OIG Enforcement Update in 2015 SC HFMA Annual Institute

May 28, 2015

James W. Boswell Michael E. Paulhus

King & Spalding LLP

Agenda • Background on HHS-OIG • 2015 OIG Work Plan and Enforcement Priorities • Hospital Compliance Programs & CIAs • Recent OIG Compliance Guidance • Future Trends in Healthcare Fraud Enforcement

Efforts

2

Background

3

4

Key Components of HHS-OIG The Office of Audit Services (OAS)

• Examines the performance of HHS programs and/or its grantees and contractors in carrying out their respective responsibilities

The Office of Evaluation and Inspections (OEI)

• Conducts national evaluations of HHS programs from a broad issue-based perspective

• Oversees state Medicaid Fraud Control Units

The Office of Investigations (OI) • Conducts criminal, civil, and administrative investigations of fraud and misconduct related to HHS programs, operations, and beneficiaries

The Office of Counsel to the Inspector General (OCIG)

• Represents OIG in all civil and administrative fraud and abuse cases involving HHS programs, including False Claims Act, program exclusion, and civil monetary penalties cases

• Negotiates and monitors corporate integrity agreements

• Renders advisory opinions, publishes fraud alerts, and provides other guidance concerning OIG enforcement authorities

HHS-OIG Resources • Corporate Integrity Agreements:

https://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp

• Advisory Opinions: https://oig.hhs.gov/compliance/advisory-opinions/

• Compliance Guidance: https://oig.hhs.gov/compliance/compliance-guidance/index.asp

• Special Fraud Alerts: https://oig.hhs.gov/compliance/alerts/index.asp

5

2015 OIG Work Plan and Enforcement Priorities

6

OIG Work Plan for Fiscal Year (FY) 2015

7

• The Work Plan summarizes the new and ongoing reviews and activities that OIG plans to pursue across the full spectrum of HHS programs and operations, including all aspects of Medicare and Medicaid

• OIG announced that its work plans for FY 2015 and beyond will include “examining inefficient payment policies or practices, including comparison among Government programs to identify instances when Medicare paid significantly different amounts for the same or similar services or when less efficient payment methodologies were used”

2015 Work Plan Initiative: Two-Midnight Rule

• Determining the impact of the “new inpatient admission criteria,” known as the 2-Midnight Rule, “on hospital billing, Medicare payments, and beneficiary copayments”

8

2015 Work Plan Initiative: Provider-based Status

• Determining the extent to which provider-based facilities meet CMS’s criteria

• Reviewing the Medicare payments for physician office visits in provider-based clinics and free-standing clinics “to determine the difference in payments made to the clinics for similar procedures and assess the potential impact on the Medicare program of hospitals’ claiming provider-based status for such facilities”

9

2015 Work Plan Initiative: Long-term care Hospitals

• Estimating the “national incidence of adverse and temporary harm events for Medicare beneficiaries receiving care in long-term-care hospitals,” and determining the associated costs to Medicare This is a new initiative for FY 2015

10

2015 Work Plan Initiative: Nursing Homes

• Determining “the extent to which Medicare beneficiaries residing in nursing homes are hospitalized as a result of conditions thought to be manageable or preventable in the nursing home setting”

11

2015 Work Plan Initiative: Hospital Billing

• Reviewing “Medicare outpatient payments made to hospitals for evaluation and management (E/M) services for clinic visits billed at the new-patient rate to determine whether they were appropriate and will recommend recovery of overpayments”

12

2015 Work Plan Initiative: Hospice Billing

• Reviewing “extent to which hospices serve Medicare beneficiaries who reside in assisted living facilities (ALFs).”

• Reviewing the use of hospice general inpatient care.

13

Other 2015 Work Plan Initiatives

• Reviewing “Medicare payments for high-cost diagnostic radiology tests to determine whether the tests were medically necessary . . .”.

• Reviewing “Medicare payments to independent clinical laboratories to determine laboratories’ compliance with selected billing requirements.”

