Hospital Compliance Program Attorneys and Services
We Help Hospitals Develop, Implement, and Manage Custom-Tailored Compliance Programs
Like all healthcare providers, hospitals are subject to extensive regulation and oversight. Hospitals must comply with a complex web of laws and regulations, and they must document their efforts so that they can demonstrate their compliance to state and federal authorities when necessary.
This starts with implementing a comprehensive and custom-tailored hospital compliance program.
At Oberheiden P.C., we rely on extensive experience in all aspects of healthcare compliance and defense to help hospitals do what is required. Our team includes career federal compliance and defense lawyers, former healthcare fraud prosecutors, and former high-ranking agents with the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) and other agencies. As compliance counsel for hospitals, we work closely with our clients to assess their risks and needs, and then we help our clients develop and implement compliance programs that are specifically designed to withstand federal scrutiny.
Regulatory Compliance, Corporate Compliance & Risk Mitigation Strategies for Hospitals Post Pandemic
Due to their size and the complexity of their operations, hospitals face unique regulatory compliance burdens. In order to avoid requests for recoupments, fines, and other penalties, hospitals must develop and implement comprehensive compliance programs that are carefully tailored to their individual risks.
With hospitals receiving nearly half of all fee-for-service payments from Medicare (46 percent as of 2015), they are constant targets for federal healthcare fraud audits and investigations. The U.S. Department of Health and human Services’ Office of Inspector General (OIG) publishes the results of some of its “Hospital Compliance Reviews” online, and the OIG is just one of multiple federal agencies that target hospitals for civil and criminal healthcare fraud investigations.
For hospitals, one of the most-effective tools for avoiding billing errors and other potentially-costly mistakes is a comprehensive and well-executed compliance program. Contrary to popular belief, a Health Insurance Portability and Accountability Act (HIPAA) compliance program is not enough. While a HIPAA compliance program addresses one significant aspect of hospitals’ statutory obligations, focusing solely on HIPAA compliance ignores the multitude of other federal laws and regulations that apply to Medicare, Medicaid, Tricare, and other program-participating healthcare providers.
Did you know?
- Medicare, Medicaid, Tricare, and the Department of Labor (DOL) healthcare benefit program all have their own unique sets of billing and compliance standards.
- The Anti-Kickback Statute, the Controlled Substances Act, the False Claims Act, and various other laws all have civil and criminal provisions that apply to hospitals and hospital administrators.
- Even if your hospital is compliant, if you cannot prove it with extensive documentation, your hospital could be at risk in the event of an audit or investigation.
- Hospitals cannot delegate their compliance obligations by contracting with physicians, independent laboratories, durable medical equipment (DME) companies, billing administrators, marketing groups, and other third-party service providers.
- Fee-for-service audit contractors (including MACs, RACs, and ZPICs) working with the Centers for Medicare and Medicaid Services (CMS) are financially incentivized to accuse hospitals of collecting overpayments during audits.
These considerations, along with many others, make it critically important for hospitals of all sizes and in all regions of the country to adopt comprehensive and custom-tailored compliance policies and procedures.
Healthcare Compliance Attorneys for Hospitals Nationwide
When developing a compliance program and implementing policies and procedures on an organization-wide basis, it is essential to work with federal hospital compliance attorneys who have a high volume of relevant experience. At Oberheiden, P.C., our team of hospital compliance consultants and former federal healthcare fraud prosecutors brings notable experience to helping hospitals establish, maintain, and prove compliance. Our attorneys have handled thousands of healthcare fraud audits and investigations, grand jury proceedings, and civil and criminal trials across the country, and we utilize the knowledge and insights gained from this experience to develop comprehensive compliance programs focused on avoiding the issues that lead to federal scrutiny.
Understanding the Requirements of an Effective Hospital Compliance Program
When assessing their compliance program needs, hospitals must look to several sources for guidance. One of these sources is the OIG’s Compliance Program Guidance for Hospitals. This is a set of regulations that spells out some of the OIG’s major expectations when it comes to hospital compliance—though it also makes clear that following the OIG’s guidance is not sufficient on its own. As the regulations state:
“There is no single ‘best’ hospital compliance program, given the diversity within the industry. The OIG understands the variances and complexities within the hospital industry and is sensitive to the differences among large urban medical centers, community hospitals, small, rural hospitals, specialty hospitals, and other types of hospital organizations and systems. . . . By no means should the contents of this guidance be viewed as an exclusive discussion of the advisable elements of a compliance program.”
