[Federal Register Volume 65, Number 113 (Monday, June 12, 2000)]
[Notices]
[Pages 36818-36835]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-14703]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General


Draft OIG Compliance Program for Individual and Small Group 
Physician Practices

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice and comment period.

-----------------------------------------------------------------------

SUMMARY: This Federal Register notice seeks the comments of interested 
parties on draft compliance guidance developed by the Office of 
Inspector General (OIG) for individual and small group physician 
practices. Through this notice, the OIG is setting forth its general 
views on the value and fundamental principles of individual and small 
group physician practices' compliance programs, and the specific 
elements that these practices should consider when developing and 
implementing an effective compliance program.

DATES: To ensure consideration, comments must be delivered to the 
address provided below by no later than 5 p.m. on July 27, 2000.

ADDRESSES: Please mail or deliver written comments to the following 
address: Office of Inspector General, Department of Health and Human 
Services, Attention: OIG-7P-CPG, Room 5246, Cohen Building, 330 
Independence Avenue, S.W., Washington, D.C. 20201.
    We do not accept comments by facsimile (FAX) transmission. In 
commenting, please refer to file code OIG-7P-CPG. Comments received 
timely will be available for public inspection as they are received, 
generally beginning approximately 2 weeks after publication of a 
document, in Room 5541 of the Office of Inspector General at 330 
Independence Avenue, S.W., Washington, D.C. 20201 on Monday through 
Friday of each week from 8 a.m. to 4:30 p.m.

FOR FURTHER INFORMATION CONTACT: Kimberly Brandt, Office of Counsel to 
the Inspector General, (202) 619-2078.

SUPPLEMENTARY INFORMATION:

Background

    By issuing compliance program guidance, the OIG seeks to engage the 
private health care community in combating fraud and abuse. In the last 
few years, the OIG has developed and issued compliance program guidance 
directed at the following segments of the health care industry: 
Hospitals; home health agencies; clinical laboratories; third-party 
medical billing companies; suppliers of durable medical equipment, 
prosthetics, orthotics and supplies; hospices; Medicare+Choice 
organizations; and nursing facilities. The development of these types 
of compliance program guidance is based on the OIG's belief that health 
care providers and related entities can use internal controls more 
effectively to monitor adherence to applicable Federal health care 
statutes, regulations and program requirements.
    Copies of these compliance program guidances can be found on the 
OIG website at http://www.hhs.gov/oig.

Developing Draft Compliance Program Guidance for Individual and 
Small Group Physician Practices

    On September 8, 1999, the OIG published a solicitation notice 
seeking information and recommendations for developing formal guidance 
for individual and small group physician practices (64 FR 48846). In 
response to that solicitation notice, the OIG received 83 comments from 
various outside sources. In developing this notice for formal public 
comment, we have considered those comments, as well as previous OIG 
publications, such as other compliance program guidance and Special 
Fraud Alerts. In addition, we have also taken into account 
investigations and audits conducted by the OIG, and have consulted with 
the Health Care Financing Administration and the Department of Justice.
    This draft compliance program guidance for individual and small 
group physician practices contains seven elements that the OIG has 
determined are fundamental to an effective compliance program:
     Implementing written policies;
     Designating a compliance officer/contact;

[[Page 36819]]

     Conducting comprehensive training and education;
     Developing accessible lines of communication;
     Conducting internal monitoring and auditing;
     Enforcing standards through well-publicized disciplinary 
guidelines; and
     Responding promptly to detected offenses and undertaking 
corrective action.
    These elements are contained in previous guidance issued by the 
OIG. As with previously-issued guidance, this draft compliance program 
guidance represents the OIG's suggestions on how individual and small 
group physician practices can best voluntarily establish internal 
controls to prevent fraudulent or other improper activities. The 
contents of this guidance are not mandatory or binding, nor is this 
guidance an exclusive discussion of the advisable elements of a 
compliance program.

Public Input and Comment in Developing Final Guidance

    To ensure that all parties have an opportunity to provide input, we 
are publishing this guidance in draft form, and welcome all comments 
from interested parties. The OIG will consider all comments that are 
received within the above-cited time frame, incorporate any specific 
recommendations, as appropriate, and prepare a final version of the 
guidance thereafter for publication in the Federal Register.

Draft Compliance Program Guidance for Individual and Small Group 
Physician Practices

I. Introduction

    This compliance program guidance is intended to assist individual 
and small group physician practices (``physician practices'') \1\ in 
developing and implementing internal controls and procedures that 
promote adherence to statutes and regulations applicable to the Federal 
health care programs (``Federal health care program requirements'') and 
private insurance program requirements. Compliance programs strengthen 
the efforts of Government and the private sector to prevent and reduce 
improper conduct. These programs can also further the mission of all 
physician practices \2\ to provide quality care to their patients.
---------------------------------------------------------------------------

    \1\ For the purpose of this guidance, the term ``physician'' is 
defined as: (1) A doctor of medicine or osteopathy; (2) a doctor of 
dental surgery or of dental medicine; (3) a podiatrist; (4) an 
optometrist; or (5) a chiropractor, all of whom must be 
appropriately licensed by the State. 42 U.S.C. 1395x(r).
    \2\ Much of this guidance can also apply to other independent 
practitioners, such as psychologists, physical therapists, speech 
language pathologists, and occupational therapists.
---------------------------------------------------------------------------

    Many physicians have expressed an interest in better protecting 
their practices from the potential for fraudulent or erroneous conduct 
through the implementation of compliance programs. While the Office of 
Inspector General (OIG) believes that the great majority of physicians 
are honest and share our goal of protecting the integrity of Medicare 
and other Federal health care programs, all health care providers have 
a duty to ensure that the claims submitted to Federal health care 
programs are true and accurate. The development of effective compliance 
programs in physician practices will go a long way toward achieving 
this goal.
    Through this document, the OIG provides its views on the 
fundamental elements of physician practice compliance programs, as well 
as the principles that each physician practice should consider when 
developing and implementing an effective compliance program. While this 
document presents basic procedural and structural guidance for 
designing a compliance program, it is not in and of itself a compliance 
program. Rather, it is a set of guidelines that physician practices 
should consider when developing and implementing a compliance program. 
As stated in previous guidance,\3\ these guidelines are not mandatory. 
Nor do they represent an exclusive document of advisable elements of a 
compliance program. They are a resource to be considered in addition to 
other OIG outreach efforts, as well as other Federal agency efforts to 
promote compliance.\4\
---------------------------------------------------------------------------

    \3\ Currently, the Office of Inspector General has issued 
compliance program guidance for the following eight industry 
sectors: hospitals, clinical laboratories, home health agencies, 
durable medical equipment suppliers, third-party medical billing 
companies, hospices, Medicare+Choice organizations offering 
coordinated care plans, and nursing facilities. All of the guidance 
is available on the OIG website at http://www.hhs.gov/oig in the 
Electronic Reading Room, or by calling the OIG Public Affairs office 
at (202) 619-1343.
    \4\ The OIG periodically issues Advisory Opinions responding to 
specific inquiries concerning the application of the OIG's 
authorities, in particular, the anti-kickback statute, and Special 
Fraud Alerts setting forth activities that raise legal and 
enforcement issues. These documents, as well as reports from the 
OIG's Office of Audit Services (OAS) and Office of Evaluation and 
Inspections (OEI) can be obtained on the Internet at: http://www.hhs.gov/oig. We also recommend that physician practices 
regularly review the Health Care Financing Administration (HCFA) 
website on the Internet at http://www.hcfa.gov, for up-to-date 
regulations, manuals, and program memoranda related to the Medicare 
and Medicaid programs.
---------------------------------------------------------------------------

A. Benefits of a Compliance Program

    The OIG believes that physician practices can gain numerous 
benefits by implementing an effective compliance program. These 
benefits may include:
     The development of effective internal procedures to ensure 
compliance with regulations, payment policies and coding rules;
     Improved medical record documentation;
     Improved education for practice employees;
     A reduction in the denial of claims;
     More streamlined practice operations through better 
communication and more comprehensive policies;
     The avoidance of potential liability arising from 
noncompliance; and
     Reduced exposure to penalties.\5\
---------------------------------------------------------------------------

    \5\ The OIG, for example, will consider the existence of an 
effective compliance program that pre-dated any governmental 
investigation when addressing the appropriateness of administrative 
sanctions. However, the burden is on the physician practice to 
demonstrate the operational effectiveness of the compliance program. 
See 62 FR 67392. In addition, criminal sanctions may be mitigated by 
an effective compliance program that was in place at the time of the 
criminal offense. See United States Sentencing Commission 
Guidelines, Guidelines Manual, 8 A1.2, Application Note 3(d).
---------------------------------------------------------------------------

    An effective compliance program is essential for physician 
practices of all sizes and does not have to be costly or resource-
intensive. With the development of a formal program, a physician 
practice may find it easier to comply with its affirmative duty to 
ensure the accuracy of claims submitted for reimbursement.

B. Application of Compliance Program Guidance

    The OIG recognizes that there is no ``one size fits all'' 
compliance program, especially for physician practices. The 
applicability of these recommendations will depend on the circumstances 
of the particular physician practice. Each practice should undertake 
reasonable steps to respond to each of the seven elements of this 
guidance, depending on the size and resources of that practice.
    Compliance programs not only help to prevent fraudulent or 
erroneous claims, but they may also show that the physician practice is 
making a good faith effort to submit claims appropriately. Physician 
practices should view compliance programs as analogous to practicing 
preventive medicine.
    An effective compliance program also sends an important message to 
a physician practice's employees that while the practice recognizes 
that mistakes will occur, employees have an affirmative, ethical duty 
to come

[[Page 36820]]

forward and report fraudulent or erroneous conduct, so that it may be 
corrected.

C. The Difference Between Fraudulent and ``Erroneous'' Claims to 
Federal Health Programs

    There appear to be significant misunderstandings among physicians 
regarding the critical differences between fraudulent (intentionally or 
recklessly false) health care claims on the one hand and innocent 
``erroneous'' claims on the other. Some physicians feel that Federal 
law enforcement agencies have maligned medical professionals and are 
focused on innocent billing errors. These physicians are under the 
impression that innocent billing errors can subject them to civil 
penalties, or even jail. These feelings and impressions are mistaken.
    To these concerns, OIG would like to make the following points. 
First, we do not disparage physicians, other medical professionals or 
medical enterprises. In our view, the great majority of them are 
working ethically to render high quality medical care to our Medicare 
beneficiaries and to submit proper claims to Medicare.
    Second, under the law, physicians are not subject to civil or 
criminal penalties for innocent errors, or even negligence. The 
Government's primary enforcement tool, the civil False Claims Act, 
covers only offenses that are committed with actual knowledge of the 
falsity of the claim, reckless disregard, or deliberate ignorance of 
the falsity of the claim.\6\ The False Claims Act simply does not cover 
mistakes, errors, or negligence. The other major civil remedy available 
to the Federal Government, the Civil Monetary Penalties Law, has 
exactly the same standard of proof.\7\ The OIG is very mindful of the 
difference between innocent errors (``erroneous claims'') on one hand, 
and reckless or intentional conduct (``fraudulent claims'') on the 
other. For criminal penalties, the standard is even higher--criminal 
intent to defraud must be proved beyond a reasonable doubt. The 
Attorney General of the United States has stated, ``[i]t is not the 
[Justice Department's] policy to punish honest billing mistakes * * * 
[or] mere negligence. * * * These are not cases where we are seeking to 
punish someone for honest billing mistakes.'' \8\
---------------------------------------------------------------------------

    \6\ 31 U.S.C. 3729.
    \7\ 42 U.S.C. 1320a-7a.
    \8\ Reno Willing to Work With Hospitals to Ensure Proper Use of 
False Claims Act, 6 Health Care Pol'y Rep. 261 (1998).
---------------------------------------------------------------------------

    Third, even ethical physicians (and their staffs) make billing 
mistakes and errors through inadvertence or negligence. When billing 
errors, honest mistakes, or negligence result in erroneous claims, the 
physician practice will be asked to return the funds erroneously 
claimed, but without penalties. In other words, erroneous claims result 
only in the return of funds claimed in error.
    Fourth, innocent billing errors are a significant drain on the 
programs and all parties (physicians, providers, carriers, fiscal 
intermediaries, Government agencies, and beneficiaries) need to work 
cooperatively to reduce the overall error rate. But again, it should be 
emphasized that civil or criminal penalty action will not be initiated 
with respect to billing errors due to inadvertence or negligence, or 
for billings based on a negligent medical judgment.
    Finally, it is reasonable for physicians (and other providers) to 
ask: what duty do they owe the Federal health care programs? The answer 
is that all health care providers have a duty to reasonably ensure that 
the claims submitted to Medicare and other Federal health care programs 
are true and accurate. The OIG continues to engage the provider 
community in an extensive, good faith effort to work cooperatively on 
voluntary compliance to minimize errors and to prevent potential 
penalties for improper billings before they occur. We encourage all 
physicians and other providers to join in this effort.

