Does Your Practice Accept Medicare or Medicaid? You Need a Fraud, Waste, and Abuse Compliance Plan

Fighting healthcare fraud, waste, and abuse is a government priority. To avoid trouble, every medical practice needs to understand the laws and develop a custom-tailored compliance plan.

(Updated April 18, 2023)

For healthcare practices, there’s a team of special agents that’s more feared and revered than the FBI — and that’s the Department of Health and Human Services, Office of the Inspector General’s (HHS-OIG) special agents. Charged with investigating healthcare fraud, the Office of the Inspector General’s agents have broad investigative authority. From maintaining its own Most Wanted Fugitives list to staffing a fraud hotline to raiding medical practices suspected of violating federal law, the OIG special agents can be a healthcare professional’s worst nightmare.

Medicare Fraud Enforcement:  a Bipartisan Priority

Investigating and prosecuting Medicare fraud is a priority of the federal government – and it’s one of the few things that Republicans and Democrats can agree upon in Washington. These investigations make money for the federal government, so consider enforcement to be the federal government’s biggest ongoing fundraiser.

The Department of Justice and HHS have combined their efforts to create the HEAT team (Health Care Fraud Prevention and Enforcement Action Team) – “comprised of top-level law enforcement agents, prosecutors, attorneys, auditors, [and] evaluators…” They’re the healthcare fraudster’s equivalent of having a bloodhound on your trail.

For the government, these enforcement actions serve primarily to recover money that is rightfully theirs. In FY 2021, the HHS-OIG:

• pursued healthcare audits and investigations which recovered approximately $4.1 billion for the federal government — which resulted in an ROI of $12 to $1
• secured judgments and settlements in healthcare fraud cases which recovered over $5.0 billion – an ROI of $4 to $1
• conducted investigations that led to 504 criminal cases being filed against individuals or entities that engaged in Medicare or Medicaid-related crimes
• uncovered the evidence for 669 false claims or unjust enrichment-related civil actions against individuals or entities
• excluded 1,689 entities from participation in Medicare, Medicaid, and other federal healthcare programs

Thanks to the findings of the HHS-OIG, the Department of Justice opened 831 new criminal healthcare fraud investigations and 805 new civil healthcare fraud investigations. Meanwhile, the FBI disrupted the operations of over 559 criminal fraud organizations and dismantled the criminal leadership of more than 107 healthcare fraud criminal enterprises

Penalties for Fraud, Waste, and Abuse

The Office of the Inspector General (OIG) at the U.S. Department of Health and Human Services (HHS) is the federal agency responsible for dealing with Medicare fraud, waste, and abuse. The HHS-OIG enforces the following laws, among others:

False Claims Act (FCA)

If you “knowingly” file a false or fraudulent reimbursement claim with Medicare or Medicaid, that constitutes a violation of the FCA – meaning that you may be fined up to three times the government’s losses plus an additional $11,000 per claim. In this context, a “knowing” violation need not be intentionally fraudulent. You and/or your practice could be sued under the FCA if your reimbursement claim was simply reckless or deliberately ignorant with respect to compliance. In some cases, physicians and other providers have been charged with criminal violations of the FCA and sentenced to prison.

Anti-Kickback Statute 

If you “knowingly and willfully” exchange remuneration for a referral of services payable by a federal program (i.e., Medicare), you can be pursued with criminal prosecution and civil penalties for an Anti-Kickback Statute violation. For violating the AKS, you can receive criminal penalties of up to $25,000 and 5 years in prison. The statute also provides that the HHS-OIG can pursue civil penalties of up to $50,000 per violation plus three times the amount of any government overpayment to your practice. These penalties apply to the party receiving or making the kickback.

Stark Law

Also known as the “Physician Self-Referral Law,” the Stark Law is a civil statute which prohibits physicians from referring patients for designated health services paid for by Medicare to any entity with which the physician (or the physician’s immediate family member) has a financial relationship. The Stark Law is a strict liability statute, so the physician’s intent to violate the law or participate in an improper referral is irrelevant to the determination of his or her liability. Stark Law violations are investigated by HHS-OIG, which can pursue penalties of up to $15,000 for each violation plus three times the amount of the government overpayment

Exclusion Statute

If you or your practice is convicted of certain healthcare fraud-related offenses, HHS-OIG is legally required to exclude you from participating in all federal healthcare programs like Medicare and Medicaid. Certain non-fraud offenses can also result in exclusion, such as those relating to financial misconduct or improper dispensing of controlled substances. If excluded from participation, you cannot bill for your services, even if you render them indirectly through a group practice. An excluded physician’s referrals, orders, and prescriptions are also non-reimbursable by any federal healthcare program. All practices are responsible for ensuring that they do not employ or contract with excluded providers or entities.

