[Federal Register Volume 65, Number 194 (Thursday, October 5, 2000)]
[Notices]
[Pages 59434-59452]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-25500]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General


OIG Compliance Program for Individual and Small Group Physician 
Practices

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This Federal Register notice sets forth the recently issued 
Compliance Program Guidance for Individual and Small Group Physician 
Practices developed by the Office of Inspector General (OIG). The OIG 
has previously developed and published voluntary compliance program 
guidance focused on several other areas and aspects of the health care 
industry. We believe that the development and issuance of this 
voluntary compliance program guidance for individual and small group 
physician practices will serve as a positive step towards assisting 
providers in preventing the submission of erroneous claims or engaging 
in unlawful conduct involving the Federal health care programs.

FOR FURTHER INFORMATION CONTACT: Kimberly Brandt, Office of Counsel to 
the Inspector General, (202) 619-2078.

SUPPLEMENTARY INFORMATION:

Background

    The creation of compliance program guidances is a major initiative 
of the OIG in its effort to engage the private health care community in 
preventing the submission of erroneous claims and in combating 
fraudulent conduct. In the past several years, the OIG has developed 
and issued compliance program guidances directed at a variety of 
segments in the health care industry. The development of these types of 
compliance program guidances is based on our belief that a health care 
provider can use internal controls to more efficiently monitor 
adherence to applicable statutes, regulations and program requirements.
    Copies of these compliance program guidances can be found on the 
OIG web site at http://www.hhs.gov/oig.

Developing the Compliance Program Guidance for Individual and Small 
Group Physician Practices

    On September 8, 1999, the OIG published a solicitation notice 
seeking information and recommendations for developing formal guidance 
for individual and small group physician practices (64 FR 48846). In 
response to that solicitation notice, the OIG received 83 comments from 
various outside sources. We carefully considered those comments, as 
well as previous OIG publications, such as other compliance program 
guidance and Special Fraud Alerts, in developing a guidance for 
individual and small group physician practices. In addition, we have 
consulted with the Health Care Financing Administration and the 
Department of Justice. In an effort to ensure that all parties had a 
reasonable opportunity to provide input into a final product, draft 
guidance for individual and small group physician practices was 
published in the Federal Register on June 12, 2000 (65 FR 36818) for 
further comments and recommendations.

Components of an Effective Compliance Program

    This compliance program guidance for individual and small group 
physician practices contains seven components that provide a solid 
basis upon which a physician practice can create a voluntary compliance 
program:
     Conducting internal monitoring and auditing;
     Implementing compliance and practice standards;
     Designating a compliance officer or contact;
     Conducting appropriate training and education;
     Responding appropriately to detected offenses and 
developing corrective action;
     Developing open lines of communication; and
     Enforcing disciplinary standards through well-publicized 
guidelines.
    Similar components have been contained in previous guidances issued 
by the OIG. However, unlike other guidances issued by OIG, this 
guidance for physicians does not suggest that physician practices 
implement all seven components of a full scale compliance program. 
Instead, the guidance emphasizes a step by step approach to follow in 
developing and implementing a voluntary compliance program. This change 
is in recognition of the financial and staffing resource constraints 
faced

[[Page 59435]]

by physician practices. The guidance should not be viewed as mandatory 
or as an all-inclusive discussion of the advisable components of a 
compliance program. Rather, the document is intended to present 
guidance to assist physician practices that voluntarily choose to 
develop a compliance program.

Office of Inspector General's Compliance Program Guidance for 
Individual and Small Group Physician Practices

I. Introduction

    This compliance program guidance is intended to assist individual 
and small group physician practices (``physician practices'') \1\ in 
developing a voluntary compliance program that promotes adherence to 
statutes and regulations applicable to the Federal health care programs 
(``Federal health care program requirements''). The goal of voluntary 
compliance programs is to provide a tool to strengthen the efforts of 
health care providers to prevent and reduce improper conduct. These 
programs can also benefit physician practices\2\ by helping to 
streamline business operations.
---------------------------------------------------------------------------

    \1\ For the purpose of this guidance, the term ``physician'' is 
defined as: (1) a doctor of medicine or osteopathy; (2) a doctor of 
dental surgery or of dental medicine; (3) a podiatrist; (4) an 
optometrist; or (5) a chiropractor, all of whom must be 
appropriately licensed by the State. 42 U.S.C. 1395x(r).
    \2\ Much of this guidance can also apply to other independent 
practitioners, such as psychologists, physical therapists, speech 
language pathologists, and occupational therapists.
---------------------------------------------------------------------------

    Many physicians have expressed an interest in better protecting 
their practices from the potential for erroneous or fraudulent conduct 
through the implementation of voluntary compliance programs. The Office 
of Inspector General (OIG) believes that the great majority of 
physicians are honest and share our goal of protecting the integrity of 
Medicare and other Federal health care programs. To that end, all 
health care providers have a duty to ensure that the claims submitted 
to Federal health care programs are true and accurate. The development 
of voluntary compliance programs and the active application of 
compliance principles in physician practices will go a long way toward 
achieving this goal.
    Through this document, the OIG provides its views on the 
fundamental components of physician practice compliance programs, as 
well as the principles that a physician practice might consider when 
developing and implementing a voluntary compliance program. While this 
document presents basic procedural and structural guidance for 
designing a voluntary compliance program, it is not in and of itself a 
compliance program. Indeed, as recognized by the OIG and the health 
care industry, there is no ``one size fits all'' compliance program, 
especially for physician practices. Rather, it is a set of guidelines 
that physician practices can consider if they choose to develop and 
implement a compliance program.
    As with the OIG's previous guidance, \3\ these guidelines are not 
mandatory. Nor do they represent an all-inclusive document containing 
all components of a compliance program. Other OIG outreach efforts, as 
well as other Federal agency efforts to promote compliance,\4\ can also 
be used in developing a compliance program. However, as explained 
later, if a physician practice adopts a voluntary and active compliance 
program, it may well lead to benefits for the physician practice.
---------------------------------------------------------------------------

    \3\ Currently, the OIG has issued compliance program guidance 
for the following eight industry sectors: hospitals, clinical 
laboratories, home health agencies, durable medical equipment 
suppliers, third-party medical billing companies, hospices, 
Medicare+Choice organizations offering coordinated care plans, and 
nursing facilities. The guidance listed here and referenced in this 
document is available on the OIG web site at http://www.hhs.gov/oig 
in the Electronic Reading Room or by calling the OIG Public Affairs 
office at (202) 619-1343.
    \4\ The OIG has issued Advisory Opinions responding to specific 
inquiries concerning the application of the OIG's authorities, in 
particular, the anti-kickback statute, and Special Fraud Alerts 
setting forth activities that raise legal and enforcement issues. 
These documents, as well as reports from the OIG's Office of Audit 
Services and Office of Evaluation and Inspections can be obtained 
via the Internet address or phone number provided in Footnote 3. 
Physician practices can also review the Health Care Financing 
Administration (HCFA) web site on the Internet at http://www.hcfa.gov, for up-to-date regulations, manuals, and program 
memoranda related to the Medicare and Medicaid programs.
---------------------------------------------------------------------------

A. Scope of the Voluntary Compliance Program Guidance

    This guidance focuses on voluntary compliance measures related to 
claims submitted to the Federal health care programs. Issues related to 
private payor claims may also be covered by a compliance plan if the 
physician practice so desires.
    The guidance is also limited in scope by focusing on the 
development of voluntary compliance programs for individual and small 
group physician practices. The difference between a small practice and 
a large practice cannot be determined by stating a particular number of 
physicians. Instead, our intent in narrowing the guidance to the small 
practices subset was to provide guidance to those physician practices 
whose financial or staffing resources would not allow them to implement 
a full scale, institutionally structured compliance program as set 
forth in the Third Party Medical Billing Guidance or other previously 
released OIG guidance. A compliance program can be an important tool 
for physician practices of all sizes and does not have to be costly, 
resource-intensive or time-intensive.

B. Benefits of a Voluntary Compliance Program

    The OIG acknowledges that patient care is, and should be, the first 
priority of a physician practice. However, a practice's focus on 
patient care can be enhanced by the adoption of a voluntary compliance 
program. For example, the increased accuracy of documentation that may 
result from a compliance program will actually assist in enhancing 
patient care. The OIG believes that physician practices can realize 
numerous other benefits by implementing a compliance program. A well-
designed compliance program can:
     Speed and optimize proper payment of claims;
     Minimize billing mistakes;
     Reduce the chances that an audit will be conducted by HCFA 
or the OIG; and
     Avoid conflicts with the self-referral and anti-kickback 
statutes.
    The incorporation of compliance measures into a physician practice 
should not be at the expense of patient care, but instead should 
augment the ability of the physician practice to provide quality 
patient care.
    Voluntary compliance programs also provide benefits by not only 
helping to prevent erroneous or fraudulent claims, but also by showing 
that the physician practice is making additional good faith efforts to 
submit claims appropriately. Physicians should view compliance programs 
as analogous to practicing preventive medicine for their practice. 
Practices that embrace the active application of compliance principles 
in their practice culture and put efforts towards compliance on a 
continued basis can help to prevent problems from occurring in the 
future.
    A compliance program also sends an important message to a physician 
practice's employees that while the practice recognizes that mistakes 
will occur, employees have an affirmative, ethical duty to come forward 
and report erroneous or fraudulent conduct, so that it may be 
corrected.

[[Page 59436]]

C. Application of Voluntary Compliance Program Guidance

    The applicability of these recommendations will depend on the 
circumstances and resources of the particular physician practice.
    Each physician practice can undertake reasonable steps to implement 
compliance measures, depending on the size and resources of that 
practice. Physician practices can rely, at least in part, upon standard 
protocols and current practice procedures to develop an appropriate 
compliance program for that practice. In fact, many physician practices 
already have established the framework of a compliance program without 
referring to it as such.

D. The Difference Between ``Erroneous'' and ``Fraudulent'' Claims To 
Federal Health Programs

    There appear to be significant misunderstandings within the 
physician community regarding the critical differences between what the 
Government views as innocent ``erroneous'' claims on the one hand and 
``fraudulent'' (intentionally or recklessly false) health care claims 
on the other. Some physicians feel that Federal law enforcement 
agencies have maligned medical professionals, in part, by a perceived 
focus on innocent billing errors. These physicians are under the 
impression that innocent billing errors can subject them to civil 
penalties, or even jail. These impressions are mistaken.
    To address these concerns, the OIG would like to emphasize the 
following points. First, the OIG does not disparage physicians, other 
medical professionals or medical enterprises. In our view, the great 
majority of physicians are working ethically to render high quality 
medical care and to submit proper claims.
    Second, under the law, physicians are not subject to criminal, 
civil or administrative penalties for innocent errors, or even 
negligence. The Government's primary enforcement tool, the civil False 
Claims Act, covers only offenses that are committed with actual 
knowledge of the falsity of the claim, reckless disregard, or 
deliberate ignorance of the falsity of the claim.\5\ The False Claims 
Act does not encompass mistakes, errors, or negligence. The Civil 
Monetary Penalties Law, an administrative remedy, similar in scope and 
effect to the False Claims Act, has exactly the same standard of 
proof.\6\ The OIG is very mindful of the difference between innocent 
errors (``erroneous claims'') on one hand, and reckless or intentional 
conduct (``fraudulent claims'') on the other. For criminal penalties, 
the standard is even higher--criminal intent to defraud must be proved 
beyond a reasonable doubt.
---------------------------------------------------------------------------

    \5\ 31 U.S.C. 3729.
    \6\ 42 U.S.C. 1320a-7a.
---------------------------------------------------------------------------

    Third, even ethical physicians (and their staffs) make billing 
mistakes and errors through inadvertence or negligence. When physicians 
discover that their billing errors, honest mistakes, or negligence 
result in erroneous claims, the physician practice should return the 
funds erroneously claimed, but without penalties. In other words, 
absent a violation of a civil, criminal or administrative law, 
erroneous claims result only in the return of funds claimed in error.
    Fourth, innocent billing errors are a significant drain on the 
Federal health care programs. All parties (physicians, providers, 
carriers, fiscal intermediaries, Government agencies, and 
beneficiaries) need to work cooperatively to reduce the overall error 
rate.
    Finally, it is reasonable for physicians (and other providers) to 
ask: what duty do they owe the Federal health care programs? The answer 
is that all health care providers have a duty to reasonably ensure that 
the claims submitted to Medicare and other Federal health care programs 
are true and accurate. The OIG continues to engage the provider 
community in an extensive, good faith effort to work cooperatively on 
voluntary compliance to minimize errors and to prevent potential 
penalties for improper billings before they occur. We encourage all 
physicians and other providers to join in this effort.

II. Developing a Voluntary Compliance Program

A. The Seven Basic Components of a Voluntary Compliance Program

    The OIG believes that a basic framework for any voluntary 
compliance program begins with a review of the seven basic components 
of an effective compliance program. A review of these components 
provides physician practices with an overview of the scope of a fully 
developed and implemented compliance program. The following list of 
components, as set forth in previous OIG compliance program guidances, 
can form the basis of a voluntary compliance program for a physician 
practice:
     Conducting internal monitoring and auditing through the 
performance of periodic audits;
     Implementing compliance and practice standards through the 
development of written standards and procedures;
     Designating a compliance officer or contact(s) to monitor 
compliance efforts and enforce practice standards;
     Conducting appropriate training and education on practice 
standards and procedures;
     Responding appropriately to detected violations through 
the investigation of allegations and the disclosure of incidents to 
appropriate Government entities;
     Developing open lines of communication, such as (1) 
discussions at staff meetings regarding how to avoid erroneous or 
fraudulent conduct and (2) community bulletin boards, to keep practice 
employees updated regarding compliance activities; and
     Enforcing disciplinary standards through well-publicized 
guidelines.
    These seven components provide a solid basis upon which a physician 
practice can create a compliance program. The OIG acknowledges that 
full implementation of all components may not be feasible for all 
physician practices. Some physician practices may never fully implement 
all of the components. However, as a first step, physician practices 
can begin by adopting only those components which, based on a 
practice's specific history with billing problems and other compliance 
issues, are most likely to provide an identifiable benefit.
    The extent of implementation will depend on the size and resources 
of the practice. Smaller physician practices may incorporate each of 
the components in a manner that best suits the practice. By contrast, 
larger physician practices often have the means to incorporate the 
components in a more systematic manner. For example, larger physician 
practices can use both this guidance and the Third-Party Medical 
Billing Compliance Program Guidance, which provides a more detailed 
compliance program structure, to create a compliance program unique to 
the practice.
    The OIG recognizes that physician practices need to find the best 
way to achieve compliance for their given circumstances. Specifically, 
the OIG encourages physician practices to participate in other 
provider's compliance programs, such as the compliance programs of the 
hospitals or other settings in which the physicians practice. Physician 
Practice Management companies also may serve as a source of compliance 
program guidance. A physician practice's participation in such 
compliance programs could be a way, at least partly,

[[Page 59437]]

to augment the practice's own compliance efforts.
    The opportunities for collaborative compliance efforts could 
include participating in training and education programs or using 
another entity's policies and procedures as a template from which the 
physician practice creates its own version. The OIG encourages this 
type of collaborative effort, where the content is appropriate to the 
setting involved (i.e., the training is relevant to physician practices 
as well as the sponsoring provider), because it provides a means to 
promote the desired objective without imposing excessive burdens on the 
practice or requiring physicians to undertake duplicative action. 
However, to prevent possible anti-kickback or self-referral issues, the 
OIG recommends that physicians consider limiting their participation in 
a sponsoring provider's compliance program to the areas of training and 
education or policies and procedures.
    The key to avoiding possible conflicts is to ensure that the entity 
providing compliance services to a physician practice (its referral 
source) is not perceived as nor is it operating the practice compliance 
program at no charge. For example, if the sponsoring entity conducted 
claims review for the physician practice as part of a compliance 
program or provided compliance oversight without charging the practice 
fair market value for those services, the anti-kickback and Stark self-
referral laws would be implicated. The payment of fair market value by 
referral sources for compliance services will generally address these 
concerns.