II. Compliance Program Elements

A. The Seven Basic Compliance Elements

    The OIG believes that every effective compliance program should 
begin with a commitment by the physician practice to address all of the 
applicable elements listed below, which are based on the seven elements 
set forth in the Federal Sentencing Guidelines: \9\
---------------------------------------------------------------------------

    \9\ See United States Sentencing Commission Guidelines, 
Guidelines Manual, 8 A1.2, Application Note 3(k). The Federal 
Sentencing Guidelines are detailed policies and practices for the 
Federal criminal justice system that prescribe the appropriate 
sanctions for offenders convicted of Federal crimes.
---------------------------------------------------------------------------

     Establishing compliance standards through the development 
of a code of conduct and written policies and procedures;
     Assigning compliance monitoring efforts to a designated 
compliance officer or contact;
     Conducting comprehensive training and education on 
practice ethics and policies and procedures;
     Conducting internal monitoring and auditing focusing on 
high-risk billing and coding issues through performance of periodic 
audits;
     Developing accessible lines of communication, such as 
discussions at staff meetings regarding fraudulent or erroneous conduct 
issues and community bulletin boards, to keep practice employees 
updated regarding compliance activities;
     Enforcing disciplinary standards by making clear or 
ensuring employees are aware that compliance is treated seriously and 
that violations will be dealt with consistently and uniformly; and
     Responding appropriately to detected violations through 
the investigation of allegations and the disclosure of incidents to 
appropriate Government entities.
    The OIG recognizes that full implementation of all elements may not 
be feasible for all physician practices. However, as a first step, a 
good faith meaningful commitment to compliance will substantially 
contribute to the program's successful implementation. Smaller 
practices should consider addressing each of the elements in a manner 
that best suits the practice. By contrast, larger practices should 
address the elements in a more systematic manner. For example, larger 
practices can use both this guidance and the Third-Party Medical 
Billing Compliance Program Guidance to create a compliance program 
unique to the practice.\10\
---------------------------------------------------------------------------

    \10\ Available on the OIG website at http://www.hhs.gov/oig.
---------------------------------------------------------------------------

    The OIG recognizes that physician practices need to find the best 
way to achieve compliance for their given circumstances. Specifically, 
the OIG encourages physician practices to participate in other 
compliance programs, such as the compliance programs of the hospitals 
or other settings in which the physicians practice. A physician's 
participation in another provider's compliance program could be a way, 
at least partly, to satisfy recommended elements of the physician's or 
physician practice's own compliance program. The OIG encourages this 
type of collaborative effort, where the content is appropriate to the 
setting involved, because it provides a means to promote the desired 
objective without imposing an undue burden or requiring physicians to 
undertake duplicative action.

B. Written Policies and Procedures

    Any effective compliance program should have compliance standards 
and procedures that will be followed by the practice and that describe 
the lines of responsibility for implementing the compliance program. 
Those standards and procedures should be reasonably capable of reducing 
the prospect of

[[Page 36821]]

fraudulent activity while also helping to identify any incorrect 
billing practices.
1. Code of Conduct
    Developing standards of conduct is the first step to an effective 
compliance program. A good way to begin creating a standard of conduct 
for a physician practice is by looking at the standards of conduct 
implemented by other physician practices and/or by requesting 
information from professional associations to get ideas as to the items 
to include in a standard of conduct. However, it is important that the 
physician practice not simply copy another practice's standards. The 
standards of conduct for the physician practice should be specific to 
that practice. This can be accomplished by tailoring the standards of 
conduct to address the particularized needs of the practice.
    The practice's expectations with respect to billing and coding, 
patient care, documentation, and payer relationships should be made 
clear to practice employees in the form of a code of conduct. This can 
also be succinctly stated in a practice mission statement. For example, 
employees should be told that the practice bills only for services that 
are actually rendered, codes accurately, documents medical necessity 
and appropriateness, and adheres to all payer contracts.
    The concept of commitment to compliance is different from the mere 
existence of written policies and procedures. This commitment should be 
clearly established during training and in the practice's policies. 
Everyone in the practice should understand the obligation to comply 
with the applicable standards. They should be informed and understand 
that the organization will take actions to uphold those standards. Upon 
development, the code of conduct and policies should be distributed 
and/or made continually available to all employees, contractors and 
agents, once implemented. These materials should be reviewed at least 
annually and revised as necessary.
2. Policies and Procedures
    The code of conduct should be reinforced with basic policies 
reaffirming the key points in the code of conduct. The practice's 
policies should explain in clear and plain language the procedures by 
which compliance measures are to be incorporated into standard 
operating practices.
    The OIG believes that written policies and procedures are essential 
to all physician practices, regardless of size and capability. If a 
lack of resources to develop such policies is genuinely an issue, the 
OIG recommends that a physician practice focus first on those risk 
areas most likely to arise in its particular practice.\11\ 
Additionally, if the physician practice relies on a physician practice 
management company (PPMC) or management services organization (MSO), 
the practice can incorporate the compliance policies of those entities, 
if appropriate, into its own policies.
---------------------------------------------------------------------------

    \11\ Practices with laboratories or arrangements with third-
party billing companies should check the risk areas included in the 
guidance for those industries. The guidance is available on the OIG 
website at http://www.hhs.gov/oig.
---------------------------------------------------------------------------

    Physician practices can meet the goal of developing policies and 
procedures by: (1) Developing a written compliance manual; and (2) 
updating clinical forms periodically to make sure they elicit the data 
required for the different levels of coding. All written policies and 
procedures should be tailored to the physician practice where they will 
be applied.
    Areas in which a policy may be helpful to the practice include:
     Employee hiring and retention;
     Creation and maintenance of encounter forms, including the 
registration form, history and physical form and charge master 
(superbill and patient statement);
     Coding and billing competency and responsibilities;
     Correct coding initiatives;
     Patient outreach and communication;
     General marketing; and
     Patient quality of care.
    Creating a resource manual from publicly available information may 
be a cost-effective approach for developing policies and procedures. 
For example, the practice can develop a ``binder'' that contains the 
practice's written policies and procedures, relevant HCFA directives 
and carrier bulletins, and summaries of informative OIG documents 
(e.g., Special Fraud Alerts, Advisory Opinions, inspection and audit 
reports). This binder should be regularly updated and should be 
accessible to all employees. It could also include a summary of the 
relevant reimbursement requirements of Federal and private payer plans 
(including those relating to reasonable and necessary services, coding 
and documentation).\12\ In the case of more technical materials, it may 
be advisable to provide summaries in the handbook and make the source 
documents available upon request. If individualized copies of this 
handbook are not made available to all employees, then a reference copy 
should be available in a readily accessible location.
---------------------------------------------------------------------------

    \12\ There are many published summaries of reimbursement 
requirements of varying specificity and quality. Various specialty 
and trade associations may also have developed such summaries.
---------------------------------------------------------------------------

    If updates to the policies and procedures are necessary, those 
updates should be given to employees. New employees should receive both 
the code of conduct and policies when hired and be trained on their 
contents immediately thereafter. As part of the compliance effort, the 
distribution of the code and policies should be documented.
3. Specific Risk Areas
    The OIG recognizes that many physician practices may not have in 
place policies and procedures to prevent fraudulent or erroneous 
conduct in their practices. In order to develop policies and 
procedures, the physician practice should determine what types of fraud 
and abuse related topics need to be addressed based on its specific 
needs. One of the most important things in making that determination is 
a listing of risk areas where the practice may be vulnerable.
    To assist physician practices in performing this initial 
assessment, the OIG has developed a list of potential risk areas 
affecting physician providers. These risk areas include: (a) Coding and 
billing; (b) reasonable and necessary services; (c) documentation and 
(d) improper inducements, kickbacks and self-referrals. This list of 
risk areas is not exhaustive, or all encompassing. Rather, it should be 
viewed as a starting point for an internal review of potential 
vulnerabilities within the physician practice.\13\ The objective of 
such an assessment should be to ensure that key personnel in the 
physician practice is aware of these risk areas and that steps are 
taken to minimize, to the extent possible, the types of problems 
identified. While there are many ways to accomplish this objective, 
clear written policies and procedures that are communicated to all 
employees are important to ensure the effectiveness of a compliance 
program. Specifically, the following are discussions of risk areas for 
physicians: \14\
---------------------------------------------------------------------------

    \13\ The OIG recommends that, in addition to the list set forth 
below, physicians review the OIG's Work Plan to identify 
vulnerabilities and risk areas on which the OIG will focus in the 
future. In addition, it is recommended that physician practices 
review the OIG's semiannual reports, which identify program 
vulnerabilities and risk areas that the OIG has targeted during the 
preceding six months. All of these documents are available on the 
OIG's webpage at http://www.hhs.gov/oig.
    \14\ A listing of additional risk areas that a physician 
practice may want to include in its policies can be found at 
Appendix A of this document.

---------------------------------------------------------------------------

[[Page 36822]]

    a. Coding and Billing. The identification of risk areas associated 
with coding and billing should be a major part of any physician 
practice's compliance program.
    The following risk areas associated with billing have been among 
the most frequent subjects of investigations and audits by the OIG:
     Billing for items or services not rendered or not provided 
as claimed;\15\
---------------------------------------------------------------------------

    \15\ For example, Dr. X, an ophthalmologist, bills for laser 
surgery he did not perform. As proof, he did not even have laser 
equipment or access to such equipment at the place of service 
designated on the claim form to perform the surgery.
---------------------------------------------------------------------------

     Submitting claims for equipment, medical supplies and 
services that are not reasonable and necessary;\16\
---------------------------------------------------------------------------

    \16\ Billing for services which are not reasonable and 
necessary, supplies and equipment involves seeking reimbursement for 
a service that is not warranted by a patient's documented medical 
condition. See 42 U.S.C. 1395i(a)(1)(A) (``no payment may be made 
under part A or part B [of Medicare] for any expenses incurred for 
items or services which * * * are not reasonable and necessary for 
the diagnosis or treatment of illness or injury or to improve the 
functioning of the malformed body member''). See also Appendix A for 
further discussion on this topic.
---------------------------------------------------------------------------

     Double billing;\17\
---------------------------------------------------------------------------

    \17\ Double billing occurs when the physician bills for the same 
item or service more than once or when another party bills the 
Federal health care program for an item or service also billed by 
the physician. Although duplicate billing can occur due to simple 
error, the knowing submission of duplicate claims--which is 
sometimes evidenced by systematic or repeated double billing--can 
create liability under criminal, civil, and/or administrative law.
---------------------------------------------------------------------------

     Billing for non-covered services as if covered;
     Knowing misuse of provider identification numbers, which 
results in improper billing;\18\
---------------------------------------------------------------------------

    \18\ Of particular concern, physician practices should be aware 
of the provisions of reassignment of benefits. These provisions 
govern who may receive payment due to a provider or supplier of 
services or a beneficiary. See 42 CFR 424.70-424.80. See also 
Medicare Carrier Manual Sec. 3060.10.
---------------------------------------------------------------------------

     Billing for unbundled services;\19\
---------------------------------------------------------------------------

    \19\ Unbundling is the practice of a physician billing for 
multiple components of a service that must be included in a single 
fee. For example, if dressings and instruments are included in a fee 
for a minor procedure, the provider may not also bill separately for 
the dressings and instruments.
---------------------------------------------------------------------------

     Failure to properly use coding modifiers;\20\
---------------------------------------------------------------------------

    \20\ A modifier, as defined by the CPT-4 manual, provides the 
means by which the physician practice can indicate a service or 
procedure that has been performed has been altered by some specific 
circumstance, but not changed in its definition or code. Assuming 
the modifier is used correctly and appropriately, this specificity 
provides the justification for payment for those services. For 
correct use of modifiers, the physician practice should reference 
the appropriate sections of the Medicare Carrier Manual. See 
Medicare Carrier Manual Sec. 4630. For general information on the 
correct use of modifiers, the physician practice should also consult 
the National Correct Coding Initiative (NCCI) system. See Appendix F 
for information on how to access the NCCI system. The NCCI coding 
edits are updated on a quarterly basis and are used to process 
claims and determine payments to physicians.
---------------------------------------------------------------------------

     Upcoding the level of service provided.\21\
---------------------------------------------------------------------------

    \21\ Upcoding is billing for a more expensive service than the 
one actually performed. For example, Dr. X defrauds Medicare by 
intentionally billing at a higher evaluation and management (E & M) 
code than what he actually renders to the patient. Upcoding has been 
a major focus of the OIG's law enforcement efforts. In fact, the 
Health Insurance Portability and Accountability Act of 1996 added 
another civil monetary penalty to the OIG's sanction authorities for 
upcoding violations. See 42 U.S.C. 1320a-7a(a)(1)(A).
---------------------------------------------------------------------------

    The written policies and procedures concerning proper coding should 
reflect the current reimbursement principles set forth in applicable 
statutes, regulations \22\ and Federal, State or private payer health 
care program requirements and should be developed in tandem with coding 
and billing standards used in the physician practice. Furthermore, 
written policies and procedures should ensure that coding and billing 
are based on medical record documentation. Particular attention should 
be paid to issues of appropriate diagnosis codes and individual 
Medicare Part B claims (including documentation guidelines for 
evaluation and management services).\23\ The physician practice should 
also institute a policy that all rejected claims pertaining to 
diagnosis and procedure codes be reviewed by the coder. This should 
facilitate a reduction in similar errors.
---------------------------------------------------------------------------

    \22\ The official coding guidelines are promulgated by HCFA, the 
National Center for Health Statistics, the American Medical 
Association and the American Health Information Management 
Association. See International Classification of Diseases, 9th 
Revision, Clinical Modification (ICD-9 CM) (and its successors); 
1998 Health Care Financing Administration Common Procedure Coding 
System (HCPCS) (and its successors); and Physicians' Current 
Procedural Terminology (CPT). In addition, there are specialized 
coding systems for specific segments of the health care industry. 
Among these are ADA (for dental procedures), DSM IV (psychiatric 
health benefits) and DMERCs (for durable medical equipment, 
prosthetics, orthotics and supplies).
    \23\ The failure of a physician practice to: (i) document items 
and services rendered; and (ii) properly submit them for 
reimbursement is a major area of potential fraudulent or erroneous 
conduct involving Federal health care programs. The OIG has 
undertaken numerous audits, investigations, inspections and national 
enforcement initiatives aimed at reducing potential and actual 
fraud, abuse and waste in these areas.
---------------------------------------------------------------------------

    b. Reasonable and Necessary Services. The compliance program should 
provide guidance that claims be submitted only for services that the 
physician practice finds to be reasonable and necessary in the 
particular case. The OIG recognizes that physicians should be able to 
order any tests, including screening tests, they believe are 
appropriate for the treatment of their patients. However, the physician 
practice should be aware that Medicare will only pay for services that 
meet the Medicare definition of reasonable and necessary.\24\
---------------------------------------------------------------------------

    \24\ See 42 U.S.C. 1395y(a)(1)(A).
---------------------------------------------------------------------------

