person (e.g., 
    in the Patient Accounts Department or reasonable equivalent thereof) as 
    having the responsibility for the tracking, recording and reporting of 
    credit balances. Further, a comptroller or an accountant in the 
    hospital's Accounting Department (or reasonable equivalent thereof) may 
    review reports of credit balances and reimbursements or adjustments on 
    a monthly basis as an additional safeguard.
        8. Retention of Records. Hospital compliance programs should 
    provide for the implementation of a records system. This system should 
    establish policies and procedures regarding the creation, distribution, 
    retention, storage, retrieval and destruction of documents. The two 
    types of documents developed under this system should include: (1) all 
    records and documentation, e.g., clinical and medical records and 
    claims documentation, required either by Federal or State law for 
    participation in Federal health care programs (e.g., Medicare's 
    conditions of participation requirement that hospital records regarding 
    Medicare claims be retained for a minimum of five years, see 42 CFR 
    482.24(b)(1) and HCFA Hospital Manual section 413(C)(12-91)); and (2) 
    all records necessary to protect the integrity of the hospital's 
    compliance process and confirm the effectiveness of the program, e.g., 
    documentation that employees were adequately trained; reports from the 
    hospital's hotline, including the nature and results of any 
    investigation that was conducted; modifications to the compliance 
    program; self-disclosure; and the results of the hospital's auditing 
    and monitoring efforts.\34\
    ---------------------------------------------------------------------------
    
        \34\ The creation and retention of such documents and reports 
    may raise a variety of legal issues, such as patient privacy and 
    confidentiality. These issues are best discussed with legal counsel.
    ---------------------------------------------------------------------------
    
        9. Compliance as an Element of a Performance Plan. Compliance 
    programs should require that the promotion of, and adherence to, the 
    elements of the compliance program be a factor in evaluating the 
    performance of managers and supervisors. They, along with other 
    employees, should be periodically trained in new compliance policies 
    and procedures. In addition, all managers and supervisors involved in 
    the coding, claims and cost report development and submission processes 
    should:
         Discuss with all supervised employees the compliance 
    policies and legal requirements applicable to their function;
         Inform all supervised personnel that strict compliance 
    with these policies and requirements is a condition of employment; and
         Disclose to all supervised personnel that the hospital 
    will take disciplinary action up to and including termination or 
    revocation of privileges for violation of these policies or 
    requirements.
        In addition to making performance of these duties an element in 
    evaluations, the compliance officer or hospital management should 
    include in the hospital's compliance program a policy that managers and 
    supervisors will be sanctioned for failure to instruct adequately their 
    subordinates or for failing to detect noncompliance with applicable 
    policies and legal requirements, where reasonable diligence on the part 
    of the manager or supervisor would have led to the discovery of any 
    problems or violations and given the hospital the opportunity to 
    correct them earlier.
    B. Designation of a Compliance Officer and a Compliance Committee
        1. Compliance Officer. Every hospital should designate a compliance 
    officer to serve as the focal point for compliance activities. This 
    responsibility may be the individual's sole duty or added to other 
    management responsibilities, depending upon the size and resources of 
    the hospital and the complexity of the task. Designating a compliance 
    officer with the appropriate authority is critical to the success of 
    the program, necessitating the appointment of a high-level official in 
    the hospital with direct access to the hospital's governing body and 
    the CEO.\35\ The officer should have sufficient funding and staff to 
    perform his or her responsibilities fully. Coordination and 
    communication are the key functions of the compliance officer with 
    regard to planning, implementing, and monitoring the compliance 
    program.
    ---------------------------------------------------------------------------
    
        \35\ The OIG believes that there is some risk to establishing an 
    independent compliance function if that function is subordinance to 
    the hospital's general counsel, or comptroller or similar hospital 
    financial officer. Free standing compliance functions help to ensure 
    independent and objective legal reviews and financial analyses of 
    the institution's compliance efforts and activities. By separating 
    the compliance function from the key management positions of general 
    counsel or chief hospital financial officer (where the size and 
    structure of the hospital make this a feasible option), a system of 
    checks and balances is established to more effectively achieve the 
    goals of the compliance program.
    ---------------------------------------------------------------------------
    
        The compliance officer's primary responsibilities should include:
         Overseeing and monitoring the implementation of the 
    compliance program; \36\
    ---------------------------------------------------------------------------
    
        \36\ For multi-hospital organizations, the OIG encourages 
    coordination with each hospital owned by the corporation or 
    foundation through the use of a headquarter's compliance officer, 
    communicating with parallel positions in each facility, or regional 
    office, as appropriate.
    ---------------------------------------------------------------------------
    