B. Steps for Implementing a Voluntary Compliance Program

    As previously discussed, implementing a voluntary compliance 
program can be a multi-tiered process. Initial development of the 
compliance program can be focused on practice risk areas that have been 
problematic for the practice such as coding and billing. Within this 
area, the practice should examine its claims denial history or claims 
that have resulted in repeated overpayments, and identify and correct 
the most frequent sources of those denials or overpayments. A review of 
claim denials will help the practice scrutinize a significant risk area 
and improve its cash flow by submitting correct claims that will be 
paid the first time they are submitted. As this example illustrates, a 
compliance program for a physician practice often makes sound business 
sense.
    The following is a suggested order of the steps a practice could 
take to begin the development of a compliance program. The steps 
outlined below articulate all seven components of a compliance program 
and there are numerous suggestions for implementation within each 
component. Physician practices should keep in mind, as stated earlier, 
that it is up to the practice to determine the manner in which and the 
extent to which the practice chooses to implement these voluntary 
measures.

Step One: Auditing and Monitoring

    An ongoing evaluation process is important to a successful 
compliance program. This ongoing evaluation includes not only whether 
the physician practice's standards and procedures are in fact current 
and accurate, but also whether the compliance program is working, i.e., 
whether individuals are properly carrying out their responsibilities 
and claims are submitted appropriately. Therefore, an audit is an 
excellent way for a physician practice to ascertain what, if any, 
problem areas exist and focus on the risk areas that are associated 
with those problems. There are two types of reviews that can be 
performed as part of this evaluation: (1) A standards and procedures 
review; and (2) a claims submission audit.
1. Standards and Procedures
    It is recommended that an individual(s) in the physician practice 
be charged with the responsibility of periodically reviewing the 
practice's standards and procedures to determine if they are current 
and complete. If the standards and procedures are found to be 
ineffective or outdated, they should be updated to reflect changes in 
Government regulations or compendiums generally relied upon by 
physicians and insurers (i.e., changes in Current Procedural 
Terminology (CPT) and ICD-9-CM codes).
2. Claims Submission Audit
    In addition to the standards and procedures themselves, it is 
advisable that bills and medical records be reviewed for compliance 
with applicable coding, billing and documentation requirements. The 
individuals from the physician practice involved in these self-audits 
would ideally include the person in charge of billing (if the practice 
has such a person) and a medically trained person (e.g., registered 
nurse or preferably a physician (physicians can rotate in this 
position)). Each physician practice needs to decide for itself whether 
to review claims retrospectively or concurrently with the claims 
submission. In the Third-Party Medical Billing Compliance Program 
Guidance, the OIG recommended that a baseline, or ``snapshot,'' be used 
to enable a practice to judge over time its progress in reducing or 
eliminating potential areas of vulnerability. This practice, known as 
``benchmarking,'' allows a practice to chart its compliance efforts by 
showing a reduction or increase in the number of claims paid and 
denied.
    The practice's self-audits can be used to determine whether:
     Bills are accurately coded and accurately reflect the 
services provided (as documented in the medical records);
     Documentation is being completed correctly;
     Services or items provided are reasonable and necessary; 
and
     Any incentives for unnecessary services exist.
    A baseline audit examines the claim development and submission 
process, from patient intake through claim submission and payment, and 
identifies elements within this process that may contribute to non-
compliance or that may need to be the focus for improving execution.\7\ 
This audit will establish a consistent methodology for selecting and 
examining records, and this methodology will then serve as a basis for 
future audits.
---------------------------------------------------------------------------

    \7\ See Appendix D.II. referencing the Provider Self-Disclosure 
Protocol for information on how to conduct a baseline audit.
---------------------------------------------------------------------------

    There are many ways to conduct a baseline audit. The OIG recommends 
that claims/services that were submitted and paid during the initial 
three months after implementation of the education and training program 
be examined, so as to give the physician practice a benchmark against 
which to measure future compliance effectiveness.
    Following the baseline audit, a general recommendation is that 
periodic audits be conducted at least once each year to ensure that the 
compliance program is being followed. Optimally, a randomly selected 
number of medical records could be reviewed to ensure that the coding 
was performed accurately. Although there is no set formula to how many 
medical records should be reviewed, a basic guide is five or more 
medical records per Federal payor (i.e., Medicare, Medicaid), or five 
to ten medical records per physician. The OIG realizes that physician 
practices receive reimbursement from a number of different payors, and 
we would encourage a physician practice's auditing/monitoring process 
to consist of a review of claims from all Federal payors from which the 
practice receives reimbursement. Of course, the larger the sample size, 
the larger the comfort level

[[Page 59438]]

the physician practice will have about the results. However, the OIG is 
aware that this may be burdensome for some physician practices, so, at 
a minimum, we would encourage the physician practice to conduct a 
review of claims that have been reimbursed by Federal health care 
programs.
    If problems are identified, the physician practice will need to 
determine whether a focused review should be conducted on a more 
frequent basis. When audit results reveal areas needing additional 
information or education of employees and physicians, the physician 
practice will need to analyze whether these areas should be 
incorporated into the training and educational system.
    There are many ways to identify the claims/services from which to 
draw the random sample of claims to be audited. One methodology is to 
choose a random sample of claims/services from either all of the 
claims/services a physician has received reimbursement for or all 
claims/services from a particular payor. Another method is to identify 
risk areas or potential billing vulnerabilities. The codes associated 
with these risk areas may become the universe of claims/services from 
which to select the sample. The OIG recommends that the physician 
practice evaluate claims/services selected to determine if the codes 
billed and reimbursed were accurately ordered, performed, and 
reasonable and necessary for the treatment of the patient.
    One of the most important components of a successful compliance 
audit protocol is an appropriate response when the physician practice 
identifies a problem. This action should be taken as soon as possible 
after the date the problem is identified. The specific action a 
physician practice takes should depend on the circumstances of the 
situation. In some cases, the response can be as straight forward as 
generating a repayment with appropriate explanation to Medicare or the 
appropriate payor from which the overpayment was received. In others, 
the physician practice may want to consult with a coding/billing expert 
to determine the next best course of action. There is no boilerplate 
solution to how to handle problems that are identified.
    It is a good business practice to create a system to address how 
physician practices will respond to and report potential problems. In 
addition, preserving information relating to identification of the 
problem is as important as preserving information that tracks the 
physician practice's reaction to, and solution for, the issue.

Step 2: Establish Practice Standards and Procedures

    After the internal audit identifies the practice's risk areas, the 
next step is to develop a method for dealing with those risk areas 
through the practice's standards and procedures. Written standards and 
procedures are a central component of any compliance program. Those 
standards and procedures help to reduce the prospect of erroneous 
claims and fraudulent activity by identifying risk areas for the 
practice and establishing tighter internal controls to counter those 
risks, while also helping to identify any aberrant billing practices. 
Many physician practices already have something similar to this called 
``practice standards'' that include practice policy statements 
regarding patient care, personnel matters and practice standards and 
procedures on complying with Federal and State law.
    The OIG believes that written standards and procedures can be 
helpful to all physician practices, regardless of size and capability. 
If a lack of resources to develop such standards and procedures is 
genuinely an issue, the OIG recommends that a physician practice focus 
first on those risk areas most likely to arise in its particular 
practice.\8\ Additionally, if the physician practice works with a 
physician practice management company (PPMC), independent practice 
association (IPA), physician-hospital organization, management services 
organization (MSO) or third-party billing company, the practice can 
incorporate the compliance standards and procedures of those entities, 
if appropriate, into its own standards and procedures. Many physician 
practices have found that the adoption of a third party's compliance 
standards and procedures, as appropriate, has many benefits and the 
result is a consistent set of standards and procedures for a community 
of physicians as well as having just one entity that can then monitor 
and refine the process as needed. This sharing of compliance 
responsibilities assists physician practices in rural areas that do not 
have the staff to perform these functions, but do belong to a group 
that does have the resources. Physician practices using another 
entity's compliance materials will need to tailor those materials to 
the physician practice where they will be applied.
---------------------------------------------------------------------------

    \8\ Physician practices with laboratories or arrangements with 
third-party billing companies can also check the risk areas included 
in the OIG compliance program guidance for those industries.
---------------------------------------------------------------------------

    Physician practices that do not have standards or procedures in 
place can develop them by: (1) Developing a written standards and 
procedures manual; and (2) updating clinical forms periodically to make 
sure they facilitate and encourage clear and complete documentation of 
patient care. A practice's standards could also identify the clinical 
protocol(s), pathway(s), and other treatment guidelines followed by the 
practice.
    Creating a resource manual from publicly available information may 
be a cost-effective approach for developing additional standards and 
procedures. For example, the practice can develop a ``binder'' that 
contains the practice's written standards and procedures, relevant HCFA 
directives and carrier bulletins, and summaries of informative OIG 
documents (e.g., Special Fraud Alerts, Advisory Opinions, inspection 
and audit reports).\9\ If the practice chooses to adopt this idea, the 
binder should be updated as appropriate and located in a readily 
accessible location.
---------------------------------------------------------------------------

    \9\ The OIG and HCFA are working to compile a list of basic 
documents issued by both entities that could be included in such a 
binder. We expect to complete this list later this fall, and will 
post it on the OIG and HCFA web sites, as well as publicize this 
list to physician organizations and representatives (information on 
how to contact the OIG is contained in Footnote 3; HCFA information 
can be obtained at www.hcfa.gov/medlearn or by calling 1-800-
MEDICARE).
---------------------------------------------------------------------------

    If updates to the standards and procedures are necessary, those 
updates should be communicated to employees to keep them informed 
regarding the practice's operations. New employees can be made aware of 
the standards and procedures when hired and can be trained on their 
contents as part of their orientation to the practice. The OIG 
recommends that the communication of updates and training of new 
employees occur as soon as possible after either the issuance of a new 
update or the hiring of a new employee.
1. Specific Risk Areas
    The OIG recognizes that many physician practices may not have in 
place standards and procedures to prevent erroneous or fraudulent 
conduct in their practices. In order to develop standards and 
procedures, the physician practice may consider what types of fraud and 
abuse related topics need to be addressed based on its specific needs. 
One of the most important things in making that determination is a 
listing of risk areas where the practice may be vulnerable.
    To assist physician practices in performing this initial 
assessment, the OIG has developed a list of four potential risk areas 
affecting physician practices. These risk areas include: (a) Coding and 
billing; (b) reasonable and necessary services; (c) documentation;

[[Page 59439]]

and (d) improper inducements, kickbacks and self-referrals. This list 
of risk areas is not exhaustive, or all-encompassing. Rather, it should 
be viewed as a starting point for an internal review of potential 
vulnerabilities within the physician practice.\10\ The objective of 
such an assessment is to ensure that key personnel in the physician 
practice are aware of these major risk areas and that steps are taken 
to minimize, to the extent possible, the types of problems identified. 
While there are many ways to accomplish this objective, clear written 
standards and procedures that are communicated to all employees are 
important to ensure the effectiveness of a compliance program. 
Specifically, the following are discussions of risk areas for physician 
practices: \11\
---------------------------------------------------------------------------

    \10\ Physician practices seeking additional guidance on 
potential risk areas can review the OIG's Work Plan to identify 
vulnerabilities and risk areas on which the OIG will focus in the 
future. In addition, physician practices can also review the OIG's 
semiannual reports, which identify program vulnerabilities and risk 
areas that the OIG has targeted during the preceding six months. All 
of these documents are available on the OIG's webpage at http://www.hhs.gov/oig.
    \11\ Appendix A of this document lists additional risk areas 
that a physician practice may want to review and incorporate into 
their practice standards and procedures.
---------------------------------------------------------------------------

    a. Coding and Billing. A major part of any physician practice's 
compliance program is the identification of risk areas associated with 
coding and billing. The following risk areas associated with billing 
have been among the most frequent subjects of investigations and audits 
by the OIG:
     Billing for items or services not rendered or not provided 
as claimed; \12\
---------------------------------------------------------------------------

    \12\ For example, Dr. X, an ophthalmologist, billed for laser 
surgery he did not perform. As one element of proof, he did not even 
have laser equipment or access to such equipment at the place of 
service designated on the claim form where he performed the surgery.
---------------------------------------------------------------------------

     Submitting claims for equipment, medical supplies and 
services that are not reasonable and necessary; \13\
---------------------------------------------------------------------------

    \13\ Billing for services, supplies and equipment that are not 
reasonable and necessary involves seeking reimbursement for a 
service that is not warranted by a patient's documented medical 
condition. See 42 U.S.C. 1395i(a)(1)(A) (``no payment may be made 
under part A or part B [of Medicare] for any expenses incurred for 
items or services which * * * are not reasonable and necessary for 
the diagnosis or treatment of illness or injury or to improve the 
functioning of the malformed body member''). See also Appendix A for 
further discussion on this topic.
---------------------------------------------------------------------------

     Double billing resulting in duplicate payment; \14\
---------------------------------------------------------------------------

    \14\ Double billing occurs when a physician bills for the same 
item or service more than once or another party billed the Federal 
health care program for an item or service also billed by the 
physician. Although duplicate billing can occur due to simple error, 
the knowing submission of duplicate claims--which is sometimes 
evidenced by systematic or repeated double billing--can create 
liability under criminal, civil, and/or administrative law.
---------------------------------------------------------------------------

     Billing for non-covered services as if covered; \15\
---------------------------------------------------------------------------