    Medicare (and many insurance plans) may deny payment for a service 
that the physician believes is clinically appropriate, but which is not 
reasonable and necessary. Thus, when a physician provides services to a 
patient, he or she should only bill those services believed to be 
reasonable and necessary for the diagnosis and treatment of a patient. 
Upon request, the physician practice should be able to provide 
documentation, such as a patient's medical records and physician's 
orders, to support the appropriateness of a service that the physician 
has provided.
    c. Documentation. Timely, accurate and complete documentation is 
critical to nearly every aspect of a physician practice. Therefore, one 
of the most important physician practice compliance issues is the 
appropriate documentation of diagnosis and treatment. Physician 
documentation is necessary to determine the appropriate medical 
treatment for the patient and is the basis for coding and billing 
determinations. Most importantly, failure to document properly has the 
potential to compromise good patient care. Thorough and accurate 
documentation helps to ensure accurate recording and timely 
transmission of information.
    i. Medical Record Documentation. In addition to facilitating high 
quality patient care, a properly documented medical record verifies and 
documents precisely what services were actually provided. The medical 
record may be used to validate: (a) The site of the service; (b) the 
appropriateness of the services provided; and (c) the accuracy of the 
billing. Accurate medical record documentation should comply, at a 
minimum, with the following principles: \25\
---------------------------------------------------------------------------

    \25\ For additional information on proper documentation, 
physician practices should also reference the Documentation 
Guidelines for Evaluation and Management (E and M) Services, 
published by HCFA. These guidelines are available on the Internet at 
http://www.hcfa.gov/medicare/mcarpti.htm.
---------------------------------------------------------------------------

     The medical record should be complete and legible;
     The documentation of each patient encounter should include 
the reason for the encounter; any relevant history; physical 
examination findings; prior diagnostic test results; assessment, 
clinical impression, or diagnosis; plan

[[Page 36823]]

of care; and date and legible identity of the observer;
     If not documented, the rationale for ordering diagnostic 
and other ancillary services should be easily inferred by an 
independent reviewer or third party. Past and present diagnoses should 
be accessible to the treating and/or consulting physician; and
     Appropriate health risk factors should be identified. The 
patient's progress, his or her response to, and any changes in, 
treatment, and any revision in diagnosis should be documented.
    The CPT and ICD-9-CM codes reported on the health insurance claims 
form should be supported by documentation in the medical record and the 
medical chart should contain all required information. Additionally, 
HCFA and the local carriers should be able to determine who provided 
the services. These issues can be the root of investigations of 
inappropriate or erroneous conduct, and have been identified by HCFA 
and OIG as a leading cause of inappropriate payments.
    ii. HCFA 1500 Form. Another documentation area that physician 
practices should monitor closely is the proper completion of the HCFA 
1500 form. The following practices will help ensure that the form has 
been properly completed:
     Link the diagnosis code with the steps taken to perform an 
examination and the record of personal history obtained;
     Link a single most appropriate diagnosis with the 
corresponding procedure code;
     Use modifiers appropriately; and
     Provide Medicare with all information about a patient's 
other insurance coverage.
    d. Kickbacks, Inducements and Self-Referrals. A physician practice 
should have policies and procedures to ensure compliance with the anti-
kickback statute,\26\ and the physician self-referral law.\27\ 
Remuneration for referrals is illegal because it can distort medical 
decision-making, cause overutilization of services or supplies, 
increase costs to Federal health care programs, and result in unfair 
competition by shutting out competitors who are unwilling to pay it. 
Remuneration for referrals can also affect the quality of patient care 
by encouraging physicians to order services or supplies based on profit 
rather than the patients' best medical interests.\28\
---------------------------------------------------------------------------

    \26\ The anti-kickback statute provides criminal penalties for 
individuals and entities that knowingly offer, pay, solicit, or 
receive bribes or kickbacks or other remuneration in order to induce 
business reimbursable by Federal health care programs. See 42 U.S.C. 
1320a-7b(b). Civil penalties, exclusion from participation in the 
Federal health care programs, and civil False Claims Act liability 
may also result from a violation of the prohibition. See 42 U.S.C. 
1320a-7a(a)(5), 42 U.S.C. 1320a-7(b)(7), and 31 U.S.C. 3729-3733.
    \27\ The physician self-referral law, 42 U.S.C. 1395nn, (also 
known as the ``Stark law''), prohibits a physician from making a 
referral to an entity with which the physician or any member of the 
physician's immediate family has a financial relationship if the 
referral is for the furnishing of designated health services, unless 
the financial relationship fits into an exception set forth in the 
statute or implementing regulations.
    \28\ See Appendix B for additional information on the anti-
kickback statute.
---------------------------------------------------------------------------

    In particular, arrangements with hospitals, hospices, nursing 
facilities, home health agencies, durable medical equipment suppliers 
and vendors are areas of potential concern. In general the anti-
kickback statute prohibits knowing and willfully giving or receiving 
anything of value to induce referrals of Federal health care program 
business. It is generally recommended that all business arrangements 
wherein physician practices refer business to an outside entity should 
be on a fair market value basis.\29\ Whenever a physician practice 
intends to enter into a business arrangement that involves its making 
referrals, the arrangement should be reviewed by counsel familiar with 
the anti-kickback statute and physician self-referral statute.
---------------------------------------------------------------------------

    \29\ The OIG's definition of ``fair market value'' is not the 
typical commercial definition of this term. The OIG's definition of 
this term excludes any value attributable to referrals of Federal 
program business on the ability to influence the flow of such 
business. Adhering to the rule of keeping business arrangements at 
fair market value is not a guarantee of legality, but is a highly 
useful general rule.
---------------------------------------------------------------------------

    In addition to developing policies to address arrangements with 
other health care providers and suppliers, physician practices should 
implement measures to avoid offering inappropriate inducements to 
patients.\30\ Examples of such inducements include routinely waiving 
coinsurance or deductible amounts without a good faith determination 
that the patient is in financial need or failing to make reasonable 
efforts to collect the cost-sharing amount.\31\
---------------------------------------------------------------------------

    \30\ See 42 U.S.C. 1128A(a)(5).
    \31\ In the OIG Special Fraud Alert ``Routine Waiver of Part B 
Co-payments/ Deductibles'' (May 1991), the OIG describes several 
reasons why routine waivers of these cost-sharing amounts pose 
concerns. The Alert sets forth the circumstances under which it may 
be appropriate to waive these amounts. See also 42 U.S.C. 1320a-
7a(a)(5).
---------------------------------------------------------------------------

    Possible risk areas that should be addressed in the policies and 
procedures include:
     Financial arrangements with outside entities to whom the 
practice may refer Federal health care program business;\32\
---------------------------------------------------------------------------

    \32\ All physician contracts and agreements with parties in a 
position to influence Federal health care program business or to 
whom the doctor is in such a position to influence should be 
reviewed to avoid violation of the anti-kickback, self-referral, and 
other relevant Federal and State laws. The OIG has published safe 
harbors that define practices not subject to the anti-kickback 
statute, because such arrangements would be unlikely to result in 
fraud or abuse. Failure to comply with a safe harbor provision does 
not make an arrangement per se illegal. Rather, the safe harbors set 
forth specific conditions that, if fully met, would assure the 
entities involved of not being prosecuted or sanctioned for the 
arrangement qualifying for the safe harbor. One such safe harbor 
applies to personal services contracts. See 42 CFR 1001.952(d).
---------------------------------------------------------------------------

     Joint ventures with entities supplying goods or services 
to the physician practice or its patients;\33\
---------------------------------------------------------------------------

    \33\ See OIG Special Fraud Alert ``Joint Venture Arrangements'' 
(August 1989) available on the OIG website at http://www.hhs.gov/oig. See also OIG Advisory Opinion 97-5.
---------------------------------------------------------------------------

     Consulting contracts or medical directorship;
     Office and equipment leases with entities to which the 
physician refers; and
     Soliciting, accepting or offering any gift or gratuity of 
more than nominal value to or from those who may benefit from a 
physician practice's referral of Federal health care program 
business.\34\
---------------------------------------------------------------------------

    \34\ Physician practices should establish clear policies 
governing gift-giving because such exchanges may be viewed as 
inducements to influence business decisions. Practice policies 
should emphasize that accepting gifts of any kind may influence the 
employee's independent judgment. To the extent such gifts are 
accepted, they should be reported to the designated person charged 
with recording such information for the practice.
---------------------------------------------------------------------------

    In order to keep current with this area of the law, a physician 
practice may obtain copies, available on the OIG website, of all 
relevant OIG Special Fraud Alerts and Advisory Opinions that address 
the application of the anti-kickback and physician self-referral laws 
to ensure that the policies reflect current positions and opinions.\35\
---------------------------------------------------------------------------

    \35\ Practices should also check the HCFA website for the most 
recent regulations regarding these issues.
---------------------------------------------------------------------------

    4. Retention of Records. A physician practice's policies and 
procedures should also contain a section on the retention of 
compliance, business and medical records. These records primarily 
include documents relating to patient care and the practice's business 
activities. The physician practice's designated compliance officer 
should keep an updated binder or record of compliance-related 
activities. This involves, at a minimum, keeping track of compliance 
meetings, educational activities, and internal audit results. 
Particular attention should be paid to documenting violations uncovered 
by the compliance program and the resulting remedial action.

[[Page 36824]]

    Physician practices that implement a compliance program should 
provide for the development and implementation of a records retention 
system. This system should establish policies and procedures regarding 
the creation, distribution, retention, and destruction of documents. In 
designing a record system, privacy concerns and Federal and State 
regulatory requirements should be taken into consideration. In addition 
to maintaining appropriate and thorough medical records on each 
patient, the OIG recommends that the system include the following types 
of documents:
     All records and documentation (e.g., billing and claims 
documentation) required for participation in Federal, State, and 
private payer health care programs; and
     All records necessary to demonstrate the integrity of the 
physician practice's compliance process and to confirm the 
effectiveness of the program.\36\
---------------------------------------------------------------------------

    \36\ Among the materials useful in documenting the compliance 
program are employee certifications relating to training and other 
compliance initiatives, copies of compliance training materials, and 
any corresponding reports of investigation, outcomes, and employee 
disciplinary actions. In addition, the physician practice should 
keep all relevant correspondence with carriers, private payer 
insurers, and HCFA.
---------------------------------------------------------------------------

    While conducting its compliance activities, as well as its daily 
operations, a physician practice should document its efforts to comply 
with applicable Federal health care program requirements. For example, 
when a physician practice requests advice from a Government agency 
(including a Medicare fiscal intermediary or carrier) charged with 
administering a Federal health care program, the practice should 
document and retain a record of the request and any written or oral 
response. This step is extremely important if the practice intends to 
rely on that response to guide it in future decisions, actions, or 
claim reimbursement requests or appeals. A log of oral inquiries 
between the practice and third parties, such as carrier 
representatives, will help the practice document its attempts at 
compliance. In addition, in a subsequent investigation these records 
may become relevant to the issue of whether the practice's reliance was 
``reasonable'' and whether it exercised due diligence in developing 
procedures and practices to implement the advice.
    In short, all physician practices, regardless of size, should have 
procedures to create and retain appropriate documentation. The 
following record retention guidelines should be followed:
     The length of time that a physician's medical record 
documentation is to be retained should be specified in the physician 
practice's policies and procedures (Federal and State statutes should 
be consulted for specific time frames);
     Medical records should be secured against loss, 
destruction, unauthorized access, unauthorized reproduction, 
corruption, or damage; and
     Policies and procedures should stipulate the disposition 
of medical records in the event the practice is sold or closed.

C. Designation of a Compliance Officer/Contact

    To administer the compliance program, the practice should designate 
an individual who is responsible for overseeing the compliance program. 
This person, often called a ``compliance officer,'' may have duties in 
addition to serving in this role. This person could be the office 
manager or the primary biller. The key, however, is that the person be 
sufficiently independent in his or her position so as to protect 
against any conflicts of interest that may arise from performing 
assigned duties and compliance duties. Additional attributes and 
qualifications that this person should possess include:
     Attention to detail;
     Experience in billing and coding; and
     Effective communication skills, both oral and written, 
with employees, physicians and carriers.
    It is acceptable for a physician practice to designate more than 
one employee with compliance monitoring responsibility. In lieu of 
having a designated compliance officer, the physician practice could 
instead describe in its policies and procedures the compliance 
functions for which designated employees, known as ``compliance 
contacts,'' would be responsible. For example, one employee could be 
responsible for preparing written policies and procedures, while 
another could be responsible for conducting or arranging for periodic 
audits and ensuring that billing questions are answered. Therefore, the 
compliance-related responsibilities of the designated person or persons 
may be only a portion of his or her duties.
    Another possibility is that one individual could serve as 
compliance officer for more than one entity. In situations where 
staffing limitations mandate that the practice cannot afford to 
designate a person(s) to oversee compliance activities, the practice 
could outsource all or part of the functions of a compliance officer to 
a third party, such as a consultant, PPMC, MSO, Independent Physician 
Association, billing company or professional association. However, if 
this role is outsourced, the compliance officer should have sufficient 
interaction with the physician practice to be able to effectively serve 
as the compliance officer. Outsourced compliance officers, who spend 
most of their time offsite, will naturally have certain limitations 
that a physician practice should consider before making such a critical 
decision.
    The primary responsibilities assigned to a compliance officer/
contact should include the following:
     Overseeing and monitoring the implementation of the 
compliance program;
     Establishing methods, such as periodic audits, to improve 
the practice's efficiency and quality of services, and to reduce the 
practice's vulnerability to fraud and abuse;
     Periodically revising the compliance program in light of 
changes in the needs of the practice or changes in the law and in the 
policies and procedures of Government and private payer health plans;
     Developing, coordinating and participating in a training 
program that focuses on the elements of the compliance program, and 
seeks to ensure that training materials are appropriate;
     Ensuring that the HHS-OIG's List of Excluded Individuals 
and Entities, and the General Services Administration's List of Parties 
Debarred from Federal Programs have been checked with respect to all 
employees, medical staff and independent contractors;\37\
---------------------------------------------------------------------------

    \37\ The HHS-OIG ``List of Excluded Individuals/Entities'' 
provides information to health care providers, patients, and others 
regarding individuals and entities that are excluded from 
participation in Federal health care programs. This report, in both 
an on-line searchable and downloadable database, can be located on 
the Internet at http://www.hhs.gov/oig. The OIG sanction information 
is readily available to users in two formats on over 15,000 
individuals and entities currently excluded from program 
participation through action taken by the OIG. The on-line 
searchable database allows users to obtain information regarding 
excluded individuals and entities sorted by: (1) The legal bases for 
exclusions; (2) the types of individuals and entities excluded by 
the OIG; and (3) the States where excluded individuals reside or 
entities do business. In addition, the General Services 
Administration maintains a monthly listing of debarred contractors, 
``List of Parties Debarred from Federal Programs,'' at http://www.arnet.gov/epls.
---------------------------------------------------------------------------

     Ensuring that employees and physicians know, and comply 
with, pertinent Federal and State statutes, regulations and standards;

[[Page 36825]]

     Investigating any report or allegation concerning possible 
unethical or improper business practices, and monitoring subsequent 
corrective action and/or compliance.
    Each physician practice needs to assess its own practice situation 
and determine what best suits that practice in terms of compliance 
oversight.