         Reporting on a regular basis to the hospital's governing 
    body, CEO and compliance committee on the progress of implementation, 
    and assisting these components in establishing methods to improve the 
    hospital's efficiency and quality of services, and to reduce the 
    hospital's vulnerability to fraud, abuse and waste;
         Periodically revising the program in light of changes in 
    the needs of the organization, and in the law and policies and 
    procedures of government and private payor health plans;
         Developing, coordinating, and participating in a 
    multifaceted educational and training program that focuses on the 
    elements of the compliance program, and seeks to ensure that all 
    appropriate employees and management are knowledgeable of, and comply 
    with, pertinent Federal and State standards;
         Ensuring that independent contractors and agents who 
    furnish medical services to the hospital are aware of the requirements 
    of the hospital's compliance program with respect to coding, billing, 
    and marketing, among other things;
         Coordinating personnel issues with the hospital's Human 
    Resources office
    
    [[Page 8994]]
    
    (or its equivalent) to ensure that the National Practitioner Data Bank 
    and Cumulative Sanction Report \37\ have been checked with respect to 
    all employees, medical staff and independent contractors;
    ---------------------------------------------------------------------------
    
        \37\ The Cumulative Sanction Report is an OIG-produced report 
    available on the Internet at http://www.dhhs.gov/progorg/oig. It is 
    updated on a regular basis to reflect the status of health care 
    providers who have been excluded from participation in the Medicare 
    and Medicaid programs. In addition, the General Services 
    Administration maintains a monthly listing of debarred contractors 
    on the Internet at http://www.arnet.gov/epls. Also, once the data 
    base established by the Health Care Fraud and Abuse Data Collection 
    Act of 1996 is fully operational, the hospital should regularly 
    request information from this data bank as part of its employee 
    screening process.
    ---------------------------------------------------------------------------
    
         Assisting the hospital's financial management in 
    coordinating internal compliance review and monitoring activities, 
    including annual or periodic reviews of departments;
         Independently investigating and acting on matters related 
    to compliance, including the flexibility to design and coordinate 
    internal investigations (e.g., responding to reports of problems or 
    suspected violations) and any resulting corrective action with all 
    hospital departments, providers and sub-providers,\38\ agents and, if 
    appropriate, independent contractors; and
    ---------------------------------------------------------------------------
    
        \38\ E.g., skilled nursing facilities and home health agencies.
    ---------------------------------------------------------------------------
    
         Developing policies and programs that encourage managers 
    and employees to report suspected fraud and other improprieties without 
    fear of retaliation.
        The compliance officer must have the authority to review all 
    documents and other information that are relevant to compliance 
    activities, including, but not limited to, patient records, billing 
    records, and records concerning the marketing efforts of the facility 
    and the hospital's arrangements with other parties, including 
    employees, professionals on staff, independent contractors, suppliers, 
    agents, and hospital-based physicians, etc. This policy enables the 
    compliance officer to review contracts and obligations (seeking the 
    advice of legal counsel, where appropriate) that may contain referral 
    and payment issues that could violate the anti-kickback statute, as 
    well as the physician self-referral prohibition and other legal or 
    regulatory requirements.
        2. Compliance Committee. The OIG recommends that a compliance 
    committee be established to advise the compliance officer and assist in 
    the implementation of the compliance program.\39\ The committee's 
    functions should include:
    ---------------------------------------------------------------------------
    
        \39\ The compliance committee benefits from having the 
    perspectives of individuals with varying responsibilities in the 
    organization, such as operations, finance, audit, human resources, 
    utilization review, social work, discharge planning, medicine, 
    coding and legal, as well as employees and managers of key operating 
    units.
    ---------------------------------------------------------------------------
    
         Analyzing the organization's industry environment, the 
    legal requirements with which it must comply, and specific risk areas;
         Assessing existing policies and procedures that address 
    these areas for possible incorporation into the compliance program;
         Working with appropriate hospital departments to develop 
    standards of conduct and policies and procedures to promote compliance 
    with the institution's program;
         Recommending and monitoring, in conjunction with the 
    relevant departments, the development of internal systems and controls 
    to carry out the organization's standards, policies and procedures as 
    part of its daily operations;
         Determining the appropriate strategy/approach to promote 
    compliance with the program and detection of any potential violations, 
    such as through hotlines and other fraud reporting mechanisms; and
         Developing a system to solicit, evaluate and respond to 
    complaints and problems.
        The committee may also address other functions as the compliance 
    concept becomes part of the overall hospital operating structure and 
    daily routine.
    C. Conducting Effective Training and Education
        The proper education and training of corporate officers, managers, 
    employees, physicians and other health care professionals, and the 
    continual retraining of current personnel at all levels, are 
    significant elements of an effective compliance program. As part of 
    their compliance programs, hospitals should require personnel to attend 
    specific training on a periodic basis, including appropriate training 
    in Federal and State statutes, regulations and guidelines, and the 
    policies of private payors, and training in corporate ethics, which 
    emphasizes the organization's commitment to compliance with these legal 
    requirements and policies.
        These training programs should include sessions highlighting the 
    organization's compliance program, summarizing fraud and abuse laws, 
    coding requirements, claim development and submission processes and 
    marketing practices that reflect current legal and program standards. 
    The organization must take steps to communicate effectively its 
    standards and procedures to all affected employees, physicians, 
    independent contractors and other significant agents, e.g., by 
    requiring participation in training programs and disseminating 
    publications that explain in a practical manner specific 
    requirements.\40\ Managers of specific departments or groups can assist 
    in identifying areas that require training and in carrying out such 
    training. Training instructors may come from outside or inside the 
    organization. New employees should be targeted for training early in 
    their employment.\41\ Any formal training undertaken by the hospital as 
    part of the compliance program should be documented by the compliance 
    officer.
    ---------------------------------------------------------------------------
    