    \15\ For example, Dr. Y bills Medicare using a covered office 
visit code when the actual service was a non-covered annual 
physical. Physician practices should remember that ``necessary'' 
does not always constitute ``covered'' and that this example is a 
misrepresentation of services to the Federal health care programs.
---------------------------------------------------------------------------

     Knowing misuse of provider identification numbers, which 
results in improper billing; \16\
---------------------------------------------------------------------------

    \16\ An example of this is when the practice bills for a service 
performed by Dr. B, who has not yet been issued a Medicare provider 
number, using Dr. A's Medicare provider number. Physician practices 
need to bill using the correct Medicare provider number, even if 
that means delaying billing until the physician receives his/her 
provider number.
---------------------------------------------------------------------------

     Unbundling (billing for each component of the service 
instead of billing or using an all-inclusive code); \17\
---------------------------------------------------------------------------

    \17\ Unbundling is the practice of a physician billing for 
multiple components of a service that must be included in a single 
fee. For example, if dressings and instruments are included in a fee 
for a minor procedure, the provider may not also bill separately for 
the dressings and instruments.
---------------------------------------------------------------------------

     Failure to properly use coding modifiers; \18\
---------------------------------------------------------------------------

    \18\ A modifier, as defined by the CPT-4 manual, provides the 
means by which a physician practice can indicate a service or 
procedure that has been performed has been altered by some specific 
circumstance, but not changed in its definition or code. Assuming 
the modifier is used correctly and appropriately, this specificity 
provides the justification for payment for those services. For 
correct use of modifiers, the physician practice should reference 
the appropriate sections of the Medicare Provider Manual. See 
Medicare Carrier Manual Section 4630. For general information on the 
correct use of modifiers, a physician practice can consult the 
National Correct Coding Initiative (NCCI). See Appendix F for 
information on how to download the NCCI edits. The NCCI coding edits 
are updated on a quarterly basis and are used to process claims and 
determine payments to physicians.
---------------------------------------------------------------------------

     Clustering; \19\ and
---------------------------------------------------------------------------

    \19\ This is the practice of coding/charging one or two middle 
levels of service codes exclusively, under the philosophy that some 
will be higher, some lower, and the charges will average out over an 
extended period (in reality, this overcharges some patients while 
undercharging others).
---------------------------------------------------------------------------

     Upcoding the level of service provided.\20\
---------------------------------------------------------------------------

    \20\ Upcoding is billing for a more expensive service than the 
one actually performed. For example, Dr. X intentionally bills at a 
higher evaluation and management (E&M) code than what he actually 
renders to the patient.
---------------------------------------------------------------------------

    The physician practice written standards and procedures concerning 
proper coding reflect the current reimbursement principles set forth in 
applicable statutes, regulations \21\ and Federal, State or private 
payor health care program requirements and should be developed in 
tandem with coding and billing standards used in the physician 
practice. Furthermore, written standards and procedures should ensure 
that coding and billing are based on medical record documentation. 
Particular attention should be paid to issues of appropriate diagnosis 
codes and individual Medicare Part B claims (including documentation 
guidelines for evaluation and management services).\22\ A physician 
practice can also institute a policy that the coder and/or physician 
review all rejected claims pertaining to diagnosis and procedure codes. 
This step can facilitate a reduction in similar errors.
---------------------------------------------------------------------------

    \21\ The official coding guidelines are promulgated by HCFA, the 
National Center for Health Statistics, the American Hospital 
Association, the American Medical Association and the American 
Health Information Management Association. See International 
Classification of Diseases, 9th Revision, Clinical Modification 
(ICD-9 CM)(and its successors); 1998 Health Care Financing 
Administration Common Procedure Coding System (HCPCS) (and its 
successors); and Physicians' CPT. In addition, there are specialized 
coding systems for specific segments of the health care industry. 
Among these are ADA (for dental procedures), DSM IV (psychiatric 
health benefits) and DMERCs (for durable medical equipment, 
prosthetics, orthotics and supplies).
    \22\ The failure of a physician practice to: (i) document items 
and services rendered; and (ii) properly submit the corresponding 
claims for reimbursement is a major area of potential erroneous or 
fraudulent conduct involving Federal health care programs. The OIG 
has undertaken numerous audits, investigations, inspections and 
national enforcement initiatives in these areas.
---------------------------------------------------------------------------

    b. Reasonable and Necessary Services. A practice's compliance 
program may provide guidance that claims are to be submitted only for 
services that the physician practice finds to be reasonable and 
necessary in the particular case. The OIG recognizes that physicians 
should be able to order any tests, including screening tests, they 
believe are appropriate for the treatment of their patients. However, a 
physician practice should be aware that Medicare will only pay for 
services that meet the Medicare definition of reasonable and 
necessary.\23\
---------------------------------------------------------------------------

    \23\ ``* * * for the diagnosis or treatment of illness or injury 
or to improve the functioning of a malformed body member.'' 42 
U.S.C. 1395y(a)(1)(A).
---------------------------------------------------------------------------

    Medicare (and many insurance plans) may deny payment for a service 
that is not reasonable and necessary according to the Medicare 
reimbursement rules. Thus, when a physician provides services to a 
Medicare beneficiary, he or she should only bill those services that 
meet the Medicare standard of being reasonable and necessary for the 
diagnosis and treatment of a patient. A physician practice can bill in 
order to receive a denial for services, but only if the denial is 
needed for reimbursement from the secondary payor. Upon request, the 
physician practice should be able to provide documentation, such as a 
patient's medical records and

[[Page 59440]]

physician's orders, to support the appropriateness of a service that 
the physician has provided.
    c. Documentation. Timely, accurate and complete documentation is 
important to clinical patient care. This same documentation serves as a 
second function when a bill is submitted for payment, namely, as 
verification that the bill is accurate as submitted. Therefore, one of 
the most important physician practice compliance issues is the 
appropriate documentation of diagnosis and treatment. Physician 
documentation is necessary to determine the appropriate medical 
treatment for the patient and is the basis for coding and billing 
determinations. Thorough and accurate documentation also helps to 
ensure accurate recording and timely transmission of information.
    i. Medical Record Documentation. In addition to facilitating high 
quality patient care, a properly documented medical record verifies and 
documents precisely what services were actually provided. The medical 
record may be used to validate: (a) The site of the service; (b) the 
appropriateness of the services provided; (c) the accuracy of the 
billing; and (d) the identity of the care giver (service provider). 
Examples of internal documentation guidelines a practice might use to 
ensure accurate medical record documentation include the following: 
\24\
---------------------------------------------------------------------------

    \24\ For additional information on proper documentation, 
physician practices should also reference the Documentation 
Guidelines for Evaluation and Management Services, published by 
HCFA. Currently, physicians may document based on the 1995 or 1997 
E&M Guidelines, whichever is most advantageous to the physician. A 
new set of draft guidelines were announced in June 2000, and are 
undergoing pilot testing and revision, but are not in current use.
---------------------------------------------------------------------------

     The medical record is complete and legible;
     The documentation of each patient encounter includes the 
reason for the encounter; any relevant history; physical examination 
findings; prior diagnostic test results; assessment, clinical 
impression, or diagnosis; plan of care; and date and legible identity 
of the observer;
     If not documented, the rationale for ordering diagnostic 
and other ancillary services can be easily inferred by an independent 
reviewer or third party who has appropriate medical training;
     CPT and ICD-9-CM codes used for claims submission are 
supported by documentation and the medical record; and
     Appropriate health risk factors are identified. The 
patient's progress, his or her response to, and any changes in, 
treatment, and any revision in diagnosis is documented.
    The CPT and ICD-9-CM codes reported on the health insurance claims 
form should be supported by documentation in the medical record and the 
medical chart should contain all necessary information. Additionally, 
HCFA and the local carriers should be able to determine the person who 
provided the services. These issues can be the root of investigations 
of inappropriate or erroneous conduct, and have been identified by HCFA 
and the OIG as a leading cause of improper payments.
    One method for improving quality in documentation is for a 
physician practice to compare the practice's claim denial rate to the 
rates of other practices in the same specialty to the extent that the 
practice can obtain that information from the carrier. Physician coding 
and diagnosis distribution can be compared for each physician within 
the same specialty to identify variances.
    ii. HCFA 1500 Form. Another documentation area for physician 
practices to monitor closely is the proper completion of the HCFA 1500 
form. The following practices will help ensure that the form has been 
properly completed:
     Link the diagnosis code with the reason for the visit or 
service;
     Use modifiers appropriately;
     Provide Medicare with all information about a 
beneficiary's other insurance coverage under the Medicare Secondary 
Payor (MSP) policy, if the practice is aware of a beneficiary's 
additional coverage.
    d. Improper Inducements, Kickbacks and Self-Referrals. A physician 
practice would be well advised to have standards and procedures that 
encourage compliance with the anti-kickback statute \25\ and the 
physician self-referral law.\26\ Remuneration for referrals is illegal 
because it can distort medical decision-making, cause overutilization 
of services or supplies, increase costs to Federal health care 
programs, and result in unfair competition by shutting out competitors 
who are unwilling to pay for referrals. Remuneration for referrals can 
also affect the quality of patient care by encouraging physicians to 
order services or supplies based on profit rather than the patients' 
best medical interests.\27\
---------------------------------------------------------------------------

    \25\ The anti-kickback statute provides criminal penalties for 
individuals and entities that knowingly offer, pay, solicit, or 
receive bribes or kickbacks or other remuneration in order to induce 
business reimbursable by Federal health care programs. See 42 U.S.C. 
1320a-7b(b). Civil penalties, exclusion from participation in the 
Federal health care programs, and civil False Claims Act liability 
may also result from a violation of the prohibition. See 42 U.S.C. 
1320a-7a(a)(5), 42 U.S.C. 1320a-7(b)(7), and 31 U.S.C. 3729-3733.
    \26\ The physician self-referral law, 42 U.S.C. 1395nn (also 
known as the ``Stark law''), prohibits a physician from making a 
referral to an entity with which the physician or any member of the 
physician's immediate family has a financial relationship if the 
referral is for the furnishing of designated health services, unless 
the financial relationship fits into an exception set forth in the 
statute or implementing regulations.
    \27\ See Appendix B for additional information on the anti-
kickback statute.
---------------------------------------------------------------------------

    In particular, arrangements with hospitals, hospices, nursing 
facilities, home health agencies, durable medical equipment suppliers, 
pharmaceutical manufacturers and vendors are areas of potential 
concern. In general the anti-kickback statute prohibits knowingly and 
willfully giving or receiving anything of value to induce referrals of 
Federal health care program business. It is generally recommended that 
all business arrangements wherein physician practices refer business 
to, or order services or items from, an outside entity should be on a 
fair market value basis.\28\ Whenever a physician practice intends to 
enter into a business arrangement that involves making referrals, the 
arrangement should be reviewed by legal counsel familiar with the anti-
kickback statute and physician self-referral statute.
---------------------------------------------------------------------------

    \28\ The OIG's definition of ``fair market value'' excludes any 
value attributable to referrals of Federal program business or the 
ability to influence the flow of such business. See 42 U.S.C. 
1395nn(h)(3). Adhering to the rule of keeping business arrangements 
at fair market value is not a guarantee of legality, but is a highly 
useful general rule.
---------------------------------------------------------------------------

    In addition to developing standards and procedures to address 
arrangements with other health care providers and suppliers, physician 
practices should also consider implementing measures to avoid offering 
inappropriate inducements to patients.\29\ Examples of such inducements 
include routinely waiving coinsurance or deductible amounts without a 
good faith determination that the patient is in financial need or 
failing to make reasonable efforts to collect the cost-sharing 
amount.\30\
---------------------------------------------------------------------------

    \29\ See 42 U.S.C. 1320a-7a(a)(5).
    \30\ In the OIG Special Fraud Alert ``Routine Waiver of Part B 
Co-payments/Deductibles'' (May 1991), the OIG describes several 
reasons why routine waivers of these cost-sharing amounts pose 
concerns. The Alert sets forth the circumstances under which it may 
be appropriate to waive these amounts. See also 42 U.S.C. 1320a-
7a(a)(5).
---------------------------------------------------------------------------

    Possible risk factors relating to this risk area that could be 
addressed in the practice's standards and procedures include:
     Financial arrangements with outside entities to whom the 
practice

[[Page 59441]]

may refer Federal health care program business;\31\
---------------------------------------------------------------------------

    \31\ All physician contracts and agreements with parties in a 
position to influence Federal health care program business or to 
whom the doctor is in such a position to influence should be 
reviewed to avoid violation of the anti-kickback, self-referral, and 
other relevant Federal and State laws. The OIG has published safe 
harbors that define practices not subject to the anti-kickback 
statute, because such arrangements would be unlikely to result in 
fraud or abuse. Failure to comply with a safe harbor provision does 
not make an arrangement per se illegal. Rather, the safe harbors set 
forth specific conditions that, if fully met, would assure the 
entities involved of not being prosecuted or sanctioned for the 
arrangement qualifying for the safe harbor. One such safe harbor 
applies to personal services contracts. See 42 CFR 1001.952(d).
---------------------------------------------------------------------------

     Joint ventures with entities supplying goods or services 
to the physician practice or its patients;\32\
---------------------------------------------------------------------------

    \32\ See OIG Special Fraud Alert ``Joint Venture Arrangements'' 
(August 1989) available on the OIG web site at http://www.hhs.gov/oig. See also OIG Advisory Opinion 97-5.
---------------------------------------------------------------------------

     Consulting contracts or medical directorships;
     Office and equipment leases with entities to which the 
physician refers; and
     Soliciting, accepting or offering any gift or gratuity of 
more than nominal value to or from those who may benefit from a 
physician practice's referral of Federal health care program 
business.\33\
    In order to keep current with this area of the law, a physician 
practice may obtain copies, available on the OIG web site or in hard 
copy from the OIG, of all relevant OIG Special Fraud Alerts and 
Advisory Opinions that address the application of the anti-kickback and 
physician self-referral laws to ensure that the standards and 
procedures reflect current positions and opinions.
---------------------------------------------------------------------------

    \33\ Physician practices should establish clear standards and 
procedures governing gift-giving because such exchanges may be 
viewed as inducements to influence business decisions.
---------------------------------------------------------------------------

2. Retention of Records
    In light of the documentation requirements faced by physician 
practices, it would be to the practice's benefit if its standards and 
procedures contained a section on the retention of compliance, business 
and medical records. These records primarily include documents relating 
to patient care and the practice's business activities. A physician 
practice's designated compliance contact could keep an updated binder 
or record of these documents, including information relating to 
compliance activities. The primary compliance documents that a practice 
would want to retain are those that relate to educational activities, 
internal investigations and internal audit results. We suggest that 
particular attention should be paid to documenting investigations of 
potential violations uncovered by the compliance program and the 
resulting remedial action. Although there is no requirement that the 
practice retain its compliance records, having all the relevant 
documentation relating to the practice's compliance efforts or handling 
of a particular problem can benefit the practice should it ever be 
questioned regarding those activities.
    Physician practices that implement a compliance program might also 
want to provide for the development and implementation of a records 
retention system. This system would establish standards and procedures 
regarding the creation, distribution, retention, and destruction of 
documents. If the practice decides to design a record system, privacy 
concerns and Federal or State regulatory requirements should be taken 
into consideration.\34\
---------------------------------------------------------------------------

    \34\ There are various Federal regulations governing the privacy 
of patient records and the retention of certain types of patient 
records. Many states also have record retention statutes. Practices 
should check with their state medical society and/or affiliated 
professional association for assistance in ascertaining these 
requirements for their particular specialty and location.
---------------------------------------------------------------------------

    While conducting its compliance activities, as well as its daily 
operations, a physician practice would be well advised, to the extent 
it is possible, to document its efforts to comply with applicable 
Federal health care program requirements. For example, if a physician 
practice requests advice from a Government agency (including a Medicare 
carrier) charged with administering a Federal health care program, it 
is to the benefit of the practice to document and retain a record of 
the request and any written or oral response (or nonresponse). This 
step is extremely important if the practice intends to rely on that 
response to guide it in future decisions, actions, or claim 
reimbursement requests or appeals.
    In short, it is in the best interest of all physician practices, 
regardless of size, to have procedures to create and retain appropriate 
documentation. The following record retention guidelines are suggested:
     The length of time that a practice's records are to be 
retained can be specified in the physician practice's standards and 
procedures (Federal and State statutes should be consulted for specific 
time frames, if applicable);
     Medical records (if in the possession of the physician 
practice) need to be secured against loss, destruction, unauthorized 
access, unauthorized reproduction, corruption, or damage; and
     Standards and procedures can stipulate the disposition of 
medical records in the event the practice is sold or closed.