Elements of Mandatory Compliance

HHS-OIG provided compliance program guidance in 2000 which was specifically designed for “individual and small group physician practices,” and the Affordable Care Act (ACA) subsequently made a compliance program a mandatory condition of enrollment in Medicare and Medicaid. This compliance program mandate aims to help physician practices “prevent and reduce improper conduct.” Pursuant to OIG guidance, an effective compliance program includes the following seven components:

1. Develop written and standards and procedures for the practice;
2. Designate a “compliance officer” to monitor compliance with your standards and procedures;
3. Train all staff to follow your standards and procedures;
4. Develop “open lines of communication” between all staff to help prevent errors or fraud; 
5. Conduct periodic internal audits;
6. Investigate alleged violations and promptly disclose any incidents to OIG;
7. Enforce strict disciplinary standards consistent with the practice’s written guidelines.

What do these components mean exactly, and how do they work in practice? 

The Importance of Written Policies

Your practice may already operate in a way that is functionally compliant with fraud, waste, and abuse laws. However, an effective compliance program puts that compliance into words. Written policies and procedures serve two big functions, First, they provide proof of your policies. Second, they serve as a resource for your workforce on what to do to remain compliant. Having a compliance plan prepared by a knowledgeable healthcare attorney can help meet this directive. It will also take some action on your part as a practice owner to ensure the compliance plan is working.

One major goal of an effective compliance program is to ensure employees know how to avoid misconduct and what to do if they detect misconduct. Creating a set of standard operating procedures for compliant billing and administration (as you might for a clinical procedure) is one way to reinforce compliant behaviors.

Monitoring and Auditing 

You should be actively watching your workforce activity to gauge the effectiveness of the education and tools you give your workforce with respect to fraud, waste, and abuse. If you find that your workers do not adhere to your policies, new training may need to take place, or new tools may need to be developed to better fit your employees’ needs. Compliance is continuous, and your practice’s needs may change over time. Regular auditing and monitoring can help you understand your risks before problems arise.

If something does go wrong, written compliance plans should detail procedures to follow for enforcement and response. If someone identifies an issue, it’s crucial to take prompt action. For example, overpayments from the Medicare program must be reported and returned within 60 days. Sixty days may sound like a long time. However, if you don’t have procedures in place, you could easily eat up those 60 days trying to figure out the next steps. 

These are just a few of the ways the seven elements might work in action-they may look different for you and your practice.

Exceptions and Exemptions

Exceptions to OIG’s compliance program mandate exist, and a healthcare attorney can navigate the applicability of those exemptions to your practice. And while not every physician and practice may be required to fully implement all seven of OIG’s identified components, OIG also cautions that those seven elements are not an “all-inclusive” list of what should be included in a compliance program. 

Broadly, a physician’s compliance program must be tailored to the practice’s size, available resources, and areas of the highest potential for fraud, waste, and abuse. And importantly, when examining the implementation of compliance components, the Department of Justice asks three “fundamental questions.”

1. Is the corporation’s compliance program well-designed? 
2. Is the program being applied earnestly and in good faith? (In other words, is the program adequately resourced and empowered to function effectively?) 
3. Does the corporation’s compliance program work in practice?

These questions highlight that the elements of a compliance program shouldn’t just be boxes to tick. Practices should be setting their compliance programs up to consider their unique risks and should successfully monitoring compliance.

Get Legal Support

Jackson LLP’s dedicated healthcare attorneys understand the nuances of fraud, waste, and abuse prevention and compliance. Our firm can help identify risks and non-compliant practices, establish your comprehensive compliance program, train your staff, and monitor your ongoing compliance. If you operate in one of the states where we have licensed attorneys, schedule an initial complimentary consultation.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader. It should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.