        \40\ Some publications, such as OIG's Management Advisory Report 
    entitled ``Financial Arrangements between Hospitals and Hospital-
    Based Physicians,'' Special Fraud Alerts, audit and inspection 
    reports, and advisory opinions, as well as the annual OIG work plan, 
    are readily available from the OIG and could be the basis for 
    standards, educational courses and programs for appropriate hospital 
    employees.
        \41\ Certain positions, such as those involving the coding of 
    medical services, create a greater organizational legal exposure, 
    and therefore require specialized training. One recommendation would 
    be for a hospital to attempt to fill such positions with individuals 
    who have the appropriate educational background and training.
    ---------------------------------------------------------------------------
    
        A variety of teaching methods, such as interactive training, and 
    training in several different languages, particularly where a hospital 
    has a culturally diverse staff, should be implemented so that all 
    affected employees are knowledgeable of the institution's standards of 
    conduct and procedures for alerting senior management to problems and 
    concerns. Targeted training should be provided to corporate officers, 
    managers and other employees whose actions affect the accuracy of the 
    claims submitted to the Government, such as employees involved in the 
    coding, billing, cost reporting and marketing processes. Given the 
    complexity and interdependent relationships of many departments, proper 
    coordination and supervision of this process by the compliance officer 
    is important. In addition to specific training in the risk areas 
    identified in section II.A.2, above, primary training to appropriate 
    corporate officers, managers and other hospital staff should include 
    such topics as:
         Government and private payor reimbursement principles;
         General prohibitions on paying or receiving remuneration 
    to induce referrals;
         Proper confirmation of diagnoses;
    
    [[Page 8995]]
    
         Submitting a claim for physician services when rendered by 
    a non-physician (i.e., the ``incident to'' rule and the physician 
    physical presence requirement);
         Signing a form for a physician without the physician's 
    authorization;
         Alterations to medical records;
         Prescribing medications and procedures without proper 
    authorization;
         Proper documentation of services rendered; and
         Duty to report misconduct.
        Clarifying and emphasizing these areas of concern through training 
    and educational programs are particularly relevant to a hospital's 
    marketing and financial personnel, in that the pressure to meet 
    business goals may render these employees vulnerable to engaging in 
    prohibited practices.
        The OIG suggests that all relevant levels of personnel be made part 
    of various educational and training programs of the hospital. Employees 
    should be required to have a minimum number of educational hours per 
    year, as appropriate, as part of their employment responsibilities.\42\ 
    For example, for certain employees involved in the billing and coding 
    functions, periodic training in proper DRG coding and documentation of 
    medical records should be required.\43\ In hospitals with high employee 
    turnover, periodic training updates are critical.
    ---------------------------------------------------------------------------
    
        \42\ Currently, the OIG is monitoring approximately 165 
    corporate integrity agreements that require many of these training 
    elements. The OIG usually requires a minimum of one to three hours 
    annually for basic training in compliance areas. More is required 
    for speciality fields such as billing and coding.
        \43\ Accurate coding depends upon the quality and completeness 
    of the physician's documentation. Therefore, the OIG believes that 
    active staff physician participation in educational programs 
    focusing on coding and documentation should be emphasized by the 
    hospital.
    ---------------------------------------------------------------------------
    
        The OIG recommends that attendance and participation in training 
    programs be made a condition of continued employment and that failure 
    to comply with training requirements should result in disciplinary 
    action, including possible termination, when such failure is serious. 
    Adherence to the provisions of the compliance program, such as training 
    requirements, should be a factor in the annual evaluation of each 
    employee.\44\ The hospital should retain adequate records of its 
    training of employees, including attendance logs and material 
    distributed at training sessions.
    ---------------------------------------------------------------------------
    
        \44\ In addition, where feasible, the OIG believes that a 
    hospital's outside contractors, including physician corporations, 
    should be afforded the opportunity to participate in, or develop 
    their own, compliance training and educational programs, which 
    complement the hospital's standards of conduct, compliance 
    requirements, and other rules and regulations.
    ---------------------------------------------------------------------------
    