Step Three: Designation of a Compliance Officer/Contact(s)

    After the audits have been completed and the risk areas identified, 
ideally one member of the physician practice staff needs to accept the 
responsibility of developing a corrective action plan, if necessary, 
and oversee the practice's adherence to that plan. This person can 
either be in charge of all compliance activities for the practice or 
play a limited role merely to resolve the current issue. In a 
formalized institutional compliance program there is a compliance 
officer who is responsible for overseeing the implementation and day-
to-day operations of the compliance program. However, the resource 
constraints of physician practices make it so that it is often 
impossible to designate one person to be in charge of compliance 
functions.
    It is acceptable for a physician practice to designate more than 
one employee with compliance monitoring responsibility. In lieu of 
having a designated compliance officer, the physician practice could 
instead describe in its standards and procedures the compliance 
functions for which designated employees, known as ``compliance 
contacts,'' would be responsible. For example, one employee could be 
responsible for preparing written standards and procedures, while 
another could be responsible for conducting or arranging for periodic 
audits and ensuring that billing questions are answered. Therefore, the 
compliance-related responsibilities of the designated person or persons 
may be only a portion of his or her duties.
    Another possibility is that one individual could serve as 
compliance officer for more than one entity. In situations where 
staffing limitations mandate that the practice cannot afford to 
designate a person(s) to oversee compliance activities, the practice 
could outsource all or part of the functions of a compliance officer to 
a third party, such as a consultant, PPMC, MSO, IPA or third-party 
billing company. However, if this role is outsourced, it is beneficial 
for the compliance officer to have sufficient interaction with the 
physician practice to be able to effectively understand the inner 
workings of the practice. For example, consultants that are not in 
close geographic proximity to a practice may not be effective 
compliance officers for the practice.

[[Page 59442]]

    One suggestion for how to maintain continual interaction is for the 
practice to designate someone to serve as a liaison with the outsourced 
compliance officer. This would help ensure a strong tie between the 
compliance officer and the practice's daily operations. Outsourced 
compliance officers, who spend most of their time offsite, have certain 
limitations that a physician practice should consider before making 
such a critical decision. These limitations can include lack of 
understanding as to the inner workings of the practice, accessibility 
and possible conflicts of interest when one compliance officer is 
serving several practices.
    If the physician practice decides to designate a particular 
person(s) to oversee all compliance activities, not just those in 
conjunction with the audit-related issue, the following is a list of 
suggested duties that the practice may want to assign to that 
person(s):
     Overseeing and monitoring the implementation of the 
compliance program;
     Establishing methods, such as periodic audits, to improve 
the practice's efficiency and quality of services, and to reduce the 
practice's vulnerability to fraud and abuse;
     Periodically revising the compliance program in light of 
changes in the needs of the practice or changes in the law and in the 
standards and procedures of Government and private payor health plans;
     Developing, coordinating and participating in a training 
program that focuses on the components of the compliance program, and 
seeks to ensure that training materials are appropriate;
     Ensuring that the HHS-OIG's List of Excluded Individuals 
and Entities, and the General Services Administration's (GSA's) List of 
Parties Debarred from Federal Programs have been checked with respect 
to all employees, medical staff and independent contractors; \35\ and
     Investigating any report or allegation concerning possible 
unethical or improper business practices, and monitoring subsequent 
corrective action and/or compliance.
---------------------------------------------------------------------------

    \35\ The HHS-OIG ``List of Excluded Individuals/Entities'' 
provides information to health care providers, patients, and others 
regarding individuals and entities that are excluded from 
participation in Federal health care programs. This report, in both 
an on-line searchable and downloadable database, can be located on 
the Internet at http://www.hhs.gov/oig. The OIG sanction information 
is readily available to users in two formats on over 15,000 
individuals and entities currently excluded from program 
participation through action taken by the OIG. The on-line 
searchable database allows users to obtain information regarding 
excluded individuals and entities sorted by: (1) The legal bases for 
exclusions; (2) the types of individuals and entities excluded by 
the OIG; and (3) the States where excluded individuals reside or 
entities do business. In addition, the General Services 
Administration maintains a monthly listing of debarred contractors, 
``List of Parties Debarred from Federal Programs,'' at http://www.arnet.gov/epls.
---------------------------------------------------------------------------

    Each physician practice needs to assess its own practice situation 
and determine what best suits that practice in terms of compliance 
oversight.

Step Four: Conducting Appropriate Training and Education

    Education is an important part of any compliance program and is the 
logical next step after problems have been identified and the practice 
has designated a person to oversee educational training. Ideally, 
education programs will be tailored to the physician practice's needs, 
specialty and size and will include both compliance and specific 
training.
    There are three basic steps for setting up educational objectives:
     Determining who needs training (both in coding and billing 
and in compliance);
     Determining the type of training that best suits the 
practice's needs (e.g., seminars, in-service training, self-study or 
other programs); and
     Determining when and how often education is needed and how 
much each person should receive.
    Training may be accomplished through a variety of means, including 
in-person training sessions (i.e., either on site or at outside 
seminars), distribution of newsletters,\36\ or even a readily 
accessible office bulletin board. Regardless of the training modality 
used, a physician practice should ensure that the necessary education 
is communicated effectively and that the practice's employees come away 
from the training with a better understanding of the issues covered.
---------------------------------------------------------------------------

    \36\ HCFA also offers free online training for general fraud and 
abuse issues at http://www.hcfa.gov/medlearn. See Appendix F for 
additional information.
---------------------------------------------------------------------------

1. Compliance Training
    Under the direction of the designated compliance officer/contact, 
both initial and recurrent training in compliance is advisable, both 
with respect to the compliance program itself and applicable statutes 
and regulations. Suggestions for items to include in compliance 
training are: The operation and importance of the compliance program; 
the consequences of violating the standards and procedures set forth in 
the program; and the role of each employee in the operation of the 
compliance program.
    There are two goals a practice should strive for when conducting 
compliance training: (1) All employees will receive training on how to 
perform their jobs in compliance with the standards of the practice and 
any applicable regulations; and (2) each employee will understand that 
compliance is a condition of continued employment. Compliance training 
focuses on explaining why the practice is developing and establishing a 
compliance program. The training should emphasize that following the 
standards and procedures will not get a practice employee in trouble, 
but violating the standards and procedures may subject the employee to 
disciplinary measures. It is advisable that new employees be trained on 
the compliance program as soon as possible after their start date and 
employees should receive refresher training on an annual basis or as 
appropriate.
2. Coding and Billing Training
    Coding and billing training on the Federal health care program 
requirements may be necessary for certain members of the physician 
practice staff depending on their respective responsibilities. The OIG 
understands that most physician practices do not employ a professional 
coder and that the physician is often primarily responsible for all 
coding and billing. However, it is in the practice's best interest to 
ensure that individuals who are directly involved with billing, coding 
or other aspects of the Federal health care programs receive extensive 
education specific to that individual's responsibilities. Some examples 
of items that could be covered in coding and billing training include:
     Coding requirements;
     Claim development and submission processes;
     Signing a form for a physician without the physician's 
authorization;
     Proper documentation of services rendered;
     Proper billing standards and procedures and submission of 
accurate bills for services or items rendered to Federal health care 
program beneficiaries; and
     The legal sanctions for submitting deliberately false or 
reckless billings.
3. Format of the Training Program
    Training may be conducted either in-house or by an outside 
source.\37\

[[Page 59443]]

Training at outside seminars, instead of internal programs and in-
service sessions, may be an effective way to achieve the practice's 
training goals. In fact, many community colleges offer certificate or 
associate degree programs in billing and coding, and professional 
associations provide various kinds of continuing education and 
certification programs. Many carriers also offer billing training.
---------------------------------------------------------------------------

    \37\ As noted earlier in this guidance, another way for 
physician practices to receive training is for the physicians and/or 
the employees of the practice to attend training programs offered by 
outside entities, such as a hospital, a local medical society or a 
carrier. This sort of collaborative effort is an excellent way for 
the practice to meet the desired training objective without having 
to expend the resources to develop and implement in-house training.
---------------------------------------------------------------------------

    The physician practice may work with its third-party billing 
company, if one is used, to ensure that documentation is of a level 
that is adequate for the billing company to submit accurate claims on 
behalf of the physician practice. If it is not, these problem areas 
should also be covered in the training. In addition to the billing 
training, it is advisable for physician practices to maintain updated 
ICD-9, HCPCS and CPT manuals (in addition to the carrier bulletins 
construing those sources) and make them available to all employees 
involved in the billing process. Physician practices can also provide a 
source of continuous updates on current billing standards and 
procedures by making publications or Government documents that describe 
current billing policies available to its employees.\38\
---------------------------------------------------------------------------

    \38\ Some publications, such as OIG's Special Fraud Alerts, 
audit and inspection reports, and Advisory Opinions are readily 
available from the OIG and can provide a basis for educational 
courses and programs for physician practice employees. See Appendix 
F for a partial listing of these documents. See Footnote 3 for 
information on how to obtain copies of these documents.
---------------------------------------------------------------------------

    Physician practices do not have to provide separate education and 
training programs for the compliance and coding and billing training. 
All in-service training and continuing education can integrate 
compliance issues, as well as other core values adopted by the 
practice, such as quality improvement and improved patient service, 
into their curriculum.
4. Continuing Education on Compliance Issues
    There is no set formula for determining how often training sessions 
should occur. The OIG recommends that there be at least an annual 
training program for all individuals involved in the coding and billing 
aspects of the practice.\39\ Ideally, new billing and coding employees 
will be trained as soon as possible after assuming their duties and 
will work under an experienced employee until their training has been 
completed.
---------------------------------------------------------------------------

    \39\ Currently, the OIG is monitoring a significant number of 
corporate integrity agreements that require many of these training 
elements. The OIG usually requires a minimum of one hour annually 
for basic training in compliance areas. Additional training may be 
necessary for specialty fields such as claims development and 
billing.
---------------------------------------------------------------------------

Step Five: Responding To Detected Offenses and Developing Corrective 
Action Initiatives

    When a practice determines it has detected a possible violation, 
the next step is to develop a corrective action plan and determine how 
to respond to the problem. Violations of a physician practice's 
compliance program, significant failures to comply with applicable 
Federal or State law, and other types of misconduct threaten a 
practice's status as a reliable, honest, and trustworthy provider of 
health care. Consequently, upon receipt of reports or reasonable 
indications of suspected noncompliance, it is important that the 
compliance contact or other practice employee look into the allegations 
to determine whether a significant violation of applicable law or the 
requirements of the compliance program has indeed occurred, and, if so, 
take decisive steps to correct the problem.\40\ As appropriate, such 
steps may involve a corrective action plan,\41\ the return of any 
overpayments, a report to the Government,\42\ and/or a referral to law 
enforcement authorities.
---------------------------------------------------------------------------

    \40\ Instances of noncompliance must be determined on a case-by-
case basis. The existence or amount of a monetary loss to a health 
care program is not solely determinative of whether the conduct 
should be investigated and reported to governmental authorities. In 
fact, there may be instances where there is no readily identifiable 
monetary loss to a health care provider, but corrective actions are 
still necessary to protect the integrity of the applicable program 
and its beneficiaries, e.g., where services required by a plan of 
care are not provided.
    \41\ The physician practice may seek advice from its legal 
counsel to determine the extent of the practice's liability and to 
plan the appropriate course of action.
    \42\ The OIG has established a Provider Self-Disclosure Protocol 
that encourages providers to voluntarily report suspected fraud. The 
concept of voluntary self-disclosure is premised on a recognition 
that the Government alone cannot protect the integrity of the 
Medicare and other Federal health care programs. Health care 
providers must be willing to police themselves, correct underlying 
problems, and work with the Government to resolve these matters. The 
Provider Self-Disclosure Protocol can be located on the OIG's web 
site at: www.hhs.gov/oig. See Appendix D for further information on 
the Provider Self-Disclosure Protocol.
---------------------------------------------------------------------------

    One suggestion is that the practice, in developing its compliance 
program, develop its own set of monitors and warning indicators. These 
might include: Significant changes in the number and/or types of claim 
rejections and/or reductions; correspondence from the carriers and 
insurers challenging the medical necessity or validity of claims; 
illogical patterns or unusual changes in the pattern of CPT-4, HCPCS or 
ICD-9 code utilization; and high volumes of unusual charge or payment 
adjustment transactions. If any of these warning indicators become 
apparent, then it is recommended that the practice follow up on the 
issues. Subsequently, as appropriate, the compliance procedures of the 
practice may need to be changed to prevent the problem from recurring.
    For potential criminal violations, a physician practice would be 
well advised in its compliance program procedures to include steps for 
prompt referral or disclosure to an appropriate Government authority or 
law enforcement agency. In regard to overpayment issues, it is advised 
that the physician practice take appropriate corrective action, 
including prompt identification and repayment of any overpayment to the 
affected payor.
    It is also recommended that the compliance program provide for a 
full internal assessment of all reports of detected violations. If the 
physician practice ignores reports of possible fraudulent activity, it 
is undermining the very purpose it hoped to achieve by implementing a 
compliance program.
    It is advised that the compliance program standards and procedures 
include provisions to ensure that a violation is not compounded once 
discovered. In instances involving individual misconduct, the standards 
and procedures might also advise as to whether the individuals involved 
in the violation either be retrained, disciplined, or, if appropriate, 
terminated. The physician practice may also prevent the compounding of 
the violation by conducting a review of all confirmed violations, and, 
if appropriate, self-reporting the violations to the applicable 
authority.
    The physician practice may consider the fact that if a violation 
occurred and was not detected, its compliance program may require 
modification. Physician practices that detect violations could analyze 
the situation to determine whether a flaw in their compliance program 
failed to anticipate the detected problem, or whether the compliance 
program's procedures failed to prevent the violation. In any event, it 
is prudent, even absent the detection of any violations, for physician 
practices to periodically review and modify their compliance programs.

