Compliance programs help protect your agency

Prevent fraud, limit conviction fines

By Sara Kay Sledge, BSN, JD

Powell, Goldstein, Frazer & Murphy

Atlanta

The government is gunning for you. As the government steps up its war on fraud and abuse, hospital-based home care companies should implement corporate compliance programs to ensure their employees do not willingly or accidentally engage in fraudulent or abusive activities.

A thorough corporate compliance program can also help protect a home care company, should the government begin fraud and abuse proceedings, as well as limit damages imposed when fraud or abuse is found.

The need for corporate compliance programs in home care is escalating, as the industry is under increasing scrutiny from both federal and state enforcement agencies. As a result of this increased scrutiny and the current tendency of competitors and disgruntled employees to file qui tam (whistleblower) suits, home health care providers are more apt to be the subject of federal and state fraud investigations in 1996.

The Department of Justice, the Department of Health and Human Service's Office of the Inspector General (HHS-OIG), the Health Care Financing Administration (HCFA), the Federal Bureau of Investigations (FBI), and the Internal Revenue Service (IRS) are all coordinating their efforts to investigate and prosecute criminal and civil cases in the health care fraud arena.

Reduce your exposure to risk

Under the Federal Sentencing Guidelines, corporate compliance programs can mitigate a health care providers' exposure to damages and also provide essential credibility in dealing with criminal, civil, and administrative investigations.

"When we determine our prosecution guidelines, we look to whether or not the company has a compliance program and whether or not it is working. We are doing everything we can to try to encourage self-policing by providers," says Gerald M. Stern, a Department of Justice special counsel on health care fraud.

Under the Guidelines, courts have minimal discretion in sentencing corporations. Since a corporation cannot be incarcerated, the Court is limited to the imposition of a fine or corporate probation (or both) or in extreme cases, it may impose the "corporate death penalty."

To impose a fine, the court must add aggravating factors and subtract mitigating factors to a base fine set forth in the Guidelines in order to identify the range of fine that it may impose. What the corporation does before, during, or after an investigation can augment or mitigate penalties.

For example, if the illegal activity involved a high level executive and the company obstructed the investigation, the criminal fines will be much harsher. On the other hand, if the company did not delay notifying the government once the illicit activity was discovered, cooperated in the investigation and accepted responsibility, the fines can be dramatically reduced. The court may also impose a period of probation on the corporation.

Thus, if a home health agency or corporation or other health care company seeks to avail itself of the protection offered by the Guidelines, it must concentrate on minimizing any aggravating factors and maximizing any mitigating factors surrounding the way it conducts business.

One of the most effective ways to accomplish this feat is for a corporation to have in place a program to prevent and detect criminal violations. According to the Guidelines, if a company can demonstrate that the illicit activity occurred despite the existence of an effective compliance program, the punishment will be less severe.

Such compliance programs are also beneficial on another level: as an informal matter, federal prosecutors and agency regulators are less likely to initiate proceedings against corporations which have taken all reasonable steps to ensure their compliance with the law and appear genuinely committed to doing so.

However aggressive they might be, most prosecutors are quick to point out that they seriously consider evidence that a subject of an investigation has bent over backwards to be a good corporate citizen and to comply with the law. According to one Department of Justice attorney, "any home care company that doesn't have a corporate compliance program in place is institutionally nuts!"

A compliance program is basically a system or process that monitors compliance with applicable laws and regulations that might engender criminal exposure. Compliance programs are intended to prevent violations of law by informing employees ahead of time how their behavior affects corporate liability and by educating them on the legal aspects of their activity, thus lowering the probability of inadvertent violations of the law.

For example, a mid-sized hospital-based home care company's corporate compliance program might include policies and procedures for monitoring the company's billing process, to prevent both deliberate fraudulent billing and sloppiness that might lead the government to conduct an investigation of the company.

Such programs generally consist of two components:

* An education component.

Ensure that the appropriate personnel up and down the line are aware of the laws and regulations that affect and circumscribe their portfolio of responsibilities (which often involves creating a paper trail which demonstrates that the appropriate information, warnings, and standards have been communicated to the appropriate personnel).

