Durable Medical Equipment (DME) Company Compliance
Durable medical equipment (DME) companies are subject to unique standards and requirements under Medicare and the other federal healthcare benefit programs. In order to mitigate their risk of facing federal charges as a result of a healthcare fraud investigation, DME companies must adopt (and adhere to) comprehensive compliance programs.
Like all service providers and suppliers that bill Medicare, Medicaid, Tricare, and the Department of Labor (DOL), durable medical equipment (DME) companies are subject to a comprehensive set of rules and regulations. These rules and regulations govern virtually all aspects of DME companies’ businesses, from how they bill for equipment and supplies to how they structure their relationships with doctors and other healthcare providers.
In order to bill Medicare, DME companies must demonstrate that they meet the quality standards established by the Centers for Medicare and Medicaid Services (CMS), and they must obtain accreditation from a CMS-approved Accreditation Organization. However, these are just the first steps in an ongoing compliance process. Like all healthcare businesses that bill Medicare, Medicaid, Tricare, and the DOL, DME companies are subject to constant scrutiny by CMS and other agencies, and billing violations and other mistakes can trigger costly penalties.
Federal Compliance Counsel for DME Companies
Oberheiden, P.C. is a federal healthcare law firm that represents DME companies and other clients across the country with regard to compliance, investigations, and civil and criminal prosecutions. Our attorneys work closely with our clients to develop comprehensive compliance programs that are custom-tailored to their unique business needs, relying on centuries of combined experience in federal healthcare fraud matters. In addition to attorneys who have spent their entire careers representing DME companies and healthcare providers, our compliance team also includes several former federal healthcare fraud prosecutors, and we utilize the insights gained from this government experience to help DME companies structure and implement compliance programs capable of fending off charges in the event of a federal investigation.
While DME companies face many of the same compliance challenges as other businesses and healthcare providers, they face some unique challenges as well. From marketing to billing, and from cultivating relationships with physicians to dealing directly with CMS and other federal agencies, DME company executives and managers must be cognizant of the compliance risks involved in all aspects of their companies’ day-to-day operations. At Oberheiden, P.C., we have an intimate understanding of these risks, and we have a proven track record of providing our clients with the information and tools they need to manage these risks successfully.
The OIG’s “Elements of an Effective Compliance Program” for DME Companies
Along with CMS, the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) is among the agencies primarily responsible for investigating and prosecuting DME companies and healthcare providers suspected of billing violations, unlawful compensation arrangements, and other forms of program fraud. In an effort to help DME companies comply with their legal and regulatory obligations, the OIG has published a list of “7 fundamental elements applicable to an effective compliance program.” These elements are:
1. “Implementing written policies, procedures and standards of conduct.”
Thorough documentation is critical to an effective healthcare compliance program. For DME companies, this includes developing written, policies, procedures, and standards of conduct relating to:
- Medicare, Medicaid, Tricare, and DOL billing compliance;
- Contracts and financial relationships with doctors and other third-party providers;
- Marketing efforts for durable medical equipment and supplies;
- Dissemination of information on a company-wide scale; and,
- Identifying, assessing, and remedying potential compliance issues.
In order for these types of compliance documentation to be effective, they must be custom-tailored to the organization as well as the specific government healthcare benefit program(s) being billed. Medicare, Medicaid, Tricare, and the DOL all have their own unique billing rules and compliance regimes, and DME companies that focus solely on Medicaid or adopt more-general compliance standards will be setting themselves up for problems should they face scrutiny from federal authorities.
2. “Designating a compliance officer and compliance committee.”
Healthcare compliance is an active process. Preparing the necessary documentation is not sufficient in itself, but instead should be viewed as a means for implementing adequate compliance mechanisms and protocols on a company-wide basis. This includes designating a compliance officer and establishing a compliance committee. The compliance officer’s role should be clearly documented as well, and should involve proactively assessing and addressing potential compliance issues throughout the company. The compliance committee should serve in an advisory capacity, helping company leaders make critical decisions when faced with challenging compliance issues.
3. “Conducting effective training and education.”
Ongoing compliance efforts should also include providing training and education to company employees. Even if a company has a comprehensive compliance policy, if there is no evidence to indicate that the information contained in the policy has been distributed to appropriate personnel in a meaningful manner, then the policy itself is highly unlikely to protect the company against federal prosecution. As a result, not only should training and education programs be developed and conducted by qualified individuals, but all training and education sessions should be thoroughly documented as well.
4. “Developing effective lines of communication.”
