Office
of Inspector General 330 Independence Ave., SW Washington, DC 20201 |
An Open Letter to Health Care Providers
March 9, 2000
Three years ago, I wrote an open letter to health care providers, inviting them to join me
in a national campaign to eliminate fraud and abuse from the Federal health care programs. I
suggested an ambitious agenda that included crafting compliance guidance for health care
sectors, designing an effective mechanism to promote self-disclosure of improper conduct, and
providing greater awareness of the sanctions that may be imposed on a provider that has engaged
in fraud or abuse. By collaborating in our efforts to reduce health care fraud, it was my view that
we could serve our common interests of protecting the financial integrity of the Federal health
care programs and their beneficiaries, some of our most vulnerable citizens.
Due in large part to strong industry support, I am pleased to report that substantial
progress has been made in fulfilling the campaign's objectives. I would like to share with you
some of the successes that we have accomplished together and describe new policies the Office
of Inspector General (OIG) is implementing to encourage provider self-disclosure. First, three
years ago the OIG began producing specific compliance program guidance for segments of the
health care industry. These voluntary guidances reflect our suggestions on how providers can
design internal controls to monitor adherence with applicable statutes, regulations and program
requirements.
To date, we have issued seven compliance program guidances, each reflecting extensive
input from industry representatives and compliance officers, as well as our law enforcement
partners. These guidances are directed at the hospital industry, home health agencies, clinical
laboratories, third-party billers, the durable medical equipment, prosthetics, orthotics and supply
industry, hospice providers, and Medicare+Choice organizations. The next guidance to be issued
will address compliance measures in the nursing home industry. These voluntary guidances
have contributed to a movement in the health care industry to reduce potential exposure to
improper billings by investing in compliance programs. The American Hospital Association, for
example, recently reported that 96 percent of surveyed hospitals either had a compliance program
in effect or were planning to initiate one in 1999. This greater appreciation of the importance of
health care fraud prevention is already paying dividends. Based upon an annual audit of
Medicare fee-for-service payments, we have seen almost a 50 percent decline in improper
payments during the last three years.
Second, the OIG committed to creating an atmosphere that encourages health care
providers to come forward to the Government voluntarily when they uncover evidence of
fraudulent conduct within their organization. In light of the substantial civil and criminal
exposure faced by those charged with defrauding the Medicare program, providers
understandably have been hesitant to self-disclose without guidance from the Office of Inspector
General. Based on the insights gained from a pilot voluntary disclosure program, we published a
detailed self-disclosure protocol in October 1998.
The protocol not only sets out recommended investigative and audit measures that a
provider should undertake as part of a disclosure to the OIG, but also represents our commitment
to work with the disclosing entity to resolve the problem expeditiously and fairly. I am pleased
to report that over 70 health care providers have self-disclosed potentially abusive conduct to the
OIG and, as a result, millions of dollars already have been returned to the Medicare Trust Fund.
The providers that have made self-disclosures have received expedited review of their
disclosures, and, where appropriate, favorable treatment in the resolution of the matter. As the
provider community learns more about the self-disclosure process, I am confident that good faith
use of the disclosure protocol will continue to expand.
I also committed to giving health care providers a better understanding of how the OIG
makes judgments regarding the use of its enforcement authorities. Through public awareness
efforts, such as the publication of Special Fraud Alerts, Special Advisory Bulletins and the OIG's
Work Plan, we alert the provider community of our concerns and hope to encourage self-correcting behavior. When fraud is uncovered, we look to see whether the provider took
appropriate steps to prevent and detect the misconduct and whether there is a likelihood that the
same or similar abuse of the Medicare program will reoccur. As part of this outreach effort, we
have even taken the unprecedented step of publishing the factors that we consider in determining
whether to exclude an individual or entity under our permissive exclusion authorities.