Step Six: Developing Open Lines of Communication

    In order to prevent problems from occurring and to have a frank 
discussion

[[Page 59444]]

of why the problem happened in the first place, physician practices 
need to have open lines of communication. Especially in a smaller 
practice, an open line of communication is an integral part of 
implementing a compliance program. Guidance previously issued by the 
OIG has encouraged the use of several forms of communication between 
the compliance officer/committee and provider personnel, many of which 
focus on formal processes and are more costly to implement (e.g., 
hotlines and e-mail). However, the OIG recognizes that the nature of 
some physician practices is not as conducive to implementing these 
types of measures. The nature of a small physician practice dictates 
that such communication and information exchanges need to be conducted 
through a less formalized process than that which has been envisioned 
by prior OIG guidance.
    In the small physician practice setting, the communication element 
may be met by implementing a clear ``open door'' policy between the 
physicians and compliance personnel and practice employees. This policy 
can be implemented in conjunction with less formal communication 
techniques, such as conspicuous notices posted in common areas and/or 
the development and placement of a compliance bulletin board where 
everyone in the practice can receive up-to-date compliance 
information.\43\
    A compliance program's system for meaningful and open communication 
can include the following:
---------------------------------------------------------------------------

    \43\ In addition to whatever other method of communication is 
being utilized, the OIG recommends that physician practices post the 
HHS-OIG Hotline telephone number (1-800-HHS-TIPS) in a prominent 
area.
---------------------------------------------------------------------------

     The requirement that employees report conduct that a 
reasonable person would, in good faith, believe to be erroneous or 
fraudulent;
     The creation of a user-friendly process (such as an 
anonymous drop box for larger practices) for effectively reporting 
erroneous or fraudulent conduct;
     Provisions in the standards and procedures that state that 
a failure to report erroneous or fraudulent conduct is a violation of 
the compliance program;
     The development of a simple and readily accessible 
procedure to process reports of erroneous or fraudulent conduct;
     If a billing company is used, communication to and from 
the billing company's compliance officer/contact and other responsible 
staff to coordinate billing and compliance activities of the practice 
and the billing company, respectively. Communication can include, as 
appropriate, lists of reported or identified concerns, initiation and 
the results of internal assessments, training needs, regulatory 
changes, and other operational and compliance matters;
     The utilization of a process that maintains the anonymity 
of the persons involved in the reported possible erroneous or 
fraudulent conduct and the person reporting the concern; and
     Provisions in the standards and procedures that there will 
be no retribution for reporting conduct that a reasonable person acting 
in good faith would have believed to be erroneous or fraudulent.
    The OIG recognizes that protecting anonymity may not be feasible 
for small physician practices. However, the OIG believes all practice 
employees, when seeking answers to questions or reporting potential 
instances of erroneous or fraudulent conduct, should know to whom to 
turn for assistance in these matters and should be able to do so 
without fear of retribution. While the physician practice may strive to 
maintain the anonymity of an employee's identity, it also needs to make 
clear that there may be a point at which the individual's identity may 
become known or may have to be revealed in certain instances.

Step Seven: Enforcing Disciplinary Standards Through Well-Publicized 
Guidelines

    Finally, the last step that a physician practice may wish to take 
is to incorporate measures into its practice to ensure that practice 
employees understand the consequences if they behave in a non-compliant 
manner. An effective physician practice compliance program includes 
procedures for enforcing and disciplining individuals who violate the 
practice's compliance or other practice standards. Enforcement and 
disciplinary provisions are necessary to add credibility and integrity 
to a compliance program.
    The OIG recommends that a physician practice's enforcement and 
disciplinary mechanisms ensure that violations of the practice's 
compliance policies will result in consistent and appropriate 
sanctions, including the possibility of termination, against the 
offending individual. At the same time, it is advisable that the 
practice's enforcement and disciplinary procedures be flexible enough 
to account for mitigating or aggravating circumstances. The procedures 
might also stipulate that individuals who fail to detect or report 
violations of the compliance program may also be subject to discipline. 
Disciplinary actions could include: Warnings (oral); reprimands 
(written); probation; demotion; temporary suspension; termination; 
restitution of damages; and referral for criminal prosecution. 
Inclusion of disciplinary guidelines in in-house training and procedure 
manuals is sufficient to meet the ``well publicized'' standard of this 
element.
    It is suggested that any communication resulting in the finding of 
non-compliant conduct be documented in the compliance files by 
including the date of incident, name of the reporting party, name of 
the person responsible for taking action, and the follow-up action 
taken. Another suggestion is for physician practices to conduct checks 
to make sure all current and potential practice employees are not 
listed on the OIG or GSA lists of individuals excluded from 
participation in Federal health care or Government procurement 
programs.\44\
---------------------------------------------------------------------------

    \44\ See Footnote 35 for information on how to access these 
lists.
---------------------------------------------------------------------------

C. Assessing A Voluntary Compliance Program

    A practice's commitment to compliance can best be assessed by the 
active application of compliance principles in the day-to-day 
operations of the practice. Compliance programs are not just written 
standards and procedures that sit on a shelf in the main office of a 
practice, but are an everyday part of the practice operations. It is by 
integrating the compliance program into the practice culture that the 
practice can best achieve maximum benefit from its compliance program.

III. Conclusion

    Just as immunizations are given to patients to prevent them from 
becoming ill, physician practices may view the implementation of a 
voluntary compliance program as comparable to a form of preventive 
medicine for the practice. This voluntary compliance program guidance 
is intended to assist physician practices in developing and 
implementing internal controls and procedures that promote adherence to 
Federal health care program requirements.
    As stated earlier, physician compliance programs do not need to be 
time or resource intensive and can be developed in a manner that best 
reflects the nature of each individual practice. Many of the 
recommendations set forth in this document are ones that many physician 
practices already have in place and are simply good business practices 
that can be adhered to with a

[[Page 59445]]

reasonable amount of effort. By implementing an effective compliance 
program, appropriate for its size and resources, and making compliance 
principles an active part of the practice culture, a physician practice 
can help prevent and reduce erroneous or fraudulent conduct in its 
practice. These efforts can also streamline and improve the business 
operations within the practice and therefore innoculate itself against 
future problems.

    Dated: September 27, 2000.
June Gibbs Brown,
Inspector General.

Appendix A: Additional Risk Areas

    Appendix A describes additional risk areas that a physician 
practice may wish to address during the development of its 
compliance program. If any of the following risk areas are 
applicable to the practice, the practice may want to consider 
addressing the risk areas by incorporating them into the practice's 
written standards and procedures manual and addressing them in its 
training program.

I. Reasonable and Necessary Services

A. Local Medical Review Policy

    An area of concern for physicians relating to determinations of 
reasonable and necessary services is the variation in local medical 
review policies (LMRPs) among carriers. Physicians are supposed to 
bill the Federal health care programs only for items and services 
that are reasonable and necessary. However, in order to determine 
whether an item or service is reasonable and necessary under 
Medicare guidelines, the physician must apply the appropriate 
LMRP.\1\
---------------------------------------------------------------------------

    \1\ HCFA has recently developed a web site which, when completed 
by the end of the year 2000, will contain the LMRPs for each of the 
contractors across the country. The web site can be accessed at 
http://www.lmrp.net.
---------------------------------------------------------------------------

    With the exception of claims that are properly coded and 
submitted to Medicare solely for the purpose of obtaining a written 
denial, physician practices are to bill the Federal health programs 
only for items and services that are covered. In order to determine 
if an item or service is covered for Medicare, a physician practice 
must be knowledgeable of the LMRPs applicable to its practice's 
jurisdiction. The practice may contact its carrier to request a copy 
of the pertinent LMRPs, and once the practice receives the copies, 
they can be incorporated into the practice's written standards and 
procedures manual. When the LMRP indicates that an item or service 
may not be covered by Medicare, the physician practice is 
responsible to convey this information to the patient so that the 
patient can make an informed decision concerning the health care 
services he/she may want to receive. Physician practices convey this 
information through Advance Beneficiary Notices (ABNs).

B. Advance Beneficiary Notices

    Physicians are required to provide ABNs before they provide 
services that they know or believe Medicare does not consider 
reasonable and necessary. (The one exception to this requirement is 
for services that are performed pursuant to EMTALA requirements as 
described in section II.A). A properly executed ABN acknowledges 
that coverage is uncertain or yet to be determined, and stipulates 
that the patient promises to pay the bill if Medicare does not. 
Patients who are not notified before they receive such services are 
not responsible for payment. The ABN must be sufficient to put the 
patient on notice of the reasons why the physician believes that the 
payment may be denied. The objective is to give the patient 
sufficient information to allow an informed choice as to whether to 
pay for the service.
    Accordingly, each ABN should:

I. Be in writing;
II. Identify the specific service that may be denied (procedure name 
and CPT/HCPC code is recommended);
III. State the specific reason why the physician believes that 
service may be denied; and
IV. Be signed by the patient acknowledging that the required 
information was provided and that the patient assumes responsibility 
to pay for the service.

    The Medicare Carrier's Manual \2\ provides that an ABN will not 
be acceptable if: (1) The patient is asked to sign a blank ABN form; 
or (2) the ABN is used routinely without regard to a particularized 
need. The routine use of ABNs is generally prohibited because the 
ABN must state the specific reason the physician anticipates that 
the specific service will not be covered.
---------------------------------------------------------------------------

    \2\ The relevant manual provisions are located at MCM, Part III, 
Secs. 7300 and 7320. This section of the manual also includes the 
carrier's recommended form of an ABN.
---------------------------------------------------------------------------

    A common risk area associated with ABNs is in regard to 
diagnostic tests or services. There are three steps that a physician 
practice can take to help ensure it is in compliance with the 
regulations concerning ABNs for diagnostic tests or services:
1. Determine which tests are not covered under national coverage 
rules;
2. Determine which tests are not covered under local coverage rules 
such as LMRPs (contact the practice's carrier to see if a listing 
has been assembled); and
3. Determine which tests are only covered for certain diagnoses.
    The OIG is aware that the use of ABNs is an area where physician 
practices experience numerous difficulties. Practices can help to 
reduce problems in this area by educating their physicians and 
office staff on the correct use of ABNs, obtaining guidance from the 
carrier regarding their interpretation of whether an ABN is 
necessary where the service is not covered, developing a standard 
form for all diagnostic tests (most carriers have a developed 
model), and developing a process for handling patients who refuse to 
sign ABNs.

C. Physician Liability for Certifications in the Provision of 
Medical Equipment and Supplies and Home Health Services

    In January 1999, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG web site at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.
    The OIG issued the Special Fraud Alert to reiterate to 
physicians the legal and programmatic significance of physician 
certifications made in connection with the ordering of certain items 
and services for Medicare patients. In light of information obtained 
through OIG provider audits, the OIG deemed it necessary to remind 
physicians that they may be subject to criminal, civil and 
administrative penalties for signing a certification when they know 
that the information is false or for signing a certification with 
reckless disregard as to the truth of the information. (See Appendix 
B and Appendix C for more detailed information on the applicable 
statutes).
    Medicare has conditioned payment for many items and services on 
a certification signed by a physician attesting that the physician 
has reviewed the patient's condition and has determined that an item 
or service is reasonable and necessary. Because Medicare primarily 
relies on the professional judgment of the treating physician to 
determine the reasonable and necessary nature of a given service or 
supply, it is important that physicians provide complete and 
accurate information on any certifications they sign. Physician 
certification is obtained through a variety of forms, including 
prescriptions, orders, and Certificates of Medical Necessity (CMNs). 
Two areas where physician certification as to whether an item or 
service is reasonable and necessary is essential and which are 
vulnerable to abuse are: (1) Home health services; and (2) durable 
medical equipment.
    By signing a CMN, the physician represents that:

1. He or she is the patient's treating physician and that the 
information regarding the physician's address and unique physician 
identification number (UPIN) is correct;
2. the entire CMN, including the sections filled out by the 
supplier, was completed prior to the physician's signature; and
3. the information in section B relating to whether the item or 
service is reasonable and necessary is true, accurate, and complete 
to the best of the physician's knowledge.

    Activities such as signing blank CMNs, signing a CMN without 
seeing the patient to verify the item or service is reasonable and 
necessary, and signing a CMN for a service that the physician knows 
is not reasonable and necessary are activities that can lead to 
criminal, civil and administrative penalties.
    Ultimately, it is advised that physicians carefully review any 
form of certification (order, prescription or CMN) before signing it 
to verify that the information contained in the certification is 
both complete and accurate.

[[Page 59446]]

D. Billing for Non-covered Services as if Covered

    In some instances, we are aware that physician practices submit 
claims for services in order to receive a denial from the carrier, 
thereby enabling the patient to submit the denied claim for payment 
to a secondary payer.
    A common question relating to this risk area is: If the medical 
services provided are not covered under Medicare, but the secondary 
or supplemental insurer requires a Medicare rejection in order to 
cover the services, then would the original submission of the claim 
to Medicare be considered fraudulent? Under the applicable 
regulations, the OIG would not consider such submissions to be 
fraudulent. For example, the denial may be necessary to establish 
patient liability protections as stated in section 1879 of the 
Social Security Act (the Act) (codified at 42 U.S.C. 1395pp). As 
stated, Medicare denials may also be required so that the patient 
can seek payment from a secondary insurer. In instances where a 
claim is being submitted to Medicare for this purpose, the physician 
should indicate on the claim submission that the claim is being 
submitted for the purpose of receiving a denial, in order to bill a 
secondary insurance carrier. This step should assist carriers and 
prevent inadvertent payments to which the physician is not entitled.
    In some instances, however, the carrier pays the claim even 
though the service is non-covered, and even though the physician did 
not intend for payment to be made. When this occurs, the physician 
has a responsibility to refund the amount paid and indicate that the 
service is not covered.