Beyond initial and ongoing training and education, appropriate lines of communication should be established so that company personnel know when, how, and to whom to report potential compliance issues. Internal reporting of compliance issues should be openly encouraged, and employees should know exactly where to look if they need information regarding the company’s compliance program or its obligations under Medicare, Medicaid, Tricare, or the DOL healthcare benefit program.
5. “Enforcing standards through well-publicized disciplinary guidelines.”
While DME companies should seek to promote a culture of transparency and compliance, they must also have adequate disciplinary guidelines to ensure that employees are disincentivized to engage in billing and coding violations and other improper practices. To this end, DME companies must adopt appropriate written guidelines that satisfy their compliance obligations while also appropriately addressing all relevant state and federal employment law considerations.
6. “Conducting internal monitoring and auditing.”
Compliance monitoring should be a systematic and routine practice conducted in such a way as to identify potential issues as soon as possible after they arise. The task of compliance monitoring should be assigned to an appropriate individual who is capable of identifying potential compliance issues in all aspects and at all levels of the business, and who is in a position to assess the business’s compliance efforts from a completely unbiased perspective.
7. “Responding promptly to detected offenses and developing corrective action.”
Finally, if the compliance officer or compliance committee detects a compliance concern, or if an employee reports a potential violation, appropriate measures should be taken to respond. The company’s compliance documentation should specify appropriate response protocols, including the chain of command, and corrective action should be commenced immediately.
How To Select a DME Defense Attorney
Additional Considerations for DME Company Healthcare Compliance
As noted in the OIG’s guidance, “[g]iven the diversity within the industry, there is no single ‘best’ DMEPOS supplier compliance program.” As a result, while the above elements can be viewed as a baseline for most companies, specificity is key, and in many cases more will need to be done. Based on our attorneys’ experience, some additional important compliance considerations for DME companies include:
- Documentation vs. Good Documentation. There is documentation, and then there is good documentation. While having a documented compliance program is absolutely essential, documenting mediocre, non-specific, and insufficient efforts to comply with federal law and the Medicare, Medicaid, Tricare, and DOL billing regulations can serve to confirm federal authorities’ suspicions that a DME company’s practices are noncompliant.
- Mischaracterization of Employees. Paying percentage-based compensation to individuals who have been characterized as independent contractors will often be viewed as a red flag for the unlawful diversion of program-reimbursed funds. When structuring relationships with marketers, medical directors, and other individuals, particular care needs to be taken to ensure that the compensation structure is legally compliant.
- Third-Party Marketers and Billing Administrators – Relationships with third-party marketers and billing administrations can be dangerous from a compliance perspective if they are not structured and documented appropriately. Buying leads for Medicare beneficiaries can be dangerous, as can relationships that appear to involve improper payments for program beneficiary referrals. Similar, while third-party billing administrators often claim to be experts in their field (and, to be fair, some of them are), delegating compliance to a third-party provider does not absolve a DME company of its legal and regulatory obligations.
- DME Sales in Telemedicine. Despite the benefits of providing patients with access to telemedicine, the telemedicine industry is heavily scrutinized by federal authorities, and high volumes of DME sales are particularly likely to trigger federal investigations. While there is nothing inherently illegal about telemedicine practice, in order to avoid unwanted scrutiny, DME companies involved in telemedicine must be particularly careful to tailor their compliance programs accordingly.
What is Physician Compliance?
As a physician, your entire body of education and training has been focused on patient care. Unfortunately, the reality is that this is just one aspect of operating a medical practice. In order to treat your patients, you must build a compliant practice, and you must ensure that your employees, your third-party billing administrators, your other vendors, and you personally remain attuned to the risks of noncompliance at all times.
So, as a physician, what does “compliance” mean to you? For physicians who bill Medicare, Medicaid, Tricare, and the DOL healthcare program, a comprehensive compliance program will typically cover the following:
1. Practice Structuring and Organization
As an independent physician, or as a member of a physician group or joint practice, compliance starts with the structuring and organization of your practice. Our attorneys can help you choose the appropriate business entity type and organizational structure, and we can prepare and file all of the documentation needed to establish your practice in a way that does not raise questions for federal authorities.
2. Billing and Coding Compliance
For program-participating physicians, billing and coding compliance is typically the most visible and most burdensome aspect of compliance. While most physicians work with third-party billing administrators, hiring a billing company to handle your Medicare, Medicaid, Tricare, or DOL coding does not alleviate you of your legal responsibilities. Not only must physicians ensure that they are providing their billing administrators with the information they need to submit lawful reimbursement requests, but they must maintain adequate oversight over their program billings as well.