To further health care providers' understanding of the OIG's priorities and approach to
addressing health care fraud, I want to briefly discuss the OIG's views on corporate integrity
agreements (CIAs). Where the best interests of the programs are served by allowing the provider
that has engaged in serious misconduct to continue participating in the health care programs, we
generally require that the provider enter into an agreement to adopt certain integrity measures. In
addition to the seven core elements of a compliance program, as set forth in the Federal
Sentencing Guidelines, we require the submission of a variety of reports to the OIG and reserve
the right to impose sanctions, including stipulated penalties and program exclusion, for a material
breach of the agreement. CIAs almost always include provisions incorporating these seven
elements, but the specific terms of a particular CIA depend on the facts and circumstances related
to the case and the provider. Among the relevant factors considered in crafting a CIA are the
severity and extent of the underlying misconduct, the nature and resources of the provider, the
provider's existing compliance capabilities, and whether the case resulted from a self-disclosure.
In all cases, the OIG is prepared to consider the provider's current compliance program
when we negotiate the appropriate terms of a CIA. After all, a provider is often in the best
position to understand what compliance measures are most useful to its organization. Of course,
we cannot always determine during settlement discussions what aspects of a provider's voluntary
compliance program have proven effective and should be incorporated into the CIA. Handbooks
and training materials provide us only limited information about how successfully a provider has
implemented its compliance policies and procedures. The more a provider can point to tangible,
positive outcomes stemming from its compliance efforts, the more reliance we can place on those
measures and integrate them into a CIA.
Perhaps the best evidence that a provider's compliance program is operating effectively
occurs when the provider, through its compliance program, identifies problematic conduct, takes
appropriate steps to remedy the conduct and prevent it from recurring, and makes a full and
timely disclosure of the misconduct to appropriate authorities. As we state in the self-disclosure
protocol, matters exclusively involving overpayments or errors that do not suggest that violations
of law have occurred should be brought directly to the attention of the entity responsible for
claims processing and payment. We also recommend that the provider conduct an initial
assessment to substantiate there is a problem with non-compliance with program requirements
before making a disclosure to the OIG. When False Claims Act liability results from such a
disclosure, the OIG can be more flexible in considering the terms of a CIA in light of the
demonstrated effectiveness of the provider's compliance program. In general, we grant more
deference to the existing compliance measures of a self-disclosing provider, even if those
measures differ from what we might otherwise require in a CIA.
If the self-disclosing provider has demonstrated that its compliance program is effective
and agrees to maintain its compliance program as part of the False Claims Act settlement, we
may not even require a CIA. That decision is influenced by a number of variables, including the
scope and seriousness of the misconduct, the risk of recurrence, whether the disclosed matter was
identified and reported as a result of the provider's compliance measures and the degree of the
provider's cooperation during the disclosure verification process. In those cases, where in our
judgment it is necessary to require the self-disclosing provider to enter into a CIA, the provider
may need to make only limited changes to its existing policies and procedures to meet most
of the requirements of the CIA.
For instance, in cases where the provider's own audits detected the disclosed problem, the
OIG may consider alternatives to the CIA's auditing provisions. We may permit a self-disclosing
provider to perform some or all of the billing audits through its internal auditors rather than
require the retention of an independent review organization for each year of the CIA. In an
appropriate case, we may narrow the scope and focus of the claims review to the areas found out
of compliance or allow alternate audit methodologies in lieu of the statistical sampling
methodology we generally require. In addition, we are more likely in a self-disclosure case to
eliminate the need for an external evaluation of the provider's compliance with the terms of the
CIA.
In addition to the audit provisions, many providers entering into CIAs express concern
about the OIG's ability to exclude a provider if the OIG determines that the provider has
materially breached the terms of the CIA. Generally, we believe that this provision is necessary
to ensure that we maintain our ultimate remedy to protect Federal health care programs from
problematic providers. However, a provider that has made an appropriate self-disclosure and has
demonstrated sufficient trustworthiness may lead us to conclude that we can sufficiently
safeguard the programs through a CIA without the exclusion remedy for a material breach.
Therefore, we will forego the exclusion remedy in appropriate self-disclosure cases.
In closing, I want to thank all the health care providers and representatives of health care
associations that have worked so hard with us to improve the integrity of the health care system.
Through cooperative efforts and open communication, we have been able to make solid progress
in the fight against health care waste, fraud and abuse. We in the OIG are committed to
continuing to work with you to do an even better job in the future.
/s/
June Gibbs Brown
Inspector General