• Review and oversight of contractor activities, including benefit integrity contractors such as Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs)

14

15

Hospital Compliance Programs & CIAs

Mandatory Compliance Programs • The Affordable Care Act (ACA) requires that providers

must establish a compliance program as a condition of enrollment in Medicare, Medicaid or the Children’s Health Insurance Program

• HHS is charged with establishing core elements for the compliance programs. To date, CMS has not published regulations applicable to hospitals

• What can providers use for guidance? Consider: Federal Sentencing Guidelines

Past OIG issuances

Corporate Integrity Agreements (CIAs)

16

Corporate Integrity Agreements • Historical Purpose “CIAs are imposed on companies to help reorient a corporate culture

that may have previously been prone to fraud and abuse … Such CIAs may also serve as admonitory examples for others within the industry”

“CIAs set forth specific requirements that a provider must meet in establishing a compliance program or in maintaining an existing compliance program”

Excerpts from testimony of Lew Morris, Assistant Inspector General for Legal Affairs, before the House Committee on Commerce, Subcommittee on Oversight and Investigations, April 6, 2000

• Recent OIG Comments Regarding CIAs “CIAs are designed to put the entity at the frontline of promoting

compliance.” Gregory E. Demske, Chief Counsel to the IG, OIG Outlook 2013 audio podcast

17

Individual Accountability and Certifications • Board Certifications

• Senior Management Certifications

18

• Recent CIAs have required organizations to adopt Risk Evaluation and Mitigation Programs designed to formalize ways organizations identify, track, and address compliance risks

Risk Management

19

IRO Testing

20

• CIAs often require an organization to engage an Independent Review Organization (IRO) to perform various types of reviews, such as:

Claims Reviews

Unallowable Costs Reviews

Arrangements Reviews

Systems Reviews

• Depending on the results of the IRO reviews, there could be additional testing

• IROs must be independent and objective

Evolving IRO Model: IRO Testing of New Issues

21

• Evolving model where testing is not limited to the issue that led to the CIA For example, short-stay admissions CIA may also include

IRO review of additional claims

• IRO claims review – designed to test specific risk areas Potential that new CIAs will require IRO claims review of

risk areas identified through risk assessment programs, through OIG data mining or other methods

Recent OIG Compliance Guidance

22

The Board’s Role in Compliance

23

• On April 20, 2015, OIG released a new Guidance Document for health care boards regarding their compliance oversight role; Other bodies involved in preparation of the guidance included Association of Healthcare Internal Auditors, American Health Lawyers Association and Health Care Compliance Association

The Board’s Role in Compliance

24

• The Guidance touches on: General expectations for Board oversight;

The roles of key organization functions (in particular, audit, compliance and legal);

Reporting structures;

Identifying and addressing regulatory risks; and

Encouraging accountability and compliance

25

• OIG recognizes that there is no “one-size-fits-all” compliance program design; Boards should evaluate the scope and adequacy of their compliance programs in light of the size and complexity of their organizations

• “A Board must act in good faith in the exercise of its oversight responsibility for its organization, including making inquiries to ensure:

(1) A corporate information and reporting system exists and (2) The reporting system is adequate to assure the Board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.”

Board Oversight of Compliance Program Functions

26

• OIG advises that “an organization’s Compliance Officer should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner”

• An effective compliance program requires that the compliance, legal, and internal audit functions be independent, with clearly delineated functions and reporting relationships

Roles and Relationships

27

• OIG highlights the following regulatory risk areas that it perceives as common to all health care providers: Referral relationships and arrangements;

Billing problems (e.g., upcoding, submitting claims for services not rendered and/or medically unnecessary services);

Privacy breaches; and

Quality-related events

• Boards should ensure that management regularly reviews and audits risk areas, and develops, implements and tracks the performance of corrective action plans

Identifying and Auditing Potential Risk Areas

28

• To set the tone that “[c]ompliance is an enterprise-wide responsibility,” OIG suggests that Boards may make compliance an element of evaluating the performance of all employees

OIG emphasizes that Boards should take steps to ensure that the organization’s compliance program proactively identifies and corrects compliance concerns, particularly in light of the ACA’s 60-day rule for identifying and returning overpayments