        Finally, the OIG recommends that hospital compliance programs 
    address the need for periodic professional education courses that may 
    be required by statute and regulation for certain hospital personnel.
    D. Developing Effective Lines of Communication
        1. Access to the Compliance Officer. An open line of communication 
    between the compliance officer and hospital personnel is equally 
    important to the successful implementation of a compliance program and 
    the reduction of any potential for fraud, abuse and waste. Written 
    confidentiality and non-retaliation policies should be developed and 
    distributed to all employees to encourage communication and the 
    reporting of incidents of potential fraud.\45\ The compliance committee 
    should also develop several independent reporting paths for an employee 
    to report fraud, waste or abuse so that such reports cannot be diverted 
    by supervisors or other personnel.
    ---------------------------------------------------------------------------
    
        \45\ The OIG believes that whistleblowers should be protected 
    against retaliation, a concept embodied in the provisions of the 
    False Claims Act. In many cases, employees sue their employers under 
    the False Claims Act's qui tam provisions out of frustration because 
    of the company's failure to take action when a questionable, 
    fraudulent or abusive situation was brought to the attention of 
    senior corporate officials.
    ---------------------------------------------------------------------------
    
        The OIG encourages the establishment of a procedure so that 
    hospital personnel may seek clarification from the compliance officer 
    or members of the compliance committee in the event of any confusion or 
    question with regard to a hospital policy or procedure. Questions and 
    responses should be documented and dated and, if appropriate, shared 
    with other staff so that standards, policies and procedures can be 
    updated and improved to reflect any necessary changes or 
    clarifications. The compliance officer may want to solicit employee 
    input in developing these communication and reporting systems.
        2. Hotlines and Other Forms of Communication. The OIG encourages 
    the use of hotlines (including anonymous hotlines), e-mails, written 
    memoranda, newsletters, and other forms of information exchange to 
    maintain these open lines of communication. If the hospital establishes 
    a hotline, the telephone number should be made readily available to all 
    employees and independent contractors, possibly by conspicuously 
    posting the telephone number in common work areas.\46\ Employees should 
    be permitted to report matters on an anonymous basis. Matters reported 
    through the hotline or other communication sources that suggest 
    substantial violations of compliance policies, regulations or statutes 
    should be documented and investigated promptly to determine their 
    veracity. A log should be maintained by the compliance officer that 
    records such calls, including the nature of any investigation and its 
    results. Such information should be included in reports to the 
    governing body, the CEO and compliance committee. Further, while the 
    hospital should always strive to maintain the confidentiality of an 
    employee's identity, it should also explicitly communicate that there 
    may be a point where the individual's identity may become known or may 
    have to be revealed in certain instances when governmental authorities 
    become involved.
    ---------------------------------------------------------------------------
    
        \46\ Hospitals should also post in a prominent, available area 
    the HHS OIG Hotline telephone number, 1-800-HHS-TIPS (447-8477), in 
    addition to any company hotline number that may be posted.
    ---------------------------------------------------------------------------
    
        The OIG recognizes that assertions of fraud and abuse by employees 
    who may have participated in illegal conduct or committed other 
    malfeasance raise numerous complex legal and management issues that 
    should be examined on a case-by-case basis. The compliance officer 
    should work closely with legal counsel, who can provide guidance 
    regarding such issues.
    E. Enforcing Standards Through Well-Publicized Disciplinary Guidelines
        1. Discipline Policy and Actions. An effective compliance program 
    should include guidance regarding disciplinary action for corporate 
    officers, managers, employees, physicians and other health care 
    professionals who have failed to comply with the hospital's standards 
    of conduct, policies and procedures, or Federal and State laws, or 
    those who have otherwise engaged in wrongdoing, which have the 
    potential to impair the hospital's status as a reliable, honest and 
    trustworthy health care provider.
        The OIG believes that the compliance program should include a 
    written policy statement setting forth the degrees of disciplinary 
    actions that may be imposed upon corporate officers, managers, 
    employees, physicians and other health care professionals for failing 
    to comply with the hospital's standards and policies and applicable 
    statutes and regulations. Intentional or reckless noncompliance should 
    subject transgressors to significant sanctions. Such sanctions could 
    range from oral
    
    [[Page 8996]]
    
