The ever-expanding realm of health care regulation, most clearly demonstrated in the adoption and implementation of the Affordable Care Act (“ACA”), necessitates a paradigm shift in today’s health care market and in the way physicians approach compliance and the practice of medicine. By design, the ACA compels health care providers to find ways to achieve the competing goals of lowering health care costs and spending while simultaneously improving the quality of care for their patients. The burdens of the ACA have prompted many health care providers to modify or completely transform their business models in order to survive in a value-based purchasing environment.
Physician practices have not been immune to the impact of regulations and changing payment models, and many physicians are choosing to leave private practice, or leave the practice of medicine altogether, rather than undertake the burden of compliance with the regulations. A 2016 survey of physicians by the Physicians Foundation found, on average, physicians currently spend over 11 hours per week on non-clinical paperwork, which is over 21 percent of their workweek. Over 58 percent of the physicians surveyed indicated that regulatory burdens and the associated paperwork were among the least satisfying factors, and was driving many to reduce their patient load or leave the practice of medicine. Therefore, it is no surprise that the percentage of physicians operating as owners or partners in a practice, has dropped from 48.5% in 2012, to 32.7% in 2016.
Those small physician practices that remain are among the most committed to maintaining their independence. However, many are struggling with ways to maintain their private practice in the face of the economic realities of the cost of compliance, both in time and money. One possible prescription for physician practices to economically address many of these concerns, is to partner with a third party to provide the compliance functions required by the ACA. A third party arrangement can economically minimize the risk of non-compliance, while allowing physicians to confidently focus on the care and treatment of their patients.
Despite the fact that most physicians make decisions they consider to be in the best interest of their patients, there is no doubt that fraud, waste, and abuse exists in the Federal health care system. The Health and Human Services’ Office of Inspector General (the “OIG”) reported a recovery of more than $3 billion of improper health care payments for the Fiscal Year 2015, alone! However, what may be even more distressing to health care providers is the fact, in the same year, the OIG also reported exclusions of 4,112 individuals and entities from participation in Federal health care programs. In addition, there were 925 criminal actions and 682 civil actions against individuals or entities, for violations of Federal health care law and regulations.
With the advent of electronic claim submissions, data analytics is proving to be a very efficient and effective way to identify possible violations of health care regulations. The Medicare Fraud Strike Force (“Strike Force”) uses data analytics and the combined resources of Federal, State, and local law enforcement entities to combat and prevent health care fraud. Essentially, this provides the ability to conduct instant, or continuance, audits of any provider or group of providers. In just one nationwide action in 2014, the Strike Force brought civil and criminal charges against 89 individuals, including doctors, nurses and other licensed medical professionals. It is not unreasonable to expect a continued expansion of this type of action.
Of course, requirements for compliance with Federal health care laws and regulations pre-date the ACA. However, the ACA requires physicians to implement a Compliance Program as a condition of participation in Federal health care programs and provides expanded powers for the enforcement of statutes designed to combat fraud and abuse. Although the final rule for small physician practices has not yet been adopted, guidance by the OIG makes it clear that, the key factor in minimizing exposure for non-compliance is the adoption and implementation of an effective Compliance Program. Conversely, the absence of an effective Compliance Program can increase the likelihood of violations and be an aggravating factor in determining the punishment to be imposed under the Sentencing Guidelines for violations.
Accordingly, the OIG advises providers to immediately begin to make compliance plans a priority. As the Chief Health Counsel at Emory University in Atlanta stated, “If practices do not implement compliance plans and follow them strictly, they put themselves at huge risk.”
Having an effective and robust compliance plan in place is one of the most effective actions a physician’s practice can take to avoid running afoul of the False Claims Act, Stark, Anti-Kickback, HIPAA, or any of the other numerous Federal and state health care laws and regulations. Under the Sentencing Guidelines, the absence of an effective Compliance Program is actually considered an aggravating factor that increases the “culpability score” used to determine sentencing. Conversely, having an effective Compliance Program can lower the provider’s starting “culpability score” under the Sentencing Guidelines and result in lesser punishment for violations.
