As described in the first and second installments of this three-part Health Capital Topics series on commercial reasonableness and Accountable Care Organizations (ACOs), many Medicare Shared Savings Program (MSSP) ACO boards of directors have relied on the temporary waivers from the Centers for Medicare and Medicaid Services (CMS) to protect their organization from fraud and abuse penalties.1 While many of these waivers were finalized on October 28, 2015, after four years of extensions to the 2011 interim rule, the Gainsharing Civil Monetary Penalty (CMP) was not included in the final waivers, and the Office of Inspector General (OIG) and CMS have indicated that they may reexamine the waivers in the future.2 Considering the changes recently promulgated, the board of directors of an ACO would be prudent to recognize that: (1) if the ACO does not qualify under one of the finalized waivers; and, (2) the ACO is not considering the commercial reasonableness and Fair Market Value (FMV) of its accumulated assets, then the organization is at risk for serious penalties on both an individual and corporate level. In evaluating these risks, the board of directors of healthcare organizations, including ACOs, which oversees the organization’s decisions and actions, has ultimate responsibility for regulatory compliance.3 This final segment of the three-part Health Capital Topics series on commercial reasonableness and ACOs will explore the responsibilities of ACO boards in assessing an ACO’s compliance with federal standards.
The governing board of an ACO plays an integral role in the organization’s financial success and compliance efforts. Regardless of the size of a particular ACO, the board of directors of an ACO has the responsibility to “act in good faith in the exercise of its oversight responsibility for its organization,” 4 including determining that the organization is complying with relevant federal and state laws, including healthcare fraud and abuse laws. In 2011, CMS released final rules regarding governance expectations of ACOs. Under these rules, CMS requires members of ACO boards to:
Assume “
responsibility for oversight and strategic direction of the ACO, holding ACO management accountable for the ACO’s activities;”
5
Provide a “
transparent governing process;”
6
“[
H]
ave a leadership and management structure that…aligns with and supports the goals of the Shared Savings Program and the aims of better care for individuals, better health for populations, and lower growth in expenditures”;
7 and,
Be managed by an executive who, through their leadership team, “
has demonstrated the ability to influence or direct clinical practice to improve efficiency processes and outcomes.”
8
These requirements from CMS provide a baseline for ACO board members to determine whether board actions are furthering the goals of better coordination of patient care and implementation of evidence-based medicine practices;9 however, this structure can also provide a framework to provide oversight regarding compliance with healthcare fraud and abuse laws.
Given the important role boards play in governance, the ACO boards of directors sit in an ideal position to effect change of an organization’s policies and promote compliance with healthcare fraud and abuse laws. However, because of this position of power and influence, ACO boards are also in a vulnerable position if compliance is not met. To assist boards in determining best strategies to promote compliance within a healthcare organization, in April 2015, the OIG, in collaboration with the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association, published its “Practical Guidance for Health Care Governing Boards on Compliance Oversight.”10 This publication was designed to assist boards in maintaining compliance with healthcare fraud and abuse laws in a climate of “heightened industry and professional interest in governance.”11 The April 2015 joint publication discusses the following issues relevant to a board’s effort to oversee regulatory compliance:
The relationships between the “organization’s audit, compliance, and legal departments;”
The “mechanism and process for issue-reporting within an organization;”
The organization’s “approach to identifying regulatory risk;” and,
The organization’s “
methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.”
12
This joint publication continues to emphasize that boards should be fully engaged in their activities by suggesting practical tips which boards can use as they perform their oversight function.13 In an effort to guide board oversight, the April 2015 joint publication emphasized increasing the board’s awareness of regulatory risks as well as the functioning of its compliance program in light of those risks.14 To avoid instances of regulatory noncompliance, the publication recommends boards consider numerous strategies, including hosting regular executive sessions with compliance officers to encourage open communication regarding compliance development, as well as create a formal plan of action to ensure the organization complies with healthcare fraud and abuse laws.15
In addition to the joint publication, the U.S. Sentencing Commission’s Federal Sentencing Guidelines (FSG) provides guidance for ACO boards to maintain corporate compliance in accordance with the potential for criminal punishment under the Anti-Kickback Statute (AKS). The FSG provides seven steps for developing an effective compliance program for all organizations:
“Establish standards and procedures to prevent and detect criminal conduct;”
Determine which executive or committee has overall responsibility for the compliance program;
Use “reasonable efforts” to avoid giving responsibilities to individuals who have “engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;”
Implement effective training and communication for the compliance program;
Audit and monitor the compliance program and have an effective disclosure mechanism in order for employees to seek guidance;
Provide incentives for complying with the program and appropriate disciplinary measures when employees fail to do so; and,
Address corrective action when misconduct occurs and take reasonable steps to prevent similar misconduct.