    warnings to suspension, privilege revocation (subject to any applicable 
    peer review procedures), termination or financial penalties, as 
    appropriate. The written standards of conduct should elaborate on the 
    procedures for handling disciplinary problems and those who will be 
    responsible for taking appropriate action. Some disciplinary actions 
    can be handled by department managers, while others may have to be 
    resolved by a senior hospital administrator. Disciplinary action may be 
    appropriate where a responsible employee's failure to detect a 
    violation is attributable to his or her negligence or reckless conduct. 
    Personnel should be advised by the hospital that disciplinary action 
    will be taken on a fair and equitable basis. Managers and supervisors 
    should be made aware that they have a responsibility to discipline 
    employees in an appropriate and consistent manner.
        It is vital to publish and disseminate the range of disciplinary 
    standards for improper conduct and to educate officers and other 
    hospital staff regarding these standards. The consequences of 
    noncompliance should be consistently applied and enforced, in order for 
    the disciplinary policy to have the required deterrent effect. All 
    levels of employees should be subject to the same disciplinary action 
    for the commission of similar offenses. The commitment to compliance 
    applies to all personnel levels within a hospital. The OIG believes 
    that corporate officers, managers, supervisors, medical staff and other 
    health care professionals should be held accountable for failing to 
    comply with, or for the foreseeable failure of their subordinates to 
    adhere to, the applicable standards, laws, and procedures.
        2. New Employee Policy. For all new employees who have 
    discretionary authority to make decisions that may involve compliance 
    with the law or compliance oversight, hospitals should conduct a 
    reasonable and prudent background investigation, including a reference 
    check, as part of every such employment application.\47\ The 
    application should specifically require the applicant to disclose any 
    criminal conviction, as defined by 42 U.S.C. 1320a-7(i), or exclusion 
    action. Pursuant to the compliance program, hospital policies should 
    prohibit the employment of individuals who have been recently convicted 
    of a criminal offense related to health care or who are listed as 
    debarred, excluded or otherwise ineligible for participation in Federal 
    health care programs (as defined in 42 U.S.C. 1320a-7b(f)).\48\ In 
    addition, pending the resolution of any criminal charges or proposed 
    debarment or exclusion, the OIG recommends that such individuals should 
    be removed from direct responsibility for or involvement in any Federal 
    health care program.\49\ With regard to current employees or 
    independent contractors, if resolution of the matter results in 
    conviction, debarment or exclusion, the hospital should terminate its 
    employment or other contract arrangement with the individual or 
    contractor.
    ---------------------------------------------------------------------------
    
        \47\ See fn. 37, supra.
        \48\ Likewise, hospital compliance programs should establish 
    standards prohibiting the execution of contracts with companies that 
    have been recently convicted of a criminal offense related to health 
    care or that are listed by a Federal agency as debarred, excluded, 
    or otherwise ineligible for participation in Federal health care 
    programs.
        \49\ Prospective employees who have been officially reinstated 
    into the Medicare and Medicaid programs by the OIG may be considered 
    for employment upon proof of such reinstatement.
    ---------------------------------------------------------------------------
    
    F. Auditing and Monitoring
        An ongoing evaluation process is critical to a successful 
    compliance program. The OIG believes that an effective program should 
    incorporate thorough monitoring of its implementation and regular 
    reporting to senior hospital or corporate officers.\50\ Compliance 
    reports created by this ongoing monitoring, including reports of 
    suspected noncompliance, should be maintained by the compliance officer 
    and shared with the hospital's senior management and the compliance 
    committee.
    ---------------------------------------------------------------------------
    
        \50\ Even when a hospital is owned by a larger corporate entity, 
    the regular auditing and monitoring of the compliance activities of 
    an individual hospital must be a key feature in any annual review. 
    Appropriate reports on audit findings should be periodically 
    provided and explained to a parent-organization's senior staff and 
    officers.
    ---------------------------------------------------------------------------
    
        Although many monitoring techniques are available, one effective 
    tool to promote and ensure compliance is the performance of regular, 
    periodic compliance audits by internal or external auditors who have 
    expertise in Federal and State health care statutes, regulations and 
    Federal health care program requirements. The audits should focus on 
    the hospital's programs or divisions, including external relationships 
    with third-party contractors, specifically those with substantive 
    exposure to government enforcement actions. At a minimum, these audits 
    should be designed to address the hospital's compliance with laws 
    governing kickback arrangements, the physician self-referral 
    prohibition, CPT/HCPSC ICD-9 coding, claim development and submission, 
    reimbursement, cost reporting and marketing. In addition, the audits 
    and reviews should inquire into the hospital's compliance with specific 
    rules and polices that have been the focus of particular attention on 
    the part of the Medicare fiscal intermediaries or carriers, and law 
    enforcement, as evidenced by OIG Special Fraud Alerts, OIG audits and 
    evaluations, and law enforcement's initiatives. See section II.A.2, 
    supra. In addition, the hospital should focus on any areas of concern 
    that have been identified by any entity, i.e., Federal, State, or 
    internally, specific to the individual hospital.
        Monitoring techniques may include sampling protocols that permit 
    the compliance officer to identify and review variations from an 
    established baseline.\51\ Significant variations from the baseline 
    should trigger a reasonable inquiry to determine the cause of the 
    deviation. If the inquiry determines that the deviation occurred for 
    legitimate, explainable reasons, the compliance officer, hospital 
    administrator or manager may want to limit any corrective action or 
    take no action. If it is determined that the deviation was caused by 
    improper procedures, misunderstanding of rules, including fraud and 
    systemic problems, the hospital should take prompt steps to correct the 
    problem. Any overpayments discovered as a result of such deviations 
    should be returned promptly to the affected payor, with appropriate 
    documentation and a thorough explanation of the reason for the 
    refund.\52\
    ---------------------------------------------------------------------------
    