With this framework in mind, a hospital compliance program should be designed to achieve a variety of goals. While the ultimate goal is comprehensive statutory and regulatory compliance, the OIG expects to see that hospitals are taking several specific concrete steps toward avoiding payor fraud and other types of violations. For example, according to the OIG, a hospital’s compliance program should:
- “Concretely demonstrate” the hospital’s “strong commitment to honest and responsible provider and corporate conduct;”
- Provide insight into any fraud and abuse committed by employees or contractors;
- Identify and prevent criminal and unethical conduct;
- Reflect the hospital’s unique compliance-related risks and needs;
- Improve the quality of patient care provided at the hospital;
- Create a “centralized source for distributing information on healthcare statutes, regulations, and other program directives related to fraud and abuse;”
- Encourage internal reporting of fraud and abuse, and provide a methodology for reporting;
- Establish procedures that allow for prompt and thorough investigation of alleged misconduct by providers, billing personnel, executives, and others;
- Facilitate “immediate and appropriate corrective action” upon the internal discovery of fraud or abuse; and,
- Allow for timely and comprehensive detection and reporting of fraud and abuse in order to “minimize the loss to the Government from false claims, and thereby reduce the hospital’s exposure to civil damages and penalties, criminal sanctions, and administrative remedies, such as program exclusion.”
Key Federal Healthcare Compliance Considerations for Hospitals
When it comes to hospital compliance, developing a comprehensive regulatory or corporate compliance program is just the first step in the process. Once developed, the compliance program must be thoroughly implemented, and then the hospital’s compliance efforts must be consistently monitored so that any violations can be remedied appropriately.
1. Corporate Compliance Program Documentation
For hospitals, healthcare corporate compliance programs must address all aspects of program billing compliance as well as the various other statutory and regulatory requirements that create potential liability exposure. These programs must be custom-tailored to each individual hospital’s particular requirements, and they must reflect a comprehensive understanding of the current legal framework governing program-participating healthcare providers.
While developing appropriate written policies, procedures, and protocols is a key (and substantial) first step, compliance documentation is an ongoing process. Not only must the hospital’s existing compliance documentation be reviewed and re-evaluated to ensure continued compliance when statutory or regulatory requirements change, but hospitals must generate and maintain documentary evidence of their routine and non-routine compliance efforts as well.
2. Employment and Independent Contractor Relationships
One area in particular where hospitals can face scrutiny from federal authorities is their classification of employees and independent contractors. While certain relationships can be legitimately established through independent contractor agreements, misclassification of individuals who qualify as employees under federal tax law can lead to issues with federal healthcare regulators. Certain types of independent contractor relationships are also particularly likely to garner questions from federal authorities (including any relationships where compensation is paid on a percentage basis), and these relationships must be carefully structured and documented to ensure that they are fully compliant with federal law.
3. Initial and Ongoing Training and Education
Once the initial compliance documentation has been drafted, hospital administrators, working with the hospital’s legal counsel, must execute a systematic plan for providing organization-wide training and education. Training and education efforts should be appropriately tailored to the needs of employees in all of the hospital’s various departments, and they should focus on explaining the hospital’s compliance obligations as well as what employees can (and should) do to avoid statutory and regulatory violations.
4. Marketing Considerations
While it may not seem like it, marketing is a high-risk area when it comes to regulatory compliance for your hospital. In particular, arrangements with marketing groups are likely to trigger federal inquiries, with federal agents looking for evidence that the hospital is unlawfully using program-reimbursed funds to pay for Medicare, Medicaid, Tricare, or DOL patient leads. While hospitals can lawfully engage third-party marketing agencies to help them generate business, when doing so they must execute carefully-drafted agreements that have their compliance obligations and the risk of marketer non-compliance in mind.
5. Contracting Considerations
In order to address the risk of marketer non-compliance and to avoid other issues arising out of third-party compliance issues, hospitals should include adequate contractual protections in their third-party agreements. Indemnification and mandatory insurance clauses are common (although these clauses must be carefully tailored to the particular liability risks and exposure involved), as are other forms of contractual protections. Mitigating risk through contracting is a critical aspect of compliance with regard to agreements with independent physicians, testing labs, DME suppliers, and other entities.
