Healthcare companies should work to comply with current provisions and prepare for those that will be implemented in the near future.
The U.S. Supreme Court's decision that the Patient Protection and Affordable Care Act of 2010 (P.L. 111-148 or ACA) is constitutional affirms the implementation status of many antifraud and transparency provisions that have occurred and may hasten the implementation schedule of those that remain in the regulatory rule-making process. The healthcare industry should expect that the Obama administration will move forward with implementing more than 32 sections of the law related to healthcare fraud and abuse, program integrity, and transparency.[1] Accordingly, healthcare companies should take this opportunity to benchmark their compliance programs to certain ACA program integrity and transparency requirements. Moreover, the industry can expect that the government will continue to expand the use of enhanced enforcement tools and measures granted by ACA amendments that already have taken effect with respect to previously existing fraud and abuse laws.
Background
The ACA contained far-reaching antifraud provisions, including amendments to the False Claims Act (FCA), which was significantly amended in 2009 under the antifraud provisions of the Fraud Enforcement and Recovery Act (FERA). The FCA amendments in 2009 and 2010 squarely impacted industries that do business with the federal government directly or indirectly and raised the bar for risk management and compliance initiatives. The 2009 amendments, among other changes, expanded the definition of "claim" and the definition of "obligation" to impose potential liability for the retention of overpayments or for regulatory violations that negatively affect a government program or interest.
Specifically, the ACA's antifraud provisions added a new definition of "obligation," requiring repayment of an identified overpayment within 60 days to avoid the presumption of FCA liability. This amendment essentially will work to accelerate the identification and disclosure of potential overpayments. The ACA also provided, as a matter of law, that a violation of the Anti-Kickback Statute and any attendant federal healthcare program claim is a violation of the FCA. Parallel to the antifraud provisions were provisions for enhanced program integrity oversight, as well as transparency requirements for manufacturers, group purchasing organizations, pharmacy benefit managers, hospitals, and nursing homes. The ACA transparency requirements are designed to disclose relationships that may pose a conflict of interest. The status of a number of these provisions is highlighted below.
Medicare/Medicaid Overpayments
The ACA created a new requirement that any entity that has received an overpayment from Medicare or Medicaid generally must report and return the overpayment to the government within 60 days after the overpayment is identified. The retention of any identified overpayment after the 60-day period constitutes an "obligation" under the FCA, subjecting the entity to treble damages and monetary penalties for the knowing retention of such overpayment.
On February 16, 2012, the Centers for Medicare and Medicaid Services (CMS) published its proposed rule to implement the agency interpretation of, and provider obligation to report and return, identified Medicare Parts A and B overpayments.[2] Providers and suppliers have raised concerns that the proposed rule does not clarify when an overpayment will be deemed to be "identified" for the purpose of triggering the 60-day clock. Furthermore, the proposed rule creates a 10-year look-back period that could create retroactive liabilities for the previous 10 years. This is inconsonant with government and industry practice on document retention, Medicare's long-standing and existing "reopening" provisions for adjudicated Medicare claims, and even government underpayment liability look-back provisions, which generally are only four years. Industry associations like the American Hospital Association have been vocal in their criticism of the proposed rule as creating a confusing and punitive set of expectations for the industry. In response to the solicitation for comments, 203 public comments were filed with the Acting Administration of CMS.
While the term "identified" is not defined in the ACA and is linked to the term "knowing" in the proposed rule, which is a difficult standard to apply, the healthcare sector should expect that the government's position will be that any delay in the return of any known overpayment creates the potential for FCA liability. This means that healthcare providers, suppliers, and health plans should continue their compliance efforts related to overpayments by putting in place ongoing auditing and refund processing structures. Because it may take longer than 60 days to sufficiently determine the scope of any overpayment to make a complete disclosure, "stop the clock" disclosure procedures and self-imposed billing suspensions should be assessed in appropriate circumstances.