        \51\ The OIG recommends that when a compliance program is 
    established in a hospital, the compliance officer, with the 
    assistance of department managers, should take a ``snapshot'' of 
    their operations from a compliance perspective. This assessment can 
    be undertaken by outside consultants, law or accounting firms, or 
    internal staff, with authoritative knowledge of health care 
    compliance requirements. This ``snapshot,'' often used as part of 
    benchmarking analyses, becomes a baseline for the compliance officer 
    and other managers to judge the hospital's progress in reducing or 
    eliminating potential areas of vulnerability. For example, it has 
    been suggested that a baseline level include the frequency and 
    percentile levels of various diagnosis codes and the increased 
    billing of complications and co-morbidities.
        \52\ In addition, when appropriate, as referenced in section G.2 
    reports of fraud or systemic problems should also be made to the 
    appropriate governmental authority.
    ---------------------------------------------------------------------------
    
        Monitoring techniques may also include a review of any reserves the 
    hospital has established for payments that it may owe to Medicare, 
    Medicaid, TRICARE or other Federal health care programs. Any reserves 
    discovered that include funds that should have been paid to Medicare or 
    another government program should be paid promptly,
    
    [[Page 8997]]
    
    regardless of whether demand has been made for such payment.
        An effective compliance program should also incorporate periodic 
    (at least annual) reviews of whether the program's compliance elements 
    have been satisfied, e.g., whether there has been appropriate 
    dissemination of the program's standards, training, ongoing educational 
    programs and disciplinary actions, among others. This process will 
    verify actual conformance by all departments with the compliance 
    program. Such reviews could support a determination that appropriate 
    records have been created and maintained to document the implementation 
    of an effective program. However, when monitoring discloses that 
    deviations were not detected in a timely manner due to program 
    deficiencies, appropriate modifications must be implemented. Such 
    evaluations, when developed with the support of management, can help 
    ensure compliance with the hospital's policies and procedures.
        As part of the review process, the compliance officer or reviewers 
    should consider techniques such as:
         On-site visits;
         Interviews with personnel involved in management, 
    operations, coding, claim development and submission, patient care, and 
    other related activities;
         Questionnaires developed to solicit impressions of a broad 
    cross-section of the hospital's employees and staff;
         Reviews of medical and financial records and other source 
    documents that support claims for reimbursement and Medicare cost 
    reports;
         Reviews of written materials and documentation prepared by 
    the different divisions of a hospital; and
         Trend analysis, or longitudinal studies, that seek 
    deviations, positive or negative, in specific areas over a given 
    period.
        The reviewers should:
         Be independent of physicians and line management;
         Have access to existing audit and health care resources, 
    relevant personnel and all relevant areas of operation;
         Present written evaluative reports on compliance 
    activities to the CEO, governing body and members of the compliance 
    committee on a regular basis, but no less than annually; and
         Specifically identify areas where corrective actions are 
    needed.
        With these reports, hospital management can take whatever steps are 
    necessary to correct past problems and prevent them from reoccurring. 
    In certain cases, subsequent reviews or studies would be advisable to 
    ensure that the recommended corrective actions have been implemented 
    successfully.
        The hospital should document its efforts to comply with applicable 
    statutes, regulations and Federal health care program requirements. For 
    example, where a hospital, in its efforts to comply with a particular 
    statute, regulation or program requirement, requests advice from a 
    government agency (including a Medicare fiscal intermediary or carrier) 
    charged with administering a Federal health care program, the hospital 
    should document and retain a record of the request and any written or 
    oral response. This step is extremely important if the hospital intends 
    to rely on that response to guide it in future decisions, actions or 
    claim reimbursement requests or appeals. Maintaining a log of oral 
    inquiries between the hospital and third parties represents an 
    additional basis for establishing documentation on which the 
    organization may rely to demonstrate attempts at compliance. Records 
    should be maintained demonstrating reasonable reliance and due 
    diligence in developing procedures that implement such advice.
    G. Responding to Detected Offenses and Developing Corrective Action 
    Initiatives
        1. Violations and Investigations. Violations of a hospital's 
    compliance program, failures to comply with applicable Federal or State 
    law, and other types of misconduct threaten a hospital's status as a 
    reliable, honest and trustworthy provider capable of participating in 
    Federal health care programs. Detected but uncorrected misconduct can 
    seriously endanger the mission, reputation, and legal status of the 
    hospital. Consequently, upon reports or reasonable indications of 
    suspected noncompliance, it is important that the chief compliance 
    officer or other management officials initiate prompt steps to 
    investigate the conduct in question to determine whether a material 
    violation of applicable law or the requirements of the compliance 
    program has occurred, and if so, take steps to correct the problem.\53\ 
    As appropriate, such steps may include an immediate referral to 
    criminal and/or civil law enforcement authorities, a corrective action 
    plan,\54\ a report to the Government,\55\ and the submission of any 
    overpayments, if applicable.
    ---------------------------------------------------------------------------
    