Encouraging Accountability and Compliance

Future Trends in Healthcare Fraud Enforcement Efforts

29

Future Trends in Healthcare Fraud Enforcement Efforts

30

1. Increased Focus On Criminal Healthcare Fraud Prosecution

2. Executives Under Scrutiny 3. Quality Of Care FCA Litigation

Increased Focus On Criminal Healthcare Fraud Prosecution

31

• New Criminal Division Review Process for FCA Cases Assistant Attorney General for the DOJ’s Criminal

Division Leslie Caldwell’s September 17, 2014, Remarks at the Taxpayers Against Fraud Conference All new qui tam complaints will be shared by the Civil

Division with the Criminal Division as soon as the cases are filed

The Criminal Division will review the qui tam complaint to determine whether to open a parallel criminal investigation

Former Hospital Executive Charged in Kickback Scheme

Executives Under Scrutiny THE NEW YORK TIMES NEW YORK THURSDAY, SEPTEMBER 27, 2012

32

Former OIG Chief Counsel Lewis Morris “Some hospital systems, pharmaceutical manufacturers, and other providers play such a critical role in the care delivery system that they may believe that they are ‘too big to fire’ and thus OIG would never exclude them and thereby risk compromising the welfare of our beneficiaries. We are concerned that the providers that engage in health care fraud may consider civil penalties and criminal fines a cost of doing business. As long as the profit from fraud outweighs those costs, abusive corporate behavior is likely to continue.”

33

Former OIG Chief Counsel Lewis Morris “One way to address this problem is to attempt to alter the cost-benefit calculus of the corporate executives who run these companies. By excluding the individuals who are responsible for the fraud, either directly or because of their positions of responsibility in the company that engaged in fraud, we can influence corporate behavior without putting patient access to care at risk.”

Congressional Testimony (March 2, 2011).

34

OIG Exclusion

• OIG has authority to exclude individuals and entities from federal healthcare program participation

• Types of Exclusions: • Mandatory (SSA § 1128(a)(1)-(3)) • Permissive (SSA § 1128(b)(1)-(15))

• Duration: Minimum of 1 year to permanent exclusion

35

36

§ 1128(b)(7) Permissive Exclusion Factors

1. The Circumstances of the Misconduct and Seriousness of the Offense

2. Defendant’s Response to Allegations/Determination of Unlawful Conduct

3. Likelihood that Offense or Some Similar Abuse Will Occur Again

4. Financial Responsibility

Quality of Care FCA Litigation

• Linkage to Data Expect qui tam relators and/or the Government to

contend that the payment structures and reporting measures set forth in various new quality programs materially affect payment and are thereby conditions of payment — and that violations trigger False Claims Act (FCA) liability

37

Data-Driven Quality Initiatives • Programs resulting from the ACA, the American Recovery

and Reinvestment Act (ARRA) as well as those initiated by OIG and CMS reflect an increased focus on quality

• The Health Information Technology for Economic and Clinical Health (HITECH) Act established the Electronic Health Record (EHR) Meaningful Use Program to provide financial incentives to providers to promote the adoption and meaningful use of certified EHR technology to improve patient care (ARRA, Public Law 111-5, Division A, Title XIII and Division B, Title IV)

38

Data-Driven Quality Initiatives (cont.) • ACA establishes numerous quality-related programs,

potentially exposing providers to increased liability for quality shortfalls; these include, among others: Medicare Physician Quality Reporting Improvements: financial

incentives and penalties for reporting or failure to report Physician Quality Reporting Initiative (PQRI) measures (PPACA §§ 3002, 3007)

Value-Based Purchasing Program: pays hospitals based upon how well they perform on specific quality measures (Id. § 3007)

39

Big Data • Data mining by government agencies, private companies,

and the media

“Now, a new federal database shows that many of the doctors who were the top billers for Lucentis were also among the highest-paid consultants for Genentech, earning thousands of dollars to help promote the drug. The data raises questions about whether financial relationships between doctors and drug companies influence treatment decisions, even though physicians maintain they cannot be swayed.”

THE NEW YORK TIMES MONDAY, DECEMBER 8, 2014

40

Questions and Discussion

41