II. Physician Relationships with Hospitals

A. The Physician Role in EMTALA

    The Emergency Medical Treatment and Active Labor Act (EMTALA), 
42 U.S.C. 1395dd, is an area that has been receiving increasing 
scrutiny. The statute is intended to ensure that all patients who 
come to the emergency department of a hospital receive care, 
regardless of their insurance or ability to pay. Both hospitals and 
physicians need to work together to ensure compliance with the 
provisions of this law.
    The statute imposes three fundamental requirements upon 
hospitals that participate in the Medicare program with regard to 
patients requesting emergency care. First, the hospital must conduct 
an appropriate medical screening examination to determine if an 
emergency medical condition exists.\3\ Second, if the hospital 
determines that an emergency medical condition exists, it must 
either provide the treatment necessary to stabilize the emergency 
medical condition or comply with the statute's requirements to 
effect a proper transfer of a patient whose condition has not been 
stabilized.\4\ A hospital is considered to have met this second 
requirement if an individual refuses the hospital's offer of 
additional examination or treatment, or refuses to consent to a 
transfer, after having been informed of the risks and benefits.\5\
---------------------------------------------------------------------------

    \3\ See 42 U.S.C. 1395dd(a).
    \4\ See 42 U.S.C. 1395dd(b)(1).
    \5\ See 42 U.S.C. 1395dd(b)(2) and (3).
---------------------------------------------------------------------------

    If an individual's emergency medical condition has not been 
stabilized, the statute's third requirement is activated. A hospital 
may not transfer an individual with an unstable emergency medical 
condition unless: (1) The individual or his or her representative 
makes a written request for transfer to another medical facility 
after being informed of the risk of transfer and the transferring 
hospital's obligation under the statute to provide additional 
examination or treatment; (2) a physician has signed a certification 
summarizing the medical risks and benefits of a transfer and 
certifying that, based upon the information available at the time of 
transfer, the medical benefits reasonably expected from the transfer 
outweigh the increased risks; or (3) if a physician is not 
physically present when the transfer decision is made, a qualified 
medical person signs the certification after the physician, in 
consultation with the qualified medical person, has made the 
determination that the benefits of transfer outweigh the increased 
risks. The physician must later countersign the certification.\6\
---------------------------------------------------------------------------

    \6\ See 42 U.S.C. 1395dd(c)(1)(A).
---------------------------------------------------------------------------

    Physician and/or hospital misconduct may result in violations of 
the statute.\7\ One area of particular concern is physician on-call 
responsibilities. Physician practices whose members serve as on-call 
emergency room physicians with hospitals are advised to familiarize 
themselves with the hospital's policies regarding on-call 
physicians. This can be done by reviewing the medical staff bylaws 
or policies and procedures of the hospital that must define the 
responsibility of on-call physicians to respond to, examine, and 
treat patients with emergency medical conditions. Physicians should 
also be aware of the requirement that, when medically indicated, on-
call physicians must generally come to the hospital to examine the 
patient. The exception to this requirement is that a patient may be 
sent to see the on-call physician at a hospital-owned contiguous or 
on-campus facility to conduct or complete the medical screening 
examination as long as:
---------------------------------------------------------------------------

    \7\ Hospitals and physicians, including on-call physicians, who 
violate the statute may face penalties that include civil fines of 
up to $50,000 (or not more than $25,000 in the case of a hospital 
with less than 100 beds) per violation, and physicians may be 
excluded from participation in the Federal health care programs.
---------------------------------------------------------------------------

1. All persons with the same medical condition are moved to this 
location;
2. there is a bona fide medical reason to move the patient; and
3. qualified medical personnel accompany the patient.

B. Teaching Physicians

    Special regulations apply to teaching physicians' billings. 
Regulations provide that services provided by teaching physicians in 
teaching settings are generally payable under the physician fee 
schedule only if the services are personally furnished by a 
physician who is not a resident or the services are furnished by a 
resident in the presence of a teaching physician.\8\
    Unless a service falls under a specified exception, such as the 
Primary Care Exception,\9\ the teaching physician must be present 
during the key portion of any service or procedure for which payment 
is sought.\10\ Physicians should ensure the following with respect 
to services provided in the teaching physician setting \11\
---------------------------------------------------------------------------

    \8\ 42 CFR 415.150 through 415.190.
    \9\ 42 CFR 415.174.
    \10\ Id.
    \11\ This section is not intended to be and is not a complete 
reference for teaching physicians. It is strongly recommended that 
those physicians who practice in a teaching setting consult their 
respective hospitals for more guidance.
---------------------------------------------------------------------------

     Only services actually provided are billed;
     Every physician who provides or supervises the 
provision of services to a patient is responsible for the correct 
documentation of the services that were rendered;
     Every physician is responsible for assuring that in 
cases where the physician provides evaluation and management (E&M) 
services, a patient's medical record includes appropriate 
documentation of the applicable key components of the E&M services 
provided or supervised by the physician (e.g., patient history, 
physician examination, and medical decision making), as well as 
documentation to adequately reflect the procedure or portion of the 
services provided by the physician; and
     Unless specifically excepted by regulation, every 
physician must document his or her presence during the key portion 
of any service or procedure for which payment is sought.

C. Gainsharing Arrangements and Civil Monetary Penalties for 
Hospital Payments to Physicians to Reduce or Limit Services to 
Beneficiaries

    In July 1999, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG web site at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.
    The term ``gainsharing'' typically refers to an arrangement in 
which a hospital gives a physician a percentage share of any 
reduction in the hospital's costs for patient care attributable in 
part to the physician's efforts. The civil monetary penalty (CMP) 
that applies to gainsharing arrangements is set forth in 42 U.S.C. 
1320a-7a(b)(1). This section prohibits any hospital or critical 
access hospital from knowingly making a payment directly or 
indirectly to a physician as an inducement to reduce or limit 
services to Medicare or Medicaid beneficiaries under a physician's 
care.
    It is the OIG's position that the Civil Monetary Penalties Law 
clearly prohibits any gainsharing arrangements that involve payments 
by, or on behalf of, a hospital to physicians with clinical care 
responsibilities to induce a reduction or limitation of services to 
Medicare or Medicaid beneficiaries. However, hospitals and 
physicians are not prohibited from working together to reduce 
unnecessary hospital costs through other

[[Page 59447]]

arrangements. For example, hospitals and physicians may enter into 
personal services contracts where hospitals pay physicians based on 
a fixed fee at fair market value for services rendered to reduce 
costs rather than a fee based on a share of cost savings.

D. Physician Incentive Arrangements

    The OIG has identified potentially illegal practices involving 
the offering of incentives by entities in an effort to recruit and 
retain physicians. The OIG is concerned that the intent behind 
offering incentives to physicians may not be to recruit physicians, 
but instead the offer is intended as a kickback to obtain and 
increase patient referrals from physicians. These recruitment 
incentive arrangements are implicated by the Anti-Kickback Statute 
because they can constitute remuneration offered to induce, or in 
return for, the referral of business paid for by Medicare or 
Medicaid.
    Some examples of questionable incentive arrangements are:
     Provision of free or significantly discounted billing, 
nursing, or other staff services.
     Payment of the cost of a physician's travel and 
expenses for conferences.
     Payment for a physician's services that require few, if 
any, substantive duties by the physician.
     Guarantees that if the physician's income fails to 
reach a predetermined level, the entity will supplement the 
remainder up to a certain amount.

III. Physician Billing Practices

A. Third-Party Billing Services

    Physicians should remember that they remain responsible to the 
Medicare program for bills sent in the physician's name or 
containing the physician's signature, even if the physician had no 
actual knowledge of a billing impropriety. The attestation on the 
HCFA 1500 form, i.e., the physician's signature line, states that 
the physician's services were billed properly. In other words, it is 
no defense for the physician if the physician's billing service 
improperly bills Medicare.
    One of the most common risk areas involving billing services 
deals with physician practices contracting with billing services on 
a percentage basis. Although percentage based billing arrangements 
are not illegal per se, the Office of Inspector General has a 
longstanding concern that such arrangements may increase the risk of 
intentional upcoding and similar abusive billing practices.\12\
---------------------------------------------------------------------------

    \12\ This concern is noted in Advisory Opinion No. 98-4 and also 
the Office of Inspector General Compliance Program Guidance for 
Third-Party Medical Billing Companies. Both are available on the OIG 
web site at http://www.hhs.gov/oig.
---------------------------------------------------------------------------

    A physician may contract with a billing service on a percentage 
basis. However, the billing service cannot directly receive the 
payment of Medicare funds into a bank account that it solely 
controls. Under 42 U.S.C. 1395u(b)(6), Medicare payments can only be 
made to either the beneficiary or a party (such as a physician) that 
furnished the services and accepted assignment of the beneficiary's 
claim. A billing service that contracts on a percentage basis does 
not qualify as a party that furnished services to a beneficiary, 
thus a billing service cannot directly receive payment of Medicare 
funds. According to the Medicare Carriers Manual Section 3060(A), a 
payment is considered to be made directly to the billing service if 
the service can convert the payment to its own use and control 
without the payment first passing through the control of the 
physician. For example, the billing service should not bill the 
claims under its own name or tax identification number. The billing 
service should bill claims under the physician's name and tax 
identification number. Nor should a billing service receive the 
payment of Medicare funds directly into a bank account over which 
the billing service maintains sole control. The Medicare payments 
should instead be deposited into a bank account over which the 
provider has signature control.
    Physician practices should review the third-party medical 
billing guidance for additional information on third-party billing 
companies and the compliance risk areas associated with billing 
companies.

B. Billing Practices by Non-Participating Physicians

    Even though nonparticipating physicians do not accept payment 
directly from the Medicare program, there are a number of laws that 
apply to the billing of Medicare beneficiaries by non-participating 
physicians.

Limiting Charges

    42 U.S.C. 1395w-4(g) prohibits a nonparticipating physician from 
knowingly and willfully billing or collecting on a repeated basis an 
actual charge for a service that is in excess of the Medicare 
limiting charge. For example, a nonparticipating physician may not 
bill a Medicare beneficiary $50 for an office visit when the 
Medicare limiting charge for the visit is $25. Additionally, there 
are numerous provisions that prohibit nonparticipating physicians 
from knowingly and willfully charging patients in excess of the 
statutory charge limitations for certain specified procedures, such 
as cataract surgery, mammography screening and coronary artery 
bypass surgery. Failure to comply with these sections can result in 
a fine of up to $10,000 per violation or exclusion from 
participation in Federal health care programs for up to 5 years.

Refund of Excess Charges

    42 U.S.C. 1395w-4(g) mandates that if a nonparticipating 
physician collects an actual charge for a service that is in excess 
of the limiting charge, the physician must refund the amount 
collected above the limiting charge to the individual within 30 days 
notice of the violation. For example, if a physician collected $50 
from a Medicare beneficiary for an office visit, but the limiting 
charge for the visit was $25, the physician must refund $25 to the 
beneficiary, which is the difference between the amount collected 
($50) and the limiting charge ($25). Failure to comply with this 
requirement may result in a fine of up to $10,000 per violation or 
exclusion from participation in Federal health care programs for up 
to 5 years.
    Specifically, 42 U.S.C. 1395u(l)(A)(iii) mandates that a 
nonparticipating physician must refund payments received from a 
Medicare beneficiary if it is later determined by a Peer Review 
Organization or a Medicare carrier that the services were not 
reasonable and necessary. Failure to comply with this requirement 
may result in a fine of up to $10,000 per violation or exclusion 
from participation in Federal health care programs for up to 5 
years.

C. Professional Courtesy

    The term ``professional courtesy'' is used to describe a number 
of analytically different practices. The traditional definition is 
the practice by a physician of waiving all or a part of the fee for 
services provided to the physician's office staff, other physicians, 
and/or their families. In recent times, ``professional courtesy'' 
has also come to mean the waiver of coinsurance obligations or other 
out-of-pocket expenses for physicians or their families (i.e., 
``insurance only'' billing), and similar payment arrangements by 
hospitals or other institutions for services provided to their 
medical staffs or employees. While only the first of these practices 
is truly ``professional courtesy,'' in the interests of clarity and 
completeness, we will address all three.
    In general, whether a professional courtesy arrangement runs 
afoul of the fraud and abuse laws is determined by two factors: (i) 
How the recipients of the professional courtesy are selected; and 
(ii) how the professional courtesy is extended. If recipients are 
selected in a manner that directly or indirectly takes into account 
their ability to affect past or future referrals, the anti-kickback 
statute--which prohibits giving anything of value to generate 
Federal health care program business--may be implicated. If the 
professional courtesy is extended through a waiver of copayment 
obligations (i.e., ``insurance only'' billing), other statutes may 
be implicated, including the prohibition of inducements to 
beneficiaries, section 1128A(a)(5) of the Act (codified at 42 U.S.C. 
1320a-7a(a)(5)). Claims submitted as a result of either practice may 
also implicate the civil False Claims Act.
    The following are general observations about professional 
courtesy arrangements for physician practices to consider:
     A physician's regular and consistent practice of 
extending professional courtesy by waiving the entire fee for 
services rendered to a group of persons (including employees, 
physicians, and/or their family members) may not implicate any of 
the OIG's fraud and abuse authorities so long as membership in the 
group receiving the courtesy is determined in a manner that does not 
take into account directly or indirectly any group member's ability 
to refer to, or otherwise generate Federal health care program 
business for, the physician.
     A physician's regular and consistent practice of 
extending professional courtesy by waiving otherwise applicable 
copayments for services rendered to a group of persons (including 
employees, physicians, and/or their family members), would not 
implicate the anti-kickback statute so long as membership in the 
group is determined in a

[[Page 59448]]

manner that does not take into account directly or indirectly any 
group member's ability to refer to, or otherwise generate Federal 
health care program business for, the physician.
     Any waiver of copayment practice, including that 
described in the preceding bullet, does implicate section 
1128A(a)(5) of the Act if the patient for whom the copayment is 
waived is a Federal health care program beneficiary who is not 
financially needy.
    The legality of particular professional courtesy arrangements 
will turn on the specific facts presented, and, with respect to the 
anti-kickback statute, on the specific intent of the parties. A 
physician practice may wish to consult with an attorney if it is 
uncertain about its professional courtesy arrangements.