        \53\ Instances of non-compliance must be determined on a case-
    by-case basis. The existence, or amount, of a monetary loss to a 
    health care program is not solely determinative of whether or not 
    the conduct should be investigated and reported to governmental 
    authorities. In fact, there may be instances where there is no 
    monetary loss at all, but corrective action and reporting are still 
    necessary to protect the integrity of the applicable program and its 
    beneficiaries.
        \54\ Advice from the hospital's in-house counsel or an outside 
    law firm may be sought to determine the extent of the hospital's 
    liability and to plan the appropriate course of action.
        \55\ The OIG currently maintains a voluntary disclosure program 
    that encourages providers to report suspected fraud. The concept of 
    voluntary self-disclosure is premised on a recognition that the 
    Government alone cannot protect the integrity of the Medicare and 
    other Federal health care programs. Health care providers must be 
    willing to police themselves, correct underlying problems and work 
    with the Government to resolve these matters. The OIG's voluntary 
    self-disclosure program has four prerequisites: (1) the disclosure 
    must be on behalf of an entity and not an individual; (2) the 
    disclosure must be truly voluntary (i.e., no pending proceeding or 
    investigation); (3) the entity must disclose the nature of the 
    wrongdoing and the harm to the Federal programs; and (4) the entity 
    must not be the subject of a bankruptcy proceeding before or after 
    the self-disclosure.
    ---------------------------------------------------------------------------
    
        Where potential fraud or False Claims Act liability is not 
    involved, the OIG recognizes that HCFA regulations and contractor 
    guidelines already include procedures for returning overpayments to the 
    Government as they are discovered. However, even if the overpayment 
    detection and return process is working and is being monitored by the 
    hospital's audit or coding divisions, the OIG still believes that the 
    compliance officer needs to be made aware of these overpayments, 
    violations or deviations and look for trends or patterns that may 
    demonstrate a systemic problem.
        Depending upon the nature of the alleged violations, an internal 
    investigation will probably include interviews and a review of relevant 
    documents. Some hospitals should consider engaging outside counsel, 
    auditors, or health care experts to assist in an investigation. Records 
    of the investigation should contain documentation of the alleged 
    violation, a description of the investigative process, copies of 
    interview notes and key documents, a log of the witnesses interviewed 
    and the documents reviewed, the results of the investigation, e.g., any 
    disciplinary action taken, and the corrective action implemented. While 
    any action taken as the result of an investigation will necessarily 
    vary depending upon the hospital and the situation, hospitals should 
    strive for some consistency by utilizing sound practices and 
    disciplinary protocols. Further, after a reasonable period, the 
    compliance officer should review the circumstances that formed the 
    basis for the investigation to determine whether similar problems have 
    been uncovered.
    
    [[Page 8998]]
    
        If an investigation of an alleged violation is undertaken and the 
    compliance officer believes the integrity of the investigation may be 
    at stake because of the presence of employees under investigation, 
    those subjects should be removed from their current work activity until 
    the investigation is completed (unless an internal or Government-led 
    undercover operation is in effect). In addition, the compliance officer 
    should take appropriate steps to secure or prevent the destruction of 
    documents or other evidence relevant to the investigation. If the 
    hospital determines that disciplinary action is warranted, if should be 
    prompt and imposed in accordance with the hospital's written standards 
    of disciplinary action.
        2. Reporting. If the compliance officer, compliance committee or 
    management official discovers credible evidence of misconduct from any 
    source and, after a reasonable inquiry, has reason to believe that the 
    misconduct may violate criminal, civil or administrative law, then the 
    hospital promptly should report the existence of misconduct to the 
    appropriate governmental authority \56\ within a reasonable period, but 
    not more than sixty (60) days \57\ after determining that there is 
    credible evidence of a violation.\58\ Prompt reporting will demonstrate 
    the hospital's good faith and willingness to work with governmental 
    authorities to correct and remedy the problem. In addition, reporting 
    such conduct will be considered a mitigating factor by the OIG in 
    determining administrative sanctions (e.g., penalties, assessments, and 
    exclusion), if the reporting provider becomes the target of an OIG 
    investigation.\59\
    ---------------------------------------------------------------------------
    
