ACA Compliance Programs: Understanding the Core Requirements for Healthcare Providers

The Patient Protection and Affordable Care Act (ACA), enacted in 2010, brought significant changes to the healthcare landscape in the United States. Beyond expanding insurance coverage, the ACA introduced stringent measures to combat fraud, waste, and abuse within federal healthcare programs. A cornerstone of these efforts is the mandate for healthcare providers and suppliers to establish comprehensive compliance programs. This article delves into the core elements that the Affordable Care Act requires compliance programs to be based on, outlining what healthcare organizations need to know to ensure adherence and mitigate risks.

The ACA’s Mandate for Compliance Programs

Recognizing the critical need to safeguard taxpayer dollars and maintain the integrity of federal healthcare programs like Medicare and Medicaid, the ACA, through Section 6401(a)(7), made compliance programs a mandatory requirement. This section stipulates that participation in federal healthcare programs is contingent upon providers and suppliers developing and maintaining effective compliance programs. The ACA directs the Department of Health and Human Services (HHS), in collaboration with the HHS Office of Inspector General (HHS-OIG), to define the essential components of these programs through specific regulations and set timelines for implementation. Non-compliance can lead to serious repercussions, including disenrollment from federal programs, civil monetary penalties, and other sanctions.

For years prior to the ACA, the HHS-OIG had issued voluntary compliance program guidance for various sectors within the healthcare industry. However, the ACA transformed these recommendations into mandatory obligations. Moving forward, healthcare providers and suppliers must adhere to industry-specific regulations that are developed under the auspices of the Act.

Basing Compliance Programs on Sentencing Guidelines

Historically, HHS-OIG compliance program guidance has largely been informed by the criteria for “effective” compliance and ethics programs established by the United States Sentencing Commission. These guidelines, initially designed for corporate entities across all sectors, provide a robust framework for developing and implementing programs that prevent and detect illegal and unethical conduct. The HHS-OIG adapted these broad guidelines to address the specific risks prevalent in the healthcare industry. It is highly anticipated that this approach of tailoring the Sentencing Guidelines criteria to the unique challenges of healthcare will persist under the ACA’s mandatory compliance program requirements.

In addition to the general mandate for all providers and suppliers, the ACA Section 6102 imposes even more detailed and legally binding compliance and ethics program requirements specifically for skilled nursing facilities (SNFs) and nursing facilities. These organizations are statutorily obligated to implement programs that are demonstrably effective in:

1. Preventing and detecting criminal, civil, and administrative violations under the ACA and related healthcare laws.
2. Promoting and ensuring high-quality patient care.

Section 6102 further specifies core elements that these SNF and nursing facility compliance programs must incorporate, directly mirroring the Sentencing Commission’s effectiveness criteria. These essential components include:

• Written Compliance Standards and Procedures: A foundational element is the establishment of clear, written policies and procedures that articulate the organization’s commitment to ethical and legal conduct and provide practical guidance on how to comply with relevant laws and regulations.
• Compliance-Related Training Programs: To ensure that compliance standards are understood and followed, comprehensive training programs are necessary for all employees and relevant stakeholders. These programs should cover applicable laws, regulations, and the organization’s own compliance policies and procedures.
• Auditing and Monitoring Activities: Regular and systematic audits and monitoring are crucial to detect potential compliance issues and assess the effectiveness of the compliance program. This includes establishing anonymous reporting systems that encourage individuals to report suspected violations without fear of retaliation.
• Background Checks and Screening: To prevent individuals with a history of misconduct from compromising the integrity of the organization, procedures such as background checks should be implemented to screen potential employees and agents and avoid hiring individuals who are likely to violate compliance standards.
• Investigation and Corrective Action: A robust compliance program must include procedures for the appropriate investigation of potential violations. When violations are discovered, prompt and effective corrective action is essential to address the issue, prevent recurrence, and mitigate any harm.
• Disciplinary Systems: To reinforce accountability and deter non-compliance, disciplinary systems must be in place to appropriately sanction individuals responsible for violations. Sanctions should be fair, consistent, and proportionate to the severity of the infraction.
• Periodic Risk Assessments and Program Modification: The healthcare landscape is constantly evolving, and compliance programs must adapt to new risks and challenges. Regular risk assessments are necessary to identify emerging threats and vulnerabilities, and the compliance program should be periodically modified as needed to ensure its continued effectiveness in meeting its goals.