D. Conducting Effective Training and Education

    Education is an important part of any compliance program. Education 
programs should be tailored to the physician practice's needs and 
include both compliance and specific training. Training expectations 
should be commensurate with the size and speciality of the practice.
    There are three basic steps for setting up educational objectives:
     Determining who needs training (both in coding and billing 
and in compliance);
     Determining the type of training that best suits the 
practice's needs (e.g., seminars, in-service training, self-study or 
other programs); and
     Determining when the education is needed and how much each 
person should receive.
    Training can be accomplished through a variety of means, including 
in-person training sessions (i.e., either on site or at outside 
seminars), distribution of newsletters, \38\ or even a readily 
accessible office bulletin board. Regardless of the training modality 
used, a physician practice should ensure that the necessary education 
is communicated effectively. Simply providing individuals with 
documents for their own reading and comprehension is seldom sufficient.
---------------------------------------------------------------------------

    \38\ HCFA also offers free online training for general fraud and 
abuse issues at http://www.medicaretraining.com. See Appendix F for 
additional information.
---------------------------------------------------------------------------

1. Compliance Training
    Under the direction of the designated compliance officer/contact, 
both initial and recurrent training in compliance is advisable, both 
with respect to the compliance program itself and applicable statutes 
and regulations. The operation and importance of the compliance 
program, the consequences of violating the policies set forth in the 
program, and the role of each employee in the operation of the 
compliance program should also be addressed.
    Compliance training should have two goals: (1) All employees should 
receive training on how to perform their jobs in compliance with the 
standards of the practice and any applicable regulations; and (2) each 
employee should understand that compliance is a condition of continued 
employment. Compliance training should center on explaining why the 
practice is developing and establishing a code of conduct and written 
policies and procedures. The training should emphasize that following 
the policies will not get a practice employee in trouble, but violating 
the policies will. New employees should be trained on the compliance 
program within 60 days of their start date and such training should be 
documented. Thereafter, employees should receive refresher training on 
an annual basis or as appropriate.
2. Coding and Billing Training
    Coding and billing training on the Federal health care program 
requirements may be necessary for certain members of the physician 
practice staff depending on their respective responsibilities. 
Individuals who are directly involved with billing, coding or other 
aspects of the Federal health care programs should receive extensive 
education specific to that individual's responsibilities. Items to 
cover in coding and billing training can include:
     Coding requirements;
     Claim development and submission processes;
     Marketing practices that reflect current legal and program 
standards;
     The ramifications of submitting a claim for physician 
services when rendered by a non-physician;
     Signing a form for a physician without the physician's 
authorization;
     The ramifications of altering medical records;
     Proper documentation of services rendered;
     How to report misconduct;
     Proper billing standards and procedures and submission of 
accurate bills for services or items rendered to Federal health care 
program beneficiaries;
     The personal obligation of each person involved in the 
billing process to ensure claims are properly and accurately submitted;
     The legal sanctions for submitting deliberately false or 
reckless billings;
     Informing physicians that they cannot receive payment or 
any type of incentive to induce referrals and that claims should not be 
submitted for physician services when those services are rendered by a 
non-physician (unless they follow the applicable Federal health care 
program requirements, e.g., ``incident to'' rules).
3. Format of the Training Program
    Training may be conducted either in-house or by an outside 
source.\39\ Training at outside seminars, instead of internal programs 
and in-service sessions, can be an effective way to achieve the 
practice's training goals. In fact, many community colleges offer 
certificate or associate degree programs in billing and coding, and 
professional associations provide various kinds of continuing education 
and certification programs. Many carriers also offer billing training.
---------------------------------------------------------------------------

    \39\ Another way for physician practices to receive effective 
training is for the physicians and/or the employees of the practice 
to attend training programs offered by larger entities, such as a 
hospital, a local medical society or a carrier. This sort of 
collaborative effort is an excellent way for the practice to meet 
the desired training objective without having to expend the 
resources to develop and implement in-house training.
---------------------------------------------------------------------------

    As part of the training, practices should make sure all employees 
are familiar with at least the key risk areas in this guidance and 
areas of particular OIG interest as identified in the OIG's Work Plan 
published each year.\40\ The physician practice also needs to work with 
its third-party billing company, if one is used, to ensure that 
documentation is of a level that is adequate for the billing company to 
submit accurate claims on behalf of the physician practice. If it is 
not, these problem areas should also be covered in the training. In 
addition to the billing training, physician practices should be certain 
that updated ICD-9, HCPCS and CPT manuals (in addition to the carrier 
bulletins construing those sources) are available to all employees 
involved in the billing process. A source of continuous updates on 
current billing policies should also be readily available.\41\
---------------------------------------------------------------------------

    \40\ The OIG's work plan is currently available on the Internet 
at http://www.hhs.gov/oig. The OIG Work Plan details the various 
projects the OIG intends to address in the fiscal year. The Work 
Plan contains the projects of the Office of Audit Services, Office 
of Evaluation and Inspections, Office of Investigations and the 
Office of Counsel to the Inspector General.
    \41\ Some publications, such as OIG's Special Fraud Alerts, 
audit and inspection reports, and Advisory Opinions are readily 
available from the OIG and can provide a basis for educational 
courses and programs for physician practice employees. These can be 
obtained through the Internet. See Appendix F.
---------------------------------------------------------------------------

    Physician practices are not required to have separate education and 
training programs for both the compliance and coding and billing 
training. All in-service training and continuing education can 
integrate compliance issues, as well as other core values adopted by 
the practice, such as quality improvement and improved patient service, 
into their curriculum.

[[Page 36826]]

4. Continuing Education on Compliance Issues
    There is no set formula for determining how often training sessions 
should occur.\42\ The OIG recommends that there be at least an annual 
training program for all individuals involved in the coding and billing 
aspects of the practice. New billing and coding employees should be 
trained within 60 days of assuming their duties and should work under 
an experienced employee until their training has been completed.
---------------------------------------------------------------------------

    \42\ Currently, the OIG is monitoring a significant number of 
corporate integrity agreements that require many of these training 
elements. The OIG usually requires a minimum of one hour annually 
for basic training in compliance areas. Additional training is 
required for specialty fields such as claims development and 
billing.
---------------------------------------------------------------------------

E. Developing Effective Lines of Communication

    An open line of communication is essential to proper implementation 
of an effective compliance program. Guidance previously issued by the 
OIG has encouraged the use of several forms of communication between 
the compliance officer/committee and provider personnel, many of which 
focus on formal processes and are more costly to implement (e.g., 
hotlines and e-mail). However, the OIG recognizes that the nature of 
some physician practices is not as conducive to implementing these 
types of measures. The nature of a small physician practice dictates 
that such communication and information exchanges need to be conducted 
through a less formalized process than that which has been envisioned 
by prior OIG guidance.
    In the small physician practice setting, the communication element 
can be met by implementing a clear ``open door'' policy between the 
physicians and compliance personnel and practice employees. This policy 
can be implemented in conjunction with less formal communication 
techniques, such as conspicuous notices posted in common areas and/or 
the development and placement of a compliance bulletin board where 
everyone in the practice can go for up-to-date compliance 
information.\43\
---------------------------------------------------------------------------

    \43\ In addition to whatever other method of communication is 
being utilized, practices should post in a prominent area the HHS-
OIG Hotline telephone number (1-800-HHS-TIPS). See Appendix D for 
additional information.
---------------------------------------------------------------------------

    A compliance program's system for effective communication should 
include the following:
     The requirement that employees report conduct that a 
reasonable person would, in good faith, believe to be fraudulent or 
erroneous;
     Creation of a user-friendly process, such as an anonymous 
drop box, for effectively reporting fraudulent or erroneous conduct;
     Provisions in the policies and procedures that state that 
a failure to report fraudulent or erroneous conduct is a violation of 
the compliance program;
     Development of a simple and readily accessible procedure 
to process reports of fraudulent or erroneous conduct;
     Utilization of a process that maintains the 
confidentiality of the persons involved in the alleged fraudulent or 
erroneous conduct and the person making the allegation; and
     Provisions in the policies and procedures that there will 
be no retribution for reporting conduct that a reasonable person acting 
in good faith would have believed to be fraudulent or erroneous.
    The OIG recognizes that protecting anonymity may be infeasible for 
small physician practices. However, the OIG believes all practice 
employees, when seeking answers to questions or reporting potential 
instances of fraudulent or erroneous conduct, should know to whom to 
turn for assistance in these matters and should be able to do so 
without fear of retribution. While the physician practice should always 
strive to maintain the confidentiality of an employee's identity, it 
should also make clear that there may be a point at which the 
individual's identity may become known or may have to be revealed in 
certain instances.

F. Auditing and Monitoring

    An ongoing evaluation process is important to a successful 
compliance program. This ongoing evaluation should include not only 
whether the practice's standards and procedures are in fact current and 
accurate, but also whether or not the compliance program is effective, 
i.e., whether individuals are properly carrying out their 
responsibilities and claims are submitted appropriately.
1. Policies and Procedures
    It is recommended that the individual(s) in charge of the 
compliance program also be charged with the responsibility of 
periodically reviewing the policies and procedures to see if they are 
current and complete. If the policies and procedures are found to be 
ineffective or outdated, they should be updated to reflect changes in 
CPT codes and Government regulations.
2. Claims Submission Audit
    In addition to the policies and procedures themselves, bills and 
medical records should be reviewed for compliance with applicable 
coding, billing and documentation requirements. The people involved in 
these self-audits should include the person in charge of billing 
compliance and a medically trained person (e.g., registered nurse or 
preferably a physician (physicians can rotate in this position)). Each 
practice needs to decide for itself whether to review claims 
retrospectively or concurrently with the claims submission. In the 
Third-Party Medical Billing Compliance Program Guidance,\44\ the OIG 
recommended that a baseline, or ``snapshot,'' be used as part of the 
benchmarking analysis that would enable a practice to judge its 
progress in reducing or eliminating potential areas of vulnerability.
---------------------------------------------------------------------------

    \44\ Available on the OIG website at http://www.hhs.gov/oig.
---------------------------------------------------------------------------

    The practice's self-audits should be used to determine whether:
    1. Bills are accurately coded and accurately reflect the services 
provided;
     Services or items provided are reasonable and necessary;
     Any incentives for unnecessary services exist; and
     Medical records contain sufficient documentation to 
support the charge.
    A baseline audit should examine the claim development and 
submission process, from patient intake through claim submission and 
payment, and identify elements within this process that may contribute 
to non-compliance or that may need to be the focus for improving 
execution.\45\ This audit should establish a consistent methodology for 
selecting and examining records, and this methodology should serve as a 
basis for future audits. It should be conducted based on claims 
submitted during the initial three months after implementation of the 
education and training program so as to give the physician practice a 
benchmark against which to measure future compliance effectiveness.
---------------------------------------------------------------------------

    \45\ See Appendix D.II. referencing the Provider Self-Disclosure 
Protocol for information on how to conduct a baseline audit.
---------------------------------------------------------------------------

    Following the baseline audit, periodic audits could be conducted at 
least once each year to ensure that the compliance program is being 
followed. A randomly selected number of medical records could be 
reviewed to ensure that the coding was performed accurately. Although 
there is no set formula to how many medical records should be reviewed, 
a basic guide is two to five

[[Page 36827]]

medical records per payer, or five to ten medical records per 
physician. Of course, the larger the sample size, the greater the 
confidence in the results. If problems are identified, focused review 
should be conducted on a more frequent basis. When audit results reveal 
areas needing additional information or education of employees and 
physicians, these areas should be incorporated into the training and 
educational system.
    Periodic audits could include the following:
     A valid sample of the practice's top ten denials, or the 
practice's top ten services provided;
     Confirmation that the physician practice has been using 
specific codes, as some codes are too general for ``reasonable and 
necessary'' purposes;
     A check for data entry errors;
     Confirmation that all orders are written and signed by a 
physician;
     A check for reasonable and necessary services performed;
     Confirmation that all tests ordered by the physician(s) 
were actually performed and documented and that only those tests were 
billed; and
     A review of assignment codes and modifiers to the claims.
    One of the most important elements of a successful billing 
compliance program is appropriate action when the physician practice 
identifies a problem in its internal audit. This action should be taken 
as soon as possible, but it is recommended that the action be taken 
within 60 days from the date the problem is identified. The specific 
action a physician practice takes should depend on the circumstances of 
the situation it has identified. In some cases, the action can be as 
simple as generating a repayment to Medicare or the appropriate payer. 
Alternatively, the repayment could be effectuated through offsets to 
other billings, such as undercodings. In others, the physician practice 
may want to seek legal advice and/or consult with a coding/billing 
expert to determine the next best course of action. There is no 
boilerplate solution to how to handle problems that are identified.
    It is important that the physician practice monitor its billing 
program to ensure claims are correctly submitted. If a physician 
practice identifies, through its internal audits, what it believes is a 
potential problem, there should be sufficient confidence in the 
compliance procedures developed by the physician practice to reasonably 
believe that the problem is in fact a potential issue. Steps should be 
taken to remedy the situation immediately.
    All physician practices should create a system to address how they 
will respond to and report potential problems. In addition, preserving 
information relating to identification of the problem is as important 
as preserving information that tracks the physician practice's reaction 
to, and solution for, the issue.