However, it is critical that physician practices ensure they do not create an ineffective program that fails to identify and prevent non-compliance with health care regulations. While failure to implement an effective program can be interpreted as “willful ignorance” or “reckless disregard,” sufficient to meet the “knowing” standard for liability, implementation of an ineffective Compliance Program could be evidence of intent to create an artifice to defraud the government.
To establish a Compliance Program that is effective, physician practices should consider the core elements of an effective Compliance Program set forth by the OIG and the Federal Sentencing guidelines. The more closely a physician practice can economically implement each core element, the more likely it is to limit its potential exposure for fraud, waste, and abuse. Alternatively, the more a physician practice deviates from the core elements, the more they potentially expose the practice and the physicians to greater liability.
The OIG/HHS considers there to be seven core elements of an effective Compliance Program:
i. Written Policies, Procedures, and Standards of Conduct
ii. Compliance Program Oversight
iii. Training and Education
iv. Open Lines of Communication
v. Auditing & Monitoring
vi. Consistent Discipline
vii. Corrective Action
Although OIG guidance allows for the consideration of economic restraints on small physician practices as they develop a Compliance Program, enforcing authorities are beginning to cast aside these allowances. Therefore, a practice that fails to implement a complete and effective Compliance Program, risks increased exposure for civil and criminal penalties, as well as increased potential for exclusion from participation in the Medicare and Medicaid systems.
Available evidence shows that small physician practices can economically reduce potential exposure for violations by partnering with third party vendors to provide compliance oversight. A study conducted by the Ponemon Institute in 2011 looked at organizations that were required to protect sensitive and confidential information and found, on average, the cost of non-compliance was 2.65 times higher than the cost of compliance. When looking only at only health care, the gap between the cost of non-compliance and compliance was even greater than average. With a difference of 72 percent in the cost of compliance, versus the cost of non-compliance with privacy regulations in the healthcare industry, the return on investment for compliance is over $3 for every $1 expended. This indicates that the cost of establishing an effective healthcare Compliance Program is significantly less than the cost of failing to invest in compliance or wasting money on an ineffective Compliance Program.
However, many small physician practices lack the resources to hire an experienced professional as a full-time compliance officer, and are forced to rely upon staffer who assume that role as one of their many other duties; often without adequate knowledge of the complex regulations involved. A growing number of health care providers are choosing instead, to out-source compliance functions. While outsourcing can be advantageous for large providers, several studies have shown that it can be even more beneficial for smaller organizations.
Furthermore, an independent attorney with specialized knowledge of health care regulations is ideally suited to serve the interest of the small physician practice in implementing a Compliance Program that is both effective and cost efficient. A third party arrangement with an attorney who is well versed in health law allows physician practices to control the cost of compliance, and provide an effective program within their budgetary constraints. Moreover, such an arrangement can free up the time of physicians and their staff, allowing them to focus on the purpose for which they chose a profession in health care – providing quality care to their patients. The result may be, as one physician succinctly stated, “I can sleep better at night.”
Providers should be wary, however, of utilizing their general counsel to fulfill compliance obligations. In most instances, utilizing general counsel for compliance functions raises red flags for investigators, and can be considered indicia of efforts to circumvent or conceal violations. While general counsel’s advice can be invaluable if a physician’s practice becomes the target of an audit or legal action, investigators generally believe that general counsel tells you “whether you can do something,” and “compliance tells you whether you should." In evaluating your Compliance Program, the investigators will want to see evidence that these voices were distinct in a practice’s decisions related to implementation of a Compliance Program.
If you are a physician in a small practice, you may want to give this article to your general counsel and get their opinion. If you or your general counsel have any questions about the use of a third party to develop or implement an effective Compliance Program, please feel free to call or email Dennis G. Sadler of Leitner, Williams, Dooley & Napolitan for further information.