FCA Public Disclosure Bar and Retroactivity
In the ACA's amendments to the FCA, the public disclosure jurisdictional bar that previously served to avoid opportunistic private citizen qui tam suits was substantially changed to allow qui tam suits, even where the allegations are publicly disclosed and the relator does not possess independent knowledge of the allegations. Further, because the public disclosure bar no longer is a jurisdictional bar, a dismissal of a qui tam suit on the basis of public disclosure may be opposed by the U.S. Department of Justice on the basis of undefined criteria. Because most of the healthcare industry criminal, civil, and administrative investigations and recoveries originate from qui tam suits, these changes expand the opportunity for qui tam suits in circumstances of overpayments and regulatory violations where the allegations generally are publicly known.
Although the Supreme Court's decision as to the constitutionality of the individual mandate and Medicaid expansion provisions ensures that implementation of the ACA's antifraud provisions will move forward, the decision does not resolve any constitutional or other challenges to the new ACA FCA provisions and does not foreclose litigation challenges to the separate 2009 or 2010 FCA amendments, including with respect to the issue of retroactivity. In Graham County Soil & Water Conservation District v. United States ex rel. Wilson, 103 S. Ct. 1396 (2010), the Supreme Court indicated that the 2010 FCA amendments were not retroactive and, therefore, should not apply to any claims for government payment pending on or before March 23, 2010. Some courts have suggested that, when considering the 2009 FERA amendments, the appropriate retroactivity test is pending "cases," not pending "claims." Because qui tam suits generally remain under seal for a lengthy period of time, which may be the basis for a legal challenge on other grounds, a company may not know that it has been sued in U.S. District Court until years after a qui tam complaint is filed. Accordingly, courts will have to confront the issue of whether the expanded version of the FCA applies whenever a case is eventually unsealed. Accordingly, retroactivity is likely to be a question of constitutional and legal import for the 2009 and 2010 amendments for a considerable period of time. See, e.g., United States v. Hawley, 812 F. Supp. 2d 949 (N.D. Iowa 2012) (date of claims, not cases, controls and retroactive application of 2009 amendments violates ex post facto clause because of punitive nature of FCA); United States ex rel. Sanders v. Allison Engine Co., 667 F. Supp. 2d 747 (S.D. Ohio 2009) (declining to find 2009 FCA amendments retroactive).
Anti-Kickback Statute Liability Exposure
The ACA's amendments to the federal Anti-Kickback Statute (AKS), 42 U.S.C. § 1320a-7b, have a significant, direct, and sustained impact on the healthcare industry. The AKS creates criminal liability where anyone knowingly and willfully receives, offers, or pays anything of value to influence the referral of a federal healthcare program business, including Medicare and Medicaid. In addition, violations of the AKS have resulted in significant FCA liability for healthcare entities under a so-called tainted claim theory.
Prior to the ACA, the AKS required a demonstration of specific intent to violate the statute on the part of the individual.[3] In Hanlester, the Ninth Circuit held that an individual may violate the AKS "knowingly and willfully" only if he or she (i) knows that the AKS prohibits offering or paying remuneration to induce referrals and (ii) engages in the prohibited conduct with the specific intent to disobey the law.[4] Following Hanlester, there was much discussion and litigation over the definition of "willfully."[5]
As a result of the ACA amendments, current law now clarifies that the AKS reaches knowing and willful conduct absent a showing that an individual knew of the statute's proscriptions and intended to violate them. This new standard has impacted and will continue to impact counseling with respect to transactions and arrangements, and raises the risk of significant criminal and civil fraud exposure for such activities even where there is no specific intent to violate the AKS.
Transparency and the Sunshine Act
The requirements under Section 6002 of the ACA (42 U.S.C. § 1320a-7h), popularly known as the Physician Payment Sunshine Act (Sunshine Act), remain unchanged as a result of the Supreme Court's decision,[6] and the government continues to have an obligation to implement these provisions. Accordingly, those entities meeting the definition of "applicable manufacturers" or "applicable group purchasing organization (GPO)" will need to move forward with their internal payment tracking and reporting systems, while monitoring rule-making efforts by CMS to implement and clarify the Sunshine Act provisions.