G. Enforcing Standards Through Well-Publicized Disciplinary Guidelines

    An effective physician practice compliance program includes 
procedures for enforcing and disciplining individuals who violate the 
practice's compliance standards. Enforcement and disciplinary 
provisions are necessary to put teeth into a compliance program.
    A physician practice's enforcement and disciplinary mechanisms 
should ensure that violations of the practice's compliance policies 
will result in consistent and appropriate sanctions, including the 
possibility of termination, against the offending individual. At the 
same time, the practice's enforcement and disciplinary procedures 
should be flexible enough to account for mitigating or aggravating 
circumstances. The program should also stipulate that individuals who 
fail to detect or report violations of the compliance program may also 
be subject to discipline. Disciplinary actions could include: warnings 
(oral); reprimands (written); probation; demotion; temporary 
suspension; discharge of employment; restitution of damages; and 
referral for criminal prosecution. Inclusion of disciplinary guidelines 
in in-house training and procedure manuals is sufficient to meet the 
``well publicized'' standard of this element.
    Any communication resulting in the finding of non-compliant conduct 
should be documented in the compliance files by including the date of 
incident, name of the reporting party, name of the person responsible 
for taking action, and the follow-up action taken. Physician practices 
should also conduct checks to make sure all current and potential 
practice employees are not listed on the OIG or GSA lists of 
individuals excluded from participation in Federal health care or 
Government procurement programs.\46\
---------------------------------------------------------------------------

    \46\ See Footnote 37 for information on how to access these 
lists.
---------------------------------------------------------------------------

H. Responding to Detected Offenses and Developing Corrective Action 
Initiatives

    Violations of a physician practice's compliance program, 
significant failures to comply with applicable Federal or State law, 
and other types of misconduct threaten a practice's status as a 
reliable, honest, and trustworthy provider of health care. Fraudulent 
or erroneous conduct that has been detected, but not corrected, can 
seriously endanger the reputation and legal status of the practice. 
Consequently, upon receipt of reports or reasonable indications of 
suspected noncompliance, it is important that the compliance officer or 
other practice employee investigate the allegations to determine 
whether a material violation of applicable law or the requirements of 
the compliance program has occurred, and, if so, take decisive steps to 
correct the problem.\47\ As appropriate, such steps may include a 
corrective action plan,\48\ the return of any overpayments, a report to 
the Government, \49\ and/or a referral to law enforcement authorities.
---------------------------------------------------------------------------

    \47\ Instances of noncompliance must be determined on a case-by-
case basis. The existence or amount of a monetary loss to a health 
care program is not solely determinative of whether the conduct 
should be investigated and reported to governmental authorities. In 
fact, there may be instances where there is no readily identifiable 
monetary loss, but corrective actions are still necessary to protect 
the integrity of the applicable program and its beneficiaries, e.g., 
where services required by a plan of care are not provided.
    \48\ The physician practice may seek advice from its legal 
counsel to determine the extent of the practice's liability and to 
plan the appropriate course of action.
    \49\ The OIG has established a Provider Self-Disclosure Protocol 
that encourages providers to voluntarily report suspected fraud. The 
concept of voluntary self-disclosure is premised on a recognition 
that the Government alone cannot protect the integrity of the 
Medicare and other Federal health care programs. Health care 
providers must be willing to police themselves, correct underlying 
problems, and work with the Government to resolve these matters. The 
Provider Self-Disclosure Protocol can be located on the OIG's 
website at: www.hhs.gov/oig. See Appendix D for further information 
on the Provider Self-Disclosure Protocol.
---------------------------------------------------------------------------

    There are several key warning signs of when a compliance program is 
not working well, e.g., high rates of rejected and/or suspended claims 
and the placement of a practice on pre-payment review by the carrier. 
These warning signs should be followed up on immediately and the 
compliance procedures of the practice changed to prevent the problem 
from recurring.
    As previously stated, the physician practice should take 
appropriate corrective action, including prompt identification of any 
overpayment to the affected payer. A knowing and willful failure to 
disclose overpayments within a reasonable period of time could be 
interpreted as an attempt to conceal the overpayment from the 
Government, thereby establishing an independent basis for a criminal 
violation with respect to the physician practice, as well as any 
individual who may have been

[[Page 36828]]

involved.\50\ For this reason, physician practice compliance programs 
should emphasize that overpayments should be promptly disclosed and 
returned to the entity that made the erroneous payment.
---------------------------------------------------------------------------

    \50\ See 42 U.S.C. 1320a-7b(a)(3) and 18 U.S.C. 669.
---------------------------------------------------------------------------

    After an offense has been detected, a physician or group practice 
should take all reasonable steps to respond to the offense and to 
prevent similar offenses. The compliance program should provide for a 
full internal investigation of all reports of detected violations. The 
goodwill that physicians generate by developing an effective compliance 
program will quickly dissipate if the physician ignores reports of 
possible fraudulent activity.
    The compliance program procedures should include provisions to 
ensure that a violation is not compounded once discovered. The 
individuals involved in the violation should either be retrained, or, 
if appropriate, terminated. The physician practice may also prevent the 
compounding of the violation by conducting a review of all confirmed 
violations, and, if appropriate, self-reporting the violations to the 
applicable authority. This should be done within 90 days of the 
discovery of a violation.
    The physician practice should recognize that if a violation 
occurred and was not immediately detected, its compliance program may 
require modification. Physicians who detect violations should analyze 
the situation to determine whether a flaw in their compliance program 
failed to anticipate the detected problem, or whether the compliance 
program's procedures failed to prevent the violation. In any event, it 
is prudent, even absent the detection of any violations, for physician 
practices to periodically review and modify their compliance 
programs.\51\
---------------------------------------------------------------------------

    \51\ Previous OIG Compliance Program Guidance have set forth 
criteria for assessing the effectiveness of a compliance program. 
See Footnote 3 for a listing of previous Compliance Program Guidance 
and information on how to access them.
---------------------------------------------------------------------------

III. Conclusion

    Just as immunizations are given to patients to prevent them from 
becoming ill, physician practices should view the implementation of an 
effective compliance program as comparable to a form of preventive 
medicine to protect against fraudulent or erroneous conduct. This 
compliance program guidance is intended to assist physician practices 
in developing and implementing internal controls and procedures that 
promote adherence to Federal health care program and private insurance 
program requirements. By implementing an effective compliance program, 
physician practices can help prevent and reduce fraudulent or erroneous 
conduct in their practices, as well as furthering their mission to 
provide quality care to their patients.

    Dated: June 6, 2000.
Michael F. Mangano,
Principal Deputy Inspector General.

Appendix A: Additional Risk Areas

I. Reasonable and Necessary Services

A. Local Medical Review Policy

    An area of concern relating to determinations of reasonable and 
necessary services is the variation in local medical review policies 
(LMRPs) among carriers. Physicians are supposed to bill the Federal 
health care programs only for items and services that are reasonable 
and necessary. However, in order to determine whether an item or 
service is reasonable and necessary under Medicare guidelines, the 
physician must apply the appropriate LMRP.\1\
---------------------------------------------------------------------------

    \1\ HCFA has recently developed a website which, when completed 
by the end of the year 2000, will contain the LMRPs for each of the 
contractors across the country. The website can be accessed at 
http://www.lmrp.net.
---------------------------------------------------------------------------

    Physician practices are to bill the Federal health programs only 
for items and services that are covered. In order to determine if an 
item or service is covered for Medicare, physician practices must be 
knowledgeable of the LMRPs applicable to their practices 
jurisdiction. When the LMRP indicates that an item or service may 
not be covered by Medicare, the physician practice is responsible to 
convey this information to the patient so that the patient can make 
an informed decision concerning the health care services he/she may 
want to receive. Physician practices convey this information through 
Advanced Beneficiary Notices (ABNs).

B. Advanced Beneficiary Notices

    Physicians are required to provide ABNs before they provide 
services that they know or believe Medicare does not consider 
reasonable and necessary. A properly executed ABN acknowledges that 
coverage is uncertain or yet to be determined, and stipulates that 
the patient promises to pay the bill if Medicare does not. Patients 
who are not notified before they receive such services are not 
responsible for payment. The ABN must be sufficient to put the 
patient on notice of the reasons why the physician believes that the 
payment may be denied. The objective is to give the patient 
sufficient information to allow an informed choice as to whether to 
pay for the service.
    Accordingly, each ABN should:
    1. Be in writing;
    2. Identify the specific service that may be denied (procedure 
name and CPT/HCPC code is recommended);
    3. State the specific reason why the physician believes that 
service may be denied; and
    4. Be signed by the patient acknowledging that the required 
information was provided and that the patient assumes responsibility 
to pay for the service.
    The Medicare Carrier's Manual \2\ provides that an ABN will not 
be acceptable if: (1) The patient is asked to sign a blank ABN form; 
and (2) the ABN is used routinely without regard to a particularized 
need. The routine use of ABNs is generally prohibited because the 
ABN must state the specific reason the physician anticipates that 
the specific service will not be covered.
---------------------------------------------------------------------------

    \2\ The relevant manual provisions are located at MCM, Part III, 
Secs. 7300, 7320. This section of the manual also includes the 
carrier's recommended form of an ABN.
---------------------------------------------------------------------------

    A common risk area associated with ABNs is in regard to 
diagnostic tests or services. There are four steps that a physician 
practice can take to help ensure it is in compliance with the 
regulations concerning ABNs for diagnostic tests or services:
    1. Determine which tests are not covered under national coverage 
rules;
    2. Determine which tests are not covered under local coverage 
rules such as LMRPs (contact the practice's carrier to see if a 
listing has been assembled); and
    3. Determine which tests are only covered for certain diagnoses.
    The OIG is aware that the use of ABNs is an area where physician 
practices experience numerous difficulties. Practices can help to 
reduce problems in this area by educating their physicians on the 
correct use of ABNs, obtaining guidance from the carrier regarding 
their interpretation of whether an ABN is necessary where the 
service is not covered, developing a standard form for all 
diagnostic tests (most carriers have a developed model), and 
developing a process for handling patients who refuse to sign ABNs.

C. Physician Liability for Certifications in the Provision of 
Medical Equipment and Supplies and Home Health Services

    In January 1999, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG website at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.
    The OIG issued the Special Fraud Alert to reiterate to 
physicians the legal and programmatic significance of physician 
certifications made in connection with the ordering of certain items 
and services for Medicare patients. In light of information obtained 
through OIG provider audits, the OIG deemed it necessary to remind 
physicians that they may be subject to criminal, civil, and 
administrative penalties for signing a certification when they know 
that the information is false or for signing a certification with 
reckless disregard as to the truth of the information. (See Appendix 
B and Appendix C for more detailed information on the applicable 
statutes).
    Medicare has conditioned payment for many items and services on 
a certification signed by a physician attesting that the physician 
has reviewed the patient's condition and has determined that an item 
or service is reasonable and necessary. Because Medicare primarily 
relies on the professional judgment of the treating physician to 
determine the reasonable and necessary nature of a given service or 
supply, it is

[[Page 36829]]

important that physicians provide complete and accurate information 
on any certifications they sign. Physician certification is obtained 
through a variety of forms, including prescriptions, orders, and 
Certificates of Medical Necessity (CMNs). Two areas where physician 
certification as to whether an item or service is reasonable and 
necessary is essential and which can result in fraudulent or 
erroneous conduct are: (1) home health services; and (2) durable 
medical equipment.
    By signing a CMN, the physician represents that:
    1. He or she is the patient's treating physician and that the 
information regarding the physician's address and unique physician 
identification number (UPN) is correct;
    2. The entire CMN, including the sections filled out by the 
supplier, was completed prior to the physician's signature; and
    3. The information in section B relating to whether the item or 
service is reasonable and necessary is true, accurate, and complete 
to the best of the physician's knowledge.
    Activities such as signing blank CMNs, signing CMNs without 
seeing the patient to verify the item or service is reasonable and 
necessary, and signing a CMN for a service that the physician knows 
is not reasonable and necessary are activities that can lead to 
criminal, civil and administrative penalties.
    Ultimately, physicians should be sure to carefully review any 
form of certification (order, prescription or CMN) before signing it 
to verify that the information contained in the certification is 
both complete and accurate.

D. Billing for Non-Covered Services as If Covered

    In some instances, we are aware that physician practices submit 
claims for services in order to receive a denial from the carrier, 
thereby enabling the patient to submit the denied claim for payment 
to a secondary payer.
    A common question relating to this risk is: If the medical 
services provided are not covered under Medicare, but the secondary 
or supplemental insurer requires a Medicare rejection in order to 
cover the services, then would the original submission of the claim 
to Medicare be considered fraudulent? Under the applicable 
regulations, the OIG would not consider such submissions to be 
fraudulent. For example, the denial may be necessary to establish 
patient liability protections as stated in section 1879 of the 
Social Security Act (the Act) (codified at 42 U.S.C. 1395pp). As 
stated, Medicare denials may also be required so that the patient 
can seek payment from a secondary insurer. In instances where a 
claim is being submitted to Medicare for this purpose, the physician 
should indicate on the claim submission that the claim is being 
submitted for the purpose of receiving a denial, in order to bill a 
secondary insurance carrier. This step should assist carriers and 
prevent inadvertent payments to which the physician is not entitled. 
In some instances, however, the carrier pays the claim even though 
the service is non-covered, and even though the physician did not 
intend for payment to be made. When this occurs, the physician has a 
responsibility to refund the amount paid and indicate that the 
service is not covered.