IV. Other Risk Areas

A. Rental of Space in Physician Offices by Persons or Entities to 
Which Physicians Refer

    In February 2000, the OIG issued a Special Fraud Alert on this 
topic, which is available on the OIG web site at www.hhs.gov/oig/frdalrt/index.htm. The following is a summary of the Special Fraud 
Alert.
    Among various relationships between physicians and labs, 
hospitals, home health agencies, etc., the OIG has identified 
potentially illegal practices involving the rental of space in a 
physician's office by suppliers that provide items or services to 
patients who are referred or sent to the supplier by the physician-
landlord. An example of a suspect arrangement is the rental of 
physician office space by a durable medical equipment (DME) supplier 
in a position to benefit from referrals of the physician's patients. 
The OIG is concerned that in such arrangements the rental payments 
may be disguised kickbacks to the physician-landlord to induce 
referrals.

Space Rental Safe Harbor to the Anti-Kickback Statute

    To avoid potentially violating the anti-kickback statute, the 
OIG recommends that rental agreements comply with all of the 
following criteria for the space rental safe harbor:
     The agreement is set out in writing and signed by the 
parties.
     The agreement covers all of the space rented by the 
parties for the term of the agreement and specifies the space 
covered by the agreement.
     If the agreement is intended to provide the lessee with 
access to the space for periodic intervals of time rather than on a 
full-time basis for the term of the rental agreement, the rental 
agreement specifies exactly the schedule of such intervals, the 
precise length of each interval, and the exact rent for each 
interval.
     The term of the rental agreement is for not less than 
one year.
     The aggregate rental charge is set in advance, is 
consistent with fair market value, and is not determined in a manner 
that takes into account the volume or value of any referrals or 
business otherwise generated between the parties for which payment 
may be made in whole or in part under Medicare or a State health 
care program.
     The aggregate space rented does not exceed that which 
is reasonably necessary to accomplish the commercially reasonable 
business purpose of the rental.

B. Unlawful Advertising

    42 U.S.C. 1320b-10 makes it unlawful for any person to advertise 
using the names, abbreviations, symbols, or emblems of the Social 
Security Administration, Health Care Financing Administration, 
Department of Health and Human Services, Medicare, Medicaid or any 
combination or variation of such words, abbreviations, symbols or 
emblems in a manner that such person knows or should know would 
convey the false impression that the advertised item is endorsed by 
the named entities. For instance, a physician may not place an ad in 
the newspaper that reads ``Dr. X is a cardiologist approved by both 
the Medicare and Medicaid programs.'' A violation of this section 
may result in a penalty of up to $5,000 ($25,000 in the case of a 
broadcast or telecast) for each violation.

Appendix B: Criminal Statutes

    This Appendix contains a description of criminal statutes 
related to fraud and abuse in the context of health care. The 
Appendix is not intended to be a compilation of all Federal statutes 
related to health care fraud and abuse. It is merely a summary of 
some of the more frequently cited Federal statutes.

I. Health Care Fraud (18 U.S.C. 1347)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully execute (or attempt to 
execute) a scheme to defraud any health care benefit program, or to 
obtain money or property from a health care benefit program through 
false representations. Note that this law applies not only to 
Federal health care programs, but to most other types of health care 
benefit programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of fines, imprisonment of 
up to 10 years, or both. If the violation results in serious bodily 
injury, the prison term may be increased to a maximum of 20 years. 
If the violation results in death, the prison term may be expanded 
to include any number of years, or life imprisonment.

Examples

    1. Dr. X, a chiropractor, intentionally billed Medicare for 
physical therapy and chiropractic treatments that he never actually 
rendered for the purpose of fraudulently obtaining Medicare 
payments.
    2. Dr. X, a psychiatrist, billed Medicare, Medicaid, TRICARE, 
and private insurers for psychiatric services that were provided by 
his nurses rather than himself.

II. Theft or Embezzlement in Connection with Health Care (18 U.S.C. 
669)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully embezzle, steal or 
intentionally misapply any of the assets of a health care benefit 
program. Note that this law applies not only to Federal health care 
programs, but to most other types of health care benefit programs as 
well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 10 years, or both. If the value of the asset is $100 or 
less, the penalty is a fine, imprisonment of up to a year, or both.

Example

    An office manager for Dr. X knowingly embezzles money from the 
bank account for Dr. X's practice. The bank account includes 
reimbursement received from the Medicare program; thus, intentional 
embezzlement of funds from this account is a violation of the law.

III. False Statements Relating to Health Care Matters (18 U.S.C. 1035)

Description of Unlawful Conduct

    It is a crime to knowingly and willfully falsify or conceal a 
material fact, or make any materially false statement or use any 
materially false writing or document in connection with the delivery 
of or payment for health care benefits, items or services. Note that 
this law applies not only to Federal health care programs, but to 
most other types of health care benefit programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Example

    Dr. X certified on a claim form that he performed laser surgery 
on a Medicare beneficiary when he knew that the surgery was not 
actually performed on the patient.

IV. Obstruction of Criminal Investigations of Health Care Offenses (18 
U.S.C. 1518)

Description of Unlawful Conduct

    It is a crime to willfully prevent, obstruct, mislead, delay or 
attempt to prevent, obstruct, mislead, or delay the communication of 
records relating to a Federal health care offense to a criminal 
investigator. Note that this law applies not only to Federal health 
care programs, but to most other types of health care benefit 
programs as well.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Examples

    1. Dr. X instructs his employees to tell OIG investigators that 
Dr. X personally performs all treatments when, in fact, medical 
technicians do the majority of the treatment and Dr. X is rarely 
present in the office.
    2. Dr. X was under investigation by the FBI for reported 
fraudulent billings. Dr. X altered patient records in an attempt to 
cover up the improprieties.

[[Page 59449]]

V. Mail and Wire Fraud (18 U.S.C. 1341 and 1343)

Description of Unlawful Conduct

    It is a crime to use the mail, private courier, or wire service 
to conduct a scheme to defraud another of money or property. The 
term ``wire services'' includes the use of a telephone, fax machine 
or computer. Each use of a mail or wire service to further 
fraudulent activities is considered a separate crime. For instance, 
each fraudulent claim that is submitted electronically to a carrier 
would be considered a separate violation of the law.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine, imprisonment 
of up to 5 years, or both.

Examples

    1. Dr. X knowingly and repeatedly submits electronic claims to 
the Medicare carrier for office visits that he did not actually 
provide to Medicare beneficiaries with the intent to obtain payments 
from Medicare for services he never performed.
    2. Dr. X, a neurologist, knowingly submitted claims for tests 
that were not reasonable and necessary and intentionally upcoded 
office visits and electromyograms to Medicare.

VI. Criminal Penalties for Acts Involving Federal Health Care Programs 
(42 U.S.C. 1320a-7b)

Description of Unlawful Conduct

False Statement and Representations

    It is a crime to knowingly and willfully:
    (1) make, or cause to be made, false statements or 
representations in applying for benefits or payments under all 
Federal health care programs;
    (2) make, or cause to be made, any false statement or 
representation for use in determining rights to such benefit or 
payment;
    (3) conceal any event affecting an individual's initial or 
continued right to receive a benefit or payment with the intent to 
fraudulently receive the benefit or payment either in an amount or 
quantity greater than that which is due or authorized;
    (4) convert a benefit or payment to a use other than for the use 
and benefit of the person for whom it was intended;
    (5) present, or cause to be presented, a claim for a physician's 
service when the service was not furnished by a licensed physician;
    (6) for a fee, counsel an individual to dispose of assets in 
order to become eligible for medical assistance under a State health 
program, if disposing of the assets results in the imposition of an 
ineligibility period for the individual.

Anti-Kickback Statute

    It is a crime to knowingly and willfully solicit, receive, 
offer, or pay remuneration of any kind (e.g., money, goods, 
services):
     for the referral of an individual to another for the 
purpose of supplying items or services that are covered by a Federal 
health care program; or
     for purchasing, leasing, ordering, or arranging for any 
good, facility, service, or item that is covered by a Federal health 
care program.
    There are a number of limited exceptions to the law, also known 
as ``safe harbors,'' which provide immunity from criminal 
prosecution and which are described in greater detail in the statute 
and related regulations (found at 42 CFR 1001.952 and www.hhs.gov/oig/ak). Current safe harbors include:
     investment interests;
     space rental;
     equipment rental;
     personal services and management contracts;
     sale of practice;
     referral services;
     warranties;
     discounts;
     employment relationships;
     waiver of Part A co-insurance and deductible amounts;
     group purchasing organizations;
     increased coverage or reduced cost sharing under a 
risk-basis or prepaid plan; and
     charge reduction agreements with health plans.

Penalty for Unlawful Conduct

    The penalty may include the imposition of a fine of up to 
$25,000, imprisonment of up to 5 years, or both. In addition, the 
provider can be excluded from participation in Federal health care 
programs. The regulations defining the aggravating and mitigating 
circumstances that must be reviewed by the OIG in making an 
exclusion determination are set forth in 42 CFR part 1001.

Examples

    1. Dr. X accepted payments to sign Certificates of Medical 
Necessity for durable medical equipment for patients she never 
examined.
    2. Home Health Agency disguises referral fees as salaries by 
paying referring physician Dr. X for services Dr. X never rendered 
to the Medicare beneficiaries or by paying Dr. X a sum in excess of 
fair market value for the services he rendered to the Medicare 
beneficiaries.

Appendix C: Civil and Administrative Statutes

    This Appendix contains a description of civil and administrative 
statutes related to fraud and abuse in the context of health care. 
The Appendix is not intended to be a compilation of all federal 
statutes related to health care fraud and abuse. It is merely a 
summary of some of the more frequently cited Federal statutes.

I. The False Claims Act (31 U.S.C. 3729-3733)

Description of Unlawful Conduct

    This is the law most often used to bring a case against a health 
care provider for the submission of false claims to a Federal health 
care program. The False Claims Act prohibits knowingly presenting 
(or causing to be presented) to the Federal Government a false or 
fraudulent claim for payment or approval. Additionally, it prohibits 
knowingly making or using (or causing to be made or used) a false 
record or statement to get a false or fraudulent claim paid or 
approved by the Federal Government or its agents, like a carrier, 
other claims processor, or State Medicaid program.

Definitions

    False Claim--A ``false claim'' is a claim for payment for 
services or supplies that were not provided specifically as 
presented or for which the provider is otherwise not entitled to 
payment. Examples of false claims for services or supplies that were 
not provided specifically as presented include, but are not limited 
to:
     a claim for a service or supply that was never 
provided.
     a claim indicating the service was provided for some 
diagnosis code other than the true diagnosis code in order to obtain 
reimbursement for the service (which would not be covered if the 
true diagnosis code were submitted).
     a claim indicating a higher level of service than was 
actually provided.
     a claim for a service that the provider knows is not 
reasonable and necessary.
     a claim for services provided by an unlicensed 
individual.
    Knowingly--To ``knowingly'' present a false or fraudulent claim 
means that the provider: (1) Has actual knowledge that the 
information on the claim is false; (2) acts in deliberate ignorance 
of the truth or falsity of the information on the claim; or (3) acts 
in reckless disregard of the truth or falsity of the information on 
the claim. It is important to note the provider does not have to 
deliberately intend to defraud the Federal Government in order to be 
found liable under this Act. The provider need only ``knowingly'' 
present a false or fraudulent claim in the manner described above.
    Deliberate Ignorance--To act in ``deliberate ignorance'' means 
that the provider has deliberately chosen to ignore the truth or 
falsity of the information on a claim submitted for payment, even 
though the provider knows, or has notice, that information may be 
false. An example of a provider who submits a false claim with 
deliberate ignorance would be a physician who ignores provider 
update bulletins and thus does not inform his/her staff of changes 
in the Medicare billing guidelines or update his/her billing system 
in accordance with changes to the Medicare billing practices. When 
claims for non-reimbursable services are submitted as a result, the 
False Claims Act has been violated.
    Reckless Disregard--To act in ``reckless disregard'' means that 
the provider pays no regard to whether the information on a claim 
submitted for payment is true or false. An example of a provider who 
submits a false claim with reckless disregard would be a physician 
who assigns the billing function to an untrained office person 
without inquiring whether the employee has the requisite knowledge 
and training to accurately file such claims.

[[Page 59450]]

Penalty for Unlawful Conduct

    The penalty for violating the False Claims Act is a minimum of 
$5,500 up to a maximum of $11,000 for each false claim submitted. In 
addition to the penalty, a provider could be found liable for 
damages of up to three times the amount unlawfully claimed.

Examples

     A physician submitted claims to Medicare and Medicaid 
representing that he had personally performed certain services when, 
in reality, the services were performed by a nonphysician and they 
were not reimbursable under the Federal health care programs.
     Dr. X intentionally upcoded office visits and 
angioplasty consultations that were submitted for payment to 
Medicare.
     Dr. X, a podiatrist, knowingly submitted claims to the 
Medicare and Medicaid programs for non-routine surgical procedures 
when he actually performed routine, non-covered services such as the 
cutting and trimming of toenails and the removal of corns and 
calluses.

II. Civil Monetary Penalties Law (42 U.S.C. 1320a-7a)

Description of Unlawful Conduct

    The Civil Monetary Penalties Law (CMPL) is a comprehensive 
statute that covers an array of fraudulent and abusive activities 
and is very similar to the False Claims Act. For instance, the CMPL 
prohibits a health care provider from presenting, or causing to be 
presented, claims for services that the provider ``knows or should 
know'' were:
     not provided as indicated by the coding on the claim;
     not medically necessary;
     furnished by a person who is not licensed as a 
physician (or who was not properly supervised by a licensed 
physician);
     furnished by a licensed physician who obtained his or 
her license through misrepresentation of a material fact (such as 
cheating on a licensing exam);
     furnished by a physician who was not certified in the 
medical specialty that he or she claimed to be certified in; or
     furnished by a physician who was excluded from 
participation in the Federal health care program to which the claim 
was submitted.
    Additionally, the CMPL contains various other prohibitions, 
including:
     offering remuneration to a Medicare or Medicaid 
beneficiary that the person knows or should know is likely to 
influence the beneficiary to obtain items or services billed to 
Medicare or Medicaid from a particular provider;
     employing or contracting with an individual or entity 
that the person knows or should know is excluded from participation 
in a Federal health care program.
    The term ``should know'' means that a provider: (1) Acted in 
deliberate ignorance of the truth or falsity of the information; or 
(2) acted in reckless disregard of the truth or falsity of the 
information. The Federal Government does not have to show that a 
provider specifically intended to defraud a Federal health care 
program in order to prove a provider violated the statute.

Penalty for Unlawful Conduct

    Violation of the CMPL may result in a penalty of up to $10,000 
per item or service and up to three times the amount unlawfully 
claimed. In addition, the provider may be excluded from 
participation in Federal health care programs. The regulations 
defining the aggravating and mitigating circumstances that must be 
reviewed by the OIG in making an exclusion determination are set 
forth in 42 CFR part 1001.