In December 2011, CMS issued its long-awaited Sunshine Act proposed rule, more than two months after the October 1 statutory deadline for implementation. In response, CMS received more than 300 comments and recommendations from various representatives of the healthcare sector, including universities and teaching hospitals; physicians; pharmaceutical, medical device, and biotechnology manufacturers; and companies involved in medical education.
Despite pressure from Senators Herbert Kohl (D-WI) and Charles Grassley (R-IA), co-authors of the 2007 Sunshine Act provisions, to release the final rule implementing the ACA's Sunshine Act requirements, CMS announced in May 2012 that the data collection requirement for applicable manufacturers and applicable GPOs would not be imposed before January 1, 2013. CMS has emphasized the need to consider and address industry questions, as well as to provide for sufficient time for implementation to ensure the accuracy of the data collected.
Once finalized, the proposed rule will require applicable manufacturers of covered drugs, devices, biologicals, or medical supplies (collectively, covered products) operating in the United States to annually track and report certain payments or other transfers of value to physicians or teaching hospitals (covered recipients). Although the proposed rule clarified many of the statutory requirements, certain provisions of the proposed rule arguably expand the scope of the statutory provisions beyond what is contained in the ACA and have been challenged in the industry comments. These areas include the following:
- The interpretation of "operating in the United States"
- Redundant reporting requirements related to direct/indirect research
- Reporting requirements for third parties such as Continuing Medical Education (CME) providers
Although the impacted industries have urged CMS to adopt a longer implementation enforcement period, applicable manufacturers and applicable GPOs will have only 90 days after the final rule is issued to begin internal tracking of relevant payments and other transfers of value to covered recipients. Given this short window, companies should continue to ensure that they have implemented internal business processes and data collection systems that will capture all payments covered by the ACA. Failure to comply with the ACA carries a potential penalty ranging from $1,000 to $100,000 for each violation, up to a maximum annual fine of $1 million.
Other ACA Transparency Provisions
CMS has also released guidance on other ACA transparency requirements for hospitals, pharmacy benefit managers, pharmacies, physicians, and nursing homes:
Section |
Status |
Sec. 6001. Physician and Hospital Disclosures § 1877(i)(1)(C) [42 U.S.C. § 1395(i)(1)(C)] |
CMS issued final regulations on Nov. 24, 2010 (75 Fed. Reg. 71,800). |
Sec. 6003. Physician Disclosure Requirements for In-Office Ancillary Services § 1877(b)(2) [42 U.S.C. § 1395(b)(2)] |
CMS issued final regulations on Nov. 29, 2010 (75 Fed. Reg. 73,170). |
Sec. 6004. Prescription Drug Sample Transparency § 1128H [42 U.S.C. § 1320a-7h] |
U.S. Food and Drug Administration (FDA) issued a Draft Guidance for Industry on Compliance Policy for Reporting Drug Sample Distribution (77 Fed. Reg. 20,025) on Apr. 3, 2012, stating that FDA does not intend to object until at least Oct. 1, 2012, if manufacturers and authorized distributors of record do not submit information under those reporting provisions and that the administration intends to provide notice before revising its exercise of discretion with respect to compliance. |
Sec. 6005. Pharmacy Benefit Managers Transparency Requirements § 1150A [42 U.S.C. § 1320b-23] |
CMS issued final regulations on Mar. 27, 2012 (77 Fed. Reg. 18,310) and Apr. 12, 2012 (77 Fed. Reg. 22,072). |
Sec. 6101. Nursing Homes - Required Disclosure of Ownership and Additional Disclosable Parties Information § 1124(c) [42 U.S.C. § 1320a-3(c)] |
CMS issued proposed regulations on May 6, 2011 (76 Fed. Reg. 26,364), but has not yet finalized those regulations. |
Sec. 6104. Nursing Homes - Ensuring Staffing Accountability § 1128I(g) [42 U.S.C. § 1320a-7j(g)] |
CMS issued final regulations on Aug. 8, 2011 (76 Fed. Reg. 48,486). |
Morgan Lewis has developed a Transparency Resource Center to track developments in this area. Questions or comments may be emailed to TransparencyCompliance@morganlewis.com.