Failure to adhere to these ACA compliance mandates carries significant consequences. Organizations risk exclusion from federal healthcare programs and substantial civil monetary penalties. These penalties alone should serve as a strong incentive for healthcare companies to rigorously evaluate and enhance their existing compliance and ethics programs, or to develop and implement robust programs where they are lacking. The ACA’s amplified enforcement and integrity provisions substantially increase compliance risks, making the establishment or strengthening of compliance and ethics programs a paramount priority.

Enhanced Enforcement Provisions Under the ACA

The ACA is not solely focused on prevention; it also significantly bolsters the government’s ability to detect and prosecute fraud and abuse. While a detailed analysis of all enforcement provisions is beyond the scope of this discussion, some key highlights illustrate the heightened scrutiny and enforcement environment healthcare providers now face.

Provider Screening and Enrollment

The ACA mandates rigorous screening processes for providers and suppliers seeking to enroll in Medicare. HHS is empowered to implement comprehensive screening procedures, including state licensure verification, criminal background checks, fingerprinting, unannounced site visits, and database checks. This enhanced screening framework includes:

• Provisional Period of Enhanced Oversight: Newly enrolled providers and suppliers may be subject to a provisional period of intensified oversight, encompassing prepayment claim reviews, payment limitations, and other measures determined by HHS.
• Temporary Enrollment Moratoria: HHS can impose temporary moratoria on the enrollment of new providers within specific service or supply categories when deemed necessary to combat fraud risks.
• Disclosure of Affiliations: Applicants are required to disclose current and past affiliations with providers or suppliers who have outstanding debts, payment suspensions, exclusions from federal healthcare programs, or revoked billing privileges.
• Authority to Deny or Enhance Safeguards: If affiliate disclosures raise concerns about potential fraud, waste, or abuse, HHS has the authority to implement enhanced safeguards or outright deny participation in Medicare.

Suspension of Payments During Investigations

The ACA grants HHS the authority to suspend payments to a provider or supplier when a “credible allegation of fraud” is under investigation. HHS, in consultation with the HHS-OIG, is responsible for determining the credibility of fraud allegations. This payment suspension power can have a severe financial impact on providers, potentially disrupting their operations.

Transparency Requirements

The ACA introduces new transparency mandates across various healthcare sectors, including drug and device manufacturers, pharmacy benefit managers, physician practices offering ancillary services, and skilled nursing facilities. These requirements primarily focus on financial relationships and activities, imposing mandatory reporting obligations to government agencies. These reporting requirements significantly enhance the government’s ability to track and monitor financial arrangements within the healthcare industry.

Increased Data Access and Integration

The ACA facilitates comprehensive oversight by integrating and analyzing diverse data sets related to claims, quality of care, ownership, certifications, adverse actions, penalties, sanctions, and other program integrity information. A key component is the establishment of an Integrated Data Repository (IDR) by HHS, containing claims and payment data from all federal healthcare programs, including data from the Social Security Administration, Department of Veterans Affairs, Department of Defense, and Indian Health Service. This integrated data will be shared and cross-referenced across agencies to identify potential fraud, waste, and abuse. HHS-OIG and the Department of Justice are also authorized to access the IDR for law enforcement and oversight activities.

Furthermore, the ACA streamlines data collection on adverse actions against healthcare providers by consolidating the Healthcare Integrity and Protection Data Bank data into the National Practitioner Databank (NPD), managed by HHS. States are mandated to contribute specific data to the NPD.

Changes to Civil Monetary Penalties

The ACA amends the civil monetary penalties statute, increasing the penalty for false statements, omissions, or misrepresentations in applications or contracts to participate in federal healthcare programs to up to $50,000 per violation. Violators are also liable for three times the amount falsely claimed. Penalties are also applicable to individuals excluded from federal healthcare programs who prescribe covered items or services, if they “knew or should have known” that a claim would be submitted to Medicare or Medicaid for those items or services.

