On September 30, 2008, the United States Department of Health and Human Services (HHS) Office of Inspector General (OIG) published OIG Supplemental Compliance Program Guidance for Nursing Facilities.1 With quality of care the first risk area identified, the supplemental guidance is part of a series of recent government efforts focused on improving quality of care at skilled nursing and long-term care facilities. The OIG also released a September 18, 2008 report, Trends in Nursing Home Deficiencies and Complaints, which revealed that, between 2005 and 2007, over 90 percent if nursing homes were cited for deficiencies in quality of care, resident assessment, and quality of life. On April 24, 2008, the Centers for Medicare and Medicaid Services (CMS) began identifying the poorest performing nursing facilities nationwide, dubbed Special Focus Facilities, on its Nursing Home Compare Web site.2 The supplemental guidance also follows the joint OIG-Health Care Compliance Association (HCCA) roundtable report, Driving for Quality in Long-Term Care: A Board of Directors Dashboard, released January 31, 2008.3
Background
The OIG first published a compliance program guidance for nursing facilities on March 16, 2000.4 The original guidance addressed the fundamentals of establishing an effective compliance program in the nursing industry. Since the publication of the original guidance, there have been significant changes in the way nursing facilities deliver, and are reimbursed for, health care services. Although the original guidance included quality of care as a risk area, recent changes to the regulatory enforcement environment and increased concern on quality of care in nursing facilities prompted a greater emphasis on quality in the supplemental guidance.
The guidance contains new compliance recommendations and an expanded discussion of risk areas. When drafting the supplemental guidance, the OIG considered “Medicare and Medicaid nursing facility payment systems and regulations, evolving industry practices, current enforcement priorities (including the Government’s heightened focus on quality of care), and lessons learned in the area of nursing facility compliance.”5 The supplemental guidance provides “voluntary guidelines to assist nursing facilities in identifying significant risk areas and in evaluating and, as necessary, refining ongoing compliance efforts.”6
Because the guidance supplements, rather than replaces, the original guidance, the two documents “collectively offer a set of guidelines that nursing facilities should consider when developing and implementing a new compliance program or evaluating an existing one.”7
The supplemental guidance is partitioned into five sections. The first two offer a background overview of the compliance program guidance process and the Medicare/Medicaid reimbursement system. The third section covers several fraud and abuse risk areas relevant to nursing facilities. In the fourth section, the OIG offers recommendations for establishing an ethical culture and assessing and improving existing compliance programs. The fifth section addresses self-reporting and lists steps a nursing facility should take if it discovers credible evidence of misconduct.
Fraud and Abuse Risk Areas
By identifying current, relevant risk areas, the supplemental guidance should assist nursing facilities in their efforts to “identify operational areas that present potential liability risks under several key Federal fraud and abuse statutes and regulations.”8 The OIG stresses each facility should carefully examine these risk areas and identify those that potentially affect it.
1. Quality of Care
Although it is a priority for nursing facilities, a significant number fail to deliver quality health care. Whether this failure is the result of inadequate staffing, insufficient training and education, or lack of oversight, the result is often the same: residents risk harm. In cases where the care failure is systemic and widespread, a facility may be liable for submitting false claims for reimbursement under the False Claims Act, the Civil Monetary Penalties Law, a variety of additional federal authorities that address false and fraudulent claims or statements made to the government, and similar state laws, including criminal, civil, and administrative sanctions.9 As a starting point on quality of care issues, facilities should familiarize themselves with the principal nursing facility Medicare Conditions of Participation.10 The OIG states “it is essential that key members of the organization understand these requirements and support their facility’s commitment to compliance with these regulations.”11 The five sub-areas on quality of care identified in the supplemental guidance are addressed below.
2. Submission of Accurate Claims
Accurate claim submission is another risk area identified in the supplemental guidance. The OIG identified four sub-areas, each of which is addressed below.
3. The Federal Anti-Kickback Statute
The Anti-Kickback statute remains a significant risk area for nursing facilities. The supplemental guidance devoted five pages to the issue, discussing the statute generally, the eight safe harbors most relevant to nursing facilities, and listing a number of factors/questions facilities should consider when evaluating contractual arrangements. The factors are the traditional aspects of most anti-kickback analysis, the overall message being that facilities should evaluate potentially problematic arrangements with referral sources and recipients which do not fit into a safe harbor. The OIG identified five sub-areas, each of which is addressed below.
4. Other Risk Areas
The supplemental guidance grouped under a single heading three additional risk areas relevant to nursing facilities. Those areas are: (1) physician self-referrals; (2) anti-supplementation; and (3) Medicare Part D. Each area is addressed below.
5. HIPAA Privacy and Security Rule
The last risk area identified in the supplemental guidance addresses the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the HIPAA Security Rule. The Privacy Rule protects against the disclosure of patient protected health information (PHI), while the Security Rule specifies the administrative, technical and physical safeguards to ensure confidentiality of PHI. Under both rules, covered nursing facilities have a certain amount of flexibility to design their own privacy policies and procedures. The OIG urges facilities verify compliance with all applicable Privacy and Security Rule provisions, including standards for use and disclosure of PHI, both with and without patient authorization and the provisions pertaining to permitted and required disclosures.