3. Substantiation of Reimbursement Claims
A common issue in audits and investigations targeting physicians is lack of documentation. Even if your program billings are compliant, if you cannot prove it, you run the risk of being fined, facing recoupments, and potentially facing other penalties as well. As a result, physicians must develop standards and protocols for adequately substantiating their reimbursement claims. This include, but is by no means limited to, establishing that all tests, treatments, and medications satisfy the relevant program’s definition of “medical necessity.”
4. DEA Registration Compliance
Physicians who prescribe and dispense medications must register with the Drug Enforcement Administration (DEA). DEA registration involves its own universe of compliance requirements, and physicians must be extremely careful to avoid mistakes that could trigger allegations of Controlled Substances Act violations.
5. Marketing Compliance
As a business owner, you will likely need to market your practice in order to be successful. While it is entirely possible to market a medical practice within the confines of federal law and the ethical standards imposed by state medical licensing boards, it is also very easy to make costly mistakes. For example, one of the most-common marketing-related compliance issues for private physicians involves the payment of referral fees to marketing companies. Even if the payments you make are not specifically labeled as “referral fees,” if they run afoul of the prohibitions of the Anti-Kickback Statute, they could put your practice in jeopardy.
6. Relationships with Suppliers and Other Healthcare Providers
Relationships with suppliers and other healthcare providers will often raise Anti-Kickback Statute implications as well. From pharmaceutical companies and durable medical equipment (DME) suppliers to testing labs and referring physicians, any type of relationship that directly or indirectly involves the transfer of Medicare, Medicaid, Tricare, or DOL-reimbursed funds must be carefully structured in order to avoid compliance concerns.
7. Stark Law Compliance
While the Stark Law is similar to the Anti-Kickback Statute in that it prohibits the payment of unlawful referral fees, it has a number of important unique aspects as well. For example, unlike the Anti-Kickback Statute (which applies to all program participants), the Stark Law applies specifically to physicians and their related entities. Engaging in unlawful “self-referral” practices can trigger substantial penalties, including the potential for Medicare and Medicaid exclusion.
8. Internal Compliance Monitoring
For physicians (and for all types of healthcare providers), federal healthcare compliance needs to be an active process. Once compliance policies, standards, and procedures have been established, the practice’s compliance efforts must be monitored on an ongoing basis. This includes internal auditing of program billings, review of compliance efforts to ensure that they remain up-to-date, and providing a way for personnel to confidentially report potential compliance issues.
9. Violation Response
In the event that an issue is identified, a physician practice’s compliance documentation should specify guidelines for violation response. Depending upon the nature and severity of the issue, this may include executing a remedy internally, modifying standards and procedures to avoid similar issues in the future, and potentially reporting the issue to federal authorities. Importantly, while the practice’s violation response guidelines should serve as a resource for the initial response, physicians will typically want to discuss any apparent violations with their compliance counsel before taking responsive measures.
10. Audit and Investigation Response
Even if your practice is fully compliant, there is a good chance that it will at some point become the focus of an audit or federal investigation. If you are contacted by auditors or federal agents, you need to be extremely careful, and you need to follow an established protocol in order to avoid potentially-dangerous mistakes. While dealing with auditors or investigators is a matter that should generally be handed over to legal counsel, there are steps that physicians can (and potentially should) take promptly in order to mitigate their risk of being federally charged.
DME Defense Attorney: What to Do
Components of a Comprehensive Physician Compliance Program
With these considerations in mind, a comprehensive physician compliance program will typically consist of a number of different components. All compliance documents should be custom-tailored to the unique aspects of a physician’s practice, and ongoing compliance efforts should reflect the particularities of the physician’s practice as well. When we develop compliance programs for physicians, some of the key types of documents we typically prepare include:
- Business organization forms and governing documents (such as a partnership agreement, shareholder agreement, or member agreement)
- Employment and independent contractor agreements
- Marketing agreements
- Billing administrator agreements
- Compliance policies and procedures
- Record retention policies and procedures
- Employee manuals and standards of conduct
- Training materials
- Monitoring, reporting, and response guidelines
- “Emergency response” documentation for audits and investigations
With an effective compliance program in place, physicians can protect themselves against the risk of civil or criminal prosecution for Medicare, Medicaid, Tricare, or DOL fraud. To discuss your practice’s compliance needs in a complimentary initial consultation, please contact us today.
Contact the Federal Healthcare Compliance Lawyers at Oberheiden, P.C.
If you would like to speak with one of our lawyers about your DME company’s compliance needs, we encourage you to get in touch. To get started with a free and confidential consultation, please call 888-680-1745 or inquire online today.