Overpayment Obligations

The ACA mandates a strict “60-day rule” for overpayments. Providers and suppliers are obligated to report and return any overpayments within 60 days of discovery. Failure to return overpayments within this timeframe transforms the overpayment into an “obligation,” potentially subjecting the provider to substantial liability under the False Claims Act.

Anti-Kickback Statute and False Claims Act

The ACA codifies the long-standing Department of Justice position that violations of the Anti-Kickback Statute can serve as the basis for False Claims Act violations, allowing for treble damages. Importantly, the ACA clarifies that prosecutors are not required to prove that defendants had specific knowledge of the Anti-Kickback Statute or specific intent to violate it; general criminal intent is sufficient.

The ACA also modifies the False Claims Act by narrowing the “public disclosure bar” to federal criminal, civil, or administrative hearings, audits, or investigations. This change effectively overturns a Supreme Court decision that had broadened the public disclosure bar to include state proceedings. The Department of Justice is also granted the authority to oppose the dismissal of False Claims Act cases even when allegations are publicly disclosed and the whistleblower (relator) is not deemed an “original source.”

Healthcare Fraud Criminal Offense

Similar to the Anti-Kickback Statute, the ACA amends the criminal healthcare fraud statute (18 U.S.C. 1347) to eliminate the requirement that prosecutors prove “actual knowledge” of the healthcare fraud statute or specific intent to violate it.

Conclusion: Prioritizing Compliance in the ACA Era

The Affordable Care Act represents an ongoing evolution in the government’s approach to combating fraud, waste, and abuse in healthcare. It significantly amplifies both the enforcement mechanisms and the resources dedicated to identifying and prosecuting wrongdoing. The ACA also reinforces the trend of mandating robust compliance and ethics programs for organizations operating within government-regulated sectors, especially healthcare.

In this heightened enforcement environment, strong compliance and ethics programs are not merely best practices; they are an organization’s most effective defense against the substantial financial and reputational risks associated with government audits, investigations, and enforcement actions. The latest wave of anti-fraud and abuse provisions within the ACA underscores the critical importance of taking compliance obligations with utmost seriousness and ensuring that compliance programs are not only in place but are comprehensive, effective, and continuously updated to address evolving requirements and risks. Healthcare organizations must proactively prioritize compliance to navigate the complexities of the ACA and safeguard their integrity and sustainability.

References

1. Patient Protection and Affordable Care Act of 2010, H.R. 3590, March 23, 2010.
2. http://www.hklaw.com/publications/Health-Care-Organizations-Targeted-With-Anti-Fraud-Enforcement-Efforts-New-and-ongoing-initiatives-will-affect-oversight-components-of-health-care-reform-06-22-2009/
3. H.R. 3590, Sec. 6401 (a)(7).
4. H.R. 3590, Sec. 6401 (a)(7).
5. H.R. 3590, Sec. 6401 (a)(7).
6. http://oig.hhs.gov/fraud/complianceguidance.asp
7. 2009 United States Sentencing Commission Guidelines Manual, §8B2.1 Effective Compliance and Ethics Program (2009).
8. H.R. 3590, Sec. 6102.
9. H.R. 3590, Sec. 6102.
10. H.R. 3590, Sec. 6401 (a).
11. H.R. 3590, Sec. 6401 (a).
12. H.R. 3590, Sec. 6402 (h).
13. H.R. 3590, Sec. 6402 (h).
14. H.R. 3590, Sec. 6002.
15. H.R. 3590, Sec. 6402 (a).
16. H.R. 3590, Sec. 6402 (a).
17. H.R. 3590, Sec. 6403.
18. H.R. 3590, Sec. 6403.
19. H.R. 3590, Sec. 6402 (d)(2).
20. H.R. 3590, Sec. 6402 (d)(2).
21. H.R. 3590, Sec. 6402 (d)(2).
22. H.R. 3590, Sec. 6402.
23. H.R. 3590, Sec. 6402; see also 31 U.S.C. 3729(b)(3).
24. H.R. 3590, Sec. 6402.
25. H.R. 3590, Sec. 6402.
26. H.R. 3590, Sec. 6402.
27. H.R. 3590, Sec. 10104(j).
28. H.R. 3590, Sec. 10104(j).
29. H.R. 3590, Sec. 10104(j).
30. H.R. 3590, Sec. 10606.