Examples

    1. Dr. X paid Medicare and Medicaid beneficiaries $20 each time 
they visited him to receive services and have tests performed that 
were not preventive care services and tests.
    2. Dr. X hired Physician Assistant P to provide services to 
Medicare and Medicaid beneficiaries without conducting a background 
check on P. Had Dr. X performed a background check by reviewing the 
HHS-OIG List of Excluded Individuals/Entities, Dr. X would have 
discovered that he should not hire P because P is excluded from 
participation in Federal health care programs for a period of 5 
years.
    3. Dr. X and his oximetry company billed Medicare for pulse 
oximetry that they knew they did not perform and services that had 
been intentionally upcoded.

III. Limitations on Certain Physician Referrals (``Stark Laws'') (42 
U.S.C. 1395nn)

Description of Unlawful Conduct

    Physicians (and immediate family members) who have an ownership, 
investment or compensation relationship with an entity providing 
``designated health services'' are prohibited from referring 
patients for these services where payment may be made by a Federal 
health care program unless a statutory or regulatory exception 
applies. An entity providing a designated health service is 
prohibited from billing for the provision of a service that was 
provided based on a prohibited referral. Designated health services 
include: clinical laboratory services; physical therapy services; 
occupational therapy services; radiology services, including 
magnetic resonance imaging, axial tomography scans, and ultrasound 
services; radiation therapy services and supplies; durable medical 
equipment and supplies; parenteral and enteral nutrients, equipment 
and supplies; prosthetics, orthotics, prosthetic devices and 
supplies; home health services; outpatient prescription drugs; and 
inpatient and outpatient hospital services.
    New regulations clarifying the exceptions to the Stark Laws are 
expected to be issued by HCFA shortly. Current exceptions 
articulated within the Stark Laws include the following, provided 
all conditions of each exception as set forth in the statute and 
regulations are satisfied.

Exceptions for Ownership or Compensation Arrangements

     physician's services;
     in-office ancillary services; and
     prepaid plans.

Exceptions for Ownership or Investment in Publicly Traded 
Securities and Mutual Funds

     ownership of investment securities which may be 
purchased on terms generally available to the public;
     ownership of shares in a regulated investment company 
as defined by Federal law, if such company had, at the end of the 
company's most recent fiscal year, or on average, during the 
previous 3 fiscal years, total assets exceeding $75,000,000;
     hospital in Puerto Rico;
     rural provider; and
     hospital ownership (whole hospital exception).

Exceptions Relating to Other Compensation Arrangements

     rental of office space and rental of equipment;
     bona fide employment relationship;
     personal service arrangement;
     remuneration unrelated to the provision of designated 
health services;
     physician recruitment;
     isolated transactions;
     certain group practice arrangements with a hospital 
(pre-1989); and
     payments by a physician for items and services.

Penalty for Unlawful Conduct

    Violations of the statute subject the billing entity to denial 
of payment for the designated health services, refund of amounts 
collected from improperly submitted claims, and a civil monetary 
penalty of up to $15,000 for each improper claim submitted. 
Physicians who violate the statute may also be subject to additional 
fines per prohibited referral. In addition, providers that enter 
into an arrangement that they know or should know circumvents the 
referral restriction law may be subject to a civil monetary penalty 
of up to $100,000 per arrangement.

Examples

    1. Dr. A worked in a medical clinic located in a major city. She 
also owned a free standing laboratory located in a major city. Dr. A 
referred all orders for laboratory tests on her patients to the 
laboratory she owned.
    2. Dr. X agreed to serve as the Medical Director of Home Health 
Agency, HHA, for which he was paid a sum substantially above the 
fair market value for his services. In return, Dr. X routinely 
referred his Medicare and Medicaid patients to HHA for home health 
services.
    3. Dr. Y received a monthly stipend of $500 from a local 
hospital to assist him in meeting practice expenses. Dr. Y performed 
no specific service for the stipend and had no obligation to repay 
the hospital. Dr. Y referred patients to the hospital for in-patient 
surgery.

IV. Exclusion of Certain Individuals and Entities From Participation in 
Medicare and other Federal Health Care Programs (42 U.S.C. 1320a-7)

Mandatory Exclusion

    Individuals or entities convicted of the following conduct must 
be excluded from

[[Page 59451]]

participation in Medicare and Medicaid for a minimum of 5 years:
    (1) a criminal offense related to the delivery of an item or 
service under Medicare or Medicaid;
    (2) a conviction under Federal or State law of a criminal 
offense relating to the neglect or abuse of a patient;
    (3) a conviction under Federal or State law of a felony relating 
to fraud, theft, embezzlement, breach of fiduciary responsibility or 
other financial misconduct against a health care program financed by 
any Federal, State, or local government agency;
    (4) a conviction under Federal or State law of a felony relating 
to the unlawful manufacture, distribution, prescription, or 
dispensing of a controlled substance.
    If there is one prior conviction, the exclusion will be for 10 
years. If there are two prior convictions, the exclusion will be 
permanent.

Permissive Exclusion

    Individuals or entities convicted of the following offenses, may 
be excluded from participation in Federal health care programs for a 
minimum of 3 years:
    (1) a criminal offense related to the delivery of an item or 
service under Medicare or Medicaid;
    (2) a misdemeanor related to fraud, theft, embezzlement, breach 
of fiduciary responsibility or other financial misconduct against a 
health care program financed by any Federal, State, or local 
government agency;
    (3) interference with, or obstruction of, any investigation into 
certain criminal offenses;
    (4) a misdemeanor related to the unlawful manufacture, 
distribution, prescription or dispensing of a controlled substance;
    (5) exclusion or suspension under a Federal or State health care 
program;
    (6) submission of claims for excessive charges, unnecessary 
services or services that were of a quality that fails to meet 
professionally recognized standards of health care;
    (7) violating the Civil Monetary Penalties Law or the statute 
entitled ``Criminal Penalties for Acts Involving Federal Health Care 
Programs;''
    (8) ownership or control of an entity by a sanctioned individual 
or immediate family member (spouse, natural or adoptive parent, 
child, sibling, stepparent, stepchild, stepbrother or stepsister, 
in-laws, grandparent and grandchild);
    (9) failure to disclose information required by law;
    (10) failure to supply claims payment information; and
    (11) defaulting on health education loan or scholarship 
obligations.
    The above list of offenses is not all inclusive. Additional 
grounds for permissive exclusion are detailed in the statute.

Examples

    1. Nurse R was excluded based on a conviction involving 
obtaining dangerous drugs by forgery. She also altered prescriptions 
that were given for her own health problems before she presented 
them to the pharmacist to be filled.
    2. Practice T was excluded due to its affiliation with its 
excluded owner. The practice owner, excluded from participation in 
the Federal health care programs for soliciting and receiving 
illegal kickbacks, was still participating in the day-to-day 
operations of the practice after his exclusion was effective.

Appendix D: OIG-HHS Contact Information

I. OIG Hotline Number

    One method for providers to report potential fraud, waste, and 
abuse problems is to contact the OIG Hotline number. All HHS and 
contractor employees have a responsibility to assist in combating 
fraud, waste and abuse in all departmental programs. As such, 
providers are encouraged to report matters involving fraud, waste 
and mismanagement in any departmental program to the OIG. The OIG 
maintains a hotline that offers a confidential means for reporting 
these matters.

Contacting the OIG Hotline

By Phone: 1-800-HHS-TIPS (1-800-447-8477)
By E-Mail: [email protected]
By Mail: Office of Inspector General, Department of Health and Human 
Services, Attn: HOTLINE, 330 Independence Ave., SW., Washington, DC 
20201

    When contacting the Hotline, please provide the following 
information to the best of your ability:
     Type of Complaint:

Medicare Part A
Medicare Part B
Indian Health Service
TRICARE
Other (please specify)

     HHS Department or program being affected by your 
allegation of fraud, waste, abuse/mismanagement:

Health Care Financing Administration (HCFA)
Indian Health Service
Other (please specify)

    Please provide the following information. (However, if you would 
like your referral to be submitted anonymously, please indicate such 
in your correspondence or phone call.)

Your Name
Your Street Address
Your City/County
Your State
Your Zip Code
Your email Address

     Subject/Person/Business/Department that allegation is 
against.

Name of Subject
Title of Subject
Subject's Street Address
Subject's City/County
Subject's State
Subject's Zip Code

    Please provide a brief summary of your allegation and the 
relevant facts.

II. Provider Self-Disclosure Protocol

    The recommended method for a provider to contact the OIG 
regarding potential fraud or abuse issues that may exist in the 
provider's own organization is through the use of the Provider Self-
Disclosure Protocol. This program encourages providers to 
voluntarily disclose irregularities in their dealings with Federal 
health care programs. While voluntary disclosure under the protocol 
does not guarantee a provider protection from civil, criminal, or 
administrative actions, the fact that a provider voluntarily 
disclosed possible wrongdoing is a mitigating factor in OIG's 
recommendations to prosecuting agencies. Although other agencies may 
not have formal policies offering immunity or mitigation for self-
disclosure, they typically view self-disclosure favorably for the 
self-disclosing entity. Self-reporting offers providers the 
opportunity to minimize the potential cost and disruption of a full-
scale audit and investigation, to negotiate a fair monetary 
settlement, and to avoid an OIG permissive exclusion preventing the 
provider from doing business with Federal health care programs. In 
addition, if the provider is obligated to enter into an Integrity 
Agreement (IA) as part of the resolution of a voluntary disclosure, 
there are three benefits the provider might receive as a result of 
self-reporting:
     If the provider has an effective compliance program and 
agrees to maintain its compliance program as part of the False 
Claims Act settlement, the OIG may not even require an IA;
     In cases where the provider's own audits detected the 
disclosed problem, the OIG may consider alternatives to the IA's 
auditing provisions. The provider may be able to perform some or all 
of its billing audits through internal auditing methods rather than 
be required to retain an independent review organization to perform 
the billing review; and
     Self-disclosing can help to demonstrate a provider's 
trustworthiness to the OIG and may result in the OIG determining 
that it can sufficiently safeguard the Federal health care programs 
through an IA without the exclusion remedy for a material breach, 
which is typically included in an IA.
    Specific instructions on how a physician practice can submit a 
voluntary disclosure under the Provider Self-Disclosure Protocol can 
be found on the OIG's internet site at www.hhs.gov/oig or in the 
Federal Register at 63 FR 58399 (1998). A physician practice may, 
however, wish to consult with an attorney prior to submitting a 
disclosure to the OIG.
    The Provider Self-Disclosure Protocol can also be a useful tool 
for baseline audits. The protocol details the OIG's views on the 
appropriate elements of an effective investigative and audit plan 
for providers. Physician practices can use the self-disclosure 
protocol as a model for conducting audits and self-assessments.
    In relying on the protocol for audit design and sample 
selection, a physician practice should pay close attention to the 
sections on self-assessment and sample selection. These two sections 
provide valuable guidance regarding how these two functions should 
be performed.
    The self-assessment section of the protocol contains information 
that can be applied to audit design. Self-assessment is an internal 
financial assessment to determine the

[[Page 59452]]

monetary impact of the matter. The approach of a review can include 
reviewing either all claims affected or a statistically valid sample 
of the claims.
    Sample selection must include several elements. These elements 
are drawn from the Government sampling program known as RAT-
STATS.\1\ All of these elements are set forth in more detail in the 
Provider Self-Disclosure Protocol, but the elements are (1) Sampling 
unit, (2) sampling frame, (3) probe, (4) sample size, (5) random 
numbers, (6) sample design and (7) missing sample items. All of 
these sampling items should be clearly documented by the physician 
practice and compiled in the format set forth in the Provider Self-
Disclosure Protocol. Use of the format set forth in the Provider 
Self-Disclosure Protocol will help physician practices to ensure 
that the elements of their internal audits are in conformance with 
OIG standards.
---------------------------------------------------------------------------

    \1\ Available through the OIG web site at http://www.hhs.gov/oas/ratstat.html.
---------------------------------------------------------------------------

Appendix E: Carrier Contact Information

Medicare

    A complete list of contact information (address, phone number, 
email address) for Medicare Part A Fiscal Intermediaries, Medicare 
Part B Carriers, Regional Home Health Intermediaries, and Durable 
Medical Equipment Regional Carriers can be found on the HCFA web 
site at www.hcfa.gov/medicare/incardir.htm.

Medicaid

    Contact information (address, phone number, email address) for 
each State Medicaid carrier can be found on the HCFA web site at 
www.hcfa.gov/medicaid/mcontact.htm. In addition to a list of 
Medicaid carriers, the web site includes contact information for 
each State survey agency and the HCFA Regional Offices.
    Contact information for each State Medicaid Fraud Control Unit 
can be found on the OIG web site at www.hhs.gov/oig/oi/mfcu/index.htm.

Appendix F: Internet Resources

Office of Inspector General--U.S. Department of Health and Human 
Services

www.hhs.gov/oig
    This web site includes a variety of information relating to 
Federal health care programs, including the following:
Advisory Opinions
Anti-kickback Information
Compliance Program Guidance
Corporate Integrity Agreements
Fraud Alerts
    Links to web pages for the:
Office of Audit Services (OAS)
Office of Evaluation and Inspections (OEI)
Office of Investigations (OI)
OIG List of Excluded Individuals/Entities
OIG News
OIG Regulations
OIG Semi-Annual Report
OIG Workplan

Health Care Financing Administration

www.hcfa.gov
    This web site includes information on a wide array of topics, 
including the following:

Medicare

National Correct Coding Initiative
Intermediary-Carrier Directory
Payment
Program Manuals
Program Transmittals & Memorandum
Provider Billing/HCFA Forms
Statistics and Data

Medicaid

HCFA Regional Offices
Letters to State Medicaid Directors
Medicaid Hotline Numbers
Policy & Program Information
State Medicaid Contacts
State Medicaid Manual
State Survey Agencies
Statistics and Data

HCFA Medicare Training

www.hcfa.gov/medlearn
    This site provides computer-based training on the following 
topics:
HCFA 1500 Form
Fraud & Abuse
ICD-9-CM Diagnosis Coding
Adult Immunization
Medicare Secondary Payer (MSP)
Women's Health
Front Office Management
Introduction to the World of Medicare
Home Health Agency
HCFA 1450 (UB92)

Government Printing Office

www.access.gpo.gov
    This site provides access to Federal statutes and regulations 
pertaining to Federal health care programs.

The U.S. House of Representatives Internet Library

uscode.house.gov/usc.htm
    This site provides access to the United States Code, which 
contains laws pertaining to Federal health care programs.
[FR Doc. 00-25500 Filed 10-4-00; 8:45 am]
BILLING CODE 4152-01-P