Though much has been made of the wide reach and spending overhauls of the Patient Protection and Affordable Care Act (“PPACA”), an almost unnoticeable mandate has put some physicians on edge. No, this is not a reference to either individual or employer insurance mandates or other insurance reforms, though in due time physicians do need to have solutions for these issues as well. Rather, the new requirement states that providers must adopt mandatory compliance programs.
Compliance programs are hardly a new thing in healthcare. Before PPACA, healthcare providers or suppliers with federal contracts (i.e. Medicare, Medicaid, and/or CIHP) exceeding $5 million were required to have such a program in effect. However, with the enactment of PPACA now comes a mandate that any provider participating in the Medicare or Medicaid program must, as a condition of enrollment, have a compliance program in place – regardless of the provider’s size. But while the new law offers little guidance to providers of how to structure or what to put into such a program, we are able to take clues from previous federal regulations as to what the necessary components will be. Physician groups are urged to begin putting such programs in place, and this paper goes into some of the essential pieces that will need to be included.
The Legal Specifics
As stated above, Section 6401(8) of PPACA states that a provider of medical or other items or services or supplier must establish a compliance program. However, this is as specific as the law gets. Following this provision the law authorizes the Secretary of HHS, in conjunction with the Inspector General of HHS, to establish the core elements for the program. Moreover, PPACA also authorizes the Secretary to determine the timeline for implementation. The practical net effect of these three provisions means that mandatory compliance programs are indeed a reality, but we will have to wait for the standard agency rulemaking process before we know what specifically must be included in the documents. The good news is that we can look to a couple of places to get an idea of what the compliance programs must consist.
The first place we can see what HHS probably will demand is in the actual PPACA itself. Section 6102, amended by Section 1128(I), addresses accountability requirements for skilled nursing facilities. Within this subsection the law mandates a similar program, but in contrast to 6401 it actually lays out the requirements for the program. The eight required components for the skilled nursing compliance program are:
– The program must be reasonably capable of reducing criminal, civil, and administrative violations.
– Specific high-level individuals must be assigned responsibility to oversee compliance and must have sufficient resources to do so.
– The organization must use due care to not delegate authority to individuals with propensities to engage in violations.
– The organization must take steps to communicate its standards and procedures to all employees.
– The organization must take reasonable steps to achieve compliance with its standards.
– The standards must be consistently enforced through appropriate disciplinary measures.
– In the event of an offense, the organization must take all reasonable steps to appropriately respond and prevent future offenses.
– The organization must periodically undertake reassessment of its compliance program.
Because this provision addresses skilled nursing facilities, physicians using this for guidance should proceed cautiously. Still, the requirements are generic enough that the section should at least give physicians a good idea of what they should include in their own programs. And for what it is worth, a possible explanation for why this and not the provider section would have the requirements explicitly laid out could be that this was one of the sections amended by the reconciliation bill.
Physicians have another (albeit dated) legislative guidepost to use, the so-called “7 Key Elements of Compliance Programs.” Originally unveiled ten years ago in an OIG regulation promoting voluntary compliance programs, the Key Elements include:
– Conducting internal monitoring and auditing.
– Implementing compliance and practice standards.
– Designating a compliance officer or contact.
– Conducting appropriate training and education.
– Responding appropriately to detected offenses and developing corrective action.
– Developing open lines of communication.
– Enforcing disciplinary standards through well-publicized guidelines.
And despite their relative old age, the Key Elements have been relied on for years by physician practices that chose to implement compliance programs. Furthermore, the rules were recently reviewed by the RAC just this past May.
Looking through both lists, providers will clearly see the similarities between the two. We believe physicians should be fairly confident in adopting a compliance program that incorporates all of these guidelines. Physicians that already had programs in place before PPACA also have no need to worry. In the rare event that HHS were to release regulations that significantly deviated from the two examples, they would surely give physician groups ample time to institute the changes into their own plans.
Some providers were understandably frustrated when learning of the new law mandating compliance programs – mainly due to the ambiguousness of the law and not so much the mandate itself. Nonetheless, using past and current guidance from HHS and the OIG, providers with existing programs should not have much difficulty adapting to the forthcoming regulations. In like vein, solo or smaller physician groups should not worry about a perceived lack of guidance, though we still urge that they begin the drafting process sooner rather than later.