II. Physician Relationships With Hospitals

A. The Physician Role in the Patient Anti-Dumping Statute

    The Patient Anti-Dumping Statute, 42 U.S.C. 1395dd, is an area 
that has been receiving increasing scrutiny. The statute is intended 
to ensure that all patients who come to the emergency department of 
a hospital receive care, regardless of their insurance or ability to 
pay. Both hospitals and physicians need to work together to ensure 
compliance with the provisions of this law.
    The statute imposes three fundamental requirements upon 
hospitals that participate in the Medicare program with regard to 
patients requesting emergency care. First, the hospital must conduct 
an appropriate medical screening examination to determine if an 
emergency medical condition exists.\3\ Second, if the hospital 
determines that an emergency medical condition exists, it must 
either provide the treatment necessary to stabilize the emergency 
medical condition or comply with the statute's requirements to 
effect a proper transfer of a patient whose condition has not been 
stabilized.\4\ A hospital is considered to have met this second 
requirement if an individual refuses the hospital's offer of 
additional examination or treatment, or refuses to consent to a 
transfer, after having been informed of the risks and benefits.\5\
---------------------------------------------------------------------------

    \3\ See 42 U.S.C. 1395dd(a).
    \4\ See 42 U.S.C. 1395dd(b)(1).
    \5\ See 42 U.S.C. 1395dd(b)(2)-(3).
---------------------------------------------------------------------------

    If an individual's emergency medical condition has not been 
stabilized, the statute's third requirement is activated. A hospital 
may not transfer an individual with an unstable emergency medical 
condition unless: (1) The individual or his or her representative 
makes a written request for transfer to another medical facility 
after being informed of the risk of transfer and the transferring 
hospital's obligation under the statute to provide additional 
examination or treatment; (2) a physician has signed a certification 
summarizing the medical risks and benefits of a transfer and 
certifying that, based upon the information available at the time of 
transfer, the medical benefits reasonably expected from the transfer 
outweigh the increased risks; or (3) if a physician is not 
physically present when the transfer decision is made, a qualified 
medical person signs the certification after the physician, in 
consultation with the qualified medical person, has made the 
determination that the benefits of transfer outweigh the increased 
risks. The physician must later countersign the certification.\6\
---------------------------------------------------------------------------

    \6\ See 42 U.S.C. 1395dd(c)(1)(A).
---------------------------------------------------------------------------

    Physician and/or hospital misconduct may result in violations of 
the statute.\7\ One area of particular concern is physician on-call 
responsibilities. Physician practices whose members serve as on-call 
emergency room physicians with hospitals should make sure they are 
familiar with the hospital's policies regarding on-call physicians. 
This can be done by reviewing the medical staff bylaws or policies 
and procedures of the hospital that must define the responsibility 
of on-call physicians to respond to, examine, and treat patients 
with emergency medical conditions. Physicians should also be aware 
that, in most cases, on-call physicians must come to the hospital to 
examine the patient when a request is made for their services. If, 
however, their offices are located in a hospital-owned facility on 
contiguous land or on the hospital campus, the patient may be seen 
in the physician's office.
---------------------------------------------------------------------------

    \7\ Hospitals and physicians, including on-call physicians, who 
violate the statute may face stiff penalties. Those penalties 
include civil fines of up to $50,000 (or not more than $25,000 in 
the case of a hospital with less than 100 beds) per violation and 
exclusion of a physician from participation in the Federal health 
care programs.
---------------------------------------------------------------------------

B. Teaching Physicians

    Special regulations apply to teaching physicians' billings. 
Regulations provide that services provided by teaching physicians in 
teaching settings are payable under the physician fee schedule only 
if the services are personally furnished by a physician who is not a 
resident or the services are furnished by a resident in the presence 
of a teaching physician.\8\
---------------------------------------------------------------------------

    \8\ 42 CFR 415.150-.190.
---------------------------------------------------------------------------

    The teaching physician must be present during the key portion of 
any service or procedure for which payment is sought.\9\ Physicians 
should ensure the following with respect to services provided in the 
teaching physician setting:\10\
---------------------------------------------------------------------------

    \9\ Id.
    \10\ This section is not intended to be and is not a complete 
reference for teaching physicians. It is strongly recommended that 
those physicians who practice in a teaching setting consult their 
respective hospitals for more guidance.
---------------------------------------------------------------------------

    1. Only services actually provided are billed;
    2. Every physician who provides or supervises the provision of 
services to a patient is responsible for the correct documentation 
of the services that were rendered;
    3. Every physician is responsible for assuring that in cases 
where the physician provides evaluation and management (E and M) 
services, a patient's medical record includes appropriate 
documentation of the applicable key components of the E and M 
services provided or supervised by the physician (e.g., patient 
history, physician examination, and medical decision making), as 
well as documentation to adequately reflect the procedure or portion 
of the services provided by the physician; and
    4. Every physician must document his or her presence during the 
key portion of any service or procedure for which payment is sought.

C. Gainsharing Arrangements and Civil Monetary Penalties for 
Hospital Payments to Physicians To Reduce or Limit Services to 
Beneficiaries

    In July 1999, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG website at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.

[[Page 36830]]

    The term ``gainsharing'' typically refers to an arrangement in 
which a hospital gives a physician a percentage share of any 
reduction in the hospital's costs for patient care attributable in 
part to the physician's efforts. The civil monetary penalty (CMP) 
that applies to gainsharing arrangements is set forth in 42 U.S.C. 
1320a-7a(b)(1). This section prohibits any hospital or critical 
access hospital from knowingly making a payment directly or 
indirectly to a physician as an inducement to reduce or limit 
services to Medicare or Medicaid beneficiaries under a physician's 
care.
    It is the OIG's position that the CMP law clearly prohibits any 
gainsharing arrangements that involve payments by or on behalf of a 
hospital to physicians with clinical care responsibilities, directly 
or indirectly, to induce a reduction or limitation of services to 
Medicare or Medicaid patients. However, hospitals and physicians are 
not prohibited from working together to reduce unnecessary hospital 
costs through other arrangements. For example, hospitals and 
physicians may enter into personal services contracts where 
hospitals pay physicians based on a fixed fee at fair market value 
for services rendered to reduce costs rather than a fee based on a 
share of cost savings.

III. Physician Billing Practices

A. Third-Party Billing Services

    Physicians should remember that they remain responsible to the 
Medicare program for bills sent in the physician's name or 
containing the physician's signature, even if the physician had no 
actual knowledge of a billing impropriety. The attestation on the 
HCFA 1500 form, i.e., the physician's signature line, states that 
the physician's services were billed properly. In other words, it is 
no defense for the physician if the physician's billing service 
improperly bills Medicare.
    One of the most common risk areas involving billing services 
deals with physician practices contracting with billing services on 
a percentage basis. Although percentage based billing arrangements 
are not illegal per se, the Office of Inspector General has a 
longstanding concern that such arrangements may increase the risk of 
intentional upcoding and similar abusive billing practices.\11\
---------------------------------------------------------------------------

    \11\ This concern is noted in Advisory Opinion No. 98-4 and also 
the Office of Inspector General Compliance Program Guidance for 
Third-Party Medical Billing Companies. Both are available on the OIG 
website at http://www.hhs.gov/oig.
---------------------------------------------------------------------------

    A physician may contract with a billing service on a percentage 
basis. However, the billing service cannot directly receive Medicare 
payments made to the physician. Under 42 U.S.C. 1395u(b)(6), 
Medicare payments can only be made to either the beneficiary or a 
party (such as a physician) that furnished the services and accepted 
assignment of the beneficiary's claim. A billing service that 
contracts on a percentage basis does not qualify as a party that 
furnished services to a beneficiary, thus a billing service cannot 
directly receive Medicare payments. According to the Medicare 
Carriers Manual Sec. 3060(A), a payment is considered to be made 
directly to the billing service if the service can convert the 
payment to its own use and control without the payment first passing 
through the control of the physician. For example, the billing 
service cannot bill the claims under its own name or tax 
identification number. The billing service must bill claims under 
the physician's name and tax identification number. Nor can a 
billing service have the Medicare payments sent directly to its 
office or its bank account. The Medicare payments should instead be 
sent to the physician's office or bank account.
    Physician practices should review the third-party medical 
billing guidance for additional information on third-party billing 
companies and the compliance risk areas associated with billing 
companies.

B. Billing Practices by Non-Participating Physicians

    Even though nonparticipating physicians do not accept payment 
directly from the Medicare program, there are a number of laws that 
apply to the billing of Medicare beneficiaries by non-participating 
physicians.

Limiting Charges

    42 U.S.C. 1395w-4(g) prohibits a nonparticipating physician from 
knowingly and willfully billing or collecting on a repeated basis an 
actual charge for a service that is in excess of the Medicare 
limiting charge. For example, a nonparticipating physician may not 
bill a Medicare beneficiary $50 for an office visit when the 
Medicare limiting charge for the visit is $25. Additionally, there 
are numerous provisions that prohibit nonparticipating physicians 
from knowingly and willfully charging patients in excess of the 
statutory charge limitations for certain specified procedures, such 
as cataract surgery, mammography screening, and coronary artery 
bypass surgery. Physicians who fail to comply with these sections 
may be fined up to $10,000 per violation or be excluded from 
participation in Federal health care programs for up to five years.

Refund of Excess Charges

    42 U.S.C. 1395w-4(g) mandates that if a nonparticipating 
physician collects an actual charge for a service that is in excess 
of the limiting charge, the physician must refund the amount 
collected above the limiting charge to the individual within 30 days 
notice of the violation. For example, if a physician collected $50 
from a Medicare beneficiary for an office visit, but the limiting 
charge for the visit was $25, the physician must refund $25 to the 
beneficiary, which is the difference between the amount collected 
($50) and the limiting charge ($25). Physicians who fail to comply 
may be fined up to $10,000 per violation or be excluded from 
participation in Federal health care programs for up to 5 years.
    42 U.S.C. 1395u(l)(A)(iii) mandates that a nonparticipating 
physician must refund payments received from a Medicare beneficiary 
if it is later determined by a Peer Review Organization or a 
Medicare carrier that the services were not reasonable and 
necessary. Physicians who fail to refund the payments may be fined 
up to $10,000 per violation or be excluded from participation in 
Federal health care programs for up to 5 years.

C. Professional Courtesy

    The term ``professional courtesy'' is used to describe a number 
of analytically different practices. The traditional definition is 
the practice by a physician of waiving all, or a part, of the fee 
for services provided to the physician's office staff, other 
physicians, and/or their families. In recent times, ``professional 
courtesy'' has come to also mean the waiver of coinsurance 
obligations or other out-of-pocket expenses for physicians or their 
families (i.e., ``insurance only'' billing), and similar payment 
arrangements by hospitals or other institutions for services 
provided to their medical staffs or employees. While only the first 
of these practices is truly ``professional courtesy,'' in the 
interests of clarity and completeness, we will address all three.
    In general, whether a professional courtesy arrangement runs 
afoul of the fraud and abuse laws is determined by two factors: (i) 
how the recipients of the professional courtesy are selected; and 
(ii) how the professional courtesy is extended. If recipients are 
selected in a manner that directly or indirectly takes into account 
their ability to affect past or future referrals, the anti-kickback 
statute--which prohibits giving anything of value to generate 
Federal health care program business--may be implicated. If the 
professional courtesy is extended through a waiver of copayment 
obligations (i.e., ``insurance only'' billing), other statutes may 
be implicated, including the prohibition of inducements to 
beneficiaries, section 1128A(a)(5) of the Act (codified at 42 U.S.C. 
1320a-7a(a)(5)). Claims submitted as a result of either practice may 
also implicate the civil False Claims Act.
    The following are general observations about professional 
courtesy arrangements that physician practices should consider:
     A physician's regular and consistent practice of 
extending professional courtesy by waiving the entire fee for 
services rendered to a group of persons (including employees, 
physicians, and/or their family members) may not implicate any of 
the OIG's fraud and abuse authorities so long as membership in the 
group receiving the courtesy is determined in a manner that does not 
take into account directly or indirectly any group member's ability 
to refer to, or otherwise generate Federal health care program 
business for, the physician.
     A non-referring physician's regular and consistent 
practice of extending professional courtesy by waiving otherwise 
applicable copayments for services rendered to physicians, referring 
and non-referring alike, their employees and family members, would 
not implicate the anti-kickback statute so long as membership in the 
group is determined in a manner that does not take into account 
directly or indirectly any group member's ability to refer to, or 
otherwise generate Federal health care program business for, the 
physician.
     Any waiver of copayment practice, including that 
described in the preceding bullet, does implicate section 
1128A(a)(5) of

[[Page 36831]]

the Act if the patient for whom the copayment is waived is a Federal 
health care program beneficiary who is not financially needy.
    The legality of particular professional courtesy arrangements 
will turn on the specific facts presented, and, with respect to the 
anti-kickback statute, on the specific intent of the parties. 
Physicians who are concerned that their particular practices may run 
afoul of the Federal fraud and abuse laws may request an OIG 
advisory opinion pursuant to regulations at 42 CFR Part 1008 (See 
Appendix D for further detail), except for matters pertaining to the 
physician self-referral law, which are addressed by HCFA.

IV. Other Risk Areas

A. Rental of Space in Physician Offices by Persons or Entities to 
Which Physicians Refer

    In February 2000, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG website at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.
    Among various relationships between physicians and labs, 
hospitals, home health agencies, etc., the OIG has identified 
potentially illegal practices involving the rental of space in a 
physician's office by suppliers that provide items or services to 
patients who are referred or sent to the supplier by the physician-
landlord. An example of a suspect arrangement is the rental of 
physician office space by a durable medical equipment (DME) supplier 
in a position to benefit from referrals of the physician's patients. 
The OIG is concerned that in such arrangements the rental payments 
may be disguised kickbacks to the physician-landlord to induce 
referrals.

Space Rental Safe Harbor to the Anti-Kickback Statute

    To avoid potentially violating the anti-kickback Statute, the 
OIG recommends that rental agreements should comply with all of the 
following criteria for the space rental safe harbor:
     The agreement is set out in writing and signed by the 
parties.
     The agreement covers all of the space rented by the 
parties for the term of the agreement and specifies the space 
covered by the agreement.
     If the agreement is intended to provide the lessee with 
access to the space for periodic intervals of time rather than on a 
full-time basis for the term of the rental agreement, the rental 
agreement specifies exactly the schedule of such intervals, the 
precise length of each interval, and the exact rent for each 
interval.
     The term of the rental agreement is for not less than 
one year.
     The aggregate rental charge is set in advance, is 
consistent with fair market value, and is not determined in a manner 
that takes into account the volume or value of any referrals or 
business otherwise generated between the parties for which payment 
may be made in whole or in part under Medicare or a State health 
care program.
     The aggregate space rented does not exceed that which 
is reasonably necessary to accomplish the commercially reasonable 
business purpose of the rental.