6. Billing and Coding Compliance
When most people think of Medicare, Medicaid, Tricare, or DOL compliance, the administrative aspects of program billing are what come to mind. Billing and coding compliance are indeed critical, and hospitals must often undertake exhaustive measures to ensure that their billing administrators (either in-house or third-party) have the knowledge and commitment required to consistently avoid billing and coding mistakes.
In addition to adopting billing and coding compliance policies and implementing adequate compliance procedures, hospitals must ensure that they are adequately documenting the justification for their program billings as well. When auditors or federal agents come calling, having documentation to substantiate claims of medical necessity and track the delivery of DME can help avoid more-invasive inquiries with a higher potential for subsequent legal proceedings.
7. Violation Reporting
Hospitals should encourage employees to report suspected compliance issues. Reporting procedures should be covered during training, and employees should be provided with a clear chain of command so that they know how and where to report possible violations. Employees should have the option to report compliance concerns anonymously, and it should be made clear that reporting is an integral component of their job responsibilities.
8. Violation Response
Once a violation has been reported, appropriate investigative and remedial measures must be undertaken promptly. These efforts should generally be overseen by the hospital’s compliance officer, who should also be tasked with conducting (or managing) routine compliance audits and assessments. In some cases, hospitals may have an obligation to report violations to CMS, the OIG, or other agencies. If this is the case, an appropriate disclosure should be promptly prepared with the assistance of the hospital’s compliance counsel.
We have touched on recordkeeping, but it bears repeating: When it comes to defending against a federal healthcare fraud audit or investigation, thorough documentation can be essential to avoiding substantial financial liability and other penalties. Hospitals’ federal healthcare compliance programs should include comprehensive recordkeeping provisions, and the importance of adequate recordkeeping should be emphasized to personnel at all levels of the organization. This is why it’s important to have experienced hospital compliance consultants working with your team.
10. Defense of Audits and Investigations
Finally, in the event of an audit or investigation, the hospital’s compliance program should serve as both a resource for responding to auditors and investigators and as the key source of evidence against any potential allegations of noncompliance. The compliance program should include protocols for engaging defense counsel, assembling a response team, preserving records, and executing other key defense measures, and it should instill confidence that any allegations of billing fraud, Anti-Kickback Statute violations, or other compliance issues will be resolved in the hospital’s favor.
FAQs: Managing a Hospital Compliance Program
What Are the Requirements for Hospital Compliance Programs?
A hospital compliance program must address all statutory and regulatory requirements that apply to the hospital’s operations. This includes HIPAA compliance, anti-kickback compliance, billing compliance, prescription drug compliance, and much more. Every hospital in the United States must develop and implement a compliance program that is custom-tailored to its unique risks and needs.
How Do I Know if My Hospital’s Compliance Program is Adequate?
Determining whether your hospital’s current compliance program is adequate involves conducting a comprehensive internal compliance audit. To ensure that this audit is both comprehensive and unbiased, it should be conducted by experienced outside healthcare compliance counsel. After conducting the audit, your hospital’s outside counsel should be able to identify any compliance deficiencies and develop appropriate policies, procedures, and remediation strategies.
How Do I Conduct a Hospital Compliance Audit?
Conducting a hospital compliance audit is a complex, multi-step process that requires an in-depth understanding of all pertinent laws and regulations. The first step in the process is to engage a law firm that has specific (and extensive) experience representing hospitals with respect to all aspects of state and federal healthcare compliance.
What Are the Risks of Non-Compliance for Hospitals?
For hospitals, the risks of non-compliance can be substantial. Government audits and investigations can lead to substantial penalties, including recoupments, fines, and program exclusion (i.e., Medicare or Medicaid exclusion). If a government audit or investigation uncovers evidence of intentional or willful compliance failures, the hospital’s executives and board members can potentially face criminal prosecution as well.
Do Hospitals Need to Engage a Law Firm for Compliance?
Due to the substantial risks of non-compliance, all hospitals should engage a law firm to help them effectively manage their compliance obligations. When choosing a law firm, hospital leaders should focus on engaging a firm with lawyers who focus their practice in the areas of federal healthcare compliance and defense.
Speak with a Hospital Compliance Attorney at Oberheiden, P.C.
Our hospital compliance lawyers are available to speak with hospital administrators and executives across the country regarding their facilities’ compliance obligations. If you have questions and would like to speak with a member of our compliance team in confidence, please call 888-680-1745 or request a free initial consultation online today.