Other Compliance Considerations
Key to the success of any compliance program is the establishing a tone at the top and a culture of compliance. Section IV of the supplemental guidance discusses the importance of an ethical culture and a formal commitment to compliance by the nursing facility’s governing body and senior management. Although compliance programs should be scaled according to each facility’s particular needs, size and resources, every program must be afforded appropriate resources. A program should be structured to communicate across departments and overcome the siloing of communication that frequently occurs in large organizations.
A clear statement of policies and procedures is the core of a compliance program, but the OIG recommends facilities also develop a general statement of ethical and compliance principles. A compliance program charter and code of conduct, signed and approved by the governing body, is important to give the program sufficient authority, autonomy and resources to implement compliance measures.
Closely tied with the written compliance materials is the need for assessment of the compliance program’s effectiveness.39 Facilities should regularly review, revise, and build their compliance program and may look to the original nursing facility compliance program guidance for details on the elements of an effective compliance program.40 The OIG also recommends facilities develop a mechanism to communicate with decision makers, such as a dashboard, designed to easily convey compliance and performance-related information to a facility’s governing body.41
Self-Reporting
Section V of the supplemental guidance addresses self-reporting requirements. If the compliance officer, compliance committee, or a member of senior management discovers credible evidence of misconduct from any source and, after a reasonable inquiry, believes that the misconduct may violate criminal, civil, or administrative law, the facility should promptly report the misconduct to the appropriate federal and state authorities.42 The reporting should occur within a reasonable period of time, and no longer than 60 days after determining there is credible evidence of a violation.43 Some situations may be so serious immediate reporting may be warranted.44
Prompt, voluntary reporting of misconduct demonstrates a facility’s good faith efforts to cooperate with the OIG and is considered a mitigating factor when determining administrative sanctions if the reporting facility becomes the subject of an OIG investigation.45 Facilities should carefully review the OIG’s Provider Self-Disclosure Protocol,46 particularly in light of the OIG’s April 15, 2008 Open Letter to Health Care Providers stating that providers who resolve fraud matters using the protocol generally will no longer be required to enter into corporate integrity agreements.47
The Most Recent of Many Quality-Driven Efforts
The supplemental compliance program guidance is the most recent of several government efforts to improve the quality of care in nursing homes. Other activities include: 1) the joint OIG-HCCA roundtable report, Driving for Quality in Long-Term Care: A Board of Directors Dashboard; 2) developing new, more stringent systems for criminal background checks on facility workers and applicants; 3) an unprecedented focus on preventing severe pressure ulcers in residents; 4) reducing the use of restraints; 5) considering resident feedback and emotional satisfaction; and 6) refining the survey process, identified in CMS’ 2008 Action Plan for (Further Improvement of) Nursing Home Quality.48
CMS’ Nursing Home Value-Based Purchasing Demonstration seeks to establish a fundamental change in the way nursing providers are reimbursed for care. Under the program, CMS will assess a nursing home’s performance based on selected measures of quality of care.49 The cost savings from the anticipated quality improvements would be shared with nursing homes that either improve quality or maintain exceptionally high quality of care.50 The Demonstration will seek to ensure that financial investments to improve quality will benefit from reimbursement methods that discern the difference between excellent, good, mediocre, and poor quality.51
Nursing Facilities Can Take Action Now
Nursing facilities should consider themselves on the front line of quality enforcement and must evaluate whether they have sufficiently integrated quality of care review into their operations and compliance programs. Facilities can review the original and supplemental compliance program guidance, visit Nursing Home Compare, and track the Value-Based Purchasing Demonstration. When developing a quality of care compliance program for a nursing facility, it is essential to use an interdisciplinary approach incorporating the administration, attending physician, nurses, various specialist therapists and, as necessary, legal counsel.
A nursing facility can start immediately to reduce the risk of an adverse enforcement action. The first step in the process is to educate the governing body and senior management on quality of care issues and get their participation and commitment. Then, the compliance officer should gather together the key personnel in the organization (senior leadership, quality, risk, legal, compliance, etc.) and perform an assessment of the organization’s compliance efforts. A nursing facility can establish internal quality controls and identify areas of potential quality breakdowns through an external assessment for quality of care and legal risks. Such a review, ideally performed under the attorney-client privilege by skilled health care counsel, can reveal to a nursing facility its current legal exposure based on quality of care factors, directing the facility to revise its structure and operations accordingly.
Conclusion
As the OIG stressed, it is imperative for nursing facilities to establish and maintain effective compliance programs, foster a culture of ethical compliance and make an organization-wide commitment to delivering quality health care. The supplemental compliance program guidance reflects how quality of care should be a primary concern of nursing facilities. Investments in quality of care can give a nursing facility an operational advantage, increased reputation in the community, minimize litigation exposure, and reduce the risk of enforcement actions based on poor quality.
Cheryl L. Wagonhurst Los Angeles, California 213.972.4681 cwagonhurst@foley.com Nathaniel M. Lacktman Tampa, Florida 813.225.4127 nlacktman@foley.com Janice A. Anderson Chicago, Illinois 312.832.4530 janderson@foley.com Maria E. Gonzalez-Knavel Milwaukee, Wisconsin 414.297.5649 mgonzalezknavel@foley.com |
Judith A. Waltz San Francisco, California 415.438.6412 jwaltz@foley.com Michael Scarano San Diego/Del Mar, California 858.847.6712 mscarano@foley.com Heidi A. Sorensen Washington, D.C. 202.672.5596 hsorensen@foley.com Lawrence W. Vernaglia Boston, Massachusetts 617.642.4079 lvernaglia@foley.com |