B. Unlawful Advertising

    42 U.S.C. 1320b-10 makes it unlawful for any person to advertise 
using the names, abbreviations, symbols, or emblems of the Social 
Security Administration, Health Care Financing Administration, 
Department of Health and Human Services, Medicare, Medicaid or any 
combination or variation of such words, abbreviations, symbols or 
emblems in a manner that such person knows or should know would 
convey the false impression that the advertised item is endorsed by 
the named entities. For instance, a physician may not place an ad in 
the newspaper that reads ``Dr. X is a cardiologist approved by both 
the Medicare and Medicaid programs.'' A violation of this section 
may result in a penalty of up to $5,000 ($25,000 in the case of a 
broadcast or telecast) for each violation.

Appendix B: Criminal Statutes

    This Appendix contains a description of criminal statutes 
related to fraud and abuse in the context of health care. The 
Appendix is not intended to be a compilation of all Federal statutes 
related to health care fraud and abuse. It is merely a summary of 
some of the more frequently cited Federal statutes.

I. Health Care Fraud (18 U.S.C. 1347)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully execute (or attempt to 
execute) a scheme to defraud any health care benefit program, or to 
obtain money or property from a health care benefit program through 
false representations. Note that this law applies not only to 
Federal health care programs, but to most other types of health care 
benefit programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of fines, imprisonment of 
up to 10 years, or both. If the violation results in serious bodily 
injury, the prison term may be increased to a maximum of 20 years. 
If the violation results in death, the prison term may be expanded 
to include any number of years, or life imprisonment.

Examples

    1. Dr. X, a chiropractor, intentionally billed Medicare for 
physical therapy and chiropractic treatments that he knew were never 
rendered.
    2. Dr. X, a psychiatrist, billed Medicare, Medicaid, CHAMPUS, 
and private insurers for psychiatric services that were provided by 
his nurses rather than himself.

II. Theft or Embezzlement in Connection With Health Care (18 U.S.C. 
669)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully embezzle, steal or 
intentionally misapply any of the assets of a health care benefit 
program. Note that this law applies not only to Federal health care 
programs, but to most other types of health care benefit programs as 
well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 10 years, or both. If the value of the asset is $100 or 
less, the penalty is a fine, imprisonment of up to a year, or both.

Example

    An office manager for Dr. X knowingly embezzles money from the 
bank account for Dr. X's practice. The bank account includes 
reimbursement received from the Medicare program; thus, intentional 
embezzlement of funds from this account is a violation of the law.

III. False Statements Relating to Health Care Matters (18 U.S.C. 1035)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully falsify or conceal a 
material fact, or make any materially false statement or use any 
materially false writing or document in connection with the delivery 
of or payment for health care benefits, items or services. Note that 
this law applies not only to Federal health care programs, but to 
most other types of health care benefit programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Example

    Dr. X certified on a claim form that he performed laser surgery 
on a Medicare beneficiary when he knew that the surgery was not 
actually performed on the patient.

IV. Obstruction of Criminal Investigations of Health Care Offenses (18 
U.S.C. 1518)

Description of Unlawful Conduct

    It is a crime to willfully prevent, obstruct, mislead, delay or 
attempt to prevent, obstruct, mislead, or delay the communication of 
records relating to a Federal health care offense to a criminal 
investigator. Note that this law applies not only to Federal health 
care programs, but to most other types of health care benefit 
programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Examples

    1. Dr. X instructs his employees to tell OIG investigators that 
Dr. X personally performs all treatments when, in fact, medical 
technicians do the majority of the treatment and Dr. X is rarely 
present in the office.
    2. Dr. X was under investigation by the FBI for reported 
fraudulent billings. Dr. X altered patient records in an attempt to 
cover up the improprieties.

V. Mail and Wire Fraud (18 U.S.C. 1341, 1343)

Description of Unlawful Conduct

    It is a crime to use the mail, private courier, or wire service 
to conduct a scheme to defraud another of money or property. The 
term ``wire services'' includes the use of a telephone, fax machine 
or computer. Each use of a mail or wire service to further 
fraudulent activities is considered a separate

[[Page 36832]]

crime. For instance, each fraudulent claim that is submitted 
electronically to a carrier would be considered a separate violation 
of the law.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Examples

    1. Dr. X electronically submits claims to the Medicare fiscal 
intermediary via his computer for office visits that he did not 
actually provide to Medicare beneficiaries.
    2. Dr. X, a neurologist, knowingly submitted claims for tests 
that were not reasonable and necessary and intentionally upcoded 
office visits and Electromyograms to Medicare.

VI. Criminal Penalties for Acts Involving Federal Health Care Programs 
(42 U.S.C. 1320a-7b)

Description of Unlawful Conduct

False Statements and Representations

    It is a crime to knowingly and willfully:
     Make, or cause to be made, false statements or 
representations in applying or benefits or payments under all 
Federal health care programs;
     Make, or cause to be made, any false statement or 
representation for use in determining rights to such benefit or 
payment;
     Conceal any event affecting an individual's initial or 
continued right to receive a benefit or payment with the intent to 
fraudulently receive the benefit or payment either in an amount or 
quantity greater than that which is due or authorized;
     Convert a benefit or payment to a use other than for 
the use and benefit of the person for whom it was intended;
     Present, or cause to be presented, a claim for a 
physician's service when the service was not furnished by a licensed 
physician;
     For a fee, counsel an individual to dispose of assets 
in order to become eligible for medical assistance under a State 
health program, if disposing of the assets results in the imposition 
of an ineligibility period for the individual.

Anti-Kickback Statute

    It is a crime to knowingly and willfully solicit, receive, 
offer, or pay remuneration of any kind (e.g., money, goods, 
services):
     For the referral of an individual to another for the 
purpose of supplying items or services that are covered by a Federal 
health care program; or
     For purchasing, leasing, ordering, or arranging for any 
good, facility, service, or item that is covered by a Federal health 
care program.
    There are a number of limited exceptions to the law, also known 
as ``safe harbors,'' which provide immunity from criminal 
prosecution and which are described in greater detail in the statute 
and related regulations (found at 42 CFR 1001.952 and at 
www.hhs.gov/oig/ak/index.htm#OIG Safe Harbor Regulations). Current 
safe harbors include:
     Investment interests;
     Space rental;
     Equipment rental;
     Personal services and management contracts;
     Sale of practice;
     Referral services;
     Warranties;
     Discounts;
     Employment relationships;
     Waiver of Part A co-insurance and deductible amounts;
     Group purchasing organizations;
     Increased coverage or reduced cost sharing under a 
risk-basis or prepaid plan; and
     Charge reduction agreements with health plans.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine of up to 
$25,000, imprisonment of up to 5 years, or both. In addition, the 
provider can be excluded from participation in Federal health care 
programs. The regulations defining the aggravating and mitigating 
circumstances that must be reviewed by the OIG in making an 
exclusion determination are set forth in 42 CFR Part 1001.

Examples

    1. Dr. X accepted payments to sign Certificates of Medical 
Necessity for durable medical equipment for patients she never 
examined.
    2. Home Health Agency disguises referral fees as salaries by 
paying referring physician Dr. X for services Dr. X never rendered 
to Medicare beneficiaries or by paying Dr. X a sum in excess of fair 
market value for the services he rendered to Medicare beneficiaries.

Appendix C: Civil and Administrative Statutes

    This Appendix contains a description of civil and administrative 
statutes related to fraud and abuse in the context of health care. 
The Appendix is not intended to be a compilation of all Federal 
statutes related to health care fraud and abuse. It is merely a 
summary of some of the more frequently cited Federal statutes.

I. The False Claims Act (31 U.S.C. 3729-3733)

Description of Unlawful Conduct

    This is the law most often used to bring a case against a health 
care provider for the submission of false claims to a Federal health 
care program. The False Claims Act prohibits knowingly presenting 
(or causing to be presented) to the Federal Government a false or 
fraudulent claim for payment or approval. Additionally, it prohibits 
knowingly making or using (or causing to be made or used) a false 
record or statement to get a false or fraudulent claim paid or 
approved by the Federal Government or it agents, like a carrier, 
other claims processor, or state Medicaid program.

Definitions

    False Claim--A false claim is a claim for payment for services 
or supplies that were not provided specifically as presented or for 
which the provider is otherwise not entitled to payment. Examples of 
false claims for services or supplies that were not provided 
specifically as presented include, but are not limited to:
     A claim for a service or supply that was never 
provided.
     A claim indicating the service was provided for some 
diagnosis code other than the true diagnosis code in order to obtain 
reimbursement for the service (which would not be covered if the 
true diagnosis code were submitted).
     A claim indicating a higher level of service than was 
actually provided.
     A claim for a service that the provider knows is not 
reasonable and necessary.
     A claim for services provided by an unlicensed 
individual.
    Knowingly--To ``knowingly'' present a false or fraudulent claim 
means that the provider: (1) has actual knowledge that the 
information on the claim is false; (2) acts in deliberate ignorance 
of the truth or falsity of the information on the claim; or (3) acts 
in reckless disregard of the truth or falsity of the information on 
the claim. It is important to note the provider does not have to 
deliberately intend to defraud the Federal Government in order to be 
found liable under this Act. The provider need only ``knowingly'' 
present a false or fraudulent claim in the manner described above.
    Deliberate Ignorance--To act in ``deliberate ignorance'' means 
that the provider has deliberately chosen to ignore the truth or 
falsity of the information on a claim submitted for payment, even 
though the provider knows, or has notice, that information may be 
false. An example of a provider who submits a false claim with 
deliberate ignorance would be a physician who ignores provider 
update bulletins and thus does not inform his/her staff of changes 
in the Medicare billing guidelines or update his/her billing system 
in accordance with changes to Medicare billing practices. When 
claims for non-reimbursable services are submitted as a result, the 
False Claims Act has been violated.
    Reckless Disregard--To act in ``reckless disregard'' means that 
the provider pays no regard to whether the information on a claim 
submitted for payment is true or false. An example of a provider who 
submits a false claim with reckless disregard would be a physician 
who assigns the billing function to an untrained office person 
without inquiring whether the employee has the requisite knowledge 
and training to accurately file such claims.

Penalty for Unlawful Conduct

    The penalty for violating the False Claims Act is a minimum of 
$5,000 up to a maximum of $10,000 for each false claim submitted. In 
addition to the penalty, a provider could be found liable for up to 
three times the amount unlawfully claimed.

Examples

     A physician and his oncology clinic knowingly submitted 
improper claims to Medicare and Medicaid for services rendered at 
the clinic by nonphysicians without a physician's supervision or 
attendance.

[[Page 36833]]

     Dr. X intentionally upcoded office visits and 
angioplasty consultations that were submitted for payment to 
Medicare.
     Dr. X, a podiatrist, knowingly submitted claims to the 
Medicare and Medicaid programs for non-routine surgical procedures 
when he actually performed routine, non-covered services such as the 
cutting and trimming of toenails and the removal of corns and 
calluses.

II. Civil Monetary Penalties Law (42 U.S.C. 1320a-7a)

Description of Unlawful Conduct

    The Civil Monetary Penalties Law (CMPL) is a comprehensive 
statute that covers an array of fraudulent and abusive activities 
and is very similar to the False Claims Act. For instance, the CMPL 
prohibits a health care provider from presenting, or causing to be 
presented, claims for services that the provider ``knows or should 
know'' were:
     Not provided as indicated by the coding on the claim;
     Not reasonable or necessary;
     Furnished by a person who is not licensed as a 
physician (or who was not properly supervised by a licensed 
physician);
     Furnished by a licensed physician who obtained his or 
her license through misrepresentation of a material fact (such as 
cheating on a licensing exam);
     Furnished by a physician who was not certified in the 
medical specialty that he or she claimed to be certified in; or
     Furnished by a physician who was excluded from 
participation in the Federal health care program to which the claim 
was submitted.
    Additionally, the CMPL contains various other prohibitions, 
including:
     Offering remuneration to a Medicare or Medicaid 
beneficiary that the person knows or should know is likely to 
influence the beneficiary to obtain items or services billed to 
Medicare or Medicaid from a particular provider; and
     Employing or contracting with an individual or entity 
that the person knows or should know is excluded from participation 
in a Federal health care program.
    The term ``should know'' means that a provider: (1) Acted in 
deliberate ignorance of the truth or falsity of the information; or 
(2) acted in reckless disregard of the truth or falsity of the 
information. The Federal Government does not have to show that a 
provider specifically intended to defraud a Federal health care 
program in order to prove a provider violated the statute.

Penalty for Unlawful Conduct

    Violation of the CMPL may result in a penalty of up to $10,000 
per item or service and up to three times the amount unlawfully 
claimed. In addition, the provider may be excluded from 
participation in Federal health care programs. The regulations 
defining the aggravating and mitigating circumstances that must be 
reviewed by the OIG in making an exclusion determination are set 
forth in 42 CFR Part 1003.

Examples

    1. Dr. X paid Medicare and Medicaid beneficiaries $20 each time 
they visited him to receive services and have tests performed that 
were not preventive care services and tests.
    2. Dr. X hired Physician Assistant P to provide services to 
Medicare and Medicaid beneficiaries without conducting a background 
check on P. Had Dr. X performed a background check by reviewing the 
HHS-OIG List of Excluded Individuals/Entities, Dr. X. would have 
discovered that he should not hire P because P is excluded for a 
period of 5 years from participation in Federal health care 
programs.
    3. Dr. X and his oximetry company billed Medicare for pulse 
oximetry that they knew they did not perform and services that had 
been intentionally upcoded.

III. Limitations on Certain Physician Referrals (``Stark Laws'') (42 
U.S.C. 1395nn)

Description of Unlawful Conduct

    Physicians (and immediate family members) who have an ownership, 
investment or compensation relationship with an entity providing 
``designated health services'' are prohibited from referring 
patients for these services where payment may be made by a Federal 
health care program unless a statutory or regulatory exception 
applies. An entity providing a designated health service is 
prohibited from billing for the provision of a service that was 
provided based on a prohibited referral. Designated health services 
include: clinical laboratory services; physical therapy services; 
occupational therapy services; radiology services, including 
magnetic resonance imaging, axial tomography scans, and ultrasound 
services; radiation therapy services and supplies; durable medical 
equipment and supplies; parenteral and enteral nutrients, equipment 
and supplies; prosthetics, orthotics, prosthetic devices and 
supplies; home health services; outpatient prescription drugs; and 
inpatient and outpatient hospital services.
    New regulations clarifying the exceptions to the Stark Laws are 
expected to be issued by HCFA during the summer of 2000. Current 
exceptions articulated within the Stark Laws include the following, 
provided all conditions of each exception as set forth in the 
statute and regulations are satisfied.