* An audit or monitoring component.

Ensure that a mechanism in the corporate and managerial chain of command audits compliance, and detects noncompliance.

What makes an effective compliance plan?

An effective compliance program must:

* Establish compliance standards and procedures that are reasonably capable of reducing criminal conduct.

* Identify specific high-level individuals within the organization to serve as a compliance officer(s) to oversee compliance with these standards -- consider someone who knows the employees such as an in-house lawyer, or a quality assurance or improvement manager.

* Use care not to delegate substantial discretionary authority to an individual whom the organization knows is unreliable at times.

* Communicate standards and procedures to all employees and other agents, e.g., by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required.

* Take reasonable steps to ensure that employees comply with the program through monitoring or auditing systems. Depending on the type of corporate compliance program a company has, these steps might be the same as or similar to those the company already uses to ensure compliance with other company policies. Further, employees must be able to report criminal conduct without fear of retribution. This can be accomplished by setting up an anonymous tips system;

* Consistently enforce the standards that it has established through its disciplinary procedures. This can be done by extending existing disciplinary procedures to the corporate compliance program.

* Respond quickly to any offenses detected and revise compliance procedures when necessary to prevent any new violations in the future.

The following are the steps you need to take to implement a corporate compliance program:

* Choose a team.

You need to get a small group of people together from your company to help put your corporate compliance program together. Choose people, such as top managers and quality assurance and improvement managers, who are familiar with the laws against fraud and abuse, and with the government's crackdown on home care. Also, you will need to involve your in-house lawyers, if you have them. If not, you'll need to get outside counsel.

* Set organizational priorities.

In order to implement a compliance program, areas susceptible to problems must be identified and a strategic plan must be tailored to address such areas.

A home care company's billing department is the most susceptible to fraud and abuse. The trade press, such as Medicare Compliance Alert and the BNA Health Law Reporter, can provide ideas as to where home health agencies are usually most vulnerable. You should pay close attention to articles about billing practices or other arrangements determined to be violative of the fraud and abuse laws and ask yourself, "What would prevent these problems from arising here?" If the answer is nothing, you may have identified a priority area.

* Explain your objectives in your policies.

Once you have identified the purpose of your plan, begin describing this purpose in writing. Consider establishing a policy statement which demonstrates how the program fits in with your corporation's mission or values. Make sure to provide an explanation of the relevant laws and regulations, such as the state and federal anti-kickback and self-referral laws.

Provide staff training

* Educate staff members about the program.

If the statutes and regulations are relatively complex, make sure that you provide sufficient training, such as inservices, to affected personnel so that the employees understand the potential implications of their actions.

Try to incorporate the compliance program into new employee orientation or periodic inservice seminars. Create an environment where employees are free to raise questions and have them answered to their satisfaction. The plan should also identify a compliance officer and all employees should know how to reach him or her.

* Give all your notes to your lawyers.

Whether or not you have in-house lawyers at your company, you need to give to your lawyers all of the notes you and your colleagues took while putting together your program. This will give the information contained in your notes the protection of attorney-client privilege, thereby making your notes non-discoverable, in the event that the government investigates your company.

* Revise your policies periodically.

Finally, remember that establishing a compliance program is a process. Your initial compliance program should evolve over time. As you take on the task of designing a compliance program, keep in mind what is readily achievable for your organization this year. Next year, you could either improve or expand the program. After all, some prevention is better than none at all.

(Editor's note: Sara Kay Sledge, BSN, JD, practices with the Atlanta and Washington, DC, law firm of Powell, Goldstein, Frazer & Murphy. She practices exclusively in the area of health and hospital law, with an emphasis on hospital/medical staff relations, Medicare and Medicaid reimbursement, and fraud and abuse representation. Powell, Goldstein, Frazer & Murphy regularly represents individuals and entities in administrative, civil, and criminal investigations and litigation, and assists its clients with internal investigations and corporate compliance programs consistent with the requirements of the Federal Sentencing Guidelines.) *