Regulations require CEOs be informed of corporate efforts
Fraud activities like Bernie Madoff’s Ponzi scheme may be extreme, but nonetheless the message is clear: Regulators are on the prowl to unearth fraud, waste and abuse across all industries like never before.
The facts should make prevention of fraud and abuse one of the leading concerns of any C-suite executive who oversees the operations of a Medicare Advantage plan.
The Patient Protection and Affordable Care Act includes special provisions to aid the government in addressing fraud in healthcare while providing new incentives for whistleblowers. As a result, the Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) have increased their efforts to expose fraud and abuse in government programs and Medicare Advantage (MA) plans nationwide.
To even the casual observer, their results to date have been impressive-and particularly ominous to any CEO leading a managed care organization with federal healthcare program participation agreements. Nine Medicare Fraud Strike Forces are in place, enforcing a Department of Justice goal of increasing the nation’s healthcare fraud caseload by 5% in fiscal year 2013.
And why not? For every $1 spent during the last three years in these efforts, $7.20 has been returned to the Medicare Trust Fund.
For those MA plans found to be noncompliant, the fines are more punitive than ever-and in some cases having tripled. These dollars are being used by the Department of Justice and CMS to step-up their fraud detection activities. In its report to Congress, the OIG noted that for the period of October 2011 through September 2012, the Department of Health and Human Services and the OIG brought 778 criminal actions against individuals or entities for fraud or abuse, and filed charges against 107 individuals that amounted to $452 million in false billing.
Beyond direct financial penalties, there are other sanctions that CMS can impose on a health plan. Freezing enrollment, increased oversight audits, lowering star ratings and contract terminations or non-renewals, for example, can effectively put a health plan out of the Medicare Advantage business.
And the issue also gets personal. CEOs can now-for the first time-be held accountable for their corporate compliance shortcomings. No longer can a CEO claim “I wasn’t informed” or “I wasn’t in the loop.”
New regulations require that CEOs be informed of their corporate compliance efforts and the issues they unearth. In short, with the redoubled efforts of many governmental agencies to find and expose fraud and abuse, compliance is no longer a function that CEOs can assume is being effectively handled by others without direct oversight.
The law on compliance is not ambiguous. Federal Sentencing Guidelines state:
“The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
The issue therefore is no longer whether or not an MA plan CEO should become involved in compliance. Instead, it is what a CEO should demand in terms of a corporate compliance program that can withstand the harshest scrutiny.
The vast majority of compliance breaches are brought to the government’s attention by whistleblowers. Some of the most common issues that trigger an investigation relate to documentation and coding when submitting charges to CMS, physician contracts, leases and joint ventures, marketing practices and lapses in peer review.
To help provide direction in this area, the OIG in collaboration with the American Health Lawyers Assn. has issued an informative resource on corporate compliance. As an overview, it says that a health plan should have a formal structure in place headed by a compliance officer armed with the resources and authority to set goals, policies and procedures that ultimately are sanctioned by the board. An important component to any compliance program is the informed counsel of legal experts who specialize in healthcare compliance issues. The compliance officer should have the authority and autonomy to access legal counsel whenever questions arise in creating and enforcing corporate policies in this arena.
Here are some overarching policies and procedures that CEOs should implement to ensure their health plan stays compliant:
Set and enforce standards
Organizations should have a CEO-approved written code of conduct, and policies and procedures that are regularly updated to reflect the latest regulatory changes. Beyond behavioral standards, the compliance infrastructure should include a risk analysis process and separate measures to prevent, detect and respond to violations.
Communicate compliance expectations
Compliance officers should conduct or coordinate annual training with all employees (regardless of department) on the organization’s standards, stressing that compliance is everyone’s responsibility and will be enforced at all levels. In addition, health plans should orient all contractors and subcontractors on the code of conduct ensuring they implement required training on the compliance process that meets the organization’s standards.
Create a culture of non-retaliation
Health plans must create an environment that is supportive of reporting suspected fraud, waste and abuse. They should also be sure to operationalize this corporate stance with non-retaliation policies that signal zero tolerance for any managers who penalize those who flag non-compliance.
Conduct regular audits and monitor non-employees
Health plans should implement monthly screenings to identify any employees, providers, contractors or vendors who have sanctions or exclusions that would prohibit them from receiving funds directly or indirectly from federal programs such as Medicare or Medicaid.
Monitor reports on an ongoing basis
Compliance experts agree that there needs to be a regular reporting mechanism to top management and the governing board on compliance issues. U.S. Sentencing Guidelines refer to, at minimum, annual reporting while CMS’s Medicare Part D guidance supports a quarterly basis, or more frequently as necessary. Recent corporate integrity agreements with healthcare companies also require reporting four times per year.
Federal guidelines also expressly require that each organization periodically evaluate the effectiveness of its compliance program. Health plans should consider utilizing external experts to conduct the effectiveness review. Outside companies can provide perspective and experience. The best ones have gone through this process before and will present their findings in a clear and frank manner. In addition, an independent assessment of program effectiveness is stronger evidence of due diligence than an internally-generated assessment. The frequency and scope of effectiveness review assessments should be determined by the board, who should also learn about the findings from each effectiveness review.
Remember, health plans are only as vulnerable as their weakest link-and whistleblowers are everywhere. By taking personal, accountable responsibility for the integrity of their corporate compliance program, CEOs can help ensure they stay well within the government’s guidelines-and sanction-free.
Donovan Ayers is co-founder and vice president of regulatory compliance for Clear Vision Information Systems. Ayers has been working with health plans as it pertains to compliance for more than 20 years.