Exceptions for Ownership or Compensation Arrangements
    1. Physician's services;
    2. In-office ancillary services; and
    3. Prepaid plans.

Exceptions for Ownership or Investment in Publicly Traded Securities 
and Mutual Funds
    1. Ownership of investment securities which may be purchased on 
terms generally available to the public;
    2. Ownership of shares in a regulated investment company as 
defined by Federal law, if such company had, at the end of the 
company's most recent fiscal year, or on average, during the 
previous 3 fiscal years, total assets exceeding $75,000,000;
    3. Hospital in Puerto Rico;
    4. Rural provider; and
    5. Hospital ownership (whole hospital exception).
Exceptions Relating to Other Compensation Arrangements
    1. Rental of office space and rental of equipment;
    2. Bona fide employment relationship;
    3. Personal service arrangement;
    4. Remuneration unrelated to the provision of designated health 
services;
    5. Physician recruitment;
    6. Isolated transactions;
    7. Certain group practice arrangements with a hospital (pre-
1989); and
    8. Payments by a physician for items and services

Penalty for Unlawful Conduct

    Violations of the statute subject the billing entity to denial 
of payment for the designated health services, refund of amounts 
collected from improperly submitted claims, and a civil monetary 
penalty of up to $15,000 for each improper claim submitted. 
Physicians who violate the statute may also be subject to additional 
fines per prohibited referral. In addition, providers that enter 
into an arrangement that they know or should know circumvents the 
referral restriction law may be subject to a CMP of up to $100,000 
per arrangement.

Examples

    1. Dr. A worked in a medical clinic located in a major city. She 
also owned a free standing laboratory located in a major city. Dr. A 
referred all orders for laboratory tests on her patients to the 
laboratory she owned.
    2. Dr. X agreed to serve as the Medical Director of Home Health 
Agency, HHA for which he was paid a sum substantially above the fair 
market value for his services. In return, Dr. X routinely referred 
his Medicare and Medicaid patients to HHA for home health services.
    3. Dr. Y received a monthly stipend of $500 from a local 
hospital to assist him in meeting practice expenses. Dr. Y performed 
no specific service for the stipend and had no obligation to repay 
the hospital. Dr. Y referred patients to the hospital for in-patient 
surgery.

IV. Exclusion of Certain Individuals and Entities From Participation in 
Medicare and Other Federal Health Care Programs (42 U.S.C. Sec. 1320a-
7)

Mandatory Exclusion

    Individuals or entities convicted of the following conduct must 
be excluded from participation in Medicare and Medicaid for a 
minimum of five years:
     A criminal offense related to the delivery of an item 
or service under Medicare or Medicaid;
     A conviction under Federal or State law of a criminal 
offense relating to the neglect or abuse of a patient;
     A conviction under Federal or State law of a felony 
relating to fraud, theft, embezzlement, breach of fiduciary 
responsibility or other financial misconduct against a health care 
program financed by any Federal, State, or local government agency; 
or
     A conviction under Federal or State law of a felony 
relating to unlawful manufacture, distribution, prescription, or 
dispensing of a controlled substance.

[[Page 36834]]

    If there is one prior conviction, the exclusion will be for 10 
years. If there are two prior convictions, the exclusion will be 
permanent.

Permissive Exclusion

    Individuals or entities may be excluded from participation in 
Federal health care programs for a minimum of 3 years if they meet 
any of the following criteria:
     A criminal offense related to the delivery of an item 
or service under Medicare or Medicaid;
     A misdemeanor related to fraud, theft, embezzlement, 
breach of fiduciary responsibility or other financial misconduct 
against a health care program financed by any Federal, State, or 
local government agency;
     Interference with, or obstruction of, any investigation 
into certain criminal offenses;
     A misdemeanor related to the unlawful manufacture, 
distribution, prescription or dispensing of a controlled substance;
     Exclusion or suspension under a Federal or State health 
care program;
     Submission of claims for excessive charges, unnecessary 
services or services that were of a quality which fails to meet 
professionally recognized standards of health care;
     Violating the CMP law or the statute entitled 
``Criminal Penalties for Acts Involving Federal Health Care 
Programs'';
     Ownership or control of an entity by a sanctioned 
individual or immediate family member (spouse, natural or adoptive 
parent, child, sibling, stepparent, stepchild, stepbrother or 
stepsister, in-laws, grandparent and grandchild);
     Failure to disclose information required by law;
     Failure to supply claims payment information; and
     Defaulting on health education loan or scholarship 
obligations.
    The above list is not all inclusive. Additional grounds for 
permissive exclusion are detailed in the statute.

Examples

    1. Nurse R was excluded based on a conviction involving 
obtaining dangerous drugs by forgery. She also altered prescriptions 
that were given for her own health problems before she presented 
them to the pharmacist to be filled.
    2. Practice T was excluded due to its affiliation with its 
excluded owner. The practice owner, excluded from participation in 
the Federal health care programs for soliciting and receiving 
illegal kickbacks, was still participating in the day-to-day 
operations of the practice after his exclusion was effective.

Appendix D: OIG-HHS Contact Information

I. OIG Hotline Number

    One method for providers to report potential fraud, waste, and 
abuse problems is to contact the OIG Hotline number. All HHS and 
contractor employees have a responsibility to assist in combating 
fraud, waste and abuse in all departmental programs. As such, 
providers are encouraged to report matters involving fraud, waste 
and mismanagement in any departmental program to the OIG. The OIG 
maintains a hotline that offers a confidential means for reporting 
these matters.

Contacting the OIG Hotline
    By Phone: 1-800-HHS-TIPS (1-800-447-8477)
    By E-Mail: [email protected]
    By Mail: Office of Inspector General
    Department of Health and Human Services
    Attn: HOTLINE,
    330 Independence Ave., S.W.,
    Washington, D.C. 20201
    When contacting the Hotline, please provide the following 
information to the best of your ability:
 Type of Complaint:
    Medicare Part A
    Medicare Part B
    Indian Health Service
    TRICARE
    Other (please specify)

 HHS Department or program being affected by your allegation 
of fraud, waste, abuse/mismanagement:
    Health Care Financing Administration (HCFA)
    Indian Health Service
    Other (please specify)

Please provide the following information. (However, if you would 
like your referral to be submitted anonymously, please indicate such 
in your correspondence or phone call.)
    Your Name
    Your Street Address
    Your City/County
    Your State
    Your Zip Code
    Your email Address

 Subject/Person/Business/Department that allegation is 
against.
    Name of Subject
    Title of Subject
    Subject's Street Address
    Subject's City/County
    Subject's State
    Subject's Zip Code

 Please provide a brief summary of your allegation and the 
relevant facts.

II. Provider Self-Disclosure Protocol

    The recommended method for a provider to contact the OIG 
regarding potential fraud or abuse issues that may exist in the 
provider's own organization is through the use of the Provider Self-
Disclosure Protocol. This program encourages providers to 
voluntarily disclose irregularities in their dealings with Federal 
health care programs. While voluntary disclosure under the protocol 
does not guarantee a provider protection from civil, criminal or 
administrative actions, the fact that a provider voluntarily 
disclosed possible wrongdoing is a mitigating factor in OIG's 
recommendations to prosecuting agencies. Self-reporting offers 
providers the opportunity to minimize the potential cost and 
disruption of a full-scale audit and investigation, to negotiate a 
fair monetary settlement, and to avoid an OIG permissive exclusion 
preventing the provider from doing business with Federal health care 
programs. In addition, if the provider is obligated to enter into an 
Integrity Agreement (IA) as part of the resolution of a voluntary 
disclosure, there are three benefits the provider might receive as a 
result of self-reporting:
     If the provider has an effective compliance program and 
agrees to maintain its compliance program as part of the False 
Claims Act settlement, the OIG may not even require an IA;
     In cases where the provider's own audits detected the 
disclosed problem, the OIG may consider alternatives to the IA's 
auditing provisions. The provider may be able to perform some or all 
of its billing audits through internal auditing methods rather than 
be required to retain an independent review organization to perform 
the billing review; and
     Self-disclosing can help to demonstrate a provider's 
trustworthiness to the OIG and may result in the OIG determining 
that they can sufficiently safeguard the Federal health care 
programs through an IA without the exclusion remedy for a material 
breach, which is typically included in an IA.
    Specific instructions on how to submit a voluntary disclosure 
under the Provider Self-Disclosure Protocol can be found on the 
OIG's internet site at www.hhs.gov/oig or in the Federal Register at 
63 FR 58399.
    The Provider Self-Disclosure Protocol can also be a useful tool 
for conducting baseline audits. The protocol details the OIG's views 
on the appropriate elements of an effective investigative and audit 
plan for providers. Physician practices can use the self-disclosure 
protocol as a model for conducting audits and self-assessments.
    In relying on the protocol for audit design and sample 
selection, a physician practice should pay close attention to the 
sections on self-assessment and sample selection. These two sections 
provide valuable guidance regarding how these two functions should 
be performed.
    The self-assessment section of the protocol contains information 
that can be applied to audit design. Self-assessment is an internal 
financial assessment to determine the monetary impact of the matter. 
The approach of a review can include reviewing either all claims 
affected or a statistically valid sample of the claims.
    Sample selection must include several elements. These elements 
are drawn from the Government sampling program known as RAT-
STATS.\1\ All of these elements are set forth in more detail in the 
Provider Self-Disclosure Protocol, but the elements include: (1) 
Sampling unit, (2) sampling frame, (3) probe sample, (4) sample 
size, (5) random numbers, (6) sample design and (7) missing sample 
items. All of these sampling elements should be clearly documented 
by the physician practice and compiled in the format set forth in 
the Provider Self-Disclosure Protocol. Use of the format set forth 
in the Provider Self-Disclosure Protocol will help physician 
practices to ensure that the elements of their internal audits are 
in conformance with OIG standards.
---------------------------------------------------------------------------

    \1\ Available through the OIG website at http://www.hhs.gov/oas/ratstat.html.

---------------------------------------------------------------------------

[[Page 36835]]

III. Advisory Opinion Requests

    Health care professionals or others may request an advisory 
opinion from OIG on the following issues:
     What constitutes prohibited ``remuneration'' or payment 
under the anti-kickback statute;
     Whether the arrangement or proposed arrangement fits 
into a safe harbor to the anti-kickback statute;
     What constitutes an inducement to reduce or limit 
services to Medicare/Medicaid beneficiaries; and
     Whether any activity or proposed activity constitutes 
grounds for the imposition of fraud and abuse sanctions.
    The OIG issues Advisory Opinions on specific existing or 
proposed arrangements in which the requesting party is engaged or in 
good faith intends to engage; the OIG does not issue Advisory 
Opinions on hypothetical arrangements. Advisory Opinions will not be 
issued on questions of fair market value or whether an individual is 
a bona fide employee. Advisory Opinions will be binding only on the 
requesting party and the OIG. Failure to seek an Advisory Opinion is 
not admissible as evidence of intent to violate the law.
    Procedures for requesting an Advisory Opinion are available on 
the OIG website at www.hhs.gov/oig or at 42 CFR 1008.1 through 
1008.59.

Appendix E: Carrier Contract Information

Medicare

    A complete list of contact information (address, phone number, 
email address) for Medicare Part A Fiscal Intermediaries, Medicare 
Part B Carriers, Regional Home Health Intermediaries, and Durable 
Medical Equipment Regional Carriers can be found on the HCFA website 
at www.hcfa.gov/medicare/incardir.htm.

Medicaid

    Contact information (address, phone number, email address) for 
each state Medicaid carrier can be found on the HCFA website at 
www.hcfa.gov/medicaid/mcontact.htm. In addition to a list of 
Medicaid carriers, the website includes contact information for each 
State survey agency and the HCFA Regional Offices.
    Contact information for each state Medicaid Fraud Control Unit 
can be found on the OIG website at www.hhs.gov/oig/oi/mfcu/index.htm.

Appendix F: Internet Resources

Office of Inspector General--U.S. Department of Health and Human 
Services (www.hhs.gov/oig)

    This website includes a variety of information relating to 
Federal health care programs, including the following:

Advisory Opinions
Anti-Kickback Information
Compliance Program Guidance
Corporate Integrity Agreements
Fraud Alerts
Links to web pages for the:
    Office of Audit Services (OAS)
    Office of Evaluation and Inspections (OEI)
    Office of Investigations (OI)
OIG List of Excluded Individuals/Entities
OIG News
OIG Regulations
OIG Semi-Annual Report
OIG Workplan

Health Care Financing Administration (www.hcfa.gov)

    This website includes information on a wide array of topics, 
including the following:

Medicare
    National Correct Coding Initiative
    Intermediary-Carrier Directory
    Payment
    Program Manuals
    Program Transmittals & Memorandum
    Provider Billing/HCFA Forms
    Statistics and Data

Medicaid
    HCFA Regional Offices
    Letters to State Medicaid Directors
    Medicaid Hotline Numbers
    Policy & Program Information
    State Medicaid Contacts
    State Medicaid Manual
    State Survey Agencies
    Statistics and Data

HCFA Medicare Training (www.medicaretraining.com)

    This site provides computer-based training on the following 
topics:

HCFA 1500 Form
Fraud & Abuse
ICD-9-CM Diagnosis Coding
Adult Immunization
Medicare Secondary Payer (MSP)
Women's Health
Front Office Management
Introduction to the World of Medicare
Home Health Agency
HCFA 1450 (UB92)

Government Printing Office (www.access.gpo.gov)

    This site provides access to Federal laws and regulations 
pertaining to Federal health care programs.

The U.S. House of Representatives Internet Library (uscode.house.gov/usc.htm)

    This site provides access to the United States Code, which 
contains laws pertaining to Federal health care programs.

[FR Doc. 00-14703 Filed 6-9-00; 8:45 am]
BILLING CODE 4152-01-P