Plans must be prepared to protect against fraud

May 1, 2007

Healthcare organizations are intimately familiar with intense prosecutorial scrutiny resulting from the government's battle against fraud and corruption. There are prominent examples of focused federal fraud investigations, resulting in hefty settlements. Congress has now enlisted the healthcare industry in their campaign against fraud.

Healthcare organizations are intimately familiar with intense prosecutorial scrutiny resulting from the government's battle against fraud and corruption. Tenet Healthcare, Medco Health Solutions and Omnicare are prominent examples of focused federal fraud investigations, all resulting in hefty settlements. Congress has now enlisted the healthcare industry in their campaign against fraud by establishing educational obligations for fraud, waste and abuse.

Revisions to the Deficit Reduction Act of 2005 (DRA), signed into law on February 8, 2006, and effective January 1, 2007, make adoption of written policies concerning detection and reporting of fraud a condition of Medicaid reimbursement. Failure to comply could result in non-payment of claims, as well as possible exposure under the False Claims Act. Sec. 6032 of the DRA now requires entities receiving at least $5 million in Medicaid payments to:

It is clear organizations affected by these new requirements must immediately establish written policies and procedures regarding detection and prevention of fraud. Affected entities include: insurance companies, health maintenance organizations, pharmaceutical companies and drug manufacturers, medical equipment suppliers, medical laboratories, medical practices and physicians, and pharmacies. Implicit in the requirements is an obligation to educate all employees, contractors and agents, regardless of position or employment level, on their rights and responsibilities under the organization's new or revised policies and procedures.

Ten key elements comprise a successful fraud awareness and enterprise compliance program:

1. Employ a compliance officer. This should be a senior level position with adequate budgetary and organizational support. This position should also have adequate authority to create, promote and enforce all compliance policies and procedures.

2. Conduct a risk assessment. An initial evaluation should be conducted to determine the depth of risk posed by financial fraud and misconduct concerns as well as other legal and ethical risk areas.

3. Establish a code of conduct. If a code of conduct policy does not exist, one should be created. This document is the framework of a successful compliance program and should clearly communicate the organization's ethical values and expectations for employee behavior at work. This document should also detail procedures and policies surrounding fraud detection and elimination, as well as the requirements of the False Claims Act, other anti-fraud laws and information regarding whistleblower protection.

4. Review and revise existing policies. Codes of conduct and other existing policies and training should be revised so anti-fraud and compliance messages are communicated consistently to employees. The text should reflect the organization's ethics, culture and communication style.

5. Establish a helpline or ethics line. Employees need an outlet to confidentially and anonymously report potential violations of the law and company policy, as well as to raise general compliance concerns.

6. Communicate to and train employees. Communication and training should be delivered relative to the risk posed by employment responsibilities and functions. Anti-fraud training should be delivered to all employees, regardless of position or employment level.

7. Periodically evaluate and revise policies, training and organizational communications. Determine whether anti-fraud policies and compliance training are adequate given changing legal standards, enterprise risks and best practices among peer organizations.

8. Ensure an appropriate response is made to all reports of fraud and compliance violations. It is critical that reports of misconduct or potential misconduct are investigated, appropriately escalated and resolved.

9. Periodically evaluate employee understanding and awareness of policies and procedures concerning fraud. Organizations should conduct various formal and informal surveys and information gathering efforts to gauge employee understanding and awareness.