        \56\ I.e., Federal and/or State law enforcement having 
    jurisdiction over such matter. Such governmental authority would 
    include DOJ and OIG with respect to Medicare and Medicaid violations 
    giving rise to causes of actions under various criminal, civil and 
    administrative false claims statutes.
        \57\ To qualify for the ``not less than double damages'' 
    provision of the False Claims Act, the report must be provided to 
    the Government within thirty (30) days after the date when the 
    hospital first obtained the information. 31 U.S.C. 3729(a).
        \58\ The OIG believes that some violations may be so serious 
    that they warrant immediate notification to governmental 
    authorities, prior to, or simultaneous with, commencing an internal 
    investigation, e.g., if the conduct: (1) is a clear violation of 
    criminal law; (2) has a significant adverse effect on the quality of 
    care provided to program beneficiaries (in addition to any other 
    legal obligations regarding quality of care); or (3) indicates 
    evidence of a systemic failure to comply with applicable laws, an 
    existing corporate integrity agreement, or other standards of 
    conduct, regardless of the financial impact on Federal health care 
    programs.
        \59\ The OIG has published criteria setting forth those factors 
    that the OIG takes into consideration in determining whether it is 
    appropriate to exclude a health care provider from program 
    participation pursuant to 42 U.S.C. 1320a-7(b)(7) for violations of 
    various fraud and abuse laws. See 62 FR 67392, December 24, 1997.
    ---------------------------------------------------------------------------
    
        When reporting misconduct to the Government, a hospital should 
    provide all evidence relevant to the alleged violation of applicable 
    Federal or State law(s) and potential cost impact. The compliance 
    officer, under advice of counsel, and with guidance from the 
    governmental authorities, could be requested to continue to investigate 
    the reported violation. Once the investigation is completed, the 
    compliance officer should be required to notify the appropriate 
    governmental authority of the outcome of the investigation, including a 
    description of the impact of the alleged violation on the operation of 
    the applicable health care programs or their beneficiaries. If the 
    investigation ultimately reveals that criminal or civil violations have 
    occurred, the appropriate Federal and State officials \60\ should be 
    notified immediately.
    ---------------------------------------------------------------------------
    
        \60\ Appropriate Federal and State authorities include the 
    Criminal and Civil Divisions of the Department of Justice, the U.S. 
    Attorney in the hospital's district, and the investigative arms for 
    the agencies administering the affected Federal or State health care 
    programs, such as the State Medicaid Fraud Control Unit, the Defense 
    Criminal Investigative Service, and the Offices of Inspector General 
    of the Department of Health and Human Services, the Department of 
    Veterans Affairs and the Office of Personnel Management (which 
    administers the Federal Employee Health Benefits Program).
    ---------------------------------------------------------------------------
    
        As previously stated, the hospital should take appropriate 
    corrective action, including prompt identification and restitution of 
    any overpayment to the affected payor and the imposition of proper 
    disciplinary action. Failure to repay overpayments within a reasonable 
    period of time could be interpreted as an intentional attempt to 
    conceal the overpayment from the Government, thereby establishing an 
    independent basis for a criminal violation with respect to the 
    hospital, as well as any individuals who may have been involved.\61\ 
    For this reason, hospital compliance programs should emphasize that 
    overpayment obtained from Medicare or other Federal health care 
    programs should be promptly returned to the payor that made the 
    erroneous payment.\62\
    ---------------------------------------------------------------------------
    
        \61\ See 42 U.S.C. 1320a-7b(a)(3).
        \62\ Normal repayment channels as described in HCFA's manuals 
    and guidances are the appropriate vehicle for repaying identified 
    overpayments. Hospitals should consult with its fiscal intermediary 
    or HCFA for any further guidance regarding these repayment channels. 
    Interest will be assessed, when appropriate. See 42 CFR 405.376.
    ---------------------------------------------------------------------------
    
    III. Conclusion
    
        Through this document, the OIG has attempted to provide a 
    foundation to the process necessary to develop an effective and cost-
    efficient hospital compliance program. As previously stated, however, 
    each program must be tailored to fit the needs and resources of an 
    individual hospital, depending upon its particular corporate structure, 
    mission, and employee composition. The statutes, regulations and 
    guidelines of the Federal and State health insurance programs, as well 
    as the policies and procedures of the private health plans, should be 
    integrated into every hospital's compliance program.
        The OIG recognizes that the health care industry in this country, 
    which reaches millions of beneficiaries and expends about a trillion 
    dollars, is constantly evolving. However, the time is right for 
    hospitals to implement a strong voluntary compliance program concept in 
    health care. As stated throughout this guidance, compliance is a 
    dynamic process that helps to ensure that hospitals and other health 
    care providers are better able to fulfill their commitment to ethical 
    behavior, as well as meet the changes and challenges being imposed upon 
    them by Congress and private insurers. Ultimately, it is the OIG's hope 
    that a voluntarily created compliance program will enable hospitals to 
    meet their goals, improve the quality of patient care, and 
    substantially reduce fraud, waste and abuse, as well as the cost of 
    health care to Federal, State and private health insurers.
    
        Dated: February 11, 1998.
    June Gibbs Brown,
    Inspector General.
    [FR Doc. 98-4399 Filed 2-20-98; 8:45 am]
    BILLING CODE 4150-04-M
    
    
    

Document Information

Published:
02/23/1998
Department:
Health and Human Services Department
Entry Type:
Notice
Action:
Notice.
Document Number:
98-4399
Pages:
8987-8998 (12 pages)
PDF File:
98-4399.pdf