The Centers for Medicare & Medicaid Services (CMS) recently issued a Proposed Rule in the September 23, 2010 Federal Register to implement certain program integrity changes mandated by the Patient Protection and Affordable Care Act (“ACA” or “Health Care Reform Legislation”). Besides addressing new provider screening and enrollment requirements under the ACA, CMS solicited public comments on the compliance program requirements included in the ACA for Medicare and Medicaid providers.

The Health Care Reform Legislation contains two separate provisions mandating compliance programs. Section 6401(a) of the ACA requires a provider of medical or other items or services or a supplier, as a condition of enrollment in Medicare, Medicaid or the Children’s Health Insurance Program (“CHIP”), to establish a compliance program that contains certain core elements. Section 6102 of the ACA specifically requires Medicare skilled nursing facilities (“SNF”) and Medicaid nursing facility (“NF”) to have an effective compliance and ethics program in preventing and detecting criminal, civil, and administrative violations. SNFs and NFs are subject to both compliance plan requirements under sections 6102 and 6401(a).
 

The ACA requires CMS to establish the core elements for providers or suppliers within a particular industry or category. These core elements are largely expected to be similar to the recommended elements in the compliance program guidance that the OIG has issued for several types of providers since 1998, and the elements of an effective compliance program in the U.S. Federal Sentencing Guidelines.

CMS specifically requested comments on the use of the seven elements of an effective compliance and ethics program as described in the U.S. Federal Sentencing Guidelines Manual (www.ussc.gov/) as the basis for the core elements of the required compliance programs for Medicare, Medicaid and CHIP enrollment. CMS noted that these seven elements include:

  • The development and distribution of written policies, procedures and standards of conduct to prevent and detect inappropriate behavior;
  • The designation of a chief compliance officer and other appropriate bodies (for example a corporate compliance committee) charged with the responsibility of operating and monitoring the compliance program and who report directly to high-level personnel and the governing body;
  • The use of reasonable efforts not to include any individual in the substantial authority personnel whom the organization knew, or should have known, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;
  • The development and implementation of regular, effective education and training programs for the governing body, all employees, including high-level personnel, and, as appropriate, the organization’s agents;
  • The maintenance of a process (i.e., hotline) to receive complaints and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
  • The development of a system to respond to allegations of improper conduct and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or Federal health care program requirements;
  • The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas; and
  • The investigation and remediation of identified systemic problems including making any necessary modifications to the organization’s compliance and ethics program.

CMS also requested public comments regarding the following:

  • The extent to which providers and suppliers already incorporate each of the seven U.S. Federal Sentencing Guidelines elements into their compliance programs or business operations. CMS noted in its interested in how and to what degree each element has been incorporated effectively into the compliance programs of different types of providers and suppliers considering their risk areas, business model and industry sector or particular provider or supplier category.
  • Any other suggestions for compliance program elements besides the seven elements described above considering provider or supplier risk areas, business model and industry sector or particular provider or supplier category including whether external and/or internal quality monitoring should be a required for hospitals and long-term care facilities.
  • The costs and benefits of compliance programs or operations including aggregate or component costs and benefits of implementing particular elements and how these costs and benefits were measured.
  • The types of systems necessary for effective compliance, the costs associated with these systems and the degree to which providers and suppliers already have these systems including, but not limited to, tracking systems, data capturing systems and electronic claims submission systems.
  • The existence of and experience with state or other compliance requirements for various providers and suppliers and foreseeable conflicts or duplication from multiple requirements.
  • The criteria CMS should consider when determining whether, and if so, how to divide providers and suppliers into groupings that would be subject to similar compliance requirements including whether individuals should
  • have different compliance obligations from corporations.
  • Available research or individual experience regarding the current rate of adoption and level of sophistication of compliance programs for providers or suppliers based on their business model and industry sector or particular
  • provider or supplier category.
  • How effective compliance programs have been for varied providers and suppliers and how the level effectiveness was measured.
  • The extent to which providers and suppliers currently use third party resources, such as consultants, review organizations, and auditors, in their
  • compliance efforts.
  • The extent to which providers and suppliers have already identified staff responsible for compliance and for those who already have staff responsible
  • for compliance, the positions of these staff.

A reasonable timeline for establishment of a required compliance program for various types and sizes of providers and suppliers, assuming the compliance program core elements were based on the aforementioned U.S. Federal Sentencing Guidelines’ seven elements of an effective compliance and ethics program, considering business model and industry sector or particular provider or supplier category.

CMS noted that it does not intend to finalize compliance plan requirements when the other proposals in this proposed rule (i.e., new provider screening and enrollment requirements) are finalized, and that CMS intends to do further rulemaking on compliance plan requirements.

Comments may be submitted to CMS at the following addresses:

Electronically: 

http://www.regulations.gov

Regular Mail:

Centers for Medicare & Medicaid Services
Department of Health and Human Services
Attention: CMS–6028–P
P.O. Box 8020
Baltimore, MD 21244–8020

By express or overnight mail:

Centers for Medicare & Medicaid Services
Department of Health and Human Services
Attention: CMS–6028–P, Mail Stop C4–26–05, 7500 Security Boulevard, Baltimore, MD 21244–1850