Expanded Recovery Audit Contractor Activities
The ACA increases Recovery Audit Contractor[7] audits of providers under Medicaid state plans and expands the Medicare Part D and Medicare Advantage programs. As RAs receive payment based on the amount of improper payments they identify, they recently have been scrutinized for using "bounty hunter" techniques that have prompted congressional oversight hearings. Moreover, Medicaid RAs indirectly came under fire within the last few weeks after a U.S. Government Accountability Office (GAO) report found that Medicaid integrity contractors have been paid $100 million over the last five years but recovered just $20 million in improper payments. In response to congressional outrage expressed at hearings on the GAO report conducted by the Senate Homeland Security and Governmental Affairs Subcommittee, CMS officials have indicated that the agency would not renew contracts with some integrity contractors and that other contractors would be reassigned.
Notwithstanding recent industry and congressional criticism of RAs, these organizations continue to perform audits and make program integrity and fraud referrals to law enforcement. Therefore, it is necessary to structure audit responses to RAs with the same degree of diligence as a direct government request, including documenting interactions with RAs' representatives.
Mandatory Compliance Programs
The ACA mandates that a broad range of providers, suppliers, and physicians adopt compliance programs as a condition of enrollment. Failure to implement certain core compliance program features may create additional opportunities for regulatory and law enforcement scrutiny, as well as potential FCA liability for failure to prevent or identify improper federal healthcare program claims and payments.[8] The existence or lack of robust provider compliance program controls, when combined with the expansion of the FCA and AKS noted above, will likely be the subject of enhanced focus in fraud and abuse investigations and prosecutions.
The ACA's compliance program mandates are divided into two categories—nursing facilities and all other providers/suppliers. The nursing facility compliance program provisions in the ACA are much more detailed and contain an implementation time line that required the Secretary of the U.S. Department of Health and Human Services (HHS), in coordination with the Office of the Inspector General, to issue regulations for "an effective compliance program" by March 23, 2012, a statutory deadline that HHS did not meet. Without the specificity expected in implementing compliance rules, it will be challenging for skilled and other nursing facilities to meet their statutory obligations to have "in operation" compliance and ethics programs that meet the ACA's criteria by March 23, 2013. The requirements as to other providers and suppliers are largely undefined, and there is no specific implementation time line for the development or implementation of these compliance programs. Instead, Congress has left the establishment of core compliance program elements and implementation deadlines to the discretion of HHS, something that HHS also has yet to address.
[1]. For more information detailing fraud and abuse program integrity and transparency provisions, read Morgan Lewis's materials on the matterhere and here.
[2]. CMS indicated that it would publish a proposed rule at a later date to address Medicare Parts C and D overpayments, but reminded the public that, even without final regulation, all stakeholders are subject to the statutory requirements.
[3]. See Hanlester Network v. Shalala, 51 F.3d 1390, 1400 (9th Cir. 1995).
[4]. Id.
[5]. See, e.g., United States v. Jain, 93 F.3d 436, 440 (8th Cir. 1996).
[6]. Medicare, Medicaid, Children's Health Insurance Programs; Transparency Reports and Reporting of Physician Ownership of Investment Interests, 76 Fed. Reg. 78742 (proposed Dec. 19, 2011) (to be codified at 42 C.F.R. pts. 402, 403), available here.
[7]. CMS has changed the nomenclature from Recovery Audit Contractors (RACs) to Recovery Auditors (RAs).
[8]. For more information on ACA implementation, read our July 16, 2012, LawFlash, available online here.