CMS Rule Would Discard Compliance Program Requirements; Lawyer: DOJ, OIG Loom Larger

By Nina Youngstrom

CMS is planning to kill a lot of specific compliance-program requirements for skilled nursing facilities (SNFs) and nursing facilities (NFs) under the Medicare requirements of participation (RoPs), according to a proposed regulation announced July 16. They wouldn’t need to designate a compliance officer or have a contact person to whom “people may report suspected violations,” CMS said in the Requirements for Long-Term Care Facilities: Regulatory Provisions to Promote Efficiency, and Transparency, 84 Fed. Reg. 34,737 . If these and other changes in the regulation are finalized, CMS said long-term care (LTC) facilities would save $100 million annually.

“It’s a welcome development” in terms of giving LTC facilities more flexibility in implementing their compliance programs, says attorney Paula Sanders, with Post & Schell in Harrisburg, Pennsylvania. “But we have two different paradigms.” One is the risk to Medicare and Medicaid certification. “If you don’t have a compliance program, what’s the worst that will happen—you’ll get a deficiency under the RoPs? I don’t see that rising to immediate jeopardy. The larger risk to any organization is whether they’re going to be able to prove they have a compliance and ethics program if they wind up before the Department of Justice because an effective compliance program will minimize the likelihood of significant penalties.” If anything, the government is raising the stakes for corporate self-policing and responsibility, Sanders says.

She points to a flurry of recent activity. The Department of Justice (DOJ) criminal division on April 30 updated its 2017 guidance for white-collar prosecutors who evaluate compliance programs when deciding whether to file fraud charges and what the charges will be, with an emphasis on good faith (“In Updated Compliance Evaluation Guidance, DOJ Asks Three Questions,”RMC28, no. 17). And on July 11, the DOJ antitrust division announced it will take compliance programs into account during the charging and sentencing phases of criminal investigations. ItsEvaluation of Corporate Compliance Programs in Criminal Antitrust Investigationsfocuses on compliance in the context of the Sherman Act (e.g., price fixing, market allocation).

“The larger paradigm is being a good corporate citizen,” Sanders says.

But she says the CMS proposals for LTC facilities are beneficial in terms of increasing flexibility and reducing costs. The LTC compliance and ethics program requirement originated in a broad provision of the Affordable Care Act, which required SNFs and NFs to have a program that was effective in “detecting and preventing criminal, civil and administrative violations” and “promoting quality of care.” CMS put meat on the bones of that mandate inside a three-part 2016 overhaul of LTC regulations. The third part, which was scheduled to take effect in November 2019, addressed compliance and ethics programs. CMS is delaying it by a year and scaling it back. That will provide relief to SNFs and NFs that had no idea the yardstick surveyors would use to measure their compliance programs because CMS had not yet issued any guidance for surveyors in the state operations manual, Sanders says.

CMS: No More Annual Reviews of Program

The stripping away is significant. “We are proposing to reduce a majority of the burden currently required under the compliance and ethics program that are not required in the statute because we believe that the SNF and NF RoPs would have the appropriate safety and quality standards to support the compliance and ethics requirements with the proposed changes,” the proposed regulation stated. CMS plans to remove “prescriptive language” and instead hold facilities responsible for running their compliance programs effectively, and pointed them to the OIG’s compliance program guidance for nursing facilities.

CMS would ditch the provisions in the 2016 regulation that require LTC facilities to designate a compliance officer and compliance liaisons at organizations with five or more facilities. Instead, they would have to develop compliance programs that are “appropriate for the complexity of the organization and its facilities” and give overall responsibility for oversight of the compliance program to a high-level person in the organization.

The other proposed changes:

  • LTC facilities would be required to review their compliance programs “periodically” rather than annually.

  • LTC facilities wouldn’t have to have a “compliance and ethics program contact person” to take reports of suspected violations. It’s important for people to report suspected violations, CMS said, and facilities “must have a process to accomplish this and we don’t want to dictate who they should hire to comply with this requirement. We will maintain the requirement that facilities should have an alternate method of reporting suspected violations anonymously. We would expect the facility to have sufficient resources and designate an individual that would have the appropriate authority to assure compliance with the requirements.”

Sanders appreciates CMS’s course correction. “It’s consistent with the OIG’s message that compliance and ethics programs need to be tailored to the individual provider,” she says. “CMS is recognizing this is a very complicated area and mandating the details of a compliance program across the board runs contrary to the recognition that one size does not fit all.”

LTC facilities still will have compliance programs, and all provider types should continue to develop them, but DOJ and OIG loom larger than CMS in terms of their carrots and sticks, Sanders says. OIG also has published a resource guide on evaluating corporate compliance programs, and on July 5 updated its Fraud Risk Indicator, which describes the degree of danger that organizations are thought to pose to federal health care programs. The new data shows in stark terms how health care organizations benefit when they have an effective compliance program, Sanders says (see box below). Most False Claims Act (FCA) cases in the federal health care program arena were resolved with “no further action” (i.e., no corporate integrity agreement or exclusion), according to data for the first nine months of fiscal year 2019. “That really makes the point when you are talking about the value of a compliance and ethics program,” she says.

At the same time, DOJ is pushing hard for corporate self-policing and rewarding compliance programs. In a May 7 policy, DOJ explained what it takes for organizations to get cooperation credit in FCA cases, which will reduce their penalties. In broad strokes, DOJ expects self-disclosure, cooperation in an investigation, and remedial measures, including “implementing or improving an effective compliance program to prevent a recurrence of the misconduct” (“In FCA Policy, DOJ Tells How to Get Cooperation Credit; It May Raise Bar for Double Damages,”RMC28, no. 18).

Contact Sanders at psanders@postschell.com. View the proposed regulation athttp://bit.ly/2Z0C4jl, the DOJ antitrust division compliance document athttp://bit.ly/2O3mSRAand the Fraud Risk Indicator athttps://go.usa.gov/xyj6J. ✧

HHS Inspector General Updates Fraud Risk Indicator

OIG on June 5 updated its Fraud Risk Indicator, which describes the degree of danger that organizations are thought to pose to federal health care programs. The new data shows that health care organizations benefit when they have an effective compliance program—“no further action”—which means resolving a False Claims Act case without a corporate integrity agreement or exclusion, says attorney Paula Sanders (see story above). Visithttps://go.usa.gov/xyj6J.

This publication is only available to subscribers. To view all documents, please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings