The ACA’s New Provider Compliance Program Mandate

Thomas Vallas
December 5, 2013 — 1,804 views  

Turning a Mandatory Compliance Program a Strategic Advantage

On March 23, 2010, President Obama signed into law the Patient Protection and Affordable Care Act, more commonly known as the “ACA” and “Obamacare.” The well-known political battles over the ACA— including initial problems with the new federal insurance exchange and the President’s unfortunate statements regarding the ability of insured individuals to keep their legacy plans—have inundated Americans over the past two months. Putting politics aside, what is the intent behind the ACA?

In passing the ACA and signing it into law, Congress and the Obama Administration seek to comprehensively and fundamentally reform health care in the United States through the expansion of health insurance coverage, provision of greater control over the cost of health care (which comprises over

18% of the US GDP annually and is forecast to reach 34% by 2040), and improvement of health care delivery systems. The two most publicized areas of reform contained in the 2,700 pages of the ACA bill address the individual health coverage mandate and health care cost containment.

One way that the law seeks to contain health care costs is through protecting federally funded health care programs from fraud, waste and abuse. According to the U.S. Departments of Justice (“DOJ”) and Health and Human Services (“HHS”), the government recovered $4.2 billion in health care fraud and abuse enforcement cases in Fiscal Year 2012, an increase of $100 million over FY2011.  Since 2008, the total amount recovered in fraud and abuse cases exceeds $14.9 billion.  In FY2012, the DOJ opened 2,016 new health care fraud investigations (1,131 criminal, 885 civil).  Civil recoveries under the False Claims

Act related to health care topped $3 billion in FY2012. According to HHS Secretary Kathleen Sebelius, over a three year period the government recovered $7.90 for every $1 spent on health care-related fraud and abuse investigations.  This demonstrates two things: first, the government takes health care fraud and abuse seriously; second, the government will pursue recovery against those providers who violate the law (whether intentionally or not).

Prior to the ACA, the government recommended that providers establish compliance programs to avoid the pitfalls associated with violations of the Medicare and Medicaid rules and regulations. As a result, provider compliance programs were, strictly speaking, voluntary. Most hospitals 7 established compliance programs in response to the issuance by the Office of Inspector Genera (“OIG”) l of HHS of its initial compliance guidance in February 18, 1998—the Compliance Program Guidance for Hospitals.  In

October 2000, the OIG issued its Compliance Program Guidance for Individual and Small Group Physician Practices.  However, the ACA has changed the previously voluntary establishment of provider compliance programs.

As part of the cost containment strategy of protecting federal programs from fraud, waste and abuse, the ACA mandates that all health care providers—including physicians, dentists, chiropractors, podiatrists, optometrists, psychologists, physical and occupational therapists, and speech language pathologists— establish and maintain effective compliance programs as a condition of participation in Medicare, Medicaid and the Children’s Health Insurance Program (“CHIP”).  The ACA provides that the Secretary of the Department of Health and Human Services (“HHS”), “in consultation with the [OIG], shall establish core elements for a compliance program…”, as well as “determine the timeline for the establishment of the core elements…and the date of the implementation…for providers….”  To date, the Secretary of HHS has neither established the required core elements nor set the timeline for the implementation of those elements. However, HHS has indicated that it will utilize the U.S. Federal Sentencing Guidelines in establishing the core elements for compliance programs.

The Federal Sentencing Guidelines “instill a commitment to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements….” Using those guidelines, the OIG Health Care Fraud Prevention and Enforcement Action Team (“HEAT”) has published

“The Seven Fundamental Elements of an Effective Compliance Program” that outlines the core elements likely to serve as the foundation of the new compliance program requirement. Those seven elements

1. Developing and distributing written policies and procedures and standards designed to prevent and detect inappropriate conduct;

2. Designating an individual with appropriate authority to be responsible for compliance (“compliance officer”) and a compliance committee that supports the compliance officer in maintaining an effective compliance program;

3. Developing and conducting effective compliance education and training programs;

4. Developing effective lines of communication regarding compliance, including a process to receive complaints (a “hotline”); adopting procedures to protect the anonymity of those reporting compliance concerns/issues; and implementing a non-retaliation policy for those reporting compliance issues and violations;

5. Performing ongoing internal evaluation of the compliance program through monitoring and auditing processes to maintain the effectiveness of the program;

6. Consistently enforcing compliance standards through the development and implementation of well-publicized disciplinary guidelines; and

7. Responding promptly and appropriately to detected and reported compliance issues/violations and undertaking corrective action to identified systemic compliance issues.

Of course, the OIG recognizes that not all compliance programs must be the same in size and scope.  For instance, a large hospital system’s compliance program likely would require a full-time compliance officer responsible for the program; a two-physician medical practice may designate one of the physicians as the individual responsible for the compliance function in addition to his or her clinical duties. While the phrase “one size does not fit all” appropriately describes the scalability of this new mandate by providers based on their size, type of practice and other factors, every provider must establish and implement a program that addresses and applies the “core elements” discussed above that to be established by the Secretary of HHS.

What are the consequences of failing to establish and implement an effective compliance program pursuant to §6401? As the ACA now mandates such a program as a condition of participation in the Medicare, Medicaid and CHIP programs, a provider failing to implement a compliance program could be removed from those programs despite a “clean” compliance record. Of greater importance to providers is the practical impact on their practices if they fail to implement an effective compliance program—the increased likelihood that the provider will submit an incorrect claim to Medicare, Medicaid or CHIP. Such a submission could result in federal and state False Claims Act violations with accompanying criminal and civil liability, as well as exclusion from all federal health care programs.

How do non-institutional health care providers—physicians, dentists, chiropractors, podiatrists, optometrists, psychologists, physical and occupational therapists, and speech language pathologists— implement an effective compliance program? Many resources exist to assist providers. The OIG provides significant guidance for providers to assist them in learning about the various fraud and abuse laws. Providers may seek the advice of legal counsel experienced in the federal and state health care fraud and abuse laws to assist them in evaluating their situation and developing a compliance program that is a “good fit,” as well as analyzing both existing and new arrangements for compliance risks. Also, providers may want to consult with outside billing and coding experts to identify systemic billing and coding issues as well as correcting billing practices to improve the provider’s bottom line.

Although the OIG has not released the implementation timeline and core element details yet, providers should begin (if they have not already done to) to establish and implement compliance programs. The initial cost of such an endeavor should not be significant (based on the size of the provider practice and other factors); however, the benefits of implementing an effective program will outweigh those costs when balanced against the risks of federal program exclusion and civil/criminal liability for committing fraud and abuse. Furthermore, the creation of a viable compliance culture within a provider practice—for instance, initiating and maintaining billing and coding practices that meet federal program requirements that are readily transferable to commercial/private insurance claims billing, reducing payment delays and claims denials—will result in the practice becoming more profitable.

In summary, the ACA’s compliance program mandate should be viewed as more than just another administrative task imposed by the government on providers. Providers should seize the opportunity presented by compliance program requirement to focus their business strategy on increasing profitability through better practices, especially in a time of decreasing reimbursement. The question every provider should ask is not, “How can I/we afford to develop and implement an effective compliance program?” Rather, providers should ask, “How can I/we afford not to develop and implement an effective compliance program?’



Thomas Vallas

Hoy Chrissinger Kimmel, PC

Mr. Vallas is an experienced attorney practicing health care law and business law (corporate, governance, transactional/contracts, employment, and related areas). See Mr. Vallas' LinkedIn profile at