16
Additionally, the OIG initiates corporate integrity agreements (CIA) with many healthcare organizations who recently settled allegations of healthcare fraud and abuse violations. CIAs are organization-specific settlement agreements wherein the OIG agrees not to exclude a healthcare organization from participation in Medicare, Medicaid, or other federal healthcare programs if the organization agrees to the obligations set forth in the agreement. CIAs include many requirements impacting the duties of Board-level executives including: annual resolutions; establishing a compliance committee; developing written standards to measure compliance; implementing a training program for employees; implementing a confidential disclosure program; establishing more strict hire guidelines; establishing a reporting guideline; and retaining an outside organization for annual reports.17 In addition to CIAs, the OIG has developed a series of voluntary compliance program guidance documents directed to various organizations, which boards should consider when structuring a compliance program.18
Three recent cases, discussed in detail in this month’s Health Capital Topics article entitled “Increased Scrutiny for Physician Compensation Continues,” highlight why an effective compliance program may help healthcare organizations better defend against regulatory scrutiny. In U.S. ex rel. Reilly v. North Broward Hospital District, a relator sued North Broward Hospital District under the False Claims Act (FCA) for allegedly paying fees to doctors in exchange for referrals of Medicare and Medicaid patients, resulting in a settlement of $69.5 million.19 In U.S. ex rel. Barker v. Columbus Regional Healthcare System, et al., Columbus Regional agreed to settle for $25 million with the possibility of paying up to $35 million over the next five years for alleged compensation to physicians in excess of fair market value (FMV) as well as incorrect billing to federal healthcare programs, with one medical director involved agreeing to pay $425,000 for his role the alleged scheme.20 Additionally, in U.S. ex rel. Payne v. Adventist Health System, Adventist Health System agreed to settle an FCA lawsuit brought by three relators for over $115 million for its alleged miscoding claims to the Medicare program and fraudulent physician compensation arrangements.21 Corporate executives should be aware that they too can be held individually accountable for corporate regulatory violations, which can result in fines or prison time.22
In closing, the finalized ACO fraud and abuse waivers do not end the debate as to ACOs and compliance issues, as healthcare organizations must still satisfy regulatory edicts to qualify under a waiver. Should an organization not qualify for a waiver, ACOs would face regulatory scrutiny in a climate in which the U.S. Department of Justice (DOJ) and the OIG are focusing on penalizing individuals responsible for corporate violations.23 Additionally, in light of recent actions by the DOJ and the OIG in Columbus Regional, North Broward, and Adventist, it may be prudent for healthcare organizations, such as ACOs, to evaluate their financial agreements for potential noncompliance with the Stark Law, AKS, and FCA. For these reasons, it may be prudent for an ACO and its board of directors to establish a defensible position that the organization’s accumulated assets satisfies the threshold of commercial reasonableness as well as the related standard of FMV.
“Importance of a Commercial Reasonableness Opinion for ACO Waivers,” Health Capital Topics, Vol. 8, No. 9, September 2015, p. 1.
“Medicare Program; Final Waivers in Connection With the Shared Savings Program” Centers for Medicare and Medicaid Services, Federal Register, October 28, 2015, https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-27599.pdf (Accessed 10/28/15), p. 11, 12.
“Practical Guidance for Health Care Governing Boards on Compliance Oversight” By OIG, et al., April 20, 2015, http://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf (Accessed 9/18/15) p. 1.
“Medicare Shared Savings Program” 42 C.F.R. § 425.106(b)(1) (2014).
“Medicare Shared Savings Program” 42 C.F.R. § 425.106(b)(2) (2014).
“Medicare Shared Savings Program” 42 C.F.R. § 425.108(a) (2014).
“Medicare Shared Savings Program” 42 C.F.R. § 425.108(b) (2014).
“Medicare Shared Savings Program” 42 C.F.R. § 425.106(a) (2014).
OIG, et al., April 20, 2015, Front Matter.
“Sentencing of Organizations” U.S. Sentencing Guidelines Manual § 8B2.1 (U.S. Sentencing Commissionn 2014); “Seven Steps for Developing an Effective Compliance and Ethics Program” By Kristen Graham Koehler and Brian P. Morrissey, Chain Store Age, January 3, 2013, http://www.chainstoreage.com/article/seven-steps-developing-effective-compliance-and-ethics-program (Accessed 9/24/15).
“Corporate Integrity Agreements” Office of Inspector General, U.S. Department of Health & Human Services, http://oig.hhs.gov/compliance/corporate-integrity-agreements/ (Accessed 9/24/15); OIG, et al., April 20, 2015, p.3.
OIG, et al., April 20, 2015, p. 2.
“Florida Hospital District Agrees to Pay United States $69.5 Million to Settle False Claims Act Allegations” By DOJ, September 15, 2015, http://www.justice.gov/usao-sdfl/pr/florida-hospital-district-agrees-pay-united-states-695-million-settle-false-claims-act (Accessed 10/9/15); “U.S. ex rel. Reilly v. North Broward Hospital District” Case No. 10-60590-CV (S.D.Fla. September 11, 2012), Relator’s Third Complaint under Federal False Claims Act, p. 8.
“Georgia Hospital System and Physician to Pay More than $25 Million to Settle Alleged False Claims Act and Stark Law Violations,” Department of Justice Office of Public Affairs, September 4, 2015, http://www.justice.gov/opa/pr/georgiahospitalsystemandphysicianpaymore25millionsettleallegedfalseclaimsactand (Accessed 9/24/15).
“Adventist Health System Agrees to Pay $115 Million to Settle False Claims Act Allegations” By DOJ, September 21, 2015, http://www.justice.gov/opa/pr/adventist-health-system-agrees-pay-115-million-settle-false-claims-act-allegations (Accessed 10/9/15).
Sally Quillian Yates, September 9, 2015, p. 1, 5.
Sally Quillian Yates, September 9, 2015, p. 1.